Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 03-04-2009, 10:55 PM
stevenamills stevenamills is offline
 
Join Date: Jul 2008
Posts: 860
stevenamills is on a distinguished road
Default Spybot Immunization

Towards the end of a tough cleanup, I frequently run Spybot Search and Destroy.

1. Add the HOSTS entries
2. Check BHO's
3. Immunize

It occurred to me that I really didn't understand immunization, which, I think, is a totally passive process. Some Googling really didn't help much.

Do any of you gurus and poobahs understand what is happening and is it a worthwhile exercise?

Thanks!
__________________
Steve

Fox Valley Computer Services
The more I learn about people, the more I like my dog. –Mark Twain
Reply With Quote
  #2  
Old 03-05-2009, 12:07 AM
Spiderz Spiderz is offline
 
Join Date: Mar 2009
Location: New York
Posts: 4
Spiderz is an unknown quantity at this point
Default

Quote:
Originally Posted by stevenamills View Post
Towards the end of a tough cleanup, I frequently run Spybot Search and Destroy.

1. Add the HOSTS entries
2. Check BHO's
3. Immunize

It occurred to me that I really didn't understand immunization, which, I think, is a totally passive process. Some Googling really didn't help much.

Do any of you gurus and poobahs understand what is happening and is it a worthwhile exercise?

Thanks!
I am not 100% but I believe it adds specific bad addresses and know spyware directories to the host file and directs them to 127.0.0.1 so that IE or any browser cannot load specific spyware or popups. It seems every time i run immunization it adds more items to it.
Reply With Quote
  #3  
Old 03-05-2009, 02:14 AM
PatrickB PatrickB is offline
 
Join Date: Feb 2009
Location: Springfield Missouri USA and anywhere by remote control
Posts: 451
PatrickB is on a distinguished road
Default

1) As far as I can tell, Spybot Search & Destroy's immunization feature takes advantage of the Restricted Zones in Internet Explorer, Firefox and Opera. You can find MSIE's list under the "ZoneMap" keys in the registry.

2) Spybot's "global" immunization is the Hosts file located under C:\WINDOWS\system32\drivers\etc. The entries it adds here will be redirected to the local machine where they will not be found (127.0.0.1). Adding Spybot's Hosts entries is the same thing as leaving the "Global" checkbox checked at the bottom of the Immunize feature. Overuse of the Hosts file has the potential to overwhelm the Windows DNS Client Service with too many thousands of entries and slow down web browsing.

Those who promote using the Hosts file to block bad sites and advertisements say that you can disable the DNS Client and never notice it. However, it is that service's job to keep a cache of recent name lookups. If that service is not available, then the computer must send a name lookup to the DNS server for every domain name that it encounters; that can be quite a few on a single web page. If every computer had the DNS Client disabled, I suspect the DNS servers would be overwhelmed and slow things down quite a bit.

Since I do not want to disable that service, I do not use the Global immunization checkbox available in Spybot S&D. Instead, I take advantage of the excellent https://www.opendns.com/ as my DNS. It maintains a current list of bad sites that will be blocked automatically.

-- Patrick B.

Last edited by PatrickB; 03-05-2009 at 02:50 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:33 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.