Further to my previous post, I've now done some tests. The only effect for me of having Spybot immunization is a slight delay when first opening IE 8. It takes ~2 seconds to load my home pages without any restricted sites, ~5 seconds with the ~10500 sites added by Spybot. I can live with that.
It depends on how many domains are placed at the Restricted Sites Zone.Originally Posted by Rosenfeld
The more there are, the slower things become.
I did a test, by making use of Spybot, SpywareBlaster and IE-Spyad entries, and the result is what I mentioned, previously.
If the choice is between filling my Restricted Sites with thousands of entries on a weekly basis or using Internet Explorer 8, I'd use IE 8. Here's a comment about this issue from the Internet Explorer Blog relating to the RTM release.
http://blogs.msdn.com/ie/archive/200....aspx#comments
IE8 Security Part IX - Anti-Malware protection with IE8’s SmartScreen Filter# re: Internet Explorer 8 Final Available Now
Saturday, March 21, 2009 9:49 PM by EricLaw [MSFT]
@Howard: Firstly, please notice that I did not suggest that users "disable Spybot" but rather that they not use the "Immunize" feature.
The immunization feature offered by SpyBot is not required to browse safely with Internet Explorer 8. IE8 includes more reliable protections against malicious sites, including per-site ActiveX, ActiveX opt-in, DEP/NX, Protected Mode, and SmartScreen Filter.
Blocking a static list of sites using Zones is fundamentally a losing game, because (as phishers have demonstrated for years) attackers can simply deliver malicious attacks from new domains or IP addresses.
Personally, I haven't been using immunize on current operating systems myself for a couple years. The fast-flux networks and other quickly changing location technologies involved in malicious delivery systems today make this relatively slow method of site blocking nearly useless and simply an exercise in update futility.
Since these registry and hosts entry systems were never really designed for automated 'stuffing' of large lists, they've always been limited by the overhead they create. The idea that these lists have no effect on the operation of a system and are in effect 'passive' is a myth that has pervaded the home security community for years. Any 'list' contained within a program will require a finite amount of time to search, regardless of the efficiency of the code that performs it.
However, the real problem here isn't the abused technolgy, it's the valid points made by Eric in his comment that there are much better protection systems now built into IE 8 itself. These systems in some cases don't suffer from the scalability issues that are inherent with locally hosted and searched lists. For example, SmartScreen Filter uses a list which is hosted by Microsoft, to which any IE 8 user can contribute and which is thus much more quickly responsive than a local list downloaded weekly.
Much is often discussed about the limitations of collecting and distributing lists of malicious code (i.e. viruses) and the inherent delay involved. However, few ever consider this same issue as it relates to malicious sites, since these somehow seem less likely to change. In reality though, many of the most prolific malware delivery systems in use today are much more dynamic and thus too quickly changing for such old ideas to work. These systems are best left for the user to perform blocking of individual sites on demand, which was their intended purpose in the first place.
Bitman
Seems ok ..
I also updated to IE8 and have had no problems .. the only glitch i have is it takes a few seconds longer for the main page to load ..
Last edited by ssuperdave; 2009-03-26 at 20:08.
bitman,
Excellent response! I find it filled with well-thought out reasoning on your part and written in such a way that folks like me with limited computer knowledge can understand what you are saying.
I for one appreciate you sharing your thoughts with the rest of us watching this thread.
Thanks and regards,
2harts4ever
" ... Nuff Said. Keep Smiling Because I'm Smiling Too!"
Yes, IE 8 brings additional security.
But, let's not forget important facts here.
Fact - Not everyone has, unfortunately, patience to deal with UAC. There's always something that doesn't work quite well, and, if people can't make it to work, then, they'll have to find people who'll do it for them. Perhaps, their IT professionals.
Fact - Even though is IE 8 is safer than any other previous version, it won't be 100% effective. Nothing is.
Fact - Regardless if some user makes use of SpywareBlaster, Spybot - Search & Destroy, IE-Spyad or any other entries, to add to IE's restricted sites zone, there's always going to exist this additional layer of security.
Fact - If the Restricted Sites Zone is useles, why still existing? Makes no sense, at all.
Fact - Not everyone has the knowledge to tweak IE for a safer browsing, like disabled ActiveX and only enabling per site. They'd got lost with those tweakings.
Fact - All that was said on that post, in no way, is a valid reason not to fix this bug, that didn't exist in the release candidate version.
One thing is theory, one other practice. Two different realities.
It's not theory, none of the computer systems I mentioned or any of my own have any special settings other than the Windows XP/Vista and/or IE 7/8 defaults and they've protected both myself and my nephews very well. Any of the products you mentioned are add-ons not included with Windows and require special additonal operations by the user to use them, so they are actually more difficult for a non-technical user to manage.
