Upgrading to Firefox 3.5 has introduced an issue with Spybot Search & Destroy that didn't exist before. I notified them of this (modified version follows) but they refer me to you (very Microsoft-ian of them, isn't it?). Just FYI, this issue also affects the latest release of SpywareBlaster.

In any case, you might want to look into this...

//BEGIN
Leaving "Site Preferences" checkbox checked in either of these places in Firefox 3.5:

1) Tools | Options... | Privacy | Settings...
2) Tools | Clear Recent History...

results in the Firefox immunization protection offered by Spybot Search &
Destroy 1.6.2 (cookies, images, installations, and popups) being wiped out. In the case of 1) above, the problem occurs simply by opening the Firefox 3.5 browser. In the case of 2) above the problem occurs when choosing to clear recent history (Ctrl+Shift+Del) in Firefox 3.5.

Unchecking the Firefox 3.5 "Site Preferences" checkbox in the places listed above resolves these issues -- but at the expense of me having to accept the possibility of site preference data being preserved within Firefox.

This problem did NOT exist until the installation of Firefox 3.5. I have the latest version of Spybot Search & Destroy with the latest definition files
applied, and both were in place and functioning perfectly with the version of Firefox (3.0.11) I had in place prior to upgrading to FF 3.5. In fact, Spybot S&D has worked fine with all versions of Firefox prior to 3.5! The problem started immediately upon upgrading to Firefox 3.5. The result is a potential compromise to Firefox security.


Reproducible: Always

Steps to Reproduce:
1. Verify that all Firefox immunization/protection offered by Spybot Search &
Destroy 1.6.2 is in effect; close this program.
2. Open Firefox 3.5
3. Verify that the "Site Preferences" checkbox is checked in Tools | Options...
| Privacy | Settings... (if not, check it and restart Firefox).
4. Close Firefox.
5. Repeat Step 1, which will show that all previously enabled Firefox
protection is now disabled.

OR

1. Verify that all Firefox immunization/protection offered by Spybot Search &
Destroy 1.6.2 is in effect; close this program.
2. Open Firefox 3.5
3. Either select Tools | Clear Recent History... OR press Ctrl+Shift+Del
4. Verify that the "Site Preferences" checkbox is checked (if not, check it).
5. Click the "Clear Now" command button.
6. Repeat Step 1, which will show that all previously enabled Firefox
protection is now disabled.

Actual Results:
In both methods described above, the result is that the previously enabled
Firefox protection offered by Spybot Search and Destroy is then disabled.

Expected Results:
The previously enabled Firefox protection offered by Spybot Search and Destroy should remain enabled.
//END

Wow, thanks for this very detailed report!

Will have to think about this - Firefox isn't doing anything "wrong", just offers a new feature that makes another feature less persistent...

I notified them of this (modified version follows) but they refer me to you (very Microsoft-ian of them, isn't it?). Just FYI, this issue also affects the latest release of SpywareBlaster.

Was this in some public place?

It's really a concept question with no easy workaround; right now, the best current option I could think of would be a flag in permissions.sqlite, table moz_hosts that would control whether entries are programatically or manually created, and when applying the privacy cleanup, only remove those manually added (entries created by external software would not be a privacy concern history probably anyway).

Adding a timestamp to that table might be nice as well, since the UI offers time range to clean, but Site Preferences do not seem to be compatible to this (probably resulting in preferences always been cleared).

That would all be on Mozillas side though. I though about what we could do (next to a warning shown during immunization), but the only other way (FF plugin doing the same) is not really what immunization is any more (will be available in FF 2.0, which has a central URL processor to allow easier browser plugins).

@CindyS,


Quote "Unchecking the Firefox 3.5 "Site Preferences" checkbox in the places listed above resolves these issues -- but at the expense of me having to accept the possibility of site preference data being preserved within Firefox."


I tried your method of unchecking 'Site Prferences' (Options>Privacy>Settings), but after a reboot, the Firefox 3.5 immunization is cleared anyway.

@CindyS,

I have found that you must uncheck 'Site Preferences' in both areas you mentioned. I was unclear on that point, I understood you to say either/or.

After unchecking 'Site Preferences' in both areas, the immunization appears to stay.

