Jump to content

Making windows SPYWARE SAFE via registry

cypher_soundz
 Share

Recommended Posts

RogueSpear

RogueSpear

Posted
Posted

One nice freeware program that I implemented once is eDexter. This program is meant to take the place of an ad blocking HOSTS file. It's basically a small proxy. The configuration can be a little tricky at first, but this program is really fantastic for a freebie. It's configuration file works similiarly to a hosts file but you can use wildcards in the entries, explicitly allow or deny, etc.

There are no registry entries with it, just it's own config files. And there isn't the overhead and slowdown that you experience with some of the 20,000 plus entry hosts files that are available. Highly recommended for those not using a software based firewall and adblocker.

  • 2 weeks later...

FoaMDarT

FoaMDarT

Posted
Posted
EDIT:  To those using IE-SPYAD..  I gave up on this product a long time ago.  As comprehensive as it is, it simply broke too many web sites.  This includes Yahoo and MSN, and that is unacceptable to most of my clients.  Further, in reviewing the list of sites supplied by Spywareblaster, I was perfectly satisfied with that list.

You should take a look at this thread over at Wilder Security Forums. I'd say that the IE-SpyAd list (about 8000 sites) is the best to use for restricted zone entries. It seems to be the most comprehensive as it updates about monthly building the .reg file from numerous sources.

This Restricted sites list is based in part on info from:

discussions in the SpywareInfo Forums and other forums that

specialize in crapware removal

 

major crapware reference sites:

and.doxdesk.com ( http://www.doxdesk.com/parasite/)

CounterExploitation ( http://cexx.org/adware.htm)

Kephyr.com ( http://www.kephyr.com/)

PestPatrol ( http://www.pestpatrol.com/)

Spyware Guide ( http://www.spywareguide.com/)

 

the latest updates to well-known anti-crapware programs such

as SpyBot Search & Destroy, Ad-aware, and SpywareBlaster.

You can read a "Targeting and Inclusion Policy" for IE-SPYAD here.

RogueSpear

RogueSpear

Posted
Posted

I will agree that it is extremely comprehensive. No doubt about that. But the amount of time I had to spend editing out entries just got to be too much. And I was getting calls regularly that this web page or that web page wouldn't work because of some entry in there.

It's all a balancing act.

Martin Zugec

Martin Zugec

Posted
Posted

I created small program for my company, that integrate

1.) SpyIE-AD

2.) Blocklist from SpywareInfo

3.) Disable few protocols like MK, ITS, MHTML etc. that R used to deliver spyware

4.) Disable few objects like ADODB.Stream

It is working quite well... If anyone is interested I could share...

Martin Zugec

Martin Zugec

Posted
Posted

Ufff, only one problem - it is build with AdminStudio and I found out I got only czech language :( Meanwhile here is what it do:

Disable protocols MK, ITS, MS-ITS, MS-ITSS and MHTML

Disable objects Shell.Application, ADODB.Stream, Microsoft.XMLHTML

Import SpyIE-AD

Import BlockList

FoaMDarT

FoaMDarT

Posted
Posted
1.) SpyIE-AD

2.) Blocklist from SpywareInfo

soulin, your process looks great.

However, check my quote from the IE-SpyAd site in the post above. I think step 1 in your process already includes step 2.

sixpack

sixpack

Posted
Posted
Ufff, only one problem - it is build with AdminStudio and I found out I got only czech language :( Meanwhile here is what it do:

Disable protocols MK, ITS, MS-ITS, MS-ITSS and MHTML

Disable objects Shell.Application, ADODB.Stream, Microsoft.XMLHTML

Import SpyIE-AD

Import BlockList

seems like a nice program to try, but i cant read czech :(

Martin Zugec

Martin Zugec

Posted
Posted

Is here anybody that is able to include english strings?

Any user of installshield products?

I could send the project to rebuild :(

2FoaMDarT:

Nope, these R two different approaches.

First one blocks the sites.

Second one blocks the spyware products (by their identification number).

2All: Any other ideas what to include to make antispyware product that will be able to prevent from infecting instead of on-demand scanning?

FoaMDarT

FoaMDarT

Posted
Posted
2FoaMDarT:

Nope, these R two different approaches.

First one blocks the sites.

Second one blocks the spyware products (by their identification number).

2All: Any other ideas what to include to make antispyware product that will be able to prevent from infecting instead of on-demand scanning?

So does the Blocklist your using do the same thing as SpywareBlaster (CSLID killbits)? I can't find the Blocklist on spywareinfo.com, are you talking about a list form somewhere else?

As far as a non on-demand scanning product, SpywareBlaster is the only thing I've been able to find that can update itself (for $9.95/mo per computer) that will keep my users fairly safe. It looks like there will be a server based version coming soon.

Martin Zugec

Martin Zugec

Posted
Posted

Sorry, not from spywareinfo, it is the list sixpack provided :(

Yep, it is setting the killbits flags to CLSIDs... Same as spywareblaster. If I could integrate update service and make agreement with spywareguide and uiuc.edu guys, I would provide it (of course free :))

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...