How exactly does SpywareBlaster work?

I have recently uninstalled Bugbot Spybot S&D as I found that its latest incarnation (1.6.2) was a tad buggy.

I have been using SpywareBlaster for a while now. I am at a bit of a loss on how exactly it works however. I can understand that Bugbot Spybot has an immunizer that protects browsers, but how does SpywareBlaster work? If it helps when you explain....

Imagine that I am an idiot

 

Hello,

https://www.wilderssecurity.com/showpost.php?p=1261000&postcount=5

FAQ,

https://www.javacoolsoftware.com/su...ebase&_a=view&parentcategoryid=4&pcid=0&nav=0

Hope that helps.



snowbound

 

OK Cheers.

 

Hi Folks,

When I read this from above I still really do not know:

"SpywareBlaster utilizes several different methods to help protect your computer, however all of them are what we call passive protection .. multiple methods to secure the common entry points against a whole bunch of potentially unwanted software, cookies, sites, etc."

So why can't I know what cookies, sites or software was blocked ? e.g. A log file that can be turned on or off, with the default off, would be as unobstrusive as SpywareBlaster itself.

Personally, I have used SpywareBlaster for years, but when I thought about recommending it at a company where I work I wondered how I would answer questions like these :

"What does it block ?"
"How do I know what was blocked?"
"What if I don't want such-and-such blocked ?".

Being unable to answer such questions, I hesitate to make any recommendation.

Shalom,
Steven Avery

 

I am in the same position. I keep trying to find information on this site which explains how SpywareBlaster actually works. I also would like to recommend this for our 125-person network. I realize it populates the Restricted Sites list, but is there more to it than that? We have more and more drive-by infections, and I will sell this solution to management if I can be convinced this is a necessary complement to our existing anti-malware program.

 

Hi,

The Restricted Sites list is one of the layers that SpywareBlaster provides.

In short: SpywareBlaster works by utilizing various configuration options that both Windows and a number of web browsers support to either completely block potentially unwanted items, or close potential loopholes that are or could be exploited to do unwanted things.

Some examples:

• ActiveX Protection - SpywareBlaster blocks bad / potentially unwanted ActiveX controls from downloading (and, in many cases, running even if installed via other means) in Internet Explorer / Windows Explorer by utilizing specific system-wide configuration settings to deny various capabilities to those ActiveX controls.
  
  
• Restricted Sites Protection - SpywareBlaster utilizes the "zoning" features built-in to Internet Explorer (that allow users to enable/disable browser functionality for sites they either trust/don't trust) to restrict the actions of potentially unwanted sites. Ultimately, this means it can block potentially unwanted downloads, scripting, exploits, etc.
  
  
• Cookie Protection - Using the different methodologies that browsers expose for configuring per-site privacy settings, SpywareBlaster is able to block ad / tracking cookies.

Since SpywareBlaster utilizes these built-in capabilities to ultimately set policy - i.e. what should be blocked and how it should be blocked - it works with practically any other software out there. (It doesn't "hook" deep into the operating system, or constantly run in the background and use CPU and memory.)

It also means that customizing the protection can be extremely simple, and SpywareBlaster itself provides the tools to easily do so. You can selectively enable/disable protection per targeted item (ActiveX control, site, cookie, etc.), exclude items using a Permant Ignore List, and add new items using the Custom Blocking List. (None of this is required - you can just Enable All Protection and go - but should you want to customize things, it's available. The block lists are easily searchable as well: just right-click and choose the "Find" option.)

SpywareBlaster configures the protection, but doesn't enforce it. That's done by the system / web browser.

A decent analogy is how a vaccine functions to provide protection against certain known "baddies". The vaccine doesn't "enforce" the immunity - it provides the immune system with the information it needs to do so.

SpywareBlaster works in a somewhat similar way - except it "immunizes" against a large database of "baddies" (i.e. spyware, adware, malware, browser hijackers, and other potentially unwanted software). It also uses multiple different approaches to create a multi-layered protection setup, as outlined above.

Since most of the supported web browsers don't log that information, SpywareBlaster doesn't have any logs to show you. To do so would likely require intrusive additions to the system / web browsers themselves, and that goes against the whole driving purpose of SpywareBlaster: to provide non-intrusive protection that just works with whatever else you have running.

Best regards,

-Javacool

 

Thank you. Gosh, is there really a person named Javacool? Did kids make fun of you in school?

We are getting more and more infections from drive-bys, like MS Antispyware 2009, which our enterprise anti-malware is not catching. Would SpywareBlaster prevent this?

Thanks, Jim

 

Hi Jim,

SpywareBlaster's initial focus was drive-by infections (of the ActiveX variety), and they're one of the high priority targets we continue to focus on.

So it should work great as a compliment to your existing protection strategy, and help secure Internet Explorer against a number of different drive-by methods and sources.

A note: One of the common strategies that drive-by infections are using today is exploitation of old plug-ins installed on machines. (Especially older versions of Flash and Adobe Reader). SpywareBlaster can help prevent these exploits from working through its Restricted Sites protection, but nothing is more effective than ensuring all browser plug-ins are up-to-date. Adobe just released a critical security update for their Reader product a week or two ago - details here, in case you haven't patched yet: http://www.adobe.com/support/security/bulletins/apsb09-04.html (The patched flaw is being actively exploited.)

Best regards,

-Javacool