View Full Version : block lists - size?
SirDracula
2007-11-13, 01:28
Are the block lists kept clean of obsolete sites? I would think that once a spyware site is well known and it gets blacklisted everywhere it's taken down as it's no longer effective. Are such sites/domain ever removed from Spybot's block lists?
I wonder how many of the 7000+ entries are obsolete and have domains that are no longer registered.
Hmmm...
Good point, smaller file might speed up a few things... will talk to Warhawk about linking the list to some of our domain watching tools :)
SirDracula
2007-11-13, 20:13
The main problem that I have is with Firefox, it takes forever to open its allow/block list just because of the size of the list (Tools > Options > Privacy > Exceptions *and* Tools > Options > Security > Exceptions)
Same problem with Spywareblaster for example, it takes a while to start up and check what's immunized in Firefox because it has a hard time with the big block list in Firefox.
I also read that a big list in the hosts file has some issues on Windows.
This has not been the case with Spybot 1.4, this is a regression in 1.5 that should be addressed.
That's because 1.4 didn't have Firefox immunization, and hosts file blocking was hidden in advanced mode. So Firefox immunization is new - upon heavy protests that it wasn't supported, and the other thing is just better available ;)
What would be even better (in addition to reducing the list size) would be if Firefox would use a better string matching algorithm there. I could imagine that some AC trees would speed up comparison to the blacklist a lot, making the delay unnoticable. Wish I had the time to dig through the Firefox sources, locate where these lists are applied, and find out what kind of matching algorithm they use :)
pudelein
2007-11-13, 22:18
There has been a lot of discussion of SSD's immunization of Firefox. The bottom line, in my view, at least, is this: almost all of the sites listed in the Firefox immunization lists (installations, images, popups) are redundant, since the sites are also listed in the Hosts table. My approach is simply to omit all Firefox immunizations except the "cookies" ones. This completely solves the slow response of Firefox to the enormous tables and, so I believe anyway, does not reduce securtiy one whit,
SirDracula
2007-11-13, 22:20
Can Windows XP Pro handle the long block list for the hosts file? I read that there are problems with hosts files that have thousands of entries.
Also, the hosts file is effective to block against domains, but not against URL's that use the IP address directly.
That depends on the environment you use XP Pro in (or any NT based Windows imho), it depends on whether your machine is part of a domain or not and whether the DNS client service is running or not.
Btw, just came around one argument against removing entries when they're no longer active: other security software might think that removing malware hosts from block lists is a malicious act in itself...
We need to find a logical reaction to that (informing the user clearly about the reason whenever entries are undone, or something like that).