Results 1 to 10 of 12

Thread: Spybotís immunization function REMOVES items

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Exclamation Spybotís immunization function REMOVES items

    It seems that when you apply Spybotís immunization definitions, it will actually remove several items from the HOSTS file (and likely other locations as well).

    I suspect that this is due to some sort false-positive white-list, but even then, it should only avoid adding those items to the list; it should not remove items that are already present because it may not have been the one to put them there in the first place. For example, google.com would ostensibly be a false positive in most cases, but if someone chooses to block it, then Spybot must not remove the entry (at least not automatically).

    I tried to check the Spybot files to see if there is a list of URLs that Spybot lets through, but it uses a proprietary format so I could not find out, however here is a list of URLs that I have noticed Spybot allows:

    • -h-n7y15mc.firoli-sys.com
    • cloudfront.net
    • www.cloudfront.net
    • one2mail.com
    • www.one2mail.com
    • websearch.com
    • www.websearch.com

    One or two of those have been mentioned in the forums as false-positives, a couple have not, and that first one looks outright suspicious, so it is questionable why Spybot would remove it.

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,165

    Default

    I have 3 sites I keep blocked in my Hosts file,besides the ones added by Spybot.
    Checking just now,I immunized 2 items Spybot showed as unprotected,removed immunization completely,and then readded immunization,and the three sites I keep in my hosts file remained.
    I'm not sure why.About the only thing I can think of is that I keep the 3 sites outside of the sites enclosed in Spybot's comments.
    So,if you think you may have added the sites you keep in there into the sites enclosed within Spybot's comments,when you readd the sites into hosts,try scrolling down hosts until you see:
    # This list is Copyright 2000-2010 Safer-Networking Ltd.
    # End of entries inserted by Spybot - Search & Destroy
    and then add your sites below that comment,to try to see if the sites you add on your own aren't removed next time.

  3. #3
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Default

    It has nothing to do with the comments; in fact, I strip out comments, sort, and de-dupe the HOSTS file whenever a change is made.

    The items you added were kept because they were not on Spybotís false-positive/white-list. Try the ones I listed and you will see that they get removed.

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,165

    Default

    Ok,gotcha.I didn't try adding them yet.
    I never really thought about it before.But if they were listed as false positives in the forum,then it kind of makes sense if the sites would be removed by Spybot.
    To use your example,somebody may well want google.com blocked in their hosts file,yes.
    But if Spybot accidentally placed Google.com in everybody's hosts file and did not remove it,then that would leave hundreds,thousands,or millions(whatevs Spybot has for users) with no access to Google,and many might not even know how come,since not all people would understand what happened.That could be potentially disastrous,really,if it were a really well known site.
    Or less well-known.....I start memyselfandI.com,and it starts becoming better known,when all of a sudden Spybot mistakenly puts it in the hosts file.Suddenly I've got folks on the internet not able to get there,then people are saying it's a malware site on the internet,or they just think it's gone under.
    No offense,I wasn't even aware Spybot did that with the hosts file,but it is another opinion,and maybe something to think about.

  5. #5
    Junior Member Synetech's Avatar
    Join Date
    Jun 2008
    Location
    my home
    Posts
    26

    Lightbulb

    Yes, handling false-positives is tricky, but like I said, Spybot may not have been the one to put them in there, so it should not be removing them. Another way to think about it is that google.com wouldnít normally be redirected in the HOSTS file, so should Spybot take the liberty of finding and removing any references to it? No. A person may have added it to block Google (or a porn site or whatever) or to add a IP address directly to avoid risking DNS poisoning or something.

    Itís not the immunization functionís place to (automatically) remove entries from the HOSTS file (or the P3P and Zone Domain registry entries or Firefox and Operaís blocking files), it should only add items to them. Removing (potentially) false positives should only be done by the scanning/check-for-problems function. That way, users can select what they want to remove, and add them to a whitelist of entries to be ignored.

  6. #6
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,165

    Default

    I added -h-n7y15mc.firoli-sys.com and cloudfront.net to hosts,and yes,upon removing and readding immunization to hosts those were removed.

    I see your point if you placed the sites in hosts by yourself.But,in the case of false positives or if somebody had a site that was formerly listed,but they worked with the Spybot folks to have it de-listed,there has to be a functioning way for that site to be removed from the hosts file and other immunization after it was placed there by Spybot.We're going to have to agree to disagree.

    Team Spybot isn't usually around much on the weekends.They might not see this if they don't happen to look in Monday,but there is a contact form here,if you would like to discuss this with them further:
    http://www.safer-networking.org/contact/

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •