[cypher_soundz]

I had a search but didin't find anything, so i loaded up regmon and imunized in spy bot , and got a big list , now i just need to convert it in to a .reg format and it should stop any bad products from the min of a fresh install. If this has been done before or there is an easier way that doesn't involve a HOST file please let me know, As it will save me >2000 lines of text
Regards
cyph

[EDIT]
well i found this post now: http://www.msfn.org/board/index.php?showto...022&hl=immunize
It's not really what i want though as i want a HOST file solution but for reg entrys, as the HOST file way slows browsing down.
[/EDIT]

[bucketbuster]

cypher_soundz, on Feb 2 2005, 10:39 AM, said:

If this has been done before or there is an easier way that doesn't involve a HOST file please let me know, As it will save me >2000 lines of text 

Use SpywareBlaster in combination with Regshot

[RogueSpear]

For quite some time now I have been combining the reg entries made by Spywareblaster and Spybot S&D into one large reg file and I import it in during the cmdlines.txt phase of the install.

If you really wanted it integrated in you could use Nuhi's RegHive application and put all of the entries into an inf file (like nLite.inf).

Basically you want to grab the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

This will get you all of the protection from both apps (the innoculating part anyway).


EDIT: I would love to see Nuhi put this into nLite or RyanVM put it into his Update Pack. I'd even volunteer to do the monthly updates of it.

[gunsmokingman]

I Have A Bunch Of These Enrties That Get Added At The CmdLines.txt phase.
The Reg Tweak does Is Add A extra Zone I call Zone 5.
I than put both the these in both Zone 4 And Zone 5
Zone 4 = Resticted Sites
Zone 5= Tracking Sites

I have These Install With The Cmdlines.txt
I have To Use Those 5 To get Them All
To Be Added To Any User Using My Computer.

[COMMANDS]
"UserAcount.cmd"
"REGEDIT /S 000.reg"
"REGEDIT /S 020.reg"
"REGEDIT /S 040.reg"
"REGEDIT /S 060.reg"
"REGEDIT /S 080.reg"
"UaPrestart.cmd"
"RunOnceEx.cmd"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\21popme.com]
"http"=dword:00000004
@="*"

This post has been edited by gunsmokingman: 03 March 2006 - 09:14 AM

[buletov]

just got back from a regular 3 month period service to one of my non-tech friends.

after 3 months of regular browsing using firefox and avast antivirus, ad-aware reported 0 threats.

i rest my case.

[MCT]

3 months
i have no need for antispyware software now i use spyware blaster, lock my hosts file & use opera.. nothing else is needed, never a popup or spyware

[RogueSpear]

1.) Like it or not, Internet Explorer is indeed rather interwoven into Windows 2K/XP. So it would definately be in the best interest of everyone using Windows 2K/XP to take advantage of these registry entries. If you want to use Spywareblaster and Spybot S&D, all the better.

2.) Has anyone here tried to deploy and manage Firefox in an enterprise environment? And felt it was worth the effort? Didn't think so.

3.) The license agreements to both Spybot and Spywareblaster leave me wondering if you can deploy them en mass. So the next best thing is to take the registry entries and import them. I've even implemented within a machine startup script written in VBscript, a routine that checks for updates by way of a seed file and updates the registry as necessary. So all I have to do make a new registry file once a month and put on the server. The next time all of the computers reboot (think patch tuesday), they get the updates.

4.) In the last year, using nothing but Internet Explorer, Spybot and Adaware have found nothing. It's all in the configuration, using Symantec Client Security V2, Spybot S&D, Adaware, and a little common sense. I think too many people are lulled into a false sense of security because they use Firefox or Opera.

[keytotime]

http://www.spywaregu...m/blockfile.php it has a large reg file.

[war59312]

keytotime, on Feb 2 2005, 09:29 PM, said:

http://www.spywaregu...m/blockfile.php  it has a large reg file.

Yeap I conbine it plus https://netfiles.uiu...rce.htm#IESPYAD

and good to go.

[lilweirddude]

interesting....thanks for the info
i never thought of this before...

[RyanVM]

RogueSpear, on Feb 2 2005, 03:37 PM, said:

EDIT:  I would love to see Nuhi put this into nLite or RyanVM put it into his Update Pack.  I'd even volunteer to do the monthly updates of it.

Well, future nLite versions will supposedly allow you to import your own reg tweaks, so that should take care of that. I think that'd be the best way to do it, personally.

I try to put as few reg tweaks in my pack as humanly possible, as everybody has their own preferences. The only registry tweaks in mine are to fix an annoyance with Spybot and to trick WindowsUpdate into thinking the two file scanners have been run.

