SpywareBlaster... How does it work?

Discussion in 'SpywareBlaster & Other Forum' started by cmn, Apr 23, 2004.

Thread Status:
Not open for further replies.
  1. cmn

    cmn Guest

    I recently installed SpywareBlaster on my Windows XP Pro machine and was wondering if anyone could tell me details about how it works? If it works well, we might decide to deploy it to more of our clients.

    For example;

    If I have Internet Explorer third party browser extensions disabled, will SpywareBlaster still be able to run?

    How can I tell if SpywareBlaster is running properly? I couldn't seem to find a process for it running in the background.

    Thanks,
    -cmn
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. TheShooter

    TheShooter Registered Member

    Joined:
    Apr 20, 2004
    Posts:
    12
    SpywareBlaster does three things with Internet Explorer - it does them all by modifying the registry and it is _not_ an extension.

    1) It uses a 'kill bit' for specific ActiveX objects that prevents objects with a specific ClassID from being installed. I am not sure exactly why this kill bit works. I'm guessing it is either 'fools' IE into think it is already installed, or IE has a blacklisting/whitelisting function that they have no UI for. I'm not 100% sure, maybe someone who knows can clarify exactly how this works (of course I'll be digging deaper after I post this).

    EDIT: Looking at the registry, it looks like the killbit just tells internet explorer that the associated ActiveX object is incompatible with Internet Explorer. If IE thinks it is incompatible, then it does not allow it to be installed.

    2) It blacklists cookies - there is already a UI for this in IE (and Mozilla for that matter), it just adds a list of known bad cookies to Internet Explorer's cookie exception list. You can view/edit this list in Internet Options - Privacy Tab - Edit (under 'Web Sites').

    3) It adds sites to the restricted zone, which blocks all ActiveX objects, Scripts, Downloads, Java Applets, and has other settings for higher security. Like cookies, there is already a UI for this. You can view/edit this list in Internet Options - Security Tab - Restricted Sites - Sites.
     
    Last edited: Apr 24, 2004
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    To add to snowbound's link, here is Javacool's page for SpywareBlaster:
    http://www.javacoolsoftware.com/spywareblaster.html

    And if you click on the "Support" button in the top menu bar, you will find the Online Knowledgebase section, which can answer many questions.

    Hope that helps,

    Regards,

    snap
     
Loading...
Thread Status:
Not open for further replies.