I have gone back and forth on whether to block Ascentive, CyberDefender, DoubleMySpeed, FinallyFast, MyCleanPC, and MyCleanerPC among others. Up until now I thought people should check this stuff out for themselves. I have finally put many of these hosts into the main section of my hosts file. Why did I put them there? Because they really aren't malware (maliciels) so they do not belong in the risk section. It looks strange to see them mixed in with ad servers and trackers but there is no other place to put them. (update 2011-04-18: After looking at the cookies they are going back in and I also block their cookies). More than anything else this is a statement that you should have no need of these products if you regularly clean out old temporary files and optimize your disk, etcetera. If you have had more than one AV program, make sure you completely uninstall old versions and that includes removal of the unused registry entries. The products listed here can do some of that for you. Some free alternatives for the pay programs I blocked that you can consider are (given in alphabetical order):
I may add some more in the future but I would like to keep this a lean list. Some users claim these products work even better than the programs you must purchase.
I have heard that you may need a geek to help you with CC Cleaner or it will get carried away. Also, it is known to remove passwords that you keep in browsers, etcetera. If nothing else, that should prompt you to purchase a password program to encrypt and store your passwords some place safer. Shame on you for leaving your passwords out in the open anyway.
Also, even with something as simple as Java, make sure you unselect any toolbar install unless you really want that particular toolbar. I have read some place that Glary's includes the Ask Toolbar. Other people may like toolbars but I don't like them. If you are like me then you will never fast track an install. I select the inspect everything approach and make sure I don't get something I didn't want.
Now I have given you some alternatives to what I just blocked. You are of course free to disagree with me and delete the entries in the hosts file or just go back to the default hosts file and get the products that are advertised forever on TV. At one time I used to block Stop-Sign.com but I don't block it any more. If you think what Stop-Sign provides is superior to Symantec, Kaspersky or some other AV product that is your decision to make. Maybe these products I am blocking will mature and I will also not block them in the future. Eventually it all comes down to the fact that the end user needs to make all of these decisions anyway. At least now you are given a second chance to back out until you remove the block to do some research and then decide for yourself what you want to do. At least what I am pointing you towards doesn't cost very much. That is all I was attempting to do in the first place.
Friday, April 30, 2010
Monday, April 5, 2010
Deactivating the PAC filter
Somebody wrote to me implying that they were going to have to format their hard disk drive to get rid of the PAC filter. Don't panic! A caveat is in order here. All of these instructions are for Microsoft Windows. If someone has the PAC filter or other stuff on Linux or Macintosh, contact me personally at this email address: hhhobbit gnat securemecca.com. I will give instructions for how to remove the PAC filter. These instructions for deactivating the PAC filter will work for the Internet Explorer, Chrome, and Safari browsers on Microsoft Windows.
1. Click on Start
2. Select Control Panel. The default is out in the open. If you have changed the way you view what is hanging off the Start menu to be something other than the default then it is your responsiblity to find the Control Panel. You can also do some of this from Internet Explorer instead - if you are going that route select the Internet Options and skip to step 4.
3. Double click on the Internet Options. You can now close the Control Panel window.
4. Select the Connections tab at the top.
5. Click on the LAN Settings button
6. Find the section that has the file://C:/etc/proxy_en.txt string or file://C:/etc/proxy_fr.txt string. If you have the older version of the filter it may be just file://C:/etc.proxy.txt. (2012-02-11 Addendum: Due to the Chrome browser bug of reading every file in the folder the files you should be using are now file://C:/etc/OneFile/proxy_en.txt and file://C:/etc/OneFile/proxy_fr.txt respectively. It does not matter because other than the string being different the instructions are the same.) It should be in the Automatic Configuration section but it may be different depending on what IE version you are using. You were warned not to use the PAC filter if the Proxy Server box was checked. In any case find where the section is that has this string and uncheck it so it is no longer using the PAC filter.
Congratulations. You have now just deactivated the PAC filter for everything that uses Microsoft's Internet Settings. It will no longer function in IE, Outlook, Chrome, Safari, RealPlayer, Opera, or anything else that uses Internet Settings. Okay, now let's handle the Firefox browser.
Firefox PAC Deactivation
Firefox does not use the Internet Settings. Here are the steps you should take to deactivate the PAC filter in Firefox.
1. Click on Tools on the menu bar (for some it will be Edit).
2. Click on Options (under Edit it is Preferences).
3. Click on Advanced at the top of the Options / Preferences panel.
4. Click on the Settings button.
5. You will see the "Automatic proxy configuration URL:" radio button selected. Select the "No proxy" radio button. On older versions of Firefox it may be called "Direct."
Congratulations again. The PAC filter has been deactivated in Firefox. If you are sure you want to remove it all including the hosts file and the Homer pseudo web server read on.
But don't panic! Just deactivate the PAC filter and go from there. Remember, once the PAC filter has been turned off in Internet Settings and Firefox it is effectively not even there any more!
Remove Blocking Hosts File
1. Go to this URL in your browser:
Not knowing what your browser is in advance it is hard to give specific instructions of how to save the file named "OrgHosts.txt" to your Desktop. I can say that you will have something like "Save Page As ...". Usually it will be under the File menu. If you want to fast track it, on save, change the ".txt" extension to ".bat" instead. That means if you did it right, the file on the Desktop would probably show up as "Org.Hosts.bat" if you have Windows set to show extensions. It goes without saying I strongly encourage you to change the default of not showing extensions to show the extensions of a file as a security enhancement. There are too many exploits where the people have something like Questionable.jpg.exe, and you may double click on it thinking it is an image file when it is really the install file for a Trojan.
2. If you didn't save the file as "OrgHosts.bat" but "OrgHosts.txt" instead, right click on the file (left click if you reversed the mouse buttons), and change the file name to "OrgHosts.bat" (change the ".txt" to be a ".bat").
3. Double click on the OrgHosts.bat file. When it finishes you should see the message "DONE" On the line below it will probably see the final message "Press enter to exit." It is supposed to be part of the pause statement.
4. Tap the enter key. If you want to study the script file, change the ".bat" extension back to a ".txt" extension and view it in your default ".txt" editor by just double clicking on the file. If you don't want to study it to learn something, just right click on the file and delete it.
Congratulations. The blocking hosts file is now gone. I must say that I finally commented out the host named ad.doubleclick.net in the hosts file because it is the one host the few web sites that are left that demand you not block ad pushers to use their web site use. My take on that is that I don't go to them if they insist it be allowed. I block it for myself. But blocking ads is number four on my priority list. But the DoubleClick service does much more than just deliver ads. It also tracks you.
At this point NOTHING is being blocked. You could stop here if you want to. If you do not want Homer running look at the next step and if you want it all gone then see the Mopping Up step.
WARNING! Do not remove Homer which is a pseudo web server if you have either the blocking hosts file or PAC filter blocking enabled. Homer is used to answer the redirected requests by replacing images with a 1x1 clear GIF image, and almost everything with a do nothing response.
1. Go to this URL in your browser:
See the instructions for how you download the OrgHosts.bat script file (first in Remove Blocking Hosts File) and do the same thing here.
2. Rename the "NoHomer.txt" file to be named "NoHomer.bat". See the instructions on how to do that in number two of the Remove Blocking Hosts File.
3. Double click on the NoHomer.bat file. At the end you should see three long sentences ending in "Press Enter to Exit."
4. Right click on the NoHomer.bat file and select delete.
At this point you should really have no adverse affects from having the filters at all. However there are some registry entries that are left and some files you may want to delete. So lets do them so you have reversed everything you can to a reasonable degreee. First lets clean up the registry even though what is left should cause no adverse effects. But be sure you do this only after you have deactivated the PAC filter for every user on the computer and removed the blocking hosts file.
1. Go to this URL in your browser:
Save the "AllIEUsersUndo.txt" file just like you did for OrgHosts.txt and NoHomer.txt files with one significant exception. You want to change the extension from ".txt" to ".reg" so that you have a file named "AllIEUsersUndo.reg" on your Desktop.
2. Double click on the AllIEUsersUndo.reg file. Some of the entries here were what made it possible to use the PAC filter. Once they are gone even if you try to reactivate the Internet Settings, it will no longer work. You would have to download the install package and double click on the AllIEUsers.reg file again to be able to turn the PAC filtering back on in Internet Settings and have it do something.
3. If you are the only user on the system that was set up to use the PAC filter in Internet Settings then you are all done with the registry removals. If other users are also using it you will need to back up and repeat the deactivation of the PAC filter for each of them. Once that is done you go to this URL in your browser:
You can save the file to their Desktop or alternatively save it to the All Users Desktop, being careful to rename the "EachIEUserUndo.txt" file to be "EachIEUserUndo.reg". You double click on it for each isers just like you did for all of the other files.
At this point you may ask why I didn't do this to deactivate the PAC filter in the Internet Settings in the first place? There are two reasons. First, that setting has a pair of settings to achieve it in two separate registry hives. I can easily delete the one in the HKEY_CURRENT_USER hive but that does nothing unless you also delete the one in the HKEY_USERS hive and that one is a little difficult to impossible for me to delete with a simple script. The second reason is to make sure it really got done. It is best to have the human do that to make sure it really got done.
4. You will probably want to delete the files even though they take up no space. I stored the files in these two folders:
Usually that is:
I would like to just use deltree, but you have to install deltree before you can use it. So you will have to delete these manually if you want to get rid of them. They take up almost no space and like I said, they are no longer being used. You have all the time in the world to delete them. The pressure is officially off.
Happy Trails To You:
I hope you have a happy, safe, filter-less browsing experience and that your machine doesn't get infected.