PDA

View Full Version : Question about Spybot S&D accounts and Immunize


Hardhead
2006-01-21, 19:21
Hello,

Can someone please explain why I get this below:

I use IE-Spyad2 along with Spybot S&D. I'm the admin and my wife has a power user account on my desktop.

When I Immunize in my acoount which is admin I get 8556 products blocked.
http://www.massamune.net//files/5/MWSnap084.jpg

When I Immunize in my wifes account which is power user I get 5504 products blocked.
http://www.massamune.net//files/5/S%26D1.jpeg

Why wouldn't she have the same amount of products blocked too?
md usa spybot fan
2006-01-22, 19:48
When you "Immunize", entries are added to the system Registry. This blocks the download/execution of selected ActiveX scripts, blocks cookies from some sites and places other sites in the restricted zone by both site name (domain) and IP address (range). If you are interested in learning how this type of blocking works, see the following: Microsoft Knowledge Base Article – 182569
Description of Internet Explorer security zones registry entries
http://support.microsoft.com/default.aspx?kbid=182569

Microsoft Knowledge Base Article - 240797
How to Stop an ActiveX Control from Running in Internet Explorer
http://support.microsoft.com/default.aspx?kbid=240797
After the 2006-01-20 updates, Spybot is immunizing as follows:
Cookie Blocking – 91 sites (Internet Explorer 6)
ActiveX Blocking – 805 processes
Restricted Zone by Domain (Site Name) – 1423 sites
Restricted Zone by Range (IP Address) – 29 address
Since the introduction of Spybot 1.4, I have not been able to exactly reconcile the immunization counts with the actual immunization that is occurring. In Spybot 1.3 I was able to. Therefore, I believe that there is a minor defect in the immunization counts in Spybot 1.4. That minor count defect is not what is causing the differences in the counts that you are seeing between an Administrative account and a Power User account.

Spybot attempts to immunize the same items in multiple registry hives and counts the successful entries. Depending on the Operating system and the authority of the user, the counts vary widely. For example on my XP Home system, after the updates of 2006-01-20, one Computer Administrator account gets 8556 the other Computer Administrator account gets 10082 (note that there is a difference of 1526 which exactly one half of the difference between your counts of 8556 and 5504).

Spybot attempts immunize in the following registry keys:
ActiveX Blocking

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility]
Cookie Blocking

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

Restricted Zone by Domain (Site Name)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

Restricted Zone by Range (IP Address)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]


If those registry keys and/or hives are not valid on a particular operating system or a user does not have authorization to add entries to those keys, the counts will vary.
Hardhead
2006-01-22, 20:15
Hello md usa spybot fan,

Thanks very much for your detailed report on this issue. :bigthumb:

Maybe Spybot S&D Team will correct this in the future. :bow:

Regards,
Tim