Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 51

Thread: Spybot Immunize Plus IE 8 Final Equals Disaster On WinXP SP3

  1. #11
    Junior Member 2harts4ever's Avatar
    Join Date
    Oct 2005
    Location
    Central Pennsylvania
    Posts
    18

    Default

    Good morning m00nbl00d,

    I must be one lucky 'sucker' because when I check for Spybot S&D updates it is almost instantaneous as was the case before I installed IE8 on my computer (Compaq Presario AMD Athlon(tm) 64 Processor 3300+, 2411MHz/1.93 GBs RAM, running Windows Xp Home, SP3., with IE8).

    Maybe I am one of the lucky ones.

    Regards,

    2harts4ever
    " ... Nuff Said. Keep Smiling Because I'm Smiling Too!"

  2. #12
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Hello 2harts4ever,

    I forgot to mention that, as far as I'm aware of, this issue only affects Windows Vista (including SP1, which is the one I use, x86, but I believe it affects all versions), with UAC enabled.


    Regards

  3. #13
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    211

    Default

    Further to my previous post, I've now done some tests. The only effect for me of having Spybot immunization is a slight delay when first opening IE 8. It takes ~2 seconds to load my home pages without any restricted sites, ~5 seconds with the ~10500 sites added by Spybot. I can live with that.

  4. #14
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by Rosenfeld View Post
    Further to my previous post, I've now done some tests. The only effect for me of having Spybot immunization is a slight delay when first opening IE 8. It takes ~2 seconds to load my home pages without any restricted sites, ~5 seconds with the ~10500 sites added by Spybot. I can live with that.
    It depends on how many domains are placed at the Restricted Sites Zone.

    The more there are, the slower things become.

    I did a test, by making use of Spybot, SpywareBlaster and IE-Spyad entries, and the result is what I mentioned, previously.

  5. #15
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    If the choice is between filling my Restricted Sites with thousands of entries on a weekly basis or using Internet Explorer 8, I'd use IE 8. Here's a comment about this issue from the Internet Explorer Blog relating to the RTM release.

    http://blogs.msdn.com/ie/archive/200....aspx#comments
    # re: Internet Explorer 8 Final Available Now
    Saturday, March 21, 2009 9:49 PM by EricLaw [MSFT]

    @Howard: Firstly, please notice that I did not suggest that users "disable Spybot" but rather that they not use the "Immunize" feature.

    The immunization feature offered by SpyBot is not required to browse safely with Internet Explorer 8. IE8 includes more reliable protections against malicious sites, including per-site ActiveX, ActiveX opt-in, DEP/NX, Protected Mode, and SmartScreen Filter.

    Blocking a static list of sites using Zones is fundamentally a losing game, because (as phishers have demonstrated for years) attackers can simply deliver malicious attacks from new domains or IP addresses.
    IE8 Security Part IX - Anti-Malware protection with IE8’s SmartScreen Filter

    Personally, I haven't been using immunize on current operating systems myself for a couple years. The fast-flux networks and other quickly changing location technologies involved in malicious delivery systems today make this relatively slow method of site blocking nearly useless and simply an exercise in update futility.

    Since these registry and hosts entry systems were never really designed for automated 'stuffing' of large lists, they've always been limited by the overhead they create. The idea that these lists have no effect on the operation of a system and are in effect 'passive' is a myth that has pervaded the home security community for years. Any 'list' contained within a program will require a finite amount of time to search, regardless of the efficiency of the code that performs it.

    However, the real problem here isn't the abused technolgy, it's the valid points made by Eric in his comment that there are much better protection systems now built into IE 8 itself. These systems in some cases don't suffer from the scalability issues that are inherent with locally hosted and searched lists. For example, SmartScreen Filter uses a list which is hosted by Microsoft, to which any IE 8 user can contribute and which is thus much more quickly responsive than a local list downloaded weekly.

    Much is often discussed about the limitations of collecting and distributing lists of malicious code (i.e. viruses) and the inherent delay involved. However, few ever consider this same issue as it relates to malicious sites, since these somehow seem less likely to change. In reality though, many of the most prolific malware delivery systems in use today are much more dynamic and thus too quickly changing for such old ideas to work. These systems are best left for the user to perform blocking of individual sites on demand, which was their intended purpose in the first place.

    Bitman

  6. #16
    Junior Member ssuperdave's Avatar
    Join Date
    Mar 2009
    Location
    Effingham Il
    Posts
    20

    Cool Seems ok ..

    I also updated to IE8 and have had no problems .. the only glitch i have is it takes a few seconds longer for the main page to load ..
    Last edited by ssuperdave; 2009-03-26 at 21:08.

