SpywareBlaster on domain

Discussion in 'SpywareBlaster & Other Forum' started by rasqual, Jul 19, 2003.

Thread Status:
Not open for further replies.
  1. rasqual

    rasqual Registered Member

    Jul 19, 2003
    Given SpywareBlaster's technique, I'm wondering whether its current implementation could be adapted to a managed environment such as my company's special education schools.

    I understand there are two areas of the registry that are used for this. For the killbits, it's HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility. For the cookieblocking, it's in both HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History and in the same path in HKCU.

    I'm curious what the effect of having the cookie blocks in *either* HKCU *or* HKLM -- but not both -- would be. It certainly makes a difference for how this would work on a network.

    A .reg file logon script would be a simple way to update client machines, with the exception of the HKLM keys, which would require eased up security in that section of the registry (or a server side service with decent permissions doing the work). I'm not sure I'd want those parts of the HKLM eased up, though! All you'd need is some control not on the list to do a surreptitious edit there, and there'd be hell to pay.

    The hassle, as I see it, is in applying the updates automatically. It seems to me that you'd have to manually download the updates, apply them to a machine, then export from the registry again. Judging from the layout of the dtb files it would probably be possible to programmatically parse them and write out a .reg file, but it's a bit of a hassle.

    The ultimate, I think, would be to have a service running on the client machines that would occasionally download an update and apply it to the local machine. If this were small, it could be installed on client machines. Otherwise, if Wilders would just make the .reg files available via ftp, it'd be a cinch for a scheduled task on the server to grab it every day before people start to log on, and park it in the proper spot for their logon script path to grab it.

    Has anyone worked on this? Is there a list somewhere that's kept as current as Wilder's updates? Anything that could be parsed and turned into a .reg file would rock.

    Final proposal: a machine logon script .reg for the HKLM, and a user script for HKCU.
  2. javacool

    javacool BrightFort Moderator

    Feb 10, 2002
    The above is undergoing testing. :D

    If you'd like, you can contact me at press@wilderssecurity.net , and I will happily provide more details.

    Best regards,

Thread Status:
Not open for further replies.