PDA

View Full Version : Spybot Immunization


stevenamills
03-04-2009, 11:55 PM
Towards the end of a tough cleanup, I frequently run Spybot Search and Destroy.

1. Add the HOSTS entries
2. Check BHO's
3. Immunize

It occurred to me that I really didn't understand immunization, which, I think, is a totally passive process. Some Googling really didn't help much.

Do any of you gurus and poobahs understand what is happening and is it a worthwhile exercise?

Thanks!

Spiderz
03-05-2009, 01:07 AM
Towards the end of a tough cleanup, I frequently run Spybot Search and Destroy.

1. Add the HOSTS entries
2. Check BHO's
3. Immunize

It occurred to me that I really didn't understand immunization, which, I think, is a totally passive process. Some Googling really didn't help much.

Do any of you gurus and poobahs understand what is happening and is it a worthwhile exercise?

Thanks!

I am not 100% but I believe it adds specific bad addresses and know spyware directories to the host file and directs them to 127.0.0.1 so that IE or any browser cannot load specific spyware or popups. It seems every time i run immunization it adds more items to it.

PatrickB
03-05-2009, 03:14 AM
1) As far as I can tell, Spybot Search & Destroy's immunization feature takes advantage of the Restricted Zones in Internet Explorer, Firefox and Opera. You can find MSIE's list under the "ZoneMap" keys in the registry.

2) Spybot's "global" immunization is the Hosts file located under C:\WINDOWS\system32\drivers\etc. The entries it adds here will be redirected to the local machine where they will not be found (127.0.0.1). Adding Spybot's Hosts entries is the same thing as leaving the "Global" checkbox checked at the bottom of the Immunize feature. Overuse of the Hosts file has the potential to overwhelm the Windows DNS Client Service with too many thousands of entries and slow down web browsing.

Those who promote using the Hosts file to block bad sites and advertisements say that you can disable the DNS Client and never notice it. However, it is that service's job to keep a cache of recent name lookups. If that service is not available, then the computer must send a name lookup to the DNS server for every domain name that it encounters; that can be quite a few on a single web page. If every computer had the DNS Client disabled, I suspect the DNS servers would be overwhelmed and slow things down quite a bit.

Since I do not want to disable that service, I do not use the Global immunization checkbox available in Spybot S&D. Instead, I take advantage of the excellent https://www.opendns.com/ as my DNS. It maintains a current list of bad sites that will be blocked automatically.

-- Patrick B.