The only advertised reason that Restricted sites exist is to allow a user to add an entry manually one at a time within Internet Options, Security tab, Sites button. Automated 'stuffing' of these registry entries has never been addressed in any Microsoft Technical literature and thus is not officially supported. It is products such as Spybot S&D and SpywareBlaster that have implied that this is the reason they exist, not Microsoft.
How to use security zones in Internet Explorer
http://support.microsoft.com/kb/174360
Windows Help and How-to: Security zones: adding or removing websites
http://windowshelp.microsoft.com/Win...c385a1033.mspx
Please note that I did not include UAC in my discussion, since that's not really a security feature, it's a nag box designed purposefully to annoy users of badly written software in hopes they'll complain to the real offenders, the vendors of the software that are unnecessarily requiring Administrative priviledge for their programs to operate. Otherwise, the only prompts you should see are those that would actually require Administrative access, such as program installation.
And note that I never stated the 'bug' shouldn't be fixed, though I personally don't care if it ever is for the reasons I've already stated. If there's one thing I've learned by observing these and other forums it's that many people will only feel protected if they've installed and updated a half dozen often conflicting and questionable products every week, even if the aggregate protection provided by these products is no better than what one good product might provide. It's also quite obvious that many of these same users will avoid or ignore updating either thrid-party software products or even Windows itself, even though these are the most proven methods of providing actual protection.
True security is actually very simple, repetitive and mundane. The more complex the process is made the more likely it will fail.
Bitman
Actually, making use of Spybot's and SpywareBlaster's immunizations, is a lot easier than actually having to tweak IE, to offer, by itself, a better protection.
It's a two step process. Update and re-immunize. Simple.
Then, why not just take the Restricted Sites Zone option, since, what you mention, would be better to place at the HOSTS file, which would prevent anything in the system to connect to that domain.The only advertised reason that Restricted sites exist is to allow a user to add an entry manually one at a time within Internet Options, Security tab, Sites button. Automated 'stuffing' of these registry entries has never been addressed in any Microsoft Technical literature and thus is not officially supported. It is products such as Spybot S&D and SpywareBlaster that have implied that this is the reason they exist, not Microsoft.
But, what the Restricted Sites Zone offers, that the HOSTS file lacks, is the capability of adding domains like *.bad-domain. com. By placing a *, the user would be blocking access to any domain within the domain .bad-domain. com, and not just to the main one.
So, such feature and such entries, are, in my most opinion, useful, and waste no resources. Most important, provide an extra layer of security.
This info my be useful to some person, digging through this thread. Not to me, though. But, thanks.How to use security zones in Internet Explorer
http://support.microsoft.com/kb/174360
Windows Help and How-to: Security zones: adding or removing websites
http://windowshelp.microsoft.com/Win...c385a1033.mspx
Actually, it is a security mechanism. When UAC is enabled, it will also enable the Protected Mode in IE7 and IE8, in Windows Vista and Windows 7. This will decrease what IE can do in the system.Please note that I did not include UAC in my discussion, since that's not really a security feature, it's a nag box designed purposefully to annoy users of badly written software in hopes they'll complain to the real offenders, the vendors of the software that are unnecessarily requiring Administrative priviledge for their programs to operate. Otherwise, the only prompts you should see are those that would actually require Administrative access, such as program installation.
UAC is also a good way to know when something is requiring elevated rights to do important changes in the system.
Let's imagine that some user would open an e-mail, and, UAC alert for something. "Houston, we have problem.".
So, UAC is much more than just an annoyance.
Fair enough.And note that I never stated the 'bug' shouldn't be fixed, though I personally don't care if it ever is for the reasons I've already stated.
Unfortunately, it happens. But, this are people, who get, perhaps, their first system. Are not even aware of the existing dangers.If there's one thing I've learned by observing these and other forums it's that many people will only feel protected if they've installed and updated a half dozen often conflicting and questionable products every week, even if the aggregate protection provided by these products is no better than what one good product might provide. It's also quite obvious that many of these same users will avoid or ignore updating either thrid-party software products or even Windows itself, even though these are the most proven methods of providing actual protection.
But, the main problem here, are the IT professionals. They don't alert the costumers for that very same fact. They just install a free and crippled antivirus, and that's it, pretty much.
Last year, a relative of mine, bought a computer (New computer user), and the folks where this computer was bought, only installed a free and crippled antivirus. They didn't care to explain how to update it. They haven't enabled UAC. They also didn't explain how to work with it, obvisiouly.
To make things a lot worse, they didn't create a normal user account.
Yes, I agree. That security should be simple, that is. But, just because one makes use of a layered security, that doesn't mean it isn't simple.True security is actually very simple, repetitive and mundane. The more complex the process is made the more likely it will fail.