  7. #17
    Junior Member 2harts4ever's Avatar
    Join Date
    Oct 2005
    Location
    Central Pennsylvania
    Posts
    18

    Default

    bitman,

    Excellent response! I find it filled with well-thought out reasoning on your part and written in such a way that folks like me with limited computer knowledge can understand what you are saying.

    I for one appreciate you sharing your thoughts with the rest of us watching this thread.

    Thanks and regards,

    2harts4ever
    " ... Nuff Said. Keep Smiling Because I'm Smiling Too!"

  8. #18
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by bitman View Post
    If the choice is between filling my Restricted Sites with thousands of entries on a weekly basis or using Internet Explorer 8, I'd use IE 8. Here's a comment about this issue from the Internet Explorer Blog relating to the RTM release.

    http://blogs.msdn.com/ie/archive/200....aspx#comments


    IE8 Security Part IX - Anti-Malware protection with IE8’s SmartScreen Filter

    Personally, I haven't been using immunize on current operating systems myself for a couple years. The fast-flux networks and other quickly changing location technologies involved in malicious delivery systems today make this relatively slow method of site blocking nearly useless and simply an exercise in update futility.

    Since these registry and hosts entry systems were never really designed for automated 'stuffing' of large lists, they've always been limited by the overhead they create. The idea that these lists have no effect on the operation of a system and are in effect 'passive' is a myth that has pervaded the home security community for years. Any 'list' contained within a program will require a finite amount of time to search, regardless of the efficiency of the code that performs it.

    However, the real problem here isn't the abused technolgy, it's the valid points made by Eric in his comment that there are much better protection systems now built into IE 8 itself. These systems in some cases don't suffer from the scalability issues that are inherent with locally hosted and searched lists. For example, SmartScreen Filter uses a list which is hosted by Microsoft, to which any IE 8 user can contribute and which is thus much more quickly responsive than a local list downloaded weekly.

    Much is often discussed about the limitations of collecting and distributing lists of malicious code (i.e. viruses) and the inherent delay involved. However, few ever consider this same issue as it relates to malicious sites, since these somehow seem less likely to change. In reality though, many of the most prolific malware delivery systems in use today are much more dynamic and thus too quickly changing for such old ideas to work. These systems are best left for the user to perform blocking of individual sites on demand, which was their intended purpose in the first place.

    Bitman
    Yes, IE 8 brings additional security.
    But, let's not forget important facts here.

    Fact - Not everyone has, unfortunately, patience to deal with UAC. There's always something that doesn't work quite well, and, if people can't make it to work, then, they'll have to find people who'll do it for them. Perhaps, their IT professionals.

    Fact - Even though is IE 8 is safer than any other previous version, it won't be 100% effective. Nothing is.

    Fact - Regardless if some user makes use of SpywareBlaster, Spybot - Search & Destroy, IE-Spyad or any other entries, to add to IE's restricted sites zone, there's always going to exist this additional layer of security.

    Fact - If the Restricted Sites Zone is useles, why still existing? Makes no sense, at all.

    Fact - Not everyone has the knowledge to tweak IE for a safer browsing, like disabled ActiveX and only enabling per site. They'd got lost with those tweakings.

    Fact - All that was said on that post, in no way, is a valid reason not to fix this bug, that didn't exist in the release candidate version.

    One thing is theory, one other practice. Two different realities.

  9. #19
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    It's not theory, none of the computer systems I mentioned or any of my own have any special settings other than the Windows XP/Vista and/or IE 7/8 defaults and they've protected both myself and my nephews very well. Any of the products you mentioned are add-ons not included with Windows and require special additonal operations by the user to use them, so they are actually more difficult for a non-technical user to manage.

    The only advertised reason that Restricted sites exist is to allow a user to add an entry manually one at a time within Internet Options, Security tab, Sites button. Automated 'stuffing' of these registry entries has never been addressed in any Microsoft Technical literature and thus is not officially supported. It is products such as Spybot S&D and SpywareBlaster that have implied that this is the reason they exist, not Microsoft.

    How to use security zones in Internet Explorer
    http://support.microsoft.com/kb/174360

    Windows Help and How-to: Security zones: adding or removing websites
    http://windowshelp.microsoft.com/Win...c385a1033.mspx

    Please note that I did not include UAC in my discussion, since that's not really a security feature, it's a nag box designed purposefully to annoy users of badly written software in hopes they'll complain to the real offenders, the vendors of the software that are unnecessarily requiring Administrative priviledge for their programs to operate. Otherwise, the only prompts you should see are those that would actually require Administrative access, such as program installation.

