Insert Real Name

Surf protection hosts file improvements

Recommended Posts

I use EAM Surf Protection's Host File Import feature to load the malware hosts list at http://hosts-file.net/?s=Download and the updates at http://hosts-file.net/hphosts-partial.asp These comprise roughly >800,000 host names, and EAM does actually load them without too great a delay. And if I choose randomly a few hosts in that huge list that are not already in the built-in list, EAM does intercept the DNS query and neutralize it.

However, when I use the shortcut "Host rules" in EAM's taskbar menu, the EAM Hosts rules window is extremely slow in opening, and visible feedback in typing any text in the search field of that window is also extremely slow. Likewise changing the rule for any individual listed host is very slow--such a large list occasionally blocks hosts that are necessary for correct page display.

I realize a list of 800,000 hosts was probably not in your specification for the Surf Protection feature, but it *is* very effective: on the rare occasion when I use the MS IE 11 browser on my Windows 7 SP1 x64 laptop (Sandy Bridge i7 processor, so relatively fast), the ad and tracker blocking is almost as good as when I use my regular browser with the uBlock Origin add-on, both in terms of speeding up web page display and eliminating distractions, a.k.a. advertisements.

Can you change the internals of this feature so it uses a more efficient data structure to accommodate very large user-added host lists, with improved lookup and management response? Perhaps also to reduce the memory footprint of a2service.exe (~400MB physical memory private working set, ~500MB private bytes virtual memory)?

Share this post


Link to post
Share on other sites

Sorry for the delay in timing the appearance of the normal bar cursor in the search field of the Surf Protection panel when started from "Host rules" in EAM's taskbar menu.

With the 850,000 hosts added by the files described above in the EAM hosts list (no way of finding out how many duplicated the built-in list), it takes roughly ~40 sec for the hour-glass cursor to disappear and the text bar cursor to start blinking normally; each character typed takes roughly ~5 sec to appear while the list of hosts below the search field is sorted to include just the characters typed.

Subsequent use of the menu short cut and the list-box sorting are much much faster (but this may be just in memory caching and not any indication of efficiency).

Anyway, I hope it can be made more efficient, I find the feature useful to completely remove all advertising nonsense from webpages in every browser on my system. (To say nothing about the malware or tracking protection.)

Share this post


Link to post
Share on other sites

I think this has to do with the way the Host Rules are read from the memory of a2service.exe by a2start.exe so that they can be displayed in the UI. It can take some time to load all of that data and process it.

I'll let our QA team know about this in case there's anything we can do to speed it up.

Share this post


Link to post
Share on other sites

Ask your developers to experiment if there's some way for the host rules to be proccessed into a highly efficient in-memory search data structure for the host matching functions of a2service.exe and, at the same time, be directly shared with the UI process and efficiently traversed to build thehost  list and search it.

Share this post


Link to post
Share on other sites

Sounds interesting. Is there a 'howto' somewhere on how to use it ?

I use Spywareblaster for 'bad' sites in IE 11 and Malwarebytes which has a 'bad' list.

Share this post


Link to post
Share on other sites
6 hours ago, Ken1943 said:

Sounds interesting. Is there a 'howto' somewhere on how to use it ?

You mean the HOSTS file import function?

Open Emsisoft Anti-Malware, click on Protection, click on Surf Protection in the lower of the two menus at the top, and click on the Import hosts file button near the lower-left. Use the "..." button to select a hosts file, select an Implemented action, and then click the Add button to add the new rules (you may need to highlight which rules you would like to add in the list before clicking the Add button).

Share this post


Link to post
Share on other sites

I have read about a large host file causing problems in the past so never used the posted lists floating around.

The very large ones may be over kill as many sites will never even be tried by most people. The only problem I

can see is misdirects, referrers ? not sure of the word, which I know nothing about.

Share this post


Link to post
Share on other sites
21 hours ago, Ken1943 said:

The very large ones may be over kill as many sites will never even be tried by most people.

They're also overkill because there's a lot of hosts in those lists that we wouldn't add to our Host Rules (either because they no longer need to be blocked, or didn't fit our criteria for being blocked).

Share this post


Link to post
Share on other sites
19 hours ago, GT500 said:

They're also overkill because there's a lot of hosts in those lists that we wouldn't add to our Host Rules (either because they no longer need to be blocked, or didn't fit our criteria for being blocked).

Quite true! I only used the full HPhosts list because I did not want to do the necessary work to collate narrowly focused lists that just focus on tracking/advertising domains, in addition to the malware domains list already used and updated in EAM. As you say, there are a lot of dead or completely obscure malware domains on that list, and in any case, blocking tracking/advertising domains is not part of EAM's function and too easily disables legitimate websites.

Now I'm (mis)using the 2 lists at https://github.com/notracking/hosts-blocklists They are meant to be used with the Unix DNSmasq program, so need to be edited with regular expressions to isolate the domain names, but the combined and sorted list is just over 100K domains, much more reasonable than the HPHosts list. I load the list with "Block and Notify" settings, so that I can easily unblock anything that breaks a website.

These seem to be regularly updated and only deal with malware/tracking/advertising domains. I've not seen much site breakage, and the removal of advertising is effective.

And the existing Surf Protection list processing and search functions work efficiently with an added list of ~100K domains.

I also use an ad-blocking extension in my browser in order to control cross-site requests, but blocking these domains at the DNS level is doing something like 80% of the work the ad-blocker normally does.

People may wonder, why go to all this trouble? It's because the big Internet companies (Google & Co.) are obsessed with building profiles of their users by tracking their activities across the Internet, and they make it very difficult to determine how much of this profiling is directly connected to your known identity and to what other commercial parties (e.g. analytics and data brokers) your data may be communicated, as well as the actual profile data that is distributed.

If you value privacy, you might want to block such activity (and I'm an old dinosaur who uses the least social media possible anyway...).

Share this post


Link to post
Share on other sites

uBlock Origin with the addition of Fanboy's Annoyance List (optional in uBlock Origin's settings), or Fanboy's Ultimate List in place of EasyList (which is a combination of EasyList and Fanboy's additional block lists), is usually enough to stop most tracking and advertising, although obviously there is no uBlock Origin for Internet Explorer.

DNS filtering usually only goes so far, because a lot of sites prefer to load scripts/images/etc. from domains/subdomains that they also load legitimate content from, and thus (as you already noted about the tracking blocking in our Surf Protection) it has a tendency to break websites.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.