Thunderbolt 2864 Posted June 4, 2007 Share Posted June 4, 2007 I'm pretty sure most of you have seen this stupid annoying popup when you visit various sites... instead of opening a new window it just takes over your current internet session and leads you to their website which is really annoying. Is there a way for you to disable this s***ty popup which always leads me to their crappy website?Sorry for swearing, I'm fed up with this System Doctor 2006 bogus crap which always closes my current internet session and leads me to their website... bloody annoying.And don't ever install it on your computer... its just a scam and it actually does more harm than good once installed on your computer. Of course I never trust third party software especially if there is a popup asking me to install a "security" program or whatever. Link to comment Share on other sites More sharing options...
[deXter] Posted June 4, 2007 Share Posted June 4, 2007 (edited) Just use an Ad blocker? I recommend Ad Muncher. It's not free, but it's the *best* ad blocker there ever is.The other option is to use a HOSTS file (I recommend MVPS), along with eDexter or nohttpd. Don't forget to disable the DNS client service otherwise a large hosts file may slow down your net! Edited June 6, 2007 by Tarun Links that generate personal revenue are not permitted. Link to comment Share on other sites More sharing options...
Woomera Posted June 4, 2007 Share Posted June 4, 2007 There are so many softwares with AD blocking ability.Opera- this pro browser(my fav) have a nice popup blocker,Content blocker and you can use new Fraud protectionOupost- if you have outpost pro as a firewall it also have a good ad and popup blockerKIS- Kaspersky internet security also has a built-in ad/popup blockerAnd tones of other ad/popup blockers out there.Also try to block activeX and Java scripts in your browser or by a sofwtare and use SpyBot IE protector if you use IE and Immunize you system while you checked you opera profile if you have one(or firefox) Link to comment Share on other sites More sharing options...
Tarun Posted June 4, 2007 Share Posted June 4, 2007 Thunderbolt, where exactly are you getting the popup from? I've seen System Doctor in several forms, from Internet browser popups to a balloon tooltip in the system tray. If it's from something in the system tray, you definitely want to scan with Ad-Aware and Spybot S&D. Should it be browser related, clear your cache and cookies; and also do a malware scan.Avoid HOSTS file blocking at all costs and whatever you do; do not disable your DNS Client service. Your Internet will slow down moreso as it will have to resolve the names of websites you are visiting every time.Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.MVPS should do better research before advertising their HOSTS file. False claims can really slow a user down. There are far better methods to block malicious ads and websites. Link to comment Share on other sites More sharing options...
[deXter] Posted June 4, 2007 Share Posted June 4, 2007 HOSTS file based blocking isn't such a bad option that I would tell someone to "avoid at all costs". Blocking with a HOSTS file does have its advantages - like hassle free installation and system-wide filtering.Using a HOSTS file with eDexter or nohttpd overcomes the problems of slow-down and broken pages. --As for the DNS Client Service, it isn't as essential as Microsoft wants you to think. It's only essential if you're part of a domain. There won't be any (significant) slowdown of the net if it's disabled, since all browsers have built-in DNS caching independent of the Windows' DNS client service. The reason why it's recommended to disable the DNS client when using a large HOSTS file is that it may slow down the computer as the DNS service loads the entire contents of existing HOSTS file into the DNS cache.Also, there are programs like FastCache and TreeWalk DNS, which imho, work much better than the windows service. Link to comment Share on other sites More sharing options...
Tarun Posted June 4, 2007 Share Posted June 4, 2007 Browsers cache the DNS? What are your sources for that? A web browser caches images, pages, cookies, etc. There's nothing about DNS cache in Firefox or IE7.The Windows DNS Cache services works as it is intended. It's not broken, nor does it function poorly. It does exactly what it is designed to do. You shouldn't need any third party applications or have any need to use the Hosts file for blocking malware. It just won't work well.Since we're talking about the Hosts file, let's clarify some things.What is the Hosts file?The Hosts file is used to look up the Internet Protocol address of a device connected to a computer network. The Hosts file describes a many-to-one mapping of device names to IP addresses. When accessing a device by name, the networking system will attempt to locate the name within the Hosts file if it exists. Typically, this is used as a first means of locating the address of a system, before accessing the Internet domain name system. The reason for this is that the Hosts file is stored on the computer itself and does not require any network access to be used, whereas DNS requires access to an external system, which is typically slower.What do you not use the Hosts file for?Under no circumstance should you ever use your Hosts file to block malware or advertisements. It is not designed to be used in this manner despite what many websites falsely report. Coincidently those sites also offer their own malware and ad-blocking Hosts files. Some websites will also recommend disabling the DNS Client service or setting it to Manual. By default it is set to Automatic and should not be changed.Note The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the Hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.I hope that clears things up. Link to comment Share on other sites More sharing options...
Thunderbolt 2864 Posted June 5, 2007 Author Share Posted June 5, 2007 Don't worry, I found a way to disable that redirection popup, all I needed to do was disable my javascript in Firefox, and the site admins fixed it anyway. Seriously, those people at WinFix (The idiots who created this crap) needs to be shut down tricking people into installing their bogus software.If I used Internet Explorer I would have got infected. I use Firefox and nothing happened when the System Doctor tried to install itself into my computer. Link to comment Share on other sites More sharing options...
Tarun Posted June 5, 2007 Share Posted June 5, 2007 I do wonder if there may be a rogue application that might be causing that page to load or some other method. Link to comment Share on other sites More sharing options...
Thunderbolt 2864 Posted June 5, 2007 Author Share Posted June 5, 2007 Nah, it was just the website that was infected with the ad. I don't have that ad at all, even the people running that site admitted they had a problem that that ad redirection. I even scanned my computer and there was no spyware at all. Link to comment Share on other sites More sharing options...
[deXter] Posted June 5, 2007 Share Posted June 5, 2007 Browsers cache the DNS? What are your sources for that? A web browser caches images, pages, cookies, etc. There's nothing about DNS cache in Firefox or IE7.There are sites mentioning DNS caching in IE and Firefox. I also asked a moderator in the Opera IRC chatroom and he confirmed that Opera does cache DNS entries. I'm also in the process of getting a written confirmation for the same.What do you not use the Hosts file for?Under no circumstance should you ever use your Hosts file to block malware or advertisements. It is not designed to be used in this manner despite what many websites falsely report.What are your sources for that? Or if it's your own reasoning, could you please clarify it further? Thanks. Link to comment Share on other sites More sharing options...
Tarun Posted June 5, 2007 Share Posted June 5, 2007 Browsers cache the DNS? What are your sources for that? A web browser caches images, pages, cookies, etc. There's nothing about DNS cache in Firefox or IE7.There are sites mentioning DNS caching in IE and Firefox. I also asked a moderator in the Opera IRC chatroom and he confirmed that Opera does cache DNS entries. I'm also in the process of getting a written confirmation for the same.Let's take Firefox for example. By default there are only these two entries:network.dns.disableIPv6network.dns.ipv4OnlyDomainsYes, the browser can support others; however by default it does not. I can verify it by referring you to this page for about:config.DNS Cache is supported, but it is not present, nor is it active by default. You have to manually add the values in order for it to be supported.Here are the links for network.dnsCacheEntries and network.dnsCacheExpiration.It's hard to say that something supports DNS caching when it's not in there and active by default. Apparently, IE7 is not listed as supporting DNS caching either. Source. The DNS caching that the other IE browsers make use of, is based off the DNS Client service which resolves the IP.For Opera, I'll ask Zxian. What do you not use the Hosts file for?Under no circumstance should you ever use your Hosts file to block malware or advertisements. It is not designed to be used in this manner despite what many websites falsely report.What are your sources for that? Or if it's your own reasoning, could you please clarify it further? Thanks.Well, since you left out a key part of the quote, I'll add it back in for you. Coincidently those sites also offer their own malware and ad-blocking Hosts files. Some websites will also recommend disabling the DNS Client service or setting it to Manual. By default it is set to Automatic and should not be changed.Now, to answer your question. My sources are common sense, studying computers for over ten years and experimenting with many things. It makes sense that if your Hosts file contains say, ten thousand entries, that you would experience a slowdown as your computer has to check each line in the Hosts file for a match. Oh, and referring to Microsoft's website. After all, they created Windows, the services, and more. I would definitely say they know best.Malware can still alter and even replace your Hosts file. Malware is an executable file, just like everything else you use. It sends a command line parameter to change the state of the Hosts file from a read-only state to writable. After that it replaces it with whatever it wants. All it does is send the ATTRIB command along with -R. See this link on DOS Command: ATTRIB for more information.That's not very secure if it's that simple to disable the read-only attribute, is it?-----Just in case you missed it before, I'll repeat this.Note The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.-----Considering Microsoft made the service, I would say that they know best. This would be why they have the DNS Client service set to Automatic. Link to comment Share on other sites More sharing options...
Synapse Posted June 5, 2007 Share Posted June 5, 2007 (edited) Thunderbolt, glad your comp was clean. The site in question probably had a refresh script like this..<META http-equiv="refresh" content="0;URL=http://www.whateversite.com">Browsers cache the DNS? What are your sources for that? A web browser caches images, pages, cookies, etc. There's nothing about DNS cache in Firefox or IE7.There are sites mentioning DNS caching in IE and Firefox. I also asked a moderator in the Opera IRC chatroom and he confirmed that Opera does cache DNS entries. I'm also in the process of getting a written confirmation for the same.What do you not use the Hosts file for?Under no circumstance should you ever use your Hosts file to block malware or advertisements. It is not designed to be used in this manner despite what many websites falsely report.What are your sources for that? Or if it's your own reasoning, could you please clarify it further? Thanks.1st part:regardless of DNS Caching ability on a browser it still relies on the windows service for DNS caching by default.for example, Firefox has Network.dnsCacheExpiration and Network.dnsCacheEntries but on both of those we can see "This preference does not exist by default.". Meaning it uses the windows dns cache first unless that setting is added to the about:config.Or IE has How Internet Explorer uses the cache for DNS host entries which even states there:Internet Explorer 4.x and later versions modify how DNS host entries are cached by decreasing the default time-out value to 30 minutes.In some cases, this new time-out setting is too short. If your environment has a number of clients that are connecting and are all performing DNS lookups every 30 minutes, you may experience an unwanted increase in network traffic.Telling users to disable the DNS Service is like telling them they don't need a phone book anymore, but instead they'll just have to call 411 (information) everytime they want to order a pizza. It's unnecessary Network traffic to call up your ISP every single time you need to go to a website.. Though you may not see it on a Home Network, your ISP will, and if you were in a corporate environment imagine 500 computers browsing the net having to contact the DNS Server everytime they want to browse the net... All disabling the DNS Cache does is cause additional and unnecessary network congestion.2nd part:I have to agree with Tarun, I've been a heavy computer user for the past 16 years. Though, I can see a few advertisement servers being added to the hosts file, having a 14,905 line "MVPS" Host file, or a 17777 "eDexter" Host file is over kill.. Everytime you go to a webpage it must go through all 14k+ lines to check if it should redirect to 127.0.0.1 or not.Hope that helps. Edited June 5, 2007 by Synapse Link to comment Share on other sites More sharing options...
[deXter] Posted June 6, 2007 Share Posted June 6, 2007 (edited) Thanks Synapse and Tarun for your explanations.Malware can still alter and even replace your Hosts file. Malware is an executable file, just like everything else you use. It sends a command line parameter to change the state of the Hosts file from a read-only state to writable. After that it replaces it with whatever it wants. All it does is send the ATTRIB command along with -R. See this link on DOS Command: ATTRIB for more information.That's not very secure if it's that simple to disable the read-only attribute, is it?About this part, technically speaking, Malware could alter any sort of filter system, so how does it make the HOSTS file any different? My point is, in this case, we aren't concerned about filtering outgoing traffic, but incoming traffic, right? Besides, one could use CACLS to make the hosts file read only, instead of the traditional ATTRIB method. I know, it's not foolproof, but if you use it with a properly configured Limited User Account, it's practically secure. For that matter, when using a LUA, there are very little chances that a system might get infected in the first place..Edit: I just enquired in the Firefox IRC, and they say that Firefox does cache DNS entries by default. Just because those preferences aren't set by default doesn't mean that the feature doesn't exist. The browser assumes default values internally.You can see it for yourself in here : http://lxr.mozilla.org/mozilla/source/netw...ervice2.cpp#301This means that it when you're browsing a site, it shouldn't have to lookup the HOSTS file every time a request is made. It'll lookup only ONCE when the TTL expires, which is once a minute by default.Anyways, this needs some practical testing. I'll do a comparison test of site load times- with and without the DNS service and with and without HOSTS filtering to measure the exact impact of these various combinations.Edit(2): Just found the confirmation I needed: Opera does indeed cache DNS entries http://my.opera.com/community/forums/topic...#comment2077157 Edited June 6, 2007 by [deXter] Link to comment Share on other sites More sharing options...
Tarun Posted June 6, 2007 Share Posted June 6, 2007 The sources I provided clearly stated that "This preference does not exist by default.". Now, what that means is that you have to manually add the values listed in order to enable these settings. Just because they're in the source code does not mean that they are enabled by default.Unfortunately, IRC is not a solid place of proof either; any fanboy could easily pose as a developer and make false claims. Remember, Firefox is open-source, anyone can look at the source code and act like they know something. As far as Opera is concerned, just saying that "Opera rechecks resolved DNS addresses every 10 minutes." doesn't say that it caches DNS entries at all. It says that it checks them. That could very well mean that Opera is making a call to the Windows API and checking with the Windows DNS cache.-----Thunderbolt 2864,Glad to hear that your problem was resolved. As this topic has gotten quite off-topic, I'm going to close this thread. However if you (Thunderbolt) need this re-opened; please PM me and I will re-open it should your problem still exist or if you prefer to make a new thread, please feel free. [ Closed ] Link to comment Share on other sites More sharing options...
Recommended Posts