spyware blaster can protect firefox better

Discussion in 'SpywareBlaster & Other Forum' started by Aerik, Dec 6, 2010.

Thread Status:
Not open for further replies.
  1. Aerik

    Aerik Registered Member

    Jun 24, 2007
    I'll paste a comment I made elsewhere that started out about spybot s&d, but it applies equally to spywareblaster.

    Spybot fan, eh? I have my complaints with it. Spybot could be way more effective in the way it does passive protection if it's programmers just realized two things.

    1) Writing a rule for livejasmin.com will cover all of it's subdomains. The number of rules they have to write could be slashed dramatically, even including my next idea.

    2) There are hidden options in this method of content blocking that firefox is capable of.

    When you make a per-site rule about images, cookies, or popups via tools > options, where is that setting stored? Easy. In a file called permissions.sqlite. What kind of file is that? It's just a text file with just enough additional architecture to form a simple table. Opening it in a raw text editor is a lot like opening an .rtf file in notepad. You need just a wee bit more capability to read indents & stuff. Before firefox 3, it was just a raw text file. You'd see lines like this

    Now there's just enough extra coding that it can be read in a table.

    "host" is just an indicator for starting a new rule.

    "cookie" is the request type you want to set.

    Then a # that I will explain, then the website you're setting this for.

    The numbers have explicit meanings. 0, 1, 2 :: Allow, Deny, Site.

    "Allow" means that the request is always allowed.

    "Deny" means the request is always denied.

    "Site" means that the request is only allowed from the same origin.

    The exception is for cookies, in which case the rules are allow, deny, and session.

    In the example ruleset above, cookies are allowed for livejasmin.com only for the current session.

    host images 2 reddit.com

    In this rule, images are allowed from reddit.com while the tab is on reddit.com, and other domains may not display/download images from reddit.com.

    What's interesting about firefox, is that you can actually make rules for 15 request types.

    cookie -- install -- image -- popup -- script

    document -- dtd -- object -- objectsub -- ping

    refresh -- stylesheet -- subdocument -- xbl -- xmlhttp

    Gee, that's an awful lot like all the things you can do with adblock plus, right? Naturally.

    Anyway, programs like Spybot S&D and SpywareBlaster could be much more effective if only they took the effort to write for one more request: document.

    This is a very powerful method for malware protection. It's as effective as the extension "blocksite," only it works on a per-domain basis. It's that simple. Not only can any window, including a popup, popunder, or iframe (subdocument) not make a connection to the domain indicated, but you also cannot save a file from that domain to your disk, including the act of installing an extension. It's the simplest thing anti-malware programmers could do to help mitigate the risk of receiving viruses, trojans, and worms from the browser.

    Luckily we have a firefox extension for editing the permissions and do this ourselves. In the case of this thread, make a rule for "livejasmin.com" and set document and popup to deny. And then set the domain generating the popup to deny popups as well. Done.


    Follow the thread I linked for more ways that the permissions.sqlite file can be used to secure the firefox browser. Using the TLD // IP methods I describe in the thread, I've made it so that even though I've only written explicit rules for a small fraction of all the domains spywareblaster wants me to, I'm fully protected, and it reads my firefox as "0 items disabled", as in, I'm fully protected.

    I know that spywareblaster actually works by editing the permissions.sqlite file. So everything I've written should be applicable. Easily. I'm only really asking that you trim down the list of domains, and use the 'document' attribute. That's it.
Thread Status:
Not open for further replies.