Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 51

Thread: Spybot Immunize Plus IE 8 Final Equals Disaster On WinXP SP3

  1. #31
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    560

    Default

    Quote Originally Posted by m00nbl00d View Post
    One better solution, considering, also, that the Restricted Sites Zone entries go all to the Windows registry, would be for this Spybot's feature to work as an in-the-cloud service.
    Agreed. The problem is that such centralized web database designs require a significant amount of resources in both hosting and bandwidth, generally distributed worldwide. Unfortunately only organizations with big budgets like Microsoft and McAfee usually have this kind of funding.

    Note from that link I posted earlier that the IE 8 SmartScreen Filter not only protects based on sites, but also files, so it's more like a combination of Immunization and the SDHelper resident. However, it's potentially far more responsive since it operates from a central database which can be updated much more quickly with a much broader and deeper database than the weekly updates Spybot S&D provides.

    As you mentioned earlier, if they can be combined you can receive the protection of both, though there'll always be overhead and thus a performance hit, though it may not be noticeable in all cases. From my standpoint though, I believe that Microsoft will usually provide most of the same protection, so I'd be creating a lot of duplication and overhead for very little return. Of course, this isn't true for any older operating systems like the Windows 2000 PC I have, so I'll still use all of the features there to compliment the Avast! AV and SpywareBlaster.

    I think the biggest point here is that as malware has changed, so has the response from the security community including Microsoft itself. Though Spybot S&D is very configurable which allows reacting to this change, only technically minded users are able to fully understand the requirements of these changes. Thus if Team Spybot wants to support the less technical user they'll need to monitor these changes and react to them with the default tuning of their product, since that user base simply won't take the time to understand security products.

    The other choice is simply to decide that the Spybot S&D product is a technical users tool, which has really always been true, and leave the configuration decisions up to the user or adminstrator. This is likely to reduce the numbers of users of the product, but this may be appropriate if they don't wish to 'dumb down' the product in an attempt to service the non-technical user.

    I have no problem making these decisions myself, but I have over 30 years background in microprocessor based computers, networks and their security along with several years of assembly language programming experience. The confusion about this issue shown in this and other threads makes it quite clear that many don't have the patience and background to react to such issues in a logical (technical) manner. This has been a tough lesson for even Microsoft to learn as the last 10 years has shown quite clearly.

    Bitman

  2. #32
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Another solution would be to place the domains entries in a XML file, for example. Rather than placing them at the Windows registry.

    Of course, this XML file would need to be well protected by Spybot's self-defense.

    Actually, looking at present scenario (Registry) and the other solution I provided earlier, this one sounds more doable.

  3. #33
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,385

    Default

    A XML file? XML is a very slow thing actually, and I've never heard that IE supports XML files for these entries.

    Please keep in mind, it's not us deciding on the data structure (we would've simply picked a pre-sorted binary file), but Microsoft, since the immunization uses their data structure.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  4. #34
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by PepiMK View Post
    A XML file? XML is a very slow thing actually, and I've never heard that IE supports XML files for these entries.

    Please keep in mind, it's not us deciding on the data structure (we would've simply picked a pre-sorted binary file), but Microsoft, since the immunization uses their data structure.
    I see. I don't know much about XML files, but, it was just an idea. But, it could be a text file or whatever.

    The current solution places such entries at the registry, which bloats the registry. The more bloated the registry is, the slower system will become.

    And, when I talked about XML, without knowing they're slow, I didn't say that IE supports it or that even Microsoft would have to do it.

    In the way I see it, and correct me if I'm wrong, it has nothing to do with IE and Microsoft. It would be the way/the new way Spybot would block access the malicious domains, instead of placing such entries at the registry.

    Spybot, instead of placing those entries at the registry - and I'm talking about the domains and not activex and cookies, of course - it would place them in a text file or any other faster solution.

  5. #35
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    560

    Default

    m00nbl00d,

    Unfortunately your responses are making the point that you don't really understand how any of this currently works. If you wish to understand what's really happening and how the existing Immunizations really work, you should start with the following 'Sticky' thread in the main Spybot S&D forum.

