Alright, I have been using SpyBot for ages now, but after installing 1.5 upon performing my yearly format, I noticed that SpyBot will hang when first started, showing no status bar or anything, eat up 50% or more CPU, and after about ten to twenty seconds, start normally and stop eating CPU. This happens on both XP Pro x64 and on regular XP Pro 32bit. I have it on my 64bit laptop, 64bit desktop, and 32bit desktop. All do this. Is this a bug or something else?

My next question is about the protections for IE, both the blocked cookie sites and the hosts file. If you ad more than a few hundred entries to the hosts file, the system can be slow and unresponsive on low-end machines. The "fix" for this is to disable the DNS client service, but in doing so won't you essentially bypass the hosts file since you'll be getting DNS info from your router or ISP?

Also, why are there still sites in the blocked cookies list if you can add them to the hosts file and block them completely? Is there a specific reason for blocking in IE's sites list and if so, what is it?

That leads me to my next and final question. I have been using IE in Windows since the initial release years ago. However, when in Linux (Debian for me) I use Firefox and like it much more. My reason for not using it in Windows is due to SpyBot being oriented towards IE. However, with your recent usage of the hosts file, anything in said hosts file blocks for the entire system, which would include FF. However, you block specific sites in the registry for IE (the sites list in IE), but FF also has a sites list and unless it is different in Windows, it is in a file in the user's private directory tree. All SpyBot needs to protect FF as well as IE at this point would be a simple check to see if FF is installed and then check the "hostperm.1" file to see if those sites are in it, and if not, add them to it. At that point those sites would be blocked for cookies alone, just like in IE. In Linux, the file is in "$HOME/.mozilla/firefox/<hash>.default/", which would probably wind up being something like "Documents and Settings\UserName\Local Settings\Mozilla" in Windows, or possibly "All Users" instead of one user name to block it for all users. Being a programmer myself, I know that writing to a file is easier than the registry (at least in C/C++), so why after all this time is FF left out of the cookie protection?

*EDIT*

I added a few of the blocked sites on IE from my Windows machine to FF on my laptop while in Linux, and thought I'd display how simple it is to add support for FF. Again, I am not sure where the "hostperm.1" file is under Windows, but finding it should be cake.


host install 1 update.mozilla.org
host cookie 2 180solutions.com
host cookie 2 gator.com
host cookie 2 lop.com
host cookie 2 revenue.net
host cookie 2 atdmt.com
host install 1 addons.mozilla.org
host cookie 2 advertising.com
host cookie 2 engage.com
host cookie 2 2every.net

As you can see, to block cookies from a site, you simple insert "host cookie 2 <site>" into the file. The install lines were placed there by FF, so I wouldn't remove them!

Hello,
for the first point
<http://forums.spybot.info/showthread.php?t=22265>

Sephiroth:


My next question is about the protections for IE, both the blocked cookie sites and the hosts file. If you ad more than a few hundred entries to the hosts file, the system can be slow and unresponsive on low-end machines. The "fix" for this is to disable the DNS client service, but in doing so won't you essentially bypass the hosts file since you'll be getting DNS info from your router or ISP?
DNS Client service caches DNS lookups. Without it running it does not bypass the HOSTS file.

From:
Microsoft DNS
http://en.wikipedia.org/wiki/Microsoft_DNS

The effects of running the DNS Client service

There are several minor differences in system behavior depending on whether the DNS Client service is started:
Parsing of the "hosts" file: The lookup functions read only the hosts file if they cannot off-load their task onto the DNS Client service and have to fall back to communicating with DNS servers themselves. In turn, the DNS Client service reads the "hosts" file once, at startup, and only re-reads it if it notices that the last modification timestamp of the file has changed since it last read it. Thus:
With the DNS Client service running: The "hosts" file is read and parsed only a few times, once at service startup, and thereafter whenever the DNS Client service notices that it has been modified.
Without the DNS Client service running: The "hosts" file is read and parsed repeatedly, by each individual application program as it makes a DNS lookup.


The effect of multiple answers in the "hosts" file: The DNS Client service does not use the "hosts" file directly when performing lookups. Instead, it (initially) populates its cache from it, and then performs lookups using the data in its cache. When the lookup functions fall back to doing the work themselves, however, they scan the "hosts" file directly and sequentially, stopping when the first answer is found. Thus:
With the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, all of the answers in the cache will be returned.
Without the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, only the first answer found will be returned.


…

Sephiroth:


Also, why are there still sites in the blocked cookies list if you can add them to the hosts file and block them completely? Is there a specific reason for blocking in IE's sites list and if so, what is it?
Firstly, because some people not use a HOSTS file. Secondly, because you may what to block the storing of a cookie from a site but not place other restrictions on the site nor prevent access to the site altogether.

