I am always learning something new and missed this information on Spyware Blaster:
By Mike Burgess (https://mvp.support.microsoft.com/profile=0B037AD3-C5F8-4F3B-AA0A-3597BC96B8E3) (winhelp2002), at http://www.mvps.org/winhelp2002/unwanted.htm
Quote7) Add SpywareBlaster to your "Layered Protection" (not recommended for Vista)
When asked via email by JohnGalt, the following response was received:
Quote from: emailJohn,
re: Any reason why"
Well there are several reasons ...
1) the entries (over 7,000) are not updated as often as needed, and
many of the ones that do exist are no longer valid, thus creating a
huge amount of invalid Registry entries. Which Microsoft NEVER
intended that so many entries would exist there in the Registry.
2) Windows Vista does NOT allow any new ActiveX installs or
any to run without first prompting the user. (XP doesn't do that)
When Spywareblaster first came out it was and still is a good program
however as time has progressed the type of malicious installs no
longer simply use ActiveX as a method of infection.
Mike Burgess
Microsoft MVP - Internet Security
"There's no place like 127.0.0.1"
http://www.mvps.org/winhelp2002/hosts.htm
From CoU (http://www.dozleng.com/updates/index.php?s=&showtopic=15621&view=findpost&p=67196)
Corrine { Hugs } :flowers: I was about to put it on my Dads Vista laptop ... :wub:
Maybe a link to this should be provided in the update thread for Spy Ware Blaster..
So as Vista users are aware of this..
http://www.landzdown.com/index.php?topic=288.0
Paddy.... :Win73:
Good idea, Paddy. Done (coincidentally, tell your Dad, while listening to Deirdre Bonner (http://www.deirdrebonner.com/)).
I should add that I agree with Mike's recommendations for "Setting the Restricted Zone" (http://www.mvps.org/winhelp2002/restricted.htm#Setting) and the section below for "Setting the Internet Zone for Additional Security".
Couple of comments concerning the email quote.
If Microsoft never intended so many registry entries should exist, why is only the Vista installation recommended against? Is Mike saying this is only a problem with Vista, but the other systems can handle all those entries?
While Vista may only allow installation or running of activex after prompting users, how many "average users" know whether to say yes or no? How many even know what activex is?
While I don't have any facts or figures to quote, considering the size of Microsoft's patchwork quilt they have covered Windows with, surely there must have been a couple of other weak points besides activex installs, both now and then.
Don't misunderstand me, not trying to either dispute or confirm anything here. Maybe I will learn something and that is always worth the time.
While not exactly on topic, this thread does bring this question to mind for me. When you take into account the size of Mike's host file, does he check all of those entries on a regular basis to remove all outdated entries? My hat is off to him just for that, never mind all the new entries!
Best wishes,
VV
Good questions, VV. I sent an email to Mike to get his comments.
With regard to
QuoteIf Microsoft never intended so many registry entries should exist, why is only the Vista installation recommended against? Is Mike saying this is only a problem with Vista, but the other systems can handle all those entries?
It would be my thoughts that if other operating systems had the same ActiveX control as Windows Vista, I expect that Mike would have the same recommendation regarding the 7,000+ (now over 9,000) registry entries. It isn't that Windows Vista cannot handle the entries, merely that it is an excessive number to be adding to the registry, particularly since many of those entries are now invalid.
As to other weak points targeted by malware writers, note what Mike wrote at Setting the Internet Zone for Additional Security (http://www.mvps.org/winhelp2002/restricted.htm#Setting)
QuoteLaunching programs and files in a IFrame = reset to Disable ...
This is the single most exploited setting in Internet Explorer!
There are no legitimate sites that I know of that use this option ...
Quote from: Corrine on December 27, 2007, 12:31:32 AM
By Mike Burgess (https://mvp.support.microsoft.com/profile=0B037AD3-C5F8-4F3B-AA0A-3597BC96B8E3) (winhelp2002), at http://www.mvps.org/winhelp2002/unwanted.htm
Also read this in that link:
Ad-Aware SE Personal
Note: due to the ever increasing amount of problems with this product it is no longer recommended.
Hi,
Since I am not familiar with Vista, I was really curious as to how the activex issue with excessive numbers of entries involved was handled differently. I look forward to Mike's additional comments on that.
I have had that Iframe setting on disable for so long that I don't even remember when I disabled it! 8)
@winchester73
Yes, both Ad-Aware and Spybot S&D seem to have seen better days.
Oh by the way, concerning SpywareBlaster and Vista, many people running Vista have experienced problems. It is a known issue and javacool has said that it is already fixed in the new version which is being actively worked on. So irregardless of the issue with the registry entries, perhaps it would be better to wait for its release if anyone is interested in installing it on their Vista system.
Concerning my comments about Vista users problems with SpywareBlaster, I should add that others have said they experienced no problems. What I am referring to is an issue with DEP.
Quote from javacool:
QuoteThere is a known issue with DEP on some installations of Vista that should be fixed in the upcoming new version of SpywareBlaster.
Vietnam Vet,
QuoteI should add that others have said they experienced no problems
I am using it and I am not having any problems I think it is one of the best programs I ever installed.
GR@PH;<'S :Hammys pint:
Below are copies of the email correspondence with Mike, posted with his permission. Included is a copy of a question raised at Freedomlist as well so I am cross-posting at both sites.
QuoteHi, Mike. Belated Merry Christmas. I hope you and your wife are enjoying
that new television!
Somehow I missed your suggestion that SpywareBlaster is not recommended for
Windows Vista. Having discovered it yesterday, I passed along the
information at Freedomlist and LandzDown. A couple of questions were raised
at LandzDown that I hope you will address (either by reply to this email and
your permission to post the information or directly in the forum). From
http://www.landzdown.com/index.php?topic=21488.msg66737#msg66737
Quote"Couple of comments concerning the email quote.
If Microsoft never intended so many registry entries should exist, why is
only the Vista installation recommended against? Is Mike saying this is only
a problem with Vista, but the other systems can handle all those entries?
While Vista may only allow installation or running of activex after
prompting users, how many "average users" know whether to say yes or no? How
many even know what activex is?
While I don't have any facts or figures to quote, considering the size of
Microsoft's patchwork quilt they have covered Windows with, surely there
must have been a couple of other weak points besides activex installs, both
now and then.
Don't misunderstand me, not trying to either dispute or confirm anything
here. Maybe I will learn something and that is always worth the time.
While not exactly on topic, this thread does bring this question to mind
for me. When you take into account the size of Mike's host file, does he
check all of those entries on a regular basis to remove all outdated
entries? My hat is off to him just for that, never mind all the new entries!
Best wishes,
VV"
Thanks, Mike.
Corrine
Microsoft MVP, Windows Security
http://SecurityGarden@blogspot.com/
http://VistaBookmarks@blogspot.com/
QuoteHi Corrine,
Yes we are enjoying the new TV!! ...
Feel free to post the below as needed ...
re: Microsoft never intended so many registry entries should exist"
This pertains to all Windows versions ... (more below)
re: why is only the Vista installation recommended against"
Because the (ActiveX) "prompt" does not exist in XP ...
re: but the other systems can handle all those entries"
No not at all ... let's face it ... everything shipped new = Vista
Compared to Vista ... XP is no where near as secure and people
should upgrade to Vista ... (old link but makes my point)
http://msmvps.com/blogs/hostsnews/archive/2007/06/02/visiting-the-stopbadware-database.aspx
"Armed with only my HOSTS file and my NOD32 Antivirus (no antispyware) on
Windows Vista, I added the culprits (several hundred) to the HOSTS file as I
found them. So how did I make out? Not one, let me repeat, not one exploit
was able to get thru my defenses, that's pretty impressive and says a lot of
the added security of Windows Vista."
re: how many "average users" know whether to say yes or no"
That's not the point ... with XP the "ActiveX" will auto-install on
most users if setting = default ...
I do not want to trash SpywareBlaster ... it was a good program
in it's day ... however if you "really" check ... many of those entries
are years old and for sites/programs that no longer exist ... also the
majority of malware installs no longer use these methods ...
So if you have 9,000 entries for SpywareBlaster and over 10,000
for (discontinued) IE-SpyAd you end up with a bloated Registry.
re: does he check all of those entries on a regular basis"
"How do I know all these entries are valid?"
http://www.mvps.org/winhelp2002/hostsfaq.htm#Verifying
"The HOSTS file is verified prior to each new update. This is accomplished
by verifying that each entry returns a valid DNS (similar to Nslookup) then
these (dead) entries are either removed or commented. These comments are
entered as "#[server down?]", in some cases the hosting server is down, thus
returns no DNS. In other cases the domain may have been suspended for abuse,
or the registered owner has let the domain expire. Domains that are expired
or down for extended periods are removed."
Mike Burgess
Microsoft MVP - Internet Explorer & Windows Security
"There's no place like 127.0.0.1"
http://www.mvps.org/winhelp2002/hosts.htm
QuoteHi, Mike. A supplemental question was just posted at Freedomlist:
Quote"So SpywareBlaster is still usefull for XP, but not for Vista? And if we
do use SpywareBlaster, even on XP, it is cluttering up the registry?"
Thanks again.
Corrine
Microsoft MVP, Windows Security
http://SecurityGarden@blogspot.com/
http://VistaBookmarks@blogspot.com/
QuoteHi Corrine,
re: even on XP, it is cluttering up the registry?"
Yes it is ... not only is there what? 9,000 entries ... there is also
how many entries added to the "Restricted Zone" (not sure) ...
but the point is that when accessing *any* website IE has to
read the Registry to see if that site exists in the Registry, which
tends to slow-down the users connection ...
Now does the bloat and slow-down out way the added security?
Most likely XP users would say yes? ... however as I stated before
if added security is really the issue ... then upgrade to Vista.
Mike Burgess
Microsoft MVP - Internet Explorer & Windows Security
"There's no place like 127.0.0.1"
http://www.mvps.org/winhelp2002/hosts.htm
My thanks to Mike for responding so quickly. As to the new TV mentioned above, it is almost bigger than life (http://msmvps.com/blogs/hostsnews/archive/2007/12/21/1409403.aspx)!
BTW, for Firefox users, see Mitch's writeup here: http://www.rcip.com/mitch/ffhost.html
First, let me say thank you to both Corrine and Mike for taking the additional time to clarify things. It is appreciated. :thumbsup:
Quotere: why is only the Vista installation recommended against"
Because the (ActiveX) "prompt" does not exist in XP ...
re: but the other systems can handle all those entries"
No not at all ... let's face it ... everything shipped new = Vista
OK, Mike is only advising against the SpywareBlaster install on Vista, because that system even on default settings will prompt for the activex and since default is probably where the majority of users systems is likely to be, that makes sense if the sheer amount of entries does constitute a problem. On my system, running or scripting activex is disabled and downloading them is set to prompt. That won't work for many people, but it is not a problem for me and my useage methods.
Quotere: how many "average users" know whether to say yes or no"
That's not the point ... with XP the "ActiveX" will auto-install on
most users if setting = default ...
No argument there, but I am not trying to decide whether XP or Vista is more secure. I wanted to know why it was not recommended to install SpywareBlaster on Vista and the reason wasn't clear from what I had read up to that point, so the question was very much part of the point that I wanted to know more about. Based on this particular point, it would seem that the non-recommendation would be aimed more at people who never change default settings, for whatever the reason.
QuoteSo if you have 9,000 entries for SpywareBlaster and over 10,000
for (discontinued) IE-SpyAd you end up with a bloated Registry.
Has IE-Spyad been officially discontinued? Can anyone confirm? Hasn't been updated since August, but I hadn't heard that it was history.
I don't know if Mike will read this or not, but I would like to thank him for the detailed explanation on the hosts file updates. While I don't use a hosts file, I do keep an updated copy as a reference list and it is good to know how well it is maintained. Dedication to quality is an admirable trait.