Page 3 of 6 FirstFirst 123456 LastLast
Results 21 to 30 of 51

Thread: Spybot Immunize Plus IE 8 Final Equals Disaster On WinXP SP3

  1. #21
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    Quote Originally Posted by m00nbl00d View Post
    Actually, making use of Spybot's and SpywareBlaster's immunizations, is a lot easier than actually having to tweak IE, to offer, by itself, a better protection.

    It's a two step process. Update and re-immunize. Simple.
    Even simpler, don't bother to 'tweak' at all, I never do. My nephew still couldn't successfully install the fake anti-virus product he downloaded both because he didn't have the priviledge (Standard account) and the AV/AS app caught most of the trojans and other files anyway. This required me to install a properly updating security product initially, but requires absolutely no maintenance since then, since everything performs automatic updates.

    The new SmartScreen Filter in IE 8 should improve this even further by detecting most malware before it ever reaches the filing system.

    IEBlog: IE8 Security Part IX - Anti-Malware protection with IE8’s SmartScreen Filter
    http://blogs.msdn.com/ie/archive/200...en-filter.aspx


    Then, why not just take the Restricted Sites Zone option, since, what you mention, would be better to place at the HOSTS file, which would prevent anything in the system to connect to that domain.

    But, what the Restricted Sites Zone offers, that the HOSTS file lacks, is the capability of adding domains like *.bad-domain. com. By placing a *, the user would be blocking access to any domain within the domain .bad-domain. com, and not just to the main one.

    So, such feature and such entries, are, in my most opinion, useful, and waste no resources. Most important, provide an extra layer of security.
    Spybot S&D Immunize by default places the same entires in the Hosts file, but I don't use that either. As with the current issue with Restricted Sites, large Hosts file lists often create peformance issues, though usually only on Windows 2000 and older systems that lack resources. The more common issue is with many current anti-virus products which contain monitoring features that partially conflict with such large files, causing their own performance issues.

    As I stated earlier, all lists which are searched linearly will create some overhead, the only question is how much. Unless either the PC is very high performance or the lists are indexed like a database, performance will eventually suffer, it's simply a matter of at what quantity it will become noticeable.


    This info my be useful to some person, digging through this thread. Not to me, though. But, thanks.
    The developers who are 'stuffing' these lists programatically don't want to hear that Microsoft doesn't support this, but they need to.


    Actually, it is a security mechanism. When UAC is enabled, it will also enable the Protected Mode in IE7 and IE8, in Windows Vista and Windows 7. This will decrease what IE can do in the system.

    UAC is also a good way to know when something is requiring elevated rights to do important changes in the system.
    Let's imagine that some user would open an e-mail, and, UAC alert for something. "Houston, we have problem.".

    So, UAC is much more than just an annoyance.
    I'll give you some of this, since what I should have said is that UAC isn't a 'security boundary', it's merely an alerting system tied to the process elevation ability. However, UAC itself desn't create the Protected Mode, it merely enables it to function within a Standard account to provide the security. Here's the key elements and a link to the complete explanation.

    http://technet.microsoft.com/en-us/l.../cc749393.aspx
    Quote Originally Posted by bitman
    While most Internet Explorer 7 security features will be available in Internet Explorer 7 for Windows XP Service Pack 2, Protected Mode is only available on Windows Vista because it is based on security features new to Windows Vista.

    • User Account Control (UAC) makes it easy to run without Administrator privileges. When users run programs with limited user privileges, they are safer from attack than when they run with Administrator privileges because Windows can restrict the malicious code from carrying out damaging actions.
    • Integrity mechanism restrict write access to securable objects by lower integrity processes, much the same way that user account group membership restricts the rights of users to access sensitive system components.
    • UIPI prevents processes from sending selected Windows messages and other USER APIs to processes running with higher integrity.

    The Windows Vista security infrastructure enables Protected Mode to provide Internet Explorer with the privileges needed to browse the Web while withholding privileges needed to silently install programs or to modify sensitive system data.

    < SNIP >


    Unfortunately, it happens. But, this are people, who get, perhaps, their first system. Are not even aware of the existing dangers.
    But, the main problem here, are the IT professionals. They don't alert the costumers for that very same fact. They just install a free and crippled antivirus, and that's it, pretty much.

    Last year, a relative of mine, bought a computer (New computer user), and the folks where this computer was bought, only installed a free and crippled antivirus. They didn't care to explain how to update it. They haven't enabled UAC. They also didn't explain how to work with it, obvisiouly.
    To make things a lot worse, they didn't create a normal user account.
    Unfortunately the Microsoft estimate is that roughly 60% of systems out there belong to people who don't even have a current antimalware installed or being updated (expired subscriptions) on their PC, let alone those operating with several conflicting programs of dubious value.

    Actually, though I agree with your general discussion here, I wouldn't call these 'IT professionals', they're mostly sales people and often just kids. In any case, their primary job is to get the buyer out of the store and not have them calling to ask questions, so security is of little concern to them. If they do things like turn on UAC or provide Standard accounts, most users would complain or call the store for help, so they take the easy out.

