View Full Version : Immunization count nearly doubled
ChalupaPatrol
2008-07-10, 20:49
I installed v.1.6 and noticed that the immunization count went to 81,093. I haven't installed 1.6 on my other computer yet, it still has 1.52, and the count is 45,865.
I understand that counts can and do vary somewhat between computers, but this is nearly double and there are different versions involved, so I hope to hear an explanation.
md usa spybot fan
2008-07-10, 21:17
ChalupaPatrol:
If you look at the various Profiles in the immunization list in Spybot 1.6, you will note that in the Pofiles listed for under each category labled as Internet Explorer, there a two (2) items that reference Domains: i.e. "(Domains)" and "(Secure Domains)".
Spybot 1.5.2 only immunized "(Domains)" not "(Secure Domains)" under each Internet Explorer category. This accounts for a significant increase in the immunization count.
ChalupaPatrol
2008-07-10, 21:57
Thank you for your explanation. I wish I understood it better... like why is it better to immunize Secure Domains?
md usa spybot fan
2008-07-11, 00:15
ChalupaPatrol
Thank you for your explanation. ...
I was just try to explain the discrepancy in the immunization counts with my explanation.
... I wish I understood it better... like why is it better to immunize Secure Domains?
Actually, me too. Spybot 1.4 immunized in some registry hives that I personally felt were unnecessary or redundant to other immunization except under very special circumstances.
Spybot 1.5 seemed to have eliminate the immunization in some of those registry hives that I questioned as unnecessary or redundant.
Spybot 1.6 added immunization to "Secure Domains", that I have not had the time to research enough to determine if the "Secure Domains" immunization adds worthwhile protection to other immunization already being done or if in fact "Secure Domains" immunization even applies to my Windows OS of XP Home.
I'm sorry for being so wishy-washy with my explanation, but in my originally reply to this thread, I was just attempting to explain why the immunization count could have radically increased and that there was a visual indication of that increase .
ChalupaPatrol
2008-07-11, 01:24
You're not being wishy-washy. You're giving me the best you've got. What more can anyone ask for? Appreciate the replies.
I must admit the bugtracker entry (http://forums.spybot.info/project.php?issueid=237) about it doesn't say much more as well.
We've seen it been used in malware already, so at least they think it's useful :laugh:
md usa spybot fan
2008-07-11, 15:22
Some information on "Enhanced Security Configuration" and the type of immunization done by Spybot's "Secure Domains" immunization.
IE-SPYAD (http://www.spywarewarrior.com/uiuc/resource.htm) (originally maintained by Eric Howes now maintained by Spyware Warrior (http://www.spywarewarrior.com)) adds restricted sites zone entries similar to Spybot's immunization.
Here is what they have to say about "Enhanced Security Configuration" in:
http://www.spywarewarrior.com/uiuc/res/ie-spyad.txt
...
-------------------
Windows 2003 Server
-------------------
If you're installing IE-SPYAD on Windows 2003 Server, there are a few special considerations that you should keep in mind:
1) The INSTALL.BAT installation utility does not work on Windows 2003 Server
INSTALL.BAT makes uses of the CHOICE command line utility, which has undergone significant changes in Windows 2003. See the following
for more information:
http://www.microsoft.com/resources/documentation/windowsserv/2003/standard/proddocs/en-us/choice.asp
Specifically, the MENU command for CHOICE has changed, rendering the INSTALL.BAT incompatible with the Windows 2003 version of
CHOICE.
Thus, to use the use IE-SPYAD you will need to merge .REG files manually in order to install and uninstall the IE-SPYAD Restricted
sites list. To do so, follow the instructions contained above for "manually" installing and uninstalling IE-SPYAD.
2) The .REG files may need to be modified before merging
By default, Windows 2003 Server uses a slightly different Registry location to store zone entries for the Internet Security zones of
Internet Explorer. Where all previous versions of Internet Explorer store zone entries in these two Registry keys:
Domains:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ZoneMap\Domains\
Ranges:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ZoneMap\Ranges\
...the version of Internet Explorer that ships with Windows 2003 Server stores them here:
Domains:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ZoneMap\EscDomains\
Ranges:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ZoneMap\EscRanges\
In short, the DOMAINS key has become the ESCDOMAINS key, and the RANGES key has become the ESCRANGES key.