    How Spybot-S&D protects against the installation of Spyware/Malware
    http://forums.spybot.info/showthread.php?t=281


    Patrick, if this doesn't make my point I don't know what will. Your product has drawn a much wider audience over the years than might have been expected for such a technical tool, but that has lead to exactly the paradox of needing to simplify its use. I know you are attempting to do this, but just like Microsoft attempting to better secure its OS this leads to much pain in the evolution.

    I believe you are planning to make many of these changes in the 2.0 version, along with trying to resolve some of the resource issues that have plagued your more recent versions on older less capable hardware and OS. Keeping both types of users happy is quite difficult as OneCare proved to Microsoft. However, keeping the product lean and as simple as possible helps in either case, so at least you already have this going for you.

    To me the key appears to be deciding the defaults for the non-technical users and then keeping the controls for the technical users available, but hidden from the non-technical so they don't become confused. You already appear to have begun this in recent 1.5 versions, though I'm not certain why you're placing the effort there, except maybe as a test bed for 2.0?

    Resolving these interface issues while attempting to track the changing landscape of the Windows OS itself is quite enough. How much effort to place into the older OS versions simply confuses the matter more. If you wish to remain in business, my opinion would be to concentrate on the newer OS versions which are the future and only do what can be easily done in parallel to support the old.

    Bitman

  6. #36
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by bitman View Post
    m00nbl00d,

    Unfortunately your responses are making the point that you don't really understand how any of this currently works. If you wish to understand what's really happening and how the existing Immunizations really work, you should start with the following 'Sticky' thread in the main Spybot S&D forum.

    How Spybot-S&D protects against the installation of Spyware/Malware
    http://forums.spybot.info/showthread.php?t=281
    I do understand how Spybot works.

    Perhaps, I didn't explain my self the best way I could, and I don't know if know I will also.

    Spybot protects by two ways:

    - Passively, by placing entries in the restricted sites zone, blocking tracking cookies and activex.

    All this immunizations end up in the Windows registry, which, the more it's added, the more bloated it becomes. The slower system will get.

    - Actively, by TeaTimer.

    Now, my suggestion, considering that the in-the-cloud service would require a lot effort, would be to make use of a new way to block access to malicious domains.
    One way, would be for example to place such entries in a .txt, .lst, or whatever file.

    I'm not saying that this would done to block cookies and activex. That wouldn't work. But, it is possible to do this to block access to malicious domains.

    What I am saying is that, instead of loading the malicious domains to the Restricted Sites Zone, to load them to a file, be it a .txt, .lst or any other.

    And, before someone mentions the HOSTS file. That's not what I am talking about here.

    The HOSTS file allows to add entries like this

    www. baddomain. com
    ismy. baddomain. com

    But, it doesn't allow to add entries like

    *. baddomain. com

    Which would block access to any domains within the domain .baddomain .com

    Or even, allow it to be blocked like *.baddomain.*

  7. #37
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    560

    Default

    Quote Originally Posted by m00nbl00d View Post
    I do understand how Spybot works.

    Perhaps, I didn't explain my self the best way I could, and I don't know if know I will also.

    Spybot protects by two ways:

    - Passively, by placing entries in the restricted sites zone, blocking tracking cookies and activex.

    All this immunizations end up in the Windows registry, which, the more it's added, the more bloated it becomes. The slower system will get.

    < SNIP >
    Hmm, now that I go back and read your last two posts again I can't see what made me think you didn't understand this. Maybe it was the 'passive' which I really never have agreed with or more likely the idea that registry 'bloat' is the core of the issue.

    In reality Immunization has never been 'passive' it's just that the 'active' code required wasn't part of Spybot S&D itself, but rather code within Internet Explorer that handled the Restricted sites list. However, the Sticky I referenced does make that claim, so you come by this honestly.

    As for registry 'bloat', it isn't the size of the registry itself that matters it's merely the number of entries being seached through. I know you probably see these as the same, but there is a difference. At its core however, the real problem was a design change by the Microsoft IE development team to handle a seperate issue that created this side effect as my earlier post detailed.

    I also understand that you are just throwing out ideas for a way to replace this functionality within Spybot S&D itself, but that's not really necessary. If you'll look closely at the last sentance of PepiMK's last post you'll see that he's already indicated what he'd have done instead.

