PDA

View Full Version : Does Immunize Work on MSN or AOL Browsers?



PeteF
2005-12-18, 00:55
Ok first off, I did read about the Immunize feature at link below..
http://forums.spybot.info/showthread.php?t=281

After reading that I have to say it's not totally clear how
Immunize operates, so allow me to add what I know and then
ask my question last. Please correct me if I'm in error. Thanks.

Immunize works mainly on Internet Explorer (IE) and offers no
protection on alternate browsers like Mozilla or Firebird that do
not integrate themselves with any of IE's Internet Options
settings. Correct?

Immunize works by adding a long list of specs that identify the
bad websites to IE in the RESTRICTED ZONE. Once IE is immunized,
and you happen to land on one of the bad websites, IE recognizes
the bad/dangerous website and locks down the IE browser by disabling
all the features like Active-X and Scripting that the bad guys can use
to install spyware and do harm to your computer. The website may
not operate normally but you will be protected.
Correct so far?

To see the effect of Immunization on IE go to...
Tools -> Internet Options -> Security tab -> Restricted Sites
and click on the SITES button. Then you can see the list of specs
that identifies the bad/dangerous websites.
Correct?

Ok, assuming that all the above is correct, then my question is...
Does Immunize offer any protection when using other browsers like
the AOL browser, or the MSN Browser that are partially integrated
with IE's Internet Options setting?

---pete---

md usa spybot fan
2005-12-19, 21:46
Answers in blue within your quote (I hope you're not color blind).


Ok first off, I did read about the Immunize feature at link below..
http://forums.spybot.info/showthread.php?t=281

After reading that I have to say it's not totally clear how
Immunize operates, so allow me to add what I know and then
ask my question last. Please correct me if I'm in error. Thanks.

Immunize works mainly on Internet Explorer (IE) and offers no
protection on alternate browsers like Mozilla or Firebird that do
not integrate themselves with any of IE's Internet Options
settings. Correct?

Correct

Immunize works by adding a long list of specs that identify the
bad websites to IE in the RESTRICTED ZONE. Once IE is immunized,
and you happen to land on one of the bad websites, IE recognizes
the bad/dangerous website and locks down the IE browser by disabling
all the features like Active-X and Scripting that the bad guys can use
to install spyware and do harm to your computer. The website may
not operate normally but you will be protected.
Correct so far?

Immunization also adds separate registry entries to block cookies from some sites and to block the download/execution of selected ActiveX scripts. The protection offered by adding sites to the restricted zone depends on the security settings for the Restricted sites zone within Internet Explorer. If you have permissive setting less protection is offered.

To see the effect of Immunization on IE go to...
Tools -> Internet Options -> Security tab -> Restricted Sites
and click on the SITES button. Then you can see the list of specs
that identifies the bad/dangerous websites.
Correct?

Correct but only for the restricted zone entries, not for the blocked cookies and ActiveX entries.

Blocked cookies can be seen by going into Internet Explorer > Tools > Internet Options > Privacy tab > under Settings click Sites…

Blocked ActiveX processes can be seen by using Regedit or some other facility and looking at the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility]
Ok, assuming that all the above is correct, then my question is...
Does Immunize offer any protection when using other browsers like
the AOL browser, or the MSN Browser that are partially integrated
with IE's Internet Options setting?

AOL's web browser uses the Internet Explorer engine and does use the privacy and security settings from Internet Explorer. Therefore Spybot’s immunization should be effective using AOL's web browser. MSN???

---pete---

PeteF
2005-12-20, 08:33
Answers in blue within your quote (I hope you're not color blind).

Thank you so much for the detailed answers & useful info!

Ok, the AOL browser is protected by Spybot Immunize, that's
good to know.

MSN Explorer may or may not be protected. Hmmmmmm, I wonder
if there is a way to test the MSN browser to see if it's protected
by Immunize?

---pete---

bitman
2005-12-20, 19:12
I already tried, but found it more difficult to tell then I had thought.

I had forgotten that after using the Internet Explorer browser to access the Internet, the MSN browser will prompt you to allow or block each 'new' cookie accepted during the session(s) using IE. This implies the MSN browser uses the same cookie storage location. If you click the MSN browser 'Privacy' item you also receive a tabbed dialog exactly like the Privacy tab in the IE Internet Options with the same contents in the Web Sites selection.

However, unlike IE I didn't discover a Security tab with Zones and settings. In fact, the MSN configuration for Home page and other settings is done in an online dialog which is obviously seperate from IE since the Home Page itself can be different.

I believe the MSN Parental Controls can be applied to the IE browser since I recall this option being displayed when installing the MSN 9 browser. This would explain why the Zones don't appear to exist, since this control would occur at the MSN Proxy servers before ever being transmitted to your PC, so your PC never actually accesses the sites directly. This is also how the Acceleration component works, by compressing at the MSN Proxies and decompressing at the client.

Since ActiveX is really a seperate system that operates outside the browser itself, it could still be used by the MSN browser, but I didn't see any controls for it. I can't recall how the MSN browser reacts when I select an Internet link with ActiveX, but I can't imagine it would just ignore it, though I haven't used MSN here since switching to DSL several months ago.