Jump to content

Domain blocklist, revised.


Recommended Posts


Hi,

I'd like to know the pros and cons of such a 'Domains block list' vs an IP blocker like Peer Guardian.

This has been debated to a nauseating degree already. It's comparing apples and oranges. Use both if you like.

HAHAHAHAHAHAHAHA :lol:

RogueSpear, no hard feelings man. I still love you. :wub:

Link to comment
Share on other sites

why would I use both if I don't see any advantage to do so?

And how can I see advantage(s) to do so if I don't know the pros & cons of both method?

I fully understand the purpose of the apples and oranges metaphor, especially about a nauseating debate,

but I'm sorry I can't squeeze all the juice out of it for the above mentionned pros & cons knowledge.

A search on the whole forum with relevant combinations of the words 'host', 'ip' and 'block' did not lead to any significant amount of information, not to talk about a nauseating degree.

So far, the only approaching POST, not even thread, is Dumpy Dooby's earlier in this thread, which would be in favor of apples only.

But later in the thread, (s)he show-up as being also orangearian.

The whole thing without so much synthetic explanation.

But I may also have missed it. In that case, please provide a link to the nauseating debate.

As a PeerGuardian user, I know some advantage of IP blocking.

From this thread, I understood that I could achieve the same goal (blocking bad guys to be nasty to me) by another way, namely hostname blocking.

But only in IE and other windows progs such as WMP.

Oppositely, people going for hostname blocking may have dismiss IP blocking for very good reasons that I am actually missing.

Now, I understand that when in doubt, two condoms are better than only one (everybody has its own images).

But questions remain:

-do the hostnames of this file and the IPs of PG2 match and block the same bad guys?

Or, in other words, how much the blocking range of those lists are overlaping?

-what is the comparative load on the computer and on the traffic speed of both systems?

-in what situation(s) may I NOT be protected by ONE of the methods?

-...

Edited by Djé
Link to comment
Share on other sites

But questions remain:

-do the hostnames of this file and the IPs of PG2 match and block the same bad guys?

Or, in other words, how much the blocking range of those lists are overlaping?

-what is the comparative load on the computer and on the traffic speed of both systems?

-in what situation(s) may I NOT be protected by ONE of the methods?

-...

-No, not always.

-PG2 will probably run slightly more sluggish in a large network environment.

-PG2 seems to be more focused on protecting kids that do naughty things. It's not geared as much toward ad/spy/mal-ware blocking as much as it is geared toward preventing kids from getting caught downloading illegal warez/movies/music etc.

-¿¿¿

This is more-so apples and oranges than mine and RogueSpear's earlier debate. The method discussed in this thread is ONLY for Internet Explorer and programs that use the IE core. It will use less resources than PG2, but not a noticable amount. However, the goals of PG2 and the blacklist in this thread are two completely different things.

So if you're likely to be downloading illegal files, then use both methods. Otherwise, just one of the blacklist methods discussed in this thread.

Edited by Dumpy Dooby
Link to comment
Share on other sites

Thanks for your synthetic answer.

I'd understand the fruits thing a bit better if I'd use it (only) for p2p download, but still,

according to this PG2 configuration screen it can block Ad/spyware lists together with big brothers' lists.

Yet for the ads, they advise to use adblock for Firefox !

And, even for spyware, as you said, it is maybe not the best way.

But I'll wait for proper documentation on that issue before making up my mind.

Anyway, the comparison I had in mine was not specifically meant with PG2 but with th IP blocking method (as opposed to the hostname method).

Btw, one of the great advantage of using a filter prog is the automatic updates of the lists.

Also, I got more confused by reading your post earlier in the thread.

How is the HOSTS file used by the prog you're linking to, related to this thread's method?

Isn't it yet a 3rd method, hostnames based but applying to all trafic, not only IE based?

So do we also have bananas in the fruits basket?

Link to comment
Share on other sites

This method is way better than using the HOSTS file in my opinion. It puts the relevant domains into the restricted zone. You will still have limited access to these sites but will not be able to download any files from them (Nor will they be able to force any downloads on you). This is most handy with malware sites, such as Winfixer (Which as I said before, has an exploit that is rather difficult to get rid of). The HOSTS file is a different kettle of fish altogether, in that it blocks a domain altogether (Or rather, sends your computer to 127.0.0.1 to look for the domain, which of course won't be there).

Just my two pence worth!!!

Link to comment
Share on other sites

This method is way better than using the HOSTS file in my opinion. It puts the relevant domains into the restricted zone. You will still have limited access to these sites but will not be able to download any files from them (Nor will they be able to force any downloads on you). This is most handy with malware sites, such as Winfixer (Which as I said before, has an exploit that is rather difficult to get rid of). The HOSTS file is a different kettle of fish altogether, in that it blocks a domain altogether (Or rather, sends your computer to 127.0.0.1 to look for the domain, which of course won't be there).

While I'm certainly not a fan of using a hosts file, it does have it's place. First of all, the block list contained here only works with IE and anything that would rely on IE (OE and Outlook most notably). Some people will say it's "useless" since they use Firefox. Well here's a newsflash - in many corporate environments Firefox is not an option. It's virtually unmanageable. Internet Explorer is quite easy to tighten up in an Active Directory environment, making it every bit as secure as Firefox. In fact I would argue that you can make it more secure in that type of setting. Using Group Policy, an admin can let loose with all of his/her Napoleon-like instincts.

Back to to the comparison - a hosts file will block communications to a particular domain for everything, not just the web browser. The problem, as was debated previously, is the performance penalty associated with using a large hosts file. IMHO the sheer management of such a file is another issue. I'm much more inclined to use a small proxy, like the free eDexter, which uses wildcards to achieve this result. And with a little bit of scripting and some creativity, it's not too bad to deploy either.

So for those people who use Internet Explorer (or Maxthon for that matter) and need a quick and dirty solution, this gives them some pretty decent initial protection. Now if you do decide to go forward and use this block list, then you should take a peek at the settings in Internet Explorer's Restricted Sites security zone. The default settings, while not atrocious, are not optimal either. They can be set to be even more restrictive.

Link to comment
Share on other sites

Perhaps a seperate .reg file. I have a feeling there might be a few people that would take exception to a blocklist that also changes their browser configuration. But, yea that might be a pretty good idea :thumbup

Link to comment
Share on other sites

There could. Show me some working examples and I just might add it ;)

Requires some work, but if a progam or script could locate a date code in the registry, it could then look for a file ending with a date code later than itself to consider it an upgrade. One such example would be to append a reverse date to the filename (Eg. Domain_Blocklist_060305.reg if it was made 5th March 2006). You could put a date into the registry almost anywhere.

I have no experience with AutoIt, but in a Visual Basic Scenario, it's just a case of a couple of API calls. A simple For/Next loop would check for every date from the date in the registry upto the current date and see if a file existed on the server. If it did, it would be downloaded and executed. You could have the updater run scheduled or at startup.

Voila!! An automatically updating security tool!

Link to comment
Share on other sites

Thanks for your synthetic answer.

I'd understand the fruits thing a bit better if I'd use it (only) for p2p download, but still,

according to this PG2 configuration screen it can block Ad/spyware lists together with big brothers' lists.

Yet for the ads, they advise to use adblock for Firefox !

And, even for spyware, as you said, it is maybe not the best way.

But I'll wait for proper documentation on that issue before making up my mind.

Anyway, the comparison I had in mine was not specifically meant with PG2 but with th IP blocking method (as opposed to the hostname method).

Btw, one of the great advantage of using a filter prog is the automatic updates of the lists.

Also, I got more confused by reading your post earlier in the thread.

How is the HOSTS file used by the prog you're linking to, related to this thread's method?

Isn't it yet a 3rd method, hostnames based but applying to all trafic, not only IE based?

So do we also have bananas in the fruits basket?

No, it's still an orange. HOSTS file method is the same as PG2. It's just a different way of going about it.

And don't take RogueSpear's advice lightly. He knows what he's talking about, and his above posts should answer the rest of your questions.

@BoardBabe, it might interest you to look into the program I posted earlier (the one that automatically updates one's hosts file). While it doesn't accomplish what you're going for, it does have a larger list of blocked sites ... some of which you might be interested in adopting for your list. :)

There could. Show me some working examples and I just might add it ;)

Requires some work, but if a progam or script could locate a date code in the registry, it could then look for a file ending with a date code later than itself to consider it an upgrade. One such example would be to append a reverse date to the filename (Eg. Domain_Blocklist_060305.reg if it was made 5th March 2006). You could put a date into the registry almost anywhere.

I have no experience with AutoIt, but in a Visual Basic Scenario, it's just a case of a couple of API calls. A simple For/Next loop would check for every date from the date in the registry upto the current date and see if a file existed on the server. If it did, it would be downloaded and executed. You could have the updater run scheduled or at startup.

Voila!! An automatically updating security tool!

Heck, I could make a batch script that could do this.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...