J
James Skemp
Hello 
I'm not sure where to post this, so I'll do so here, in
general. If I should be posting this elsewhere, please
let me know. As an aside, placing this kind of
information either on the site or within the program is
highly suggested.
I ran AntiSpyware Beta 1 after downloading it today, and
found a couple of threats. Looking through
them, 'SearchSquire (Adware)' was found, with an elevated
threat level.
Looking at where this was located, and questioning how my
other anti-spyware programs could have missed this, I
found that the item was found in two registry key values,
both contained at:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Internet Settings\ZoneMap\Domains\searchsquire.com
Looking at this listing, I realized that these are all
sites (every key in 'Domains\') that I have restricted
access to.
My concern is that someone fairly intelligent will setup
a listing of restricted sites on someone's computer, via a
reg dump, or manually entering sites via IE's Internet
Options > Security, and a person with a little less
background will use Microsoft's tool to clear these
security items out.
Point taken that sites listed in the Trusted Sites zone
will also show up here. However, the value of the key
will be different (Name: * = 2 for Trusted, 4 for
Restricted), and it is therefore possible to verify that
the site is where it should be - in the case of
SearchSquire, Restricted Sites (* = 4).
Lavasoft's Adaware comes to mind as a program that is
able to tell the difference, so I would expect any other
program that wishes to be on par to be able to do the
same
Otherwise, current testing has shown AntiSpyware Beta 1
to be a step in the right direction by Microsoft...
Thanks,
I'm not sure where to post this, so I'll do so here, in
general. If I should be posting this elsewhere, please
let me know. As an aside, placing this kind of
information either on the site or within the program is
highly suggested.
I ran AntiSpyware Beta 1 after downloading it today, and
found a couple of threats. Looking through
them, 'SearchSquire (Adware)' was found, with an elevated
threat level.
Looking at where this was located, and questioning how my
other anti-spyware programs could have missed this, I
found that the item was found in two registry key values,
both contained at:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Internet Settings\ZoneMap\Domains\searchsquire.com
Looking at this listing, I realized that these are all
sites (every key in 'Domains\') that I have restricted
access to.
My concern is that someone fairly intelligent will setup
a listing of restricted sites on someone's computer, via a
reg dump, or manually entering sites via IE's Internet
Options > Security, and a person with a little less
background will use Microsoft's tool to clear these
security items out.
Point taken that sites listed in the Trusted Sites zone
will also show up here. However, the value of the key
will be different (Name: * = 2 for Trusted, 4 for
Restricted), and it is therefore possible to verify that
the site is where it should be - in the case of
SearchSquire, Restricted Sites (* = 4).
Lavasoft's Adaware comes to mind as a program that is
able to tell the difference, so I would expect any other
program that wishes to be on par to be able to do the
same
Otherwise, current testing has shown AntiSpyware Beta 1
to be a step in the right direction by Microsoft...
Thanks,