Re: [PCWorks] A tip for stopping annoying harassing "slide-ups" (a kind of pop-up) immune to pop-up blockers
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: <pcworks@xxxxxxxxxxxxx>
- Date: Sun, 23 Nov 2008 03:18:09 -0600
Ok I just found out something possibly troubling regarding #8
below. SpyBot just had an update, and it would see on its
"Immunize" page if you look through it under IE you'll see
"Domains" and "IP's" which could be hosts file updates, but
also at the very bottom is the hosts file itself, which
currently lists 9948. My hosts file earlier had 9984 lines
(not all are actual domains or IP's, some are comment lines),
and now after the SB update it has 9986 lines. Only 2 more,
but it could have had much more updates than that. So the only
way I can know is if I can remember one of the domains I added,
then see if that domain is in the new hosts file.
If it's not, then that would mean SB only updates its OWN
additions, and you lose anything you added, and you lose what's
added from that site Hugh mentioned.
-Clint
----- Original Message -----
1. You just click "Add", then do it again and again for each
site.
2. Adding one to the hosts file totally blocks ALL and ANY
access, you can't even get to the site.
3. No, if it's in the hosts file it doesn't need to be in
Restricted Sites.
4. I'm not sure, theoretically only YOU can modify it (or
allow access to it) because it's read-only. Try and make a
change to it as-is and watch what happens, so yes, it's
read-only for a good reason. Many anti-malware programs will
lock it.....it could be it's not read-only by default, and
maybe SpyBot, Spyware Blaster or other may make it read-only, I
can't remember. Spyware Blaster will make encrypted backups of
it, and restore a backup if something screws it up. SpyBot
also makes backups and can restore them. I remember seeing
something like "Lock hosts file" on one of my anti-malware
programs, but I can't find it now on any of them. Spyware
Terminator has "Hosts intrusion prevention system". My AV
software "Kaspersky Internet Security" (KIS) won't allow ANY
changes to mine unless I allow it, so it protects me from it
getting changed without my permission.
5. Yes & yes, but if there's any entries in yours you may want
to see if they're in mine and if not, add them.
6. I've never seen nor heard of a firewall-alerted attack or
potential firewall-alerted attack that did anything to the
hosts file. It may exist, I've just never heard of it.
There's not much of a reason for a site to do that: if it's
listed in your hosts file, you can't even get to the site for
it to even try anything with your hosts file. A FW can block
that kind of access from a site or IP, but only if it's a
decent one. KIS that I use would prevent it. (It's also a
firewall and system-wide protection suite). There's much more
lucrative efficient things for malware to do to a PC than to
just modify the hosts file.
7. I'm checking into that now.
8. From the looks of it, it may update it and then saves the
previous one as a restorable backup, because I have a bunch of
them. FAIK it may not ever update the hosts file, I've never
checked. The backups created just could be periodical backups.
For it to be able to update the file that, it would have to be
able to override the PC's setting of read-only on the file. I
don't know if it can do that. The domains it puts in the hosts
file could be only put there just after you install it, and
tell it to add its list to your hosts file, and it may not be
updated again, and that may be when it makes it read-only. ?
If so, then it could have precedence over the read-only
setting, and be able to unlock it, update it, then lock it
back. But, I've never gotten any alert from KIS that it was
trying to do that.
I'm going to have to try and remember what I last added to my
hosts file, then watch for any SpyBot hosts file updates, then
see if what I added is still there.
-Clint
God Bless
Clint Hamilton, Owner
http://www.OrpheusComputing.com
http://www.ComputersCustomBuilt.com
----- Original Message -----
From: "David Grossman"
This is a very useful and important tip, Clint. Thank you.
For those who are having difficulty finding it, the Restricted
Sites area
that Clint mentioned is located at Tools - Options - Security -
Restricted
Sites in my OE6.
Clint, I have a number of questions:
1. I see how to add a single line to the Restricted Sites, but
I do not see
how to add multiple lines. How is that done?
2. Please explain how the Hosts file is better than the
Restricted Sites -
or what is the difference between them.
3. Is there any advantage to having the restrictions in BOTH
the Restricted
Sites and the Hosts file?
4. Can't malware also unprotect the Hosts file (by removing the
Read Only
attribute) just as we humans can? Does the Read Only attribute
really add
protection?
5. Does your hosts.zip file include the Spybot items? Can I
just replace my
hosts file with yours?
6. Shouldn't a firewall block these intrusions from other
websites? If so,
shouldn't we be making changes in our firewalls?
7. Hugh recommended a different file. Is there a way to merge
your file,
Clint, with Hugh's?
8. When Spybot updates the Hosts file, does it just replace the
file? If so,
then any additions from Clint and/or Hugh and/or mvps will be
deleted.
David Grossman
> -----Original Message-----
>
> Most of the pop-up blockers we use won't stop many kinds of
> them. If you've gotten as fed up as I have with them,
> there's
> a couple of things you can do to wipe them out, site-by-site.
> I was getting infuriated with a particular "slide-ups" at
> some
> sites I frequent. As the name implies, they slide up in some
> sort of a slower animated form onto the webpage rather than a
> pop-up in a separate window, (this is why the pop-up blockers
> won't work on them), and always, as all of them, with some
> totally useless BS on them like "Hi, my name is [....] and
> I'm
> looking for a friend", from all those kinds of
> "cyber-terrorism"
> dating sites for example. (I fail to see why anyone with an
> otherwise legit website would want to contaminate their site
> with this kind of garbage).
>
> This is on IE, I'm not sure how to do this in FireFox. The
> first thing you can do is put the domain of the offending
> pop-up/slide-up in the Restricted Sites Zone. For those of
> you
> that don't know, as the name also implies with this it's a
> more
> restrictive zone than the default "Internet Zone" where many
> things are not allowed like various downloads, Cookies,
> redirects, scripts, etc. You should use these types of
> formats:
>
> BadDomain.com
> www.BadDomain.com
> *.BadDomain.com
>
> The *. should be inclusive of the www version since that's a
> wildcard, so it may tell you it's already listed in the zone,
> so
> add the www version before the wildcard version. The reason
> for the wildcard is that protects against ads.BadDomain.com,
> ad.BadDomain.com, banners.BadDomain.com, etc. If you
> make an error, it will tell you the correct formats it
> accepts.
>
> The other thing that works even better is to put the domain
> in your "hosts" file. (I don't know if FireFox uses the same
> file or not). You can search your HD for it, or it should be
> at the path "C:\WINDOWS\system32\drivers\etc". This is
> a read-only file, so you have to right click it, Properties,
> then uncheck "Read Only" > Apply > Ok. Then open it in
> Notepad. The domains listed in the file are in alphabetical
> order, so you have to search through it for the right spot.
> Note the locations of the www versions of the domains in
> the file, then do the same in the right spot with your
> offending domain. Then close out of the file saving it,
> and BE SURE to set it back to read-only!
>
> For those that don't know, the "hosts" file controls the
> websites visited on the host PC by not allowing access to
> them. By doing this, it also totally blocks anything that
> could
> come from the website, including bogus IM's and these
> kinds of annoying pop-ups & slide-ups.
>
> If anyone is not using a hosts file, or it's blank (and if so
> it
> means you're not using SpyBot which is bad), the format is
> like this:
>
> 127.0.0.1 www.BadDomain.com
> 127.0.0.1 BadDomain.com
>
> After adding numerous domains to my hosts file, I'm no
> longer bothered by these nuisances.
>
> To find the offending domain, if the whole thing is clickable
> just right click the slide-up/pop-up and "Copy shortcut"
> then paste it somewhere and you can see the domain.
> If the whole thing is not clickable, then just do this with
> a link in it. If you still can't find the domain, if "Copy
> shortcut" is grayed out or not there, then you'll have to
> click it. Just be sure to immediately click "Stop" to
> stop the page from loading, and you can get the domain
> URL from the address bar. (You don't want to give them
> any traffic or risk getting malware from their site on your
> PC).
>
> Like I mentioned above, SpyBot does a great job of
> modifying your hosts file. It adds many thousands of
> nefarious domains (about 4500+ so far) that protects
> your PC from anything from these domains. But it does
> indeed leave many out that should be added. If anyone
> wants to use mine, or see it to be sure your syntax or
> format is correct for anything you want to add, I've
> uploaded it and I'll leave it there for a few days.
> There's almost 10,000 lines in mine.
> http://www.orpheuscomputing.com/computers/hosts.zip
> -Clint
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
