Jump to content

Making windows SPYWARE SAFE via registry


Recommended Posts

I had a search but didin't find anything, so i loaded up regmon and imunized in spy bot , and got a big list , now i just need to convert it in to a .reg format and it should stop any bad products from the min of a fresh install. If this has been done before or there is an easier way that doesn't involve a HOST file please let me know, As it will save me >2000 lines of text ;)

Regards

cyph

[EDIT]

well i found this post now: http://www.msfn.org/board/index.php?showto...022&hl=immunize

It's not really what i want though as i want a HOST file solution but for reg entrys, as the HOST file way slows browsing down.

[/EDIT]

Link to comment
Share on other sites


For quite some time now I have been combining the reg entries made by Spywareblaster and Spybot S&D into one large reg file and I import it in during the cmdlines.txt phase of the install.

If you really wanted it integrated in you could use Nuhi's RegHive application and put all of the entries into an inf file (like nLite.inf).

Basically you want to grab the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

This will get you all of the protection from both apps (the innoculating part anyway).

EDIT: I would love to see Nuhi put this into nLite or RyanVM put it into his Update Pack. I'd even volunteer to do the monthly updates of it.

Link to comment
Share on other sites

I Have A Bunch Of These Enrties That Get Added At The CmdLines.txt phase.

The Reg Tweak does Is Add A extra Zone I call Zone 5.

I than put both the these in both Zone 4 And Zone 5

Zone 4 = Resticted Sites

Zone 5= Tracking Sites

I have These Install With The Cmdlines.txt

I have To Use Those 5 To get Them All

To Be Added To Any User Using My Computer.

[COMMANDS]
"UserAcount.cmd"
"REGEDIT /S 000.reg"
"REGEDIT /S 020.reg"
"REGEDIT /S 040.reg"
"REGEDIT /S 060.reg"
"REGEDIT /S 080.reg"
"UaPrestart.cmd"
"RunOnceEx.cmd"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\21popme.com]
"http"=dword:00000004
@="*"

Edited by gunsmokingman
Link to comment
Share on other sites

1.) Like it or not, Internet Explorer is indeed rather interwoven into Windows 2K/XP. So it would definately be in the best interest of everyone using Windows 2K/XP to take advantage of these registry entries. If you want to use Spywareblaster and Spybot S&D, all the better.

2.) Has anyone here tried to deploy and manage Firefox in an enterprise environment? And felt it was worth the effort? Didn't think so.

3.) The license agreements to both Spybot and Spywareblaster leave me wondering if you can deploy them en mass. So the next best thing is to take the registry entries and import them. I've even implemented within a machine startup script written in VBscript, a routine that checks for updates by way of a seed file and updates the registry as necessary. So all I have to do make a new registry file once a month and put on the server. The next time all of the computers reboot (think patch tuesday), they get the updates.

4.) In the last year, using nothing but Internet Explorer, Spybot and Adaware have found nothing. It's all in the configuration, using Symantec Client Security V2, Spybot S&D, Adaware, and a little common sense. I think too many people are lulled into a false sense of security because they use Firefox or Opera.

Link to comment
Share on other sites

EDIT:  I would love to see Nuhi put this into nLite or RyanVM put it into his Update Pack.  I'd even volunteer to do the monthly updates of it.

Well, future nLite versions will supposedly allow you to import your own reg tweaks, so that should take care of that. I think that'd be the best way to do it, personally.

I try to put as few reg tweaks in my pack as humanly possible, as everybody has their own preferences. The only registry tweaks in mine are to fix an annoyance with Spybot and to trick WindowsUpdate into thinking the two file scanners have been run.

EDIT: That being said, I'll probably be adding these entries for my own personal CD :P

Link to comment
Share on other sites

Here Are My Reg Files

Use Them If You Want

Edit To Your Needs

Area You Might Want To Edit

040.Reg

Line 1796 Start

Line 1838 End

;Speed up shutdown[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]"WaitToKillServiceTimeout"="3000";Disable Alerter[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]"Start"=dword:00000004;Disable Background Intelligent Transfer Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]"Start"=dword:00000003;Disable Indexing Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]"Start"=dword:00000004;Disable TCP/IP NetBIOS Helper[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]"Start"=dword:00000004;Disable Messenger Service (to block spam. Does not affect MSN or Windows Messenger)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]"Start"=dword:00000004;Disable Remote Desktop Help Session Manager[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]"Start"=dword:00000004;Disable Routing and Remote Access[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]"Start"=dword:00000004;Disable Remote Registry Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]"Start"=dword:00000004;Set Print Spooler to "Manual"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]"Start"=dword:00000003;Disable Wireless Zero Configuration[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]"Start"=dword:00000004
I Gunsmokingman give all users full permission to do what ever they want with this script.

GsmRegTweaks.exe

Link to comment
Share on other sites

Yes i actually use firefox , but i don't like visiting sites that may be hostile, and you can never be to secure B) .

I will add the activeX stuff to the registry just incase :)

i am currently using every free spyware program and using the HOST file from here: http://www.bluetack.co.uk/modules.php?name...=showpage&pid=7

but i makes browsing slow.

would the above cover this? or jsut activeX / Internet explorer?

Regards

cyph

Link to comment
Share on other sites

I suppose I forgot to mention one of the more important things while on this topic. One of the reg keys that Spywareblaster populates is actually a list of web sites to be put into IE's "Restricted Zone." Unfortunately, even in SP2, the default configuration for the restricted zone leaves a couple of holes open. What I do is go in there and make sure "Disable" or "High Security" is selected for everything. This can also be accomplished via importing a reg file.

EDIT: To those using IE-SPYAD.. I gave up on this product a long time ago. As comprehensive as it is, it simply broke too many web sites. This includes Yahoo and MSN, and that is unacceptable to most of my clients. Further, in reviewing the list of sites supplied by Spywareblaster, I was perfectly satisfied with that list.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...