SpywareBlaster was developed by Javacool Software in 2002 to prevent spyware installation in Internet Explorer, Mozilla Firefox, Netscape, Seamonkey and Flock browsers.
SpywareBlaster is a prevention program, unlike most anti-spyware programs which utilize a “removal” approach after your system is already infected. SpywareBlaster effectively prevents ActiveX-based spyware, dialers, browser-hijackers and other malware or potentially unwanted programs from ever installing on your system in the first place.
One protection feature of SpywareBlaster include Restricted Sites Protection, which restrict the attempts of sites using Internet Explorer to download/install spyware, adware, dialers, browser hijackers, or potentially unwanted software.
Custom Blocking
Among the tools included in the recent version of SpywareBlaster [v4.00 1.25 MB (1,320,464 bytes)] is Custom Blocking. This is a created list of ActiveX Controls that blocks changes in the browser such as ActiveX CLSID that add search engine toolbars, browser plug-ins, etc.
I have created a customblocking.txt based on an ongoing Spyware Analyses using various antispyware software. Most of these are classified as Threats by most antivirus/antispyware software, while SpywareBlaster does not have it yet in their database. The list contains ActiveX CLSIDs usually installed in the registry branch:
HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility
The total count of ActiveX in this list is 24,529 items consisting of:
Malwares addressed by customblocking.txt for SpywareBlaster
The most prevalent ActiveX in the list are:
Malwares by ActiveX CLSID
Deployment
To install the customblocking.txt list, download a copy to the SpyBlaster directory. Open SpyBlaster then select Tools, choose Custom Blocking.
Each of the ActiveX CLSIDs would have to be carefully enabled by making a checkmark on some or all of them. Click on the ‘Protect Against Checked Items’ button to complete this procedure. All ActiveX CLSID not selected would remain in bold red letters, while those with enabled protection would be in normal black fonts.
Here’s a preview of the contents of this customblock.txt:
Epilogue
After I have enabled this custom block, I have strengthened my computer from these threats and subsequent attacks.
Notes:
This post was revised 25 March 2009 by changing the link to customblock.txt, now hosted at Scribd. Also, included a Scribd preview on the contents of the customblock.txt.
Disclaimer: The posts on this site does not necessarily represent any organization’s positions, strategies or opinions; and unless otherwise expressly stated, are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Philippines License.
