Kill bit related questions...

Discussion in 'SpywareBlaster & Other Forum' started by ZR, Oct 30, 2003.

Thread Status:
Not open for further replies.
  1. ZR

    ZR Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    9
    Hello,

    I was wondering if spyware programmers will eventually be able to make spyware that can automatically bypass the killbit or restore it somehow thus rendering SpywareBlaster & similar utilities impotent. I dread the day when that happens but I'll bet that someone, somewhere is working on it.

    Also,

    Does adding the SpywareBlaster database increase the SIZE of the registry? Does it actually add each item listed? or does it wait until an installation is attempted to set the killbit in the resistry.

    Sorry for the multi-faceted question-I still have much to learn about this stuff.

    Any ideas or assurances?

    Regards,

    ZR
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Like so many things the answer to this is Yes and No. Since a program (SpywareBlaster) sets the kill-bits in the registry, another program could remove them. So, a spyware program could certainly do that.

    However, that spyware program must first be run in order to remove the protections. If that program itself is an ActiveX control, that would run like any other spyware ActiveX control from a website using the ActiveX permissions set in IE, then SpywareBlaster could just as easily prevent it from running by simply adding its kill-bit to the registry.

    If the spyware program can't run, it can't remove SpywareBlaster's protections. Of course there are many other techniques for attacking systems and weakening protections, and many of these move from the realm of spyware into things like Trojans. But again, if such programs appear out in the wild then products like anti-virus and anti-trojan would target them and block them.

    The way ActiveX is linked into the Windows OS, the kill-bit capability will always be able to stop specific controls without a problem.

    All the kill-bits are added to the registry when you tell SpywareBlaster to protect the checked items, so yes it does technically increase the size of the registry. However, the size is not what I would call significant. Given how compact these keys would be once added to the registry, the size change isn't worth mentioning.
     
  3. ZR

    ZR Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    9
    LWM,

    Adding 864+ keys just sounded like a lot.


    Thanks for the clarifications!

    ZR
     
Thread Status:
Not open for further replies.