Q about IE-SpyAd Restricted Sites

[Brynn]

Hi Friends,
Is it possible to find out exactly what about a website has caused IE-SpyAd to place it in the Restricted Zone?

I know that in most cases one can safely find elsewhere what one might want from a Restricted Site.  But I have a situation where a quite reputable organization, is using the services of a website which IE-SpyAd has put in my Restricted Zone, to build and manage its mailing list.  I very much want to be on the mailing list of this organization, but don't want to submit my email address to a Restricted Site.  I HAVE notified the organization that the service they're using (don't know whether they pay for the service or not) has a bad reputation, and have given them links to the various anti-spyware software which puts sites into the Restricted Zone, so they might look into it, and learn more about it.  But I haven't been able to tell them exactly what the site does that is so bad.  And despite my notification about it, they haven't stopped using this Restricted Site.  So I'm thinking maybe if I can tell them specifically what the site does wrong, maybe they'll be motivated to change their system.  OR maybe the mailing list management has nothing to do with their restricted status, so that maybe it's safe to submit my email address.

So my question -- Is there any way to find out exactly what has caused IE-SpyAd (and/or other software) to put a site into the Restricted Zone?

And THANKS, as always, for your wisdom, help and support  :hug:

[Corrine]

Since Eric joined Sunbelt, it seems his time has been more limited.  As a result, the MVPS Hosts file is updated much more frequently that IE-Spyad.  Read an explanation of what is included here:  http://www.mvps.org/winhelp2002/hosts.htm You can also view a plain text file of the MVPS Hosts file from that page.  Some of the entries include an explanation of why they are included, for example, #[HTML/TrojanDownloader.Agent.BP trojan] and #[Ad-Aware.Tracking.Cookie]. 

[Brynn]

Hhm, it looks like this site is not in the HOSTS file.  Does that mean the site no longer earns restricted status -- that if IE-SpyAd was current, the site would not be there anymore?

Your reply also brings up some other questions for me, Corrine.  Is IE-SpyAd so out-of-date that it's lost its value -- is it still worth using it?  Since the 2 apps do such similar things, is there any problem using them together?

[Brynn]

Hi again,
Just wanted to post a quick update.   At the bottom of the page Corrine linked me to, I found a link to this page, Criteria for Detection in the Hosts File.  And at the bottom of that page is a list of links to other resources for detection criteria.  And among them I found a couple which eventually led me to some history on the site.  I think it probably would be ok to use this suspicous site, based on what I read, although I probably won't submit an address from my main email account.

I DO still wonder about these same 2 questions, though --

Is IE-SpyAd so out-of-date that it's lost its value -- is it still worth using it?  Since the 2 apps do such similar things, is there any problem using them together?

Thanks for any comments

[Corrine]

Hi, Brynn.  Since the MVPS Hosts File is more frequently updated, you may wish to consider switching to that. 

Edited to clarify

[Brynn]

OH!  :oops:
I'm sorry, I should have said that I'm already using the MVPS Hosts file.  But at the time I installed it, it didn't occur to me that there might be a conflict somewhere (partly because none are mentioned on that page).

But your suggestion to check the MVPS Host file, made me realize that it really provides a similar type of protection that IE-SpyAd does.  I'm fairly certain they simply represent overlapping layers of protection.  But I thought I'd ask just to be sure.

So my question could be better phrased, something like --
I use both IE-SpyAd and the MVPS Hosts file.  Is there any problem using them together?  Is IE-SpyAd essentially just taking up space, or does it realistically provide some level of protection?

Since you suggest using the MVPS Hosts file, knowing that I use IE-SpyAd, I'm assuming they are safe to use together.  But still, I would like to remove IE-SpyAd, if it's no longer of any use.  Seems like I read somewhere a large Restricted Site file can slow down the browser.

[Corrine]

a large Restricted Site file can slow down the browser.

That's true. 

To manage the hosts file, you may want to use something like HostsMan. http://www.abelhadigital.com/ listed on the MVPS.org site.

Edited to clairfy

[Corrine]

Even with a family emergency, Mike lets folks know what's happening:  Out of touch lately.

[Brynn]

I'm sorry to keep dragging this out....
But

a large Restricted Site file can slow down the browser.

That's true.  However, these are Hosts Files, directing baddies to 127.0.0.1.

Do you mean that IE-SpyAd is actually a Hosts file?
Does that mean that all Hosts files put sites into the Restricted Zone?
Do Host files use the Restricted Zone differently than if I manually entered a site?

It's just, I thought Host files and the Restricted Zone were 2 entirely separate and different things, which accomplish a similar effect by 2 entirely separate processes.

And finally regarding HostsMan -- Is there a benefit to "running" multiple Hosts files?  It seems like I recently read that it's better to use just one.

[Corrine]

Edited to clarify.

The Restricted Zone and Hosts file are separate and different. 
I have read that a large list of sites in the Restricted Zone can slow down the browser. 

As to HostsMan, I provided that link from the MVPS.org site because you were asking about using two programs and it is listed there as safe. 