Bitman
One can just make use of a very complex Intrusion Prevention System. But, would it be simple, then?
Best regards
Last edited by m00nbl00d; 2009-03-27 at 02:48.
Even simpler, don't bother to 'tweak' at all, I never do. My nephew still couldn't successfully install the fake anti-virus product he downloaded both because he didn't have the priviledge (Standard account) and the AV/AS app caught most of the trojans and other files anyway. This required me to install a properly updating security product initially, but requires absolutely no maintenance since then, since everything performs automatic updates.
The new SmartScreen Filter in IE 8 should improve this even further by detecting most malware before it ever reaches the filing system.
IEBlog: IE8 Security Part IX - Anti-Malware protection with IE8’s SmartScreen Filter
http://blogs.msdn.com/ie/archive/200...en-filter.aspx
Spybot S&D Immunize by default places the same entires in the Hosts file, but I don't use that either. As with the current issue with Restricted Sites, large Hosts file lists often create peformance issues, though usually only on Windows 2000 and older systems that lack resources. The more common issue is with many current anti-virus products which contain monitoring features that partially conflict with such large files, causing their own performance issues.Then, why not just take the Restricted Sites Zone option, since, what you mention, would be better to place at the HOSTS file, which would prevent anything in the system to connect to that domain.
But, what the Restricted Sites Zone offers, that the HOSTS file lacks, is the capability of adding domains like *.bad-domain. com. By placing a *, the user would be blocking access to any domain within the domain .bad-domain. com, and not just to the main one.
So, such feature and such entries, are, in my most opinion, useful, and waste no resources. Most important, provide an extra layer of security.
As I stated earlier, all lists which are searched linearly will create some overhead, the only question is how much. Unless either the PC is very high performance or the lists are indexed like a database, performance will eventually suffer, it's simply a matter of at what quantity it will become noticeable.
The developers who are 'stuffing' these lists programatically don't want to hear that Microsoft doesn't support this, but they need to.This info my be useful to some person, digging through this thread. Not to me, though. But, thanks.
I'll give you some of this, since what I should have said is that UAC isn't a 'security boundary', it's merely an alerting system tied to the process elevation ability. However, UAC itself desn't create the Protected Mode, it merely enables it to function within a Standard account to provide the security. Here's the key elements and a link to the complete explanation.Actually, it is a security mechanism. When UAC is enabled, it will also enable the Protected Mode in IE7 and IE8, in Windows Vista and Windows 7. This will decrease what IE can do in the system.
UAC is also a good way to know when something is requiring elevated rights to do important changes in the system.
Let's imagine that some user would open an e-mail, and, UAC alert for something. "Houston, we have problem.".
So, UAC is much more than just an annoyance.
http://technet.microsoft.com/en-us/l.../cc749393.aspx
< SNIP >
Unfortunately the Microsoft estimate is that roughly 60% of systems out there belong to people who don't even have a current antimalware installed or being updated (expired subscriptions) on their PC, let alone those operating with several conflicting programs of dubious value.Unfortunately, it happens. But, this are people, who get, perhaps, their first system. Are not even aware of the existing dangers.
But, the main problem here, are the IT professionals. They don't alert the costumers for that very same fact. They just install a free and crippled antivirus, and that's it, pretty much.
Last year, a relative of mine, bought a computer (New computer user), and the folks where this computer was bought, only installed a free and crippled antivirus. They didn't care to explain how to update it. They haven't enabled UAC. They also didn't explain how to work with it, obvisiouly.
To make things a lot worse, they didn't create a normal user account.
Actually, though I agree with your general discussion here, I wouldn't call these 'IT professionals', they're mostly sales people and often just kids. In any case, their primary job is to get the buyer out of the store and not have them calling to ask questions, so security is of little concern to them. If they do things like turn on UAC or provide Standard accounts, most users would complain or call the store for help, so they take the easy out.
This isn't surprising and is just a portion of the symptoms of a dysfunctional computer industry that's based on selling the box rather than the services that are really needed by most customers. Unfortunately the US consumer himself is the problem here, since he wants to buy the box cheap and not pay anything for support, so he gets exactly what he paid for.
I'm not saying the system you're trying to use isn't simple enough, but is it really the most effective? If you're deciding to stay with IE 7 to keep the Spybot S&D Immunizations then you're missing the improved security features included in IE 8.Yes, I agree. That security should be simple, that is. But, just because one makes use of a layered security, that doesn't mean it isn't simple.
One can just make use of a very complex Intrusion Prevention System. But, would it be simple, then?
I know you'd rather have both, but the discussion here has asssumed that for some they appear to be mutually exclusive, at least until the perfomance problem has been resolved.
Bitman
Reply With Quote