EDIT: That being said, I'll probably be adding these entries for my own personal CD

[gunsmokingman]

Here Are My Reg Files
Use Them If You Want
Edit To Your Needs

Area You Might Want To Edit
040.Reg
Line 1796 Start
Line 1838 End

;Speed up shutdown
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="3000"

;Disable Alerter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]
"Start"=dword:00000004

;Disable Background Intelligent Transfer Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000003

;Disable Indexing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]
"Start"=dword:00000004

;Disable TCP/IP NetBIOS Helper
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]
"Start"=dword:00000004

;Disable Messenger Service (to block spam. Does not affect MSN or Windows Messenger)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Start"=dword:00000004

;Disable Remote Desktop Help Session Manager
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]
"Start"=dword:00000004

;Disable Routing and Remote Access
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
"Start"=dword:00000004

;Disable Remote Registry Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004

;Set Print Spooler to "Manual"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]
"Start"=dword:00000003

;Disable Wireless Zero Configuration
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]
"Start"=dword:00000004

Attached File(s)

•  GsmRegTweaks.exe (111.79K)
  Number of downloads: 38

[cypher_soundz]

Yes i actually use firefox , but i don't like visiting sites that may be hostile, and you can never be to secure .
I will add the activeX stuff to the registry just incase
i am currently using every free spyware program and using the HOST file from here: http://www.bluetack.co.uk/modules.php?name...=showpage&pid=7
but i makes browsing slow.
would the above cover this? or jsut activeX / Internet explorer?
Regards
cyph

[gunsmokingman]

List Of Sites
That Get Put In Zone 4 And Zone 5
Html For IE Havnt Tried It On Any Others
List Of Sites

[RogueSpear]

I suppose I forgot to mention one of the more important things while on this topic. One of the reg keys that Spywareblaster populates is actually a list of web sites to be put into IE's "Restricted Zone." Unfortunately, even in SP2, the default configuration for the restricted zone leaves a couple of holes open. What I do is go in there and make sure "Disable" or "High Security" is selected for everything. This can also be accomplished via importing a reg file.

EDIT: To those using IE-SPYAD.. I gave up on this product a long time ago. As comprehensive as it is, it simply broke too many web sites. This includes Yahoo and MSN, and that is unacceptable to most of my clients. Further, in reviewing the list of sites supplied by Spywareblaster, I was perfectly satisfied with that list.

[RogueSpear]

One nice freeware program that I implemented once is eDexter. This program is meant to take the place of an ad blocking HOSTS file. It's basically a small proxy. The configuration can be a little tricky at first, but this program is really fantastic for a freebie. It's configuration file works similiarly to a hosts file but you can use wildcards in the entries, explicitly allow or deny, etc.

There are no registry entries with it, just it's own config files. And there isn't the overhead and slowdown that you experience with some of the 20,000 plus entry hosts files that are available. Highly recommended for those not using a software based firewall and adblocker.

[FoaMDarT]

RogueSpear, on Feb 3 2005, 08:05 AM, said:

EDIT:  To those using IE-SPYAD..  I gave up on this product a long time ago.  As comprehensive as it is, it simply broke too many web sites.  This includes Yahoo and MSN, and that is unacceptable to most of my clients.  Further, in reviewing the list of sites supplied by Spywareblaster, I was perfectly satisfied with that list.

You should take a look at this thread over at Wilder Security Forums. I'd say that the IE-SpyAd list (about 8000 sites) is the best to use for restricted zone entries. It seems to be the most comprehensive as it updates about monthly building the .reg file from numerous sources.

from IE-SpyAd website said:

This Restricted sites list is based in part on info from:

discussions in the SpywareInfo Forums and other forums that
specialize in crapware removal
 
major crapware reference sites:

and.doxdesk.com ( http://www.doxdesk.com/parasite/)
CounterExploitation ( http://cexx.org/adware.htm)
Kephyr.com ( http://www.kephyr.com/)
PestPatrol ( http://www.pestpatrol.com/)
Spyware Guide ( http://www.spywareguide.com/)
 
the latest updates to well-known anti-crapware programs such
as SpyBot Search & Destroy, Ad-aware, and SpywareBlaster.

You can read a "Targeting and Inclusion Policy" for IE-SPYAD here.

[RogueSpear]

I will agree that it is extremely comprehensive. No doubt about that. But the amount of time I had to spend editing out entries just got to be too much. And I was getting calls regularly that this web page or that web page wouldn't work because of some entry in there.

It's all a balancing act.

[Martin Zugec]

I created small program for my company, that integrate

1.) SpyIE-AD
2.) Blocklist from SpywareInfo
3.) Disable few protocols like MK, ITS, MHTML etc. that R used to deliver spyware
4.) Disable few objects like ADODB.Stream

It is working quite well... If anyone is interested I could share...

[sixpack]

soulin, on Feb 17 2005, 08:12 AM, said:

If anyone is interested I could share...
<{POST_SNAPBACK}>

yep.. i am interested