Results 1 to 6 of 6

Thread: Update Removed Some Immunizations

  1. #1
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Exclamation Update Removed Some Immunizations

    I just performed an update to SpybotSnD and noticed that in addition to adding a bunch of items to my HOSTS file, it actually removed the following items:

    • andromedical.com
    • mp3musicdirect.com
    • okulta.com
    • websearch.com

    Um, why‽ I did not perform an un-immunization. If they’re not in its database, then where does it get off messing with things it has nothing to do with?

    I considered that maybe it was trying to rectify some false-positives that it previously added, but that’s not the case, unless you consider penis-enlargement products and defunct MP3 sites to be false-positives.

    Should I worry about other things that I have manually put in there suddenly disappearing with a new update as well?

  2. #2
    Senior Member
    Join Date
    May 2009
    Posts
    236

    Default

    Anything that the user adds between the lines below is subject to change by an update of SpyBot Search & Destroy. I have entries above the first line, but after the localhost line and they've never been changed in years.

    # Start of entries inserted by Spybot - Search & Destroy
    # This list is Copyright 2000-2010 Safer-Networking Ltd.


    # End of entries inserted by Spybot - Search & Destroy

  3. #3
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Default

    Except that the entries in question were not between those lines. In fact, I always strip those lines after an update (or any change to the HOSTS file), then sort the anti-phishing/etc. lines, and then remove duplicates. So there was no reason for the update to remove those lines that were interspersed throughout the file.

  4. #4
    Senior Member
    Join Date
    May 2009
    Posts
    236

    Default

    If you strip those lines, then that is the problem. SpyBot Search & Destroy uses those lines to determine the entries that it owns. If they aren't there then it may consider all entries fair game.

  5. #5
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Default

    Quote Originally Posted by Gopher John View Post
    If you strip those lines, then that is the problem. SpyBot Search & Destroy uses those lines to determine the entries that it owns. If they aren't there then it may consider all entries fair game.
    That is absolutely the wrong design and the wrong thing to do. The HOSTS file does not belong to Spybot; it is a shared, system file that is accessible and modifiable by other applications, so Spybot has no right to mess around with it as it pleases.

    If it were one of its own files, they yes, you take a chance of losing your changes or even corrupting things by making manual changes (like manually editing SVN’s control files), but an application should not assume that it has some sort of exclusive use of a shared file or assume that it will be in any specific state (maybe it’s completely empty; maybe it’s used in a corporation and contains entries for system aliases). Spybot cannot and should not expect those comments to be present.

    If Spybot thinks that it needs to remove something, it should ask for permission. Look at HijackThis; it checks the HOSTS file for malware redirects, but checks with the user before removing them (it’s the same with the Zones).

    Besides, even if it were Spybot’s own file or even if it asked for confirmation, that doesn’t explain why it would have removed those specific entries, thus exposing users to unwanted/malware sites in the first place.
    Last edited by Synetech; 2011-06-13 at 04:38.

  6. #6
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Default

    Apparently SpyBot is now also un-immunizing dudu.com. This unexplained removal of items from the HOSTS file is highly suspicious. It makes one wonder if they are removing them because they get kick-backs from those websites.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •