From: "Vanguard" <no-email@post-reply-in-newsgroup.nix>
Subject: Re: Spybot Immunization
Date: Thursday, 9 October 2003 4:36 AM

Spybot's Immunize works like SpywareBlaster. Registry entries get added
which act as kill bits to known spyware ActiveX controls. Because of
these registry entries, any AX control that uses that class ID will not
be allowed to run. That does NOT prevent them from existing in your
system or from them getting installed. It only prevents them from
running. Immunization doesn'te prevent you from getting infected. It
just prevents the effects of that infection. It is passive protection.
So they may pollute your system but are not runnable. That doesn't mean
you have the disease. Immunization prevents the problem later so you
don't have to keep running a spyware scanner every day. You getting
immunized doesn't eliminate the other people that are infected in the
same room with you. It just eliminates you getting the infection. You
getting immunized after getting infected is too late and doesn't do any
good, but spyware immunization will abate the effects of a current
infection (by not allowing that AX control to load but may not prevent
it from running if it was already running when it then got immunized).
Immunization is a passive trap: when the infection arrives, it doesn't
get stopped from arriving but it stops it from effecting its nasty
payload. When you get immunized, it is when you are healthy and to
prevent you from getting sick later. You get occasional updates and
rerun the Immunize just like when you get booster shots; immunization
wears off over time (because of new or variant spyware).

Spybot has a BHO (browser helper object) under Immunize that you can
install in IE to help prevent the download of this crap but I don't know
if the BHO's detection is against the spyware signatures or against the
class IDs for bad AX controls, so I also have SpywareGuard running.
Although Spybot's Immunize recommends getting SpywareBlaster, so far
SpyBot's Immunize has a longer list of class IDs with which to provide
immunization; on my last check, SpyBot's Immunize had 9 more AX controls
than SpywareBlaster's. However, SpywareBlaster also includes blocking
of cookies from known spyware domains; it adds those domains to the
Always Block blacklist in IE for cookies. So I use both Spybot Immunize
and SpywareBlaster.

If you run SpyBot's or Ad-Aware's spyware scan and find nothing or
delete any that get found, that has no effect on how Immunize works.
You are adding registry entries to kill any bad AX controls that might
appear later. Note that the message is "All known bad products are
blocked". They weren't detected. They were BLOCKED. When you define a
firewall rule to block something, that doesn't mean that something has
to current exists. Unless you are under attack at the time you define
the firewall rule, the rule is to prevent that attack later *if* it
occurs.

--

__________________________________________________
Post replies to newsgroup. E-mail not accepted.
__________________________________________________

"George Weischadle" <gweischadle@earthlink.net> wrote in message
news:UqGgb.1596$av5.517@newsread3.news.pas.earthli nk.net...
> I run Spybot daily and it almost always finds problems, which I then
tell it
> to delete and it does. But then I click "immunize" and Spybot reports
that
> all known problems have been protected against already. If that's
true, why
> did Spybot allow them to get through and to show up when I ran the
scan?
>
> George
>
>
>