Could someone please explain the purpose of the following beta update?
- ßTCP/IP Settings plugin - !TCP/IP Settings plugin (65 KB) - 2007-06-06
Could someone please explain the purpose of the following beta update?
- ßTCP/IP Settings plugin - !TCP/IP Settings plugin (65 KB) - 2007-06-06
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
hi,
some malware (for instance Zlob.DNSChanger) are able to change the computer's TCP/IP settings. In case of Zlob.DNSChanger bad DNS Servers are entered.
The TCP/IP settings plugin enables Spybot to use new rules which can detect IP addresses entered by malware and exchange them with non harmful entries.
Further plugins will enable Spybot to increase its set of rules and rule parameters without the need for a new main update. Thus the plugins make Spybot more flexible.
Yodama:
Thank you for the explanation.
Regards,
md usa spybot fan
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Stickied.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
Excellent addition: well done the Spybot team
hi all,
where do I download that update from? is it possible to download it without using integrated update? Is it included in the includes download from the site?
maybe im not understanding properly - the malware is changing DNS entries on our machine and Spybot solution is to DNS entries to something else? shouldnt it just remove the malware and leave our setttings alone - or does it set the dns to a benign setting and then we have to change the settings back outrselves? otherwise that doesnt sound like a solution or am i completely misunderstanding whats happening here?
thanks!
If the malware replaces your "official" DNS settings with malicious entries, just removing those would leave you without any DNS servers at all - thus disconnected from the net (unless you want know and want to type in IPs for all sites you want to visit ).
For Spybot, it is quite difficult to guess which your settings where; it could remember what they were during installation (which would make the removal ineffective if the malware already was in place when you install Spybot), or it could look it up in one of those backup copies of settings (which also would just restore the same bad settings if you had the malware long enough to get backed up by Windows).
Using benign settings inside our database might not result in as fast DNS servers as the ones from your provider might be, but they're safer than using machine backups that might have been compromised as well. Since the replacement takes only place when something bad was found, I think a better chance to have a clean DNS server is more important than to have the original one, but more danger of restoring a compromised setting.
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
If it left the setting alone, you would still be pointed to the compromised DNS for lookups. Meaning, you could fall victim to phishing and/or re-infection.
Exactly. If DNS lookups were working with a compromised machine, then that machine must not be firewalled outbound to the internet - so using OpenDNS will work fine.
Alternatively, SB could set the DNS setting to automatic detection (if the IP address is also done via DHCP). This is probably what most people would want, but the solution they implemented is the only one that won't suddenly "break the internet" for a handful of users.