Hi,

I read the following:
Such tools (mentioned below) as Ad-Aware and SpyBot have not only scanning capabilities, but also immunizing or ad-blocking features. I recommend you leave these turned off. This recommendation is based mostly on a “convenience of computer use” point of view. Tools that are excellent for scanning for malware do not necessarily serve as well the separate function of protection. The immunize, ad-blocking, and similar protective features of these programs mostly aren’t needed, don’t do much that is really helpful, and sometimes unnecessarily get in the way of how you use your computer. (If you are running Windows XP Service Pack 2, they really are unnecessary, at best!) There are so much easier and less intrusive ways to protect your computer, that I recommend you not risk making your computer life harder with features that don’t really help.

...and I was wondering what the opinion here was on using the Immunizing and SDHelper (i.e. "Permanently running bad download blocker in IE") in SpyBot?

I only use IE for Windows Updates -- I use Firefox for web browsing. So is it still better to have that option turned on in SpyBot or off? And why?

Is it that SDHelper thing that uses the Immunizing (i.e. "block bad products")? I guess if you weren't going to use that, then you'd just stop "immunizing"?

Any thoughts are appreciated -- thanks to the board for continuously helping me to learn!

As I understand it (which isn't terribly far), the immunise function in Spybot does a number of things. It puts a list of known 'bad' websites into Internet Explorer's Restricted zone; it blocks some cookies; and it blocks the download of a list of known 'bad' activeX scripts.

Now, I'm not sure, but I think the last one may be of less importance if you already have Internet Explorer's security level set to 'medium', because IE will prompt you anyway whenever something is offered, and you can say no. The cookie issue isn't very important because it's so easy to get rid of them. But that list of 'bad' websites looks pretty useful to me.

For the record, I use both Spybot's 'immunise' feature, and I also use Spywareblaster. Although they do a similar job, the scope of the protection is considerably extended by using both. I also use Spybot's 'hosts' file.

Do these things interfere significantly with browsing? I haven't encountered anything worth noting. And if I did, I can turn them off. I don't think there's anything much to lose by using them, but there is a significant enhancement of protection to gain.

Of course if you use Firefox for your browsing, then this is all irrelevant.

Yeah, that what I was wondering... I only use IE for Windows updates. And I've actually got all the Internet Zones in IE set to High Security, except for Trusted, which is set at Medium and only contains the three addresses you need to add for Windows Update. (Well, I guess the Restricted Zone is set to "Custom" with everything turned off or set to prompt, as I believe that's the default anyways for that...)

So that stuff in SpyBot has zero bearing on anything for me, right?

I guess I can keep immunizing since that gets downloaded when you update (unless I stop updating that part, but that might be iffy), but just leave the SDHelper thing unchecked/turned-off...?

Thanks!

I would assume so - unless one of your three trusted sites was compromised. I don't know if that's even possible?

If you use firefox as the main browser, I would recommend that you add Spywareblaster to your anti malware arsenal. link to main page:

http://www.javacoolsoftware.com

It does the immunize function for firefox, also.

I thought I had read that some people had problems with this...? Conflicts or something...? Or maybe that was something else...

Would it conflict with SpyBot?

It says this:

# Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
# Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
# Restrict the actions of potentially unwanted sites in Internet Explorer.

...so is the immunize thing the first line here? If it's then third, then it sounds like it's only for IE.

Thanks!

The second line pertains to Firefox.
In Firefox, it blocks Ad/Tracking cookies.
I've been using it, along with Spybot's Teatimer, for several years, and have had no problems.

S&D immunize feature loads up IE restricted site list. Good thing till you use Outlook with May M$ patches.
TeaTimer is a wonderful runtime watch. So long as it does not interfere with similar watch of AVG which I believe you're using, it's safe. Check AVG kb. Or try TeaTimer and if S&D throws and alert about some registry change or whatever, followed by AVG telling a similar thing, you know you have a conflict.
I've used the immunize feature with ZA free and Avast AV with no problems, but not with ZA suite as it watches the registry, OS, the whole bit.

I think Spyware blaster has no conflicts.

I have yet to run across a conflict with spywareblaster from any program. Again the key word is yet. There is quite a wealth of information at the Spywareblaster Knowledgebase , and a section at Wilder Security

I use OE not Outlook, so would that effect me?

Also, I noticed that there are still sites listed in IE Restricted Sites even though I have the SDHelper thing unchecked in Spybot. Does that add additional sites, or maybe they're already in IE from having used it in the past?

I've never used the TeaTimer thing, as I had read about problems (probably what you're referring to). Is that only for IE though? Again, I don't use IE (only for Windows Updates) and use Firefox regularly.

So what does SpywareBlaster have that SpyBot doesn't...?

Thanks!

OE vs Outlook. I don't know. Google.

I don't recall what SDHelper is. Immunization fills the list. It's a good list. If you have no problems, leave it alone.
S&D is for IE only. I love the program and use for looking at a lot of settings and tweaking the startup list. But that list of restricted site hurt me so I removed it all and wait for M$ to fix their ways.

SpywareBlaster - complete description is on this site in the tutorials. It sets a kill but in the registry and prevents various bad things from running. It's a different mechanism. Google.

Could you clarify that, please? How did the list of restricted sites hurt you?

SDHelper is the thing that gets added to your something (registry?) that shows up in a HijackThis log when you CHECK "Enable permanent blocking of bad addresses in IE" at the bottom of the Immunize screen in SpyBot:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

This is the thing I *don't* have checked right now, since I only use IE for Windows Update. Any reason to check or not check it?



Are you saying the SpyBot program is for IE only? I can run a S&D scan of my computer with it -- why would it matter if I use Firefox or IE when scanning my computer with it?

Hi! I could hardly use Outlook2003. I posted here full description as well as links, but can't find my own post. Instead, read these:
see explanation in a post by Jim Eshelman
http://aumha.net/viewtopic.php?p=152814
also
http://forums.spybot.info/showthread.php?p=102248

This is not a S&D problem really. It is the change of how M$ now reviews restricted sites for every character you type.

Edit: ok I found my own stuff
http://www.bleepingcomputer.com/forums/topic91899.html
but all you really need is the aumha link

Scanning has nothing to do with it. Spybot restricted sites list prevents your IE from going where it shouldn't. Scan is scan. Not relevant to what browser you use. If you shut off the BHO in IE then you've lost protection. In the rare instances when you use IE, if a trojan gets you, S&D will prevent from going there. Hope that's clearer now