SpywareBlaster released

Discussion in 'SpywareBlaster & Other Forum' started by javacool, Oct 27, 2002.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    SpywareBlaster has been released:

    "SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

    How? By setting a "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!). All other Active-X controls or plug-ins will work fine.

    The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)

    As a side benefit, setting this "kill bit" will also prevent the spyware Active-X from running, in many cases, if it is already installed on your system.*"

    Full details, and download, here: http://www.wilderssecurity.com/spywareblaster.html

    Enjoy! :D

    -Javacool
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hey Javacool!Another interesting addition to the Blaster family!I have one question about Spyware Blaster.Is this a program that I should have running when I surf?I clicked the boxes and the kill button.Do I close the program and fire it up next time I reboot/start up?You know what I mean?It doesn't have a tool bar icon like ID Blaster and Hijack Blaster.So I'm thinking maybe it's not a "run in the background" program like the other two?One thing I like already is that I don't have to answer Active X prompts all the time anymore!I reset Crazy Browser and IE6 already and the prompts are indeed gone.Thanks for another innovative program Javacool!
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    Yes, this is a "run-once" program.

    You may however, want to use the check for updates feature every once in a while, and download the latest updates (and then check the new checkboxes and "kill" those new items).

    Regards,

    -Javacool
     
  4. controler

    controler Guest

    Ok this is getting a bit out of hand isn't it? You are going to make using MS producst safe yet javacool LOL

    This one looks cool too good job :D
     
  5. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Javacool,

    Thanks !
     
  6. WE Sim

    WE Sim Guest

    :eek:

    Wow! New program to rival SpyBlocker, huh? How's it as compared to SpyBlocker like its features and spy database etc etc

    BTW, does it work for OPERA?

    Thanks
     
  7. Harry

    Harry Guest

    SpywareBlaster seems to be unavailable at: <http://www.wilders.org/HTMLobj-1466/spywareblastersetup.exe>.
     
  8. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    Not quite - SpyBlocker provides filtering and proxy functions.

    SpywareBlaster, on the other hand, creates a kill bit for certain CLSIDs (numbers that identify a specific control) so that spyware Active X controls cannot run or be installed.

    Opera does not support Active X, however it couldn't hurt to use SpywareBlaster as many other programs use the IE webpage display engine.

    Regards,

    -Javacool
     
  9. dp

    dp Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    32
    I have seen some questions asked about an undo option (don't know why one would do that but..) once you check all the boxes and set the killbit, how would you reverse it?

    :) Disregard, I just saw where you just answered that over at the DSLR security forum.
     
  10. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    No need to disregared, I'll post it over here too. :)

    Regards,

    -Javacool
     
  11. R2

    R2 Guest

    Javacool- I believe it was mentioned that BHO's cannot be blocked by setting the Kill Bit. I have often wondered about that, but never experimented with it.

    For example, there is a BHO called DeltaClick. It has a CLSID of {0FC817C2-3B45-11D4-8340-0050DA825906}. However, the InProc32Server file is a DLL (DeltaClick.dll) -- not an OCX file. Therefore, I assume it is not ActiveX.

    Is there any utility in setting the "Kill Bit" for this CLSID??

    THANKS!
     
  12. decock

    decock Registered Member

    Joined:
    Oct 13, 2002
    Posts:
    4
    Hi Javacool
    Maybe this is another item for an update?
    It concerns the webdialer ActiveX-control 'VLoading'
    CLSID = {11BF0E2B-4229-4ADC-9C11-1C6968731018}

    grtz, John
     

    Attached Files:

  13. ActiveX controls (aka Windows COM objects) can be implemented by many different types of executable file, including .OCX, .DLL and .EXE. I find .DLL tends to be the most common, as many of Microsoft's example programs in Visual Studio are implemented that way. Whether the control is registered as being a BHO as well makes no difference to its killbitability.

    DeltaClick could be blocked effectively by setting the killbit on the class ID you quoted. However, I have not heard of DeltaClick being stealth-installed by people who didn't want it, and in any case their service now seems to be defunct so blocking it might be of marginal benefit.

    VLoading is something I *would* want to target though, as it's a dialler loader with severe security problems. ( http://and.doxdesk.com/parasite/ ).

    --
    Andrew Clover
    mailto:and@doxdesk.com
    http://and.doxdesk.com/
     
  14. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Javacool
    Many thanx for your features !!! I found 41 ever installed objects !!! The old bastard BonzyBuddy was there too ....and who knows what were the others.....
    Thank You, you got one friend more ;)
    -Ari
     
  15. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    A quick note - it does not actually scan for spyware. The items you found in the list were the items it can protect you against. By checking those items, and pressing the "Kill all Checked" button, it protects you against those items installing and also prevents them from running if they somehow get installed (or are already installed).

    Regards,

    -Javacool
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Javacool
    It´s really cool, our puters were given a shot for spying infections !!! lol, I would need drill a hole into my skull for better brain capacity :D
    -Ari-
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    The new updated (11/09/02) covers a new variant of FriendGreetings.

    Use the built-in check for update feature to get it.

    regards.

    paul
     
  18. goliath

    goliath Guest

    on a box running xp...can no longer run scan for updates at windows update.. i am curious has any else run into this problem... i'm Quessing here but could the cause be

    "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage."
    thanx in advance
    G.
     
  19. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    SpywareBlaster should not the cause of the problem, in this case.

    Only spyware program CLSIDs are added to the definitions - the CLSID that WindowsUpdate uses is completely different and thus, is not blocked. :)

    I have also just tested for this issue on two Windows XP machines (one running Home, one running Pro) just to make sure, and neither exhibited the issue you are describing.

    Regards,

    -Javacool
     
  20. goliath

    goliath Guest

    thank you! the broblem must be elswere..
    not my machine and am just trying to help a party out
    again thank you
    G.
     
  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,084
    Location:
    Netherlands
    The problem could be his firewall. I have to change the settings in mine to be able to update on the Windows site.
    If I don´t do that, I get redirected to a page stating the updates are for Windows only :D

    Regards,

    Pieter
     
  22. Marcus

    Marcus Guest

    ok, since i'm new to this, what i'm wondering is, since blocking some spyware will stop me from using that program, per the licensing agreement, if i check everything, how do i know what programms that i use i might be unwittingly disabling? o_O
    thanks.
     
  23. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    You probably won't be breaking any license agreements or disabling any spyware required by other software (almost all of the items that SpywareBlaster protects you against are installed by themselves, many times without your knowledge). You can always set the kill bit for all items on the list, and make sure all programs you use work - it is simple and easy to reverse the process (just uncheck the items, and click the "Kill All Checked" button - it will remove the kill bit for the unchecked items). :)

    If you do discover that a program on your system requires spyware that SpywareBlaster disables, you may be able to find an even better non-spyware alternative - just post the type of program on these forums and I'm sure someone will promptly post with many good suggestions. :cool:

    Regards,

    -Javacool

    P.S. There are also databases where you can enter program titles and you can search for if they contain spyware. http://www.spychecker.com comes to mind.
     
  24. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    javacool, is there a way to place new items added to the top of the list? duh on my part, but it took me awhile to catch on that they had been placed at the bottom of the targets. bob
     
  25. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,943
    This is a planned feature for the next version of SpywareBlaster. :)

    Regards,

    -Javacool
     
Thread Status:
Not open for further replies.