*************************************** ** ** ** IE-SPYAD: ** ** ** ** Restricted Sites List ** ** for Internet Explorer ** ** ** *************************************** ------------ - Contents - ------------ * Introduction * Compatibility - AOL Web Browser * Internet Explorer 6.0 * Installation & Uninstallation - Installation - Uninstallation - Updates * Using IE-SPYAD - What is the Restricted sites zone? - How can I tell if the IE-SPYAD is working? - I'm still seeing ads on web pages. Why isn't it working? - Now that I've installed IE-SPYAD, I'm getting these ActiveX warnings? Why am I getting these errors? - How can I see which domains or servers have been added to the Restricted sites zone? - One of the web sites that I normally visit isn't working right. How can I remove it from the Restricted sites zone? - How can I tell which entry is causing a problem with a web site? * About IE-SPYAD's List of Entries - How do you decide what sites to add to IE-SPYAD? - Why can't you make sure that IE-SPYAD doesn't block normal, harmless stuff? * Customizing IE-SPYAD - How can I customize IE-ADS.REG? - Why is there a "Not for Everyone" section? - How can I save my customizations to the "Not for Everyone" section? - How can I save my "disabled" entries? - Why is there an "Adult" section? - What is the "IE xx.yy Special" section for? - Why is one of the AOL entries different? - What is that Radlight section in IE-SPYAD? * Using IE-SPYAD w/ Other Privacy/Security Solutions - If I use a HOSTS file, why do I need IE-SPYAD? - Does this file cover the entire HOSTS file from Stephen Martin? - If I use SpywareBlaster, do I need IE-SPYAD? * Installing & Uninstalling IE-SPYAD - Do I really need to uninstall previous versions of IE-SPYAD before installing a newer version? - Isn't there an easier way to install IE-SPYAD for multiple users with different user profiles? - Why am I double-clicking a .REG file in order to *uninstall* IE-SPYAD? - Is there a forum, bulletin board, or mailing list for questions on IE-SPYAD? * Working w/ IE's Security Zones - How can I identify good candidates for the Restricted sites zone myself? - What sites should I put in my Trusted sites zone? - What else should I know about the Security zones and Internet Explorer? - Where can I get more information about Internet Explorer Security zones? * Problems & Questions * Credits & Acknowledgements ---------------- - End Contents - ---------------- This file contains instructions for installing and using IE-SPYAD (IE-ADS.REG). ============ Introduction ============ IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known advertisers, marketers, and spyware pushers to the Restricted sites zone of Internet Explorer. Once IE-ADS.REG is "merged" into your Registry, most direct marketers and spyware pushers will not be able to resort to their usual "tricks" (e.g., cookies, scripts, popups, et al) in order to monitor and track your behavior while you surf the Net. Please note that by adding domains and servers to Restricted sites zone of Internet Explorer, IE-ADS.REG cannot cause Internet Explorer to start blocking ads. You will still see the ads. The Restricted sites zone merely imposes limits on the types of things that those domains and servers can do with your web browser. For example, IE-SPYAD will: * REDUCE THE NUMBER OF OBNOXIOUS SCRIPT-BASED POPUPS that clutter your screen and force unwanted advertising on you; * BLOCK THE COOKIES TYPICALLY ATTACHED TO BANNER ADS and which are used to monitor and track your travels around the Internet; * PREVENT THE USE OF ACTIVEX, JAVA, AND SCRIPTING -- active content technologies that can be used to compromise your privacy and security; * PROTECT YOU AGAINST AUTO-INSTALLING CRAPWARE from spyware pushers (e.g., BonziBuddy, Gator, Lop.com, et al) that can invade your system, monitor your computer and Internet use, and trash your PC. There are two sections: "MAIN," "ADULT," and "NOT FOR EVERYONE." (1) All servers & domains in "MAIN" & "ADULT" will be added to the Restricted sites zone. (2) Servers & domains in "NOT FOR EVERYONE" will not be added unless the semi-colon and space (; ) are removed from the front of each line. This Restricted sites list is based in part on info from: * the latest HOSTS file of Stephen Martin (http://www.smartin-designs.com/); * the latest databases for SpyBot Search & Destroy (http://security.kolla.de/); * discussions in the SpywareInfo Forums (http://www.spywareinfo.com/yabbse/); For privacy and security in Internet Explorer, you may also be interested in another utility available from this site: Enough is Enough! (http://www.staff.uiuc.edu/~ehowes/resource6.htm). ============= Compatibility ============= This Restricted Sites list can be used with the following versions of Internet Explorer: Internet Explorer 6.0 (incl. SP1) Internet Explorer 5.5 (incl. SP1 & SP2) Internet Explorer 5.01 (incl. SP1 & SP2) Internet Explorer 5.0 Internet Explorer 4.01 (incl. SP1 & SP2) Internet Explorer 4.0 Note: this file works only with Internet Explorer; it will have no effect whatsoever on Netscape Navigator/Communicator. --------------- AOL Web Browser --------------- The AOL web browser is actually just a fancy front-end to Internet Explorer. Although you may not have realized it, when you're surfing the web with AOL's web browser, you're actually using Internet Explorer underneath. AOL's embedded Internet Explorer web browser does rely upon the privacy and security settings from Internet Explorer. AOL's web browser will respect the Internet zone Security settings and, thus, will use IE-SPYAD's list of Restricted sites. From within the AOL web browser you can access Internet Explorer's Security zones, including the Restricted zone to which IE-SPYAD adds its list of domains and sites. In AOL, go to Settings >> Preferences, which has a link to Internet Properties (WWW) that calls up a dialog box titled AOL Internet Properties. Switch to the Security tab and you'll see the Restricted site zone. You don't need to do anything special to install IE-SPYAD on your system so that the AOL web browser will use IE-SPYAD's Restricted sites list. Follow the installation instructions below and you'll have IE-SPYAD installed for AOL's web browser. In some parts of this ReadMe, I do discuss how to use Internet Explorer's Internet Options box. This Internet Options box is the same thing as the AOL Internet Properties box mentioned above. Wherever I discuss Internet Explorer's Internet Options box or describe the Restricted sites settings on the Security tab of that box, simply substitute the AOL Internet Properties box described here. ===================== Internet Explorer 6.0 ===================== I have looked into how IE-SPYAD's Restricted sites works with Internet Explorer 6.0 and the more recent Internet Explorer 6.0 w/ SP1. The tests that I conducted with Internet Explorer 6.0 and IE-SPYAD indicate that IE-SPYAD will work fine with Internet Explorer 6.0 and Internet Explorer 6.0 w/ SP1. IE-SPYAD adds its list of servers and domains to the Restricted sites zone of IE 6.0 and successfully "restricts" sites and domains just as it did with earlier versions of Internet Explorer. While Internet Explorer 6.0 does add new settings to control cookies (Tools >> Internet Options... >> Privacy), these new controls and options do not interfere with IE-SPYAD. In short, IE-SPYAD's Restricted sites list takes precedence over the new Privacy tab cookie control settings (which pertain only to the Internet zone); IE-SPYAD will block cookies from its sites and domains no matter what a user's Privacy tab settings may be. There is no need to add IE-SPYAD's list of domains and servers to the custom "Web Sites" list on the Privacy tab in IE6. If you are interested in the tests I have run with IE-SPYAD's and IE6, you can read my "preliminary findings" here: http://www.staff.uiuc.edu/~ehowes/ie6-p3p.htm That page details still other approaches and solutions that IE6 users can take to protect their privacy from unwanted cookies of advertisers and marketers. ============================= Installation & Uninstallation ============================= ------------ Installation ------------ After downloading and unpacking the installation package (either the .EXE or the .ZIP file), you have to install IE-ADS.REG, then set the security policies for the Restricted sites zone in Internet Explorer. To Install and Use: 1. Close Internet Explorer Note: if you don't close Internet Explorer before installing IE-ADS.REG, you may have to close and then re-open Internet Explorer before it recognizes and "takes" the changes that you make to the Registry. 2. Double click on IE-ADS.REG to "merge" it into your Registry. A box should pop up saying that the file has been successfully added to the Registry. 3. Open Internet Explorer's "Internet Options" (off either the "View" or "Tools" menu bar option). Hit the "Security" tab. Select the "Restricted sites." Click the "Custom Level" button. 4. Change every entry in the "Custom Level" settings box for "Restricted sites" to "Disable" (or "Prompt" or "High safety," if "Disable" is not an option for a particular entry). 5. Close the "Custom Level" settings box by clicking "OK." Close the "Internet Options" box by clicking "OK." ** You're ready to surf safely now! ~~~~~~~~~~~~~~~~~~~~~~~ Multiple User Profiles: ~~~~~~~~~~~~~~~~~~~~~~~ If you have multiple user profiles on your computer and want IE-SPYAD to work on all of those profiles, you'll have to install IE-SPYAD separately on each profile. There is a way to make IE-SPYAD's settings global or system-wide (instead of user-specific). See the "Isn't there an easier way to install IE-SPYAD for multiple users with different user profiles?" question in the "Installing & Uninstalling IE-SPYAD" section below for details on how to do this. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Uninstall Previous IE-SPYAD Versions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you have installed a previous version of IE-ADS.REG, you should uninstall that old version before installing the new version. Use the uninstaller, IE-ADS-UNINST.REG, included in the \OLD sub-directory, which is the uninstaller from the previous version of IE-SPYAD. (The IE-ADS-UNINST.REG in the main IE-SPYAD directory is the uninstaller for the current version.) You can also use the uninstall file (IE-ADS-UNINST.REG) supplied with the previous version of IE-ADS.REG that you installed to remove that old version. If the uninstaller included in the \OLD sub-dir is not for the version you previously installed and you have have lost the package with the uninstaller (IE-UNINST.REG) for the version that you did install, see the "Installing & Uninstalling IE-SPYAD" section below for advice on dealing with this situation. Note that when you merge IE-ADS-UNINST.REG into the Registry, you'll receive the same message as you get when you install IE-SPYAD. Don't be confused or alarmed by this. Windows is simply informing you that it is merging the uninstaller .REG file. That .REG file does actually remove IE-SPYAD's entries from the Restricted sites zone. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Troubleshooting .REG File Problems ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IE-SPYAD is essentially a set of .REG files that are merged into the Windows Registry. Windows Registry Files (.REG) are themselves plain text files that contain Registry changes that can be merged into the Registry. To merge a .REG file, one normally double-clicks a .REG file and then clicks through the confirmation box that Windows presents. In some cases, however, the .REG file association in Windows may become broken. When that happens, Windows won't know what to do with .REG files and, thus, will not be able to merge them properly into the Registry. If Windows seems not to know know what to do the IE-SPYAD .REG files, it's probable that the .REG file association is broken on your version of Windows. There are two possible solutions: 1. Download REG-RESTOR REG-RESTOR.ZIP contains a set of .REG files that can be manually imported into the Windows Registry Editor to reset or restore the .REG file association in Windows. You can download REG-RESTOR from this page on my web site: http://www.staff.uiuc.edu/~ehowes/fixes.htm Be sure to read the ReadMe.txt included with REG-RESTOR and follow the directions carefully. Once you've used REG-RESTOR to reset your .REG file association, you should be able to merge IE-SPYAD's .REG files into your Registry by double-clicking on them. 2. Manually import IE-SPYAD w/ REGEDIT.EXE You can use the Windows Registry Editor (REGEDIT.EXE) to manually import IE-SPYAD's .REG files. Here's how to do it: a) Open REGEDIT.EXE (Windows Registry Editor) Go Start >> Run... In the "Run" box type "REGEDIT.EXE" (sans quotes) and hit "OK." The Windows Registry Editor should open. b) Import IE-ADS.REG Go "Registry" >> "Import Registry File." Locate the IE-ADS.REG and select it. Then hit "Import." (Note: to uninstall IE-SPYAD, select IE-ADS-UNINST.REG and import that .REG file instead.) c) Close REGEDIT.EXE d) Verify that IE-ADS.REG has been imported In Internet Explorer, go "Tools" >> "Internet Options" and click the "Security" tab. Select the Restricted sites zone, and hit the "Sites..." button. If IE-SPYAD has been properly imported, you should see a long list of sites and domains in the "Sites..." box. (By turns, if you imported IE-ADS-UNINST.REG to uninstall IE-SPYAD, the "Sites..." box should be clear.) If you use this second method, keep in mind that the .REG file association remains broken on your computer, even though you successfully imported IE-SPYAD's .REG files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ About the PGP Signature Files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I make available PGP signatures (as detached sig files) for all of the downloadable file on my web site. These PGP signature files have the extension .SIG. You don't have to download the PGP sig files (or my PGP public keys) in order to use IE-SPYAD or the other files and utilities that I make available. The PGP sigs are digital signatures for the main download files that PGP users can use to verify the integrity and origin of the download files. If you don't use PGP, they won't be of much use to you. If you're interested in learning more about PGP, check some of the links on this page: http://www.staff.uiuc.edu/~ehowes/info5b.htm -------------- Uninstallation -------------- To remove the changes IE-ADS.REG to Internet Explorer's Restricted sites zone: 1. Double-click on IE-ADS-UNINST.REG (included with this .EXE) file. The list of spy/ad servers will be removed from the Restricted sites zone. Note that when you merge IE-ADS-UNINST.REG into the Registry, you'll receive the same message as you get when you install IE-SPYAD. Don't be confused or alarmed by this. Windows is simply informing you that it is merging the uninstaller .REG file. That .REG file does actually remove IE-SPYAD's entries from the Restricted sites zone. 2. Reset your Restricted sites zone security setting to "Default Level." Open Internet Explorer's "Internet Options" (off either the "View" or "Tools" menu bar option). Hit the "Security" tab. Select the "Restricted sites." Click the "Default Level" button. If you wish to uninstall a previous version of IE-SPYAD, use the IE-ADS-UNINST.REG included in the \OLD sub-directory. This version of IE-ADS-UNINST.REG is the uninstaller for the previously released version of IE-SPYAD. ------- Updates ------- The IE-SPYAD Restricted zone list is regularly updated. You can download updated versions of IE-SPYAD from the same page where you downloaded your original copy of IE-SPYAD. http://www.staff.uiuc.edu/~ehowes/resource.htm That page lists the last time that IE-SPYAD was updated. I usually try to update IE-SPYAD at least once a month, though I may update more frequently if Stephen Martin updates his HOSTS file (http://www.smartin-designs.com/). There is no special forum, newsgroup, or web board for IE-SPYAD. I do hang out regularly in the following newsgroups and forums, however, and you can often find folks talking about IE-SPYAD (and other things related to privacy & security) in these places: DSLR Security Forum http://www.dslreports.com/forum/security,1 GRC Discussion Groups http://grc.com/discussions.htm Wilders Security Privacy Software Forum http://www.wilderssecurity.com/index.php?board=20 I periodically announce updates to IE-SPYAD and AGNIS (my other main block list) in the DSLR forum, the Wilders forum, and the GRC LatestVersions newsgroup (grc.news.latestversions). ============== Using IE-SPYAD ============== Now that you've installed the IE-ADS.REG file, you may be wanting more information about how the ad blocking and privacy protection techniques of this file works. What follows is a short FAQ (Frequently Asked Questions) list for IE-ADS.REG. ---------------------------------- What is the Restricted sites zone? ---------------------------------- Briefly, the Restricted sites zone in Internet Explorer contains a list of sites that must follow very strict rules of behavior when you surf to them with Internet Explorer (Netscape Navigator/Communicator does not use the Restricted sites zone). You can specify the sites that are put into the Restricted sites zone as well as the policies those sites must follow. By setting the policies for the Restricted sites zone to a very high level of security, we can ensure that any web sites added to the Restricted sites zone cannot do certain things which could compromise your privacy and security -- e.g., place "cookies" on your hard drive; use Java, Active-X, or scripting; install programs behind your back, etc., etc. The Restricted sites zone allows you to set policies to govern the use of browser technologies and features which can be used by web sites to threaten your security and privacy. These threats include such things as: * ActiveX controls * Java applets * JavaScript * cookies * download and installation of desktop items * use of email address as anonymous FTP password * "User data persistence" If you followed the instructions in this ReadMe to install IE-ADS.REG, then you: 1. added a long list of known ad/spy servers to the Restricted sites zone 2. set the security policies of the Restricted sites zone to a very safe level By adding all those ad/spy servers to the Restricted sites zone, you have prevented them from engaging in all sorts of nasty behavior when you visit web sites that may use those servers to present banner advertisements. In short, the Restricted sites zone protects your privacy with advertisers by placing your browser on a "short leash" whenever it communicates with those ad/spy servers. -------------------------------------- How can I tell if IE-SPYAD is working? -------------------------------------- When you visit web sites, look in the bottom right hand corner of Internet Explorer, where you will see a small icon telling you which Security zone ("Internet," "Trusted," "Restricted") applies to that site. Try pointing your browser to this web site: http://www.doubleclick.com If the Restricted sites zone of Internet Explorer is doing its thing (using the information from IE-ADS.REG), then you should see a red icon in the bottom right hand corner of Internet Explorer indicating that doubleclick.com falls in the Restricted sites zone. Occasionally, you will hit sites which fall solely in the Restricted sites zone, as in our example above. More often, though, you'll simply see a "Mixed" zone. If you visit a page which uses banner advertisements served up by one of the ad servers in the Restricted sites zone, you will likely see the icon in the bottom right hand corner of Internet Explorer turn to a "Mixed" zone, meaning that most of the page belongs to one zone (probably the Internet zone), but that the site is drawing some information (banner ads) from one or more of the ad servers in the Restricted sites zone. ---------------------------------- I'm still seeing ads on web pages. Why isn't it working? ---------------------------------- IE-ADS.REG cannot cause Internet Explorer to start blocking ads. You will still see ads on web pages after loading IE-ADS.REG. By placing all those servers and domains into the Restricted sites zone, however, IE-ADS.REG does prevent those servers and domains from doing certain types of things with your web browser, like placing cookies or using JavaScript. If you're interested in blocking ads so that you don't even see them, there are any number of solutions out there, including the use of a HOSTS file, or use of one of the many programs that exist to block ads. For more information about these ad blocking solutions, see these two web pages at my web site: http://www.staff.uiuc.edu/~ehowes/soft8.htm http://www.staff.uiuc.edu/~ehowes/soft8a.htm --------------------------------------------------- Now that I've installed IE-SPYAD, I'm getting these ActiveX warnings? Why am I getting these errors? --------------------------------------------------- Once you add IE-SPYAD's list of sites and domains to your Restricted sites zone, you may start receiving pop-up notifications from Internet Explorer when you visit certain web sites, even though the web site itself isn't in your Restricted sites zone. That notification usually reads: "Your current security settings prohibit ActiveX controls on this page. As a result, the page may not display correctly." These notifications are related to IE-SPYAD's additions to your Restricted sites zone. That may not be immediately apparent if the main web site you're visiting doesn't fall in the Restricted sites zone. Here's what's happening: many web sites and web pages are built from content that's drawn from several different sources. Those sources may include not only the web site or page that you're visiting, but third-party advertisers. If you access a web page that's using content drawn from an advertiser or spyware pusher that's in the Restricted sites zone, then Internet Explorer will classify that content (but not necessarily the entire web page) as falling within the Restricted sites zone. That's why you'll sometimes see Internet Explorer labeling a page as "Mixed," instead of "Internet" or "Trusted" or "Restricted." A "Mixed" zone web page is drawing content from mutliple sources that fall within different zones. The "error" that you're seeing isn't really an "error" -- it's simply Internet Explorer's way of telling you that some element of the web page attempted to use ActiveX controls but couldn't because the content source fell within the Restricted sites zone. You'll see that while using IE-SPYAD. It doesn't necessarily indicate a problem; in fact, it really indicates that IE-SPYAD is doing it's job. Unfortunately, there's no way to turn that warning off without changing the settings for ActiveX controls in the Restricted sites zone. If that third-party content is absolutely essential for the web page you're viewing, there are ways to identify which entry in IE-SPYAD is causing the problem. See the "How can I tell which entry is causing a problem with a web site?" question below for more information. ------------------------------------------- How can I see which domains or servers have been added to the Restricted sites zone? ------------------------------------------- There are two ways to view the list of servers or domains which IE-ADS.REG puts in the Restricted sites zone. First, you can view the list of sites BEFORE installing IE-ADS.REG by opening IE-ADS.REG in a simple text editor like Notepad. .REG files are, in reality, merely text files formatted for use by REGEDIT.EXE, a utility which edits and manages the Windows Registry (which is itself a vast storehouse of information about your Windows configuration). To open IE-ADS.REG in Notepad, simply right-click on the file and select "Edit" from the context menu that pops up. You can enable or disable domains in this .REG file by editing the entries. For more info on editing and customizing IE-ADS.REG, please see the question below, "How can I customize IE-ADS.REG?" Second, you can view the list of domains and servers after they have been added to the Restricted sites zone. In other words, you can see what domains and servers are actually in the Restricted sites zone at any one time. To do so: 1. Open "View" or Tools," then "Internet Options," then click the "Security" tab. 2. Select the Restricted sites zone and then click "Sites." A list of all the domains in the Restricted sites zone will appear. You can remove domains or servers from this "Sites" list. For more info on removing sites from the Restricted sites zone "Sites" list, see the next question, "Now that I've installed..." ------------------------------------------ One of the web sites that I normally visit isn't working right. How can I remove it from the Restricted sites zone? ------------------------------------------ Some web sites might require your browser to "play nice" with a server from a domain that has been placed in the Restricted sites zone. For example, a web site might complain that it can't place a "cookie" on you hard drive, or that it can't use Java, and that it needs to do one of these things in order for the page to work. Perhaps you try to launch a streaming audio file by clicking on a link, and the link doesn't appear to work. If you trust the web site, you can try removing the offending domain entry from the Restricted sites zone: 1. Identify which domain (e.g., cnn.com or doubleclick.com) is being restricted. Note that web pages can draw content from multiple sources, including third party sources. See the next question for tips for identifying the specific entry that might be causing you problems with a web site. 2. Open "View" or Tools," then "Internet Options," then click the "Security" tab. 3. Select the Restricted sites zone and then click "Sites." A list of all the domains in the Restricted sites zone will appear. 4. Scroll down until you find the offending entry and click "Remove." 5. Click "OK" to accept your changes. 6. Clear your "Temporary Internet Files" (on the "General" page of "Internet Options"). 7. Click "OK" to close the "Internet Options" settings box. 8. Now try reloading the page. Note that you might have to pay very close attention to the web page to figure out which domain is being restricted. ------------------------------------- How can I tell which entry is causing a problem with a web site? ------------------------------------- Web pages can draw content from multiple sources, including third party sources. Thus, for example, you might visit www.cnn.com and encounter a widget on that page that doesn't work. But that widget isn't being drawn from cnn.com (which isn't even IE-SPYAD). In this case, you'll have to identify the sources for the content on cnn.com's home page. It's likely that the widget is being pulled from some third-party source (say, doubleclick.net) that IS in IE-SPYAD's list of Restricted domains and servers. If you can identify the source for content that isn't working, you can then remove the entry which is causing the problem from the Restricted sites zone. It can be a bit tricky to identify all the sources for a web page's content. One good tip-off that a web page is drawing content from multiple sources is the "Mixed" zone icon that you might see in the bottom right-hand corner of Internet Explroer. A "Mixed" zone means that a web page is drawing content from multiple sources which fall into different zones. One of those sources is likely in the Restricted sites zone. There are several ways to identify all the sources for a web page's content: 1. Info on the page itself Hover your mouse over images (esp. banner ads) and other links and watch the bottom band of Internet Explorer, which previews the sites which are linked to. You can also right-click on images and look at the "Properties" for those images. Either method will provide some indication as to where page content is being drawn from. 2. The IE6 Privacy Report In Internet Explorer 6.0, go "View" >> "Privacy Report." The Privacy Report gives you a rundown of "Web sites with content on the page." 3. Personal firewall logs Most personal firewalls provide logging of some sort, and you can look through your firewall's logs to get some indication of the sources for a page's content. 4. View the HTML source Go "View" >> "Source" to open the HTML source for a page. Looking through HTML can be a pain, but it does reveal all the sources for page content. Note: if the site uses frames, you'll have to open the framed page separately (right click on the framed page, then "Open Frame in New Window"). Then you can "View" >> "Source." It's not always difficult to track down the specific entry in the Restricted sites zone that's causing a web site not to work, but sometimes it does require some patience. ================================ About IE-SPYAD's List of Entries ================================ ------------------------------------------------ How do you decide what sites to add to IE-SPYAD? ------------------------------------------------ There's a short answer to this question and a longer answer. Here's the short answer. I build IE-SPYAD and AGNIS (my block lists for AtGuard, Norton Internet Security, and Outpost) from several sources of information: 1. Stephen Martin's HOSTS file (http://www.smartin-designs.com/) 2. the latest databases for SpyBot Search & Destroy (http://security.kolla.de/) 3. discussions in the SpywareInfo Forums (http://www.spywareinfo.com/yabbse/) I also draw on information gathered in the course of my own web surfing. I not only pay attention to the actions of web sites that I visit (by carefully inspecting those web pages, their HTML sources, and my personal firewall's logs), but I keep abreast of current tech news from such sites as CNET (http://www.news.com.com) and Wired News (http://www.wired.com/news/). The sites are domains that are added to IE-SPYAD are associated with: * commercial advertisers (that serve up banner ads and pop-ups/pop-unders) * spyware/adware pushers (that deliver adware, spyware, homepage hijackers, or other unwanted, intrusive web applications and widgets) I do tend to err on the side of caution. If a site or domain is primarily associated with delivering advertising or unwanted web applications, I will add it to IE-SPYAD's list of Restricted sites. Commercial advertisers have a bad history of escalating the means and methods they're willing to use to deliver advertising and spyware to users' systems (and their privacy policies are completely malleable, representing almost no protection at all to web surfers). ~~~~~~~~~~~~~~~~~ The Longer Answer ~~~~~~~~~~~~~~~~~ AGNIS and IE-SPYAD are built from the same basic block list. Users of IE-SPYAD and AGNIS often ask, "Where do you get your information to add new entries to AGNIS or IE-SPYAD?" The answer to that question isn't a simple one, and what follows is a somewhat detailed explanation. I get my info from a number of different sources: 1) Stephen Martin's HOSTS file (and other block lists) IE-SPYAD and AGNIS were originally based on Stephen Martin's HOSTS file (http://www.smartin-designs.com/), and every time he updates the HOSTS file, I update my block lists as well. When Stephen Martin does release an update, I go through his list of changes, looking for new domains that are primarily associated with advertisers, marketers, and crapware pushers. I then visit those domains to verify that they are in fact used by marketing and advertising outfits. I do not blindly dump updates to the HOSTS file into IE-SPYAD and AGNIS -- I pick and choose. Also, I do occasionally look at other block lists that folks have built for web filtering programs. Aside from Stephen Martin's HOSTS file, though, many of these other block lists aren't maintained very well, so it's rare that I find much of anything that I didn't already have. 2) SpywareInfo Support Forums Mike Healan's SpywareInfo hosts several important discussion forums: http://www.spywareinfo.com/yabbse/index.php#3 ...where people with spyware problems can seek help. In particular, the "Spywatch," "Spyware Removal," and "Browser Hijacking" forums are esp. useful. Users regularly bring system logs generated with HijackThis! and StartupList (both available from http://www.spywareinfo.com/~merijn/ ) into those forums for troubleshooting advice. Those logs (and the discussions that result from them) are invaluable for identifying new sources of spyware/adware/hijackers. 3) Other Spyware Reference Sites I constantly comb through several well-known spyware reference sites for leads on new forms of crapware and the outfits that distribute them: and.doxdesk.com http://www.doxdesk.com/parasite/ CounterExploitation http://cexx.org/adware.htm PestPatrol (Safersite) http://www.pestpatrol.com/ http://www.safersite.com/ Spyware Guide http://www.spywareguide.com/ All four of the above sites keep excellent data about spyware, adware, hijackers, and dialers, including distribution and uninstallation information. 4) Anti-Spyware Program Updates I monitor the updates to programs such as: Ad-aware http://www.lavasoft.de/ SpywareBlaster http://www.wilderssecurity.net/spywareblaster.html SpyBot Search & Destroy http://security.kolla.de/ ...looking for new forms of crapware. SpyBot Search & Destroy is esp. useful because of the included .NFO files that contain detailed info on the programs it targets. Occasionally, all I'll get is the name of a program or direct marketing outfit -- some digging in Google turns up the rest. 5) News Stories Direct marketers and crapware pushers are often desperate to get their names in front of the public in order to attract sales and investors. Thus, major tech media outlets such as: CNet http://news.com.com/ IDG http://www.idg.net/ Wired.com http://www.wired.com/news/ ZDNet http://www.zdnet.com/ ...(to name a few) regularly carry stories about direct marketing outfits and spyware pushers, esp. those who are doing things new and noteworthy. The online technology sections for newspapers such as: New York Times http://www.nytimes.com/ San Francisco Chronicle http://www.sfgate.com/ San Jose Mercury News http://www.bayarea.com/mld/mercurynews/ Washington Post http://www.washingtonpost.com/ ...are also helpful in this regard. 6) Discussion forums I monitor privacy & security oriented forums such as: DSLR/BBR Security forum http://www.dslreports.com/forum/security,1 http://www.broadbandreports.com/forum/security,1 Wilders.org http://www.wilderssecurity.com/ GRC's newsgroups http://grc.com/discussions.htm ...as posters often provide useful info about and pointers to new forms of advertising and spyware. 7) Web sites of direct marketers themselves I spend a good amount of time going through the web sites of known advertisers and spyware pushers themselves. You'd be surprised what a little digging can turn up. When I visit a direct marketer's web page, I look at the HTML source as well as the following sections of the web site (if they exist): * About Us (Our Company) * Partners * Privacy Policy * Products * Services * History * Demos * Contact Us I'm looking for affiliated/related web sites, names of products and services, names of partners/affiliates, etc. Esp. in the case of adult-oriented companies, the network of relationships can be quite complicated. I'll often follow up by doing searches within Google (which can be a more trustworthy/reliable source of info than the marketers and crapware pushers themselves). Occasionally I stumble across web sites that yield a "mother load" of links to direct marketers and crapware pushers. This is esp. true of web sites targeted towards webmasters (and adult site webmasters), as such web sites often include handy indices of direct marketing networks, technologies, partnering programs that webmasters might be interested in. A lot of this is just persistence and following one link to another, looking through the HTML source for web pages, or taking the name of a marketing outfit and digging for info in Google. 8) My own web surfing I monitor my firewall logs and track down new entries based on info that I find there. I pay attention to what's happening at web pages that I visit. I've even been known to drop all my "defenses" and deliberately go trolling for spyware and other obnoxious direct marketing gimmicks at dodgy web sites. If I come across an unfamiliar program, I'll download it and inspect it. I unpack .CAB files when necessary, and look at the Properties and Digital Signatures for each file. I also look at installer .INF files for clues as to the origin or author of the program. Again, often all it takes is a name that I can plug in to Google. --- So, there's no one source for the information that feeds into AGNIS and IE-SPYAD. It comes from a lot of different places. ------------------------------------- Why can't you make sure that IE-SPYAD doesn't block normal, harmless stuff? ------------------------------------- If I could find some way that IE-SPYAD would never cause anyone any problems, I would do it. Unfortunately, there's no easy way to build a block list that will be 100% problem-free for everyone. Block lists are fairly blunt instruments, and when thousands of users with thousands of different preferences and surfing habits are using a block list, problems will inevitably arise. Adding a site or domain to IE-SPYAD always involves decisions, and these decisions can be difficult for several reasons. | 1. There's no easy way to distinguish "dangerous" | | web sites from "innocuous" ones. | People sometimes ask me why I include sites and domains in IE-SPYAD that they don't regard as "dangerous," thus getting in the way of "normal internet activities." Classifying web sites as "dangerous" or "innocuous" isn't as easy as it might first sound, though. Doubleclick.net, for example, would seem to be an obvious candidate for the Restricted sites zone. If doubleclick.net doesn't qualify as a domain worthy of putting in the Restricted sites zone, then nothing does. Yet, I've received emails from folks who were having problems accessing content on gaming sites because of the doubleclick.net entries. Those gaming sites (all completely legitimate and innocuous) were forcing users to download game content through doubleclick.net. Should doubleclick.net then be removed from IE-SPYAD? Another example is the GAIN (Gator Advertising Information Network) network and all of its affiliates. Many folks consider Gator spyware, yet plenty of folks like Gator. Should Gator be removed? If there were any easy way to distinguish between "only seriously dangerous rogue sites" (i.e., sites that everyone would want blocked) and "non-dangerous" sites (sites that only some people want blocked), life would be easy. But it isn't. That means that you may encounter sites in IE-SPYAD that cause you problems and whose inclusion in IE-SPYAD you may disagree with. As things stand, the best I can do is: * look at sites on a case by case basis (as I do now); * keep a "Not for Everyone" section for problematic sites likely to cause lots of folks headaches (as you'll find now in IE-SPYAD); * look into problems with sites as they come up (as I do in several online forums and via email on a regular basis). Unfortunately, privacy and security online involve tradeoffs with convenience. That's true of any privacy and security solution, whether we're talking about IE-SPYAD, a tightly configured Internet zone, other web filtering solutions (which almost all rely on block lists), a HOSTS file, firewalls, anti-virus/anti-trojan solutions, crypto software -- you name it, there are trade-offs. There will never be a point at which privacy and security won't come at the expense of "normal internet activities," because what counts as "normal internet activities" will always vary from person to person. The best that can be done is attempt to minimize those tradeoffs as much as possible. | 2. B2B companies complicate the picture. | There is a particular kind of B2B-oriented company on the Internet that is becoming increasingly prevalent -- namely, companies that provide internet services and content for other companies and web sites. Web surfers and online consumers may directly encounter this "third-party" content and these "third-party" services while visiting web sites which have contracted out for such services and content. Many of these types of companies supply streaming media applets and online support chat widgets to e-commerce sites. The grand-daddy of this type of company is Akamai, a load-distribution service that serves up content for client web sites. Other examples of such companies include: CameoCast/CameoOne CenterSpan Chaincast PrumulGate/DelFin Project EyeWonder Hiwire Networks Ibsys.com ifilm InstaContent InstantService ipix Kontiki LivePerson Netopia (eCare/Timbuktu) Prospero Pulse3d Red Swoosh QuickFlicks SpaceSea StreamMagic/Fordale/DownloadWare Unicast Viewpoint We're also starting to see companies that specialize in IP (intellectual property) management, DRM (digital rights management), and content protection. Such companies include: BandLink CDilla/Macrovision CleverContent ContentAuditControl These companies are becoming increasingly aggressive in pushing web applications and other widgets onto end users' systems. And, finally, there is a unique class of companies that provide applications and networking solutions to ISP's (internet service providers). BroadJump IpInsight Tioga Systems These ISP-service companies (for lack of a better term) often supply their ISP clients with software that can be installed on end users' system, turning those users' internet connections into direct marketing and content delivery vehicles. These types of companies (is there a handy term for them?) are always difficult to classify, because in some cases they may supply completely legitimate content for client web sites. In other cases they may serve up advertising and unwanted, intrustive, "drive-by-download" web widgets. I examine each of these companies on a case-by-case basis, though the decisions that I make are never easy and should never be regarded as final. | More Information | IE-SPYAD is only one of several block lists that I build. The others are AGNIS (for AtGuard and Norton Internet Security) and AGNIS for Outpost (for Agnitum's personal firewall). IE-SPYAD and all versions of AGNIS are built from a common source of entries, though there are differences between the two lists. Most notably, IE-SPYAD does not incorporate any URL fragments such as "/ad_server". In fact, when updating, I build the AGNIS lists first. If you'd like more information about the entries included with IE-SPYAD, you can download AGNIS, which includes a "full" list that serves as a kind of "master list" for all of my block lists. http://www.staff.uiuc.edu/~ehowes/resource.htm#AGNIS The "full-original" AGNIS list (AG-ADS-ORG.REG, located in the \ORG sub-dir of the AGNIS installation directory) is an editable/viewable .REG file in which all the entries are broken down into sections (advertisers, spyware, et al). That "full-original" AGNIS block list should give you a good idea of how I classify and think about the sites and domains that I've included in IE-SPYAD. | If You Do Have a Problem with an Entry... | If you do run into a problem with an entry in IE-SPYAD that is causing you difficulties with a web page that you frequently visit, please contact me and let me know: eburger68@myrealbox.com In your email, please tell me what entry is causing the problem (if you know). Also, if you have an example web page where I can see the problem in action, send along the URL. I can't guarantee that the entry that is causing you problems will be removed from IE-SPYAD, but I will take a look at the information you provide and consider a course of action. I'm human, and I have been known to make mistakes. In cases where an entry clearly has no connection with a direct marketing company or crapware pusher, I'm happy to remove the entry, esp. if it's one that is likely to cause many users problems. ==================== Customizing IE-SPYAD ==================== ------------------------------- How can I customize IE-ADS.REG? ------------------------------- The Restricted sites for Internet Explorer takes the form of a .REG file -- a Windows Registry file. .REG files are, in reality, merely text files formatted for use by REGEDIT.EXE. As such, they can be edited using any simple text editor like Windows Notepad. To open the Restricted sites(IE-ADS.REG) in Windows Notepad, right-click on IE-ADS.REG file and select "Edit" from the context menu that pops up. IE-ADS.REG should open right up in Notepad. If this doesn't work, try opening Notepad from the "Start" menu, navigating to the appropriate directory or folder through "Open," and opening IE-ADS.REG that way (you'll have to tell Notepad to look for "*.* - All Files" first). If you edit IE-ADS.REG in a text editor like Notepad, you will not only be able to see the entries that will be added to the Restricted sites zone in Internet Explorer, but you will be able to add or modify entries. Here's a quick introduction to the syntax of the entries in the IE-ADS.REG file: To add this entry... .doubleclick.com/ ...into our currently loaded ad block list, we would need an entry in the IE-ADS.REG file that looks like this... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\doubleclick.com] "*"=dword:00000004 Note that there are TWO lines here separated by a carriage return. The first, which is "wrapped" in this example (and will "wrap" when you open IE-ADS.REG), is... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\doubleclick.com] The first part specifies the key location in the Registry where Windows will store this entry. The second part specifies the "key name" (doubleclick.com). All parts are separated by backslashes ( \ ). The second line contains the "key value"... "*"=dword:00000004 ...which assigns doubleclick.com to the Restricted sites zone. As explained above, the NOT FOR EVERYONE section includes a number of entries which are not enabled by default. These entries are "disabled" (and will not be added to your ad block list) because they have been "remarked out" with a semi-colon and space ( ; ). Note that there are TWO sets of semi-colon and space: one for the "key name" (the first line), and one for the "key value." Thus, to enable the following "disabled" entry... ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] ; "*"=dword:00000004 ...you would edit the entry to look like... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] "*"=dword:00000004 ...save your changes in Notepad, and then merge the .REG file into your Registry by double-clicking on it. The examples we've looked at so far involve simple domains like msid.com or doubleclick.com. When dealing with specific servers like reg.bluemountain.com, however, IE-ADS.REG uses one additional line. Here's the complete entry for a server like reg.bluemountain.com (which is "disabled" here): ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\bluemountain.com] ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\bluemountain.com\reg] ; "*"=dword:00000004 The first line here specifies a "key name" for the domain itself, but doesn't specify a "key value." The second and third lines specify a second, subordinate "key name" for the specific server as well as a "key value." Once we specify a "key name" for a domain without a "key value," we can add any number of subordinate "key names" and "key values" for specific servers from this same domain. Thus, for yahoo.com we have... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\yahoo.com] ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\yahoo.com\eur.rd] ; "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\yahoo.com\geo] "*"=dword:00000004 Note that the first server specific entry for eur.id.yahoo.com is "disabled," while the second entry for geo.yahoo.com is "enabled." ------------------------------------------ Why is there a "Not for Everyone" section? ------------------------------------------ Some popular web sites and domains may cause problems for some folks if they are put into the Restricted sites zone. Still other users may actually want to put those sites and domains into the Restricted sites zone. The "Not for Everyone" section is an attempt at some sort of compromise. Most (but not all) sites and domains in the "Not for Everyone" section are disabled by default. They are grouped by domain for easy reference. Users who want to add those sites and domains to the Restricted sites zone can edit the appropriate entries in the "Not for Everyone" section. I describe how to "enable" those entries in the section just above. I got the idea for the "Not for Everyone" section from Stephen Martin's HOSTS file, which includes an identically named section. Indeed, you'll find that most of the sites and domains in his "Not for Everyone" section have made it into mine. --------------------------------------- How can I save my customizations to the "Not for Everyone" section? --------------------------------------- Some IE-SPYAD users like to customize the "Not for Everyone" section, enabling many of the entries in that section that are disabled by default. The question they encounter is this: how can they preserve their customizations across installations of IE-SPYAD? In other words, do they need to customize the "Not for Everyone" section every time a new version of IE- SPYAD is released? The answers: yes, you can preserve your customizations across installations of IE-SPYAD; no, you do not need to customize every single new version of IE-SPYAD. First, remember that the uninstaller (IE-ADS-UNINST.REG) is built from the installer (IE- ADS.REG). Entries that are disabled in the installer are also disabled in the uninstaller. Thus, unless you customize the uninstaller and enable the same entries, any entries you enabled in the installer will NOT be uninstalled when you run the uninstaller. In other words, any entries you enable from the "Not for Everyone" section will remain in the Restricted sites zone even after you use the uninstaller because those entries are still disabled in the uninstaller (unless you've enabled them). For more information on how the IE-ADS.REG and IE-ADS-UNINST.REG files work, see the "How can I customize IE-ADS.REG?" section above. Second, even though your customizations will be preserved across new installations of IE- SPYAD, you might want to save a copy of your customizations. Here's how to do it: 1. Create a new .REG file Simply pop open Notepad, add the following as the first line of the file: REGEDIT4 ...and save the file as a .REG file -- example: MY-PREFS.REG. 2. Open IE-SPYAD Right-click on the latest IE-ADS.REG file that you got with IE-SPYAD, and select "Edit" from the context menu. IE-ADS.REG will open in Notepad (.REG files are just plain text files). 3. Copy the "Not for Everyone" section Highlight, copy, and then paste the "Not for Everyone" section from IE-ADS.REG over to your new custom .REG file. Make sure you paste the "Not for Everyone" section at least two lines under the REGEDIT4 line, which is the first line of your custom .REG file. Once you've copied that section over, you can close IE-ADS.REG. 4. Customize, customize, customize Enable all the entries you want in your custom .REG file by removing the semi-colon ( ; ) and space in front of each entry. Thus, to enable the following "disabled" entry... ; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] ; "*"=dword:00000004 ...you would edit the entry to look like... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\msid.com] "*"=dword:00000004 5. Save your changes in Notepad That's it. You now have a custom .REG file that contains your own personalized "Not for Everyone" section. If you haven't already merged your customizations into the Registry, do so now by double-clicking on it. (Don't worry about duplicate entries between IE-ADS.REG and your custom .REG -- any duplicates will simply be overwritten in the Registry.) Normally you won't have to use this custom .REG file. If you completely clear the Restricted sites zone, or if you completely reinstall Windows, hoeever, this custom .REG file will allow you to add your custom-enabled entries back into the Restricted sites zone quickly. Note that the procedure outlined above for creating a customized "not for Everyone" file works only for customizations in which you *enable* entries that are disabled by default in IE-ADS.REG. If you wish to create a customized "Not for Everyone" section that will DISABLE entries that are enabled by default in IE-SPYAD's IE-ADS.REG, see the next section. ------------------------------------- How can I save my "disabled" entries? ------------------------------------- Although I try to ensure that the entries included in IE-SPYAD don't break popular web sites, it's simply impossible to meet the needs of every last user. Thus, there may be entries in IE-SPYAD's Restricted sites list that you don't want added to your Restricted sites zone. The problem, of course, is that every time you install an updated version of IE- SPYAD, those entries will be added back into the Restricted sites zone, forcing you to remove them all over again. Fortunately, there is a way around this hassle: create your own custom uninstaller. The idea behind a custom uninstaller is to create a custom .REG file that uninstalls entries from the Restricted sites zone that you don't want in that zone. You can use you custom uninstaller every time you update IE-SPYAD, instead of removing those problematic entries one at a time by hand. Here's how to create a custom uninstaller: 1. Create a new .REG file Simply pop open Notepad, add the following as the first line of the file: REGEDIT4 ...and save the file as a .REG file -- example: MY-PREFS.REG. 2. Open IE-SPYAD Right-click on the latest IE-ADS.REG file that you got with IE-SPYAD, and select "Edit" from the context menu. IE-ADS.REG will open in Notepad (.REG files are just plain text files). 3. Find & copy all the problematic entries Locate the entry for each domain or site that's causing you headaches and which you never want to see in the Restricted sites zone. Thus, if llzz.com shouldn't be in the Restricted sites zone, you would find and copy... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\11zz.com] ...over to your new custom uninstaller .REG file. Ignore the... "*"=dword:00000004 ...which you see immediately under the main entry. And be sure to paste your copied entries at least two lines under the REGEDIT4 line which leads off your custom uninstaller .REG file. Once you've copied all the problematic entries, close IE-ADS.REG. 4. Edit your sustom .REG file .REG files can be used to remove keys from the Registry as well as add them. To turn your new .REG file into one which removes or uninstalls entries from the Restricted sites zone, you need to make a small change to each of the entries you copied over from IE-ADS.REG. Add a hyphen ( - ) to the front of each entry, so that it looks like this: [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\Domains\11zz.com] That hyphen ( - ) instructs the Windows Registry Editor (REGEDIT.EXE) to remove that entry from the Registry, not add it. (If no such entry is in the Regsitry, the line is ignored.) 4. Save your changes Once you've edited every entry in the manner described above, save your changes and close Notepad. You've now created a custom uninstaller. After you merge a new version of IE-SPYAD's IE- ADS.REG into the Registry, simply merge your uninstaller afterwards. That uninstaller will remove all the problematic entries you don't want to see in the Restricted sites zone. -------------------------------- Why is there an "Adult" section? -------------------------------- The purpose of IE-SPYAD is to put restrictions on obnoxious advertisers, marketers, and spyware pushers, not to block pornography or other content which some users may find offensive or objectionable. The problem with so many porno sites, however, is that they often use incredibly aggressive, even dangerous, direct marketing tactics. Moreover, web surfers can easily get sucked into these sites and domains quite unwittingly and unintentionally (and no, I'm not joking here -- it happens). I've included a large number porno sites and domains precisely because of the aggressive direct marketing that these sites and domains often use, not because I feel that the content that they serve ought to be blocked. Indeed, I take no position whatsoever on the content that you may find on those sites. Still further, because I don't want to be understood as somehow offering a porno blocking tool, I've deliberately segregated porno sites into the "Adult" section (like Stephen Martin's "Adult" HOSTS file) so that users who may want to use those sites without restrictions can easily remove the appropriate entries. If you're interested in blocking pornography and other offensive material (perhaps you have young children in the house), then I'd suggest looking into some other (more effective) method for doing so. While IE-SPYAD will put restrictions on the sites listed in the "Adult" section, it will NOT block potentially offensive images and text from most of those sites (unless the sites rely heavily on active content). And IE-SPYAD doesn't even pretend to include a comprehensive list of known porno sites on the Web. Compiling such a list is well beyond the scope of IE-SPYAD. A Note On the "Adults" Section from Stephen Martin's HOSTS File: Starting with the 7/29/02 version of his HOSTS file, Stephen Martin removed the "Adult" section and began offering a separate "Adult" HOSTS file. According to Stephen Martin: This file only contains Adult sites. Someone graciously sent me a huge list which now totals 42913 adult site entries. I didn't verify any of them because it would take too much time. I moved the Adult sites I had from their normal place in the hosts file to this new file so they are no longer in any of the hosts files. If you want to include them just download it here, Zipped 252kb it's too large to post as a text file so you just unzip it and merge it to the hosts file. You can download this sepearate package from Stephen Martin's site: http://www.smartin-designs.com/ Be warned: this file is a large one. It contains almost 43,000 unique entries. You can use the free HOSTS file utility Hostess (http://accs-net.com/hostess/) to convert that "Adult" HOSTS file to a .REG file similar to IE-SPYAD. The resulting file contains almost 31,000 unique domains (by comparison, IE-SPYAD contains around 2000 unique domains). For the time being I willl keep the "Adult" section in IE-SPYAD "as is" -- I will not be merging those 31,000 entries into IE-SPYAD proper or making a .REG file version of Stephen Martin's "Adult" HOSTS file available on my web site. If you wish to merge those 31,000 entries into your Restricted sites zone, you can download the ADULTS.ZIP from Stephen Martin's web site http://www.smartin-designs.com/ ...as well as Hostess from... http://accs-net.com/hostess/ ...and generate the .REG file yourself. Hostess makes the process very easy. ------------------------------------------- What is the "IE xx.yy Special" section for? ------------------------------------------- This special section exists in order to pull all "two-letter domains" that stand by themselves into one convenient section. Internet Explorer treats "two-letter domains" differently than all other domains. Two-letter domains take the format xx.yy. For example: co.uk co.il x3.hu x0.nl ...are all examples of two-letter domains. Internet Explorer treats such two-letter domains like top-level domains such as .com or .org. This has several implications: 1) IE rejects two-letter domains with wild-cards ( * ) Although you can add *.doubleclick.net into the Restricted sites zone, IE rejects *.x3.hu as invalid, just the same as it rejects *.com as invalid. Strangely, though, IE will accept x3.hu as valid. If you close and re-open the "Sites" box, though, you'll notice that IE has reformatted the entry to *.x3.hu, which it earlier rejected. Still worse, you cannot remove this entry (which IE accepted and reformatted) through the "Sites" box -- you'll have to remove it directly from the Registry. 2) You cannot remove two-letter domains with wild-cards through the Sites box If you do add a two-letter domain to a Security zone by use of a .REG file (such as IE-SPYAD) or via the work-around described just above, you cannot remove that entry through the "Sites" box. 3) IE will use two-letter domains, but won't apply wild-cards You can add *.x3.hu (through either of the methods described above) and IE will apply the appropriate Security zone settings, but not to sub-domains from that domain. Thus, *.x3.hu in the Restricted sites zone will restrict http://x3.hu/ but not http://www.x3.hu/. To restrict the latter sub-domain, IE needs a separate entry for www.x3.hu. Most two letter domains in the IE-SPYAD list are used with sub-domains (such as www.). These are: 2u.ru 4u.to co.il co.jp co.kr co.nz co.uk co.za fr.fm ne.jp ne.kr wz.cz There are four two-letter domains, however, which are known purveyors of crapware and which serve content from the domain alone (e.g., http://x3.hu) as well as from sub-domains (e.g., http://adserver.x3.hu). These are: 67.bz bb.ru x0.nl x3.hu The "IE xx.yy Special" section gathers these four special two-letter domains and all their sub-domains into one convenient section. All other two-letter domains (i.e., two-letter domains that are are always and only used in conjunction with sub-domains such as www.) are included in the regular "Main" and "Adult" sections. It is only the two-letter domains that serve content from "standalone" URLs such as x3.hu that require special attention. One other note about the format of two-domains within .REG files is in order here. Standard domains with wildcards use the following format in .REG files: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net] "*"=dword:00000004 To add sub-domains, we add a sub-key for the sub-domain, thus: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net\www] "*"=dword:00000004 Two-letter domains won't allow that, however. The format for a "standalone" two-letter domain is: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\x3.hu] "*"=dword:00000004 But a sub-domain does not require a special sub-key. Thus, we use: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adserver.x3.hu] "*"=dword:00000004 If you'd like to read more about Internet Explorer's peculiar behavior with respect to "two-letter" domains, see this Microsoft KB article: Q259493: Problems Adding Top-Level Domains to Zone Sites List http://support.microsoft.com/?kbid=259493 ----------------------------------------- Why is one of the AOL entries different? Why does it have a "http"=dword:00000004? ----------------------------------------- The AOL entry (free.aol.com) with the strange... "http"=dword:00000004 ...has a bit of a story behind it. If you haven't heard, some AOL products (including Netscape Communicator) will add the following entry to the Internet Explorer Trusted zone behind users' backs: http://free.aol.com I find this behavior obnoxious on AOL's part (basically they're making privacy and security decisions for users without asking their consent), so I specifically crafted an entry in IE-SPYAD to reverse that specific entry and throw http://free.aol.com into the Restricted zone. Again, if you look in your Registry, you'll see the difference between the normal entries: "*"=dword:00000004 ...and the http entry you spotted. And there actually is a functional difference at work here. The normal entries "*"=dword:00000004 ...will throw all URL's from the specified address/domain into the Restricted zone, not just ones that start http://. That's why I use it -- the * works as a "wild card" here. You can see the difference not only in the Registry, but also in the Internet Options Restricted Sites box. All the "normal" IE-SPYAD entries show up in the Sites box as: gserv.cnet.com ...or... *.doubleclick.net ...but that strange AOL entry shows up as: http://free.aol.com I've always wondered how many people actually bothered to pop open the IE-ADS.REG file and take a look through it. I hope you've found it interesting. ------------------------------------------ What is that Radlight section in IE-SPYAD? ------------------------------------------ At the bottom of IE-SPYAD's .REG files you'll find a section titled "Radlight Special." Radlight is a shareware, advertising-supported CD/DVD player. Back in April of 2002, the authors of Radlight added a new, disturbing function to the Radlight installation routine: the unannounced removal of AdAware (http://www.lavasoft.de/), the popular anti-spyware utility. The "Radlight Special" section was added to IE-SPYAD (and AGNIS, my other block list) in response to Radlight's actions. Once the Radlight authors added a clear notice and warning to the Radlight installation routine about AdAware, I disabled (by "commenting out") the "Radlight Special" entries. It remains in IE-SPYAD for those users who want to enable the entries. If you'd like to read more about the Radlight/AdAware controversy, see this page on my web site: http://www.staff.uiuc.edu/~ehowes/info8.htm#aaw-rad ================================================== Using IE-SPYAD w/ Other Privacy/Security Solutions ================================================== ---------------------------------------------- If I use a HOSTS file, why do I need IE-SPYAD? ---------------------------------------------- If you use a HOSTS file (such as the one at Stephen Martin's site -- http://www.smartin-designs.com/), the HOSTS file will block most ad servers before your browser ever manages to contact them, but there will be occasions when the Restricted sites zone comes in handy. Online marketers are always adding new servers to their stable of ad servers. The HOSTS file (which can be told only about individual servers -- e.g., www.doubleclick.com or ads.doubleclick.com) might not include some of these newer servers, in which case the Restricted sites zone (which can restrict whole domains -- e.g., every server at doubleclick.com) will pick them up. For example, the HOSTS file might know about the ad server adsel16.imgis.com, but if that online marketer starts using adsel66.imgis.com, HOSTS might not recognize it, letting it pass through to your browser. The Restricted sites zone, however, has been told to restrict everything from *.imgis.com (where * is a "wild card" character), and will prevent that ad server from putting a "cookie" on your hard drive once your browser does contact adsel66.imgis.com. In other words, the Restricted sites zone is a kind of insurance policy. Ad servers that pass through the HOSTS file just fine will be restricted by the Restricted sites zone. The one real advantage to using the HOSTS file is that it works at the networking level, blocking ALL outbound network traffic to specified servers, whereas IE's Restricted sites zone (obviously) works only for Internet Explorer. This aspect of the HOSTS file makes it especially useful for controlling Internet access for non-web browser applications like "adware" or "spyware." If you're wondering, I use BOTH, and I've never experienced any appreciable performance hit. ------------------------------- Does this file cover the entire HOSTS file from Stephen Martin? ------------------------------- No it doesn't. It covers roughly 88% of Stephen Martin's HOSTS file. Stephen Martin's HOSTS file includes many entries which point to specific servers on domains (e.g., ads.quicken.com, where there would presumably be a www.quicken.com that would be perfectly legitimate). I don't try to cover every single last server listed in the HOSTS file. Rather, I try to limit the IE-SPYAD list to ENTIRE domains for known advertising networks and use wildcards to block them (e.g., restrict everything from Doubleclick with *.doubleclick.com and *.doubleclick.net). I do make exceptions for some of the larger, more popular domains (ZDNet and Microsoft, for example), but as a general rule I feel that using a HOSTS file is a more efficient way to block specific servers. As I said above, the Internet Explorer Restricted sites zone and a HOSTS file complement one another nicely. The upshot of all of this is that while I rely heavily on Stephen Martin's HOSTS file, I don't just blindly port his HOSTS file into the Restricted sites zone. There is a heavy amount of editing and selection that goes on (that's why there's often a delay between the time he updates his HOSTS file and I update IE-SPYAD). Moreover, I do add many of my own entries to the IE-SPYAD list, so IE-SPYAD may include domains that are not covered in Stephen Martin's excellent HOSTS file. -------------------------------------------- If I use SpywareBlaster, do I need IE-SPYAD? -------------------------------------------- SpywareBlaster is an excellent, free program from JavaCool that you can use to protect your privacy and security while surfing the Web with Internet Explorer. It can be downloaded from: http://www.wilderssecurity.net/spywareblaster.html SpywareBlaster has two main functions: 1) SpywareBlaster can modify the Windows Registry to set the "kill bit" for certain ActiveX controls associated with known "spyware" programs and "homepage hijackers," preventing them from being installed via "drive-by-downloads" in Internet Explorer. 2) Starting with version 2.50, SpywareBlaster can add domains of known "nasty" web sites to Internet Explorer 6.0's "Per Site Privacy Actions" list in order to block all cookies from those domains. You can use both functions of SpywareBlaster in conjunction with IE-SPYAD, however, only the first adds any real protection above and beyond what IE-SPYAD already provides. The ActiveX "kill bit" is useful because it targets specific, known "spyware" programs. All of these programs are already targeted by IE-SPYAD, but IE-SPYAD targets the domains they are distributed from, not the specific ActiveX controls themselves. Thus, SpywareBlaster nicely complements IE-SPYAD's "Restricted sites" list, giving you an extra layer of protection. IE-SPYAD prevents any "spyware" from being automatically installed behind your back at certain web sites. SpywareBlaster prevents certain ActiveX controls from being installed, no matter where you encounter them. Each method has limitations, but in used conjunction with one another they provide a strong level of protection. SpywareBlaster's ability to block "spyware/tracking" cookies is less useful, if you're already using IE-SPYAD. Here's why: 1) IE-SPYAD already targets all the domains the SpywareBlaster adds to the "Per Site Privacy Actions" list. Once those domains are added by IE-SPYAD to the "Restricted sites" zone, cookies from those domains are already blocked. In fact, IE-SPYAD targets many more domains than SpywareBlaster (about 3700 at last count). 2) The "Restricted sites" list takes precedence over the "Per Site Privacy Actions" list. Not only are the domains added by Spyware- Blaster to the "Per Site" list redundant, but they're ignored by Internet Explorer as well, because they're already listed in the "Restricted sites" zone once you install IE-SPYAD. 3) Moreover, the "Per Site Privacy Actions" list only protects against cookies from those domains; IE-SPYAD, by adding those domains to the "Restricted sites" zone, protects against malicious ActiveX controls, JavaScript, Java applets, and other things in addition to blocking cookies from those domains. 4) The "Per Sites Privacy Actions" list only appears in Internet Explorer 6.0 and above. If you're using Internet Explorer 4.0, 5.0, or 5.5, the "Per Sites Privacy Actions" cookies list is not available (it is new to Internet Explorer 6.0). By contrast, IE-SPYAD provides protection against cookies in Internet Explorer 5.0, 5.5, and 6.0 (Internet Explorer 4.0's cookie controls are not tied to Security zones, however, so neither IE-SPYAD nor SpywareBlaster can help you with cookies with that version of Internet Explorer). There's no harm to using SpywareBlaster's cookie blocking function in conjunction with IE-SPYAD; there's just no unique benefit either. SpywareBlaster's protection against malicious ActiveX controls, however, is useful, and I highly recommend using it. In conclusion, SpywareBlaster is a excellent program. It's smartly designed, easy to use, and provides strong protection against certain kinds of auto-installing spyware. Moreover, it's a kind of "passive" defense like IE-SPYAD. To use SpywareBlaster, no program need be running in the background; like IE-SPYAD, it's simply a set of Registry tweaks to prevent Internet Explorer from ever installing certain ActiveX controls. SpywareBlaster and IE-SPYAD don't conflict, although they do overlap in some ways. Both IE-SPYAD and SpywareBlaster in a sense de-fang Internet Explorer, making it safer to use. IE-SPYAD targets problematic web sites and domains. SpywareBlaster targets specific ActiveX controls. SpywareBlaster doesn't make IE-SPYAD irrelevant; there are plenty of nasty sites covered in IE-SPYAD that SpywareBlaster doesn't address in any way. Nor does IE-SPYAD render SpywareBlaster unnecessary. Each has a role. In fact, I don't see any reason why you can't use both. ================================== Installing & Uninstalling IE-SPYAD ================================== ----------------------------------------------- Do I really need to uninstall previous versions of IE-SPYAD before installing a newer version? ----------------------------------------------- I often get questions about uninstalling previous versions of this ad server list for Internet Explorer (IE-ADS.REG). What follows is a short Q&A exchange on the subject. > How do I figure out whether I installed the old version or not? Check to see if you have a long list of sites and domains added to the Restricted sites zone. In IE: "View" or "Tools" >> "Security" >> "Restricted sites" >> "Sites..." If you DON'T see a really long list of domains and servers, then you probably don't have any version of IE-ADS.REG installed. You can safely install the new version without any further ado. If you DO see a long list of domains and servers, then you have SOME version of IE-ADS.REG installed. It will be hard to tell which one, though. Whatever version you have, at this point it is safest and easiest simply to uninstall whatever version is currently loaded. > If I did install it, how do I uninstall it without the > uninstall file that would have come with the install? IE-SPYAD does include the uninstaller (IE-ADS-UNINST.REG) from the previous version of IE-SPYAD -- look in the \OLD sub-dir of the directory to which you unpacked IE-SPYAD. (The IE-ADS-UNINST.REG in the main IE-SPYAD directory is the uninstaller for the current version.) If that uninstaller is not for the version of IE-SPYAD that you in fact previously installed (perhaps you missed an update or two), there are other options. At this point, let's just assume the worst case scenario: that you did install an older version and have since lost the package with the uninstaller. Try this: 1. Run the uninstaller from the *latest* version. That should whack about 99% (if not 100%) of the list from the previous version. 2. Check for any leftover entries (that you didn't add yourself) and delete them manually -- again, "View" or "Tools" >> "Security" >> "Restricted sites" >> "Sites..." 3. Install the latest version of IE-ADS.REG. > Do I risk causing myself some problems if I just go ahead and > install the new file and it turns out that I did in fact > install the old one and failed to uninstall it? No, that really shouldn't be a problem. When I "update" the Restricted sites .REG file, it's usually the case that I just add a handful of new domains and servers without making any changes to the ones that were already in the list. When you merge the newer .REG file into the Registry, the net effect should be that the newer entries are added and the older entries are left alone. The only reason that I advise users to uninstall older versions is to take care of the following situations: * If I remove domains or sites from the list (and this has happened) -- if you simply add the newer list without uninstalling the older one, the sites/domains that I removed won't be removed from your installation. * If I correct errors (spelling, etc.) or change the syntax of certain domains and their specific sub-servers to be blocked. In sum, I advise users to uninstall the older version in order to ensure that what's loaded in your Registry consists of the entries from the new version and only the new version. ------------------------------------------------ Isn't there an easier way to install IE-SPYAD for multiple users with different user profiles? ------------------------------------------------ Internet Explorer normally stores its zone information (including the Restricted zone sites list) in the HKEY_CURRENT_USER Registry hive. That means the Restricted zone sites list (which IE-SPYAD modifies) is particular and unique to each user. If you have multiple user profiles on each computer, you'll have to log in to every user account and install IE-SPYAD for each user (assuming you want IE-SPYAD on every user account). That installation process can grow to be a hassle, especially if you're accustomed to using "fast user switching" in Windows XP. There is a way, however, to make IE-SPYAD's settings global or system-wide (applicable to all users), but making those settings global involves editing IE-SPYAD's .REG files (both IE-ADS.REG and IE-ADS-UNINST.REG). This needs to be done BEFORE installing IE-SPYAD. Here's how to do it: 1. Open IE-ADS.REG in Notepad Right-click on IE-ADS.REG and select "Edit" from the context menu that pops up. 2. Do a Search & Replace Perform a search & replace. Search for this string: HKEY_CURRENT_USER ...and replace every instance of it with this string: HKEY_LOCAL_MACHINE 3. Save your changes and close Notepad. This search & replace changes all of IE-SPYAD's settings from user-specific settings to global, system-wide ones. You can now install IE-SPYAD as you normally would. Remember that to use IE-ADS-UNINST.REG to uninstall IE-SPYAD, you'll have to perform the same search & replace on IE-ADS-UNINST.REG before using that uninstaller file. One downside to using system-wide settings is that non-administrator users in Windows NT 4.0, Windows 2000, and Windows XP may not be able to see and edit the Restricted sites list in Internet Explorer. ------------------------------------ Why am I double-clicking a .REG file in order to *uninstall* IE-SPYAD? ------------------------------------ To uninstall IE-SPYAD's list of rogue web sites from the "Restricted sites" zone, you double-click the IE-ADS-UNINST.REG file, merging the contents into the Registry in just the same way as you merge IE-ADS.REG to install IE-SPYAD. If you're new to the Windows Registry and .REG files, this can seem counterintuitive. Here's what's happening: A standard entry within IE-ADS.REG looks like this: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\doubleclick.net] "*"=dword:00000004 That entry adds *.doubleclick.net to the "Restricted sites" zone. Within the Windows Registry, there is a key (named doubleclick.net) along with a value (4) that specifies what zone doubleclick.net should be added to. To remove the *.doubleclick.net entry from the "Restricted sites" zone, we need to remove the key (removing the key will also remove the value). To remove the key, we merge a .REG file with the following entry: [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\doubleclick.net] Note the - at the head of that entry. The - tells the Windows Registry Editor (REGEDIT.EXE) to remove the key from the Registry, not add it. Note also we don't need to specify the value, as we did when we added the key to the Registry -- removing the key removes the value associated with the key. The IE-ADS-UNINST.REG uninstaller file is built directly from the IE-ADS.REG installer file. IE-ADS-UNINST.REG merely removes the same keys that IE-ADS.REG added to the Registry. One final note: no harm results from attempting to remove a non-existent key. Thus, if we removed the doubleclick.net entry ourselves through the "Internet Options" box, the Registry would NOT be damaged at all if we then attempted to remove the same entry by using a .REG file uninstaller. If the key specified in the uninstaller .REG file is not in the Registry, REGEDIT.EXE merely ignores the entry. --------------------------------------- Is there a forum, bulletin board, or mailing list for questions on IE-SPYAD? ---------------------------------------- Nope. I'm just one guy with a web site, and I don't anticipate setting up any kind of forum, bulletin, or mailing list for IE-SPYAD. I do hang out in several online forums, though, and you can often find folks talking about IE-SPYAD (and other things related to privacy & security) in these places: DSLR Security Forum http://www.dslreports.com/forum/security,1 GRC Discussion Groups http://grc.com/discussions.htm Wilders Security Privacy Software Forum http://www.wilderssecurity.com/index.php?board=20 I periodically announce updates to IE-SPYAD and AGNIS (my other main block list) in the DSLR forum, the Wilders forum, and the GRC LatestVersions newsgroup (grc.news.latestversions). The IE-SPYAD Restricted zone list is regularly updated. You can download updated versions of IE-SPYAD from the same page where you downloaded your original copy of IE-SPYAD. http://www.staff.uiuc.edu/~ehowes/resource.htm That page lists the last time that IE-SPYAD was updated. I usually try to update IE-SPYAD at least once a month, though I may update more frequently if Stephen Martin updates his HOSTS file (http://www.smartin-designs.com/). ============================== Working w/ IE's Security Zones ============================== -------------------------------------- How can I identify good candidates for the Restricted sites zone myself? -------------------------------------- You can do a couple of things: 1) Keep up with a discussion group that specializes in privacy and security. You'll often hear about questionable or problematic sites and domains in a discussion group or online forum first. Better, you'll find discussions there between knowledgeable people in which such sites and domains are picked apart in order to understand and reveal how they do what they do. 2) Pay attention to the tech media. Marketers, advertisers, and other unwelcome outfits that ply their trade on the net are often desperate for press attention, and you can easily find writeups about new candidates for the Restricted zone in the wake of the media blitzes they launch to get their names in front of potential investors and customers. 3) Watch for new updates to Stephen Martin's HOSTS file (http://www.smartin-designs.com/). Even if you don't use a HOSTS file, Stephen Martin's updates are always a useful source for candidates for your Restricted zone. 4) Keep an eye on your firewall's logs. If you use a firewall like AtGuard or NIS, you can access a wealth of information about what your browser is doing simply by reviewing the program's logs. 5) Monitor your browser's behavior vigilantly. Your browser provides plenty of feedback about what it is doing. Learn to recognize when something new or unexpected is happening (esp. when you're visiting new sites). 6) Keep IE-SPYAD updated. IE-SPYAD's list is not static; it is updated every month or so. New sites are added to its list regularly, and these sites are discovered through the methods described above. ------------------------------------------------- What sites should I put in my Trusted sites zone? ------------------------------------------------- What sites you choose to put in your Trusted zone involve choices that only you can make. I can offer, however, a few criteria that I use when deciding to admit a site or domain to my Trusted sites zone: 1) The site/domain must have content which I consider extremely valuable or important. 2) That content must be accessible only with things like JavaScript, cookies, ActiveX, Java, etc. enabled (and which are permitted only in my Trusted zone). In other words, what I want from the site must require my Trusted zone in order for it to be accessed. 3) The site/domain must be well known and reputable. Generally speaking, small outfits/sites with which I'm not familiar or comfortable don't ever make it into my Trusted zone. 4) The site/domain musn't blitz me with cookies, obnoxious popups, Flash animations, etc. I can handle a cookie or two if the content I receive in exchange is quality and is presented in a usable manner. If the site wants to take liberties with every browser technology known to God and man, forget it. Examples: nytimes.com is in my Trusted zone so that I can read The New York Times free every day (fantastic deal, I think). The free registration and cookie required are a modest "price" to pay for daily access to one of the world's premier newspapers. msnbc.com, by contrast, is not my Trusted zone (and will never be), because I can get what (little) I want from that site without having to accept the scads of cookies, the popups, and who knows what all else that they want to load me up with. As I said, these are personal decisions based on your own unique judgments and assessments. ------------------------------------------ What else should I know about the Security zones and Internet Explorer? ------------------------------------------ You can use Internet Explorer's Security zones to protect your privacy in other ways as well. Here are some of the other things that I do with Security zones: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Set the Internet zone to a high security level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Internet zone is the zone to which web sites are assigned by default. If a site or domain hasn't been explicitly added to the "Trusted" or Restricted sites zone, it is assigned to the Internet zone. What I've done is set the security policies for this "default" zone highly "restricted" as well. The result: whenever I visit a web page for the first time, its behavior will be highly restricted until I assign it to the Trusted sites zone (where the settings are more lax and forgiving). In other words, I'm NEVER unpleasantly surprised by a new site -- it must earn my trust first before I allow it to do any fancy stuff (like use Java popups or place cookies on my hard drive). In effect, I'm enforcing a kind of "Opt In" policy for web sites: I must consciously opt to allow them to use such things as cookies or JavaScript whenever I visit their sites -- they don't get to use them by default. To set the Internet zone to a high level of security: 1. Open Internet Explorer's "Internet Options" Go to "Tools" (or "View") >> "Internet Options..." 2. Open the Security Settings for the Internet Zone Hit the "Security" tab. Select the Internet zone. Click the "Custom Level" button. 3. Set Most Options to "Disable" or "High Safety" Change every entry in the "Custom Level" settings box for "Internet" to "Disable" (or "High safety" if "Disable" is not an option for a particular entry). 4. Save Your Settings and Exit Internet Options Close the "Custom Level" settings box by clicking "OK." Close the "Internet Options" box by clicking "OK." Keep in mind, though, that by setting your Internet zone to a highly secure level you are putting restrictions on what the web sites you visit can do. Many web sites that you visit may not "work" correctly or display properly -- some functionality will likely be disabled. One thing you can do to "loosen" up the restrictions for sites that you do trust is add trusted web sites to the "Trusted sites" zone (and configure the security settings for the Trusted sites zone leniently). You can download a tool from Microsoft which will add menu items to your "Tool" or "View" menus, allowing you to quickly add sites to either your Trusted or Restricted sites zone. Grab the "Power Tweaks Web Accessories" (pwrtwks.exe) from: http://www.microsoft.com/Windows/IE/WebAccess/default.asp If you'd like more detailed instructions for configuring the Internet zone securely and using Internet Explorer's Trusted sites zone, see the following step-by-step guide on my web site: Internet Explorer Privacy & Security Settings http://www.staff.uiuc.edu/~ehowes/btw/ie/ie-opts.htm And for a utility that will automate the whole process of locking down Internet Explorer that I just described above, you may be interested in another utility available from my web site: Enough is Enough! http://www.staff.uiuc.edu/~ehowes/resource6.htm Enough is Enough! is a lockdown utility for Internet Explorer 5 and 6. When you install Enough is Enough!, it will: * Lock down your Internet and Restricted sites zones with restrictive settings for dangerous options like ActiveX, Java, scripting, and a few others. * Severely restrict the use of cookies (but not completely disable them for trusted web sites or for single session use). * Disable several Advanced settings, including Install on Demand and Third-party Browser Extensions. * Install Microsoft's IE PowerTweaks WebZone Accessory, putting two new options on your IE Tools menu, with corresponding buttons on your Toolbar: "Add to Trusted Zone" and "Add to Restricted Zone." Enough is Enough! is completely free, just like IE-SPYAD. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Make Outlook & Outlook Express to use the Restricted sites zone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yes, Microsoft's two email programs both use Internet Explorer's security zones to process HTML email. HTML email (as opposed to plain text email) is often employed by direct marketers, because it allows them to use ActiveX, Java, scripting, and cookies in their email direct marketing campaigns. HTML email also opens your email client to the SAME security holes that afflict Internet Explorer. Unfortunately, there is no way to turn HTML email "off" in Outlook or Outlook Express. The best you can do is put HTML email in the Restircted sites zone. If you look in the Options for each program (on the menu bar), you'll find that you can set each program to use the Restricted sites zone to read HTML email, making your email experience a whole lot safer. In Outlook Express: 1. Go to Tools >> Options... to open the OE Options box. 2. Click to bring up the Security tab to the fore. 3. Select the Restricted sites zone. 4. Click "Apply," then "OK" to save your changes. In Outlook: 1. Go to Tools >> Options... to open the OE Options box. 2. Click to bring up the Security tab to the fore. 3. Select the Restricted sites zone. 4. Click "Apply," then "OK" to save your changes. Make sure that you set BOTH programs to use the Restricted sites zone. In fact, I would highly recommend that you tell Outlook Express and Outlook to use the Restricted sites zone -- doing so just might prevent you from picking up a nasty virus or worm some day. In the latest version of Outlook Express, you can actually turn off HTML rendering for HTML email that you receive. With HTML email rendering turned off, Outlook Express 6.0 w/ SP1 (which is installed by Internet Explorer 6.0 w/ SP1) will convert HTML email that you receive to plain text, making email much safer (and less annoying). To turn off HTML rendering in Outlook Express: 1. Open Tools >> Options..., and switch to the Read tab of the Options box. 2. Under "Reading Messages," check the box titled "Read all messages in plain text." 3. Click "Apply," then "OK" to save your changes. Note that this process turns off HTML for email that you receive, not email that you send. The "HTML Settings" and "Plain Text Settings" that you see on the Send tab in the Outlook Express Options box have no effect on how Outlook Express displays HTML email that you receive from other people. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Clean out "cookies" regularly ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cookies" are small data "tags" that web sites leave on your hard drive to identify you and that can be used to compromise your privacy online. Advertisers and marketers are notorious for using "cookies" to track and monitor your behavior from site to site on the web. Nice, huh? Now that you've put all those ad/spy servers in the Restricted sites zone (which prevents them from placing "cookies" on your hard drive), why not clear out the "cookies" they may have already put there earlier? To clear out "cookies" in Internet Explorer (Netscape keeps its "cookies" in an entirely different location)... * Go into "View" or "Tools" >> "Internet Options" and clear out your "Temporary Internet Files" (hit the "Delete Files" button). * On the same tabbed page in "Internet Options," hit the "Settings..." button, then the "View Files" button. What you should see are a bunch of files named "Cookie:.." Go ahead and delete them. If you see a "cookie" that appears to come from a web site where you've signed up for special access or privileges, keep that cookie. All the rest can go, though. * Keep clicking "OK" until you're back at the main Internet Explorer window. Now that you've cleaned out those "cookies" and added that long list of advertisers to the Restricted sites zone, you shouldn't be acquiring nearly as many "cookies" as before. I'd still check back, though, and clean out any "cookies" that you don't absolutely need. -------------------------------------- Where can I get more information about Internet Explorer Security zones? -------------------------------------- First, in Internet Explorer, go to "Help" >> "Contents and Index." Then, for more information on Internet Explorer's Security zone settings, see the Microsoft KB article: Description of Internet Explorer Security Zones Registry Entries (Q182569) http://support.microsoft.com/default.aspx?scid=kb;EN-US;q182569 Note that the above KB article discusses Security zone settings that are included IE 5 and and earlier. It does not discuss IE 6 specific settings (though IE 6 has many of the same settings). Moreover, the cookie options it describes are for IE 5 only. You also ought to have a look at this series of articles from Windows IT Security: "Internet Explorer Security Options" Part I: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20468 Part II: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20622 Part III: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20700 Part IV: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21026 Part V: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21199 Part VI: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21282 You can find links to still more information about web browser security on this page: http://www.staff.uiuc.edu/~ehowes/info3.htm This page will point you to resources which discuss the problems with ActiveX, Java, and scripting: http://www.staff.uiuc.edu/~ehowes/info10c.htm You can find one other take on secure settings for Internet Explorer here: http://www.markusjansson.net/eienbid.html If you'd like more detailed instructions for configuring the Internet zone securely and using Internet Explorer's Trusted sites zone, see the following step-by-step guide on my web site: Internet Explorer Privacy & Security Settings http://www.staff.uiuc.edu/~ehowes/btw/ie/ie-opts.htm And for information about Internet Explorer 6.0's new Privacy settings, which configure cookies in the Internet zone, see the links on this page: http://www.staff.uiuc.edu/~ehowes/info2.htm Finally, you can find my utilities for Internet Explorer 6.0 on this page: http://www.staff.uiuc.edu/~ehowes/resource5.htm ==================== Problems & Questions ==================== I hope you find the IE-ADS.REG helpful in your use of Internet Explorer. If you run into serious problems with the IE-ADS.REG, and you have made every attempt to address the problem but remain stumped, I can be reached at: eburger68@myrealbox.com Please keep in mind that my busy schedule may not allow me to respond immediately. I will attempt to get back to you, though, and address your questions. Other helpful resources for getting answers to questions about protecting you privacy in Internet Explorer include the GRC Privacy & Security news groups, which are generously hosted by Steve Gibson of Gibson Research (GRC): http://grc.com/discussions.htm ...and the DSLR Security forum: http://www.dslreports.com/forum/security,1 I've found the folks who hang out in these groups to be helpful, knowledgeable, passionate, and more than wise to the wiles of the marketing droids which infest the Net. Finally, you might also check out my web site at The University of Illinois at Urbana-Champaign, a site which contains a bevy of links to information and software relevant to Privacy & Security on the Internet: http://www.staff.uiuc.edu/~ehowes/ ========================== Credits & Acknowledgements ========================== The list of servers in this IE-ADS.REG file is based on the HOSTS file compiled by Stephen Martin. You can find updated versions of Stephen Martin's HOSTS file (as well as more information about blocking advertisers and marketers) at Stephen Martin's homepage on the WWW: http://www.smartin-designs.com/ This Restricted sites list is also based on info from: * the latest databases for SpyBot Search & Destroy (http://security.kolla.de/); * discussions in the SpywareInfo Forums (http://www.spywareinfo.com/yabbse/); I wish I could claim credit for the idea of adding a list of known advertisers, marketers, and spyware pushers to Internet Explorer's Restricted sites zone, but I can't. I first saw the idea on the "Unofficial ShieldsUp! Forum FAQ" page here: http://grc.com/cb-faq.htm#privacy-clean It seemed an ingenious, straightforwrd, and obvious solution to any number of privacy and security problems with Internet Explorer. But the NASTIES.REG file was never updated beyond the initial version offered on that web page, so far as I know. That was two years ago. Almost from the start I began adding my own entries to NASTIES.REG. I first posted my version of IE-ADS.REG on my web site in November of 2000 along with my AGNIS block list for AtGuard and NIS. Both were heavily based on Stephen Martin's HOSTS file (see above). My web site has undergone dramatic expansion since those early days. Judging by the email I get, though, IE-SPYAD is still by far the most popular thing on my web site. ------------------------------------------------ Date: 11/23/00, 11/11/01, 3/26/02, 4/13/02 5/28/02, 7/13/02, 7/29/02, 10/1/02, 10/26/02, 11/28/02, 12/22/02, 12/28/02 3/1/03, 3/13/03, 3/16/03, 3/25/03, 3/29/03 From: http://www.staff.uiuc.edu/~ehowes/ Made By: Eric L. Howes (eburger68@myrealbox.com) ------------------------------------------------ IE-SPYAD and this ReadMe are Copyright (c) 2000-2003 Eric L. Howes IE-SPYAD can be downloaded from: http://www.staff.uiuc.edu/~ehowes/resource.htm If you distribute IE-SPYAD, please include all the files. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Some files distributed with this package may not be covered by the GNU GPL. Those files remain the property of their original owners and are covered by the licenses under which they were originally distributed. All trademarks are the property of their respective owners. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.