Spy Sweeper acting up, or is there a very real danger ?

I use the latest version of the Spy Sweeper (Webroot), the version without antivirus.

It has an 'internet communications shield' which is supposed to protect you from dangerous websites/things, such as drive-by downloads. (In the past, it has more than once protected me against 'drivecleaner').

However, today I was blocked when I typed www.xe.com, a very mainstream website. I don't recall the exact message. I did NOT shut down the internet communications shield, but it seemed like I could see the exchange rates, I don't know if they were current or correct.

Later, when I tried to access Yahoo, the internet communications shield protected me against ad.yieldmanager or ad.yieldmanager.com. At first glance, it looks like an ad related issue, but I was not blocked by the advertisement shield (which I also use), but by their internet communications shield. Other than that, I could access Yahoo.

Something similar happened to me when I tried to access another mainstream website.

Nothing like this has ever happened to me before.

So, what's going on ? Is this dysfunctionality of the Spy Sweeper, or was I protected against real (not just ad displays) threats ? If the latter was the case, people need to be very aware of the situation. Not just people who use the Spy Sweeper.

I submitted a ticket to Webroot, but they have a habit of being slow, and sometimes they don't respond at all, or give a completely irrelevant 'answer'.

Therefore I'm just posting this here. If it's not Webroot dysfunctionality, people have a very real reason to be concerned.

Btw, McAfee's SiteAdvisor rated all those websites GREEN, but that doesn't mean much. It's more like: if it lights up as RED, stay away from it.

 

Maybe your Spy Sweeper is protecting you from cookies or something...

 

your antispyware is blocking advertisement in real time and blocking cookies probably.i have a program(antispyware app)it blocks thesame as your plus more webtrends,yieldmaster,207,zedo all those plus more and see it in the log file of the program.they get block without interfering you daily work.

 

It does have a tracking cookies shield, but only the internet communications shield alerted me.

 

It would at least be a change in functionality. Ads used to be blocked by the common ads shield (but not always!). In the past the internet communications shield protected me against things like drive-by downloads (like Drivecleaner), I'm not saying is not working properly, but it's easy to get worried if the internet communications shield starts popping up all over the place, without at least a notification of a change in functionality.

 

After a few more experiences, it seems like it's a change in functionality.

A notification should at least have been appropriate, and would also save the support department some time and effort.

 

When I was using Spy Sweeper I had to disable some of the shields so that I could access common web sites. After version 5.x and later the program became too heavy and complex. It did a decent job at detecting and blocking spyware or traces of adware (most often tracking cookies) but the program was causing incompatibilities with other software and causing system lockups, slowdown, etc.. More than a year ago I replaced SS with SAS Pro as my main ASW application and haven't looked back. If you are already running a number of security programs for layered protection (AV, FW, HIPS) then you should consider a much lighter ASW program.

 

Hmmm im running the free version with shields up right now and i notice no slowdowns infact pretty neat adblocker. BTW is there a trial in the free version or is realtime protection endless? I know cleanup is isnt free so.

 

I to have it doing it to me also.We both are seeing and getting the same thing

 

The behaviour in question is gone again !

I get the impression that some pretty nasty business is happening right under our eyes, but I don't know who's responsible for it.

As mentioned earlier, ad.yieldmanager.com in particular caught my eye.

To put it simply, I've been messing around with my system, trying only the windows firewall and the latest version of Counterspy (eliminating the rest), and Counterspy caught an ad.yieldmanager cookie !

I did read some threads about ad.yieldmanager being spyware/adware that was an infection on one's system, so I tried a number of things and what I mentioned in the previous paragraph.

Now, with that McAfee Virusscan Plus 2008 (I know, I've been saying I would get rid of it, but I havent' found anything better, I'm not sure anyway) and The Spy Sweeper 5.5.7, the .NET building I haven't been able to find any ad.yieldmanager cookie, nor did the Spy Sweeper reveal what it revealed earlier.

So there is a LOT of tracking going on, but I'm not sure who's responsible for that/what. (Who's in bed with whom !)

It really pisses me off.

I suppose the Spy Sweeper exposed 'by accident' ( ) some spying that's going on. If anyone has some not too technical suggestions, your advice is welcome.

 

ad.yieldmanager.com and others

Please don't put this in a privacy thread, since this question is not primarily related to privacy, but more about tracking and the functionality of software.

The (ad) shields in the Spy Sweeper block a lot, but not everything.

Part of my security setup: McAfee Virusscan Plus 2008 (I'm not proud of that, but it's a temporary thing), Spy Sweeper 5.5.7 (version without antivirus).

In the 2008 version of McAfee you don't have to download .NET seperately, from what I understand it's in the McAfee code, completely or partially.

McAfee and Doubleclick share data. No doubt that's why I sometimes see ads that have something to do with McAfee. The Ads shield in the Spy Sweeper blocks some ads, but certainly not everything. I don't really care about SEEING ads, it's the tracking that bothers me. I get the impression that the Spy Sweeper sometimes blocks ads 'from McAfee', accompanied by 'error messages' that suggest DNS involvement (word 'dns' in the 'error message').

When accessing a website, I sometimes see (example: Yahoo), for a very brief moment, connections being made (not sure if they are succesful or not),
ad.yieldmanager.com, Google (ads) and such. Http connections, you really need a keen and quick eye to see them. (I also have 'opted out' on Yahoo's tracking of me outside the Yahoo network, 'web beacons'/'web bugs' issue.)

I did a clean reinstall (fortunately I had an image from a fresh Windows XP service pack 2 plus updates without McAfee and the Spy Sweeper), and Counterspy was able to detect an ad.yieldmanager(.com?) cookie. No ad.yieldmanager software present, as suggested in numerous posts on the internet.

While I can't be 100 % sure, it seems that some of what I mentioned two paragraphs earlier does actually track me and is responsible for displaying ads.
A brief error/change in functionality of the Spy Sweeper made me more aware of this.

I'm not sure about what this means, or what could be done (without taking extreme measures) to stop this tracking. I suspect that at least some tracking is succesful, but it's hard to be sure. I've also read that the '.NET building' blocks A LOT, but not stuff from Microsoft/McAfee/Doubeclick, that group can actually follow you very well in the '.NET building')

I know this is a lot of text, feel free to comment and share insight.

 

Re: ad.yieldmanager.com and others

Going directly to ad.yieldmanager.com url in the page code, with my cookie settings in Opera configured to Prompt, I can see the attempt to set a cookie:


___________________________________________________

With cookies set to load as specified in Opera's Server Manager (list of my stored cookies), this cookie will not download.

If you set your firewall to prompt for the browser, you can view each connection.

I decided to watch the yahoo.com page load and used IE. Here is a connection for doubleclick:


_________________________________________________

When the page completed loading, the ad.yieldmanager cookie did not download:


_______________________________________________

Looking at the page code, I see that ad.yieldmanager is associated with selecting Yahoo to be the default homepage:

Code:

var rmImage = new Image();
rmImage.src = "http://ad.yieldmanager.com/pixel?id=115235&t=1";
alert("Your home page is now Yahoo!\nThe home button of your browser goes directly to Yahoo!");

So I clicked to select the home page:


____________________________________________________


Soon the connection out to ad.yieldmanager alerted. Note the rm in the "connect to" description. It matches
the identifier in the main page code. And the cookie is downloaded:


___________________________________________

You might try this to see if you get the same results.

Using Opera, I have a yahoo mail account and I store permanent yahoo.com and yahoo.mail.com cookies, but the browser does not permit any other cookies, including 3rd party cookies to download. Tracking by 3rd party cookies can't take place, if I understand how that works.


----
rich