    This isn't surprising and is just a portion of the symptoms of a dysfunctional computer industry that's based on selling the box rather than the services that are really needed by most customers. Unfortunately the US consumer himself is the problem here, since he wants to buy the box cheap and not pay anything for support, so he gets exactly what he paid for.


    Yes, I agree. That security should be simple, that is. But, just because one makes use of a layered security, that doesn't mean it isn't simple.

    One can just make use of a very complex Intrusion Prevention System. But, would it be simple, then?
    I'm not saying the system you're trying to use isn't simple enough, but is it really the most effective? If you're deciding to stay with IE 7 to keep the Spybot S&D Immunizations then you're missing the improved security features included in IE 8.

    I know you'd rather have both, but the discussion here has asssumed that for some they appear to be mutually exclusive, at least until the perfomance problem has been resolved.

    Bitman

  2. #22
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hi,

    first I have to say that the entries Spybot S&D adds to the restricted zones is a redundant part of the protection provided. It is also covered with the hosts file immunization and the SDHelper. If I am correct there are no reported issues between the SDHelper and the IE8, so using the IE8 without immunizing it but using the SDHelper should also provide a sufficient level of security for most users.

    Secondly I need to bring up the endless discussion about effective security measures. There are basically 2 points of view, one states that most security measures are useless to harmful and the other states that most security methods are useful. Personally I tend more to the second group.
    As critics state correctly there are malware in the wild which can overcome most existing security measures, in this case by switching domains quickly, but there is a whole lot more malware which cannot. This basically applies to all parts of a security system and in general also applies to other real life security systems, for instance in a car.
    A car maybe a good example to explain my view to most people. It has a chassis and stuff like airbags, seat belts and so on. But as everyone should know this does not protect the users of the car from all possible ways of harm they could experience on the road. A frontal crash at a colliding speed of 100km/h for example will most likely kill all persons inside the car, regardless of the quality of airbags, chassis and seat belts. But at a colliding speed of 60km/h most passengers will survive due to the chassis, airbags and seat belts.
    I guess that there are very few who would like to trade off chassis and airbags for less weight and thus less costs in a car with the argument that these things are useless against a frontal crash with a common traveling speed on the highway.

    Thirdly, back to the IE8.
    One of the main problems during software development is that often the software does not get designed as it should be but "grows". The IE is almost as ancient as the internet itself and the IE8 still offers downward compatibility while it "grew". Keeping downward compatibility is usually used for user comfort, but this often also brings issues with it, in most cases loss of performance. In this case with the IE8 and restricted zones, there is indication that Microsoft does not intend to support this old IE feature anymore. If that were the case, the IE8 team would have tested different input values for the restricted zones, including numbers of domains close to the maximum number of possible entries and beyond.

    Team Spybot will discuss this issue on Monday in detail to determine our course of action with this issue.
    It is also to be seen how Microsoft will react to this issue.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #23
    Junior Member
    Join Date
    Mar 2009
    Posts
    3

    Default Workaround

    Until this is sorted out, I think I've worked around the issue by Undoing immunization for \SOFTWARE (Domains), .DEFAULT (Domains) and User (Computer Name) (Domains); I haven't found it necessary to do the same with the Secure Domains alternatives, or Global (Hosts).

    Am I on the right track?

  4. #24
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by bitman View Post

    [...]

    I'm not saying the system you're trying to use isn't simple enough, but is it really the most effective? If you're deciding to stay with IE 7 to keep the Spybot S&D Immunizations then you're missing the improved security features included in IE 8.

    I know you'd rather have both, but the discussion here has asssumed that for some they appear to be mutually exclusive, at least until the perfomance problem has been resolved.

    Bitman
    I'm using IE 8 RC, and this issue does not exist.

    Also, this is not about IE 8 (Final Version) vs Spybot and others. This is about a bug, that didn't exist in the RC version, nor in the Beta versions, if I well remember.

    If a bug or not (something, intentionally, done by Microsoft), is another story. But, if, in fact, their choice, then the user should be alerted for that, during IE 8 installation.


    Regards

  5. #25
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    Though I personally have no interest in using the Immunization features on a recent OS, I still use it on Windows 2000, where other protection is less available and IE 6 is still present. I believe this is the appropriate place for such features to remain and so this may affect the future design decisions for them within the SBSD 2.0 product.

    I had enough interest in this subject that I attended the recent IE team Expert Zone chat on Wednesday and noticed that PA Bear, an MVP from the Microsoft Security group was also in attendance. I asked the first of the following two questions and I believe he asked the other. Though these aren't definitive, they do help in understanding how it occured and to some extent how Microsoft views the issue.

    Bitman

    Frank [MSFT] (Expert)[12:12]:
    Q: [4] Does Microsoft (or IE Group specifically) have an official stance towards the 'stuffing' of Restricted Sites performed by Spybot S&D, SpywareBlaster and others, especially as it relates to performance? Any references or supporting documentation available?

    A: We have received a lot of reports from users about perf issues being caused by this...We are following up with software developers on these issues. We will have more documentation on IE extensibility soon.


