SpywarebBlaster
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.
Introduction
Many Spyware, Hijackers, and Dialers are installed on your Internet
Explorer Web Browser through a Microsoft program called ActiveX. These activex
programs are downloaded when you go to certain web sites and then they are
run on your computer. These programs can do a variety of things such as provide
legitimate services likes games or file viewers, but they can also be used
to install Hijackers and Spyware on to your computer without your permission.
SpywareBlaster, a program created by Javacool, is used to secure
your Internet Explorer to make it harder for these ActiveX programs to run
on your computer, as well as disabling the ability of certain known offending
ActiveX programs from running at all. This program also has the ability to
stop certain cookies from being added to your computer when running Mozilla
based browsers like Firefox.
This tutorial will explain how to use SpywareBlaster to provide
the best protection for your browser. It is mostly geared towards the users
of Internet Explorer but users of Mozilla type browsers will gain benefits
from this program as well.
How to use SpywareBlaster to secure browser
Step 1: Download and install SpywareBlaster.
You can download SpywareBlaster here: SpywareBlaster
Download SpywareBlaster and save it to a location on your hard drive that
you will be able to find later. When it is download you will want to navigate
to the folder where you saved it using My Computer or Windows Explorer. When
you find the file, double click on it to install the program. Follow the prompts
and choose the default locations when installing the program. When the program
is done installing it will place an icon on your desktop.
Double click on the icon for SpywareBlaster and you will be presented with
the Protection Section as seen in Figure 1 below.

Figure 1. Protection/Status Screen for SpywareBlaster
The protection screen is where you will do most of the work
in securing your browser from running malicious programs. Lets take a moment
to go through each of the key components of the Protection section:
Internet Explorer, Restricted Site, and Mozilla/Firefox - These
sections, designated by the green box in Figure 1, are the core functions
of SpywareBlaster. You will use these sections to tell your browser what ActiveX programs
should not be allowed to run, what cookies should not be allowed to download,
and what sites are known to be malicious and have more restrictions when you
are visiting them.
Internet Explorer Security Alert - If you see this alert, designated
by the blue box in Figure 1. That means that SpywareBlaster has detected that your Internet
Explorer security settings are not strong enough and should be changed to
make your browser more secure. We will discuss this more further into the
this tutorial.
Step 2: Updating SpywareBlaster
Your next step should be to update SpywareBlaster. This will make sure
SpywareBlaster has the latest list of known Hijackers/Spyware so that it can protect
your browser more efficiently. You should update SpywareBlaster regularly, as much as
every few days, in order to provide the best protection. When you click on
the update button you will be presented with a screen similar to Figure 2
below

Figure 2. Updating SpywareBlaster
You should click on the button "Check for Updates"
designated by the green box in Figure 2. This will check for new updates that
may be available to SpywareBlaster. SpywareBlaster will connect to a server and if it finds new
updates, it will download them and install them and tell you so. Otherwise
it will tell you that your SpywareBlaster is up to date and that there is nothing to
download.
Step 3: Protecting your browser
You should now click again on the Protection button and you
will be presented with the screen shown in Figure 1.
If you see a Internet Explorer Security Alert you should click
on the link labeled "Click here to learn more and fix it". This
will bring you to a screen similar to Figure 3 below. If you do not see this
alert, you should be happy as your browser has the correct options set and
you can skip to Step 4.

Figure 3. IE Security Alert
It is highly recommended that you choose to fix the settings
that it presents to you. This will provide you with a much more secure browser
that will not be as susceptible to malicious ActiveX programs. If you want
to do this, click on the button designated by the red box, named "Set
Recommended Values". Once you do this you will be brought back to the
screen similar to Figure 1, except you will no longer have the alert.
Step 4. Internet Explorer Protection
You should now click on the button labeled Internet Explorer.
This will bring you to a screen similar to Figure 4 below. This screen will
allow you to make settings to your Internet Explorer browser that will stop
it from running known malicious ActiveX programs as well as cookies that are
known for being Spyware.

Figure 4. Internet Explorer Protection
Prevent the installation of ActiveX-based spyware,dialers,etc
- If you put a check mark in the checkbox labeled "Prevent the installation
of ActiveX-based spyware,dialers,etc", designated by the red box, your
browser will no longer be able to run ActiveX programs specified in the Block
List which is designated by the green box. This will automatically protect
you from all ActiveX programs in the list. It is advised that you allow SpywareBlaster
to protect you, so you should put a checkmark in this box.
If you want to remove protection from certain items, you can
uncheck that particular item and click on the button "Remove Protection
for Unchecked Items".
Advanced Tip: This is done by adding the CLSID, which is
the number between the curly brackets { 000..etc } under the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility.
You then make a dword value called "Compatibility Flags "
and make it the hexadecimal value of 400. This is called the killbit and will
stop the program from being able to run on your computer.
Prevent spyware/tracking cookies - The checkbox
labeled "Prevent spyware/tracking cookies", designated by the blue
box in Figure 4, will stop your browser from accepting certain cookies specified
in the Block List designated by the green box. By putting a checkmark in this
box SpywareBlaster will automatically block all attempts for these types of cookies to
be placed on your browser. It is advised that you allow SpywareBlaster to protect you,
so you should put a checkmark in this box.
If you want to remove protection from certain items, you can
uncheck that particular item and click on the button"Remove Protection
for Unchecked Items".
Advanced Tip: SpywareBlaster blocks the cookies by placing the entries
in the settings for your Internet Explorer via the registry in the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\P3P\History. The cookie domain is added as a subkey and a dword value
called Default is added with a hexadecimal value of 5 for always block or
1 for always allow.
Step 5. Internet Explorer Restricted Sites
You should now click on the button labeled "Restricted
Sites". This should bring you to a screen similar to Figure 5 below.
This screen will allow SpywareBlaster to restrict your browser from running Java, ActiveX,
and other downloads from known malicious sites.

