Blocklist

[war59312]

Disabling java and flash is not a good idea.......

Cause allot of sites use these to show the normal web pages..

True but I do not normally run into that problem myself. Or I white list them.

Or I just add some javascript / css to html to the page in question. I add my own menu.

I do this with ad muncher if your wondering.

Take Care,

Will

BTW I have never been effected with damaging spyware/adware nor virus/trojan etc..

Now I have had some crap on my system but it got no were due to my security in place.

Also I run Process Guard which stops any junk from running in the first place. And like I said I disable all the eye candy so its pretty rare I ever seen any junk on my system. Normally its just my antivirus warning me about some possiable unknown virus in my IE cache. Which I clear btw and cookies every time I close IE. I use popup cop to do this.

Also I have not seen an unwanted popup in months. Same with **** banner ads.

So I think IE is pretty safe and yes its up to the end user to make it so.

BTW your internet browser is hardly the weakest link in your security system. Normally its YOU!!!!

Just something to think about.

I just wish people would stop blaming their browser for all their computer problems. Be it whatever browser in question or OS.

Oh and this is all out of box.

So your point is mute.

Unattended install of course.

[Martin Zugec]

2war: I also vote for ad muncher Great, small and fast program with kind autor

[Tokyudo]

Back to the subject at hand....

I have found one problem with the active x block list. It renders a certain online virus/spyware scan useless.

http://www.pandasoftware.com/activescan/co...n_principal.htm

I use this free scan all the time when I working on customer's infected PCs, very handy.

[2forza]

Updated this thread,

Added AUTO blocklist updater

Automaticly applying the latest blocklist file after installing your UA cd.

Powered by: AutoIT, http://www.hiddensoft.com/autoit3/

[JoeMSFN]

All this talking about "Ad Muncher" I did a search for it, but mistyped the search and found "AdCruncher"

http://www.softdevlabs.com/AdCruncher/ReadMe.html

Anyone have thoughts on this ?

[atomizer]

...Have a small percentage of the market share isn't neccesarily a definitiion of "used so much". The fact that is isn't attacked nearly as much is simply because it is such a small population...

this may be true to an extent, but it is also true because FF, as well as (any?) other non-IE browsers, are inherently more secure. FF, Opera, etc., do not support ActiveX and have tighter restrictions on JS (and probably other potentially damaging technologies).

As previously stated, end-users are left on their own for security (at least up until SP2 of XP and SP1 for 2003).

yes, but... this doesn't change the fact that some products are inherently more secure then others. i don't use Linux, but i'd be an ignorant fool to state that the only reason Linux is more secure is because it's less of a target (and that's arguable because, as far as i know, *nix powers the majority of the Internet). Linux is inherently more secure. period. i don't use IE either, but i have used it for the vast majority of the time that i've been 'computing'. i'm also a sort of security/privacy nut and there's no comparison between security/privacy when it comes to IE and non-IE browsers. none. the base IE code, to my knowledge, hasn't changed much in many years -- patch-patch-patch and still more patches (practically every month). it lacks all sorts of functionality and most people don't know how to configure it. if you want to talk about 'joe user', then there is no argument that poor joe is left standing in the rain with his pants down when he decides (or simply doesn't know any better) to use IE.

I will give this to Firefox, they are faster with their patches. But they're still patches, and so the argument that Microsoft should provide a fully working and safe product is mute as both have the problem.

sure. agreed. but who releases NEW versions and patches more frequently? and what is the severity of the problems?

If it's one thing I don't like about Firefox is simply the fanboys, wait that goes for ALL browsers. They simply come out say one is better then the other, flame it for all it's worth, but never actually provide any substantial proof that one is better then the other.

the same can be said for the 'IE fanboys'. where is your (and i'm asking anyone at all) proof that IE is better/more secure/more privacy oriented/etc.?

my knowledge is limited, but the 'proof' i can offer, as far as FF goes anyway, is that it doesn't use ActiveX - a security nightmare. i don't have to leave the main browser window to enable/disable Java, JS, Flash, cookies, redirects, etc., on a global or per-site basis. i don't have to d/l and run 2 or 3 other programs and proxies to control ads, spyware, etc., and 'scan' my system every other day. i don't have to run a new instance of the browser for every window -- and on and on. but none of this is new and has been mentioned over and over on the forums here, so to say that the 'FF fanboys' haven't offered any substantial proof that one is better than the other suggests you either haven't been reading relevant posts on the subject, or you simply prefer IE and choose to defend it regardless of its merits (or lack thereof).

if you want to look at 'joe user', who doesn't know how configure security policies, what the 'zones' are, what websites to avoid, what spyware is, ActiveX, what the computer management console is, etc., what browser would you recommend they use?

The statement that Microsoft shouldn't provide a browser with their product says that you think Microsoft should have an OS that is bare of any additional applications and the User is left to decide.

as mentioned earlier, i don't use Linux, but i have tried it several times (Suse, Mandrake, Ubuntu, Redhat). Linux, as you may know, doesn't integrate a browser and DOES offer choices. i don't know about you, but i enjoy the freedom of choices rather then having crap shoved down my throat at the expense of security, functionality and the all-mighty dollar. i was also very impressed with with the huge volume of s/w that was distributed with every Linux OS i've tried, many offering more than one word, mail, chat, FTP, browser, UI, etc., etc., etc.. your statement "The statement Microsoft shouldn't provide a browser with their product says that you think Microsoft should have an OS that is bare of any additional applications..." is plain silly. MS, as with many other OS's, could offer any choices it wants, they just decide not to. as a matter of fact, MS bundles the least amount of s/w with its OS's.

I should also note, most sites that have ActiveX controls that install with damaging effects are sites that probably should be avoided. Reputable sites shouldn't be distributing ActiveX controls or any other software to damage you system knowingly.

and how do you (or the average joe) know which sites are reputable? which ones to avoid? and what happens when you stumble upon a malicious site by accident?

Anyone have an example of a site that installs Adware/Spyware without your knowledge?

yeah, look in the blocked sites lists for many of the cleaners that cater to IE, like Spybot S&D for instance. you'll find hundreds/thousands. Edited December 9, 2005 by atomizer

[BoardBabe]

Took the liberty to update this script a bit to my likings. Feel free to use it...

-Put the script below and blocklist.reg in same directory. For completly silent mode set $debug to 0. This script will of security reason compare a given line of the old and the downloaded file as a little extra security feature. Give it a test and see, it works nicely

Script will check for new version (where online) and implement the most recent blocklist possible to registry.

-When used in UA installations set debug to 0 (zero) and compile script to .exe.

*.au3

; Silentmode = 0.
$debug = 1

; Hide TrayIcon.
If $debug = 1 Then 
 AutoItSetOption("TrayIconHide", 0)
Else
 AutoItSetOption("TrayIconHide", 1)
EndIf

; Filechecker variables.
$name = 'blocklist.reg'
$site = 'http://www.spywareguide.com/' & $name
$dir = @ScriptDir & '\' & $name
$oldline = FileReadLine($dir,5)
$tempfile = $dir & '.tmp'
$linetocheck = 5
$sizeweb = InetGetSize($site)
$sizehome = FileGetSize($dir)

; Initiate online update.
Updater()
Func Updater()

	If $sizeweb = 0 Then
	 If $debug = 1 Then 
		  TrayTip("ActiveX spyware definitions", "The application could not access the internet.", 3, 3)
	  Sleep(3000)
	 EndIf
	Else
	  If $sizeweb <> $sizehome Then	
	   InetGet($site,$dir & '.tmp',1,1)
		While @InetGetActive
		 If $debug = 1 Then
		 TrayTip("ActiveX spyware definitions", "Update available, downloading file " & $name & " (" & @InetGetBytesRead & " of " & $sizeweb & " bytes completed).", 1, 1)
		 EndIf
		WEnd
		$newline = FileReadLine($tempfile, $linetocheck)
		If $newline = $oldline Then
		FileMove($tempfile,$dir,1)
		 If $debug = 1 Then 
		 TrayTip("ActiveX spyware definitions", "Spyware definitions updated...", 3, 1)
		 Sleep(3000)
		 EndIf
		Else
		FileDelete($tempfile)
		If $debug = 1 Then
		 TrayTip("ActiveX spyware definitions", "Authetification error at line " & $linetocheck & ". Update aborted.", 10, 2)
		 Sleep(6000)
		 EndIf
		EndIf
	 Else 
	  If $debug = 1 Then 
		   TrayTip("ActiveX spyware definitions", "No new updates available...", 3, 1)
	   Sleep(3000)
	  EndIf
	 EndIf
	EndIf

EndFunc

; Timestamp blocklist file mm/dd/yy hh:mm.
$t = FileGetTime($dir)
$timestamp = $t[1] & "/" & $t[2] & "/" & $t[0] & " " & $t[3] & ":" & $t[4]

If $debug = 1 Then 
 TrayTip("ActiveX spyware definitions", "Installing blocklist from " & $timestamp & ".", 10, 1)
 Sleep(3000)
EndIf

; Implement blocklist to registry.
If $debug = 1 Then
Run('regedit "' & $dir & '"')
Else
Run('regedit /s "' & $dir & '"')
EndIf

Exit

Lazy? Download finished SFX ActiveXblocker.exe / ActiveXblocker-s.exe (silent switchless version for UA installations)

-Included blocklist.reg downloaded 10. dec.

Edited December 9, 2005 by BoardBabe