I thought I had posted on this before, but I cannot find the thread.
When I go to immunize with Spybot, Avira antivirus blocks some of the changes to the system. I would like to know:
1) Is there a way to fix this, and if not,
2) Is this a matter of concern?
I have long used Spybot, and like it, and do not understand why Avira blocks any of its actions.
Thanks in advance - Bill
This is a bit dated(from 2010),so I'm not sure what has changed since then,but it has instructions so immunization can be completed:
http://forums.spybot.info/showthread.php?60310-Incomplete-Immunization-Causes-System-Crash&p=389035&viewfull=1#post389035
The reason why Avira probably blocks some of Spybot's actions is because it can't tell the difference between Spybot adding certain things through Immunization and a threat.I know that is probably about as clear as mud,but it's a bit difficult to explain. :)
Here is a short bit about immunization:
http://www.safer-networking.org/features/immunization/
I'll use the host file as an example.This is a short bit on the hosts file on the Spybot site:
http://www.safer-networking.org/faq/hosts-file/
So,when Spybot immunizes,part of it's immuniztion adds a list of websites that a lot of people would prefer not to be accessed from their computer,so Spybot associates the sites hostname to a safe IP address in your hosts file,127.0.0.1,to prevent your browser from accessing the unwanted site.
There's more about that here:
http://ask-leo.com/what_are_these_127001_entries_in_my_system_hosts_file.html
That's all well and good,but then some malware might also add sites to the hosts file to try to prevent access to some security websites by putting the site name in the hosts file with 127.0.0.1.
For example,to prevent access to these forums it might put:
127.0.0.1 forums.spybot.info
In addition,malware might also try to get your browser to redirect to another site by putting in their own ip address along with a well-known site,so if you,for just an example,tried to access google.com,you'd be redirected to an unwanted site.
So,then Avira comes along,or some other security program,detects that the hosts file was modified,so then might issue a warning and/or remove the hosts file modification,and the security program doesn't always know whether the change is bad or good.
The hosts file is only one part of Spybot immunization,Spybot also will add unwanted sites to the restricted sites zone in Internet Explorer as part of immunization:
http://windows.microsoft.com/en-ca/windows/security-zones-adding-removing-websites#1TC=windows-7
which also can potentially be detected as something unwanted by another security program,even though the reason Spybot adds bad sites to the restricted sites zone is to help protect your computer,another security program might not be able to tell the difference between that and malware,and then attempt to remove that part of immunization.
So,to cut through all the hoopla,when another security product detects part of Spybot's immunization as a threat,basically it's a false positive. :)
http://www.pcmag.com/encyclopedia/term/42987/false-positive
Thank you. I haven't read all the links you provided yet, but I appreciate the answer.
I figured it was a false positive, and that Avira purposely targets some malware detection software for such false positives like some other antivirus programs do.
Is there a work-around in the links provided?
I would still like to make full use of spybot.
Thanks again - Bill
You're welcome.Yup,there's a work-around in the first link provided.