Figure 5. Restricted Sites
By placing a checkmark in the checkbox labeled "Restrict
the actions of spyware/adtracking sites in Internet Explorer" SpywareBlaster will
add all the domains listed in the Block List, designated by the blue box in
Figure 5, into the Restricted Sites section of the Security tab in your Internet
Explorer Internet Options. It is advised that you let SpywareBlaster add these sites
to your Restricted Sites list by putting a checkmark in the box.
Once again, if you would like to remove one or more of the sites
from being added, you can uncheck that particular site and click on the "Remove
Protection for Unchecked Items" button.
Advanced Tip: SpywareBlaster adds sites to the restricted zones by
adding the domain as a subkey under the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains. A dword is then added to that domain named * and
given a hex value of 4 to specify that it is part of the Restricted Sites
Zone.
Step 6. Mozilla/Firefox Protection (Only if you use
this type of browser)
If you use a Mozilla or Firefox browser then you should read
this section, otherwise you can skip it. If you click on this section you
will see a screen similar to Figure 6 below.

Figure 6. Mozilla/Firefox Protection
By added a checkmark in the box labeled "Prevent spyware/tracking
cookies", designated by the red box in Figure 6, SpywareBlaster will automatically
add the Block List, designated by the blue box, to Mozilla/Firefox so that
those browsers will automatically block these cookies. It is recommended that
you let SpywareBlaster protect you for maximum security.
Once again, if you would like to remove one or more of the sites
from being added, you can uncheck that particular site and click on the "Remove
Protection for Unchecked Items" button.
Advanced Tip: SpywareBlaster does this by adding the domain to the
cookperm.txt file for Mozilla based browsers. This file is located in the
same directory that your prefs.js is located. Domains are added in the form:
domain.com permission
By adding a domain to this list and giving it a permission
of 1F, the cookie will be blocked from that domain.
Using the other tools built into SpywareBlaster
In this part of the tutorial I will discuss other tools that
SpywareBlaster has built into its program. Some of these tools are very good to use as
they create a backup of certain files and registry entries on your computer.
You can then restore these files in the future if your browser starts to act
strange. I will go into detail below about the different tools available to
you.
System Snapshot
SpywareBlaster has the ability to take a snapshot, or backup, of certain
settings in your browser and your registry. These settings will saved in a
database that is stored in your SpywareBlaster directory. If in the future you make a
mistake on a setting in your browser, or things start acting strange, possibly
due to Spyware/Hijackers, you can restore from this backup.
The first step is to click on the System Snapshot button on
the left. If this is your first time using it, you will want to create a snapshot
of your system. You should select the radio button that is labeled "Create
new System Snapshot" and press the Go button. Give the snap shot a name
that you will remember and make sure the "Append date + time..."
checkbox is check marked. I usually use a name like Snapshot. When this is
done, press the "Create Snapshot" button to continue. SpywareBlaster will then
save settings from your computer in a database on your computer. When it is
done you can press the Finish button.
If in the future you want to restore from this backup, you can
choose the System Snapshot section and then select the radio button for "Restore
System to Saved Snapshot Point" and press the Go button. You should click
once on a snapshot to select it and then press the Next button. If there were
any changes from your current settings to the ones saved in the snap shot
you specified, it will notify you and give you the option to restore them,
otherwise it will tell you there was no difference in your current settings
to the ones in the snapshot.
Tools Section
The tools sections contains 5 different tools that you can use
on your computer and are described below. For most people the only tool I
recommend is the Hosts Safe tool. The other tools can cause other Spyware
removal tools to view it as a modification made by a Hijacker or should be
only used by advanced users.
Browser Pages: This tool allows you to change various Browser
Pages such as your default Blank Page, or the default search page. Unless
you know what you are doing it is recommended that you leave this alone.
Hosts Safe: This tool is one that I recommend that most users
use at least once. This will back up your HOSTS file, which is commonly used
by Hijackers, to an encrypted file that can be restored from at a later date.
Please use this tool at least once.
Misc IE Settings: This allows you to disable the Internet Tools
control panel in your Control Panel. I would leave this unchecked unless you
have a good reason. The other option lets you change the text next to the
web pages title in your browser windows and is just for cosmetics.
Flash Killer: This will disable Flash files from being run within
your browser. Unless you will never need to use Flash, I would suggest you
not use this option as many legitimate sites use flash.
Custom Blocking: This allows you to add custom ActiveX CLSID's
that you want to block from running on your computer. This should only be
used by an advanced user.
Conclusion
As you can see SpywareBlaster is a very powerful tool in the protection
against Spyware and Hijackers. Though this tool will not remove Hijackers/Spyware
from your system, it will prevent you from getting infected in the future.
Therefore, it is highly recommended that you use this tool to its fullest
potential and to constantly update it so that you can have protection from
the latest threats that may have arisen.
Once again if you have any comments, questions or suggestions
about this tutorial please do not hesitate to tell us in the computer help forums.