SpywareBlaster released

[javacool]

SpywareBlaster has been released:

"SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

How? By setting a "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!). All other Active-X controls or plug-ins will work fine.

The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)

As a side benefit, setting this "kill bit" will also prevent the spyware Active-X from running, in many cases, if it is already installed on your system.*"

Full details, and download, here: http://www.wilderssecurity.com/spywareblaster.html

Enjoy!

-Javacool

[the Tester]

Hey Javacool!Another interesting addition to the Blaster family!I have one question about Spyware Blaster.Is this a program that I should have running when I surf?I clicked the boxes and the kill button.Do I close the program and fire it up next time I reboot/start up?You know what I mean?It doesn't have a tool bar icon like ID Blaster and Hijack Blaster.So I'm thinking maybe it's not a "run in the background" program like the other two?One thing I like already is that I don't have to answer Active X prompts all the time anymore!I reset Crazy Browser and IE6 already and the prompts are indeed gone.Thanks for another innovative program Javacool!

[javacool]

Quote:

quoting: the Tester link=board=34;threadid=4468;start=0#29218 date=1035752349]
Hey Javacool!Another interesting addition to the Blaster family!I have one question about Spyware Blaster.Is this a program that I should have running when I surf?I clicked the boxes and the kill button.Do I close the program and fire it up next time I reboot/start up?You know what I mean?It doesn't have a tool bar icon like ID Blaster and Hijack Blaster.So I'm thinking maybe it's not a "run in the background" program like the other two?One thing I like already is that I don't have to answer Active X prompts all the time anymore!I reset Crazy Browser and IE6 already and the prompts are indeed gone.Thanks for another innovative program Javacool!

Yes, this is a "run-once" program.

You may however, want to use the check for updates feature every once in a while, and download the latest updates (and then check the new checkboxes and "kill" those new items).

Regards,

-Javacool

[controler]

Ok this is getting a bit out of hand isn't it? You are going to make using MS producst safe yet javacool LOL

This one looks cool too good job

[Marianna]

Javacool,

Thanks !

Wow! New program to rival SpyBlocker, huh? How's it as compared to SpyBlocker like its features and spy database etc etc

BTW, does it work for OPERA?

Thanks

SpywareBlaster seems to be unavailable at: <http://www.wilders.org/HTMLobj-1466/spywareblastersetup.exe>.

[javacool]

Quote:

quoting: WE Sim link=board=34;threadid=4468;start=0#29270 date=1035779216]


Wow! New program to rival SpyBlocker, huh? How's it as compared to SpyBlocker like its features and spy database etc etc

BTW, does it work for OPERA?

Thanks

Not quite - SpyBlocker provides filtering and proxy functions.

SpywareBlaster, on the other hand, creates a kill bit for certain CLSIDs (numbers that identify a specific control) so that spyware Active X controls cannot run or be installed.

Opera does not support Active X, however it couldn't hurt to use SpywareBlaster as many other programs use the IE webpage display engine.

Regards,

-Javacool

[dp]

I have seen some questions asked about an undo option (don't know why one would do that but..) once you check all the boxes and set the killbit, how would you reverse it?

Disregard, I just saw where you just answered that over at the DSLR security forum.

[javacool]

Quote:

quoting: dp link=board=34;threadid=4468;start=0#29592 date=1035927256]
I have seen some questions asked about an undo option (don't know why one would do that but..) once you check all the boxes and set the killbit, how would you reverse it?

Disregard, I just saw where you just answered that over at the DSLR security forum.

No need to disregared, I'll post it over here too.

Quote:

To have SpywareBlaster "un-kill" an item, you must uncheck the item and then click the "Kill All Checked" button (I believe this was at the bottom of the readme). Then it will un-kill the item, and remember your choice.

Regards,

-Javacool

Javacool- I believe it was mentioned that BHO's cannot be blocked by setting the Kill Bit. I have often wondered about that, but never experimented with it.

For example, there is a BHO called DeltaClick. It has a CLSID of {0FC817C2-3B45-11D4-8340-0050DA825906}. However, the InProc32Server file is a DLL (DeltaClick.dll) -- not an OCX file. Therefore, I assume it is not ActiveX.

Is there any utility in setting the "Kill Bit" for this CLSID??

THANKS!

[decock]

Hi Javacool
Maybe this is another item for an update?
It concerns the webdialer ActiveX-control 'VLoading'
CLSID = {11BF0E2B-4229-4ADC-9C11-1C6968731018}

grtz, John

ActiveX controls (aka Windows COM objects) can be implemented by many different types of executable file, including .OCX, .DLL and .EXE. I find .DLL tends to be the most common, as many of Microsoft's example programs in Visual Studio are implemented that way. Whether the control is registered as being a BHO as well makes no difference to its killbitability.

DeltaClick could be blocked effectively by setting the killbit on the class ID you quoted. However, I have not heard of DeltaClick being stealth-installed by people who didn't want it, and in any case their service now seems to be defunct so blocking it might be of marginal benefit.

VLoading is something I *would* want to target though, as it's a dialler loader with severe security problems. ( http://and.doxdesk.com/parasite/ ).

--
Andrew Clover
mailto:and@doxdesk.com
http://and.doxdesk.com/

[Krusty]

Javacool
Many thanx for your features !!! I found 41 ever installed objects !!! The old bastard BonzyBuddy was there too ....and who knows what were the others.....
Thank You, you got one friend more
-Ari

[javacool]

Quote:

quoting: Krusty link=board=34;threadid=4468;start=0#30817 date=1036701304]
Javacool
Many thanx for your features !!! I found 41 ever installed objects !!! The old bastard BonzyBuddy was there too ....and who knows what were the others.....
Thank You, you got one friend more
-Ari

A quick note - it does not actually scan for spyware. The items you found in the list were the items it can protect you against. By checking those items, and pressing the "Kill all Checked" button, it protects you against those items installing and also prevents them from running if they somehow get installed (or are already installed).

Regards,

-Javacool

[Krusty]

Javacool
It´s really cool, our puters were given a shot for spying infections !!! lol, I would need drill a hole into my skull for better brain capacity
-Ari-

[Paul Wilders]

The new updated (11/09/02) covers a new variant of FriendGreetings.

Use the built-in check for update feature to get it.

regards.

paul

on a box running xp...can no longer run scan for updates at windows update.. i am curious has any else run into this problem... i'm Quessing here but could the cause be

"kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage."
thanx in advance
G.

[javacool]

Quote:

quoting: goliath link=board=34;threadid=4468;start=15#31382 date=1036939503]
on a box running xp...can no longer run scan for updates at windows update.. i am curious has any else run into this problem... i'm Quessing here but could the cause be

"kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage."
thanx in advance
G.

SpywareBlaster should not the cause of the problem, in this case.

Only spyware program CLSIDs are added to the definitions - the CLSID that WindowsUpdate uses is completely different and thus, is not blocked.

I have also just tested for this issue on two Windows XP machines (one running Home, one running Pro) just to make sure, and neither exhibited the issue you are describing.

Regards,

-Javacool

thank you! the broblem must be elswere..
not my machine and am just trying to help a party out
again thank you
G.

[Pieter_Arntz]

The problem could be his firewall. I have to change the settings in mine to be able to update on the Windows site.
If I don´t do that, I get redirected to a page stating the updates are for Windows only

Regards,

Pieter

ok, since i'm new to this, what i'm wondering is, since blocking some spyware will stop me from using that program, per the licensing agreement, if i check everything, how do i know what programms that i use i might be unwittingly disabling?
thanks.

[javacool]

Quote:

quoting: Marcus link=board=34;threadid=4468;start=15#31629 date=1037054832]
ok, since i'm new to this, what i'm wondering is, since blocking some spyware will stop me from using that program, per the licensing agreement, if i check everything, how do i know what programms that i use i might be unwittingly disabling?
thanks.

You probably won't be breaking any license agreements or disabling any spyware required by other software (almost all of the items that SpywareBlaster protects you against are installed by themselves, many times without your knowledge). You can always set the kill bit for all items on the list, and make sure all programs you use work - it is simple and easy to reverse the process (just uncheck the items, and click the "Kill All Checked" button - it will remove the kill bit for the unchecked items).

If you do discover that a program on your system requires spyware that SpywareBlaster disables, you may be able to find an even better non-spyware alternative - just post the type of program on these forums and I'm sure someone will promptly post with many good suggestions.

Regards,

-Javacool

P.S. There are also databases where you can enter program titles and you can search for if they contain spyware. http://www.spychecker.com comes to mind.

[Pretender]

javacool, is there a way to place new items added to the top of the list? duh on my part, but it took me awhile to catch on that they had been placed at the bottom of the targets. bob

[javacool]

Quote:

quoting: Pretender link=board=34;threadid=4468;start=15#32551 date=1037575193]
javacool, is there a way to place new items added to the top of the list? duh on my part, but it took me awhile to catch on that they had been placed at the bottom of the targets. bob

This is a planned feature for the next version of SpywareBlaster.

Regards,

-Javacool