SpywareBlaster

Discussion in 'SpywareBlaster & Other Forum' started by Derek, Oct 9, 2003.

Thread Status:
Not open for further replies.
  1. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    I recently downloaded SpywareBlaster.

    When getting SpywareBlaster Updates my Kerio firewall came up with TCP (Out) Port 80, without which it was unable to update. That seemed reasonable so I agreed a rule to allow it.

    Kerio then reported SpywareBlaster.exe UDP (Out) involving real.com images to 127.0.0.1 (I use a hosts file - read only). I opted for a rule denying it and got the updates fine.

    Can anyone explain please why SpywareBlaster was apparently having comms with real.com? I assume SpywareBlaster doesn't do things it shouldn't....

    Derek
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Hmm, let's clarify this a bit. Your firewall asked about allowing SpywareBlaster to access the IP address "127.0.0.1" on some UDP port right? That is normal for the way SpywareBlaster works. 127.0.0.1 is not real.com, it's your local machine (also called 'localhost'). Loopback connections are often used in network-aware programs.

    Here is a thread that describes the settings SpywareBlaster would generally use in a software firewall:

    https://www.wilderssecurity.com/showthread.php?t=11165

    What makes you think real.com has something to do with this?

    Also, from your Hosts file, what's the first non-comment line in it?
     
  3. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    LowWaterMark

    Yep I understand about hosts and 127.0.0.1

    The reason I linked this with real.com is because this was contained in the Kerio warning that flashed up.

    I think you are onto something because my first non-comment entry in hosts is images.real.com

    Hope you can explain this, sorry if I'm a bit dozy.

    Derek
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Yes, the first entry in the Hosts file will be associated with any text references (host name) for the local machine name. The first line in a Hosts file is strongly recommended to be:

    127.0.0.1 localhost

    Also, the image below shows the standard access sequence of SpywareBlaster's updater (when no updates are available). FYI - This log should be read bottom to top to show true sequence of events.

    - Edit: Reduced image width!
     

    Attached Files:

  5. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    Thanks a lot, I get the idea now.

    I'll pop localhost in as first entry in hosts, which will also save a lot of confusion if I get any sort of reaction with SpywareBlaster or any other similar program.

    You've put my mind to rest :)

    Derek
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Glad to be of help. :cool:

    Best Wishes,
    LowWaterMark
     
Loading...
Thread Status:
Not open for further replies.