    EricLaw [MSFT] (Expert)[12:13]:
    Q: [16] Can you briefly discuss the change made in IE8 Final that causes the conflict with having a large number of sites running in Restricted Sites zone (cf., SpywareBlaster; Spybot; et. al.), especially since the conflict was not seen in any beta builds?

    A: This was a side-effect of a recent change to better support non-standard top-level-domains which are becoming more common. You can read about the general issue with non-standard TLDs on http://publicsuffix.org. IE8 maintains an internal public suffix list. That list changes IE's handling of "known" special TLDs. Unfortunately, the Zones registry format has a dependency on TLDs, which means that we must recalculate the registry against this new TLD list. That works fine in the general case, but fails badly when there are thousands of sites in the lists. We're working on this issue.

  6. #26
    Junior Member
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    12

    Default IE 8 still slow when host file empty

    I emptied the hosts file of all 10,000 plus Spybot entries and IE 8 is still very slow to launch.

    I don't use teatimer or the resident part of Spybot because I have other protection. I simply use Spybot to double check once a week on Wednesdays after the updates come out.

    I like the idea of immunization, but emptied the hosts file as a test.

  7. #27
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    IanHarrop:

    I'm sorry that you seem to be caught up in the middle of possibly controversial situation.

    If I understand the problem you are experiencing, you indicated that you emptied the HOSTS file of Spybot entries and still are experiencing slow loading of Windows Internet Explorer 8. The problem with slow loading of Windows Internet Explorer 8 (IE 8), as I understand, it is not related to HOSTS file entries, but rather that the quantity of the "Restricted zone" entries.

    To elevate the problem try go into Spybot » Immunize » uncheck all entries except those entries designated as "… (Domains)" or "… (Secure Domains)" and then click "Undo" (in the left hand pane).

    _____

    It appears to me that although there were widely reported delays in the loading of a IE 8 when there were significant number of "Restricted zone" entries in the registry during beta testing, Microsoft elected not to correct the problem before the releasing IE8 nor have they elected to officially publicize the cause of the problem and their official recommendations.

    I welcome anyone to publish a Microsoft URL that acknowledges that a problem with IE8 "Restricted zone" entries exists or what they official resolution is.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  8. #28
    Junior Member
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    12

    Default

    Thanks.

    That greatly improved load time!

  9. #29
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    Quote Originally Posted by md usa spybot fan View Post
    < SNIP >

    It appears to me that although there were widely reported delays in the loading of a IE 8 when there were significant number of "Restricted zone" entries in the registry during beta testing, Microsoft elected not to correct the problem before the releasing IE8 nor have they elected to officially publicize the cause of the problem and their official recommendations.

    I welcome anyone to publish a Microsoft URL that acknowledges that a problem with IE8 "Restricted zone" entries exists or what they official resolution is.
    Hey there md,

    The point at which Micorosft declares something 'official' is when they've decided to do something specific, have a plan and usually a date or at least a general idea when it will be resolved. This has always been true, since saying anything before all of these things are in place just generally results in useless bickering as has happened here.

    However, the two Q&A segments I posted above from the IE team Expert Zone chat are about as official as it ever gets without the above. Though they aren't commiting to anything specific, they are admitting and in fact detailing what has caused the problem, as well as indicating they are 'working on the problem'. Though this isn't saying it will be fixed, it at least shows that they are both aware of and investigating the possiblity of a solution to the problem.

    Since this was stated in a public chat that anyone could attend, and in fact should be published somewhere on the Microsoft sites in the chat log, it's far from a secret now and has already been published in at least one blog.

    In any case, I think this should still be taken as a wake up call to the Spybot Team that the Restricted sites function which has never been officially supported for this type of use by Microsoft might best be reconsidered for future support by Spybot S&D. If this were a published method, my thoughts would be different, but I have never seen large lists described in anything other than problem resolution documents myself.

    Bitman

  10. #30
    Member
    Join Date
    Jan 2009
    Posts
    78

    Default

    Quote Originally Posted by bitman View Post
    Hey there md,

    The point at which Micorosft declares something 'official' is when they've decided to do something specific, have a plan and usually a date or at least a general idea when it will be resolved. This has always been true, since saying anything before all of these things are in place just generally results in useless bickering as has happened here.

    However, the two Q&A segments I posted above from the IE team Expert Zone chat are about as official as it ever gets without the above. Though they aren't commiting to anything specific, they are admitting and in fact detailing what has caused the problem, as well as indicating they are 'working on the problem'. Though this isn't saying it will be fixed, it at least shows that they are both aware of and investigating the possiblity of a solution to the problem.

    Since this was stated in a public chat that anyone could attend, and in fact should be published somewhere on the Microsoft sites in the chat log, it's far from a secret now and has already been published in at least one blog.

    In any case, I think this should still be taken as a wake up call to the Spybot Team that the Restricted sites function which has never been officially supported for this type of use by Microsoft might best be reconsidered for future support by Spybot S&D. If this were a published method, my thoughts would be different, but I have never seen large lists described in anything other than problem resolution documents myself.

    Bitman
    One better solution, considering, also, that the Restricted Sites Zone entries go all to the Windows registry, would be for this Spybot's feature to work as an in-the-cloud service.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •