IE-SPYAD and suntimes.com, esp ebert

Discussion in 'privacy problems' started by DStevens19, Mar 3, 2003.

Thread Status:
Not open for further replies.
  1. DStevens19

    DStevens19 Guest

    I am using IE-SPYAD and was told at that site's documentation that the author or compiler of the IE-SPYAD restricted sites entries can be found here or someone on his/her behalf that can get the info back.

    I see that *.suntimes.com is a blanket entry in the ie-ads.reg (updated 3/1/03) that becomes a restricted site. I would like to appeal to the author to maybe add some more granularity to this.

    For example, I like to read film critic Roger Ebert at
    www.suntimes.com/ebert, but the site does not come up. I found an alternative way in, but then that whole Ebert section malfunctions....for example the film Search application does not work at all. When I removed site entry *.suntimes.com from Restricted Sites, all was properly restored.

    I would just like to see a way for a person to navigate the site without baddies being planted....can't the granulation be finer, or is the whole suntimes.com site so badly behaved that it indeed has to be treated as a whole?

    I also use CookieWall, SpyWareBlaster, and Ad Aware 6 std, but have proved that only IE-SPYAD is implicated here.

    Thanks for comments and considerations.
     
  2. FanJ

    FanJ Guest

    Hi DStevens19,

    I've send the link for this thread to Eric (who makes IE-SPYAD).
     
  3. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    DStevens19:

    Reviewing my notes, it looks like I picked up the Suntimes.com entry almost a year ago. It's a major section in Stephen Martin's HOSTS file (there are at least a few dozen servers covered). A blanket entry for *.suntimes.com shouldn't have made it into IE-SPYAD; for some reason, though, it didn't occur to me what just what that was (though it seems perfectly obvious now).

    It will be removed in the next update to IE-SPYAD.

    Best,

    Eric L. Howes
     
  4. FanJ

    FanJ Guest

    Yep, doing a search via Hostess in Hosts, I see 252 suntimes.com entries in the "Suntimes Group" in Hosts, and one in the "Various Group": a12.suntimes.com (I don't know whether it has been my own mistake that caused that entry to be put in Various instead of in Suntimes).
     
  5. dsteve54

    dsteve54 Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    11
    eburger68 and FanJ,
    Uhhhhhhhhhhh, weeeeell, I don't know the architecture of this HOSTS file or its data model, and you guys are talking a bit "infrastructurally" for my feeble brain,
    BUT
    I read here that Eric or FanJ, or some permutation thereof, is going to make an update to IE-SPYAD that bottom line will hopefully get the bad news portions of suntimes.com weeded out without preventing access to the essential content of the site.

    As long as I understand the basic end result properly, I will just thank you for your :) prompt :) response and attention to my issue, and I will just look forward to the next update on the IE-SPYAD site.

    Thanks for the help. :)
     
  6. dsteve54

    dsteve54 Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    11
    Oh, yeah...."totally tangentially" for FanJ, since you are a moderator...you can see from these last two posts that I log in as dsteve54 and I had checked my *original* post before I posted to make sure the user name was dsteve54, and yet it posted with this "DStevens19"....I don't know where that came from. I sent a private mail to the admin for this forum over this, but maybe you have an idea.

    Somehow it appears that I made the original post as a "guest", which seems odd....I thought you had to be a member on most bulletin boards b4 you can post.

    Well, maybe you have some comment...I do not know where I screwed up or where the malfunction occurred.....if this DStevens19 is some attribute that got associated with my profile, I need to get somewhere where I can remove it...it would be nice if the original post could be edited so that attribute was dsteve54, but I do not think I can edit a post myself...thx.
     
  7. FanJ

    FanJ Guest

    Hi,

    I am just only a (very satisfied) user of IE-SPYAD.
    Eric makes IE-SPYAD.
    [hr]
    Some background info:

    Hosts info:
    http://www.smartin-designs.com/
    http://www.accs-net.com/hosts/

    Hostess info:
    http://accs-net.com/hostess/

    IE-SPYAD info:
    http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

    In short:
    IE-SPYAD puts all the sites that are listed in IE-SPYAD, in the Restricted Zone of Internet Explorer.
    Internet Explorer has different Zones (Restricted, Trusted, etc).
    For the right use of IE-SPYAD it is advised that you put all the options for the Restricted Zone of IE at the highest possible paranoid level (block as much as you can); see the info page for IE-SPYAD for further details. By doing that, such a site is for example not able to do via ActiveX some thing on your system that you don’t want it to do.

    Hosts works a little bit different.
    Quotes:
    The hosts file can be used to help speed your access to the sites listed within it. For example, you could make an entry such as
    123.45.678 www.wherever.com
    where 123.45.678 is the site's correct IP address. By creating this entry, your browser will not have to query an outside source to determine the IP address for www.wherever.com since it will check the hosts file first and you have told it the IP address. This method can be very effective for sites you frequently visit.
    An additional benifit of the hosts file is that it can also be used to block unwanted sites or servers. This can be accomplished by creating an entry such as
    127.0.0.1 ads.somewhere.net
    What the above entry will do, is whenever your computer tries to contact "ads.somewhere.net", it will be directed to the IP address of 127.0.0.1 or 0.0.0.0 (whichever one you choose to use) which in simple terms, is your own computer. So, whatever the connection attempt to "ads.somewhere.net" is trying to retrieve, whether it is an ad or a cookie or whatever, it will not work since it will be looking for it on your computer and not the ad servers. Therefore, effectively blocking the connection to this site.
    End quote.
    So what Hosts does, is to completely block a connection to/from a site mentioned in it.
    See the info page for Hosts for more details.

    Hostess is a nice utility to easily maintain your Hosts file.
     
  8. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    DStevens19:

    You wrote:

    > I read here that Eric or FanJ, or some permutation thereof,
    > is going to make an update to IE-SPYAD that bottom line
    > will hopefully get the bad news portions of suntimes.com
    > weeded out without preventing access to the essential
    > content of the site.

    Unfortunately, I'm not going to try to target selective portions of that site. I'm just going to remove the suntimes.com entry. To selectively target the "bad news portions" would mean that I would have to add a few hundred entries (by one count, see above), and that essentially defeats the advantages of using the Restricted sites zone, which allows you to use wild cards.

    If you are interested in selectively weeding out the bad portions of that site, I'd suggest looking into Stephen Martin's HOSTS file:

    http://www.smartin-designs.com/

    Best,

    Eric L. Howes
     
  9. FanJ

    FanJ Guest

    Hi,

    May I suggest that you put that question in the General forum-section:
    http://www.wilderssecurity.com/index.php?board=11
    or email Paul: webmaster at wilderssecurity.com
     
  10. FanJ

    FanJ Guest

    I did two experiments by trying to click on that link www.suntimes.com/ebert .

    But first I should mention that I haven't yet installed the latest version of IE-SPYAD.
    When I do a search in my installed version of IE-SPYAD for suntimes, the only entry which I get, is this one:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\suntimes.com]
    "*"=dword:00000004

    OK, now my experiments:
    Using Windows 98 SE Dutch, Internet Explorer 5.5 SP2 Dutch, full patched.

    In both experiments:
    HOSTS from Steve Martin enabled (the full version with also entries added by myself).
    IE-SPYAD installed (see my remark above).
    IEClean blocking ActiveX, Java etc.
    Firewall AtGuard.

    Experiment 1.
    The ad-blocking feature in AtGuard is enabled, and the Lite version of AGNIS (from Eric) is used by AtGuard.

    When I click on above mentioned link, I get a blank page.

    Experiment 2.
    The ad-blocking feature in AtGuard is disabled.

    When I click on above mentioned link, I perfectly fine go to this page:
    http://www.suntimes.com/index/ebert.html

    And connections to some other sites (that I didn't ask for) were also made.
     
  11. FanJ

    FanJ Guest

    DStevens19,

    Are you perhaps using another ad-blocking utility too?
    As for example AGNIS in above mentioned experiments.

    Well, of course, I myself could very well have made some mistakes somewhere, but it seems to me at the moment that it isn't IE-SPYAD that causes your problem......
    Am I wrong?
     
  12. FanJ

    FanJ Guest

    Well, it looks like that the reason that I can go to that site and you not, is that I still use Internet Explorer 5.5 and you most probably IE 6 (is that right?).
    Thanks to LowWaterMark for explaining it to me ;)
    Sorry for the confusion I might have caused!
     
  13. dsteve54

    dsteve54 Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    11
    Eric and FanJ,
    I am just getting back to you now after all your prolific posting.....and *effort* I might add..thx

    Ok, I will kindof work backwords through the threads.

    First, FanJ, I do use IE6....I have 2 networked machines peer-to-peer Ethernet so I am trying to do these 'ebert' things on both a Windows98 SE node and a XP Pro node...both have all patches and critical updates current via www.windowsupdate.com assessment/census app.

    I will emphasize that I do use IE6 on both machines.

    I use IE-SPYAD, version for 3/1/03 (current).
    I use Lavasoft Ad Aware 6 std (or Personal edition)...ref file current
    I use AnalogX Cookie Wall
    I use TrojanHunter 3.01 ...ruleset files current
    I use Norton Internet Security 2003 and Norton Systemworks 2003....LiveUpdate current
    I use SpyWareBlaster 2.0.2....currently updated
    I use jv16 power tools Regcleaner

    ===>
    NOTE: for Ad blocking I use www.panicware.com Pop-Up Stopper Free Edition....NOT the apps offered by Eric as adjuncts to NIS. I only use IE-SPYAD to add entries to the Restricted Zone category....not AGNIS for ad blocking.

    The above applications are installed and kept current on both my nodes. I am also behind a router.

    Ok, I think maybe the difference in FanJ experiment was indeed caused by the IE6 or something else in the ambient setup. This is because with all things held equal, including my panicware ad blocker, everything was ok when the registry entry you pointed out was removed from Restricted Zone status. And that entry is indeed in the *.reg file, as Eric has pointed out, in the current IE-SPYAD download.

    So I would hypothesize that it is not the ad blocking and try to come to some other conclusion...like your last post where you supposed your IE5.5 was why your experiment went in different directions when you had your At Guard ad blocking toggled.

    Thanks for all the explanation of the HOSTS file....I guess I am just going to have to study it and go to the site...I appreciate all the writeup you provided.

    For Eric, it is just fine by me that your next IE-SPYAD simply removes the *.suntimes.com entry. I am not so anal retentive about privacy vis a vis that particular site that I will try to dink around with the HOSTS app to try to granulate, but both of you have provided me the links to learn more if I want to.

    For FanJ, I did contact admin Paul (I did not repost in General)...we, or really he, just basically concluded that I must have somehow used that DStevens19 name accidentally as an attribute value of the post itself and I was not logged in but was a guess...must have had head up my a*s. But I have decided that now that I am straightened out and I just stay logged in as dsteve54, I will just move forward from there....it is not really your terrain anyway and not worth fooling with further.

    I think that addresses everything the two of you have posted since I did my initial post....I am satisfied that just having Eric remove *.suntimes.com from his next *.reg entry file is good enough for me.

    :) Thanks to you both for all your attention and effort in this matter...good customer service! :)
     
  14. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,840
    Location:
    New England
    Just to further explain this, we believe FanJ's test using IE 5.5, worked specifically because that first link (http://www.suntimes.com/ebert) does a Meta Refresh (an automatic page redirection) over to a different page at suntimes.com. We think Meta Refresh was simply enabled in all zones in IE 5.5, but, IE 6.0 introduced the ability to configure it. Automatic page redirection can be enabled or disabled using a new setting called "Allow Meta Refresh".

    By default, in IE 6.0 only the Restricted Zone is set to the High security level, and only the High security level has "Allow Meta Refresh" disabled (unless you go in and manually set Custom settings in a zone). See this page at Microsoft for more on this:

    A Description of the Changes to the Security Settings of the Web Content Zones in Internet Explorer 6
     
  15. dsteve54

    dsteve54 Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    11
    LowWaterMark,

    Yikes, ok, I can see what happened now that you have described it....what a smokescreen :eek:. Good thing you were there! Thx for clarifying.
     
  16. dsteve54

    dsteve54 Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    11
    To Eric....
    Yeah, your March 5 IE-SPYAD update, which I just installed, appeared to close out this thread's issue; or at least, after installing, I had no problem with the particular site discussed.

    Thanks for quick response and to all for other explanations on this thread that educated me :D
     
Thread Status:
Not open for further replies.