IE-SPYAD & Ad-aware 6.0

Discussion in 'other anti-malware software' started by eburger68, Feb 2, 2003.

Thread Status:
Not open for further replies.
  1. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    In response to my announcement of the latest version of the IE-SPYAD and AGNIS block lists...

    https://www.wilderssecurity.com/showthread.php?t=6911

    ...MaxPower asked me the following question:

    Given that update alerts are deleted and replaced once a newer update is issued, I thought I'd respond to MaxPower's question here.

    I have seen Ad-aware 6.0's SITES.TXT. Funny enough, it *appears* that Lavasoft may have used a version of IE-SPYAD from back in December or early January in constructing their list, so the two lists are already very close. I do plan to go through the SITES.TXT in more detail to see if there are any entries worth adding to IE-SPYAD. Based on a quick side-by-side (diff) comparison, though, it looks like IE-SPYAD already has almost all of the entries from that list covered (and then some).

    Just for the record, let me make a few things clear (since the issue has been raised):

    1) I don't know for certain that Lavasoft did use IE-SPYAD. They never contacted me, and I haven't asked them. I *suspect* they did because a number of entries that are, shall we say, peculiar to IE-SPYAD show up in their SITES.TXT. There are also some formatting peculiarities from IE-SPYAD that have also been carried over into the SITES.TXT. If indeed they did use IE-SPYAD, they did make some minor customizations, though.

    2) I do *not* have a problem with Lavasoft's use of IE-SPYAD (if indeed they did use it). Indeed, I don't mind at all. I myself borrow liberally from other sources (and state as much in the ReadMe for IE-SPYAD and on the download page), so I can't claim sole authorship anyway. Moreover, other folks have contacted me about using IE-SPYAD as a basis for one block list or another. That's all fine by me. The important thing is that the list is used to protect folks from the nastier elements on the Web, and the SITES.TXT is being used for just that purpose.

    As I said, I do plan to review the SITES.TXT from Ad-aware 6.0, but I don't expect any significant additions based on what I've already seen.

    Hope that's all clear.

    Best,

    Eric L. Howes
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Eric,

    Lavasoft has had some complaints about their sites-list.
    I´ll give you the links to their solutions:
    Hotmail problem
    Earthlink problem
    I would really appreciate your views on those.

    TIA,

    Pieter
     
  3. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Pieter:

    Both of the problematic sites mentioned in those threads are in IE-SPYAD, but....

    1) the passport.com entry is "commented" out in the "Not for Everyone" section for precisely the reason that it may cause folks problems -- users who want nothing to do with Passport can un-comment" and enable the entry, but it is disabled by default;

    2) the link.net entry is also in IE-SPYAD and is enabled by default, but it shouldn't cause the problem it apparently is with AdWatch -- it looks like AdWatch might be handling wild cards differently than Internet Explorer does (and that's just a guess), thus link.net won't cause earthlink.net to be put in the Restricted sites zone in IE.

    Best,

    Eric L. Howes
     
  4. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    It would only seem logical to me that once a nasty has been identified it surely wouldl become part of next update of everyone maintaining such lists therefore making those lists very similar as to their database.
    Major playors keeping such lists are:
    SMartin's host file, Spyblocker, IESpyad, Spybot search & Destroy and now Lavasoft' ad-aware.

    Except for very few false positives, those lists should in fact become practically identical on the long run. Let's face it a nasty is a nasty no matter who looks at it.
    Only differences would be in the interpretation and handling of few of these nasties, but for most part same ones identified.
     
  5. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    MickeytheMan:

    I'm going to dissent a wee bit from the assertion that "a nasty is a nasty no matter who looks at it." And I'm going to dissent based on my own experience over the two and a half years building and maintaining (and struggling with decisions about) the IE-SPYAD and AGNIS block lists. Put simply, there are too many people with too many different ideas as to what constitutes accceptable vs. unacceptable commercial behavior on the Internet.

    Passport.com is a good example of that. Some folks look at Passport and see an octopus with which they want nothing to do. For other folks, the Passport system is a completely normal and acceptable part of everyday Internet use.

    Another example (and this one is my favorite): Doubleclick, the well-known marketing giant on the Internet. Doubleclick.net would seem to be an obvious candidate for a block list. If doubleclick.net doesn't qualify as a domain worthy of putting in the Restricted sites zone, for example, then nothing does. Yet, I've received emails from folks who were having problems accessing content on gaming sites because of the doubleclick.net entries. Those gaming sites (all completely legitimate and innocuous non-gambling sites) were forcing users to download game content/widgets through doubleclick.net. Should doubleclick.net then be removed from IE-SPYAD?

    The unfortunate reality is that block lists are crude, blunt mechanisms for dealing with privacy concerns. If you're using a block list (one of mine or someone else's), you can expect to run into minor problems such as the ones some folks have apparently encountered with Ad-aware 6.0's SITES.TXT. That's why I would urge folks to have a little patience when they encounter such problems. It's annoying to run into them, to be sure, but they're an unavoidable part of using block lists.

    As for "convergence" -- yes, to some extent that will be true, though functionality and formatting differences play a role here (the HOSTS file doesn't use wild cards, for example), as will the decisions made by the individuals who assemble those lists.

    Best,

    Eric L. Howes
     
  6. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Eric, i totally agree with you and that's why i mentioned about the interpretation and handling of some of them.
    To privacy freaks like me ( see my avatar and desription), no intrusion is acceptable no matter who does it and therefore all lists are used to their full potential.
    However, i am aware that not all are like that and very well aware that what is not acceptable to me may very well be for others.
    As long as people realize that using some services or going to some websites sometimes means some loss of privacy. If they are ok with that, so be it.
    In that sense, i kinda like Spybot's search & destroy 's approach on this and attempts to provide some description on identified targets and what they do.
     
Loading...
Thread Status:
Not open for further replies.