Results 1 to 7 of 7

Thread: query WinINet

  1. #1
    Member
    Join Date
    Oct 2005
    Posts
    44

    Default query WinINet

    Been a while since I last looked at SSD so I thought I'd check it. Now, after only a few moments with it, I have a couple of queries;

    In 2.0b4, how do you disable 'Live Protection'? I don't need a residency.

    Why is it constantly polling WinINet regardless of browser add-on disability(disabled)? Ref; http://forums.voiceofthepublic.com/s...12_1_02_17.png

    Is it because I told it to use my local proxy settings? I just assumed that was just for update checks.

    That really makes a mess for netstat/IDS/FW/capture tools? Is this really by design or did I do something wrong? If by design, then I'd rather uninstall it than create new filters for all my admin tools.

    TIA
    Last edited by mikey; 2012-02-07 at 22:10.

  2. #2
    Senior Member
    Join Date
    Sep 2008
    Posts
    177

    Default

    Quote Originally Posted by mikey View Post
    In 2.0b4, how do you disable 'Live Protection'? I don't need a residency.
    See http://forums.spybot.info/showthread...64325&p=415641

  3. #3
    Member
    Join Date
    Oct 2005
    Posts
    44

    Default

    Thx for the response. :appreciate: I'll try that when I reinstall.

    It creates many sessions per second. It could be problematic/slow for some or just irritating for the rest of us. Here's a sampling of the flow;

    GET http://127.0.0.1:21324/integrity-local HTTP/1.1
    User-Agent: snlWinAPIWinINet
    Host: 127.0.0.1:21324
    Pragma: no-cache


    HTTP/1.1 502 Fiddler - Connection Failed
    Content-Type: text/html; charset=UTF-8
    Connection: close
    Timestamp: 19:37:59.170

    [Fiddler] The socket connection to 127.0.0.1 failed. <br /> No connection could be made because the target machine actively refused it 127.0.0.1:21324


    GET http://127.0.0.1:21321/integrity-local HTTP/1.1
    User-Agent: snlWinAPIWinINet
    Host: 127.0.0.1:21321
    Pragma: no-cache


    HTTP/1.0 200
    Content-type: text/plain
    Content-length: 40
    Connection: close
    Date: Tue, 7 Feb 2012 19:37:59 -0600
    Server: Spybot S&D 2.0

    da39a3ee5e6b4b0d3255bfef95601890afd80709


    GET http://127.0.0.1:21322/clients HTTP/1.1
    User-Agent: snlWinAPIWinINet
    Host: 127.0.0.1:21322
    Pragma: no-cache


    HTTP/1.0 200
    Content-type: text/plain
    Content-length: 1
    Connection: close
    Date: Tue, 7 Feb 2012 19:37:59 -0600
    Server: Spybot S&D 2.0

    1


    GET http://127.0.0.1:21324/integrity-local HTTP/1.1
    User-Agent: snlWinAPIWinINet
    Host: 127.0.0.1:21324
    Pragma: no-cache


    HTTP/1.1 502 Fiddler - Connection Failed
    Content-Type: text/html; charset=UTF-8
    Connection: close
    Timestamp: 19:38:01.463

    [Fiddler] The socket connection to 127.0.0.1 failed. <br /> No connection could be made because the target machine actively refused it 127.0.0.1:21324


    GET http://127.0.0.1:21321/integrity-local HTTP/1.1
    User-Agent: snlWinAPIWinINet
    Host: 127.0.0.1:21321
    Pragma: no-cache


    HTTP/1.0 200
    Content-type: text/plain
    Content-length: 40
    Connection: close
    Date: Tue, 7 Feb 2012 19:38:01 -0600
    Server: Spybot S&D 2.0

    da39a3ee5e6b4b0d3255bfef95601890afd80709


    GET http://127.0.0.1:21322/clients HTTP/1.1
    User-Agent: snlWinAPIWinINet
    Host: 127.0.0.1:21322
    Pragma: no-cache


    HTTP/1.0 200
    Content-type: text/plain
    Content-length: 1
    Connection: close
    Date: Tue, 7 Feb 2012 19:38:01 -0600
    Server: Spybot S&D 2.0

    1

  4. #4
    Member
    Join Date
    Oct 2005
    Posts
    44

    Default WinINet and B5

    Now with B5, after killing all svcs as suggested, things are just as bad but different.

    Over 500 requests in the time between starting a capture and being able to hit the screencap. Ref; http://forums.voiceofthepublic.com/s...12_1_14_11.png Notice that all requests are now denied when the svcs are down.

    Kill the SDTray process and cut the flow by about a third.

    I notice all the choices are still greyed out in the installer. Oh well.

  5. #5
    Member
    Join Date
    Oct 2005
    Posts
    44

    Default

    After a better look, I have more concerns;

    Who is deving this thing? Where is Patrick?

    This featureless thing certainly doesn't look like his work. Patrick was always fanatical about betas. They were invariably always better deved than most folk's production releases. The comparison that comes to mind is the difference between college work and that of elementary school. Did politics finally consume all his time?

    Oh well, I guess we can always just consider v1 to be his legacy. It was a great run while it lasted.

    Mike

    Former SSD User
    Former Team Lavasoft
    Former Team Spybot
    (formerly someone who cared)

  6. #6
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    The WinINet issue is it polling the status of the update and file scanner background services, as done by the tray icon (and the Start Center).

    We've already got a separate inter-process communication model to avoid this being done over http. The whole thing with IPC is that we try to make this as walled as possible (e.g. we also have a module that runs Spybot on a separate desktop environment, similar to UAC, which also runs on a separate desktop; see our YouTube channel for a demo in about two or three weeks I think) to give malware little influence to interact. HTTP would also allow remote cleaning where malware prevents GUI elements, but not yet services (this cannot be used in current betas, but the tech is there).

    Usually, I probably wouldn't have released these betas, that might be right. But with so many people thinking we're "dead", we decided to do this "about every six weeks release cycle" to get external feedback. We test a lot here, but every test our detectives do takes away time from writing new signatures. Which means we've sometimes still got a few dozen of tickets open when releasing a beta. After analysing the last few betas we started thinking about a closed beta with qualified feedback, but building the structures for such a thing is time consuming and needs planing.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  7. #7
    Member
    Join Date
    Oct 2005
    Posts
    44

    Default

    I'm really sorry for my harsh words. I should never have let my disappointment take control. You certainly don't owe us and it is your life.

    We've already got a separate inter-process communication model to avoid this being done over http. The whole thing with IPC is that we try to make this as walled as possible (e.g. we also have a module that runs Spybot on a separate desktop environment, similar to UAC, which also runs on a separate desktop; see our YouTube channel for a demo in about two or three weeks I think) to give malware little influence to interact. HTTP would also allow remote cleaning where malware prevents GUI elements, but not yet services (this cannot be used in current betas, but the tech is there).
    Thx for the explanation even tho I still have no clue. I guess I should feel a little silly thinking it was just an ordinary badly botched local-loopback connection.

    I wouldn't be here now if someone hadn't asked me to explain the odd behavior in his CurrPorts(netstat). We don't even employ conventional sig scanners anymore. Then when I looked around the board, I saw folks being given lame meaningless answers when asking about it.

    None of this seems like the guy I used to watch in awe. Well, I don't know what's been going on around here and I don't want to. However, I find this "But with so many people thinking we're "dead", ..." very saddening.

    If the guy I used to know hasn't been too beat down, he'll find a way to turn it around...if he wants to.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •