Problem with Trusted Sites

[Trish]

Thanks for your input, MTO. Actually, I had run Spybot which didn't detect
a problem (unless it was Download Accelerator which I protected). Someone on
grc.security newsgroup suggested I delete the site from the
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
Settings Domains subdirectory. I couldn't see for sure that that was the
problem, but with the new knowlege that trusted sites were in the registry,
I added google.com to trusted sites so I could identify them for sure and
then looked through all the registry Internet Settings directory. I found
google.com in Domains (along with something like "free AOL" and 0.0.0.0. I
deleted all and, at least the symptom of the problem has disappeared. I now
have all IE zones set to maximum security and use it only for Windows
Crutical Updates (windowsupdate.microsoft.com) is trusted. I lower trusted
security only for those updates.

I hope that seems sound?

Thanks again.

Trish.

"mto" <nobody@dontsendmeanyspam.thanks> wrote in message
news:VVqdnal4tZW_n8OiU-KYvQ@seg.net...
>
> "Trish" <trish.conway@netzero.net> wrote in message
> news:bjkq8p$k6s85$1@ID-71925.news.uni-berlin.de...
> > Good advice. But that means maximum security (all but shut down) 'til I
> > found the problem; and since before my security was as tight as I could
> > comfortably stand it (including a firewall), I'm hoping the
vulnerability
> is
> > IE itself, and I'm changing over to Opera.
> >
> > Thanks for your input.
> >
> > Trish
>
> Switching to Opera will not remove the already existing problem, just
> camouflage it.
>
> You aren't talking extended downtime here I don't think. My bet is that
> either AdAware or Spybot will find it straight off. Those two are 10
minute
> or less downloads even on a dial up and a couple minutes top to update.
> Full scan of my 40Gig machine takes well under 1/2 hour.
>
>
>
>
> > "mto" <nobody@dontsendmeanyspam.thanks> wrote in message
> > news:T9OdnfbtYPlDVMCiXTWJjA@seg.net...
> > >
> > > "Trish" <trish.conway@netzero.net> wrote in message
> > > news:bjjfuq$jkgm2$1@ID-71925.news.uni-berlin.de...
> > > > Thanks a lot for your input. Finally from a clue in another usenet
> > > > conference about registry settings for Internet settings (see
below),
> I
> > > > found my trusted sites in the
> > > > HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
> > > > Settings Domains subdirectory. I deleted them and, near as I can
> tell,
> > my
> > > > problem is gone. Thanks again.
> > > >
> > > > Trish
> > > > "reader" <reader@yghtjjdsb.com> wrote in message
> > > > news:bjj4pl$3vu$1@news.grc.com...
> > > > > Trish wrote...
> > > > >
> > > > . . . .
> > > > > IP addresses can be found in the numbered range entries located
at:
> > > > >
> > > > >
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
> > > > Settings\ZoneMap\Ranges
> > >
> > > My issue with this solution, however, would be exactly what caused a
> > change
> > > in your registry settings in the first place? Thus my recommendations
> to
> > > find the problem before you cured it.
> > >
> > >
> > > > "mto" <nobody@dontsendmeanyspam.thanks> wrote in message
> > > > news:9uWdndLP4NMs68GiXTWJhA@seg.net...
> > > > >
> > > > > Trusted sites should be under your complete control at all times -
> > even
> > > in
> > > > > IE
> > > > >
> > > > > Download the free version of AdAware http://www.lavasoft.de and
> Spybot
> > > > > Search and Destroy http://www.safer-networking.org/. (also free)
> > Update
> > > > > both of them immediately and then scan your system. BTW, set
> AdAware
> > to
> > > > > ignore the Spybots folder. Update your antivirus program and do a
> > total
> > > > > scan with that. Haul off to Microsoft update and get all the
fixes.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

[mto]

"Trish" <trish.conway@netzero.net> wrote in message
news:bjl69l$kr7sm$1@ID-71925.news.uni-berlin.de...
> Thanks for your input, MTO. Actually, I had run Spybot which didn't
detect
> a problem (unless it was Download Accelerator which I protected). Someone
on
> grc.security newsgroup suggested I delete the site from the
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
> Settings Domains subdirectory. I couldn't see for sure that that was the
> problem, but with the new knowlege that trusted sites were in the
registry,
> I added google.com to trusted sites so I could identify them for sure and
> then looked through all the registry Internet Settings directory. I found
> google.com in Domains (along with something like "free AOL" and 0.0.0.0. I
> deleted all and, at least the symptom of the problem has disappeared. I
now
> have all IE zones set to maximum security and use it only for Windows
> Crutical Updates (windowsupdate.microsoft.com) is trusted. I lower
trusted
> security only for those updates.
>
> I hope that seems sound?
>
> Thanks again.
>
> Trish.

Sounds reasonable to me. Though I take the added precaution of emptying
Trusted Sites except when I want to use Windows Update, at which time I
stick it in there just long enough to update.

I do warn you though, from everything that I have read Download Accelerator
is spyware. I trialed GetRight a while back and after uninstalling the
thing found that I couldn't download anything so hunted around for something
that wasn't known spyware and also happened to do the job (many don't).
Finally settled on Star Downloader - not spyware, does work, award winner to
boot.


> "mto" <nobody@dontsendmeanyspam.thanks> wrote in message
> news:VVqdnal4tZW_n8OiU-KYvQ@seg.net...
> >
> > "Trish" <trish.conway@netzero.net> wrote in message
> > news:bjkq8p$k6s85$1@ID-71925.news.uni-berlin.de...
> > > Good advice. But that means maximum security (all but shut down) 'til
I
> > > found the problem; and since before my security was as tight as I
could
> > > comfortably stand it (including a firewall), I'm hoping the
> vulnerability
> > is
> > > IE itself, and I'm changing over to Opera.
> > >
> > > Thanks for your input.
> > >
> > > Trish
> >
> > Switching to Opera will not remove the already existing problem, just
> > camouflage it.
> >
> > You aren't talking extended downtime here I don't think. My bet is that
> > either AdAware or Spybot will find it straight off. Those two are 10
> minute
> > or less downloads even on a dial up and a couple minutes top to update.
> > Full scan of my 40Gig machine takes well under 1/2 hour.
> >
> >
> >
> >
> > > "mto" <nobody@dontsendmeanyspam.thanks> wrote in message
> > > news:T9OdnfbtYPlDVMCiXTWJjA@seg.net...
> > > >
> > > > "Trish" <trish.conway@netzero.net> wrote in message
> > > > news:bjjfuq$jkgm2$1@ID-71925.news.uni-berlin.de...
> > > > > Thanks a lot for your input. Finally from a clue in another
usenet
> > > > > conference about registry settings for Internet settings (see
> below),
> > I
> > > > > found my trusted sites in the
> > > > >
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
> > > > > Settings Domains subdirectory. I deleted them and, near as I can
> > tell,
> > > my
> > > > > problem is gone. Thanks again.
> > > > >
> > > > > Trish
> > > > > "reader" <reader@yghtjjdsb.com> wrote in message
> > > > > news:bjj4pl$3vu$1@news.grc.com...
> > > > > > Trish wrote...
> > > > > >
> > > > > . . . .
> > > > > > IP addresses can be found in the numbered range entries located
> at:
> > > > > >
> > > > > >
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
> > > > > Settings\ZoneMap\Ranges
> > > >
> > > > My issue with this solution, however, would be exactly what caused a
> > > change
> > > > in your registry settings in the first place? Thus my
recommendations
> > to
> > > > find the problem before you cured it.
> > > >
> > > >
> > > > > "mto" <nobody@dontsendmeanyspam.thanks> wrote in message
> > > > > news:9uWdndLP4NMs68GiXTWJhA@seg.net...
> > > > > >
> > > > > > Trusted sites should be under your complete control at all
times -
> > > even
> > > > in
> > > > > > IE
> > > > > >
> > > > > > Download the free version of AdAware http://www.lavasoft.de and
> > Spybot
> > > > > > Search and Destroy http://www.safer-networking.org/. (also free)
> > > Update
> > > > > > both of them immediately and then scan your system. BTW, set
> > AdAware
> > > to
> > > > > > ignore the Spybots folder. Update your antivirus program and do
a
> > > total
> > > > > > scan with that. Haul off to Microsoft update and get all the
> fixes.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

[Trish]

Believe me, MTO, my trusted sites has only one thing in it (and I guess my
lowering the security standard for the purpose of the update and then
restoring it to High is the equivalent of leaving the Windows Update in my
trusted list only as long as the update takes - 'cept I save my self
reentering the site)! And thanks for the recommendation on Star Downloader,
I'll give it a try this now!

Thanks a million.

Trish
"mto" <nobody@dontsendmeanyspam.thanks> wrote in message
news:k7KdnQ4VhYh6uMOiU-KYgw@seg.net...
>
> "Trish" <trish.conway@netzero.net> wrote in message
> news:bjl69l$kr7sm$1@ID-71925.news.uni-berlin.de...
> > Thanks for your input, MTO. Actually, I had run Spybot which didn't
> detect
> > a problem (unless it was Download Accelerator which I protected).
Someone
> on
> > grc.security newsgroup suggested I delete the site from the
> > HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
> > Settings Domains subdirectory. I couldn't see for sure that that was
the
> > problem, but with the new knowlege that trusted sites were in the
> registry,
> > I added google.com to trusted sites so I could identify them for sure
and
> > then looked through all the registry Internet Settings directory. I
found
> > google.com in Domains (along with something like "free AOL" and 0.0.0.0.
I
> > deleted all and, at least the symptom of the problem has disappeared. I
> now
> > have all IE zones set to maximum security and use it only for Windows
> > Crutical Updates (windowsupdate.microsoft.com) is trusted. I lower
> trusted
> > security only for those updates.
> >
> > I hope that seems sound?
> >
> > Thanks again.
> >
> > Trish.
>
> Sounds reasonable to me. Though I take the added precaution of emptying
> Trusted Sites except when I want to use Windows Update, at which time I
> stick it in there just long enough to update.
>
> I do warn you though, from everything that I have read Download
Accelerator
> is spyware. I trialed GetRight a while back and after uninstalling the
> thing found that I couldn't download anything so hunted around for
something
> that wasn't known spyware and also happened to do the job (many don't).
> Finally settled on Star Downloader - not spyware, does work, award winner
to
> boot.
>
>

[Jay T. Blocksom]

On Tue, 9 Sep 2003 11:31:16 -0700, in <alt.privacy.spyware>, "Trish"
<trish.conway@netzero.net> wrote:
>
[snip]

> I deleted all and, at least the symptom of the problem has disappeared.
[snip]

Exactly. You've treated the symptom, not the disease.

> I now
> have all IE zones set to maximum security and use it only for Windows
> Crutical Updates (windowsupdate.microsoft.com) is trusted. I lower
> trusted security only for those updates.
>
> I hope that seems sound?
>
[snip]

Sorry, but no. To be free of the multitude of hazards MSIE both represents
and enables, you MUST remove it from your system entirely. This free tool:

<http://www.litepc.com/ieradicator.html

will make that task child's play. (Note that to use this with Win2K-SR2 or
later or WinXP will require that you first disable WFP. This is *not*
"child's play"; but it's not terribly difficult either. See
<http://www.jsifaq.com/SUBK/tip5300/rh5392.htm>.)

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Trish]

Thanks, Jay. But, as I mentioned, I think MS's made getting Windows
Critical Updates too difficult without IE.

Trish

"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:jbl0mvgdqqmnbombjffst320l6t8al95sm@news.rcn.c om...
> On Tue, 9 Sep 2003 11:31:16 -0700, in <alt.privacy.spyware>, "Trish"
> <trish.conway@netzero.net> wrote:
> >
> [snip]
>
> > I deleted all and, at least the symptom of the problem has disappeared.
> [snip]
>
> Exactly. You've treated the symptom, not the disease.
>
> > I now
> > have all IE zones set to maximum security and use it only for Windows
> > Crutical Updates (windowsupdate.microsoft.com) is trusted. I lower
> > trusted security only for those updates.
> >
> > I hope that seems sound?
> >
> [snip]
>
> Sorry, but no. To be free of the multitude of hazards MSIE both
represents
> and enables, you MUST remove it from your system entirely. This free
tool:
>
> <http://www.litepc.com/ieradicator.html
.. . . .

[Jay T. Blocksom]

On Fri, 12 Sep 2003 17:14:27 -0700, in <alt.privacy.spyware>, "Trish"
<trish.conway@netzero.net> wrote:
>
> Thanks, Jay. But, as I mentioned, I think MS's made getting Windows
> Critical Updates too difficult without IE.
>
[snip]

I tend to disagree, but that's beside the point really -- such a judgement
call is, after all, yours to make. But having made it, then the *only*
logical conclusion is that Windows itself is not a viable platform for your
computing purposes, since it is a foregone conclusion that MSIE is
unacceptably hazardous.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -