Glenn20: It wasn't necessary for you to completely stop using Spybot S&D, you only needed to remove the 'Restricted Sites' Immunizations to stop the problem, which are actually an optional component of protection anyway and have nothing to do with the core spyware scanning functions.
basic15: The issue is really with the functions of the Internet Explorer 'Restricted Sites', the Windows XP operating system itself and how McAfee has chosen to interact with these items to monitor for malicious behaviour.
This is really no one particular oraganizations fault, since it's only the combination of stuffing large numbers of entries into a registry key that was designed for manual entry and then monitoring it closely for any changes that causes the problem. So to some extent, Microsoft is at fault for underdesigning the function, but not really, since it was never intended to be used for thousands of entries. Spybot S&D (and others like JavaCool's SpywareBlaster) are at fault for stuffing it with thousands of entries, but not really, since it works fine if it's not monitored. Finally, McAfee is at fault for monitoring it so closely, but not really, because they are assuming it's being used as Microsoft originally intended and will only typically contain a few entries manually added by the user. Now you see how assumptions can create a problem, especially in a three way combination.
Individually there's nothing wrong with any of these design decisions, but in combination they create a problem. Thus, each organization believes they are correct because of their own assumptions and in some cases because "they got there first". In truth, they are simply different ideas of purpose or protection, so the real decision is who's idea you like better.
Many think that the stuffing of Restricted Sites and other registry keys were designed for malware protection because several programs have done this for several years, but Microsoft never intended this and was only providing a method for users to specify sites they personally chose not to trust. In fact, the only way provided by Microsoft to add these sites was within the Internet Options Security Tab in the Restricted Sites zone dialog box.
On the other hand, McAfee has designed some sort of monitoring program that actually watches these keys for changes and then flags or blocks these changes if they are deemed malicious. It seems that their design is inefficient and it may well be, but if only a few dozen entries exist it may not normally cause any issues. In fact, since these keys are known to be abused by malware to block access to security sites this monitoring makes sense.
This is one of many conflicting ideas of security that are occuring between security software programs lately. As each program attempts to protect more of the operating system, the minor or major conflicts between these various ideas begin to appear. Unless a vendor designs their product modularly as Spybot S&D has, you often have to choose between products to avoid the conflicts.
The issue of conflicts is nothing new, since it's been true of AV products all along, it's simply confusing to users of multiple anti-spyware applications, since in the past these could co-exist if only one "real-time" protection was enabled. Though the Spybot S&D Immunizations don't appear to be "real-time", to some extent they are since Internet Explorer accesses them dynamically during its operation, so the common belief that they are "passive" protection is actually false.
: ) :laugh: