PDA

View Full Version : Bookmark and Tracking cookie problem with 2006-05-19 updates.



md usa spybot fan
2006-05-19, 15:51
It appears that after the 2006-05-19 updates (integrated) all bookmarks and cookies are being identified as potential problems.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Examples:


Bookmark (Internet Explorer xxx)
Internet Explorer (xxx):Home - The home of Spybot-S&D! (http //www safer-networking.org/en/home/index.html)

Tracking cookie (Internet Explorer xxx)
Internet Explorer (xxx) Cookie xxx@forums.spybot.info/ ()

PepiMK
2006-05-19, 16:32
Wow, you are fast, but not fast enough I think, since that update was out only for minutes :D

eb1sthome
2006-05-22, 19:37
We have a small network (50+) users and today 8 users reported that their favorites have been deleted. When checking the S&D history the reports show all of the IE cookies and benchmarks were detected and FIXED. How to I prevent this from reoccurring?

md usa spybot fan
2006-05-22, 23:01
eb1sthome:

The problem:
Although PepiMK (http://forums.spybot.info/member.php?u=1) quipped:

Wow, you are fast, …that update was out only for minutes :D
There evidently was a problem (false positives) with the detection files that were released on 2006-05-19. I do not know the exact duration of time that these errant "includes" files were available until the problem was corrected, but I do know that I personally experienced the problem between the time I checked for updates:
5/19/2006 7:35:26 AM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
And the time that the includes.zip file was downloaded and applied:
5/19/2006 7:44:42 AM downloaded update Detection rules
5/19/2006 7:44:42 AM - URL: http://www.spybotupdates.biz/updates/files/includes.zip
5/19/2006 7:44:42 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
(Note: All times above EDT [Eastern Daylight Time] which is GMT/UTC minus four [-4] hours).

Prevention:


How do I prevent this from reoccurring?
Assuming that you are asking how you can prevent such errors (false positives) from affecting your users and not asking a rhetorical question as to how you can prevent the members of Team Spybot from ever making an error again, I have a couple of questions:
Do those "… (50+) users …":
Run their own updates and scans?

--- or ---


Are their PCs set up to run SpybotSD.exe at startup with the following parameters?
/autoupdate /autocheck /autofix

If the answer is (a): The only thing I can suggest is education. I didn’t delete all my stored cookies and bookmarks because I knew better. Even if I did know that these specific detections were not correct, I think that, with some background education, I would have suspected that the number of detections between two subsequent checks was not normal and would have asked someone before proceeding to “Fix selected problems”.

If the answer to the above is (b): I suggest that you review how you distribute changes to those "… (50+) users …". Any changes can have negative effects on users. When dealing with large groups these negative effects can be disastrous. I don’t care if it is changes to Spybot, other anti-spyware, anti-virus definitions, program updates or even Windows updates. I suggest that you should be allowing direct updates, but should be reviewing all changes before distribution of those changes.

In the case of Sptbot there is a facility that allows the centralized distribution of updates. Please review and considered using the Spybot S&D Intranet Server for updating?
Information on the product:
Home (http://www.safer-networking.ie/en/index.html)
IServer (http://www.safer-networking.ie/en/iuserver/index.html)
Prices (http://www.safer-networking.ie/en/prices/index.html)
Order (http://www.safer-networking.ie/en/contact/order.html)
Demo-Version (http://www.safer-networking.ie/en/contact/demo.html)
Imprint (http://www.safer-networking.ie/en/imprint/index.html)


Support
FAQ (http://www.safer-networking.ie/en/faq/index.html)
Contact (http://www.safer-networking.ie/en/contact/index.html)

eb1sthome
2006-05-23, 16:00
I appreciate the information and suggestions included with your quick response. My main concern when the problem occurred was the possibility of a genuine threat to the network. I was pleased to know that was not the case. We have used Spybot S&D for about a year and have not had to deal with nasty spyware not once. Again, thank you for the quick response and I will be reviewing our policy regarding the way changes and updates are done.

tsSecure
2006-05-23, 21:59
To recover all of your favorites that were deleted by Spybot just go into recovery and select COMMON DIALOGUES and hit restore.

L0gan5
2006-05-31, 03:11
To recover all of your favorites that were deleted by Spybot just go into recovery and select COMMON DIALOGUES and hit restore.

i dont see anything that says common dialogues. i also tried using system restore to bring it back to the point right before spybot removed my bookmarks, and that didnt work either. id really like to get my bookmarks back bc i had a lot.

Zenobia
2006-05-31, 08:07
Which browser do you use?It wouldn't happen to be Firefox 1.5,would it?

L0gan5
2006-05-31, 15:14
no, im using Internet Explorer 6

Zenobia
2006-06-01, 01:26
Ok,I thought I'd check,because Firefox 1.5 automatically backs up the bookmarks.
Do you think this false positive might have been why you lost your bookmarks,after reading this thread?Were all your cookies and bookmarks found as bad when you did a scan with Spybot?
I checked this out a little myself,and when any bad favorites I added to Internet Explorer(or Firefox) were removed by Spybot,they weren't put into recovery,for me.
You wouldn't have happened to have made a backup of your bookmarks at any time,would you have?
http://www.pcmag.com/article2/0,1895,1566851,00.asp

tsSecure
2006-06-01, 22:11
To keep Spybot from detecting bookmarks go to Advanced Mode > Settings > Ignore Products > Tracks.uti > And check Common Dialogues and Logs

md usa spybot fan
2006-06-01, 22:48
tsSecure:

The bookmarks that were detected and remove due to the false positives that I originally posted about in this thread:
Can not be recovered as you stated in post #4:

To recover all of your favorites that were deleted by Spybot just go into recovery and select COMMON DIALOGUES and hit restore.
Were detected during the "Spyware" check not the "Usage tracks" check and therefore the detection of the bookmarks could not have been prevented as you are now suggesting in post #11:

To keep Spybot from detecting bookmarks go to Advanced Mode > Settings > Ignore Products > Tracks.uti > And check Common Dialogues and Logs