Wednesday, November 12, 2008

SecureMecca.com & HostsFile.org no longer feature the block of pornography.

Some may lament us no longer blocking Pornography. In fact this is not true. We still have that filter and it is named pornproxy.txt. It is just that no more work is being done on it. This was done for several reasons and they are:

1. It became too much work for only one person to handle. Henry Hertz Hobbit was the only one making the changes with Rodney making suggestions. It is just that the suggestions were to add blocks for ads and assuming a rule may cause problems when in fact most don't. Many new patterns could have been added but doing that required more people to take on the work and nobody stepped up to the plate. One person can only handle a dozen or more experimental rules at a time. I (HHH) was maxed.

2. With over 700,000 porn hosts and climbing to over a million with NOBODY in HHH's personal contacts wishing to help by putting on the filter and reporting back false positives it finally became apparent nobody wanted these blocks. But almost everybody is blocking ads.

WHAT DO WE BLOCK?

1. Hosts that abuse the built-ins and add-ons. This includes but is not limited to: JavaScript, Java, Flash Player, RealPlayer, and ShockWave Player. With the exception of the ShockWave Player not being on Linux, these exploits work equally well (maybe we should say badly?) on all operating systems. Just shifting to Linux doesn't alter the abuse that occurs. You can literally trap somebody in the browser using nothing but JavaScript not allowing them to do anything (except to go to another work-space on Linux and kill the browser in a terminal window). Is that classified as an exploit? Yes!

2. Hosts that track what you do and where you go. At one time some people used the word spies in relationship to these hosts. I (HHH) prefer the term tracker (Fr - traqueur) since that most closely represents what they are doing. Primarily they keep track of what you are doing to tailor the ads that are delivered to you but there are other reasons for what they track. We are dedicated to minimize this tracking of people's use of the Internet. That is why I (Henry Hertz Hobbit) will never access the built-in features to track you at SecureMecca.com and warn you what is being used to track you there that is not under my control.

3. Hosts that infect people's machines. This is almost wholly limited to the Windows OS. Although many people say the problem would be just as bad on Linux or the Macintosh, it wouldn't as long as people didn't do stupid things. It is just as easy to write a trojan for Macs as it is for Windows and you can have it installed if you are salivating over getting the dirt on shocking videos of this or that political personality doing this or that. Hiding the fact that what the Mac owner is using is called sudo doesn't help prevent a user from stupidly installing a program running with admin level access. There is no substitute for knowledge. We are primarily but not exclusively using both Airelle's hosts.rsk file and Malware Domain List's files for looking at these host for patterns for the PAC filter. Some surprising things have already come out from this. WE BLOCK CHINA! THE WHOLE TLD! 10% of the hosts that infect Windows hosts at the MalWare Domain List are in this domain. We also block some porn patterns (we have left one in as a red herring) but again, we are blocking them like we block China because they pass a threshold of going over so many hosts (usually we need at least ten plus hosts at Malware Domain List but a very nasty trojan MAY make a count unnecessary) to invoke that pattern being included.

4. Typo servers or somebody else that is doing something wrong. This is a little bit overly-vague but I don't want to be frozen with something that can't handle newer threats as they fruition and develop. You are just going to have to trust my instinct that somethimg is bad when I see it. Active-X exploits that inject a trojan after the browser has been gagged by do-nothing JavaScript that maxes the CPU is just one of the many other things that come to mind that are seemingly endless.

5. WE NOW BLOCK ADS. Before now, the ad-server had to do something else like spying, etcetera, to be included. That does NOT mean use of our hosts file is to be encouraged. Use somebody else's hosts file for that purpose. What you want from us is the PAC filter. Will our PAC filter match the power of AdBlock Plus filters? Probably not. They have had years to hone their filters and we are just starting. Also, there are some patterns that are more difficult to enter into the PAC filter. What is the advantage? Like a blocking hosts file, the PAC filter is stealthy. Nobody can detect that it is there. You will never get a request from a web site to turn it off.

There you have it. The policy may be refined over time, but this is what it is now for what it is worth. Hey, it works for me & Rodney. If other people find it useful that would be nice to hear but it is primarily something created for ourselves.

Henry Hertz Hobbit