Spies & who they are

AtGuard is a (rather excellent) firewall which was developed by WRQ. WRQ licensed the technology to Symantec who added some bloat (~10MB of bloat) and re-released the firewall as NPF. The original AtGuard is no longer available for download. Are you maybe confusing AtGuard (the firewall) with ATGuard (a component of Anti-Trojan)? If so, then it's unlikely that running ATGuard would in any duplicate NIS's actions.

 

Hello

Yet more food for thought ...... I certainly have learnt a lot from all the opinions.

Lesson for today - READ the licence agreement !!!!!!! All too often I just skip over it. I know it is OK with actual software like PSP etc but on the freeware - I must BEWARE ......

Sorry for the confusion about ATGuard - it is the one with Anti-Trojan. I didn't realise there was an actual firewall with this title. I now know that it this is the one which Symantec have used ( yes - I agree with the Bloat ...... )

The ATguard firewall - I note you say it is no longer available for download BUT is it availble to purchase ?

I am doing my best to get as much security as I can. Better safe than sorry as if anything got in I just would not know what to do I think I am best to keep it out

Once again - great info ~ Thanks to all who are posting their opinions. I am pleased that it is not all put down to being paranoid about security ( some people do not see the reason for trying to block any holes which may be about ) I know some of the software is not of use but I would like to have the ones which do help.

There are more patches from M$ today but these are ones I have to think about considering the last one issued

 

No, it's not been available since WRQ licensed the technology to Symantec.

 

Oh Dear but thank you for letting me know

 

But check your PM's, miniB.

 

Just realised my PM's had never been turned on

Empty box

 

Resent.

 

Actually, that information is incorrect.

ONE of the benefits is that it prevents the dialog box from showing and blocks the download of the ActiveX control. (The .cab file, or .exe file, is never even downloaded. When the normal dialog box is displayed, the file is still downloaded onto your computer.)

The kill bits also prevent ActiveX controls from being activated if they are on your system. After the "kill bit" is set for an ActiveX control, that control is not called by Internet Explorer at all. Should ActiveX-based spyware be installed on your computer through other means, SpywareBlaster can prevent it from doing any damage.

(ActiveX spyware has also been installed, in the past, through various IE security holes. SpywareBlaster would still prevent it, per the above statement.)

Plus SpywareBlaster can prevent spyware/tracking cookies in IE 6, and has many other useful tools.

The software certainly does more than nothing, and is very useful even for users that have ActiveX downloads disabled in their browsers (as it can prevent ActiveX spyware installed through other means from activating). If you'd like more information on how killbits work, and their full benefits (and why SpywareBlaster is a useful program) you can see this Microsoft article:

http://support.microsoft.com/defaul...port/kb/articles/q240/7/97.asp&NoWebContent=1

Hopefully this will clear up any misunderstandings.

Best regards,

-Javacool

 

Thanks for taking the time to reply.

Yes, but even though the control is downloaded, it cannot be run without the user's say-so. Given that most controls are relatively small, it probably takes no more time to dowload those controls than it does to update SpywareBlaster on a regular basis.

Yes, but if a person is cautious as to what (s)he downloads (and gets into the habit of reading EULA's and/or doing a little research prior to installing software) and does not alter IE's default security settings, ActiveX-based spyware will never be installed on his or her system.

Holes which, AFAIK, no longer exist.

... as does the simple act of setting IE to reject third-party cookies.

Given the fact that SpywareBlaster is free and uses zero system resources, I do feel a tad guilty about knocking it. That said, IMO, it'd be far better for people to adopt their own safe practices rather than relying on a third-party to tell them what is and isn't spyware (which can occasionally be a matter for debate) and to protect them accordingly.

NOTE: Javacool is the devloper of SpywareBlaster.

 

I'd have to disagree.

Seemingly safe software can easily contain bundled spyware. And there have been many instances where spyware was not mentioned in the license agreement at all (ex. although Grokster does mention that it installs certain adware/spyware, several other programs are installed or "trickle-downloaded" behind the user's back with no indication in the license agreement whatsoever - there were also cases of freeware that bundled and silently installed lop.com, etc.).

True - assuming that a user is up-to-date on all of their software patches. But that certainly isn't to say that there are no further security holes in IE that could be used maliciously to install spyware - new security holes are being discovered in IE very frequently these days.

I always recommend setting ActiveX settings in IE to disable. Unfortunately, that just isn't practical for most users (who want access to banking, or other sites that may require ActiveX). True a Yes/No prompt is better than simply enabling ActiveX (which is extremely dangerous), but I've seen many instances where a user was tricked by such a prompt that claimed to come from Microsoft (or a similar big software company), linked to no privacy agreement, and yet installed spyware. The companies that create spyware don't seem to be too inclined to always provide a privacy policy.

That said, I am a big supporter of a layered defense, especially one that does not add extra burden to the system. As you said, SpywareBlaster uses no system resources and does not have to run in the background. Using it can't hurt, and can only help. Should a new security hole in IE be exploited, or should misleading data on the Yes/No box be provided, an extra layer of defense may save the day.

SpywareBlaster doesn't try to tell the user what is and what is not spyware - it blocks it if the user wishes (plus disabling and the other features mentioned above). But the user always has the ability to selectively block items, remove protection for all/single items, etc. SpywareBlaster provides a front to protection - the user ultimately decides if he wants to block all spyware in its database or not (and, just another note: before adding any CLSID to the SpywareBlaster database, it is run through several checks to make sure that no legitimate software uses that CLSID). Should you want to actually install or "use" one of the spyware items in SpywareBlaster's database, you are always free to disable protection and do so. (Full details are provided for every item in the database - so you are never in the dark about what you are protecting against.)

(Not to mention that many users get tired of clicking "No" constantly on ActiveX install prompts.)

Tight system security settings and common sense are a start (and significant), but I still highly recommend that users try an extra layer or two of protection on every level.

Best regards,

-Javacool

P.S. Yes, I'm the developer of SpywareBlaster. Someone mentioned this thread to me, and I figured I'd come answer a couple questions.

 

Yup, which is why it's a good idea for people to do a little research prior to installing any software. That way, they'll hopefully discover any nasty, non-spyware traits which the software may have in addition to being alerted to the presence of spyware (which may or may not be on SpywareBlaster's "hit list ").

I'd guess that the people who use SpywareBlaster are reasonably concsious of security issues and are more than likely to be up-to-date on their patches.

Fair point. But to put it in perspective, if such a vulnerability were to be exploited, the installation of foistware could be the least of your worries.

Good. And I'm pleased to see that this phrase:-

You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!).

(which sort of implies otherwise) is no longer used on the SpywareBlaster pages.

IE's Zones make it straightforward to selectively disable ActiveX.

Similarly, I have seen numerous pseudo-Microsoft security patches available for download. Common sense should be sufficient to deal with this type of thing.

Technically it doesn't; practically it probably does as I doubt that there are many people who use anything other than the complete "blocklist ".

I do not use Spywareblaster (as you might have guessed ) yet very rarely do I see any prompt which SpywareBlaster would have prevented.

I agree that it cannot hurt the system; but, IMO, it can hurt in other ways. Look further up this thread and you'll see the following remark:-

This type of comment is not unusual. In fact, I recently read a post in which a chap stated that he spent upwards of two hours per day checking for updates, updating and scanning with a host of security products (but, hmmm, he was scanning with SwatIt on a daily basis!). People are worrying too much about security matters and are not using their connections for the reasons that they became connected in the first place.

What I can say is that with IE set to reject third-party cookies and ActiveX disabled for non-Trusted sites, I have yet to collect anything which Spybot (which I run once every few months out of curiosity) has tagged as being foistware. To my mind, this indicates that for the majority of people, a sensible IE configuration is perfectly adequate to prevent unwanted installations. True, not everybody will have a sensible configuration - but I'd guess that those who don't are not so security concsious as to be running SpywareBlaster (and vice versa!).

A grass in our midst Again, thanks for taking the time to reply and I'll reiterate that these are simply my opinions and that there are numerous people who hold a contrary view (as evidenced by the large numbers who use SpywareBlaster).

 

Do I understand that you have disabled all ActiveX options in te Internet Zone, and have filled up the Trusted Sites zone with your trusted favorites?

