SpywareBlaster not working for Firefox 10.0.2

Discussion in 'SpywareBlaster & Other Forum' started by mchain, Mar 1, 2012.

Thread Status:
Not open for further replies.
  1. mchain
    Offline

    mchain Registered Member

    XP Home SP3, Avast! Free 7.0.1407, Windows Defender, COMODO Firewall Free 5.9.221665.2197, Secunia PSI 2.0.4003 Free, RUBotted beta, Sandboxie Free 3.64.

    Starting today, I am seeing many adware cookies where I have seen none before.

    These files were found by SUPERAntispyware Free Edition 5.0.1144 when I ran a quick scan.

    I occasionally run FF without the sandbox, hence the cookies.

    Not worried about the trojan found by SAS as this is an Ubuntu file in a TEMP directory. Will keep in quarantine until SAS updates their definitions in a few days, and rescan after I restore this file. I occasionally run Ubuntu as a Live CD, so no problem there.

    I have noticed that the last three updates did not include updates for Firefox.
    Why is that?

    (See attached)

    mchain

    Attached Files:

  2. javacool
    Offline

    javacool BrightFort Moderator

    Hi,

    I just did a bunch of testing, and I'm afraid I have not been able to reproduce this issue.

    Have you perhaps customized where your Firefox profiles are located? Are you using Firefox "portable"? Is there anything else non-default/standard about your setup that you think could be contributing?

    Many thanks in advance,

    -Javacool
  3. mchain
    Offline

    mchain Registered Member

    javacool,

    None of the above applies, but your answer has sent me in other directions.

    February 28th, 2012, Avast! released their OEM version 7.0.1407 to the general public.

    Among other things:

    http://forum.avast.com/index.php?topic=93953.0

    http://forum.avast.com/index.php?topic=94095.0

    http://forum.avast.com/index.php?topic=94219.0

    Seems Avast! released the final version a little too soon. To eliminate these issues as the source of the problems with SpywareBlaster, I decided to follow this procedure, detailed below, to make a clean install of the final version, as possibly SpywareBlaster 4.6 was affected somehow by these sort of problems.

    I was experiencing a slower boot-time after upgrading from version 6.0.1367 to 7.0.1407 within the GUI program. To clear this up, I went and downloaded a fresh copy of 7.0.1407.

    Next, I went to get aswclear.exe from Avast! to remove all traces of the a/v, all versions I have ever run.

    Used msconfig to achieve a clean boot in admin by selecting "Hide All Microsoft Services", then unticked all non-microsoft, rebooted.

    I went offline and ran aswclear.exe and removed all traces.

    Using the clean boot process, (only 22 processes were running in admin) I was able to achieve a clean install of Avast!

    I will keep you updated as to what is happening with the cookie traces I was finding in FF 10.0.2 if this continues to be a problem when running SAS scanning (not resident).

    Note: I did install and have running until just now, a FF add-on 'DoNotTrackPlus 2.08" but have now disabled it for the moment to see if that has made a change in the cookie detection in SAS.

    Thanks.

    A/V is one of the most important programs a user can run on a system, so...
  4. mchain
    Offline

    mchain Registered Member

    Javacool,

    Thanks for looking into this.

    It is beginning to look as if it was a FF add-on that was the source of the problem. Reason why I say that, it is because DoNotTrack Plus offers the option to opt-out of advertising tracking cookies, but I did not opt-in for this feature.

    Could you confirm this is the cause?

    I left all settings in DoNotTrack Plus default to clear up any confusion caused by the above statement.

    Since I disabled DoNotTrack Plus in FF, I am not getting the 64-69 cookie detections anymore in SAS.

    If I am right, I thought you should know, as this add-on is possibly affecting the operation of your software.

    mchain
  5. javacool
    Offline

    javacool BrightFort Moderator

    Hi,

    One of the ways that some of the ad/tracking companies offer an "opt-out" is by actually setting a cookie with a company-specific "do not track me" value.

    DoNotTrack Plus appears to add a number of these opt-out cookies itself to Firefox. This would explain why SAS is detecting items - there are cookies present, but they are special "opt me out" cookies, a distinction that SAS apparently doesn't make.

    Additionally these (opt-out) cookies are being added directly by third-party software (in this case, a Firefox extension), and not by browsing the web. SpywareBlaster is built to block ad/tracking websites from adding/setting cookies.

    Best regards,

    -Javacool
  6. mchain
    Offline

    mchain Registered Member

    Staying directly on topic, so it is DoNotTrack Plus that is adding the cookies to FF that SAS detects? Interesting.

    Getting SAS engineers to stop detection of these cookies would be next to impossible, as it goes against their raison d'etre.

    Glad we could find a reason why this behavior was occurring. No fault of SpywareBlaster as it is configured now.

    Only solution is to remove DoNotTrack Plus add-on from FF.

    I have noticed quite a few entries in FF relating to DNT P in more than 20 separate places within the browser, so it has modified FF in possibly extensive ways. Literally looks like a can of worms in there.

    Sorry to have pointed the finger at your program.

    However, we did track down the source of the problem together, and the solution is clear. Remove it.

    I will be keeping SpywareBlaster on my system. IMHO it is a very good program.

    Thanks.
Thread Status:
Not open for further replies.