Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Stop Whenu's Clocksync and weather programs from installing

0 views
Skip to first unread message

John

unread,
Apr 19, 2003, 6:56:16 AM4/19/03
to
The Clocksync clock sync software seems to load on my computer from a
pop up. It gets by Zone Alarm and Norton although Zone Alarm does
prompt me before it is allowed to access the internet. I then have to
uninstall the thing.

Is there some way to stop this thing from installing on my PC? Should
I get a better firewall program? I never upgraded to the latest Zone
Alarm because of horror stories, so I'm using ZA Pro Ver. 2.6

Any help is appreciated.

John

Andrew Rossmann

unread,
Apr 19, 2003, 11:53:20 AM4/19/03
to
[This followup was posted to comp.security.firewalls and a copy was sent
to the cited author.]

In article <bdb25ef9.03041...@posting.google.com>, 15577
@mail.com says...

Take a look here at IE-SPYAD:
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

It's just a registry file that fills IE's Restricted Zones with a bunch
of problem sites. With the proper settings, this will disable ActiveX
installs and other nasty things. Hopefully, whatever site you are visiting
that installs it will get blocked. You really need to find the site
causing it and put it manually into Restricted Zones if needed.

--
If there is a no_junk in my address, please REMOVE it before replying!
All junk mail senders will be prosecuted to the fullest extent of the
law!!
http://home.att.net/~andyross

sponge

unread,
Apr 20, 2003, 5:18:11 AM4/20/03
to

WhenU is a particular troublesome trojan/spyware. Download both SpyBot
(http://security.kolla.de) and Ad-Aware 6 (www.lavasoft.de), run their
updaters, then run them and let them fix the problem.

DO NOT use IE-SpyAd! (Sorry Andrew! No offense intended...)


Sponge
Sponge's Anti-Spyware Page
www.geocities.com/yosponge

Andrew Rossmann

unread,
Apr 20, 2003, 11:12:17 AM4/20/03
to
[This followup was posted to comp.security.firewalls and a copy was sent
to the cited author.]

In article <3ea2657d...@news.rcn.com>, mt...@python.net says...


> DO NOT use IE-SpyAd! (Sorry Andrew! No offense intended...)

What is wrong with IE-SpyAD? It can help prevent many spyware/trojans
from getting installed in the first place. Other than a few access
glitches when I first tried it, later updates have removed a few sites
that didn't belong on the list, and I have no problems.

I also use the related AGNIS list to update the spam in my NIS2003.
Again, a few minor tweaks to eliminate a few problem areas, and it does a
great job of cutting out many more ads than NIS's defaults.

sponge

unread,
Apr 21, 2003, 1:53:01 AM4/21/03
to

I covred it pretty well in a post in alt.privacy.spyware. First and
foremost, let me say that I DO NOT believe or accuse IE-Spyad's makers
of being anything but genuinely interested in stopping spyware. There
are a few shysters out there, but I don't think Spyad's makers are one
of them.

The problem is with SOME of their techniques. I have not evaluates the
effectiveness of setting "kill bits", so I can't comment except to say
that SpywareBlaster and SpyBot seem to be more routinely updated
methods to that approach. However, I would not discourage people from
using Spyad for that function.

What Spyad DOES do that I find to be extremely poor technique is to
place spyware sites in Internet Explorer's Restricted Zone. That does
very little to stop spyware from phoning home. About all the
Restricted Zone allows you to do (and this is assuming that it is set
to the most restrictive settings) is to not download ActiveX controls
are scripts; it does nothing against already-installed spyware and far
from guarantees the new installation of spyware, particularly spyware
that installs via exploits other than ActiveX. Plus, some malware
*can* reset the security settings for the Restricted Zone, in which
case one would never know that they are vulnerable.

To combat spyware, one needs multiple approaches. SpyBot, Ad-Aware,
and SpywarBlaster are all good and all should be used. Maybe Spyad in
place of SpywareBlaster to this end.

Then, use either HOSTS or DNSKong to stop newly-evolved spyware from
being able to do it's thing. I prefer Kong, as it's far more efficient
than HOSTS, but your pick.

I also prefer to block most spyware and ad sites in my firewall, and
have lists to do that. The reason being is that Kong and the Spyware
Blocklist, together, are a pretty formidable pro-active approach to
keeping spyware off and, worse comes to worst spyware gets one, from
ever being able to prevent it from phoning home. Ditto with ad
services' cookies, JS and CSS exploits, which can also leak sensitive
info. The SpyBot and Ad-Aware are a good reactive approach for
ensuring cleanliness (although there are a few spywares, including
some I've personally discovered, which neither will identify -- the
moral is, don't put all your eggs in one basket.)

0 new messages