Jump to content

Domain blocklist, revised.

BoardBabe
 Share

Recommended Posts


gunsmokingman

gunsmokingman

Posted
Posted

Nice work I use sort of the same thing but I add a extra zone to my Internet Explorer Security Tab,

this has a bunch of block addresses in it. All The Block sites apply to all users on this computer.

InterNetZone.PNG

InterNetZoneSites.PNG

share with us also your list!!!!! :P

These Reg files I use get applied during the install.

There are 5, I use for my install, I will redo them

to get only the internet stuff.

This is my Cmdline.txt

[COMMANDS]

"REGEDIT /S MediaPlayer-HK_U_D.reg"

"REGEDIT /S wmp10.reg"

"REGEDIT /S 000.reg"

"REGEDIT /S 020.reg"

"REGEDIT /S 040.reg"

"REGEDIT /S 060.reg"

"REGEDIT /S 080.reg"

"UserAcount.cmd"

"UaPrestart.cmd"

"RunOnceEx.cmd"

Here are the reg files

If you want to see what my UaPrestart.cmd does

UaPrestart 1

UaPrestart 2

UaPrestart 3

Gsm_UaRegTweaks.rar

Link to comment
Share on other sites
Dumpy Dooby

Dumpy Dooby

Posted
Posted
I still prefer to stick to hosts files. It's easier to disable them with a simple batch file.

This can be enabled/disabled with a batch file just as easily. Just make a batch that deletes the registry key that the block list populates. For an enable batch just have it import BoardBabes .reg file.

That doesn't negate the fact that this ONLY works with IE. So if you get spyware, it will still be able to "call home."

[rant]

People are under the false impression that Firefox and Opera block spyware, while Internet Explorer is a plethora of malware. The fact is, they are all simply browsers. Anti-spyware software is very necessary for ALL browsers. Basically, this reg tweak is like getting anti-spyware software that only protects IE.

Don't get me wrong, it's great to see people providing things to the community. But quite frankly, this particular tweak is useless, IMHO.

[/rant]

But to be fair, that is a very impressive list of URLs and I did incorporate them into my hosts file. So thanks BoardBabe.

And on a side note:

To prevent the slow-down caused by large hosts files, disable the DNS Client service.

For a simple HOSTS file solution, use this program: http://www.timdorr.com/syko86/ycsoft/hostssecure.htm

It grabs the most updated hosts file from MVPS. It's not necessary to have this program start up with your computer, so choose no when the installer asks you.

Link to comment
Share on other sites
RogueSpear

RogueSpear

Posted
Posted

I assume you are aware of the ramifications of disabling DNS? If so then you may wish to point what they are so that someone who doesn't have that knowledge won't cripple their system and then come here complaining "my internet connection is broken."

Link to comment
Share on other sites
BoardBabe

BoardBabe

Posted
  • Author
Posted

That is not entirely true Dumpy Dooby:

For people running Microsoft Internet Explorer this list will provide great security improvement. But it is not correct as you say that this list only limits to secure you while browsing in IE. Actually a lot of spyware nevertheless adware are often hidden in media files retrieved from P2P apps, often causing either exploits in Windows Media Player, Windows Pictue and Fax viewer (recently fixed by MS) etc. to be allowed to run. The way these files often work is that they will retrieve URLs when ran and infect your computer, either through the Windows Media Player "broweser" or IE, if you implement my list, you will be protected against this to a certain extend. Meaning also installed spyware on your computer could be blocked as long as you are using IE.

However for users that use firefox, opera or others browser this list will only protect WMP, and not be nearly as usefull as for IE users.

Link to comment
Share on other sites
Dumpy Dooby

Dumpy Dooby

Posted
Posted
That is not entirely true Dumpy Dooby:

For people running Microsoft Internet Explorer this list will provide great security improvement. But it is not correct as you say that this list only limits to secure you while browsing in IE. Actually a lot of spyware nevertheless adware are often hidden in media files retrieved from P2P apps, often causing either exploits in Windows Media Player, Windows Pictue and Fax viewer (recently fixed by MS) etc. to be allowed to run. The way these files often work is that they will retrieve URLs when ran and infect your computer, either through the Windows Media Player "broweser" or IE, if you implement my list, you will be protected against this to a certain extend. Meaning also installed spyware on your computer could be blocked as long as you are using IE.

However for users that use firefox, opera or others browser this list will only protect WMP, and not be nearly as usefull as for IE users.

As far as I'm concerned, if people are using P2P applications, and they don't have a better solution for malware than a list of blacklisted URLs, then they deserve what they get. A lot of the malware developers have grown wise to the technique of blacklisting URLs and they've now started instructing the program to access an IP (instead of a domain). Theoretically, your list could almost double in size if every company starts using IPs (and obviously this same issue applies to the HOSTS file method as well). :-\

@RogueSpear

As for disabling the DNS Client, it will be turned on automatically by Windows if it is needed to access the internet (even if you do set it to manual -- the reason is because its dependencies are, by default, set to automatic). If that happens, then connections will be sluggish when using the HOSTS file method.

But anyway, you say tomato, I say potato. :P

Link to comment
Share on other sites
RogueSpear

RogueSpear

Posted
Posted (edited)
And on a side note:

To prevent the slow-down caused by large hosts files, disable the DNS Client service.

@RogueSpear

As for disabling the DNS Client, it will be turned on automatically by Windows if it is needed to access the internet (even if you do set it to manual -- the reason is because its dependencies are, by default, set to automatic). If that happens, then connections will be sluggish when using the HOSTS file method.

Note that I added the bold tags. Disable and manual are two very different settings for a service. I suppose what I'm getting at here is using a hosts file that is heavily populated generally has one purpose: ad blocking / malicious domain blocking when web browsing. What do you need to web browse? DNS. By the way, I think something similar to BoardBabe's block list is being used with IE7 for it's phishing filter system. It does have some heuristic capabilities, but it also relies on a blacklist of known phishing sites.

Edited by RogueSpear
Link to comment
Share on other sites
Dumpy Dooby

Dumpy Dooby

Posted
Posted (edited)
And on a side note:

To prevent the slow-down caused by large hosts files, disable the DNS Client service.

@RogueSpear

As for disabling the DNS Client, it will be turned on automatically by Windows if it is needed to access the internet (even if you do set it to manual -- the reason is because its dependencies are, by default, set to automatic). If that happens, then connections will be sluggish when using the HOSTS file method.

Note that I added the bold tags. Disable and manual are two very different settings for a service. I suppose what I'm getting at here is using a hosts file that is heavily populated generally has one purpose: ad blocking / malicious domain blocking when web browsing. What do you need to web browse? DNS. By the way, I think something similar to BoardBabe's block list is being used with IE7 for it's phishing filter system. It does have some heuristic capabilities, but it also relies on a blacklist of known phishing sites.

My bad. Yeah, set it to manual, don't disable it (although, I do keep mine disabled). DNS client is generally not required to browse the internet. Mine is disabled right now ... and I'm posting here just fine. ;)

I'm not against blacklisting. I just think there's a much better and superior solution than IE's security settings. When I come accross a machine that re-enables the DNS Client, I use BoardBabe's method, but that's only happened once on some client's Compaq that uses dial-up to connect to the internet.

[offtopic] To go further into the DNS Client issue, it's generally only needed in sporatic situations (from experience, anyway). Most of the time, the DNS issues are taken care of by the DHCP Client (hence, "Obtain DNS server address automatically" in network configurations). You can also take note of the DHCP Client description in services.mst, "Manages network configuration by registering and updating IP addresses and DNS names."

Here's a note from Microsoft, "The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers." And there's plenty of tech sites that regard the DNS Client (or sometimes named "Dnscache") as useless.

Edited by Dumpy Dooby
Link to comment
Share on other sites
RogueSpear

RogueSpear

Posted
Posted
"The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers." And there's plenty of tech sites that regard the DNS Client (or sometimes named "Dnscache") as useless.

I wouldn't suggest trying this out on an active directory network btw. With the amount of DNS going on in that type of environment, you'd be likely to slow things down to a crawl in a way that would resemble a denial of service attack.

Link to comment
Share on other sites
Dumpy Dooby

Dumpy Dooby

Posted
Posted (edited)
Cool, these seem to work very nice for IE, but does nothing for Firefox... is there a way this can be ported over to be used with both browsers?

~Dave

Read some of my posts. :)

And if you want to integrate that program onto your XP disc, you can use the RVM Integrator, and integrate this pack I made. If you just want to install it right now, just use this file. ;)

I wouldn't suggest trying this out on an active directory network btw. With the amount of DNS going on in that type of environment, you'd be likely to slow things down to a crawl in a way that would resemble a denial of service attack.

Well, in an active directory network, the machines are likely to be using static IPs (which negates DNS all together), right?

If, however, they are all dynamic, wouldn't it make more sense to NOT cache the DNS information on account of the target machine being assigned a new IP by the DHCP server (thus, slowing the connection by waiting for a timeout before searching the DNS information again)?

I'm not familar with active directory networks ... so this is an honest question. I could be completely wrong here. :)

Edited by Dumpy Dooby
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...