Fail Safe Anti-Spyware Built In To Spybot 1.5 ~ Ask The Admin

Thursday, September 20, 2007

Fail Safe Anti-Spyware Built In To Spybot 1.5

I'll keep this quick, but my professor in school for my security class (who happens to be the same professor for my Capstone class) pointed out something interesting with the new version of Spybot Search and destroy (Version 1.5).

After you download and install all of the updates, and run immunize, check your hosts file. If you don't know where that is, in Windows it is located in C:\windows\system32\drivers\etc. You can open it with notepad or your favorite text editor.

You will notice the Spybot inserts a whole myriad of entries to your hosts file that point to 127.0.0.1. For those that don't know 127.0.0.1 is your loopback address, of the the layman, it is your own computer. That means that if you try to go to one of these bad sites, your computer will first check your hosts file for name to address resolution, see that the address is 127.0.0.1 and you will get a nice "Page cannot be displayed" box, which means, since you cannot go to the blocked page, you cannot get any viruses, trojans, rootkits etc from those sites!

What a simple and ingenious way of doing things! Good work Spybot!

Originally Posted on Bauer-Power By El Di Pablo

Posted by Paul B at 2:48 PM  

Comments (2)

Loading... Logging you in...
Dashboard | Edit profile | Logout
  • Logged in as
0 Vote up Vote down
's avatar

· 915 weeks ago

The Hosts file works very well with some slight modifications to your system.

@Arthur you are right and wrong - In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected. BUT THERE IS A FIX!

To resolve this issue (manually) open the "Services Editor"

* Start | Run (type) "services.msc" (no quotes)
* Scroll down to "DNS Client", Right-click and select: Properties
* Click the drop-down arrow for "Startup type"
* Select: Manual, or Disabled (recommended) click Apply/Ok and restart. [more info]

When set to Manual you can see that the above "Service" is not needed (after a little browsing) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column. There are several Utilities that can reset the DNS Client for your machine.
0 Vote up Vote down
's avatar

· 915 weeks ago

dont call me wishy washy but I agree and disagree sloth. MIND YOU I DONT RUN SPY BOT. but due to business rules we need to run MS products and the machine that leave with my reps are loaded up with spybot or a similar tool. SP isnt protecting you against yourself - think about it like being proactive for your stupid err umm end users...

i would never give up my resources for something other than av... but if this app can save me troubling times of reformating, reimaging these lappies i am all for it. they dont use the majority of their resources anywayz...

Post a new comment

Comments by

Subscribe to: Post Comments (Atom)