Microsoft lists the default settings for each security level at
http://www.microsoft.com/technet/prodtechnol/ie/reskit/ie6/part2/c04ie6rk.asp

For the record (quoted from the above):
"By default, the Trusted sites zone is assigned the Low security level. This zone is intended for highly trusted sites, such as the sites of trusted business partners. "

"By default, the Restricted sites zone is assigned the High security level. If you assign a site to the Restricted sites zone, it will be allowed to perform only minimal, very safe operations. This zone is for sites that you do not trust. "

" By default, the Internet zone is set to the Medium security level. If you are concerned about possible security problems when users browse the Internet, you might want to change the security level to High. "

Here are the "medium" settings for ActiveX:

set to "Prompt ":
-Download signed ActiveX controls

set to Disable:
-Download unsigned ActiveX controls
-Initialize and script ActiveX controls not marked as safe

set to "Enable ":

- Run ActiveX controls and plug-ins
- Script ActiveX controls marked safe for scripting

I use the above "medium" settings in the Internet Zone, as KenKieth does, and I don't consider it "extremely dangerous, but then I don't have any other users on my computer except for my hubby... whom I trust

If you have children or others who use the computer who you don't trust, then I would (like brett?) reset all ActiveX options to "Disable" (and possibly reset the entire Internet zone to High security!) then sit with the kids and go through all their favorite sites. P lace the ones you consider safe in the "Trusted Sites" zone. I know it takes time but think of it as "quality" time. Using the computer as a baby sitter is not the best way to go.

I can see why getting a 3rd party program to fix it all up is tempting.

By the way brett, SpybotS&D now has an "immunize" feature that I haven't looked into yet but it's supposed to "close the door to places where certain known baddies like to settle themselves. It makes it impossible for foistware to install ActiveX objects on your system. "...See
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3ed74f4a0d08ffff;act=ST;f=28;t=1950;


======copy/paste=======
IMMUNIZE

Beginning from version 1.2, Spybot-S&D allows you to immunize your computer against some spyware. It currently offers three different immunities:

Permanent Internet Explorer immunity

Similar to JavaCools SpywareBlaster, this allows you to tweak some internal Internet Explorer settings to block the installation of known spyware (and similar threats) installers.
========end c/p============

PS I never find anything much with Spybot either. I run it to clean up cookies.

 

On the computer which the kids use, yes. On my computer, no - the security level is set at Medium.

Yup, but, like you, I have have found that Spybot never finds anything so, IMO, there little point in "immunizing" (whether via Spybot or via SpywareBlaster).

My point in all this is simply that people could easily keep their system free of unwanted badware (a new word!) through making a few changes to their browser settings and adopting a common sense approach when downloading software without the need to spend (in some cases, considerable) time downloading and updating and scanning, scanning, scanning with a host of third party utilities.

 

Or switch to Netscape

 

Erm ... maybe I'll take the badware instead

 

Hi Alice,

I have found Spybot to be very effective in finding where Ad-Aware and Spyware Nuker failed. I recently downloaded Spybot so your information alerts me to not be overly confident with that software.

I have a question that you slightly addressed. I recently set "third-party cookies" to prompt. Surfing the net I constantly get a message to accept or not accept cookies. Are you accepting cookies as a convenience and then cleaning up? Thanks.

 

Ken I suspect that you find most people have this set to Block rather than Prompt. Blocking has no negative impact on browsing.

 

Hi Ken Keith,

Spybot is not finding anything because I don't HAVE any spyware installed. I mainly use Netscape and Mozilla which don't use ActiveX, so they don't attract the bad stuff like IE does (admit it, brett!). I'm also very selective about what software I DO install.

My husband is weaning himself away from Windows and using his Ibook and either Netscape 7 or the Mac version of IE (which doesn't use ActiveX either) so Internet Explorer is getting very little use on our Windows machine.

I do accept cookies in IE5.5sp2 with no prompting and clean up afterwards, you're right. I check what cookies I have and add the worst offenders to the Restricted Sites zone (where cookies are disabled) before letting Spybot clean 'em out... I do have a few of the useful cookies in the cookie excludes list.

Netscape 4.79 has a single cookies.txt file which I have made "read only" after cleaning it out with a 3rd party cookie cleaner so I never get any new cookies there unless I take off the read-only attribute to collect a useful cookie, then close Netscape and make the cookie file read-only again. It's been ages since I've needed to do that, basically becuase I rarely use it.

Mozilla 1.0.1 has it's own cookie manager built in, as well as a pop-up blocker, and it's my main browser.

PS I found a thread on Xupiter that might interest you, HERE
Also look at Sandi Hardmeier's site:
http://www.mvps.org/inetexplorer/Darnit.htm#Xupiter

 

Thanks brett.

It was my understanding that blocking prevented access to some sites. I relied on that belief and never blocked. If that be true, why would anyone enable cookies??
______________________________________-

Alice, thanks for the info and link. I had put aside you weren't using IE.

 

Blocking first-party cookies will invariably interfere with quite a few sites; blocking third-party cookies rarely, if ever, does. Actually, I'm surprised (or maybe I'm not!) that MS haven't made this the default setting in IE.