View Full Version : Update Removed Some Immunizations
Synetech
2011-06-12, 08:20
I just performed an update to SpybotSnD and noticed that in addition to adding a bunch of items to my HOSTS file, it actually removed the following items:
andromedical.com
mp3musicdirect.com
okulta.com
websearch.com
Um, why‽ I did not perform an un-immunization. If they’re not in its database, then where does it get off messing with things it has nothing to do with? :nono:
I considered that maybe it was trying to rectify some false-positives that it previously added, but that’s not the case, unless you consider penis-enlargement products and defunct MP3 sites to be false-positives.
Should I worry about other things that I have manually put in there suddenly disappearing with a new update as well?
Gopher John
2011-06-12, 16:32
Anything that the user adds between the lines below is subject to change by an update of SpyBot Search & Destroy. I have entries above the first line, but after the localhost line and they've never been changed in years.
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2010 Safer-Networking Ltd.
# End of entries inserted by Spybot - Search & Destroy
Synetech
2011-06-12, 17:33
Except that the entries in question were not between those lines. In fact, I always strip those lines after an update (or any change to the HOSTS file), then sort the anti-phishing/etc. lines, and then remove duplicates. So there was no reason for the update to remove those lines that were interspersed throughout the file.
Gopher John
2011-06-12, 19:13
If you strip those lines, then that is the problem. SpyBot Search & Destroy uses those lines to determine the entries that it owns. If they aren't there then it may consider all entries fair game.
Synetech
2011-06-13, 04:37
If you strip those lines, then that is the problem. SpyBot Search & Destroy uses those lines to determine the entries that it owns. If they aren't there then it may consider all entries fair game.
That is absolutely the wrong design and the wrong thing to do. The HOSTS file does not belong to Spybot; it is a shared, system file that is accessible and modifiable by other applications, so Spybot has no right to mess around with it as it pleases.
If it were one of its own files, they yes, you take a chance of losing your changes or even corrupting things by making manual changes (like manually editing SVN’s control files), but an application should not assume that it has some sort of exclusive use of a shared file or assume that it will be in any specific state (maybe it’s completely empty; maybe it’s used in a corporation and contains entries for system aliases). Spybot cannot and should not expect those comments to be present.
If Spybot thinks that it needs to remove something, it should ask for permission. Look at HijackThis; it checks the HOSTS file for malware redirects, but checks with the user before removing them (it’s the same with the Zones).
Besides, even if it were Spybot’s own file or even if it asked for confirmation, that doesn’t explain why it would have removed those specific entries, thus exposing users to unwanted/malware sites in the first place.
Synetech
2015-05-09, 18:20
Apparently SpyBot is now also un-immunizing dudu.com. This unexplained removal of items from the HOSTS file is highly suspicious. It makes one wonder if they are removing them because they get kick-backs from those websites. :confused: