AD
BLOCKING W/O THIRD PARTY SOFTWARE
Soda_Popinsky has
very kindly allowed this tutorial of his to be hosted on the TAZ.
You can find the original post here:
http://www.antionline.com/showthread.php?s=&threadid=258919
Ad Blocking without Third Party Software
Summary:
Hardening IE to prevent users
from downloading malicious material from untrusted sites, while
blocking pop ups and ads as well.
What this will do is configure
Internet Internet Explorer to allow
scripts and such to run on certain, trusted sites. This benefits the
work enviroment to prevent users from visiting and downloading
malicious material onto their computers, but allows them to use company
web applications that require scripts.
1. Open Internet Explorer ->
Tools -> Click the Security Tab
You should see 4 security zones.
This is where you will outline the
policys regarding certain types of sites. The globe represents the
internet, and is where most of the action will happen.
2. Click the globe, press custom
level below.
You will see options to enable,
disable, or prompt to accept certain
types of scripts. These include .net components, activex, downloads, MS
virtual machine, Java, and javascripts.
Google definition of active x:
| Quote: |
| Set of platform independent technologies developed by Microsoft that enable software components to interact with one another in a networked environment, like the Internet. In addition to adding functionality within the browser (for example, by enabling Microsoft Word to be opened in a browser) Active X components can be exploited by malicious mobile code. |
Basically, it's through these scripts that brower hijacks and popups
are allowed. With these functions denied, pop ups and hijacks simply
don't work. Looking at the custom options for the internet, It's your
decision what you should allow and not allow. If your office is rampant
with spyware, then consider disabling a lot. If you don't want your
users to download anything at all, then you have the option to block
that as well. This should help slow things like kazaa from entering
your network.
If you were to leave the settings
as they are now, then your users
wouldn't be able to access the web applications with scripts to do
their jobs. If your company's site relies on java and flash, then you
need to allow that do run their scripts.
1. Click the trusted sites icon
(green icon with a check)
2. Click Custom level below
You will be in the same window as
before, but these settings won't
change the settings of the other zone. This zone represents sites you
trust, the last one represented the rest of the sites on the internet.
Change the settings accordingly to allow more functionality to the
sites your users need to use for their job. Warez and porn obviously
not included. Once this is done-
1. Click the sites button above
the custom level button
2. Uncheck the https:// option if necessary, and add the
URL's to the sites you trust.
If you work for Microsoft, then
add Microsoft.com. If you do
business with Amazon, then add Amazon.com to the list. Be sure to
include all the sites your users will need to use. The same process is
used for the intranet zone.
The Privacy Tab
In the internet options window,
navigate to the privacy tab. This
panel will allow you to adjust cookie handling for certain sites.
Adjusting the slider will give you information about each setting. You
can also click customize, and have it block all cookies. Under this
tab, there is an edit sites option. You can allow your trusted sites in
here as well, to accept cookies. Unfortunately, you have to add them
again manually, as they aren't imported from your other trusted sites.
Manual Ad Blocking
I don't think I recommend this
for office environments, but on an
individual basis, this helps. Open the host file for your Windows OS,
found in one of these places:
Win 98 or ME c:\windows
Windows 2K
c:\winnt\system32\drivers\etc
Windows XP
c:\windows\system32\drivers\etc
You will be editing a system file
here, so the obvious warnings apply. Open the "Hosts" file with
notepad. Mine looks like this:
| Code: |
| # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost |
What this file does is associate a
word with an IP. When you type http://localhost in your browser, it redirects it to
your local address, "127.0.0.1".
if you added the entry:
| Code: |
| 63.146.109.212 antionline |
Then by typing http://antionline in your browser would lead you to
antionline.com (63.146.109.212).
This file can be used to redirect
ads. These entries
| Code: |
| 127.0.0.1
63.236.18.118 127.0.0.1 mjxads.internet.com |
Will block the ads on
Antionline.com. mjxads.internet.com is the home
of the flash ads, and the IP is for the gif ads that replace them if
scripting is disabled. The Ads are redirected to 127.0.0.1, and never
appear in the browser. You can handle ad servers on a case by case
basis, adding them to the host file. Some anti-spyware software looks
at the host file, so I would be careful when running it, and adding
entries to the host file. When you see this file, you might see some
entrys that have been added by spyware as well. Remember, this is a
system file, so the obvious warnings apply when editing it.
All suggestions, complaints and
whatever are welcome.
Original Tutorial
Submitted by
Nokia for TheTAZZone-TAZForum
Originally posted on March 6th, 2006 here
Do not use, republish, in whole or in part, without the consent of
the Author. TheTAZZone policy is that Authors retain the rights to the
work they submit and/or post...we do not sell, publish, transmit, or
have the right to give permission for such...TheTAZZone merely retains
the right to use, retain, and publish submitted work within it's
Network.