    And note that I never stated the 'bug' shouldn't be fixed, though I personally don't care if it ever is for the reasons I've already stated. If there's one thing I've learned by observing these and other forums it's that many people will only feel protected if they've installed and updated a half dozen often conflicting and questionable products every week, even if the aggregate protection provided by these products is no better than what one good product might provide. It's also quite obvious that many of these same users will avoid or ignore updating either thrid-party software products or even Windows itself, even though these are the most proven methods of providing actual protection.

    True security is actually very simple, repetitive and mundane. The more complex the process is made the more likely it will fail.

    Bitman

  10. #20
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by bitman View Post
    It's not theory, none of the computer systems I mentioned or any of my own have any special settings other than the Windows XP/Vista and/or IE 7/8 defaults and they've protected both myself and my nephews very well. Any of the products you mentioned are add-ons not included with Windows and require special additonal operations by the user to use them, so they are actually more difficult for a non-technical user to manage.
    Actually, making use of Spybot's and SpywareBlaster's immunizations, is a lot easier than actually having to tweak IE, to offer, by itself, a better protection.

    It's a two step process. Update and re-immunize. Simple.

    The only advertised reason that Restricted sites exist is to allow a user to add an entry manually one at a time within Internet Options, Security tab, Sites button. Automated 'stuffing' of these registry entries has never been addressed in any Microsoft Technical literature and thus is not officially supported. It is products such as Spybot S&D and SpywareBlaster that have implied that this is the reason they exist, not Microsoft.
    Then, why not just take the Restricted Sites Zone option, since, what you mention, would be better to place at the HOSTS file, which would prevent anything in the system to connect to that domain.

    But, what the Restricted Sites Zone offers, that the HOSTS file lacks, is the capability of adding domains like *.bad-domain. com. By placing a *, the user would be blocking access to any domain within the domain .bad-domain. com, and not just to the main one.

    So, such feature and such entries, are, in my most opinion, useful, and waste no resources. Most important, provide an extra layer of security.


    How to use security zones in Internet Explorer
    http://support.microsoft.com/kb/174360

    Windows Help and How-to: Security zones: adding or removing websites
    http://windowshelp.microsoft.com/Win...c385a1033.mspx
    This info my be useful to some person, digging through this thread. Not to me, though. But, thanks.

    Please note that I did not include UAC in my discussion, since that's not really a security feature, it's a nag box designed purposefully to annoy users of badly written software in hopes they'll complain to the real offenders, the vendors of the software that are unnecessarily requiring Administrative priviledge for their programs to operate. Otherwise, the only prompts you should see are those that would actually require Administrative access, such as program installation.
    Actually, it is a security mechanism. When UAC is enabled, it will also enable the Protected Mode in IE7 and IE8, in Windows Vista and Windows 7. This will decrease what IE can do in the system.

    UAC is also a good way to know when something is requiring elevated rights to do important changes in the system.
    Let's imagine that some user would open an e-mail, and, UAC alert for something. "Houston, we have problem.".

    So, UAC is much more than just an annoyance.

    And note that I never stated the 'bug' shouldn't be fixed, though I personally don't care if it ever is for the reasons I've already stated.
    Fair enough.

    If there's one thing I've learned by observing these and other forums it's that many people will only feel protected if they've installed and updated a half dozen often conflicting and questionable products every week, even if the aggregate protection provided by these products is no better than what one good product might provide. It's also quite obvious that many of these same users will avoid or ignore updating either thrid-party software products or even Windows itself, even though these are the most proven methods of providing actual protection.
    Unfortunately, it happens. But, this are people, who get, perhaps, their first system. Are not even aware of the existing dangers.
    But, the main problem here, are the IT professionals. They don't alert the costumers for that very same fact. They just install a free and crippled antivirus, and that's it, pretty much.

    Last year, a relative of mine, bought a computer (New computer user), and the folks where this computer was bought, only installed a free and crippled antivirus. They didn't care to explain how to update it. They haven't enabled UAC. They also didn't explain how to work with it, obvisiouly.
    To make things a lot worse, they didn't create a normal user account.

    True security is actually very simple, repetitive and mundane. The more complex the process is made the more likely it will fail.

    Bitman
    Yes, I agree. That security should be simple, that is. But, just because one makes use of a layered security, that doesn't mean it isn't simple.

    One can just make use of a very complex Intrusion Prevention System. But, would it be simple, then?


    Best regards
    Last edited by m00nbl00d; 2009-03-27 at 03:48.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •