KillBits - How Do They Work

Discussion in 'SpywareBlaster & Other Forum' started by Jester2K, Dec 24, 2003.

Thread Status:
Not open for further replies.
  1. Jester2K

    Jester2K Registered Member

    Joined:
    Dec 24, 2003
    Posts:
    2
    I understand HOW SpywareBlaster works by inserting an entry into the registry to trick spyware into thinking its installed.

    But HOW does that work??

    Does every piece of Spyware have its own registry value that can be blocked?

    How many possible values are there?

    Who assigns these numbers and what if two bits of software use the same registry value.

    Or have i misunderstood??
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Here's what Microsoft says about this:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;240797&sd=tech

    "Kill-bits" are simply a part of the design of the ActiveX technology. The ability to stop or disable a control was built-in to the technology deliberately to disable controls when necessary.

    Every ActiveX control does, though not all spyware is based upon ActiveX, so this only works for this kind of spyware.

    The unique nature of these controls are based upon the CLSID. When you look at a CLSID, such as this one: {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} you see it is a long string of hex numbers. Changing any number makes it a different CLSID, so there is a massively large number of possible CLSIDs. (It might as well be infinite.)

    Actually, that I don't know. I'm sure there is a scheme used across the industry that allows all developers to obtain a unique number. Maybe someone here knows the specifics on how that works.

    Edit: Ah, here is how these are assigned and it includes more information of just how many of them there could be:

    http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnarwebmen/html/webmen070797.asp

    They shouldn't ever get or use the same CLSID, but if they did and you killed it, then any and all controls using that number would be killed.
     
  3. Jester2K

    Jester2K Registered Member

    Joined:
    Dec 24, 2003
    Posts:
    2
    Thank you VERY much. More information than I'd hoped for. Didn't realise that KillBits were there by design....

    Thanks again for the time and trouble.
     
Thread Status:
Not open for further replies.