Take excite.com for example. Both Spybot and SpywareBlaster block the storing of cookies from excite.com but do not place the site in the restricted zone. Nor does Spybot add excite.com to it's HOSTS file.


That leads me to my next and final question. I have been using IE in Windows since the initial release years ago. However, when in Linux (Debian for me) I use Firefox and like it much more. My reason for not using it in Windows is due to SpyBot being oriented towards IE. …
Have you tried Spybot's Firefox immunization?

Is the FF immunization in the advanced options? I have not tried it because I did not see anything mentioning FF on the main screens, although I may just be blind! Does the FF immunization block the cookie sites and hosts sites using the hostperm.1 file or some other method?

Firefox immunization is part of normal immunization starting with Spybot 1.5. Go into Spybot > Immunize (not part of "Advanced mode" options).

Note the second screen shot in the following:
Spybot - Search & Destroy - The home of Spybot-S&D!
http://www.spybot.info/en/spybotsd15/index.html
ps: All squared away on your other questions?

Only two, and one is to clarify. SpyBot now protects FF just as well as IE, including adding sites to the FF blocked sites list, correct?

The other is whether or not it protects FF for all users, or only the admin running SpyBot? I expect the answer to be the current user only, since FF (from what I gathered on the FF forum) has the major security issue of not having a global (all users) list of blocked sites that only an admin can modify. So does SpyBot block bad sites for everybody, or just the user running SpyBot?

Yes,Spybot does now protect FF.Spybot uses the hostsperm.1 file to block unwanted cookies,popups,Images,Installs using the method you mentioned in your first post.Here's a very small bit of the entries in my hostsperm.1 file added by Spybot(it's actually a really huge list in there,too big for me to post.)


# Permission File
# This is a generated file! Do not edit.

host install 2 search.netzany.co
host popup 2 search.netzany.co
host image 2 search.netzany.co
host install 2 1shoppingcart.com
host popup 2 1shoppingcart.com
host image 2 1shoppingcart.com

I believe Spybot just immunizes the current user when applying Immunization for FF,and not for everybody.But,if you or the other User log into their account and Immunize FF,the entries should be added to the hostperm.1 file for their account.

That's what I thought, thanks. I guess I can't switch to FF in Windows yet, due to lack of global blocking (this is a FF issue, NOT a SpyBot issue) and slow-downs when using a large list of blocked sites. Maybe 3.0 will fix these two issues.

By the way, nice avatar. I love panthers and other large cats.

Thanks,me too. :)

I've never had slowdown problems with FF since immunizing with Spybot,but I've read of a lot of other people having that problem.If you experience slowdowns from the large amount of entries in the hostsperm.1 file,you could unimmunize whatever you choose,and leave FF immunized for whatever you'd like to keep.For example,you could unimmunize Images,Installations and Popups,and just leave Cookies immunized,if you'd prefer to just block cookies,and that would cut down on the number of entries in the hostperm.1 file.To make that easier,if you rightclick in the immunization window,you can deselect all,then just individually checkmark the ones you'd like to unimmunize,then hit Undo.

Considering that this is a FF issue and not a SpyBot issue, I would like to make a recommendation for 3.0, if I may. The way to remove this slow-down would be to load the hostperm file into memory as an array of classes or strings and simply iterate through it each time it is needed, instead of reading the file each time it is needed. We all know that memory is faster access than a hard-drive, so that would help a TON. I would also recommend using an array over a linked-list because a linked-list could span page-faults, thus slowing down access, whereas an array is almost always going to be in the same page.

Sephiroth:

Perhaps if you expressed your thoughts in the following forum it would be more effective:
Home - MozillaZine Forums
http://forums.mozillazine.org/index.php?c=4

Oh God, I was SO tired that night. I was just looking for my recommendation on the Mozilla forums and could not find it. I was exhausted at the time of the post and had the Spybot and Mozilla forums open in seperate tabs and apparently posted in the wrong forum! My bad.

However, I would like to report that the slow-down issue appears to be plugin-related. CookieSafe seems to cause the issue for most users. I have tested FF 2.0.0.11 on systems as old as my P2/233 and Spybot does *NOT* slow down FF. In fact, I am in XP Pro x64 right now on FF after a full immunization and even with tab all the way across my desktop (1280x800 on this laptop) it is wide-open.

I did have a request for Spybot though. An option to export a list of the hosts file host names only (ie: www.google.com) to a plain text file would be great. This way we could copy and paste the list into our router blocked-sie list and have the router block all the bad sites instead of adding the hosts to the Windows/Linux hosts file! Trying to type them in one at a time is painfully slow!