Hello,

We have added this issue to our bugtracker: http://forums.spybot.info/project.php?issueid=384

Best regards
Sandra
Team Spybot

I'm having the same problem since I updated firefox to 3.5.1.
Are we waiting on an update to resolve this?

I just found this out as I only recently updated to Firefox 3.5.3

this is still an issue:
and it's a Firefox problem:

Firefox 3.5.3
Spybot S&D: updated to newest def. 18/Sep./2009

in Firefox:
Tools > Options > "Security" tab
Clear History when Firefox closes check box checked
in "Settings" if "site preferences" is checked it wipes out the immunizations at the browser close not at browser open, as soon as Firefox is closed the immunizations vanish

same with the site preferences check box in:
Tools > Clear Recent History

if executing the in browser clear history and the site preferences check box is checked it will immediately wipe out the immunizations

and as noted above; both methods of clearing private data / history cannot have the site preferences check box checked they both must be left blank, or immunization info will be deleted.

Hello,

The issue should be fixed in a new version, I do not think that there will be an update for this.

Best reagards
Sandra
Team Spybot

Still the same problem with FF 3.55 now. Any action yet to resolve this bug??

And a functional question: if I immunize before browsing, am I at least immunized until I close and reopen FF? I.e., are the immunizations actually working at least temporarily, or is Spybot erroneously reporting that immunization has been successful??


Hello,

The issue should be fixed in a new version, I do not think that there will be an update for this.

Best reagards
Sandra
Team Spybot

Hello,

You have just quoted the answer. ;)

Best regards
Sandra
Team Spybot

OK...but that was 2 months ago. FF has updated twice since then, and Spybot still has not corrected the problem with a new release. If I am choosing which AS application to use, Spybot dithering that long over a known problem does not inspire confidence in the product. In fact, it makes me think "they don't give a hoot about a vulnerability in their product, and thus, by extension, me." It makes me less likely to recommend Spybot SD to people who ask my advice on AV/AS issues.

So there is no timeline for if/when a new version is coming down the pipeline that addresses this problem for the millions/billions of FF users? That's what I was asking.

I also asked whether the immunization actually is implemented until the browser is closed, but got no response to that at all. So I still don't know if I can get by immunizing-before-browsing as a stop-gap measure? :sad:

Hello,

We are working on Spybot 2.0 at the moment.
But as it is complete different from former versions it is not that easy to pop out with a new version in weeks.
You might want to take a look here (http://forums.spybot.info/blog.php?u=1) or on our twitter (http://twitter.com/SpybotSD) page.

Best regards
Sandra
Team Spybot

What? What do you mean you can't pop out a new version just like that? :)

Fair enough. Good to see from those links that rootkits are getting attention in 2.0 - many of us will be on XP for some time to come.

Thanks for the additional information. :thanks:


Hello,

We are working on Spybot 2.0 at the moment.
But as it is complete different from former versions it is not that easy to pop out with a new version in weeks.
You might want to take a look here (http://forums.spybot.info/blog.php?u=1) or on our twitter (http://twitter.com/SpybotSD) page.

Best regards
Sandra
Team Spybot

Next to the 2.0 getting a lot of attention here, the problem here is more with Firefox, not Spybot. We don't see how we can block the removal, so everything we would do here would be just reacting and reimmunizing as soon as possible.

Firefox protection in 2.0 will have additional vectors. 2.0 has a central system service dealing with the protection stuff generic to all browsers (already finished), plus browser plugins. IE users already know SDHelper; a Chrome plugin is half finished, and the Firefox plugin will be next. Should you wonder why Chrome receives attention before Firefox: both browser-side parts are using AJAX, and testing AJAX on Chrome is a bit easier, so the stuff created for Chrome will be partially reused in Firefox.

@PepiMK

Will the Firefox and Opera plugins be able to be disabled by the user, or not activated at all, except as an option? There's already quite a bit of discussion on the Firefox forums about other software installing plugins in Firefox without asking.

I would guess that would be set up like the MSIE plugins are now, just checking.

The method of installation hasn't been finalized yet, but at least, it will be an option and not a necessity during installation. Afterwards, I would probably prefer to just open Firefox with the plugin page, since it would even make it much easier A. to allow the user to see where he can install it for other Firefox installations, and B. will give him the choice.

What speaks against this is that it might be better to install it to the program files folder than to the profile.

Thank You for taking the time to write the instructions in a way that people without major computer skills can follow.