How to block adware installers

[Andavari]

Block Adware Installers

 

 

About:

How to block adware installers from launching from setup programs.

 

Tip:

Right click the images and open in New Tab to enlarge them.

 

Instructions:

1. You'll need to change some Folder Options to:

· Enable: Show hidden files and folders

· Disable: Hide protected operating system files (Recommended)

Remember to undo the Folder Options after you've completed all of the other steps.

 

 

2. Open Administrative Tools, Local Security Policy.

Or click Start, Run, and type in: secpol.msc /s

A. In Local Security Policy expand Software Restriction Policies to reveal Additional Rules.

B. Right click Additional Rules and select New Hash Rule.

 

 

3. In New Hash Rule click the Browse button, and select the file you want to block, and then click Open.

 

 

4. Now Windows will calculate the file hash, and file information.

A: Important: After Windows displays the information type in a description.

B: After typing in a description click Apply, and then click OK.

 

 

5. Now the New Hash Rule will appear on the right side in the window.

 

 

Notes:

* When an adware installer is updated it won't be blocked, you'll have to create a New Hash Rule for the newly updated installer.

* Even if an adware installer is updated don't remove your old New Hash Rule, since you may run a setup program that includes an old version of an adware installer.

 

_____________________________

 

If you want a PDF version of this information the download is available here (for registered forum members only):

 

[nodles]

Thanks, will try.

[hazelnut]

Local security policy is only available in xp pro version not in home version

[Super Fast]

Just wondering how effective this is, since you have to create a new hash rule every time an adware installer is updated.

 

If you have 50,000 + setups to go through (could be much more) ranging from 1995 to 2012... This could be quite taxing to do every time!

 

I don't intend to keep all of them. Could be as high as 100,000 or more. It's at least 800 GB files on my external drive. Maybe more. I have periodically deleted older things as newer & better things have taken over, but I still have a ways to go. I even found a few worthless Norton Antivirus files I had from back in 2002/2003/2004 back before they had worthwhile alternatives & Norton wasn't so bloated. Those are deleted now.... What good would they be in 2012?

 

My! Times change!

 

* Shudders to think of having to create a hash rule for all of my files....

[Andavari]

The hash is only effective for the installer you created it to block.

 

It would come in handy if for instance like in the screenshots if there's a version of Ask Toolbar that's floating about to block it. I only tried it for the hay of it and it worked to block Ask Toolbar - all without having to resort to the old trick of disconnecting from the Internet.

 

* Shudders to think of having to create a hash rule for all of my files....

 

I wish there was a way to just right click upon the files to block them. If only Microsoft would enable such a feature, but I guess that's what UAC is for in newer versions of Windows.

[Super Fast]

I wish there was a way to just right click upon the files to block them. If only Microsoft would enable such a feature, but I guess that's what UAC is for in newer versions of Windows.

 

Sort of... I mean, it works I guess, to block some automated drive by internet explorer auto download & install programs (if you have active-x enabled), but so far as blocking much other malware? If you have a program that you want to install & it has malware/toolbars bundled with the installer, then if you grant permission for the program you wish to install to install itself, the malware/toolbars that are bundled WITH the program your installing ALSO get admin rights & happily install themselves as well.

 

Maybe we need some sort of lock down on critical system areas that cannot be changed without a password. Example: Include Windows option to lock down the Internet Explorer settings (once you have them like you want them) as well as the hosts file, Windows directory, startup, Internet Explorer BHO/toolbars, etc. with a password so that nothing can access or change those areas WITHOUT your password.

 

This would block malware that tries to install, even if it DID manage to get full admin rights, & thwart it's evil purposes! Over time, malware writers would lose incentive to write malware ($$$) since their programs could never infect user PC's & they would devote time & attention to elsewhere.

[Winapp2.ini]

Community objective: Create the priiform list of adware hashes!

[Andavari]

Community objective: Create the priiform list of adware hashes!

 

Where's my $100 Million starting bonus.

[Winapp2.ini]

Where's my $100 Million starting bonus.

 

Check's in the mail.

[hazelnut]

This is where a HIPS software can come in useful (Host Intrusion Protection Software)

 

When I install any software, Online Armor firewall with built in HIPS, I am asked if I wish to allow the software install to call home if it asks, and also any components of the install are queried and have to be agreed to.

[Andavari]

True HIPS in a firewall can do that, but what I was getting at is stuff can be blocked natively in Windows, albeit in a time consuming way.