7/7/05 New Database Defs Update issue

Discussion in 'SpywareBlaster & Other Forum' started by buttoni, Jul 8, 2005.

Thread Status:
Not open for further replies.
  1. buttoni

    buttoni Registered Member

    Joined:
    Jul 8, 2005
    Posts:
    44
    Location:
    Central Texas
    I installed Spyware Blaster Ver 3.4 the last week in June. Very impressed with simple user interface. Enabled all protection at installation set up.

    I downloaded the new definitions database 7/7/05 and all appeared to download ok with no error messages. Happened to open up SpywareBlaster today and noticed the protection status showed hundreds of items disabled from protection (mostly CoolWebSearch and Dialer entries). As I have not unchecked any items to be disabled from protection, why do you suppose there were literally a hundred or more unchecked and in red?

    Is it usual for update new entries to download this way, in "disable protection" status? Am I supposed to go in and enable protection manually like I had to do today? Can't begin to tell you how long that took!!! If this is normal, I won't be using SpywareBlaster for long!!

    It allowed me (once I logged on as Administrator account) to check them, click Protect Checked Items button and now protection status shows Zero items disabled for protection. Why did I have to go through all that? I have done scans and HJT logs as recently as today and am not infected with any virus or spyware that I can tell. Any ideas?
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Which protection in particular....ActiveX, Cookies or Restricted Sites ?

    If the answer to my question above is the ActiveX protection....the reason it now stuck was due to the fact the ActiveX items are written to the Local_Machine section of the registry....which requires Administrator priveligies....which you logged on as.

    Yes....it is normal for items to have to be enabled after a download....but as I mentioned above....the ActiveX protection will only take when a user with Admin priveligies is signed on. If the updates contain new Restricted Sites or Cookie protection....they will take no matter what type user is signed on because they get written to the Current_User section of the registry.

    More info than you probably wanted to know....but there it is :doubt:
     
  3. buttoni

    buttoni Registered Member

    Joined:
    Jul 8, 2005
    Posts:
    44
    Location:
    Central Texas
    Well, some were cookies and ActiveX (11 items, I believe) in the IE protection category on the protection screen. The greatest number of red, unchecked items were in the second category on the protection screen - Restricted Sites (it said 841). So it sounds like they didn't "take" as you indicated they usually do, no matter how I was logged on when I did the update.

    To be sure, I'm not certain if I was logged on as my Windows Limited or Administrator privilege account when I did the update yesterday.

    Let me be sure I understand you correctly. I should always do my updates logged on as my Administrative privilege account, but even then, I will still have to go in and manually enable protection for some items? What a pain! :(

    And when I go in as administrator and enable these items, will this protection apply to all user accounts on this pc?
     
    Last edited: Jul 8, 2005
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    With all three protections exhibiting un-checked items....that means we have something else causing the items to be un-checked. What other Security\Privacy programs are you using ? Also....when you say "Restricted Sites (it said 841)"....makes me wonder if you are using Spybot and it's Immunization feature. Possibly a coincidence and one number off....but there are 842 items unchecked in Spywareblaster if I un-do Spybot's Immunization feature :doubt:

    If by manually you are meaning you have to go into the program and place a check next to some of the un-checked items....that is something you should not have to do....no matter what type user you are signed on as.

    The ActiveX protection can only be enabled by a user that has Admin priviligies....as mentioned in my first post. Once the ActiveX protection is enabled....it is now enabled for all users. The Cookie and Restricted Sites protection is different however....as mentioned in my first post. Since there are different strokes for different folks....each user that wishes to have Cookie and Restricted Sites protection via Spywareblaster has to log into their respective accounts and enable said protection they desire.
     
    Last edited: Jul 8, 2005
  5. buttoni

    buttoni Registered Member

    Joined:
    Jul 8, 2005
    Posts:
    44
    Location:
    Central Texas
    Current security/privacy items: Spybot S&D (I did activate the immunize feature), McAfee FW,Pvcy & AV, Adaware SE, SpywareGuard and MS Anti-Spy. All protections are activated in all packages as far as I know.

    Yes, by "manually", I mean I actually had to go in and manually check the items one by one and then clicked on "Protect for checked items". Better safe than sorry!! Bummer. But summary screen now shows "0 items disabled from protection."

    Will undoing the SBSD immunize feature eliminate my problem then?

    Would you also recommend getting rid of any of the other security packages I'm using because of other known conflicts being reported?
     
    Last edited: Jul 9, 2005
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    The zero "0" is a good thing....it means all items are checked(enabled)

    I reckon the best way to answer that is to say for every action there is a re-action.

    What that means is Spybot's Immunization feature is the same as Spywareblasters features....meaning....they both add entries to the appropriate Internet Explorer registry location. That protection is comprised of ActiveX(kill-bits), Cookie and Restricted Sites protection. Where the problem arises is in the fact their respective databases have some of the same entries....and if you knowingly remove one of those same entries from one program....that removal will show up as being removed from the other. That in itself is not a bad thing....as long as the user is aware of that fact.

    Layered protection is not a bad thing as long as the user finds out as much as possible by asking what protection each program uses. IMHO....unless a user knows those facts....they are better off not utilizing layered protection until they do understand.

    While all of that might not be a good recommendation statement....I will say that what software you are using can work very well together if the user understands the capabilities of each program.
     
  7. buttoni

    buttoni Registered Member

    Joined:
    Jul 8, 2005
    Posts:
    44
    Location:
    Central Texas
    For now I think I'm going to undo the Spybot S&D immunize feature and see if the two programs can coexist in that settings environment. If I have problems with the next SpywareBlaster update, I'll go on and uninstall one of the software packages entirely from my system.

    Hopefully, you concur this is a good approach to take. I am a novice about protection layering, but want as much protection as I can get!!
     
  8. buttoni

    buttoni Registered Member

    Joined:
    Jul 8, 2005
    Posts:
    44
    Location:
    Central Texas
    As a last ditch effort I logged on as administrator, uninstalled SpywareBlaster and downloaded and reinstalled it. All went OK. Enabled all protections. Updated and rechecked and all items are CHECKED this time!!! Yeah! I think it worked the way it's supposed to this time.

    My Spybot Immunize and Teatimer and Hosts entries are still on and no problems seem to be occuring yet. Will advise if my problem of massive numbers of "unchecked and unprotected" items in SpywareBlaster recurs.

    Maybe it was just a fluke!! Or maybe I did the first install, setup and update as my "limited" windows account. Who knows. All I know is it seems to be OK now so you can close this post now.
     
Loading...
Thread Status:
Not open for further replies.