*************************************** ** ** ** IE-SPYAD: ** ** ** ** Restricted Sites List ** ** for Internet Explorer ** ** ** *************************************** ------------ - Contents - ------------ * Introduction * Compatibility - Windows 2003 Server - Windows XP (all versions) - Windows XP SP2 - AOL Web Browser - Internet Explorer 7.0 - Internet Explorer 6.0 * IE-SPYAD vs. IE-SPYAD2 - Differences - When to Use - How to Tell the Difference - Switching Between Versions * Installation & Uninstallation - Installation - Uninstallation - Windows XP RegEdit Crashes - No Sites in Restricted Sites List - Windows 2003 Server - Notes on Installation/Uninstallation - Updates - License Agreement - Tutorials & Translations * Using IE-SPYAD - What is the Restricted sites zone? - How can I tell if the IE-SPYAD is working? - I'm still seeing ads on web pages. Why isn't it working? - I'm still getting pop-ups. Why isn't it working? - Now that I've installed IE-SPYAD, I'm getting these ActiveX warnings? Why am I getting these errors? - Now that I've installed IE-SPYAD, some web sites are classified as being in a "Mixed" zone? Why is that happening? - How can I see which domains or servers have been added to the Restricted sites zone? - One of the web sites that I normally visit isn't working right. How can I remove it from the Restricted sites zone? - How can I tell which entry is causing a problem with a web site? * About IE-SPYAD's List of Entries - How do you decide what sites to add to IE-SPYAD? - Why can't you make sure that IE-SPYAD doesn't block normal, harmless stuff? - How do you create IE-SPYAD from the AGNIS list? * Customizing IE-SPYAD - How can I customize IE-ADS.REG? - Why is there a "Not for Everyone" section? - How can I save my customizations to the "Not for Everyone" section? - How can I save my "disabled" entries? - Why are there two "Adult" sections? - What happened to the "Adult Domains (Misc)" section? - What is the "IE xx.yy Special" section for? - Why is one of the AOL entries different? - What is that Radlight section in IE-SPYAD? * Using IE-SPYAD w/ Other Privacy/Security Solutions - If I use a HOSTS file, why do I need IE-SPYAD? - If I use SpywareBlaster, do I need IE-SPYAD? - If I use the SpywareGuide Blocklist, do I need IE-SPYAD? - If I use Spybot Search & Destroy, do I need IE-SPYAD? - After I update IE-SPYAD, some "protections" or "items" are disabled in SpywareBlaster's "Restricted sites" section or Spybot Search & Destroy's "Immunize" section. Why? - Why does HijackThis! freeze after I install IE-SPYAD? - If I lock down my Internet zone, is there any benefit to using IE-SPYAD? - My anti-spyware program is flagging some IE-SPYAD entries as "spyware." Why? * Installing & Uninstalling IE-SPYAD - Do I really need to uninstall previous versions of IE-SPYAD before installing a newer version? - If I installed the optional Porn Site list, do I need to reinstall it every time I update IE-SPYAD? - I installed IE-SPYAD, but no new sites were added to the Sites list on the Internet Options Security tab. - I uninstalled IE-SPYAD, but there are still hundreds of porn sites in my Restricted zone. - Isn't there an easier way to install IE-SPYAD for multiple users with different user profiles? - Why am I double-clicking a .REG file in order to *uninstall* IE-SPYAD? - Why are some keys left behind in the Registry after I uninstall IE-SPYAD? - Why does IE-SPYAD add keys to HKEY_USERS\.Default? - Is there a forum, bulletin board, or mailing list for questions on IE-SPYAD? * Working w/ IE's Security Zones - How can I identify good candidates for the Restricted sites zone myself? - What sites should I put in my Trusted sites zone? - What else should I know about the Security zones and Internet Explorer? - Where can I get more information about Internet Explorer Security zones? * Problems & Questions * Credits & Acknowledgements ---------------- - End Contents - ---------------- This file contains instructions for installing and using IE-SPYAD (IE-ADS.REG). ============ Introduction ============ IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.  Please note that IE-SPYAD is not an ad blocker. It cannot cause Internet Explorer to start blocking standard banner ads. You will still see most banner ads. IE-SPYAD merely enables Internet Explorer to impose limits on what advertisers, marketers, and crapware pushers can do with your web browser. For example, IE-SPYAD will: * STOP UNWANTED CRAPWARE from being installed behind your back via "drive- by-downloads"; * PREVENT THE HIJACKING OF YOUR HOME PAGE and other key Internet Explorer settings; * SHUT DOWN ACTIVEX, JAVA, AND SCRIPTING, all of which can be employed to push obnoxious advertising on you and compromise your privacy and security; * BLOCK COOKIES, which can be used to monitor and track your travels around the Internet; * COMBAT OBNOXIOUS SCRIPT-BASED POPUPS that clutter your screen and force unwanted advertising on you.   There are five main sections: "MAIN," "ADULT SERVICES," "ADULT HOSTS," "NOT FOR EVERYONE," and "IP ADDRESS RANGES." (1) All servers & domains in "MAIN," "ADULT SERVICES," "ADULT HOSTS" & "IP ADDRESS RANGES" will be added to the Restricted sites zone. (2) Most servers & domains in "NOT FOR EVERYONE" will not be added unless the semi-colon and space (; ) are removed from the front of each line. (Some entries in this section are enabled by default.) IE-SPYAD ships with an install/uninstall utility. You can also install and uninstall IE-SPYAD by manually merging the appropriate .REG files. See the "Installation & Uninstallation" section below for more information. This Restricted sites list is based in part on info from: 1. discussions in major anti-spyware forums such as: SpywareInfo Forums: (http://www.spywareinfo.com/forums/) Spyware Warrior: (http://spywarewarrior.com/index.php) CastleCops: (http://castlecops.com/forums.html) 2. the latest updates to well-known anti-crapware programs such as: SpyBot Search & Destroy: (http://security.kolla.de/) Lavasoft Ad-aware: (http://www.lavasoft.de/) SpywareBlaster: (http://www.javacoolsoftware.com/spywareblaster.html) 3. other crapware reference sites such as: and.doxdesk.com: (http://www.doxdesk.com/parasite/) CounterExploitation: (http://cexx.org/adware.htm) Kephyr.com: (http://www.kephyr.com/) PestPatrol: (http://www.pestpatrol.com/) SpywareGuide.com: (http://www.spywareguide.com/) Webhelper:(http://www.webhelper4u.com/) 4. the latest updates to HOSTS files from: hpguru: (http://www.hosts-file.net/downloads.html) MVPS: (http://www.mvps.org/winhelp2002/hosts.htm) For privacy and security in Internet Explorer, you may also be interested in another utility available from this site: Enough is Enough! (http://www.spywarewarrior.com/uiuc/resource6.htm). ============= Compatibility ============= This Restricted Sites list can be used with the following versions of Internet Explorer: Internet Explorer 7.0 Internet Explorer 6.0 (incl. SP1 & SP2) Internet Explorer 5.5 (incl. SP1 & SP2) Internet Explorer 5.01 (incl. SP1 & SP2) Internet Explorer 5.0 Internet Explorer 4.01 (incl. SP1 & SP2) Internet Explorer 4.0 Note: this file works only with Internet Explorer; it will have no effect whatsoever on Opera, Mozilla, Netscape 6.0/7.0, or the older Netscape Navigator/Communicator. ------------------- Windows 2003 Server ------------------- If you're installing IE-SPYAD on Windows 2003 Server, there are some special considerations. Please see the "Windows 2003 Server" section below in "Installation & Uninstallation." ------------------------- Windows XP (all versions) ------------------------- Some Windows XP users have reported that the IE-SPYAD block list does not show up in the Internet Explorer Restricted sites list. If this happens to you, uninstall IE-SPYAD as you normally would, and then download and install IE-SPYAD2, which a custom version of IE- SPYAD that should resolve this problem. IE-SPYAD2 can be downloaded from the same web page as the original IE-SPYAD. For more information on IE-SPYAD2, see the section below titled "IE-SPYAD vs. IE-SPYAD2." -------------- Windows XP SP2 -------------- IE-SPYAD works just fine with the version of Internet Explorer that ships with Windows XP Service Pack 2. Moreover, even though Windows XP SP2 does make several significant privacy and security improvements to Internet Explorer, IE-SPYAD can still help to protect your privacy and security by restricting the functionality of untrustworthy web sites. --------------- AOL Web Browser --------------- The AOL web browser is actually just a fancy front-end to Internet Explorer. Although you may not have realized it, when you're surfing the web with AOL's web browser, you're actually using Internet Explorer underneath. AOL's embedded Internet Explorer web browser does rely upon the privacy and security settings from Internet Explorer. AOL's web browser will respect the Internet zone Security settings and, thus, will use IE-SPYAD's list of Restricted sites. From within the AOL web browser you can access Internet Explorer's Security zones, including the Restricted zone to which IE-SPYAD adds its list of domains and sites. In AOL, go to Settings >> Preferences, which has a link to Internet Properties (WWW) that calls up a dialog box titled AOL Internet Properties. Switch to the Security tab and you'll see the Restricted site zone. You don't need to do anything special to install IE-SPYAD on your system so that the AOL web browser will use IE-SPYAD's Restricted sites list. Follow the installation instructions below and you'll have IE-SPYAD installed for AOL's web browser. In some parts of this ReadMe, I do discuss how to use Internet Explorer's Internet Options box. This Internet Options box is the same thing as the AOL Internet Properties box mentioned above. Wherever I discuss Internet Explorer's Internet Options box or describe the Restricted sites settings on the Security tab of that box, simply substitute the AOL Internet Properties box described here. --------------------- Internet Explorer 7.0 --------------------- While several of the beta versions of Internet Explorer 7.0 had issues with the format of many IE-SPYAD .REG file entries, testing with the final release version of IE7 indicates that these issues have been resolved. Thus, IE7 users can load the IE-SPYAD "Restricted sites" sites list just like users of earlier versions of Internet Explorer. --------------------- Internet Explorer 6.0 --------------------- While Internet Explorer 6.0 does add new settings to control cookies (Tools >> Internet Options... >> Privacy), these new controls and options do not interfere with IE-SPYAD. In short, IE-SPYAD's Restricted sites list takes precedence over the new Privacy tab cookie control settings (which pertain only to the Internet zone); IE-SPYAD will block cookies from its sites and domains no matter what a user's Privacy tab settings may be. There is no need to add IE-SPYAD's list of domains and servers to the custom "Web Sites" list on the Privacy tab in IE6. If you are interested in the tests I have run with IE-SPYAD's and IE6, you can read my "preliminary findings" here: http://www.spywarewarrior.com/uiuc/ie6-p3p.htm That page details still other approaches and solutions that IE6 users can take to protect their privacy from unwanted cookies of advertisers and marketers. ====================== IE-SPYAD vs. IE-SPYAD2 ====================== IE-SPYAD comes in two different versions: IE-SPYAD (original) and IE-SPYAD2. Most users should use the original version (which is downloaded in IE-SPYAD.ZIP and IE-SPYAD.EXE). IE-SPYAD2 (which is downloaded in IE-SPYAD2.ZIP and IE-SPYAD2.EXE) should be used only if there is a compelling need to do so (see below for more information). IE-SPYAD2 can be downloaded from the same web page as the original IE-SPYAD. ----------- Differences ----------- Both versions of IE-SPYAD install the same block list -- the only difference is the Registry location where that block list is installed. IE-SPYAD: Installs to... HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains IE-SPYAD2: Installs to... HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains In other words, the original IE-SPYAD installs to the Registry location for the current user of the PC; IE-SPYAD2 installs to the global machine location, thus affecting all users and accounts on the PC. ----------- When to Use ----------- Most users should use the original version of IE-SPYAD. IE-SPYAD2 should be used only if: 1) The administrator of the machine wants to install the block list simultaneously on all user accounts. 2) The original IE-SPYAD block list is not appearing as expected in the Restricted sites list for Internet Explorer. -------------------------- How to Tell the Difference -------------------------- You can tell the difference between IE-SPYAD (original) and IE-SPYAD2 by opening IE-ADS.REG and inspecting the Registry keys listed. Registry keys that point to HKEY_CURRENT_USER indicate that you're using IE-SPYAD (original). Registry keys pointing to HKEY_LOCAL_MACHINE indicate that you're using IE-SPYAD2. -------------------------- Switching Between Versions -------------------------- If you've been using one version of IE-SPYAD and would like to switch to the other version, make sure that you uninstall the previous version of IE-SPYAD using the uninstaller that came with THAT version of IE-SPYAD. After you've uninstalled the old version, you can install the new version. ------------ Side Effects ------------ When you install IE-SPYAD2 you should be aware of two side effects of using system-wide settings as opposed to user-specific settings for the Restricted sites list. First, if you've added sites to the Trusted sites zone, the new Restricted sites may not show up in the Restricted sites box (Tools >> Options >> Security). This appears to be a quirk of Internet Explorer. What's happening is that Internet Explorer won't display sites loaded in the HKLM Registry hive (from IE-SPYAD2) if there are sites already loaded in the HKCU hive (from the Trusted sites zone). Even though the Restricted sites may not display, however, Internet Explorer will still use the block list to restrict sites covered by the list. Second, one other downside to using system-wide settings is that non-administrator users in Windows NT 4.0, Windows 2000, and Windows XP may not be able to see and edit the Restricted sites list in Internet Explorer. ============================= Installation & Uninstallation ============================= Installing and uninstalling IE-SPYAD is a simple process. After downloading and unpacking the installation package (either the .EXE or the .ZIP file), you can install IE-SPYAD manually or automatically. After installing IE-SPYAD, you should set the security policies for the Restricted sites zone in Internet Explorer. If you later decide that you no longer want IE-SPYAD, you can uninstall it quickly and easily. ------------ Installation ------------ You have two different options for installing and uninstalling IE-SPYAD. You can install and uninstall IE-SPYAD: * MANUALLY by merging .REG files (as described below); * AUTOMATICALLY by using the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. The step-by-step directions below describe both methods, distinguishing between the two (MANUAL vs. AUTO) where appropriate. To Install and Use IE-SPYAD: 1. Delete earlier IE-SPYAD files If you have copies of files from an earlier version of IE-SPYAD, delete those files. 2. Download the current version of IE-SPYAD Visit the IE-SPYAD download page and download the most current version of IE-SPYAD to your hard drive. Save it to a location where you can find the file easily (My Documents, for example, might be a good choice.) 3. Unpack the IE-SPYAD files Whether you downloaded the .ZIP file or the .EXE file, you'll need to unpack the files inside the file you downloaded. On Windows XP, simply open the file and copy the files inside to a new location. On earlier versions of Windows either use an unzipper program like WinZip or, if you downloaded the .EXE file, run the .EXE and allow WinZip to unpack the files. 4. Close Internet Explorer You should close Internet Explorer before installing IE-SPYAD. If you don't close Internet Explorer before installing IE-SPYAD, you may have to close and then re-open Internet Explorer to prompt IE to recognize and "take" the changes that you've made to the Registry. 5. Uninstall previous versions of IE-SPYAD. If you installed a previous version of IE-SPYAD, you should uninstall that version first. MANUAL: You can uninstall previous versions of IE-SPYAD with the IE-ADS- UNINST.REG file, found in the main IE-SPYAD installation directory. Simply double-click on IE-ADS-UNINST.REG to merge the changes into your Registry. AUTO: You can also uninstall previous versions of IE-SPYAD using the IE- SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. Select menu option [1] from the main menu of that utility. Note that the uninstaller for the current version of IE-SPYAD (IE-ADS-UNINST. REG will uninstall both the current version of IE-SPYAD and all previous versions. There is no need to keep previous copies of IE-SPYAD on your hard drive in order to use the uninstaller from that version. The most current version of IE-SPYAD will always remove all previous versions. * Note: For more information on uninstalling previous versions of IE-SPYAD see the "Uninstalling Previous IE-SPYAD Versions" section below. 6. Install IE-SPYAD. After you've uninstalled previous versions of IE-SPYAD, you can install the new version of IE-SPYAD. MANUAL: You can manually install IE-SPYAD by merging the installation file IE-ADS.REG into your Registry. Double click on IE-ADS.REG to "merge" it into your Registry. A box should pop up saying that the file has been successfully added to the Registry. AUTO: You can also install IE-SPYAD using the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. Select menu option [2] from the main menu of that utility. 7. Configure your Restricted sites zone. If you haven't already configured your Restricted sites zone for maximum security, then you should do so. Here's how to do it: * Open Internet Explorer's "Internet Options" (off either the "View" or "Tools" menu bar option). Hit the "Security" tab. Select the "Restricted sites." Click the "Custom Level" button. * Change every entry in the "Custom Level" settings box for "Restricted sites" to "Disable" (or "Prompt" or "High safety," if "Disable" is not an option for a particular entry). * Close the "Custom Level" settings box by clicking "OK." 8. Close the "Internet Options" box by clicking "OK." You're ready to surf safely now! -------------- Uninstallation -------------- You can uninstall IE-SPYAD in two ways: * MANUALLY by merging .REG files (as described below); * AUTOMATICALLY by using the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. The step-by-step directions below describe both methods, distinguishing between the two (MANUAL vs. AUTO) where appropriate. To uninstall IE-SPYAD from Internet Explorer's Restricted sites zone: 1. Remove the IE-SPYAD List from the Restricted sites zone MANUAL: You can uninstall IE-SPYAD manually with the uninstaller (IE-ADS- UNINST.REG). Simply double-click on IE-ADS-UNINST.REG file. IE- SPYAD's list of domains and servers will be removed from the Restricted sites zone. AUTO: You can also uninstall IE-SPYAD manually by using the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE- SPYAD installation directory. * Note: that when you merge IE-ADS-UNINST.REG into the Registry, you'll receive the same message as you get when you install IE-SPYAD. Don't be confused or alarmed by this. Windows is simply informing you that it is merging the uninstaller .REG file. That .REG file does actually remove IE-SPYAD's entries from the Restricted sites zone. 2. Reset Restricted sites security level (optional) After you've uninstalled IE-SPYAD's domain/site list from the Restricted sites zone, you may want to Reset your Restricted sites zone security setting to the "Default Level." If you're simply going to install a new version of IE-SPYAD, then don't reset your Restricted sites security settings -- just install the new version of IE-SPYAD after removing the old one. To reset the Restricted sites zone security settings: Open Internet Explorer's "Internet Options" (off either the "View" or "Tools" menu bar option). Hit the "Security" tab. Select the "Restricted sites." Click the "Default Level" button. At this point, all the changes made my IE-SPYAD to Internet Explorer should be removed. -------------------------- Windows XP RegEdit Crashes -------------------------- A small number of Windows XP users have reported that the Windows Registry Editor (RegEdit) occasionally crashes when installing IE- SPYAD. When RegEdit crashes during installation, not all of IE-SPYAD's Restricted sites list entries will be added to the Restricted sites zone. Users have reported RegEdit crashes both while using the INSTALL.BAT installation utility and while manually merging .REG files by double-clicking on them. If RegEdit crashes during installation of IE-SPYAD, there is a work-around that involves importing .REG files directly from within Windows Registry Editor. 1. Open Windows RegEdit From the Windows Start menu, go "Start" >> "Run." In the "Run" box type REGEDIT.EXE and hit "OK" to open Windows Registry Editor. 2. Import IE-ADS.REG On the menu bar bar of Windows Registry Editor, select "Registry" >> "Import Registry File..." A file/open dialog box will appear, allowing you to navigate to the location where you unpacked IE-SPYAD. Once you locate IE-ADS.REG, select the file and hit "Open." RegEdit will import IE-ADS.REG to the Registry, installing IE-SPYAD to the Restricted sites zone. 3. Close Windows RegEdit Close Windows Registry Editor when you're finished importing IE-ADS.REG. To uninstall IE-SPYAD, repeat the above procedure, importing IE-ADS-UNINST.REG instead of IE-ADS.REG. At this time it is not known what the precise cause of random crashes of RegEdit while installing IE-SPYAD is, though it appears to involve some quirk in the version of RegEdit that ships with Windows XP. I have received no reports of similar behavior with any other version of Windows. --------------------------------- No Sites in Restricted Sites List --------------------------------- Some users, esp. Windows XP users, have reported that the IE-SPYAD block list occasionally does not show up in the Restricted Sites list in Internet Explorer (see Tools >> Options >> Security). The cause of this problem is currently not known. It does appear, though, that users with this problem can download and install IE-SPYAD2, which installs the IE-SPYAD block list to a different Registry location. IE-SPYAD2 is available from the same download page as the original IE-SPYAD. See the section above titled "IE-SPYAD vs. IE-SPYAD2" for more information on using IE-SPYAD2. ------------------- Windows 2003 Server ------------------- If you're installing IE-SPYAD on Windows 2003 Server, there are a few special considerations that you should keep in mind: 1) The INSTALL.BAT installation utility does not work on Windows 2003 Server INSTALL.BAT makes uses of the CHOICE command line utility, which has undergone significant changes in Windows 2003. See the following for more information: http://www.microsoft.com/resources/documentation/windowsserv/2003/ standard/proddocs/en-us/choice.asp Specifically, the MENU command for CHOICE has changed, rendering the INSTALL.BAT incompatible with the Windows 2003 version of CHOICE. Thus, to use the use IE-SPYAD you will need to merge .REG files manually in order to install and uninstall the IE-SPYAD Restricted sites list. To do so, follow the instructions contained above for "manually" installing and uninstalling IE-SPYAD. 2) The .REG files may need to be modified before merging By default, Windows 2003 Server uses a slightly different Registry location to store zone entries for the Internet Security zones of Internet Explorer. Where all previous versions of Internet Explorer store zone entries in these two Registry keys: Domains: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\ Ranges: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Ranges\ ...the version of Internet Explorer that ships with Windows 2003 Server stores them here: Domains: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\EscDomains\ Ranges: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\EscRanges\ In short, the DOMAINS key has become the ESCDOMAINS key, and the RANGES key has become the ESCRANGES key. Before merging any of the .REG files to install or uninstall IE-SPYAD (both the IE-ADS.REG installer and the IE-ADS-UNINST.REG uninstaller), you'll need to do a manual search & replace in your favorite plain text editor to change the Registry keys to match the Windows 2003 Server locations. The version of Internet Explorer that ships with Windows 2003 Server can be configured to use the same Registry keys as other versions of Internet Explorer on other versions of Windows. To do so, you must disable the Internet Explorer "Enhanced Security Configuration" component. When the "Enhanced Security Configuration" component is installed, Internet Explorer uses the special ESCDOMAINS and ESCRANGES Registry keys to store security zone entries. When the "Enhanced Security Configuration" component is disabled, Internet Explorer uses the same Registry keys as other versions of Internet Explorer. To disable the Internet Explorer "Enhanced Security COnfiguration": 1. Open "Add/Remove Programs" Control Panel applet. 2. Click the "Add/Remove Windows Components" button. 3. Uncheck the box for "Internet Explorer Enhanced Security Configuration." 4. Press the "Next" button to finish the reconfiguration. For more advice and tips on manually editing and customizing IE-SPYAD's Registry files, see the "Customizing IE-SPYAD" section below. And for more information on Windows 2003 Server and the Registry keys it uses for zone entries, see: What Is Internet Explorer Maintenance Extension? http://www.microsoft.com/technet/prodtechnol/windowsserver2003/ library/TechRef/1f105ee4-b025-478c-a03e-77fcd91a64e4.mspx Managing Internet Explorer Enhanced Security Configuration http://www.microsoft.com/downloads/details.aspx?FamilyID= d41b036c-e2e1-4960-99bb-9757f7e9e31b&DisplayLang=en Adding Sites to the Enhanced Security Configuration Zones http://msdn.microsoft.com/library/default.asp? url=/workshop/security/szone/overview/esc_development.asp ------------------------------------ Notes on Installation/Uninstallation ------------------------------------ Although installing and uninstalling IE-SPYAD should cause you few if any problems, you may have questions about some aspects on the installation/uninstallation process. What follows are answers to some of the more frequently asked questions about installing and uninstalling IE-SPYAD. You can find still more answers to installation/uninstallation questions towards the end of this document in the section titled "Installing & Uninstalling IE-SPYAD." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Windows XP and .ZIP Archives ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IE-SPYAD is distributed in ZIP archive files (either as a plain .ZIP file or as a self-extracting .EXE file). If you're using Windows XP, you should be aware of how Windows XP handles ZIP archives. Windows XP displays and treats ZIP archives as folders, allowing users to click on the files to open them just as they would a regular folder or directory on the hard drive. Even though these ZIP archive files may look like and behave somewhat like regular folders on Windows XP, you should move all the files out of those ZIP "folders" before attempting to use any of them. If you don't move all of the IE-SPYAD files out of the ZIP "folder" and into a regular folder of their own, the files may not work properly -- especially the INSTALL.BAT installation utility. The easiest thing to do is create a new folder for IE-SPYAD, then copy all of the IE-SPYAD files out of the ZIP "folder" into that regular new folder. Once you've copied out all of the files, you can run INSTALL.BAT and proceed to install IE-SPYAD. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Using the Install/Uninstall Utility (INSTALL.BAT) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On 29 Sep. 2003 IE-SPYAD began shipping with a simple batch file install/uninstall utility named INSTALL.BAT. This install/uninstall utility can be used to perform the following tasks: [1] UNINSTALL the Current IE-SPYAD List Uninstall the current IE-SPYAD list of Restricted sites. This is recommended before installing a new version of IE-SPYAD. [2] INSTALL the New IE-SPYAD List Install the new IE-SPYAD list of Restricted sites. [3] REMOVE the Old Porn Site Domains Remove the 930+ porn domains that were dropped on 26 Apr. 2003. [4] ADD the Old Porn Site Domains Add the 930+ porn domains that were dropped on 26 Apr. 2003. You do not need to use INSTALL.BAT to perform any of the above tasks. If you prefer, you can manually merge .REG files just as before to install and uninstall either IE-SPYAD or the porn site list found in the \ADULT directory. ~~~~~~~~~~~~~~~~~~~~~~ Multiple User Profiles ~~~~~~~~~~~~~~~~~~~~~~ If you have multiple user profiles on your computer and want IE-SPYAD to work on all of those profiles, you'll have to download and install IE-SPYAD2, which installs the block list to a different Registry location than the original IE-SPYAD. IE-SPYAD2 makes IE- SPYAD's settings global or system-wide (instead of user-specific). See the "IE-SPYAD vs. IE-SPYAD2" section above for more information on downloading and installing IE-SPYAD2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Uninstalling Previous IE-SPYAD Versions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you have installed a previous version of IE-ADS.REG, you should uninstall that old version before installing the new version. The uninstaller that ships with IE-SPYAD (IE-ADS-UNINST.REG) will uninstall both current and previous versions of IE-SPYAD. You can also uninstall previous versions of IE-SPYAD in two ways: * by manually double-clicking on the uninstaller (IE-ADS-UNINST.REG) to merge the changes (removals) into your Registry; * by using the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. Note that when you manually merge IE-ADS-UNINST.REG into the Registry, you'll receive the same message as you get when you install IE-SPYAD. Don't be confused or alarmed by this. Windows is simply informing you that it is merging the uninstaller .REG file. That .REG file does actually remove IE-SPYAD's entries from the Restricted sites zone. A Note on Porn Sites If you uninstall IE-SPYAD and find that you still have hundreds of adult (porn) related sites in your Registry, the merge the ADULT- UNINST.REG in the \ADULT sub-directory. These porn sites can also be removed by using the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. For more information on uninstallation issues with IE-SPYAD, see the section titled "Do I really need to uninstall previous versions of IE-SPYAD before installing a newer version?" below. A Note on the Uninstaller in Previous Versions Previous versions of IE-SPYAD shipped with two uninstallers: an IE-ADS-UNINST.REG in the main directory for the current version of IE-SPYAD, and an IE-ADS-UNINST.REG in the \OLD directory for the previous version of IE-SPYAD. Those uninstallers have now been consolidated into a single uninstaller named IE-ADS-UNINST.REG, which you can find in the main directory. IE-ADS-UNINST.REG can be used to uninstall both the current and previous versions of IE-SPYAD. The IE-SPYAD Install/Uninstall Utility (discussed below) can also be used to uninstall current and previous versions of IE-SPYAD. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Troubleshooting .REG File Problems ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IE-SPYAD is essentially a set of .REG files that are merged into the Windows Registry. Windows Registry Files (.REG) are themselves plain text files that contain Registry changes that can be merged into the Registry. To merge a .REG file, one normally double-clicks a .REG file and then clicks through the confirmation box that Windows presents. In some cases, however, the .REG file association in Windows may become broken. When that happens, Windows won't know what to do with .REG files and, thus, will not be able to merge them properly into the Registry. If Windows seems not to know know what to do the IE-SPYAD .REG files, it's probable that the .REG file association is broken on your version of Windows. There are two possible solutions: 1. Download REG-RESTOR REG-RESTOR.ZIP contains a set of .REG files that can be manually imported into the Windows Registry Editor to reset or restore the .REG file association in Windows. You can download REG-RESTOR from this page on my web site: http://www.spywarewarrior.com/uiuc/fixes.htm Be sure to read the ReadMe.txt included with REG-RESTOR and follow the directions carefully. Once you've used REG-RESTOR to reset your .REG file association, you should be able to merge IE-SPYAD's .REG files into your Registry by double-clicking on them. 2. Manually import IE-SPYAD w/ REGEDIT.EXE You can use the Windows Registry Editor (REGEDIT.EXE) to manually import IE-SPYAD's .REG files. Here's how to do it: a) Open REGEDIT.EXE (Windows Registry Editor) Go Start >> Run... In the "Run" box type "REGEDIT.EXE" (sans quotes) and hit "OK." The Windows Registry Editor should open. b) Import IE-ADS.REG Go "Registry" >> "Import Registry File." Locate the IE-ADS.REG and select it. Then hit "Import." (Note: to uninstall IE-SPYAD, select IE-ADS-UNINST.REG and import that .REG file instead.) c) Close REGEDIT.EXE d) Verify that IE-ADS.REG has been imported In Internet Explorer, go "Tools" >> "Internet Options" and click the "Security" tab. Select the Restricted sites zone, and hit the "Sites..." button. If IE-SPYAD has been properly imported, you should see a long list of sites and domains in the "Sites..." box. (By turns, if you imported IE-ADS-UNINST.REG to uninstall IE-SPYAD, the "Sites..." box should be clear.) If you use this second method, keep in mind that the .REG file association remains broken on your computer, even though you successfully imported IE- SPYAD's .REG files. ~~~~~~~~~~~~~~~~~~~~~ CHOICE.COM/CHOICE.EXE ~~~~~~~~~~~~~~~~~~~~~ The new IE-SPYAD Installer/Uninstaller, INSTALL.BAT, makes use of CHOICE.COM, a DOS utility which shipped with every version of MS DOS 6.0 and above as well as all versions of Win9x, including Windows 95, Windows 98, and Windows Me. Windows NT 4.0, Windows 2000, and Windows XP do not, however, include a copy of this file. Moreover, CHOICE.COM apparently has compatibility issues with the Windows XP command shell interpreter. This distribution includes a copy of both CHOICE.COM (from Windows 95 B - OSR2) and CHOICE.EXE (from the Windows 2000 Professional Resource Kit), which has equivalent functionality to CHOICE.COM. If INSTALL.BAT detects that you're running Windows NT/2000/XP, it will automatically install CHOICE.EXE to your Windows directory (usually \WINNT). (If you're running Windows 95/98/Me and CHOICE.COM seems to be missing, INSTALL.BAT will instead install CHOICE.COM to \WINDOWS.) If you're running Windows XP and INSTALL.BAT gives you errors every time you reach one of the menus, the problem is likely that a straight DOS version of CHOICE.COM is somewhere on your path. Even when CHOICE.EXE is installed in the Windows directory (\WINNT), if INSTALL.BAT finds CHOICE.COM, it will use CHOICE.COM instead of CHOICE.EXE. We want INSTALL.BAT to use CHOICE.EXE, which is compatible with Windows XP. Check your Windows directory (usually \WINNT) as well as your System directory (\WINNT\SYSTEM32). If you find CHOICE.COM (as opposed to CHOICE.EXE), remove it. Also, if you downloaded an earlier version of this utility that included only CHOICE.COM, make sure that CHOICE.COM is not located in the top level installation directory (a copy is included in the \CHOICE sub-directory, but that's OK). In other words, make sure that there is no chance that CHOICE.COM will be used. On Windows XP, you should be using CHOICE.EXE instead. Note: if you're running Windows 2003 Server, then INSTALL.BAT will not work with the version of CHOICE that is installed on your PC. See the "Windows 2003" section above in "Installation and Uninstallation" for tips on using IE-SPYAD with Windows 2003. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CHOICE.EXE & Windows 2000/XP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you attempt to run the IE-SPYAD batch file installer (INSTALL.BAT) on a user account without Admin privileges you may encounter problems. As noted just above, the installer attempts to copy CHOICE.EXE to the Windows directory if it is not already present. If you're running on a user account that lacks Admin privileges, Windows will not allow the file to be copied to the Windows directory, and the installer batch file will fail. There are several workarounds for this issue: 1) Log in as Administrator and copy the CHOICE.EXE to the Windows directory before launching the installer. 2) Do not use the INSTALL.BAT batch file to install and uninstall IE-SPYAD. Instead, manually merge the appropriate .REG files using the directions supplied earlier in this ReadMe for manual installation of IE-SPYAD. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ About the PGP Signature Files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I make available PGP signatures (as detached sig files) for all of the downloadable file on my web site. These PGP signature files have the extension .SIG. You don't have to download the PGP sig files (or my PGP public keys) in order to use IE-SPYAD or the other files and utilities that I make available. The PGP sigs are digital signatures for the main download files that PGP users can use to verify the integrity and origin of the download files. If you don't use PGP, they won't be of much use to you. If you're interested in learning more about PGP, check some of the links on this page: http://www.spywarewarrior.com/uiuc/info5b.htm ------- Updates ------- The IE-SPYAD Restricted zone list is regularly updated. You can download updated versions of IE-SPYAD from the same page where you downloaded your original copy of IE-SPYAD. http://www.spywarewarrior.com/uiuc/resource.htm That page lists the last time that IE-SPYAD was updated. I usually try to update IE-SPYAD at least once a month, though I often update more frequently. When IE-SPYAD is updated, the entire file is updated (there's no separate update file). Simply download the updated IE-SPYAD.ZIP or .EXE file from the Download section on the IE-SPYAD download page. When you unpack the file that you downloaded, you'll notice that IE-ADS.REG (the installer) and IE-ADS-UNINST.REG (the uninstaller) both have new file dates. To install an updated version of IE-SPYAD, uninstall the old version of IE-SPYAD by using the IE-ADS-UNINST.REG in the main IE-SPYAD installation directory. Then import the new IE-ADS.REG from the main installation directory. There is no special forum, newsgroup, or web board for IE-SPYAD. I do hang out regularly in the following newsgroups and forums, however, and you can often find folks talking about IE-SPYAD (and other things related to privacy & security) in these places. I also periodically announce updates to IE-SPYAD in the "updates" section of the forums listed below. DSLR/BBR Security Forum http://www.dslreports.com/forum/security,1 http://www.broadbandreports.com/forum/security,1 ComputerCops http://www.computercops.biz/forums.html GRC Discussion Groups http://grc.com/discussions.htm Safer Networking Forums http://forums.spybot.info/ SpywareInfo http://forums.spywareinfo.com/ Spyware Warrior http://spywarewarrior.com/index.php Wilders Security Forums http://www.wilderssecurity.com/ ----------------- License Agreement ----------------- By installing and using the IE-SPYAD "Restricted sites" list and/or the INSTALL.BAT installation utility, you acknowledge that you have read and agreed to the terms and conditions outlined in the "License Agreement," copies of which are included at the end of this ReadMe as well as in the LICENSE.TXT file included with this distribution package. ------------------------ Tutorials & Translations ------------------------ IE-SPYAD users from around the world have produced tutorials (with screenshots) and translations of key IE-SPYAD documentation. Here's a list of the tutorials and translations that I know of: How to Install and Update IE Spyad for Internet Explorer http://forums.windowsforum.org/index.php?showtopic=6640 Using IE-Spyad to enhance your privacy and security http://www.bleepingcomputer.com/tutorials/tutorial53.html IE-SPYAD (Italian) http://home.datacomm.ch/winzozz/howes.htm Manual for installering og brug af IE-spyad (Danish) http://www.spywarefri.dk/iespyad.manual.htm IE-SPYAD (Japanese) http://higaitaisaku.com/iespyad.html IE-SPYAD (Japanese) http://www.forest.impress.co.jp/article/2004/04/05/iespyad.html IE-SPYAD Manual (Japanese) http://www.geocities.jp/iespyad_jpn_manual/table_of_contents.html IE-SPYAD Manual (Serbo-Coatian) http://www.elitesecurity.org/tema/28137/0#578049 ============== Using IE-SPYAD ============== Now that you've installed the IE-ADS.REG file, you may be wanting more information about how the ad blocking and privacy protection techniques of this file works. What follows is a short FAQ (Frequently Asked Questions) list for IE-ADS.REG. ---------------------------------- What is the Restricted sites zone? ---------------------------------- Briefly, the Restricted sites zone in Internet Explorer contains a list of sites that must follow very strict rules of behavior when you surf to them with Internet Explorer (Netscape Navigator/Communicator does not use the Restricted sites zone). You can specify the sites that are put into the Restricted sites zone as well as the policies those sites must follow. By setting the policies for the Restricted sites zone to a very high level of security, we can ensure that any web sites added to the Restricted sites zone cannot do certain things which could compromise your privacy and security -- e.g., place "cookies" on your hard drive; use Java, Active-X, or scripting; install programs behind your back, etc., etc. The Restricted sites zone allows you to set policies to govern the use of browser technologies and features which can be used by web sites to threaten your security and privacy. These threats include such things as: * ActiveX controls * Java applets * JavaScript * cookies * download and installation of desktop items * use of email address as anonymous FTP password * "User data persistence" If you followed the instructions in this ReadMe to install IE-ADS.REG, then you: 1. added a long list of known ad/spy servers to the Restricted sites zone 2. set the security policies of the Restricted sites zone to a very safe level By adding all those ad/spy servers to the Restricted sites zone, you have prevented them from engaging in all sorts of nasty behavior when you visit web sites that may use those servers to present banner advertisements. In short, the Restricted sites zone protects your privacy with advertisers by placing your browser on a "short leash" whenever it communicates with those ad/spy servers. -------------------------------------- How can I tell if IE-SPYAD is working? -------------------------------------- When you visit web sites, look in the bottom right hand corner of Internet Explorer, where you will see a small icon telling you which Security zone ("Internet," "Trusted," "Restricted") applies to that site. Try pointing your browser to this web site: http://www.doubleclick.com If the Restricted sites zone of Internet Explorer is doing its thing (using the information from IE-ADS.REG), then you should see a red icon in the bottom right hand corner of Internet Explorer indicating that doubleclick.com falls in the Restricted sites zone. Occasionally, you will hit sites which fall solely in the Restricted sites zone, as in our example above. More often, though, you'll simply see a "Mixed" zone. If you visit a page which uses banner advertisements served up by one of the ad servers in the Restricted sites zone, you will likely see the icon in the bottom right hand corner of Internet Explorer turn to a "Mixed" zone, meaning that most of the page belongs to one zone (probably the Internet zone), but that the site is drawing some information (banner ads) from one or more of the ad servers in the Restricted sites zone. ---------------------------------- I'm still seeing ads on web pages. Why isn't it working? ---------------------------------- IE-ADS.REG cannot cause Internet Explorer to start blocking ads. You will still see ads on web pages after loading IE-ADS.REG. By placing all those servers and domains into the Restricted sites zone, however, IE-ADS.REG does prevent those servers and domains from doing certain types of things with your web browser, like placing cookies or using JavaScript. If you're interested in blocking ads so that you don't even see them, there are any number of solutions out there, including the use of a HOSTS file, or use of one of the many programs that exist to block ads. For more information about these ad blocking solutions, see these two web pages at my web site: http://www.spywarewarrior.com/uiuc/soft8.htm http://www.spywarewarrior.com/uiuc/soft8a.htm -------------------------- I'm still getting pop-ups. Why isn't it working? -------------------------- IE-SPYAD can reduce the number of pop-ups that you see at web pages. Unfortunately, it cannot entirely eliminate them. Pop-ups can be launched from web pages in a number of different ways. IE-SPYAD will block some but not all of them. If you want to completely eliminate pop-ups, you ought to look into a dedicated pop-up blocker. You can find a list of them on this page: http://www.spywarewarrior.com/uiuc/soft8.htm#PopUps --------------------------------------------------- Now that I've installed IE-SPYAD, I'm getting these ActiveX warnings? Why am I getting these errors? --------------------------------------------------- Once you add IE-SPYAD's list of sites and domains to your Restricted sites zone, you may start receiving pop-up notifications from Internet Explorer when you visit certain web sites, even though the web site itself isn't in your Restricted sites zone. That notification usually reads: "Your current security settings prohibit ActiveX controls on this page. As a result, the page may not display correctly." These notifications are related to IE-SPYAD's additions to your Restricted sites zone. That may not be immediately apparent if the main web site you're visiting doesn't fall in the Restricted sites zone. The "error" that you're seeing isn't really an "error" -- it's simply Internet Explorer's way of telling you that some element of the web page attempted to use ActiveX controls but couldn't because the content source fell within the Restricted sites zone. You'll see that while using IE-SPYAD. It doesn't necessarily indicate a problem; in fact, it really indicates that IE-SPYAD is doing it's job. Unfortunately, there's no way to turn that warning off without changing the settings for ActiveX controls in the Restricted sites zone. If that third-party content is absolutely essential for the web page you're viewing, there are ways to identify which entry in IE- SPYAD is causing the problem. See the "How can I tell which entry is causing a problem with a web site?" question below for more information. ------------------------------------------------- Now that I've installed IE-SPYAD, some web sites are classified as being in a "Mixed" zone? Why is that happening? ------------------------------------------------- A "Mixed" zone icon (found in the bottom right-hand corner of Internet Explorer) means that the web site or web page you're visiting is drawing content from multiple sources, some of which fall in the Restricted sites zone. Here's what's happening: Many web sites and web pages are built from content that's drawn from several different sources. Those sources may include not only the web site or page that you're visiting, but third-party advertisers. If you access a web page that's using content drawn from an advertiser or crapware pusher that's in the Restricted sites zone, then Internet Explorer will classify that content (but not necessarily the entire web page) as falling within the Restricted sites zone. Since the content is being drawn from multiple sites in multiple zones, Internet Explorer can't classify the site as merely "Restricted" or "Trusted" or "Internet" -- such would present a misleading picture of the web site's content. That's why you'll sometimes see Internet Explorer labeling a page as "Mixed," instead of "Internet" or "Trusted" or "Restricted." A "Mixed" zone web page is drawing content from mutliple sources that fall within different zones. ------------------------------------------- How can I see which domains or servers have been added to the Restricted sites zone? ------------------------------------------- There are two ways to view the list of servers or domains which IE-ADS.REG puts in the Restricted sites zone. First, you can view the list of sites BEFORE installing IE-ADS.REG by opening IE-ADS.REG in a simple text editor like Notepad. .REG files are, in reality, merely text files formatted for use by REGEDIT.EXE, a utility which edits and manages the Windows Registry (which is itself a vast storehouse of information about your Windows configuration). To open IE-ADS.REG in Notepad, simply right-click on the file and select "Edit" from the context menu that pops up. You can enable or disable domains in this .REG file by editing the entries. For more info on editing and customizing IE-ADS.REG, please see the question below, "How can I customize IE-ADS.REG?" Second, you can view the list of domains and servers after they have been added to the Restricted sites zone. In other words, you can see what domains and servers are actually in the Restricted sites zone at any one time. To do so: 1. Open "View" or Tools," then "Internet Options," then click the "Security" tab. 2. Select the Restricted sites zone and then click "Sites." A list of all the domains in the Restricted sites zone will appear. You can remove domains or servers from this "Sites" list. For more info on removing sites from the Restricted sites zone "Sites" list, see the next question, "Now that I've installed..." ------------------------------------------ One of the web sites that I normally visit isn't working right. How can I remove it from the Restricted sites zone? ------------------------------------------ Some web sites might require your browser to "play nice" with a server from a domain that has been placed in the Restricted sites zone. For example, a web site might complain that it can't place a "cookie" on you hard drive, or that it can't use Java, and that it needs to do one of these things in order for the page to work. Perhaps you try to launch a streaming audio file by clicking on a link, and the link doesn't appear to work. If you trust the web site, you can try removing the offending domain entry from the Restricted sites zone: 1. Identify which domain (e.g., cnn.com or doubleclick.com) is being restricted. Note that web pages can draw content from multiple sources, including third party sources. See the next question for tips for identifying the specific entry that might be causing you problems with a web site. 2. Open "View" or Tools," then "Internet Options," then click the "Security" tab. 3. Select the Restricted sites zone and then click "Sites." A list of all the domains in the Restricted sites zone will appear. 4. Scroll down until you find the offending entry and click "Remove." 5. Click "OK" to accept your changes. 6. Clear your "Temporary Internet Files" (on the "General" page of "Internet Options"). 7. Click "OK" to close the "Internet Options" settings box. 8. Now try reloading the page. Note that you might have to pay very close attention to the web page to figure out which domain is being restricted. ------------------------------------- How can I tell which entry is causing a problem with a web site? ------------------------------------- Web pages can draw content from multiple sources, including third party sources. Thus, for example, you might visit www.cnn.com and encounter a widget on that page that doesn't work. But that widget isn't being drawn from cnn.com (which isn't even IE-SPYAD). In this case, you'll have to identify the sources for the content on cnn.com's home page. It's likely that the widget is being pulled from some third-party source (say, doubleclick.net) that IS in IE-SPYAD's list of Restricted domains and servers. If you can identify the source for content that isn't working, you can then remove the entry which is causing the problem from the Restricted sites zone. It can be a bit tricky to identify all the sources for a web page's content. One good tip-off that a web page is drawing content from multiple sources is the "Mixed" zone icon that you might see in the bottom right-hand corner of Internet Explroer. A "Mixed" zone means that a web page is drawing content from multiple sources which fall into different zones. One of those sources is likely in the Restricted sites zone. There are several ways to identify all the sources for a web page's content: 1. Info on the page itself Hover your mouse over images (esp. banner ads) and other links and watch the bottom band of Internet Explorer, which previews the sites which are linked to. You can also right-click on images and look at the "Properties" for those images. Either method will provide some indication as to where page content is being drawn from. 2. The IE6 Privacy Report In Internet Explorer 6.0, go "View" >> "Privacy Report." The Privacy Report gives you a rundown of "Web sites with content on the page." 3. Personal firewall logs Most personal firewalls provide logging of some sort, and you can look through your firewall's logs to get some indication of the sources for a page's content. 4. View the HTML source Go "View" >> "Source" to open the HTML source for a page. Looking through HTML can be a pain, but it does reveal all the sources for page content. Note: if the site uses frames, you'll have to open the framed page separately (right click on the framed page, then "Open Frame in New Window"). Then you can "View" >> "Source." It's not always difficult to track down the specific entry in the Restricted sites zone that's causing a web site not to work, but sometimes it does require some patience. ================================ About IE-SPYAD's List of Entries ================================ ------------------------------------------------ How do you decide what sites to add to IE-SPYAD? ------------------------------------------------ There's a short answer to this question and a longer answer. Here's the short answer. I build IE-SPYAD and AGNIS (my block lists for AtGuard, Norton Internet Security, and Outpost) from several sources of information: 1. discussions in major anti-spyware forums such as: SpywareInfo Forums: (http://www.spywareinfo.com/forums/) Spyware Warrior: (http://spywarewarrior.com/index.php) CastleCops: (http://castlecops.com/forums.html) 2. the latest updates to well-known anti-crapware programs such as: SpyBot Search & Destroy: (http://security.kolla.de/) Lavasoft Ad-aware: (http://www.lavasoft.de/) SpywareBlaster: (http://www.javacoolsoftware.com/spywareblaster.html) 3. other crapware reference sites such as: and.doxdesk.com: (http://www.doxdesk.com/parasite/) CounterExploitation: (http://cexx.org/adware.htm) Kephyr.com: (http://www.kephyr.com/) PestPatrol: (http://www.pestpatrol.com/) SpywareGuide.com: (http://www.spywareguide.com/) Webhelper:(http://www.webhelper4u.com/) 4. the latest updates to HOSTS files from: hpguru: (http://www.hosts-file.net/downloads.html) MVPS: (http://www.mvps.org/winhelp2002/hosts.htm) I also draw on information gathered in the course of my own web surfing. I not only pay attention to the actions of web sites that I visit (by carefully inspecting those web pages, their HTML sources, and my personal firewall's logs), but I keep abreast of current tech news from such sites as CNET (http://www.news.com.com) and Wired News (http://www.wired.com/news/). The sites are domains that are added to IE-SPYAD are associated with: * commercial advertisers (that serve up banner ads and pop-ups/pop-unders) * crapware/adware pushers (that deliver adware, spyware, homepage hijackers, or other unwanted, intrusive web applications and widgets) I do tend to err on the side of caution. If a site or domain is primarily associated with delivering advertising or unwanted web applications, I will add it to IE-SPYAD's list of Restricted sites. Commercial advertisers have a bad history of escalating the means and methods they're willing to use to deliver advertising and crapware to users' systems (and their privacy policies are completely malleable, representing almost no protection at all to web surfers). For a more complete discussion of the reasons that sites and domains might be included in IE-SPYAD, see the following web page: Targeting & Inclusion Policy http://www.spywarewarrior.com/uiuc/target-policy.htm ~~~~~~~~~~~~~~~~~ The Longer Answer ~~~~~~~~~~~~~~~~~ AGNIS and IE-SPYAD are built from the same basic block list. Users of IE-SPYAD and AGNIS often ask, "Where do you get your information to add new entries to AGNIS or IE-SPYAD?" The answer to that question isn't a simple one, and what follows is a somewhat detailed explanation. I get my info from a number of different sources: 1) Other block lists IE-SPYAD and AGNIS were originally based on Stephen Martin's old HOSTS file (http://www.smartin-designs.com/), but Stephen Martin no longer updates or supports his HOSTS file. I do occasionally look at other block lists that folks have built for web filtering programs. I go through those lists, looking for new domains that are primarily associated with advertisers, marketers, and crapware pushers. I then visit those domains to verify that they are in fact used by marketing and advertising outfits. I do not blindly dump new sites or domains into IE-SPYAD and AGNIS -- I pick and choose. Many of these other block lists aren't maintained very well, so it's rare that I find much of anything that I didn't already have. 2) SpywareInfo Support Forums Mike Healan's SpywareInfo hosts several important discussion forums: http://www.spywareinfo.com/forums/ ...where people with crapware problems can seek help. In particular, the "Spyware and Hijackware Removal Support" forum is esp. useful. Several other forums now specialize in troubleshooting crapware problems for users as well: cexx.org Discussion Boards http://boards.cexx.org/index.php? CastleCops.com Forums http://www.castlecops.com/forums.html Safer Networking Forums http://forums.spybot.info/ Spyware Warrior http://spywarewarrior.com/index.php Tech Support Guy Forums http://forums.techguy.org/ ...to name only the most prominent ones. Users regularly bring system logs generated with HijackThis! and StartupList (both available from http://www.spywareinfo.com/~merijn/ ) into these forums for troubleshooting advice. Those logs (and the discussions that result from them) are invaluable for identifying new sources of spyware/adware/hijackware. 2) Other Crapware Reference Sites I constantly comb through several well-known crapware reference sites for leads on new forms of crapware and the outfits that distribute them: and.doxdesk.com http://www.doxdesk.com/parasite/ CounterExploitation http://cexx.org/adware.htm Kephyr.com http://www.kephyr.com/ PestPatrol (Safersite) http://www.pestpatrol.com/ http://www.safersite.com/ Spyware Guide http://www.spywareguide.com/ Webhelper: http://www.webhelper4u.com/ All five of the above sites keep excellent data about spyware, adware, hijackers, and dialers, including distribution and uninstallation information. 4) Anti-Spyware Program Updates I monitor the updates to programs such as: Ad-aware http://www.lavasoft.de/ SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html SpyBot Search & Destroy http://security.kolla.de/ ...looking for new forms of crapware. SpyBot Search & Destroy is esp. useful because of the included .NFO files that contain detailed info on the programs it targets. Occasionally, all I'll get is the name of a program or direct marketing outfit -- some digging in Google turns up the rest. 5) News Stories Direct marketers and crapware pushers are often desperate to get their names in front of the public in order to attract sales and investors. Thus, major tech media outlets such as: CNet http://news.com.com/ IDG http://www.idg.net/ Wired.com http://www.wired.com/news/ ZDNet http://www.zdnet.com/ ...(to name a few) regularly carry stories about direct marketing outfits and crapware pushers, esp. those who are doing things new and noteworthy. The online technology sections for newspapers such as: New York Times http://www.nytimes.com/ San Francisco Chronicle http://www.sfgate.com/ San Jose Mercury News http://www.bayarea.com/mld/mercurynews/ Washington Post http://www.washingtonpost.com/ ...are also helpful in this regard. 6) Discussion forums I monitor privacy & security oriented forums such as: DSLR/BBR Security forum http://www.dslreports.com/forum/security,1 http://www.broadbandreports.com/forum/security,1 Wilders.org http://www.wilderssecurity.com/ GRC's newsgroups http://grc.com/discussions.htm ...as posters often provide useful info about and pointers to new forms of advertising and crapware. 7) Web sites of direct marketers themselves I spend a good amount of time going through the web sites of known advertisers and crapware pushers themselves. You'd be surprised what a little digging can turn up. When I visit a direct marketer's web page, I look at the HTML source as well as the following sections of the web site (if they exist): * About Us (Our Company) * Partners * Privacy Policy * Products * Services * History * Demos * Contact Us I'm looking for affiliated/related web sites, names of products and services, names of partners/affiliates, etc. Esp. in the case of adult-oriented companies, the network of relationships can be quite complicated. I'll often follow up by doing searches within Google (which can be a more trustworthy/reliable source of info than the marketers and crapware pushers themselves). Occasionally I stumble across web sites that yield a "mother load" of links to direct marketers and crapware pushers. This is esp. true of web sites targeted towards webmasters (and adult site webmasters), as such web sites often include handy indices of direct marketing networks, technologies, partnering programs that webmasters might be interested in. A lot of this is just persistence and following one link to another, looking through the HTML source for web pages, or taking the name of a marketing outfit and digging for info in Google. 8) My own web surfing I monitor my firewall logs and track down new entries based on info that I find there. I pay attention to what's happening at web pages that I visit. I've even been known to drop all my "defenses" and deliberately go trolling for crapware and other obnoxious direct marketing gimmicks at dodgy web sites. If I come across an unfamiliar program, I'll download it and inspect it. I unpack .CAB files when necessary, and look at the Properties and Digital Signatures for each file. I also look at installer .INF files for clues as to the origin or author of the program. Again, often all it takes is a name that I can plug in to Google. --- So, there's no one source for the information that feeds into AGNIS and IE-SPYAD. It comes from a lot of different places. ------------------------------------- Why can't you make sure that IE-SPYAD doesn't block normal, harmless stuff? ------------------------------------- If I could find some way that IE-SPYAD would never cause anyone any problems, I would do it. Unfortunately, there's no easy way to build a block list that will be 100% problem-free for everyone. Block lists are fairly blunt instruments, and when thousands of users with thousands of different preferences and surfing habits are using a block list, problems will inevitably arise. Adding a site or domain to IE-SPYAD always involves decisions, and these decisions can be difficult for several reasons. | 1. There's no easy way to distinguish "dangerous" | | web sites from "innocuous" ones. | People sometimes ask me why I include sites and domains in IE-SPYAD that they don't regard as "dangerous," thus getting in the way of "normal internet activities." Classifying web sites as "dangerous" or "innocuous" isn't as easy as it might first sound, though. Doubleclick.net, for example, would seem to be an obvious candidate for the Restricted sites zone. If doubleclick.net doesn't qualify as a domain worthy of putting in the Restricted sites zone, then nothing does. Yet, I've received emails from folks who were having problems accessing content on gaming sites because of the doubleclick.net entries. Those gaming sites (all completely legitimate and innocuous) were forcing users to download game content through doubleclick.net. Should doubleclick.net then be removed from IE-SPYAD? Another example is the GAIN (Gator Advertising Information Network) network and all of its affiliates. Many folks consider Gator "spyware," yet plenty of folks like Gator. Should Gator be removed? If there were any easy way to distinguish between "only seriously dangerous rogue sites" (i.e., sites that everyone would want blocked) and "non-dangerous" sites (sites that only some people want blocked), life would be easy. But it isn't. That means that you may encounter sites in IE-SPYAD that cause you problems and whose inclusion in IE-SPYAD you may disagree with. As things stand, the best I can do is: * look at sites on a case by case basis (as I do now); * keep a "Not for Everyone" section for problematic sites likely to cause lots of folks headaches (as you'll find now in IE-SPYAD); * look into problems with sites as they come up (as I do in several online forums and via email on a regular basis). Unfortunately, privacy and security online involve tradeoffs with convenience. That's true of any privacy and security solution, whether we're talking about IE-SPYAD, a tightly configured Internet zone, other web filtering solutions (which almost all rely on block lists), a HOSTS file, firewalls, anti-virus/anti-trojan solutions, crypto software -- you name it, there are trade-offs. There will never be a point at which privacy and security won't come at the expense of "normal internet activities," because what counts as "normal internet activities" will always vary from person to person. The best that can be done is attempt to minimize those tradeoffs as much as possible. | 2. B2B companies complicate the picture. | There is a particular kind of B2B-oriented company on the Internet that is becoming increasingly prevalent -- namely, companies that provide internet services and content for other companies and web sites. Web surfers and online consumers may directly encounter this "third-party" content and these "third-party" services while visiting web sites which have contracted out for such services and content. Many of these types of companies supply streaming media applets and online support chat widgets to e-commerce sites. The grand-daddy of this type of company is Akamai, a load-distribution service that serves up content for client web sites. Other examples of such companies include: CameoCast/CameoOne CenterSpan Chaincast PrumulGate/DelFin Project EyeWonder Hiwire Networks Ibsys.com ifilm InstaContent InstantService ipix Kontiki LivePerson Netopia (eCare/Timbuktu) Prospero Pulse3d Red Swoosh QuickFlicks SpaceSea StreamMagic/Fordale/DownloadWare Unicast Viewpoint We're also starting to see companies that specialize in IP (intellectual property) management, DRM (digital rights management), and content protection. Such companies include: BandLink CDilla/Macrovision CleverContent ContentAuditControl These companies are becoming increasingly aggressive in pushing web applications and other widgets onto end users' systems. And, finally, there is a unique class of companies that provide applications and networking solutions to ISP's (internet service providers). BroadJump IpInsight Tioga Systems These ISP-service companies (for lack of a better term) often supply their ISP clients with software that can be installed on end users' system, turning those users' internet connections into direct marketing and content delivery vehicles. These types of companies (is there a handy term for them?) are always difficult to classify, because in some cases they may supply completely legitimate content for client web sites. In other cases they may serve up advertising and unwanted, intrustive, "drive-by- download" web widgets. I examine each of these companies on a case-by-case basis, though the decisions that I make are never easy and should never be regarded as final. | More Information | IE-SPYAD is only one of several block lists that I build. The others are AGNIS (for AtGuard and Norton Internet Security) and AGNIS for Outpost (for Agnitum's personal firewall). IE-SPYAD and all versions of AGNIS are built from a common source of entries, though there are differences between the two lists. Most notably, IE-SPYAD does not incorporate any URL fragments such as "/ad_server". In fact, when updating, I build the AGNIS lists first. If you'd like more information about the entries included with IE-SPYAD, you can download AGNIS, which includes a "full" list that serves as a kind of "master list" for all of my block lists. http://www.spywarewarrior.com/uiuc/resource.htm#AGNIS The "full-original" AGNIS list (AG-ADS-ORG.REG, located in the \ORG sub-dir of the AGNIS installation directory) is an editable/viewable .REG file in which all the entries are broken down into sections (advertisers, crapware, et al). That "full- original" AGNIS block list should give you a good idea of how I classify and think about the sites and domains that I've included in IE-SPYAD. | If You Do Have a Problem with an Entry... | If you do run into a problem with an entry in IE-SPYAD that is causing you difficulties with a web page that you frequently visit, please contact me and let me know: eburger68@myrealbox.com In your email, please tell me what entry is causing the problem (if you know). Also, if you have an example web page where I can see the problem in action, send along the URL. I can't guarantee that the entry that is causing you problems will be removed from IE-SPYAD, but I will take a look at the information you provide and consider a course of action. I'm human, and I have been known to make mistakes. In cases where an entry clearly has no connection with a direct marketing company or crapware pusher, I'm happy to remove the entry, esp. if it's one that is likely to cause many users problems. ----------------------------------------------- How do you create IE-SPYAD from the AGNIS list? ----------------------------------------------- IE-SPYAD is only one of the "block lists" that I offer from my web site. The other is AGNIS (http://www.spywarewarrior.com/uiuc/resource.htm#AGNIS), which was originally created for AtGuard and Norton Internet Security, but has since been ported for use in Norton Personal Firewall 2003, Agnitum Outpost, and AdShield. When updating my block lists, I build the original AGNIS list for AtGuard/NIS first. Indeed, it serves as a kind of "master list" for all of my other lists, including IE-SPYAD. All of the changes you see listed in the "Additions & Changes to AGNIS & IE-SPYAD" (http://www.spywarewarrior.com/uiuc/res/list-changes.txt) are organized by the categories that are used in the "full-original" AGNIS list, which you can find in the \ORG directory after you unpack AGNIS (look for the files AG-ADS-ORG.REG or NIS-ADS-ORG.REG). Once the "full-original" AGNIS list has been updated, I build the updated version of IE-SPYAD. Although the IE-SPYAD IE-ADS.REG file does use some categories which are similar to the categories you find in AGNIS, there aren't as many. So how do I decide what categories to place sites and domains in when I build the IE-SPYAD list? Basically, what I do is convert or translate the many categories you find in AGNIS to the more basic categories in IE-SPYAD. Here's a table that explains the conversion process: AGNIS Category IE-SPYAD Category Explanation -------------- ----------------- ----------- EMAIL NASTIES | BIG AD DOMAINS | MISC AD DOMAINS | CRAPWARE DOMAINS |--> MAIN All of these AGNIS categories DIALERS | are added to the MAIN section MISC SERVERS | w/ the exception of IP addresses ADULT NETWORKS\SERVICES |--> ADULT NETWORKS\SERVICES identical categories ADULT HOSTING |--> ADULT HOSTING identical categories NOT FOR EVERYONE |--> NOT FOR EVERYONE identical categories REMOVED |--> REMOVED identical categories PHRASES | PREFIXES |--> n/a (discarded) IE-SPYAD has no equivalents WEB BUGS | as IE cannot handle URL HYBRIDS | fragments such as these There is one category in IE-SPYAD for which there is no comparable one in AGNIS: IP ADDRESS RANGES. Internet Explorer handles IP address ranges differently in the Registry from standard domain names. So, I put all IP addresses in a separate category in IE-SPYAD so that they can be updated and maintained more easily. There are several other minor differences between the AGNIS and IE-SPYAD lists that I won't bother discussing here -- most of these differences come down to entry formatting issues. If you're seriously interested in how I classify web sites and build the IE-SPYAD list, I would urge you to download AGNIS (http://www.spywarewarrior.com/uiuc/resource.htm#AGNIS) and take a look at one of the "full-original" lists in the \ORG sub-dir. ==================== Customizing IE-SPYAD ==================== ------------------------------- How can I customize IE-ADS.REG? ------------------------------- The Restricted sites for Internet Explorer takes the form of a .REG file -- a Windows Registry file. .REG files are, in reality, merely text files formatted for use by REGEDIT.EXE. As such, they can be edited using any simple text editor like Windows Notepad. To open the Restricted sites(IE-ADS.REG) in Windows Notepad, right-click on IE-ADS.REG file and select "Edit" from the context menu that pops up. IE-ADS.REG should open right up in Notepad. If this doesn't work, try opening Notepad from the "Start" menu, navigating to the appropriate directory or folder through "Open," and opening IE-ADS.REG that way (you'll have to tell Notepad to look for "*.* - All Files" first). If you edit IE-ADS.REG in a text editor like Notepad, you will not only be able to see the entries that will be added to the Restricted sites zone in Internet Explorer, but you will be able to add or modify entries. Here's a quick introduction to the syntax of the entries in the IE-ADS.REG file: To add this entry... .doubleclick.com/ ...into our currently loaded ad block list, we would need an entry in the IE-ADS.REG file that looks like this... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\doubleclick.com] "*"=dword:00000004 Note that there are TWO lines here separated by a carriage return. The first, which is "wrapped" in this example (and will "wrap" when you open IE-ADS.REG), is... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\doubleclick.com] The first part specifies the key location in the Registry where Windows will store this entry. The second part specifies the "key name" (doubleclick.com). All parts are separated by backslashes ( \ ). The second line contains the "key value"... "*"=dword:00000004 ...which assigns doubleclick.com to the Restricted sites zone. As explained above, the NOT FOR EVERYONE section includes a number of entries which are not enabled by default. Most of these entries are "disabled" (and will not be added to your ad block list) because they have been "remarked out" with a semi-colon and space ( ; ). Note that there are TWO sets of semi-colon and space: one for the "key name" (the first line), and one for the "key value." Thus, to enable the following "disabled" entry... ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] ; "*"=dword:00000004 ...you would edit the entry to look like... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] "*"=dword:00000004 ...save your changes in Notepad, and then merge the .REG file into your Registry by double-clicking on it. The examples we've looked at so far involve simple domains like msid.com or doubleclick.com. When dealing with specific servers like reg.bluemountain.com, however, IE-ADS.REG uses one additional line. Here's the complete entry for a server like reg.bluemountain.com (which is "disabled" here): ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\bluemountain.com] ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\bluemountain.com\reg] ; "*"=dword:00000004 The first line here specifies a "key name" for the domain itself, but doesn't specify a "key value." The second and third lines specify a second, subordinate "key name" for the specific server as well as a "key value." Once we specify a "key name" for a domain without a "key value," we can add any number of subordinate "key names" and "key values" for specific servers from this same domain. Thus, for yahoo.com we have... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\yahoo.com] ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\yahoo.com\eur.rd] ; "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\yahoo.com\geo] "*"=dword:00000004 Note that the first server specific entry for eur.id.yahoo.com is "disabled," while the second entry for geo.yahoo.com is "enabled." ------------------------------------------ Why is there a "Not for Everyone" section? ------------------------------------------ Some popular web sites and domains may cause problems for some folks if those sites and domains are put into the Restricted sites zone. Still other users may actually want to put those sites and domains into the Restricted sites zone. The "Not for Everyone" section is an attempt at some sort of compromise. The domains in that section are grouped by domain for easy reference. Most (but not all) sites and domains in the "Not for Everyone" section are disabled by default. Disabled entries are preceded by a semi-colon (;), as in this example: ; RemindU ; ------- ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\upromise.com] ; "*"=dword:00000004 In other words they're commented out. You don't have to remove those lines in order to prevent IE-SPYAD from adding upromise.com to the Restricted sites zone because RegEdit will ignore those lines in the first place. That's what happens when you comment out lines -- they're ignored. Users who want to add those disabled sites and domains to the Restricted sites zone can edit the appropriate entries in the "Not for Everyone" section. I describe how to "enable" those entries in the section just above. I got the idea for the "Not for Everyone" section from Stephen Martin's old HOSTS file, which included an identically named section. Indeed, you'll find that most of the sites and domains in his "Not for Everyone" section have made it into mine. --------------------------------------- How can I save my customizations to the "Not for Everyone" section? --------------------------------------- Some IE-SPYAD users like to customize the "Not for Everyone" section, enabling many of the entries in that section that are disabled by default. The question they encounter is this: how can they preserve their customizations across installations of IE-SPYAD? In other words, do they need to customize the "Not for Everyone" section every time a new version of IE- SPYAD is released? The answers: yes, you can preserve your customizations across installations of IE-SPYAD; no, you do not need to customize every single new version of IE-SPYAD. First, remember that the uninstaller (IE-ADS-UNINST.REG) is built from the installer (IE- ADS.REG). Entries that are disabled in the installer are also disabled in the uninstaller. Thus, unless you customize the uninstaller and enable the same entries, any entries you enabled in the installer will NOT be uninstalled when you run the uninstaller. In other words, any entries you enable from the "Not for Everyone" section will remain in the Restricted sites zone even after you use the uninstaller because those entries are still disabled in the uninstaller (unless you've enabled them). For more information on how the IE-ADS.REG and IE-ADS-UNINST.REG files work, see the "How can I customize IE-ADS.REG?" section above. Second, even though your customizations will be preserved across new installations of IE- SPYAD, you might want to save a copy of your customizations. Here's how to do it: 1. Create a new .REG file Simply pop open Notepad, add the following as the first line of the file: REGEDIT4 ...and save the file as a .REG file -- example: MY-PREFS.REG. 2. Open IE-SPYAD Right-click on the latest IE-ADS.REG file that you got with IE-SPYAD, and select "Edit" from the context menu. IE-ADS.REG will open in Notepad (.REG files are just plain text files). 3. Copy the "Not for Everyone" section Highlight, copy, and then paste the "Not for Everyone" section from IE-ADS.REG over to your new custom .REG file. Make sure you paste the "Not for Everyone" section at least two lines under the REGEDIT4 line, which is the first line of your custom .REG file. Once you've copied that section over, you can close IE-ADS.REG. 4. Customize, customize, customize Enable all the entries you want in your custom .REG file by removing the semi-colon ( ; ) and space in front of each entry. Thus, to enable the following "disabled" entry... ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] ; "*"=dword:00000004 ...you would edit the entry to look like... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] "*"=dword:00000004 5. Save your changes in Notepad That's it. You now have a custom .REG file that contains your own personalized "Not for Everyone" section. If you haven't already merged your customizations into the Registry, do so now by double-clicking on it. (Don't worry about duplicate entries between IE- ADS.REG and your custom .REG -- any duplicates will simply be overwritten in the Registry.) Normally you won't have to use this custom .REG file. If you completely clear the Restricted sites zone, or if you completely reinstall Windows, hoeever, this custom .REG file will allow you to add your custom-enabled entries back into the Restricted sites zone quickly. Note that the procedure outlined above for creating a customized "not for Everyone" file works only for customizations in which you *enable* entries that are disabled by default in IE-ADS.REG. If you wish to create a customized "Not for Everyone" section that will DISABLE entries that are enabled by default in IE-SPYAD's IE-ADS.REG, see the next section. ------------------------------------- How can I save my "disabled" entries? ------------------------------------- Although I try to ensure that the entries included in IE-SPYAD don't break popular web sites, it's simply impossible to meet the needs of every last user. Thus, there may be entries in IE-SPYAD's Restricted sites list that you don't want added to your Restricted sites zone. The problem, of course, is that every time you install an updated version of IE- SPYAD, those entries will be added back into the Restricted sites zone, forcing you to remove them all over again. Fortunately, there is a way around this hassle: create your own custom uninstaller, or "exclude list." The idea behind a custom uninstaller or "exclude list" is to create a custom .REG file that uninstalls entries from the Restricted sites zone that you don't want in that zone. You can use you custom uninstaller every time you update IE-SPYAD, instead of removing those problematic entries one at a time by hand. Here's how to create a custom uninstaller: 1. Create a new .REG file Simply pop open Notepad, add the following as the first line of the file: REGEDIT4 ...and save the file as a .REG file -- example: MY-PREFS.REG. 2. Open IE-SPYAD Right-click on the latest IE-ADS.REG file that you got with IE-SPYAD, and select "Edit" from the context menu. IE-ADS.REG will open in Notepad (.REG files are just plain text files). 3. Find & copy all the problematic entries Locate the entry for each domain or site that's causing you headaches and which you never want to see in the Restricted sites zone. Thus, if llzz.com shouldn't be in the Restricted sites zone, you would find and copy... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\11zz.com] ...over to your new custom uninstaller .REG file. Ignore the... "*"=dword:00000004 ...which you see immediately under the main entry. And be sure to paste your copied entries at least two lines under the REGEDIT4 line which leads off your custom uninstaller .REG file. Once you've copied all the problematic entries, close IE-ADS.REG. 4. Edit your custom .REG file .REG files can be used to remove keys from the Registry as well as add them. To turn your new .REG file into one which removes or uninstalls entries from the Restricted sites zone, you need to make a small change to each of the entries you copied over from IE-ADS.REG. Add a hyphen ( - ) to the front of each entry, so that it looks like this: [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\11zz.com] That hyphen ( - ) instructs the Windows Registry Editor (REGEDIT.EXE) to remove that entry from the Registry, not add it. (If no such entry is in the Regsitry, the line is ignored.) 4. Save your changes Once you've edited every entry in the manner described above, save your changes and close Notepad. You've now created a custom uninstaller or "exclude list." After you merge a new version of IE-SPYAD's IE-ADS.REG into the Registry, simply merge your uninstaller afterwards. That uninstaller will remove all the problematic entries you don't want to see in the Restricted sites zone. ----------------------------------- Why are there two "Adult" sections? ----------------------------------- There are two "Adult" sections: * Adult Networks/Services This section target advertising networks, referrers, counters, and other direct marketing sites that primarily serve "adult" web sites. * Adult Hosting This section targets large hosting networks for adult sites. You'll also find some porn-related sites in the "Main" section; those sites are known sources of crapware, homepage hijacking, or other malicious activity. The purpose of IE-SPYAD is to put restrictions on obnoxious advertisers, marketers, and crapware pushers, not to block pornography or other content which some users may find offensive or objectionable. The problem with so many porno sites, however, is that they often use incredibly aggressive, even dangerous, direct marketing tactics. Moreover, web surfers can easily get sucked into these sites and domains quite unwittingly and unintentionally (and no, I'm not joking here -- it happens). I've included a large number porno sites and domains precisely because of the aggressive direct marketing that these sites and domains often use, not because I feel that the content that they serve ought to be blocked. Indeed, I take no position whatsoever on the content that you may find on those sites. Still further, because I don't want to be understood as somehow offering a porno blocking tool, I've deliberately segregated porno sites into the "Adult" sections (like Stephen Martin's old "Adult" HOSTS file) so that users who may want to use those sites without restrictions can easily remove the appropriate entries. Please note that there used to be a "Adult Domains (Misc)" section in IE-SPYAD, which contained a large number of "run-of-the-mill" porn sites. That section has now been moved to a separate file, which you can find in the \ADULT sub-directory of the main IE-SPYAD installation directory. ---------------------------------------------------- What happened to the "Adult Domains (Misc)" section? ---------------------------------------------------- On April 26, 2003, most "run-of-the-mill" adult domains, previously classified under the section "Adult Domains (Misc.)," were removed from the main IE-SPYAD and AGNIS block lists. The reasons for this action are several: * Overly Large Block Lists The IE-SPYAD and AGNIS block lists were becoming incredibly large (4800 + domains at one point), and I became concerned that the size of these block lists might begin affecting the performance of the applications for which they were built. At least one program, AtGuard, is known to fail when very large block lists are used. Removing the misc. adult domains (about 930+ domains) gives the IE-SPYAD and AGNIS lists room to grow. * Questions of Value The value of continuing to add these misc. adult domains was becoming increasingly dubious. While "run-of-the-mill" adult sites can present dangers to users, most of those dangers seem to take the form of spyware, homepage hijackers, dialers, and aggressive advertising that are pulled from other sources which are already covered in the main (non-adult) sections of IE-SPYAD and AGNIS. Moreover, the list of potential adult domains is virtually endless and ever growing. Stephen Martin used to make an "Adult" HOSTS file available from his site (http://www.smartin-designs.com/). That file contained about 31,000 unique adult domains. By contrast, at its peak the misc. adult domains section in AGNIS and IE-SPYAD contained about 1300. So why target those 1300 and not a different group of adult domains? There is (and was) no good reason, save the fact that I just happened to stumble upon them. But I could spend all day every day for months on end collecting adult sites/domains and not exhaust the potential supply. And the value of adding all those domains to IE-SPYAD and AGNIS would still be questionable. * Efficiency It seemed much more efficient to target three particular types of adult domains, rather than the whole lot of them: 1) Adult domains that are known purveyors of spyware, homepage hijackers, and porn dialers. These sites were (and are) already included in the main (non-adult) sections of IE-SPYAD and AGNIS. 2) Adult networks & services There is an entire marketing and advertising industry on the Internet almost exclusively devoted to supplying adult sites with banner ads, counters, affiliate programs, dialers, and link exchange programs. (Adult sites also use the same standard counters and banner advertising networks that non-adult sites do.) Domains that are devoted to marketing and advertising for web sites on the "adult" Internet are now included in the "Adult Networks/Services" section in IE-SPYAD and AGNIS. 3) Adult hosting sites Again, there is an entire industry on the Internet devoted to supplying adult web masters with hosting for the web sites and ventures, just as there are hosting plans for non-adult sites. These adult hosting sites are now included under the section "Adult Hosting" in IE-SPYAD and AGNIS. Between the "Adult Networks/Services" and "Adult Hosting" sections, over 300 adult-related domains are targeted. Add to those the adult domains that are included the main sections of IE-SPYAD and AGNIS, and the total easily goes over 500. Targeting those domains should provide users plenty of protection against rogue web sites on the Net without having to throw in potentially thousands of other "run-of-the-mill" adult sites that do little more than serve up porn. It was never my intention to target porn sites for their content alone. Rather, I targeted porn sites in IE-SPYAD and AGNIS because they tend to use incredibly aggressive direct marketing tactics. Removing misc. adult sites and instead targeting adult networks, services, and hosting sites along with known "adult" sources of "crapware" allows IE-SPYAD and AGNIS to protect users in a more efficient manner. I will not be making any further additions to that "Adult Domains (Misc)" list, which is now included as a separate file. I will continue to add sites and domains to the other "Adult" sections described above and which are included in the main IE-SPYAD and AGNIS block lists. I know that some users of IE-SPYAD and AGNIS may not be entirely pleased with this decision to remove the misc. adult sites from those block lists. For those users, the old "Adult Domains (Misc)" section is now available as a separate file in the \ADULT sub- directory of the AGNIS or IE-SPYAD installation directory (i.e., as a sub-directory of wherever you happened to unpack the AGNIS or IE-SPYAD package that you downloaded). For instructions on how to install those misc. adult domains, if you so choose, see the file ADULT-NOTE.TXT in the \ADULT sub- directory. ------------------------------------------- What is the "IE xx.yy Special" section for? ------------------------------------------- This special section exists in order to pull all "two-letter domains" that stand by themselves into one convenient section. Internet Explorer treats "two-letter domains" differently than all other domains. Two-letter domains take the format xx.yy. For example: co.uk co.il x3.hu x0.nl ...are all examples of two-letter domains. Internet Explorer treats such two-letter domains like top-level domains such as .com or .org. This has several implications: 1) IE rejects two-letter domains with wild-cards ( * ) Although you can add *.doubleclick.net into the Restricted sites zone, IE rejects *.x3.hu as invalid, just the same as it rejects *.com as invalid. Strangely, though, IE will accept x3.hu as valid. If you close and re-open the "Sites" box, though, you'll notice that IE has reformatted the entry to *.x3.hu, which it earlier rejected. Still worse, you cannot remove this entry (which IE accepted and reformatted) through the "Sites" box -- you'll have to remove it directly from the Registry. 2) You cannot remove two-letter domains with wild-cards through the Sites box If you do add a two-letter domain to a Security zone by use of a .REG file (such as IE-SPYAD) or via the work-around described just above, you cannot remove that entry through the "Sites" box. 3) IE will use two-letter domains, but won't apply wild-cards You can add *.x3.hu (through either of the methods described above) and IE will apply the appropriate Security zone settings, but not to sub-domains from that domain. Thus, *.x3.hu in the Restricted sites zone will restrict http://x3.hu/ but not http://www.x3.hu/. To restrict the latter sub-domain, IE needs a separate entry for www.x3.hu. Most two letter domains in the IE-SPYAD list are used with sub-domains (such as www.). These are: 2u.ru 4u.to co.il co.jp co.kr co.nz co.uk co.za fr.fm ne.jp ne.kr wz.cz There are four two-letter domains, however, which are known purveyors of crapware and which serve content from the domain alone (e.g., http://x3.hu) as well as from sub-domains (e.g., http://adserver.x3.hu). These are: 67.bz bb.ru x0.nl x3.hu The "IE xx.yy Special" section gathers these four special two-letter domains and all their sub-domains into one convenient section. All other two-letter domains (i.e., two-letter domains that are are always and only used in conjunction with sub-domains such as www.) are included in the regular "Main" and "Adult" sections. It is only the two-letter domains that serve content from "standalone" URLs such as x3.hu that require special attention. One other note about the format of two-domains within .REG files is in order here. Standard domains with wildcards use the following format in .REG files: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net] "*"=dword:00000004 To add sub-domains, we add a sub-key for the sub-domain, thus: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net\www] "*"=dword:00000004 Two-letter domains won't allow that, however. The format for a "standalone" two-letter domain is: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\x3.hu] "*"=dword:00000004 But a sub-domain does not require a special sub-key. Thus, we use: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adserver.x3.hu] "*"=dword:00000004 If you'd like to read more about Internet Explorer's peculiar behavior with respect to "two-letter" domains, see this Microsoft KB article: Q259493: Problems Adding Top-Level Domains to Zone Sites List http://support.microsoft.com/?kbid=259493 ----------------------------------------- Why is one of the AOL entries different? Why does it have a "http"=dword:00000004? ----------------------------------------- The AOL entry (free.aol.com) with the strange... "http"=dword:00000004 ...has a bit of a story behind it. If you haven't heard, some AOL products (including Netscape Communicator) will add the following entry to the Internet Explorer Trusted zone behind users' backs: http://free.aol.com I find this behavior obnoxious on AOL's part (basically they're making privacy and security decisions for users without asking their consent), so I specifically crafted an entry in IE-SPYAD to reverse that specific entry and throw http://free.aol.com into the Restricted zone. Again, if you look in your Registry, you'll see the difference between the normal entries: "*"=dword:00000004 ...and the http entry you spotted. And there actually is a functional difference at work here. The normal entries "*"=dword:00000004 ...will throw all URL's from the specified address/domain into the Restricted zone, not just ones that start http://. That's why I use it -- the * works as a "wild card" here. You can see the difference not only in the Registry, but also in the Internet Options Restricted Sites box. All the "normal" IE-SPYAD entries show up in the Sites box as: gserv.cnet.com ...or... *.doubleclick.net ...but that strange AOL entry shows up as: http://free.aol.com I've always wondered how many people actually bothered to pop open the IE-ADS.REG file and take a look through it. I hope you've found it interesting. ------------------------------------------ What is that Radlight section in IE-SPYAD? ------------------------------------------ At the bottom of IE-SPYAD's .REG files you'll find a section titled "Radlight Special." Radlight is a shareware, advertising- supported CD/DVD player. Back in April of 2002, the authors of Radlight added a new, disturbing function to the Radlight installation routine: the unannounced removal of AdAware (http://www.lavasoft.de/), the popular anti-spyware utility. The "Radlight Special" section was added to IE-SPYAD (and AGNIS, my other block list) in response to Radlight's actions. Once the Radlight authors added a clear notice and warning to the Radlight installation routine about AdAware, I disabled (by "commenting out") the "Radlight Special" entries. It remains in IE-SPYAD for those users who want to enable the entries. If you'd like to read more about the Radlight/AdAware controversy, see this page on my web site: http://www.spywarewarrior.com/uiuc/info8.htm#aaw-rad ================================================== Using IE-SPYAD w/ Other Privacy/Security Solutions ================================================== ---------------------------------------------- If I use a HOSTS file, why do I need IE-SPYAD? ---------------------------------------------- If you use one of the many custom HOSTS files available on the Net for ad blocking, your HOSTS file will block most ad servers before your browser ever manages to contact them, but there will be occasions when the Restricted sites zone comes in handy. Online marketers are always adding new servers to their stable of ad servers. The HOSTS file (which can be told only about individual servers -- e.g., www.doubleclick.com or ads.doubleclick.com) might not include some of these newer servers, in which case the Restricted sites zone (which can restrict whole domains -- e.g., every server at doubleclick.com) will pick them up. For example, the HOSTS file might know about the ad server adsel16.imgis.com, but if that online marketer starts using adsel66.imgis.com, HOSTS might not recognize it, letting it pass through to your browser. The Restricted sites zone, however, has been told to restrict everything from *.imgis.com (where * is a "wild card" character), and will prevent that ad server from putting a "cookie" on your hard drive once your browser does contact adsel66.imgis.com. In other words, the Restricted sites zone is a kind of insurance policy. Ad servers that pass through the HOSTS file just fine will be restricted by the Restricted sites zone. The one real advantage to using the HOSTS file is that it works at the networking level, blocking ALL outbound network traffic to specified servers, whereas IE's Restricted sites zone (obviously) works only for Internet Explorer. This aspect of the HOSTS file makes it especially useful for controlling Internet access for non-web browser applications like "adware" or "spyware." If you're wondering, I use BOTH, and I've never experienced any appreciable performance hit. -------------------------------------------- If I use SpywareBlaster, do I need IE-SPYAD? -------------------------------------------- SpywareBlaster is an excellent, free program from JavaCool that you can use to protect your privacy and security while surfing the Web with Internet Explorer. It can be downloaded from: http://www.javacoolsoftware.com/spywareblaster.html SpywareBlaster has three main functions: 1) SpywareBlaster can modify the Windows Registry to set the "kill bit" for certain ActiveX controls associated with known "spyware" programs and "homepage hijackers," preventing them from being installed via "drive-by-downloads" in Internet Explorer. 2) Starting with version 2.50, SpywareBlaster can add domains of known "nasty" web sites to Internet Explorer 6.0's "Per Site Privacy Actions" list in order to block "spyware/tracking" cookies from those domains. 3) Starting with version 3.00, SpywareBlaster can add sites to the Restricted sites zone just like IE-SPYAD. You can use all of these functions of SpywareBlaster in conjunction with IE-SPYAD, however, only the first adds any real protection above and beyond what IE-SPYAD already provides. What follows is a more detailed explanation of just how these various aspects of SpywareBlaster interact with IE-SPYAD. * ActiveX "Kill Bits" The ActiveX "kill bit" is useful because it targets specific, known "spyware" programs. All of these programs are already targeted by IE-SPYAD, but IE-SPYAD targets the domains they are distributed from, not the specific ActiveX controls themselves. Thus, SpywareBlaster nicely complements IE-SPYAD's "Restricted sites" list, giving you an extra layer of protection. - IE-SPYAD prevents any "spyware" from being automatically installed behind your back at certain web sites. - SpywareBlaster prevents certain ActiveX controls from being installed, no matter where you encounter them. Each method has limitations, but in used conjunction with one another they provide a strong level of protection. * Cookie Blocking ("Per Site Privacy Actions") SpywareBlaster's ability to block "spyware/tracking" cookies is less useful, if you're already using IE-SPYAD. Here's why: 1) IE-SPYAD already targets all the domains the SpywareBlaster adds to the "Per Site Privacy Actions" list. Once those domains are added by IE-SPYAD to the "Restricted sites" zone, cookies from those domains are already blocked. In fact, IE-SPYAD targets many more domains than SpywareBlaster (over 15,000 at last count). 2) The "Restricted sites" list takes precedence over the "Per Site Privacy Actions" list. Not only are the domains added by Spyware- Blaster to the "Per Site" list redundant, but they're ignored by Internet Explorer as well, because they're already listed in the "Restricted sites" zone once you install IE-SPYAD. 3) Moreover, the "Per Site Privacy Actions" list only protects against cookies from those domains; IE-SPYAD, by adding those domains to the "Restricted sites" zone, protects against malicious ActiveX controls, JavaScript, Java applets, and other things in addition to blocking cookies from those domains. 4) The "Per Sites Privacy Actions" list only appears in Internet Explorer 6.0 and above. If you're using Internet Explorer 4.0, 5.0, or 5.5, the "Per Sites Privacy Actions" cookies list is not available (it is new to Internet Explorer 6.0). By contrast, IE-SPYAD provides protection against cookies in Internet Explorer 5.0, 5.5, and 6.0 (Internet Explorer 4.0's cookie controls are not tied to Security zones, however, so neither IE-SPYAD nor SpywareBlaster can help you with cookies with that version of Internet Explorer). There's no harm to using SpywareBlaster's cookie blocking function in conjunction with IE-SPYAD; there's just no unique benefit either. SpywareBlaster's protection against malicious ActiveX controls, however, is useful, and I highly recommend using it. * Restricted sites Javacool introduced some important new functionality into version 3.0 of his excellent (and free) SpywareBlaster: the ability to add sites to the Restricted sites zone, just like IE-SPYAD. This new functionality nicely complements SpywareBlaster's main functionality (discussed above), which is to set the "kill bits" for ActiveX controls known to be "crapware." Even if you're using this new functionality of SpywareBlaster 3.0 and higher, however, there is still an added benefit to using IE- SPYAD. At the time of this writing, SpywareBlaster's Restricted sites list totaled roughly 1400 items (though that will undoubtedly grow over time). By comparison, IE-SPYAD adds over 15,000 items to Internet Explorer's Restricted sites list, giving you protection against a vastly greater number of problematic web sites. Users of both IE-SPYAD and SpywareBlaster 3.x should note that there is considerable overlap between the Restricted sites added by each. At present writing, IE-SPYAD includes all of the items covered by SpywareBlaster 3.x. Any duplicates between the two lists are simply overwritten when you install one list after the other. Given the considerable overlap between the Restricted sites lists used by IE-SPYAD and SpywareBlaster, you may see some "items" disabled within SpywareBlaster after updating IE-SPYAD -- see the section below titled "After I update IE-SPYAD, some "protections" or "items" are disabled..." for more information and advice on this issue. * Conclusion In conclusion, SpywareBlaster is a excellent program. It's smartly designed, easy to use, and provides strong protection against certain kinds of auto-installing crapware. Moreover, it's a kind of "passive" defense like IE-SPYAD. To use SpywareBlaster, no program need be running in the background; like IE-SPYAD, it's simply a set of Registry tweaks to prevent Internet Explorer from ever installing certain ActiveX controls. SpywareBlaster and IE-SPYAD don't conflict, although they do overlap in some ways. Both IE-SPYAD and SpywareBlaster in a sense de- fang Internet Explorer, making it safer to use. IE-SPYAD targets problematic web sites and domains. SpywareBlaster targets specific ActiveX controls. SpywareBlaster doesn't make IE-SPYAD irrelevant; there are plenty of nasty sites covered in IE-SPYAD that SpywareBlaster doesn't address in any way. Nor does IE-SPYAD render SpywareBlaster unnecessary. Each has a role. In fact, I don't see any reason why you can't use both. -------------------------------------------------------- If I use the SpywareGuide Blocklist, do I need IE-SPYAD? -------------------------------------------------------- The SpywareGuide.com Blocklist is an ActiveX control block list that works much like SpywareBlaser (discussed just above): http://www.spywareguide.com/blockfile.php Like SpywareBlaster, the SpywareGuide.com Blocklist sets the "kill bit" on known nasty ActiveX controls so that Internet Explorer will refuse to download and install them when they are encountered on web pages. The SpywareGuide.com Blocklist does not conflict with IE-SPYAD. In fact, the protection it offers nicely complements that of IE-SPYAD. For a more detailed discussion of ActiveX "kill bits" and how they differ from the protection provided by IE-SPYAD, see the discussion of SpywareBlaster just above. ----------------------------------------------------- If I use Spybot Search & Destroy, do I need IE-SPYAD? ----------------------------------------------------- Patrick Kolla's free anti-spyware scanner Spybot Search & Destroy is an excellent anti-spyware tool that ought to be a staple of everyone's desktop: SpyBot Search & Destroy http://beam.to/spybotsd or http://www.safer-networking.org/ or http://spybot.safer-networking.de/ or http://spybot.eon.net.au/ Beyond it's anti-spyware scanning capability, Spybot offers the "Immunize" function, which does several distinct things to improve the security of Internet Explorer. When you click the "Immunize" button, it does three things: 1) Spybot modifies the Windows Registry to set the "kill bit" for certain ActiveX controls associated with known "spyware" programs and "homepage hijackers," preventing them from being installed via "drive-by-downloads" in Internet Explorer. In this, it resembles SpywareBlaster and the SpywareGuide.com Blocklist (both discussed above). This protection against rogue ActiveX controls nicely complements IE-SPYAD's Restricted sites list. For a more detailed discussion of ActiveX "kill bits" and how they differ from the protection provided by IE-SPYAD, see the discussion of SpywareBlaster above. 2) Starting with version 1.3, Spybot adds domains of known "nasty" web sites to Internet Explorer 6.0's "Per Site Privacy Actions" list in order to block "spyware/tracking" cookies from those domains. In this it resembles SpywareBlaster (discussed above). While this cookie protection does not conflict in any way with IE- SPYAD's Restricted sites list, it offers no unqiue protection either. For a more detailed discussion of this cookie blocking feature and how it differs from the protection provided by IE-SPYAD, see the discussion of SpywareBlaster above. 3) Starting with version 1.3, Spybot's "Immunize" function adds just over 1000 sites to the Restricted sites zone, just like IE-SPYAD. For more information on this particular function, see below. You can use all of these features of Spybot's "Immunize" function in conjunction with IE-SPYAD, however, only the first adds any real protection above and beyond what IE-SPYAD already provides. * Spybot's Restricted sites (from "Immunize") If you're using the "Immunize" function of Spybot Search & Destroy 1.3, you may be wondering how Spybot's Restricted sites list compares and interacts with IE-SPYAD's. First, although the Spybot "Immunize" function does add sites to the Restricted sites zone like IE-SPYAD, there is still an added benefit to using IE-SPYAD. At the time of this writing, Spybot's Restricted sites list totaled roughly 1000 items (though that will undoubtedly grow over time). By comparison, IE-SPYAD adds over 15000 items to Internet Explorer's Restricted sites list, giving you protection against a vastly greater number of problematic web sites. Second, users of both IE-SPYAD and Spybot 1.3 should note that there is considerable overlap between the Restricted sites added by each. At present writing, IE-SPYAD includes all of the valid items covered by Spybot 1.3. Any duplicates between the two lists are simply overwritten when you install one list after the other. Third, There are a few issues that can arise from this overlap during installation/uninstallation of IE-SPYAD, however. See the next section below for more information. ---------------------------------------------------------- After I update IE-SPYAD, some "protections" or "items" are disabled in SpywareBlaster's "Restricted sites" section or Spybot Search & Destroy's "Immunize" section. Why? ---------------------------------------------------------- IE-SPYAD isn't the way to add sites to your Restricted sites. Two well known freeware programs also add items to the Restricted sites zone: SpywareBlaster and Spybot Search & Destroy. There is a considerable overlap between the Restricted sites lists maintained by IE-SPYAD, SpywareBlaster, and Spybot. As a result of this overlap, you may encounter several minor issues if you use IE-SPYAD in conjunction with Spybot or SpywareBlaster. The recommended process for installing IE-SPYAD is to uninstall the old version and then install the new version. When you follow this procedure, you may notice the following: - When you uninstall the old version, almost all of the Restricted sites items in Spybot and SpywareBlaster will be temporarily disabled because of the overlap between the IE-SPYAD Restricted sites list and the Restricted sites added by Spybot & SpywareBlaster. - After uninstalling the old version of IE-SPYAD, though, you may still notice a few items left over in the Restricted sites list maintained by Spybot and SpywareBlaster -- those are items are from Spybot's and SpywareBlaster's Restricted sites list, not IE-SPYAD's. You can leave them be. - Once you install the newest version of IE-SPYAD, however, most of the items that were previously disabled in Spybot or SpywareBlaster will be re-enabled (re-installed). - A small number of disabled items in Spybot or SpywareBlaster will not be re-installed, however, and both Spybot and SpywareBlaster will report that some "items" or "protections" have been disabled. Here's what's happening: as of this writing, there are a few problems with invalid entries or outdated items in the Restricted sites lists used by Spybot and SpywareBlaster. Those invalid and outdated entries are removed during the installation of IE-SPYAD and not replaced. Because most of those entries are invalid, however, Internet Explorer does not use them and they provide NO PROTECTION whatsoever. Items that are outdated will be used by Internet Explorer, yet these, too, offer no additional protection. Nonetheless, Spybot and SpywareBlaster will report that these invalid or outdated "items" or protections have been disabled. You can re-enable those "items" or "protections" in Spybot or SpywareBlaster if want, however, they will provide no additional protection. Given that both the IE-SPYAD Restricted sites list and the Restricted sites lists maintained by Spybot and Spyware Blaster will be changing over time, you may see changes in the number of sites left over after uninstalling IE-SPYAD as well as the number of sites disabled (but not re-enabled) by IE-SPYAD. A note about the original SpywareBlaster 3.0: SpywareBlaster 3.0 was the first version of SpywareBlaster to include Restricted sites items, and there were a few problems with invalid entries in that version. Those invalid entries were removed during the installation of IE-SPYAD and then replaced with valid entries. Nonetheless, the original SpywareBlaster 3.0 still reported that about 34 items had been disabled (though those invalid items or entries were non-functional and not used by Internet Explorer even when they were enabled). Those invalid entries in the original SpywareBlaster 3.0 -- and the problem with disabled entries -- were corrected in SpywareBlaster 3.1, released a few days later. Users who have not yet upgraded to the latest version of SpywareBlaster 3.x should do so as soon as possible: http://www.javacoolsoftware.com/spywareblaster.html My advice is to choose ONE program to maintain your Restricted sites list. Using more than one simply leads to overlap, confusion, and potential conflicts without necessarily increasing your level of protection. Currently, IE-SPYAD adds over 15,000 items to the Restricted sites -- considerably more than Spybot or SpywareBlaster, each of which adds only one or two thousand. ----------------------------------------------------- Why does HijackThis! freeze after I install IE-SPYAD? ----------------------------------------------------- If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may notice that HJT appears to "freeze" or "hang" while scanning your system. In actuality, HJT has not conked out, nor is there a problem with IE-SPYAD. What's happening is this: HJT processes and scans the Registry for all Internet Explorer Security Zone entries. Internet Explorer stores entries for all security zones in the same "Domains" Registry key, and HJT scans this very same key when inspecting your system. Since IE-SPYAD adds over 15,000 entires for the Restricted sites zone, HJT has a lot of entries to sort through, and that simply takes time. HJT isn't actually frozen; it's only momentarily bogged down while processing all those zone entries. If you wait a bit, HJT will eventually present you with the buttons that you expect. Depending on the speed of your processor and the amount of memory your computer has, this could take a few seconds to a minute. If the wait proves to be too long, then uninstall IE-SPYAD before you run HJT, and reinstall it after HJT finishes. ------------------------------------ If I lock down my Internet zone, is there any benefit to using IE-SPYAD? ------------------------------------ Some Internet Explore users prefer to configure their Internet zone as tightly and restrictively as their Restricted sites zone. In effect, they're forcing web sites to abide by an "opt in" policy -- no web site gets to use things like ActiveX, JavaScript, Java, or cookies until the user has added that web site to the Trusted sites zone. If you've configured your browser this way, then there's really no unique benefit to using IE-SPYAD. Your secure Internet zone already protects you against all web sites by default, not just the web sites that IE-SPYAD would add to your Restricted sites zone. IE-SPYAD won't conflict with your tightly configured Internet zone, it just won't add any unique benefit either. So, is a securely configured Internet zone always the best policy or approach for every user? Should YOU be using such a configuration in Internet Explorer? Locking down your Internet zone can be an effective method of keeping IE on a short leash and ensuring that hostile sites can't do anything malicious to your computer. I use such a combination of settings myself. But for some folks, that kind of approach simply isn't viable. Some folks simply can't handle the unending stream of ActiveX warnings, broken web sites, and lost functionality that a secure Internet zone causes. Yes, you can put sites into the Trusted sites zone to allow those sites to "work" again, but many find that process annoying, cumbersome, and not practical. This problem is esp. acute for those who share a computer with others -- say, a spouse who simply refuses to be bothered with secure surfing habits and who has a penchant for visiting sites that rely heavily on JavaScript, cookies, and ActiveX controls. For those people a secure Internet zone simply isn't an option -- it isn't viable, it isn't workable, and it isn't likely to last long. For those people a HOSTS file or a Restricted sites list such as IE-SPYAD is a viable alternative. These kinds of block lists make no pretensions to have covered every single malicious site out there. But such block lists can provide a strong layer of protection. That protection won't be 100% -- but then, nothing in the world of privacy and security is 100%. They provide a good measure of protection while preserving the functionality of most legitimate web sites. I saw a good example of this some time ago. I got a call from a student whose computer was "misbehaving" (I get these calls from students all semester long). After cleaning a boatload of crapware off her computer, updating her virus definitions, and doing some other maintenance, I was faced with the question of what to do to secure Internet Explorer. She has two teenage daughters, neither of whom is likely to have much tolerance for broken web sites and ActiveX warnings. Moreover, even my student likely wouldn't want to deal those kinds of hassles. I know that from experience, having implemented the kind of settings Markus discusses on folks' computers only to be called back a few days later to "undo" them and "make the Internet work again." So I loaded IE-SPYAD. I explained what it was, and she seemed satisfied with that. A couple weeks later, she reported her computer was still running fine, and I've received no complaints about broken Internet sites. The protection IE-SPYAD provides on that computer isn't as great as a tightly configured Internet zone would provide, but a tightly configured Internet zone wouldn't have been tolerated on that computer for more than a day or so. A secure Internet zone can be effective method for protecting yourself from malicious web sites. But it's not the only one, and for some people it simply won't be an option. Moreover, because Internet Explorer users will inevitably have a wide variety of needs and habits, no single solution will be the right one for everyone. ---------------------------------------- My anti-spyware program is flagging some IE-SPYAD entries as "spyware." Why? ---------------------------------------- Internet Explorer stores all of its Security zone entries, both for Trusted sites and Restricted sites, in the same Registry location: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ Security zone entries can also be added to: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ Internet Explorer distinguishes between Restricted sites entries, which have a DWORD value of "4," and Trusted sites entries, which have a DWORD value of "2." Some spyware and adware programs are known to add their own domains to the Trusted sites zone, effectively compromising users' browsers by the lowering the security for those domains. As a result, many anti-spyware programs now scan both "Domains" Registry keys for suspicious entries. Not all anti-spyware programs are good at distinguishing between Trusted sites entries and Restricted sites entries, however. Thus, some anti-spyware programs may erroneously flag IE-SPYAD Restricted sites entries in the Registry as "spyware," when in fact they are not. These "false positives" should be reported to the vendors for anti-spyware programs whenever they occur so that they can be corrected by the vendors. ================================== Installing & Uninstalling IE-SPYAD ================================== ----------------------------------------------- Do I really need to uninstall previous versions of IE-SPYAD before installing a newer version? ----------------------------------------------- I often get questions about uninstalling previous versions of this ad server list for Internet Explorer (IE-ADS.REG). What follows is a short Q&A exchange on the subject. > How do I figure out whether I installed the old version or not? Check to see if you have a long list of sites and domains added to the Restricted sites zone. In IE: "View" or "Tools" >> "Security" >> "Restricted sites" >> "Sites..." If you DON'T see a really long list of domains and servers, then you probably don't have any version of IE-ADS.REG installed. You can safely install the new version without any further ado. If you DO see a long list of domains and servers, then you have SOME version of IE-ADS.REG installed. It will be hard to tell which one, though. Whatever version you have, at this point it is safest and easiest simply to uninstall whatever version is currently loaded. > If I did install it, how do I uninstall it without the > uninstall file that would have come with the install? IE-SPYAD does include an uninstaller (IE-ADS-UNINST.REG) in the main directory to which you unpacked IE-SPYAD. That uninstaller can be used to uninstall the current version of IE-SPYAD as well as all previous versions of IE-SPYAD. You can also use the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory. > Do I risk causing myself some problems if I just go ahead and > install the new file and it turns out that I did in fact > install the old one and failed to uninstall it? No, that really shouldn't be a problem. When I "update" the Restricted sites .REG file, it's usually the case that I just add a handful of new domains and servers without making any changes to the ones that were already in the list. When you merge the newer .REG file into the Registry, the net effect should be that the newer entries are added and the older entries are left alone. The only reason that I advise users to uninstall older versions is to take care of the following situations: * If I remove domains or sites from the list (and this has happened) -- if you simply add the newer list without uninstalling the older one, the sites/domains that I removed won't be removed from your installation. * If I correct errors (spelling, etc.) or change the syntax of certain domains and their specific sub-servers to be blocked. In sum, I advise users to uninstall the older version in order to ensure that what's loaded in your Registry consists of the entries from the new version and only the new version. -------------------------------------------------- If I installed the optional Porn Site list, do I need to reinstall it every time I update IE-SPYAD? -------------------------------------------------- No, you only need install the optional Porn Site list once. Because that list of porn sites was moved to a separate file in the 'ADULT sub-directory, the sites in that list are no longer uninstalled automatically when you uninstall the main IE-SPYAD list. The IE-SPYAD uninstaller will not remove those entries, so they'll be preserved across installations and uninstallations of the main IE- SPYAD list. The list of porn sites remains in your Restricted sites zones until you specifically uninstall it -- either manually with the adult-uninst.reg file or automatically using the appropriate option in the INSTALL.BAT installation utility. ---------------------------------------------------- I installed IE-SPYAD, but no new sites were added to the Sites list on the Internet Options Security tab. ---------------------------------------------------- Internet Explorer has some quiky behavior when dealing sites that have been added to the Security zones. If you install IE-SPYAD and no new sites appear to have been added to the Restricted Sites list when you open the "Sites" list on the "Internet Options" "Security" tab, there could be several causes: 1) Original IE-SPYAD (HKCU) You installed the original IE-SPYAD and Internet Explorer isn't "playing nice." I have started to receive complaints that on some systems (esp. Windows XP systems) the IE-SPYAD sites aren't showing up in the Sites list. At present I do not know what the cause of this problem is. When this happens with the original IE-SPYAD, Internet Explorer will not use the IE-SPYAD list to restrict web sites. If you encounter this problem with the original IE-SPYAD, you should uninstall IE-SPYAD just as you normally would, then try downloadling and installing IE-SPYAD2, which is specifically designed to address this problem. 2) IE-SPYAD2 (HKLM) If you install IE-SPYAD2 and no new sites appear in the Sites list, then the most likely cause is the existence of other sites that were previously added to the Trusted sites zone or Restricted sites zone. Those previously added sites were added to the HKEY_CURRENT_USER Registry location; IE-SPYAD2, by contast, adds all of its entries to HKEY_LOCAL_MACHINE in the Windows Registry. When Internet Explorer encounters entries in both locations, it displays only the HKCU entries, even though it *will* use the HKLM entries to restrict web sites. Thus, this is an annoying display quirk within Internet Explorer -- it's simply not displaying all the Restricted sites that it knows about and uses. If you find the inconsistent behavior of these Internet Explorer quirks confusing and illogical, you have company. I have been pulling much hair over this behavior myself. Unfortunately, there's not much I can do, as this appears to be default Internet Explorer behavior. The bottom line is this: 1) If the sites don't show up after installing the original IE-SPYAD, then uninstall and try IE-SPYAD2. 2) If the sites don't show up after installing IE-SPYAD2, then don't worry about it. Internet Explorer is still using the IE-SPYAD list, even though it doesn't appear in the "Sites" box. --------------------------------------------- I uninstalled IE-SPYAD, but there are still hundreds of porn sites in my Restricted zone. --------------------------------------------- If you use IE-ADS-UNINST.REG and you still have hundreds of adult (porn) related sites in your Registry, the merge the ADULT- UNINST.REG in the \ADULT sub-directory. The 4/26/03 update to IE-SPYAD moved about 830 porn sites from the main IE-SPYAD installation file (IE-ADS.REG) to a separate file in the \ADULT sub-directory. Consequently, uninstallers in later versions of IE-SPYAD do not uninstall those adult sites and domains. If you missed the 4/26/03 update (with the last regular uninstaller that did remove those adult domains), you can use the ADULT- UNINST.REG uninstaller to remove those domains (if you want to). To remove the remaining adult web sites, you can use the ADULT-UNINST.REG uninstaller in the \ADULT sub-directory. Simply double- click on ADULT-UNINST.REG to merge the changes into your Registry. You can also use the IE-SPYAD Install/Uninstall Utility (INSTALL.BAT), found in the main IE-SPYAD installation directory to remove those adult web sites. If you'd prefer to keep those misc. adult sites in your Restricted sites zone, then don't use the ADULT-UNINST.REG. Those sites will remain untouched. Furthermore, because the main IE-SPYAD uninstaller doesn't remove the misc. adult sites, they'll be preserved across future installations and uninstallations of IE-SPYAD. ------------------------------------------------ Isn't there an easier way to install IE-SPYAD for multiple users with different user profiles? ------------------------------------------------ Internet Explorer normally stores its zone information (including the Restricted zone sites list) in the HKEY_CURRENT_USER Registry hive. That means the Restricted zone sites list (which IE-SPYAD modifies) is particular and unique to each user. If you have multiple user profiles on each computer, you'll have to log in to every user account and install IE-SPYAD for each user (assuming you want IE- SPYAD on every user account). That installation process can grow to be a hassle, especially if you're accustomed to using "fast user switching" in Windows XP. There is a way, however, to make IE-SPYAD's settings global or system-wide (applicable to all users), but you must download and install IE-SPYAD2 to do this. IE-SPYAD2 installs the IE-SPYAD block list to the HKEY_LOCAL_MACHINE Registry hive, effectively making IE-SPYAD's block list global for all users. One downside to using system-wide settings is that non-administrator users in Windows NT 4.0, Windows 2000, and Windows XP may not be able to see and edit the Restricted sites list in Internet Explorer. See the section above titled "IE-SPYAD vs. IE-SPYAD2" for more information on downloading and installing IE-SPYAD2. ------------------------------------ Why am I double-clicking a .REG file in order to *uninstall* IE-SPYAD? ------------------------------------ To uninstall IE-SPYAD's list of rogue web sites from the "Restricted sites" zone, you double-click the IE-ADS-UNINST.REG file, merging the contents into the Registry in just the same way as you merge IE-ADS.REG to install IE-SPYAD. If you're new to the Windows Registry and .REG files, this can seem counterintuitive. Here's what's happening: A standard entry within IE-ADS.REG looks like this: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\doubleclick.net] "*"=dword:00000004 That entry adds *.doubleclick.net to the "Restricted sites" zone. Within the Windows Registry, there is a key (named doubleclick.net) along with a value (4) that specifies what zone doubleclick.net should be added to. To remove the *.doubleclick.net entry from the "Restricted sites" zone, we need to remove the key (removing the key will also remove the value). To remove the key, we merge a .REG file with the following entry: [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\doubleclick.net] Note the - at the head of that entry. The - tells the Windows Registry Editor (REGEDIT.EXE) to remove the key from the Registry, not add it. Note also we don't need to specify the value, as we did when we added the key to the Registry -- removing the key removes the value associated with the key. The IE-ADS-UNINST.REG uninstaller file is built directly from the IE-ADS.REG installer file. IE-ADS-UNINST.REG merely removes the same keys that IE-ADS.REG added to the Registry. One final note: no harm results from attempting to remove a non-existent key. Thus, if we removed the doubleclick.net entry ourselves through the "Internet Options" box, the Registry would NOT be damaged at all if we then attempted to remove the same entry by using a .REG file uninstaller. If the key specified in the uninstaller .REG file is not in the Registry, REGEDIT.EXE merely ignores the entry. ------------------------------------ Why are some keys left behind in the Registry after I uninstall IE-SPYAD? ------------------------------------ The IE-SPYAD uninstaller does indeed leave some keys behind in the Registry. Here's why. When adding a subdomain such people.1gb.ru to the Restricted sites zone, IE-SPYAD adds a Registry entry such as the following to the Registry: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ Domains\1gb.ru\people] "*"=dword:00000004 Notice the sub-key \people. Internet Explorer automatically creates a "parent" key as well: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ Domains\1gb.ru] The uninstaller removes the following: [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ Domains\1gb.ru\people] ...leaving the parent key for 1gb.ru. The entry people.1gb.ru is removed from the Restricted sites zone, but the "parent" key remains behind in the Registry. While the "1gb.ru" parent key is indeed left behind, it is not assigned to any zone and therefore will not affect browser usage if the user goes to that site. (Basically, the Registry key structure remains, but it has no zone assignment.) Now, I could create an uninstaller that would remove the parent key as well, but that would mean dealing with a nasty potential problem: inadvertently removing entries that users had manually added to various zones, including the Trusted sites zone. IE-SPYAD targets many sub-domains of larger domains. Users may have manually added other sub-domains to the Restricted or Trusted sites zone. If IE-SPYAD removes the "parent" key, it will remove all sub-domains, not just the sub-domains that IE-SPYAD added. Since I have no way of knowing in advance what sub-domains users may have added, the safest thing for me to do is leave the parent key, and thus any sub-keys (and thus sub-domains) that the user may have created. Obviously, this arrangement is not ideal, and the problem stems from the way IE adds entries to the Domains key. My choice is to leave a little clutter in the Registry yet protect users' manual zone additions, or scrub the Domains key clean and wax user's own zone entries in the process. I've chosen to play it on the safe side. -------------------------------------------------- Why does IE-SPYAD add keys to HKEY_USERS\.Default? -------------------------------------------------- By default IE-SPYAD adds all of its entries to the Registry hive for the "current user": HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains On Windows 98 and Windows Me, however, loading IE-SPYAD will cause a duplicate set of entries to appear in the "default user" Registry hive: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains This does not happen on Windows NT 4.0, 2000, or XP. Just why this happens on Windows 98 and Me is not known, but it appears to be the default behavior of those versions of Windows. Uninstalling IE-SPYAD through normal means should also remove the duplicate entries from the HKEY_USERS\.Default hive. --------------------------------------- Is there a forum, bulletin board, or mailing list for questions on IE-SPYAD? ---------------------------------------- Nope. I'm just one guy with a web site, and I don't anticipate setting up any kind of forum, bulletin, or mailing list for IE-SPYAD. I do hang out in several online forums, though, and you can often find folks talking about IE-SPYAD (and other things related to privacy & security) in these places: DSLR Security Forum http://www.dslreports.com/forum/security,1 GRC Discussion Groups http://grc.com/discussions.htm Wilders Security Privacy Software Forum http://www.wilderssecurity.com/index.php?board=20 I periodically announce updates to IE-SPYAD and AGNIS (my other main block list) in the DSLR forum, the Wilders forum, and the GRC LatestVersions newsgroup (grc.news.latestversions). The IE-SPYAD Restricted zone list is regularly updated. You can download updated versions of IE-SPYAD from the same page where you downloaded your original copy of IE-SPYAD. http://www.spywarewarrior.com/uiuc/resource.htm That page lists the last time that IE-SPYAD was updated. I usually try to update IE-SPYAD several times a month, though I may update more frequently if circumstances warrant. ============================== Working w/ IE's Security Zones ============================== -------------------------------------- How can I identify good candidates for the Restricted sites zone myself? -------------------------------------- You can do a couple of things: 1) Keep up with a discussion group that specializes in privacy and security. You'll often hear about questionable or problematic sites and domains in a discussion group or online forum first. Better, you'll find discussions there between knowledgeable people in which such sites and domains are picked apart in order to understand and reveal how they do what they do. 2) Pay attention to the tech media. Marketers, advertisers, and other unwelcome outfits that ply their trade on the net are often desperate for press attention, and you can easily find writeups about new candidates for the Restricted zone in the wake of the media blitzes they launch to get their names in front of potential investors and customers. 3) Keep an eye on your firewall's logs. If you use a firewall like AtGuard or NIS, you can access a wealth of information about what your browser is doing simply by reviewing the program's logs. 4) Monitor your browser's behavior vigilantly. Your browser provides plenty of feedback about what it is doing. Learn to recognize when something new or unexpected is happening (esp. when you're visiting new sites). 5) Keep IE-SPYAD updated. IE-SPYAD's list is not static; it is updated every month or so. New sites are added to its list regularly, and these sites are discovered through the methods described above. ------------------------------------------------- What sites should I put in my Trusted sites zone? ------------------------------------------------- What sites you choose to put in your Trusted zone involve choices that only you can make. I can offer, however, a few criteria that I use when deciding to admit a site or domain to my Trusted sites zone: 1) The site/domain must have content which I consider extremely valuable or important. 2) That content must be accessible only with things like JavaScript, cookies, ActiveX, Java, etc. enabled (and which are permitted only in my Trusted zone). In other words, what I want from the site must require my Trusted zone in order for it to be accessed. 3) The site/domain must be well known and reputable. Generally speaking, small outfits/sites with which I'm not familiar or comfortable don't ever make it into my Trusted zone. 4) The site/domain musn't blitz me with cookies, obnoxious popups, Flash animations, etc. I can handle a cookie or two if the content I receive in exchange is quality and is presented in a usable manner. If the site wants to take liberties with every browser technology known to God and man, forget it. Examples: nytimes.com is in my Trusted zone so that I can read The New York Times free every day (fantastic deal, I think). The free registration and cookie required are a modest "price" to pay for daily access to one of the world's premier newspapers. msnbc.com, by contrast, is not my Trusted zone (and will never be), because I can get what (little) I want from that site without having to accept the scads of cookies, the popups, and who knows what all else that they want to load me up with. As I said, these are personal decisions based on your own unique judgments and assessments. ------------------------------------------ What else should I know about the Security zones and Internet Explorer? ------------------------------------------ You can use Internet Explorer's Security zones to protect your privacy in other ways as well. Here are some of the other things that I do with Security zones: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Set the Internet zone to a high security level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Internet zone is the zone to which web sites are assigned by default. If a site or domain hasn't been explicitly added to the "Trusted" or Restricted sites zone, it is assigned to the Internet zone. What I've done is set the security policies for this "default" zone highly "restricted" as well. The result: whenever I visit a web page for the first time, its behavior will be highly restricted until I assign it to the Trusted sites zone (where the settings are more lax and forgiving). In other words, I'm NEVER unpleasantly surprised by a new site -- it must earn my trust first before I allow it to do any fancy stuff (like use Java popups or place cookies on my hard drive). In effect, I'm enforcing a kind of "Opt In" policy for web sites: I must consciously opt to allow them to use such things as cookies or JavaScript whenever I visit their sites -- they don't get to use them by default. To set the Internet zone to a high level of security: 1. Open Internet Explorer's "Internet Options" Go to "Tools" (or "View") >> "Internet Options..." 2. Open the Security Settings for the Internet Zone Hit the "Security" tab. Select the Internet zone. Click the "Custom Level" button. 3. Set Most Options to "Disable" or "High Safety" Change every entry in the "Custom Level" settings box for "Internet" to "Disable" (or "High safety" if "Disable" is not an option for a particular entry). 4. Save Your Settings and Exit Internet Options Close the "Custom Level" settings box by clicking "OK." Close the "Internet Options" box by clicking "OK." Keep in mind, though, that by setting your Internet zone to a highly secure level you are putting restrictions on what the web sites you visit can do. Many web sites that you visit may not "work" correctly or display properly -- some functionality will likely be disabled. One thing you can do to "loosen" up the restrictions for sites that you do trust is add trusted web sites to the "Trusted sites" zone (and configure the security settings for the Trusted sites zone leniently). You can download a tool from Microsoft which will add menu items to your "Tool" or "View" menus, allowing you to quickly add sites to either your Trusted or Restricted sites zone. Grab the "Power Tweaks Web Accessories" (pwrtwks.exe) from: http://www.microsoft.com/Windows/IE/WebAccess/default.asp If you'd like more detailed instructions for configuring the Internet zone securely and using Internet Explorer's Trusted sites zone, see the following step-by-step guide on my web site: Internet Explorer Privacy & Security Settings http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm And for a utility that will automate the whole process of locking down Internet Explorer that I just described above, you may be interested in another utility available from my web site: Enough is Enough! http://www.spywarewarrior.com/uiuc/resource6.htm Enough is Enough! is a lockdown utility for Internet Explorer 5 and 6. When you install Enough is Enough!, it will: * Lock down your Internet and Restricted sites zones with restrictive settings for dangerous options like ActiveX, Java, scripting, and a few others. * Severely restrict the use of cookies (but not completely disable them for trusted web sites or for single session use). * Disable several Advanced settings, including Install on Demand and Third-party Browser Extensions. * Install Microsoft's IE PowerTweaks WebZone Accessory, putting two new options on your IE Tools menu, with corresponding buttons on your Toolbar: "Add to Trusted Zone" and "Add to Restricted Zone." Enough is Enough! is completely free, just like IE-SPYAD. For a comparison of using IE-SPYAD vs. a securely configured Internet zone, see the section titled "If I lock down my Internet zone, is there any benefit to using IE-SPYAD?" above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Make Outlook & Outlook Express to use the Restricted sites zone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yes, Microsoft's two email programs both use Internet Explorer's security zones to process HTML email. HTML email (as opposed to plain text email) is often employed by direct marketers, because it allows them to use ActiveX, Java, scripting, and cookies in their email direct marketing campaigns. HTML email also opens your email client to the SAME security holes that afflict Internet Explorer. Unfortunately, there is no way to turn HTML email "off" in Outlook or Outlook Express. The best you can do is put HTML email in the Restircted sites zone. If you look in the Options for each program (on the menu bar), you'll find that you can set each program to use the Restricted sites zone to read HTML email, making your email experience a whole lot safer. In Outlook Express: 1. Go to Tools >> Options... to open the OE Options box. 2. Click to bring up the Security tab to the fore. 3. Select the Restricted sites zone. 4. Click "Apply," then "OK" to save your changes. In Outlook: 1. Go to Tools >> Options... to open the OE Options box. 2. Click to bring up the Security tab to the fore. 3. Select the Restricted sites zone. 4. Click "Apply," then "OK" to save your changes. Make sure that you set BOTH programs to use the Restricted sites zone. In fact, I would highly recommend that you tell Outlook Express and Outlook to use the Restricted sites zone -- doing so just might prevent you from picking up a nasty virus or worm some day. In the latest version of Outlook Express, you can actually turn off HTML rendering for HTML email that you receive. With HTML email rendering turned off, Outlook Express 6.0 w/ SP1 (which is installed by Internet Explorer 6.0 w/ SP1) will convert HTML email that you receive to plain text, making email much safer (and less annoying). To turn off HTML rendering in Outlook Express: 1. Open Tools >> Options..., and switch to the Read tab of the Options box. 2. Under "Reading Messages," check the box titled "Read all messages in plain text." 3. Click "Apply," then "OK" to save your changes. Note that this process turns off HTML for email that you receive, not email that you send. The "HTML Settings" and "Plain Text Settings" that you see on the Send tab in the Outlook Express Options box have no effect on how Outlook Express displays HTML email that you receive from other people. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Clean out "cookies" regularly ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cookies" are small data "tags" that web sites leave on your hard drive to identify you and that can be used to compromise your privacy online. Advertisers and marketers are notorious for using "cookies" to track and monitor your behavior from site to site on the web. Nice, huh? Now that you've put all those ad/spy servers in the Restricted sites zone (which prevents them from placing "cookies" on your hard drive), why not clear out the "cookies" they may have already put there earlier? To clear out "cookies" in Internet Explorer (Netscape keeps its "cookies" in an entirely different location)... * Go into "View" or "Tools" >> "Internet Options" and clear out your "Temporary Internet Files" (hit the "Delete Files" button). * On the same tabbed page in "Internet Options," hit the "Settings..." button, then the "View Files" button. What you should see are a bunch of files named "Cookie:.." Go ahead and delete them. If you see a "cookie" that appears to come from a web site where you've signed up for special access or privileges, keep that cookie. All the rest can go, though. * Keep clicking "OK" until you're back at the main Internet Explorer window. Now that you've cleaned out those "cookies" and added that long list of advertisers to the Restricted sites zone, you shouldn't be acquiring nearly as many "cookies" as before. I'd still check back, though, and clean out any "cookies" that you don't absolutely need. -------------------------------------- Where can I get more information about Internet Explorer Security zones? -------------------------------------- First, in Internet Explorer, go to "Help" >> "Contents and Index." Then, for more information on Internet Explorer's Security zone settings, see the Microsoft KB article: Description of Internet Explorer Security Zones Registry Entries (Q182569) http://support.microsoft.com/default.aspx?scid=kb;EN-US;q182569 Note that the above KB article discusses Security zone settings that are included IE 5 and and earlier. It does not discuss IE 6 specific settings (though IE 6 has many of the same settings). Moreover, the cookie options it describes are for IE 5 only. You also ought to have a look at this series of articles from Windows IT Security: "Internet Explorer Security Options" Part I: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20468 Part II: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20622 Part III: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20700 Part IV: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21026 Part V: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21199 Part VI: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21282 You can find links to still more information about web browser security on this page: http://www.spywarewarrior.com/uiuc/info3.htm This page will point you to resources which discuss the problems with ActiveX, Java, and scripting: http://www.spywarewarrior.com/uiuc/info10c.htm You can find one other take on secure settings for Internet Explorer here: http://www.markusjansson.net/eienbid.html If you'd like more detailed instructions for configuring the Internet zone securely and using Internet Explorer's Trusted sites zone, see the following step-by-step guide on my web site: Internet Explorer Privacy & Security Settings http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm And for information about Internet Explorer 6.0's new Privacy settings, which configure cookies in the Internet zone, see the links on this page: http://www.spywarewarrior.com/uiuc/info2.htm Finally, you can find my utilities for Internet Explorer 6.0 on this page: http://www.spywarewarrior.com/uiuc/resource5.htm ==================== Problems & Questions ==================== I hope you find the IE-ADS.REG helpful in your use of Internet Explorer. If you run into serious problems with the IE-ADS.REG, and you have made every attempt to address the problem but remain stumped, I can be reached at: eburger68@myrealbox.com Please keep in mind that my busy schedule may not allow me to respond immediately. I will attempt to get back to you, though, and address your questions. Other helpful resources for getting answers to questions about protecting you privacy in Internet Explorer include the GRC Privacy & Security news groups, which are generously hosted by Steve Gibson of Gibson Research (GRC): http://grc.com/discussions.htm ...and the DSLR Security forum: http://www.dslreports.com/forum/security,1 I've found the folks who hang out in these groups to be helpful, knowledgeable, passionate, and more than wise to the wiles of the marketing droids which infest the Net. Finally, you might also check out my web site at The University of Illinois at Urbana-Champaign, a site which contains a bevy of links to information and software relevant to Privacy & Security on the Internet: http://www.spywarewarrior.com/uiuc/ ========================== Credits & Acknowledgements ========================== The list of servers in this IE-ADS.REG file was originally based on the HOSTS file compiled by Stephen Martin. This Restricted sites list is also based on info from: 1. discussions in major anti-spyware forums such as: SpywareInfo Forums: (http://www.spywareinfo.com/forums/) Spyware Warrior: (http://spywarewarrior.com/index.php) CastleCops: (http://castlecops.com/forums.html) 2. the latest updates to well-known anti-crapware programs such as: SpyBot Search & Destroy: (http://security.kolla.de/) Lavasoft Ad-aware: (http://www.lavasoft.de/) SpywareBlaster: (http://www.javacoolsoftware.com/spywareblaster.html) 3. other crapware reference sites such as: and.doxdesk.com: (http://www.doxdesk.com/parasite/) CounterExploitation: (http://cexx.org/adware.htm) Kephyr.com: (http://www.kephyr.com/) PestPatrol: (http://www.pestpatrol.com/) SpywareGuide.com: (http://www.spywareguide.com/) Webhelper:(http://www.webhelper4u.com/) 4. the latest updates to HOSTS files from: hpguru: (http://www.hosts-file.net/downloads.html) MVPS: (http://www.mvps.org/winhelp2002/hosts.htm) I wish I could claim credit for the idea of adding a list of known advertisers, marketers, and crapware pushers to Internet Explorer's Restricted sites zone, but I can't. I first saw the idea on the "Unofficial ShieldsUp! Forum FAQ" page here: http://grc.com/cb-faq.htm#privacy-clean It seemed an ingenious, straightforwrd, and obvious solution to any number of privacy and security problems with Internet Explorer. But the NASTIES.REG file was never updated beyond the initial version offered on that web page, so far as I know. That was two years ago. Almost from the start I began adding my own entries to NASTIES.REG. I first posted my version of IE-ADS.REG on my web site in November of 2000 along with my AGNIS block list for AtGuard and NIS. Both were heavily based on Stephen Martin's old HOSTS file (see above). My web site has undergone dramatic expansion since those early days. Judging by the email I get, though, IE-SPYAD is still by far the most popular thing on my web site. ------------------------------------------------ Date: 11/23/00, 11/11/01, 3/26/02, 4/13/02 5/28/02, 7/13/02, 7/29/02, 10/1/02, 10/26/02, 11/28/02, 12/22/02, 12/28/02 3/1/03, 3/13/03, 3/16/03, 3/25/03, 3/29/03, 4/19/03, 4/22/03, 4/26/03, 7/2/03, 9/28/03, 10/24/03, 10/28/03, 11/28/03, 12/6/03, 3/21/04, 4/12/04, 4/26/04, 6/21/04, 7/30/04, 8/16/04, 8/22/04, 11/18/04, 12/10/04, 1/24/05 2/13/05, 3/28/05, 5/5/05, 6/16/05, 8/19/05, 10/2/05, 11/26/06, 7/22/06 10/23/06 From: http://www.spywarewarrior.com/uiuc/ Made By: Eric L. Howes (eburger68@myrealbox.com) ------------------------------------------------ ------------------------------------- License Agreement: Terms & Conditions ------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ COPYRIGHTS, TRADEMARKS, DISTRIBUTION, WARRANTY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IE-SPYAD (including the "Restricted sites" list, the INSTALL.BAT installation utility, and the ReadMe) is Copyright (c) 2000-2004 Eric L. Howes. IE-SPYAD can be downloaded from: http://www.spywarewarrior.com/uiuc/resource.htm If you distribute IE-SPYAD, please include all the files. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Some files distributed with this package may not be covered by the GNU GPL. Those files remain the property of their original owners and are covered by the licenses under which they were originally distributed. All trademarks are the property of their respective owners. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation 59 Temple Place - Suite 330 Boston, MA 02111-1307, USA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RESTRICTION OF FUNCTIONALITY & CONTENT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By installing and using the IE-SPYAD "Restricted sites" list and/or the INSTALL.BAT installation utility, you acknowledge that you have read, understood, and agreed to following terms and conditions: a) The IE-SPYAD "Restricted sites" list contain lists of domains and web sites that your web browser will use to restrict the functionality and content of those sites and domains when they are displayed in your web browser. b) By installing the IE-SPYAD "Restricted sites" list included in this dist- ribution package, you acknowledge that it is your decision to restrict the functionality and content of the web sites and domains covered in the IE-SPYAD "Restricted sites" list -- including sites and services that may prohibit you from restricting their functionality and content or otherwise interfering with their services and software -- should you choose to use those sites, services, and domains. c) If you do not wish to restrict the functionality and content of certain of those sites, you can selectively edit the IE-SPYAD "Restricted sites" list -- either in its source file form or through your web browser's graphical user interface (GUI) -- to remove the list entries that restrict the functionality and content of those sites. d) You agree to accept any and all legal responsibility for the consequences that may result from the restriction of functionality and content of the sites and domains covered in the IE-SPYAD "Restricted sites" list when you use those domains and sites. e) If you have entered into contracts or agreements with the companies whose sites and domains are included in the IE-SPYAD "Restricted sites" list, and those contracts or agreements prohibit you from restricting the functionality and content of those sites or otherwise interfering with the companies' soft- ware or services, you agree that it is your responsibility to resolve those contractual obligations in a satisfactory manner. ------------------------------- Advice on Distributing IE-SPYAD ------------------------------- As noted above, IE-SPYAD is distributed under the terms of the Gnu General Public License, a copy of which is online HERE. That license gives you broad rights to modify and distribute IE-SPYAD, but in order to exercise those rights, you must abide by the terms of the license. At a minimum, to distribute, modify, or distribute modified versions of IE-SPYAD under the terms of the GPL: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) Furthermore, you must: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) Since the IE-SPYAD Restricted sites list does not consist of binary code, the following would be sufficient: 1) Include a notice somewhere in the installation stating the following: This program makes use of a modified version of the IE-SPYAD Restricted sites list, which is available from: http://www.spywarewarrior.com/uiuc/resource.htm IE-SPYAD is (C) Copyright 2000-2004 Eric L. Howes. IE-SPYAD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. IE-SPYAD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You can obtain a copy of the GNU General Public License from the Free Software Foundation online: http://www.fsf.org/licenses/gpl.txt 2) Include something like above notice in the ReadMe as well. In fact, you could include the above notice with any other acknowledgements and "thank you's" in your standard documentation. 3) Make a plain text version of the list available If you've embedded the IE-SPYAD Restricted sites list in a binary program, make a separate plain text version of the list (including your own additions and modifications to the basic list) publicly available either on your web site or with the program itself. ------- CONTACT ------- The author of IE-SPYAD and AGNIS can be contacted at: eburger68@myrealbox.com (Eric L. Howes) July 30, 2004