Spybot S&D configuration

Discussion in 'other anti-malware software' started by Antarctica, Jul 17, 2003.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    When I click on the icon "immunize", there is a section in the bottom
    "Recommended miscallaneous protection".

    I put a check mark in the box "Lock Hosts file read-only as protection against hijackers". Now every time I close Spybot S&D and re-open it, the check mark is gone!

    Any idea?

    Thanks
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi Antarctica.

    I have SpyBot but I don't use the tools listed under Immunize.
    Have you tried the Spybot forum?

    I'll put a link below.


    http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    The tester,

    Thank you for the link . :)
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hey Antarctica,

    I'm glad the link helped you.

    There is a link to the Spybot forum by following this path in the Spybot console also:
    info&license>credits. ;)
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I'm wondering if you have any other tools that act upon or scan the Hosts file? For example, running HijackThis appears to clear the Read-only flag on the Hosts file. I'm sure there must be other tools that do this, as well.

    This protection from this option in Spybot S&D's Immunize screen is provided simply from setting the read-only file attribute, which is really just a flag on the file's directory entry. Spybot doesn't attempt to maintain this setting with any active guard feature, so if something comes along after (even immediately after Spybot has set this flag) and overrides this setting, the protection is gone until you reset it.

    Ideally, you'd want to find out what else is running on your system that is accessing and resetting the file attributes on the Hosts file. It would just be good to know.

    Just as an aside, effectively what Spybot is doing is equivalent to this DOS command when to check that box on the Immunize screen:

    attrib +r C:\WINNT\system32\drivers\etc\Hosts
     
  6. FanJ

    FanJ Guest

    Oops.....

    My HOSTS file is also not set as read-only.....
    Thanks !!!

    I consider my HOSTS file as too important, that's why I have added it to my three "file-integrity-checkers":
    1- in TDS-3 crcfiles.txt
    2- NISFileCheck
    3- ADinf32 Pro

    In this way I will be at least get an alert in case it is changed.

    You could also add it too your FileChecker from JavaCool.

    My personal opinion: use any kind of "file-integrity-checker" and add your HOSTS file to its database, so you will be notified in case it might have been changed (that could be the case if you yourself changed it, but it could also be the case if some "nasty" did that....).

    On my Windows 98 SE system it is here:
    C:\WINDOWS\HOSTS
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Lots of legitimate programs change your hosts file.
    I tried with AdAware, but that returned the read only attribute after changing the offending entry.

    Regards,

    Pieter
     

    Attached Files:

  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thanks to all of you for your suggestions.

    I will make some tests when I have time to find out which program or application is changing my host file. :)
     
  9. Drifter

    Drifter Registered Member

    Joined:
    Jul 21, 2003
    Posts:
    1
    Location:
    Australia
    Try going into 'settings' then under 'main settings' check the box next to 'save all settings'.
    I just tried it with mine & the box you mentioned remained checked. :)
     
  10. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thanks Drifter,
    I had tried that before "save all settings" and it didn't do the trick.

    But I found the culprit, thanks to LouWaterMark :) It is HijackThis that is clearing the Read-only flag on the Hosts file.
     
Thread Status:
Not open for further replies.