Before merging any of the .REG files to install or uninstall IE-SPYAD (both the IE-ADS.REG installer and the IE-ADS-UNINST.REG
uninstaller), you'll need to do a manual search & replace in your favorite plain text editor to change the Registry keys to match the
Windows 2003 Server locations.
The version of Internet Explorer that ships with Windows 2003 Server can be configured to use the same Registry keys as other
versions of Internet Explorer on other versions of Windows. To do so, you must disable the Internet Explorer "Enhanced Security
Configuration" component. When the "Enhanced Security Configuration" component is installed, Internet Explorer uses the special
ESCDOMAINS and ESCRANGES Registry keys to store security zone entries. When the "Enhanced Security Configuration" component is
disabled, Internet Explorer uses the same Registry keys as other versions of Internet Explorer.
To disable the Internet Explorer "Enhanced Security COnfiguration":
1. Open "Add/Remove Programs" Control Panel applet.
2. Click the "Add/Remove Windows Components" button.
3. Uncheck the box for "Internet Explorer Enhanced Security Configuration."
4. Press the "Next" button to finish the reconfiguration.
For more advice and tips on manually editing and customizing IE-SPYAD's Registry files, see the "Customizing IE-SPYAD" section below.
...
Other information:
What Is Internet Explorer Maintenance Extension?
http://technet2.microsoft.com/windowsserver/en/library/1f105ee4-b025-478c-a03e-77fcd91a64e41033.mspx?mfr=true
Download details: Managing Internet Explorer Enhanced Security ...
http://www.microsoft.com/downloads/details.aspx?FamilyID=d41b036c-e2e1-4960-99bb-9757f7e9e31b&DisplayLang=en
Adding Sites to the Enhanced Security Configuration Zones
http://msdn.microsoft.com/en-us/library/ms537181(VS.85).aspx
Enhanced Security Configuration for Internet Explorer
http://msdn.microsoft.com/en-us/library/ms537180.aspx
i would not recommend ie-spyad, as it has not been updated since Feb 5 '08
and is heavily outdated. there is malicious sites appearing everyday, and even sites that no longer exist are not removed in ie-spyad regurarly.
md usa spybot fan
2008-07-11, 16:51
PepiMK:
re: Immunization for "Secure Domains".
Please see the comments I added to:
Support Enhanced Security Configuration on Win2003 immunization
http://forums.spybot.info/project.php?issueid=237
drragostea
2008-07-12, 01:23
i would not recommend ie-spyad, as it has not been updated since Feb 5 '08
and is heavily outdated. there is malicious sites appearing everyday, and even sites that no longer exist are not removed in ie-spyad regurarly.
Heavily outdated? I would consider it dated and not updated in a while... but not heavily outdated. Of course it's a small chance you'll encounter those sites right?
Why not give MVPHosts a test? Although it only supports IE, I think.
Heavily outdated? I would consider it dated and not updated in a while... but not heavily outdated. Of course it's a small chance you'll encounter those sites right?
Why not give MVPHosts a test? Although it only supports IE, I think.
i encounter sites that are blocked by the hostsfiles more than the ones that are blocked by the immunizers, and i am not counting the adservers in that ,because they i encounter often, but if you are talking about that sites that are blocked by ie-spyad then that is another case, because it is outdated, and the ones that i encounter the most which is blocked are innocent looking sites, and that is often. the hostsfiles i have used has also worked when i have used firefox, but i dont know how it works on others computers.
md usa spybot fan
2008-07-12, 17:41
Gentlemen:
Please be considerate and stop hijacking threads.
The title of this thread is "Immunization count nearly doubled".
ChalupaPatrol (http://forums.spybot.info/member.php?u=35466) asked for an explanation of why that occurred. I only referenced IE-SPYADs because it was the best plain English explanation of what the new Spybot "(Secure Domains)" immunization was accomplishing.
I did not recommend using IE-SPYADs and I certainly intend to start a tit for tat discussion about the age of the IE-SPYAD database or the pros or cons of placing things in Internet Explorer’s Restricted Sites zone vs. placing sites in the HOSTS file.
Respectfully,
md usa spybot fan
ChalupaPatrol
2008-07-12, 23:13
Please be considerate and stop hijacking threads.
The title of this thread is "Immunization count nearly doubled".
ChalupaPatrol (http://forums.spybot.info/member.php?u=35466) asked for an explanation of why that occurred.I completely agree, but didn't want to say anything. Thank you.
drragostea
2008-07-12, 23:15
No further questions. This won't happen again the future. Apologies to ChalupaPatrol.
--drragostea