    Quote Originally Posted by PepiMK
    Please keep in mind, it's not us deciding on the data structure (we would've simply picked a pre-sorted binary file), but Microsoft, since the immunization uses their data structure.
    Text or other human readable format files are really unnecessary for use within Spybot S&D and are simply slower for the machine to parse, so this makes sense. However, this would require conversion as entries are added in the current Restricted sites list in Internet Explorer, so it's not surprising that a simple text format was used by Microsoft, especially since this feature was added in much earlier versions of the IE browser and designed for manual (human) entry.

    The real issue isn't how the list is stored anyway, it's how to replace the functionality that existed within Internet Explorer to actually process this information. Since IE would actually check the list itsself, that made this an easy thing to do by simply providing the list. However, if that's not available then something similar to the exisiting SDHelper.dll would need to be created to take its place, if that's even possible.

    I really just think that the Immunize feature should either be supressed or at least the list reduced to complement the protection that SmartFilter now provides when IE 8 is installed. If many of the sites that are now Immunized are already flagged by SmartFilter, it's really not necessary to duplicate them in the Immunization. However, this feature may still be useful for those with earlier versions of IE installed, whether that's due to an older operating system or simply not having upgraded to IE 8 yet.

    Bitman

  8. #38
    Junior Member
    Join Date
    Apr 2009
    Posts
    1

    Default

    I'd like to thank the various contributors to this thread for doing such a nice job of explaining what's going on between IE8 and Spybot. Having read the 4 pages of posts I'm coming away with the impression that the new SmartScreen filter in IE8 essentially does away with the need to manually immunize via Spybot/SpywareBlaster as it accomplishes the same ultimate goal in a more efficient fashion

    With this as a given, I'm assuming IE8 users should:

    * Go to immunize and Undo
    * Uncheck most of the boxes
    * Which begs begs the question of which boxes should we leave checked?

    Firefox
    Opera
    Chrome
    Safari
    IE 32 bit
    IE 32/64 bit
    Windows

    I only use Firefox and IE personally, but thought I should mention the other popular browsers for the benefit of those whose read this later

    For the moment I've undone all the immunizations in Spybot and SpywareBlaster. IE8 has gone from taking a good minute to open to opening in a few seconds

    Stevo

  9. #39
    Junior Member
    Join Date
    Apr 2009
    Posts
    1

    Default

    First i'd like to mention that no other browser has this issue on my computer : Firefox, Chrome, IE7, So i feel IE8 needs to fix this if they want to attract more users.

    "For example, SmartScreen Filter uses a list which is hosted by Microsoft, to which any IE 8 user can contribute and which is thus much more quickly responsive than a local list downloaded weekly."

    Explain to me how having to fetch a list from MS is more efficient than a local list (minus the fetching) unless the data is stored in and processed in a more efficient way. MS has never been faster or safer at protecting individuals than people who find the exploits and report them and often provided a fix before hand and reporting them as a courtesy for MS to fix it in a more maintream method.

    ---
    I have found a fix, and to make sure I found the same link to it from a more mainstream site that is more trustworthy, from the days when I downloaded HOSTS files instead of just using S&D's.

    http://www.mvps.org/winhelp2002/restricted.htm

    Mainly the link for : http://www.mvps.org/winhelp2002/DelDomains.inf

    It will quickly delete all the restricted zones I suppose. I am assuming that this fix will make IE8 more responsive, while still using the HOSTS as one of the layers of protection, I am really hesitant about just disabling immunization as I assume this also removes the HOSTS entries.

    Spybot + any AV + safe usage has proven to be the safest method for me and I would prefer the fix not to be 'not immunizing", as I said before, none of the other browsers are affected IE8 should fix this.

    I do agree with the discussion above that just a list that continously grows is not effective when it gets too big, maybe more wild card usage, or removal of dead hosts if this isn't already checked i assume it is, or just a better way to list the data and fetch/process it.

    But right now, it has been EXTREMELY effective for me, this IE8 bug is just really really really annoying. was working fine in IE7, make it work in IE8, by theory yes its a bad idea, however, it shouldn't have crossed the critical line in this short period of time from perfectly fine i IE7 to completely broken in IE8.

  10. #40
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    212

    Default

    Yodah,
    You can selectively disable individual immunizations in Spybot, just undo all, then uncheck the boxes that you don't want, check the ones you do, then click immunize. So you can, for example, just do the hosts entry (at the bottom of the list) to keep Spybot's HOSTS entries.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •