mhackley
2009-03-20, 03:27
I use Spybot S&D and Zamaan Software's Browser Helper Retaliator (BHR) as two of my main tools to combat spyware and other malware. I recently upgraded Spybot to it's current version (1.6.2), and installed the TeaTimer, something I had not used previously. Shortly thereafter, I noticed that BHR was using up about 80-90 percent of my CPU.
For those of you who are not familiar with BHR, one of the nifty things this freeware program does for you is it detects malware websites as you try to access them (whether by choice or by being auto-forwarded by another web page) and writes them to your HOSTS file using the DNS-resolved name and IP Address 127.0.0.1., the local loopback, or "home" IP. For you old-school techies, it's the HTTP equivilant of the PRINT > NULL command. For you non-techie types, Think of this as a dead-letter office for browser pages. It basically redirects any attempt to access a BHR-flagged web-page by your web browser to not occur. This is a great way to avoid those auto-forwards by websites. But, I digress...
As I was saying earlier, I noticed BHR was eating up most of my CPU processor cycles. At first, I thought it was some sort of virus or malware that had infected my system, and I spent countless hours running virus scans, Spybot scans and checking all my processes for abnormal behavior or anomalies.
It finally hit me, every time I ran across some website that met BHR's criteria for adding to the HOSTS file with the local loopback address, I observed a window pop up each time asking if I wanted to add the entry to my HOSTS file. I finally realized this was caused by the TeaTimer!!! TeaTimer's function (as I see it) is to protect your system files from being corrupted by outside sources. I told the TeaTimer to allow all entries to the HOSTS file, and I immediately noticed BHR's activity drop back down to near ZERO CPU time.
The questions I have for the Spybot S&D folks are: By allowing all adds to the HOSTS file, did I allow all adds by ALL programs, or just the BHR?
If I allowed a blanket add by all programs, how do I allow JUST the BHR to add to the HOSTS file without allowing other programs the same access? Is there a way to adjust the TeaTimer for this? I already checked the black/white lists, and did not find an entry for either allowing adds to the HOSTS file or allowing BHR to blanket add. There are no entries in the white list or the black list.
Any suggestions you have would be appreciated.
For those of you who are not familiar with BHR, one of the nifty things this freeware program does for you is it detects malware websites as you try to access them (whether by choice or by being auto-forwarded by another web page) and writes them to your HOSTS file using the DNS-resolved name and IP Address 127.0.0.1., the local loopback, or "home" IP. For you old-school techies, it's the HTTP equivilant of the PRINT > NULL command. For you non-techie types, Think of this as a dead-letter office for browser pages. It basically redirects any attempt to access a BHR-flagged web-page by your web browser to not occur. This is a great way to avoid those auto-forwards by websites. But, I digress...
As I was saying earlier, I noticed BHR was eating up most of my CPU processor cycles. At first, I thought it was some sort of virus or malware that had infected my system, and I spent countless hours running virus scans, Spybot scans and checking all my processes for abnormal behavior or anomalies.
It finally hit me, every time I ran across some website that met BHR's criteria for adding to the HOSTS file with the local loopback address, I observed a window pop up each time asking if I wanted to add the entry to my HOSTS file. I finally realized this was caused by the TeaTimer!!! TeaTimer's function (as I see it) is to protect your system files from being corrupted by outside sources. I told the TeaTimer to allow all entries to the HOSTS file, and I immediately noticed BHR's activity drop back down to near ZERO CPU time.
The questions I have for the Spybot S&D folks are: By allowing all adds to the HOSTS file, did I allow all adds by ALL programs, or just the BHR?
If I allowed a blanket add by all programs, how do I allow JUST the BHR to add to the HOSTS file without allowing other programs the same access? Is there a way to adjust the TeaTimer for this? I already checked the black/white lists, and did not find an entry for either allowing adds to the HOSTS file or allowing BHR to blanket add. There are no entries in the white list or the black list.
Any suggestions you have would be appreciated.