I cannot advise you regarding whether it is best to use only one hosts file program or to use both a hosts file program and a program that loads files to the Restricted Zone.  That choice is yours.  Personally, I would think that because MVPS Hosts File is updated frequently that it would be the best choice at this time.

[Ripley]

At the bottom of the page Corrine linked me to, I found a link to this page, Criteria for Detection in the Hosts File.  And at the bottom of that page is a list of links to other resources for detection criteria.  And among them I found a couple which eventually led me to some history on the site.  I think it probably would be ok to use this suspicous site, based on what I read, although I probably won't submit an address from my main email account.

Kudos that you have sorted how you are going to handle this "suspicious site" given the link that Corrine pointed you to.

Since the MVPS Hosts File is more frequently updated, you may wish to consider switching to that.

Info related to update history on IE-Spyad and how it has changed is here> http://www.spywarewarrior.com/uiuc/history.htm

"Aug 21 '07

    * Updated the block lists again for AGNIS and IE-SPYAD on the "Ad Blocking Resources" page.
    * The original IE-SPYAD list is now withdrawn and will not be maintained. It is replaced by what used to be called IE-SPYAD for ZonedOut. now simply IE-SPYAD."

I use both IE-SpyAd and the MVPS Hosts file.  Is there any problem using them together?  Is IE-SpyAd essentially just taking up space, or does it realistically provide some level of protection?

It would seem with your stated use of these 2 programs, that you would know if there was a "problem" using them together, at least in terms of conflict, if that's what you are wondering.
As I understand it, there have been a few individuals who have created "custom" host lists, and the point Corrine suggests of choosing a custom host file program that is regularly updated is what I would be wanting to confirm too.

I personally use SpywareBlaster & Spybot for entering baddies to my IE Restricted Sites list, and do not use a custom host file currently, but that's a choice based on my security configuration. 

I was always confused between the "protection" with Restricted Sites vs Host files and had saved a very old link that the author of IE-SPYAD had written w/in a Read Me document that might be helpful for getting your head around these distinctions.  It is long, and I can't sort how to point you to where it addresses these clarifications.  But, if you scroll down 3/4 of this page> http://www.spywarewarrior.com/uiuc/res/ie-spyad.txt

"If I use a HOSTS file, why do I need IE-SPYAD?"
continue to:
"If I use SpywareBlaster, do I need IE-SPYAD?"
more discussion:
"If I use Spybot Search & Destroy, do I need IE-SPYAD?"

Even though the above document/ReadMe is dated, it might be helpful to read for educational purposes on the differing features & how they can overlap.

But still, I would like to remove IE-SpyAd, if it's no longer of any use.  Seems like I read somewhere a large Restricted Site file can slow down the browser.

As each person's computer is different, with different programs installed, and differing surfing habits, what might work for one person's computer, might be overkill for another. Layered security is a good thing, so if it ain't broke, why fix it?

If my IE browser started slowing down and I had one or more programs adding to my Restricted site list...I would be aware of this possible interaction, investigate, and maybe consider that change.

Brynn, pretty soon you are going to be our resident expert on all things IE zone related  :lol:
I doubt if any of the above provides any further info than what you already seem to know, but thought I would add my  :2cents:

[Brynn]

Hi ripley,
Sorry it's taken me so long to reply.  And thank you so much for all the very helpful info!  I've skimmed over, but not yet perused it all.  But it does sound like I will find all my answers there, among them.

It would seem with your stated use of these 2 programs, that you would know if there was a "problem" using them together, at least in terms of conflict, if that's what you are wondering.

In my experience, one can use 2 or more potentially conflicting programs without necessarily noticing any problems.  For example, several years ago, when I was 1st dipping my toe in the....well I was gonna say "pool", but it's more like "ocean" of the internet security world.  On 2nd thought, it was more like I was drowning in the ocean, than just dipping my toe, lol :sinking:  I was using 2 firewalls, and considering installing a 3rd.  Because a few months earlier I had had to reinstall my OS after several types of internet threats (virus, spyware, trojan, etc.) got into my machine.  (Yeah, I was one of those whose 1st HijackThis log showed almost more threats than not :roll:  In the end, it couldn't be fixed, and thus, I had to reinstall.)  So once I got it back up and functional, I thought using a 2nd firewall would block anything that might somehow get past the other.  And I was about to install a 3rd, as well as a 2nd antivirus, when I learned that one shoud not use more than one firewall at the same time, or antivirus either.  So for...3 to 5 months as best I can recall, I had 2 FWs installed and activated, without any evidence of a problem, when I learned that it could cause a problem.

So yeah, when I realized how IE-SpyAd and HOSTs files are so similar, in terms of the protection they provide, I wanted to make sure it's ok to use them together.  Because I don't know what it is about FWs and AVs that makes it unsafe to run or have installed 2 of a kind, or even exactly what kind of problem it might cause.  I just know that it could cause a problem.  But fortunately Corrine gave the response I needed to clear it up.

So anyway, a great big final thanks to you and Corrine both!
All best.