Hello,

You can find some dgood tools to stop this problem here :

http://saamu.net/topic1233.html

Take the tool here :

http://saamu.net/files/mesdl/Spybot-Sites.cmd

You have to apply it after every vaccination of IE8

It works very well !

@+

Hello,

You can find some dgood tools to stop this problem here :

http://saamu.net/topic1233.html

Take the tool here :

http://saamu.net/files/mesdl/Spybot-Sites.cmd

You have to apply it after every vaccination of IE8

It works very well !

@+

Thanks for sharing.

What does it do exactly? I mean, what does it do, that makes it possible not to have to undo immunizations?

The CMD code is copyrighted, but it simply deletes the "Domains", "EscDomains" and "Ranges" trees in all three places where Spybot adds its entries (SpywareBlaster uses one of those as well), then recreates them--empty, of course. Basically, it deletes the 10,000-plus entries Spybot (and SpywareBlaster) added in each tree.

Please note that after you run it once, you do NOT have to re-run it after each immunization IF you simply uncheck all of the "Domains", "IPs" and "Secure Domains" entries for IE on Spybot's Immunize page; you only have to do that once. (You may also want to check the "Do not show this again" box on the post-immunization pop-up warning.) You do NOT have to undo hosts-file immunization.

If you also use SpywareBlaster, just don't use it anymore; I don't know of any easy way to keep its updates from affecting those keys, and most of its other tools are available elsewhere (including Spybot).

I can confirm that it does reduce the hangups in IE8, though it's still not as fast as IE7 in that regard.

However, Microsoft should still be called to task for this. It may not be "supported", but they've certainly known for a long time how Spybot & SpywareBlaster work; it was WRONG for them to break it that way, and even MORE wrong for them to defer any fix till the next IE. It could be read as Microsoft breaking a competitor's software, which ought to get them in trouble with the EU again...

If it just deletes the entries created, wouldn't not immunizing do the same thing?

If it just deletes the entries created, wouldn't not immunizing do the same thing?

Not quite: undoing immunize does not delete the domain subkeys, it only deletes the binary * that are set to 4 to add the domains to restricted sites. That leaves the long list of keys. Though they don't do anything, it's a bit untidy. I delete Domains, EscDomains and Ranges keys manually, then recreate them (empty) when I want to unimmunize.

By the way, what is the purpose of adding the same set of domains both to the Domains key (populated by immunizing what spybot lists as 'domains') and the EscDomains key (populated by immunizing what Spybot shows as 'secure domains')? If one only immunizes the latter, the domains are not added to the restricted zone. If one only immunizes the former, they are added. So the EscDomains entries seem redundant as far as adding the sites to the restricted zone. Do they do something else?

Rosenfeld:


... By the way, what is the purpose of adding the same set of domains both to the Domains key (populated by immunizing what spybot lists as 'domains') and the EscDomains key (populated by immunizing what Spybot shows as 'secure domains')? If one only immunizes the latter, the domains are not added to the restricted zone. If one only immunizes the former, they are added. So the EscDomains entries seem redundant as far as adding the sites to the restricted zone. Do they do something else?

From:
Internet Explorer security zones registry entries for advanced users
http://support.microsoft.com/kb/182569

The EscDomains key resembles the Domains key except that the EscDomains key applies to those protocols that are affected by the Enhanced Security Configuration (ESC). ESC is introduced in Microsoft Windows Server 2003.

Also see:
Support Enhanced Security Configuration on Win2003 immunization
http://forums.spybot.info/project.php?issueid=237
I personally do not immunize "Secure Domains" because I do not believe that it has any pertinence on my XP system.

I'd more or less satisfied myself that EscDomains was not relevant to IE in XP, thanks for confirming.

2003 is XP (64 bit). Not so important on XP 32 bit, agreed. Even though malware populates these keys on XP 32 bit as well, and it might also depend on the IE version, not just the Windows version.

Can someone summarize what is the official SPYBOT advise on what should and should not be ticked (I have just upgraded to IE8 so need to know this before immunizing anything which will break the system).

Thanks

There is an update by Microsoft that fixes this issue, see the update of our news here (http://www.safer-networking.org/en/news/2009-03-25.html)