J
Jay Libove
I have both Ad-Aware and SpyBot Search & Destroy
installed on a system where I tested Microsoft
AntiSpyware Beta 1. I got a false positive on the
registry entry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com. This entry
exists, because it is part of a past 'innoculation'
performed by a previous anti-spyware program, which
places this site (And hundreds of others) in Zone 4 -
Restricted Sites.
It is necessary for the product to look deeper than the
simple presence of a ZoneMap\Domains\sitename entry, and
to see what is inside it. If a user follows the
AntiSpyware product's suggestion to "fix" this "threat",
then in fact the user becomes *more* at risk because that
site moves from the Restricted zone to the Internet zone.
-Jay Libove, CISSP
installed on a system where I tested Microsoft
AntiSpyware Beta 1. I got a false positive on the
registry entry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com. This entry
exists, because it is part of a past 'innoculation'
performed by a previous anti-spyware program, which
places this site (And hundreds of others) in Zone 4 -
Restricted Sites.
It is necessary for the product to look deeper than the
simple presence of a ZoneMap\Domains\sitename entry, and
to see what is inside it. If a user follows the
AntiSpyware product's suggestion to "fix" this "threat",
then in fact the user becomes *more* at risk because that
site moves from the Restricted zone to the Internet zone.
-Jay Libove, CISSP