Different immunizations if running as administrator

[quabbin]

My OS is Vista Home Premium.

If I run Spybot as an administrator by right clicking on the desktop, there are at the moment 57,241 items shown as immunized in total. If I do not run as an administrator, there are only 41,069 items shown.

Why does this happen, and what is the significance in terms of system protection, if any?

Thanks.

 

[md usa spybot fan]

Spybot immunizes the same entries in multiple registry hives. The numbers can vary from system to system or user to user depending on the operating system, the number of users, the type of user account of the user immunizing (Administrator, limited), etc. With Spybot 1.5 if you have browsers other than Internet Explorer the count is also affected.

_______________________

In Spybot 1.5, look on the immunization screen (pay particular attention to number of different entries in the Profile column). You will note that the limited account has fewer registry hives immunized. This is because the limited account does not have permission to immunize in all registry hives.

If you immunize using an Administrator account and then immunize from the Limited account you are using you will be fully protected.

 

[quabbin]

Thanks for your reply.

I just want to be sure that the full Spybot immunization is running in the background for everyone, whether the administrator (me) or someone else who does not have administrator privileges is logged on.

 

[geoapps]

If you immunize using an Administrator account and then immunize from the Limited account you are using you will be fully protected.

Unfortunately Spybot S&D throws up nasty warnings if you're not administrator implying that immunization is useless if you're not admin. :spider: This has been confusing my users and causing me pain

IMHO these warnings should be dropped. Instead, at the end of an immunization session, IF the user is NOT an admin AND IF the number of un-immunized settings is NOT ZERO, a dialog telling the user that the system administrator needs to immunize the system to clear up the remaining issues should be displayed. That way users will feel comfortable immunizing themselves.

Alternately if the user is not admin, the dialog should say something like "You will only be able to immunize items specific to your own username. The system administrator will need to immunize system-wide settings." :

 

[md usa spybot fan]

geoapps:

To clarify: Is this related to your unanswered query (dated 2007-09-21) here?

• v1.5: autoimmunize Command-line when not admin
  http://forums.spybot.info/showthread.php?t=18196

The v1.4 command-line options "/autoimmunize /autoclose" work with v1.5, but if the user is not an administrator it pops up a warning dialog. Since you MUST run "immunize" as a user in order to immunize the user's Firefox settings (the admin immunization ONLY does IE and hosts), it would be a Good Thing if there was a "/nowarning" command-line option so that I could (as administrator) run SBUpdate and then automatically have my users immunize their Firefox settings when they log in.

Thanks for listening....

Or is this a new problem?

 

[geoapps]

geoapps:

To clarify: Is this related to your unanswered query (dated 2007-09-21) here?

• v1.5: autoimmunize Command-line when not admin
  http://forums.spybot.info/showthread.php?t=18196

Or is this a new problem?

This is a comment on the same issue, and it's related to the functioning of the program -- it's misleading at least. If the administrator has already immunized the system, the user still has to immunize himself. The dialog is confusing my users, since you don't HAVE to be admin to immunize yourself, and you DO HAVE to immunize yourself to get all the protection you need.

 

[quabbin]

I have to admit that after these recent comments I am still unclear about the immunization protection.

Fortunately, as is often recommended, I run several security applications, so hopefully I remain well protected even if Spybot's protection is not fully engaged.

 

[PepiMK]

The admin immunization in 1.5.2 should be much better in covering all users now

 

[geoapps]

The admin immunization in 1.5.2 should be much better in covering all users now

It doesn't touch the user's Firefox immunizations, at least not on my systems. My user-level login has three profiles, two on the local drive and one on the network, and running SSD 1.5.2 as Admin didn't update any of the Firefox settings for my user login -- it just did the Firefox settings for the Admin user. I still had to run it using the non-admin user login to immunize Firefox as the user.

The user-level dialog also clearly says the user shouldn't run it without being administrator, and that's just not necessary if immunization has already been run by the administrator.

Also, when I run as non-admin after the admin has already run immunization, it indicates some things are not protected. However, when I re-click the "Immunize" *_SHIELD_ a second time, it shows all items are protected.

What should happen IMHO is the following:

1. If the user is non-admin, check to see if admin has already immunized the system with this data-set. If not, advise user that administrator needs to immunize system first. In either case, let user proceed.

2. When non-admin user immunizes, it should NOT indicate failures to update the stuff already immunized by the admin. However, if admin has NOT yet immunized system, should indicate what items remain to be immunized.

As it is right now, when non-admin immunizes, stuff he can't affect is initially marked as "unimmunized", but when he clicks the shield it correctly shows all items as immunized.

 

[PepiMK]

The admin level warning is a Windows function that's designed mostly for Vista I guess, where even admins need to make sure they run apps elevated if they want admin rights. So the text was written with that in mind, I'll take another look at it in this context.

Basing the warning on the number of open immunizations sounds like a good idea as well. I logged that as a feature request here:
Immunization: warn about missing admin rights only if unimmunized

Which Windows are you using? Spybot-S&D starts in the profiles folder and looks for all user folders in there, loading their registry hives and locating specific paths from those, so that even changed appdata paths shouldn't hinder it. Maybe you could also use regedit while Spybot-S&D is running to see if other users registry hives are actually mounted.

 

[geoapps]

Which Windows are you using? Spybot-S&D starts in the profiles folder and looks for all user folders in there, loading their registry hives and locating specific paths from those, so that even changed appdata paths shouldn't hinder it. Maybe you could also use regedit while Spybot-S&D is running to see if other users registry hives are actually mounted.

XP Pro on a network. Firefox profiles are stored on drive U:, which is the network user's home folder on the server. Logged in as administrator, drive U: is mapped to the ADMIN's U: drive and the USERS' U-drives are not available, at least not under that drive letter, so SSD has no way to find them nor to immunize them.

Same situation might apply, I think, on any XP or Vista system where the user's files were deemed "private".

 

[geoapps]

The admin level warning is a Windows function that's designed mostly for Vista I guess, where even admins need to make sure they run apps elevated if they want admin rights. So the text was written with that in mind, I'll take another look at it in this context.

Basing the warning on the number of open immunizations sounds like a good idea as well. I logged that as a feature request here:
Immunization: warn about missing admin rights only if unimmunized

Which Windows are you using? Spybot-S&D starts in the profiles folder and looks for all user folders in there, loading their registry hives and locating specific paths from those, so that even changed appdata paths shouldn't hinder it. Maybe you could also use regedit while Spybot-S&D is running to see if other users registry hives are actually mounted.

]

The problem is that Firefox profiles that belong to other users and are stored on the network can't be found by Spybot S&D because the drive mappings are different for different users -- each user's Firefox profile is stored in "Drive U:", and the U: drive is different if you're the Admin vs when you're a user.

IMHO there needs to be a way to have Spybot S&D immunize the user-specific settings from the command-line as a user and not throw out error messages for stuff it can't change, sort of like a "/s == silent" command-line switch.