Scumware knocks out 2 anti-spyware sites.

BoB · Sep 23, 2003

From the Langa newsletter:

According to the evidence, two of the most important
Web sites in the battle against scumware have been
pressured (for the moment) into taking down
information on the insidious parasite **IEPlugin.**
One of these sites is http://security.kolla.de , the
people who bring you Spybot Search & Destroy. Their
http://security.kolla.de/kbase.php?lang=en&sbi=spybot
s&kbase=ieplugin page on IEPlugin has, for the
present, disappeared altogether. The other site is
Andrew Clover's http://doxdesk.com/ . On his
http://www.doxdesk.com/parasite/IEPlugin.html page on
IEPlugin he now has only the short message, "IEPlugin
is a parasite I can't tell you about, until I can get
back to Germany and work out a legal response to its
manufacturers. Sorry about that."

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin

BoB
For the duration, my address is fake.

SINNER · Sep 23, 2003

* BoB Wrote in alt.comp.freeware, on Tue, 23 Sep 2003 07:16:28 -0400:

From the Langa newsletter:
[...]

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin

Click to expand...

BoB
For the duration, my address is fake.

Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.

YoKenny · Sep 23, 2003

BoB said:
From the Langa newsletter:

According to the evidence, two of the most important
Web sites in the battle against scumware have been
pressured (for the moment) into taking down
information on the insidious parasite **IEPlugin.**
One of these sites is http://security.kolla.de , the
people who bring you Spybot Search & Destroy. Their
http://security.kolla.de/kbase.php?lang=en&sbi=spybot
s&kbase=ieplugin page on IEPlugin has, for the
present, disappeared altogether. The other site is
Andrew Clover's http://doxdesk.com/ . On his
http://www.doxdesk.com/parasite/IEPlugin.html page on
IEPlugin he now has only the short message, "IEPlugin
is a parasite I can't tell you about, until I can get
back to Germany and work out a legal response to its
manufacturers. Sorry about that."

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin

BoB
For the duration, my address is fake.

Get a good HOSTS file to stop this nasty site:
Blocking Unwanted Ads with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Blinky the Shark · Sep 23, 2003

SINNER said:
* BoB Wrote in alt.comp.freeware, on Tue, 23 Sep 2003 07:16:28 -0400:

From the Langa newsletter:

Click to expand...

[...]

Click to expand...

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin
BoB
For the duration, my address is fake.

Click to expand...

Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.

They're dropping like flies -- I just read somewhere that TomCat went
away, as well.

russ · Sep 23, 2003

try here for Spybot-S&D
http://www.safer-networking.org/

Pat · Sep 23, 2003

Get a good HOSTS file to stop this nasty site:
Blocking Unwanted Ads with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

oOo, thanks for the URL

--
Pat
"Within you I lose myself
Without you I find myself
Wanting to be lost again."
-Unknown
*remove the XX's to email me

Sweet Andy Licious · Sep 24, 2003

russ said:
try here for Spybot-S&D
http://www.safer-networking.org/

Thanks

General Mailbox · Sep 24, 2003

Greetings!
YoKenny, you mentioned about using a Host file. It made interesting
reading. I am wondering a few things about it though.
1) Does it do the same thing as other ad blockers like AdSubtract?
2) Does it do a better job at ad blocking?
3) Who maintains the list of sites to block?

I have found that in my WinME Windows folder, one hosts file and 22
hosts.xxx (x's from 001 to 022) and one hosts.20030721-232451.backup file.
Are all of these ok to delete so the host file downloaded from below site
can take their place? Strangely enough, checking a few of these hosts files
show the same thing in it. Why the redundancy?

# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
127.0.0.1 ie3.proxy.aol.com # Added by AdSubtract for AOL support.

I ask because the below site did not have instructions that I saw about what
to do with all the other hosts files, and before I delete original files in
the Windows folder, I wanted to know what to do.
Thank you in advance for your reply.
B.rgds,
Kevin

BoB said:
From the Langa newsletter:

According to the evidence, two of the most important
Web sites in the battle against scumware have been
pressured (for the moment) into taking down
information on the insidious parasite **IEPlugin.**
One of these sites is http://security.kolla.de , the
people who bring you Spybot Search & Destroy. Their
http://security.kolla.de/kbase.php?lang=en&sbi=spybot
s&kbase=ieplugin page on IEPlugin has, for the
present, disappeared altogether. The other site is
Andrew Clover's http://doxdesk.com/ . On his
http://www.doxdesk.com/parasite/IEPlugin.html page on
IEPlugin he now has only the short message, "IEPlugin
is a parasite I can't tell you about, until I can get
back to Germany and work out a legal response to its
manufacturers. Sorry about that."

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin

BoB
For the duration, my address is fake.

Get a good HOSTS file to stop this nasty site:
Blocking Unwanted Ads with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

BoB · Sep 24, 2003

* BoB Wrote in alt.comp.freeware, on Tue, 23 Sep 2003 07:16:28 -0400:

From the Langa newsletter:
[...]

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin

Click to expand...

BoB
For the duration, my address is fake.

Click to expand...

Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.

Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.

BoB
For the duration, my address is fake.

SINNER · Sep 24, 2003

* BoB Wrote in alt.comp.freeware, on Wed, 24 Sep 2003 14:14:12 -0400:

On Tue, 23 Sep 2003 12:40:06 GMT, SINNER

* BoB Wrote in alt.comp.freeware, on Tue, 23 Sep 2003 07:16:28 -0400:

From the Langa newsletter:

Click to expand...

[...]

http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin
BoB
For the duration, my address is fake.

Click to expand...

Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.

Click to expand...

Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.

What if you drop the trailing 'G'? Wentfishin, gonefishin etc, so you
look like a redneck, who else fishes anyway

Terry Orchard · Sep 24, 2003

BoB said:
Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.

Even if they were not valid, they might be valid sometime later when
somebody reads a post and tries to email you. The .invalid top level
domain is intended specifically for this purpose.

Terry

Blinky the Shark · Sep 25, 2003

SINNER said:
* BoB Wrote in alt.comp.freeware, on Wed, 24 Sep 2003 14:14:12 -0400:

On Tue, 23 Sep 2003 12:40:06 GMT, SINNER

* BoB Wrote in alt.comp.freeware, on Tue, 23 Sep 2003 07:16:28 -0400:
From the Langa newsletter:
[...]
http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin
BoB
For the duration, my address is fake.
Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.

Click to expand...

Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.

Click to expand...

What if you drop the trailing 'G'? Wentfishin, gonefishin etc, so you
look like a redneck, who else fishes anyway

What happens when someone buys *that* domain. Why play the game? Why
not just do it right?

Alan · Sep 25, 2003

General said:
Greetings!
YoKenny, you mentioned about using a Host file. It made interesting
reading. I am wondering a few things about it though.
1) Does it do the same thing as other ad blockers like AdSubtract?

It was not put there with ad blocking in mind, but *can* be used to try
to effect the same sort of result.

2) Does it do a better job at ad blocking?

I'd have to say not, for a couple of reasons. It was never designed as
blocker, so doesn't "run" all the time like an ad blocker does. It has
to be reloaded from disk every time you click a link. So in principle
it's a terribly inefficient way doing it. Also, it doesn't support
wildcards or pattern matching or "smart" searching like some of the
dedicated ad blockers do.

3) Who maintains the list of sites to block?

Numerous sources, but they end up being pretty much the same lists.
Keeping such a list current is probably the biggest challenge.

I have found that in my WinME Windows folder, one hosts file and 22
hosts.xxx (x's from 001 to 022) and one hosts.20030721-232451.backup
file. Are all of these ok to delete so the host file downloaded from
below site can take their place? Strangely enough, checking a few of
these hosts files show the same thing in it. Why the redundancy?

They are probably updates of the same hosts source, that haven't been
deleted. Point is that Windows can only use one hosts file - the one
named "hosts", without any extension at all. So all the ones you
mentioned will never get used by Windows. BUT, this is not to say that
they don't belong to some 3rd party software.

# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
127.0.0.1 ie3.proxy.aol.com # Added by AdSubtract for AOL support.

I ask because the below site did not have instructions that I saw
about what to do with all the other hosts files, and before I delete
original files in the Windows folder, I wanted to know what to do.
Thank you in advance for your reply.

My own advice would be to go with a good proxy and firewall (free

)
that can do the job of hosts, do it much more efficiently, and provide
many additional valuable services as well. As to deleting them, maybe
you could try to move them to a temp folder for a while and see if any
of the 3rd party stuff you run is affected.

SINNER · Sep 25, 2003

* Blinky the Shark Wrote in alt.comp.freeware, on 24 Sep 2003 23:20:36 GMT:

SINNER said:
SINNER said:

* BoB Wrote in alt.comp.freeware, on Wed, 24 Sep 2003 14:14:12 -0400:

16:28 -0400:
From the Langa newsletter:
[...]
http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin
BoB
For the duration, my address is fake.
Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.
Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.

Click to expand...

What if you drop the trailing 'G'? Wentfishin, gonefishin etc, so you
look like a redneck, who else fishes anyway

Click to expand...

What happens when someone buys *that* domain. Why play the game? Why
not just do it right?

True, I was going to make other suggestions...

Baby steps...

--
David | AGM Favorite Games - http://tinyurl.com/loec
You'll always be,
What you always were,
Which has nothing to do with,
All to do, with her.
-- Company

Blinky the Shark · Sep 25, 2003

SINNER said:
* Blinky the Shark Wrote in alt.comp.freeware, on 24 Sep 2003 23:20:36 GMT:

SINNER said:

* BoB Wrote in alt.comp.freeware, on Wed, 24 Sep 2003 14:14:12 -0400:
16:28 -0400:
From the Langa newsletter:
[...]
http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin
BoB
For the duration, my address is fake.
Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.
Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.
What if you drop the trailing 'G'? Wentfishin, gonefishin etc, so you
look like a redneck, who else fishes anyway

Click to expand...

What happens when someone buys *that* domain. Why play the game? Why
not just do it right?

Click to expand...

True, I was going to make other suggestions...

Baby steps...

Carry on, Professor!

YoKenny · Sep 25, 2003

Alan said:
It was not put there with ad blocking in mind, but *can* be used to
try to effect the same sort of result.

I'd have to say not, for a couple of reasons. It was never designed as
blocker, so doesn't "run" all the time like an ad blocker does.

It does not "run" it just is.

It has to be reloaded from disk every time you click a link.
So in principle it's a terribly inefficient way doing it.

Once the browser is started then the file is cached and is very efficient.

Also, it doesn't support
wildcards or pattern matching or "smart" searching like some of the
dedicated ad blockers do.
True.

Numerous sources, but they end up being pretty much the same lists.

18930 entries here.
http://asp.flaaten.dk/proxo/forum.asp?FORUM_ID=20

They overlap but do address different sites.
I use HOSTESS to manage and merge the different HOSTS file sources.
http://accs-net.com/hostess/

Keeping such a list current is probably the biggest challenge.

Just like most software.

YoKenny · Sep 25, 2003

General said:
Greetings!
YoKenny, you mentioned about using a Host file. It made interesting
reading. I am wondering a few things about it though.
1) Does it do the same thing as other ad blockers like AdSubtract?

Basically but it is free.

2) Does it do a better job at ad blocking?

Never used AdSubtract so can't comment.

3) Who maintains the list of sites to block?

Mike Burgess maintains it.

hpguru maintains this one.
http://asp.flaaten.dk/proxo/forum.asp?FORUM_ID=20

Ray Marron's Hostess page helps you manage them
http://accs-net.com/hostess/

I have found that in my WinME Windows folder, one hosts file and 22
hosts.xxx (x's from 001 to 022) and one hosts.20030721-232451.backup
file. Are all of these ok to delete so the host file downloaded from
below site can take their place? Strangely enough, checking a few of
these hosts files show the same thing in it. Why the redundancy?

You can delete them as the only active one is the HOSTS file.
I don't use the SpyBot HOSTS file as it is not up to date.

# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
127.0.0.1 ie3.proxy.aol.com # Added by AdSubtract for AOL support.

I guess AdSubtract acts like a proxy and adds these items.

Alan · Sep 25, 2003

YoKenny said:
It does not "run" it just is.

If it just "is" then it just sits for eternity on the HD and never gets
to be used in any capacity at all. It gets loaded into memory (on call
in fact), which is what the "run" (in quotes, note) is meant to
indicate. In fact it gets reloaded from HD each & every time the user
clicks a link. This is why it's such an inefficient method compared with
a perpetually resident proxy or firewall carrying out the same function.
I thought I explained that in a previous thread.

Once the browser is started then the file is cached and is very
efficient.

Cached? By the browser? That doesn't make sense. The testing I was
involved with, and it was quite thorough and intensive, showed that
hosts was reread from disk with every access. There wasn't even an
attempt made to access a copy from memory (if that's the "cached" you're
referring to). Access was by forced disk read each & every time. I'm
quite willing to listen to arguments challenging this behaviour though,
provided they're supported by credible evidence... not just a perception
that something will always be accessed from memory if there happens to
be a copy there.

BoB · Sep 25, 2003

* BoB Wrote in alt.comp.freeware, on Wed, 24 Sep 2003 14:14:12 -0400:

On Tue, 23 Sep 2003 12:40:06 GMT, SINNER

* BoB Wrote in alt.comp.freeware, on Tue, 23 Sep 2003 07:16:28 -0400:
From the Langa newsletter:
[...]
http://www.mvps.org/inetexplorer/Darnit.htm#ieplugin
BoB
For the duration, my address is fake.
Gonefishing.com is a valid domain so I suggest changing your fake
address. Other then that, thanks for the news, dosent sound good.

Click to expand...

Click to expand...

Well, crap, I forgot to check that possibility, thanks.
So was wentfishing and nofishing and fishface and fishbait
and fishoutofwater. Gave up on 'fish'. Well, it's just
temporary so I'll use my 'closed' box.

Click to expand...

What if you drop the trailing 'G'? Wentfishin, gonefishin etc, so you
look like a redneck, who else fishes anyway

After living in East Tennessee for a few years now, I don't want
to give that impression. :-)

BoB
For the duration of Swen, my address is inoperative.

BoB · Sep 25, 2003

Even if they were not valid, they might be valid sometime later when
somebody reads a post and tries to email you. The .invalid top level
domain is intended specifically for this purpose.

Terry

Knowing 'that' is the preferred method, I tried that first. My
ISP won't process it and says it is not a valid address. No Shit.
Will have to talk to them. I received NO Swens last night for the
first time in a week. It may be dying out.

BoB
For the duration of Swen, my address is inoperative.

Scumware knocks out 2 anti-spyware sites.

BoB

SINNER

YoKenny

Blinky the Shark

russ

Pat

Sweet Andy Licious

General Mailbox

BoB

SINNER

Terry Orchard

Blinky the Shark

Alan

SINNER

Blinky the Shark

YoKenny

YoKenny

Alan

BoB

BoB