PDA

View Full Version : Immunization questions



Frants
2009-03-14, 11:33
Hi.

I'm trying to understand how Spybot immunization works. I've read the thread where some answers where given but I'm not happy yet. ;) I see the modification of the hosts file and how Firefox and Internet Explorer sort of cannot reach the domains no more. My question is simply, why do I need more protection than that?

I feel that my system gets kind of bloated when immunizing Internet Explorer through the registry. Not that Windows would get any slower or anything but, TuneUp Registry Defrag reports a size of 12mb right after installing Windows and after installing Spybot and immunizing IE I have a registry with a size of 22mb. Is this really really necessary to stay fully protected?
Right now I see the HUGE list of domains found in HKEY_CURRENT_USER\[..]\Internet Settings\ZoneMaps\Domains having duplicates all over my registry. Gosh this seems so wrong?

Is it correct that Firefox immunization is only done in permissions.sqlite (And of course hosts)? This is great. Having only two files go from 2kb to 1.5mb is in my opinion a better way than doubling the size of the registry.

I see a different behaviour after immunizing Firefox and entering for instance 008i.com than after having only the hosts file modified. When only hosts is modified I end up on a "This domain me be for sale" page, but when Firefox has been immunized I cannot reach the page no more. This would to me be the expected behaviour having only hosts modified. But has that got anything to do with that www. 008i.com isn't in the hosts list and just 008i.com ? :S This is the case of quite many domains listed. Why? Isn't 008i.com kind of just redirecting to www. 008i.com, thus modifing hosts has no real difference? (This is why I wrote "sort of cannot reach" in the beginning ;))

Frants

drragostea
2009-03-15, 05:53
Each registry varies from computer to computer because it is everything from the minor wallpaper tweaks to the programs you install that makes what the registry is in your machine.

On average, if I'm correct, the registry (assuming it is used for everyday browsing and processing, but no heavy installing, uninstalling, and gaming) would 'weigh' around 40-60MB. The issue about registry "bloat" does not affect Windows XP. Besides if your registry gained some 10MB in size, I really don't think it'll make a noticeable difference as it will not impact your browsing and activity on the computer.

Not visiting the site is better than visiting a sold domain site (which now has a bogus search engine and possibly redirections to a malicious site).
I'm not so sure about what the difference is with the addition "www." in front of the URL, but it did make a difference in actually seeing the site (hope someone can explain this).

Like: myaccount.chase.com (failed attempt) compared to
www.myaccount.chase.com (the one that works)

Gosh this seems so wrong?
To me no, considering the this kind of protection you get it's priceless (skips the hard work of adding sites by hand).

Frants
2009-03-23, 19:36
Hm. Yeah, you're probably right. I think it's odd however that it isn't enough to block the domain via hosts since this makes the browser not able to reach the domain no more. At least it should do that.

Right now Spybot is kind of blocking domains twice, right? In IE via hosts and registry hacks and in Firefox via permissions.sqlite and hosts. At least that's what one believes when looking at the list of blocked stuff in Spybot. It's exactly the same amount of blocked bad stuff in firefox x3, IE x6 and hosts x1.

But hey I guess there is some idea why it's the way it is and maybe I just have to accept that. :)