Serious Discussion uBlock Origin Lite - General Discussions

[Sampei.Nihira]

Ghostery allows for updates in Chrome with MV3 and if I'm not mistaken, Ad Guard filters are now also updated.

Only custom filter lists in AG can be updated more frequently, regardless of whether the extension is updated.
However, it should be noted that the entire AG extension is usually updated more frequently than uBoL.

 

[Marko :)]

Ghostery allows for updates in Chrome with MV3 and if I'm not mistaken, Ad Guard filters are now also updated.

Ghostery updates tiny list of trackers; it can't update entire filter list set. Same story with AdGuard.

u-RraaLL (a Gorhill collaborator) and I use uBo + uBoL together, although for different reasons.

The goal is to improve the extension,that is, to fix bugs and add new features that are currently missing in this version of Firefox.

This still doesn't explain why does someone need to use uBOL on Firefox when uBO does everything and more. uBO is in fact enhanced version of uBOL. Beside, using two ad blockers as the same time is terrible idea.

 

[Sampei.Nihira]

Ghostery updates tiny list of trackers; it can't update entire filter list set. Same story with AdGuard.

This still doesn't explain why does someone need to use uBOL on Firefox when uBO does everything and more. uBO is in fact enhanced version of uBOL. Beside, using two ad blockers as the same time is terrible idea.

Yes, it's a terrible idea for everyone.
But I'm using uBoL for a specific purpose in a way that doesn't cause any conflicts.

 

[Sampei.Nihira]

It is interesting to note that uBoL for Chromium has been stuck at version 2026.507.2008 since May 8.
The filter lists have been out of date for 18 days.

 

[Marko :)]

It is interesting to note that uBoL for Chromium has been stuck at version 2026.507.2008 since May 8.
The filter lists have been out of date for 18 days.

That's nothing. Expect even more delays soon, because it's Google that gives green light and publishes updates to the Chrome Web Store. Gorhill just submits update to them, but they are the ones that decide whether they'll release it or not and when.

Quick reminder: sole reason why Google killed MV2 was because it's was used by ad blockers which hurt their business model.

 

[Sampei.Nihira]

That's nothing. Expect even more delays soon, because it's Google that gives green light and publishes updates to the Chrome Web Store. Gorhill just submits update to them, but they are the ones that decide whether they'll release it or not and when.

Quick reminder: sole reason why Google killed MV2 was because it's was used by ad blockers which hurt their business model.

Personally, I don't care, since I use uBoL with all filter lists disabled.
Just DNR rules + 3 cosmetic rules + a few exceptions in the filtering settings.

 

[LinuxFan58]

I had a conversation with ChatGPT on the effectiveness. of uBol's malware protection.

What strikes me is that in the answers facts (but theoretical edge cases) are mixed with discussions (e.g. on reddit and forums) leading to the often parroted opinion that uBoL also has a strong anti-malware and malvertising protection.

Because ChatGPT is very stubborn in mixing edge cases with opinions, I added the following context conditions

1. Yes uBol has real world value as malvertising protection, but so do AdGuard and AdBlock, so let's get the malvertising out the equation (all adblockes do) and not focus on the value of uBol, but on the added value of using the Malicious URL and badware filter in uBol (so only those 2 filters).
2. Most of the HTTP links on URL haus/Malicious URL filter are botnets and C&C servers. A DNS service with malware protection has way more sources (and updates them continuously), so let's assume I use a DNS service with malware protection
3. Modern browsers already block loading mixed content (HTTP content on HTTPS), which reduces the HTTP risk.
4. When you look at Github the update frequency of uBol is on average every two week, meaning the URL Haus and uBol badware list are on average a week old
5. Most HTTPS malware is short lived (e.g. 99% is taken down or cleaned up within 48 hours), so do your home work and take that in to account also

This was the response of ChatGPT.

Not happy enough with MARGINAL and INCIDENTAL security benefits, I pushed the discussion to the controversial statement that uBol has ZERO value when it comes to malware protection. ChatGPT pushed this back that blocking mixed content in browsers did not block all HTTP traffic, e.g. you can stil down load from a HTTP website, the many hxxp 123.456.7.8/i and /sh and /bin entries you can usually see on URL haus which are not all blocked by the build in download protection of your browser. But this software is directed to (linux based) servers, so what harm can they do on a Windows PC or a Linux desktop where you first have to enable the execute bit (on Linux desktop)?

To rule this out I added the following condition

• Okay I am getting bored about the edge cases (you are a stubborn AI), let's assume I add the following rule (as a DNR) in uBol
  ||HTTP://*$denyallow=IPadres of your router|your favourite insecure HTTP website
• Added five pages of most recent malware links of URL Haus, so ChatGPT could check how many HTTPS websites had the status on-line
• Reminded ChatGPT that this was a less than 5 minutes old list, while uBol with its low frequent filter updates uses an outdated version and (very important) uBol uses only the most recent (short) version with on average 5 to 6 thousend URL's (while DNS sources often have hundreds of thousends actual links).

This was the response of ChatGPT

Don't matter operationally (no practical value) is not zero but good enough for me

Because the lists are updated every 12 hours (see picture below), I dare to say that ChatGPT's first response (minimal value) is true for uBo and the second (no practical value) applies for uBol

 

[Nunzio_77]

I had a conversation with ChatGPT on the effectiveness. of uBol's malware protection.

What strikes me is that in the answers facts (but theoretical edge cases) are mixed with discussions (e.g. on reddit and forums) leading to the often parroted opinion that uBoL also has a strong anti-malware and malvertising protection.

Because ChatGPT is very stubborn in mixing edge cases with opinions, I added the following context conditions

1. Yes uBol has real world value as malvertising protection, but so do AdGuard and AdBlock, so let's get the malvertising out the equation (all adblockes do) and not focus on the value of uBol, but on the added value of using the Malicious URL and badware filter in uBol (so only those 2 filters).
2. Most of the HTTP links on URL haus/Malicious URL filter are botnets and C&C servers. A DNS service with malware protection has way more sources (and updates them continuously), so let's assume I use a DNS service with malware protection
3. Modern browsers already block loading mixed content (HTTP content on HTTPS), which reduces the HTTP risk.
4. When you look at Github the update frequency of uBol is on average every two week, meaning the URL Haus and uBol badware list are on average a week old
5. Most HTTPS malware is short lived (e.g. 99% is taken down or cleaned up within 48 hours), so do your home work and take that in to account also

This was the response of ChatGPT.
View attachment 297975
Not happy enough with MARGINAL and INCIDENTAL security benefits, I pushed the discussion to the controversial statement that uBol has ZERO value when it comes to malware protection. ChatGPT pushed this back that blocking mixed content in browsers did not block all HTTP traffic, e.g. you can stil down load from a HTTP website, the many hxxp 123.456.7.8/i and /sh and /bin entries you can usually see on URL haus which are not all blocked by the build in download protection of your browser. But this software is directed to (linux based) servers, so what harm can they do on a Windows PC or a Linux desktop where you first have to enable the execute bit (on Linux desktop)?

To rule this out I added the following condition

• Okay I am getting bored about the edge cases (you are a stubborn AI), let's assume I add the following rule (as a DNR) in uBol
  ||HTTP://*$denyallow=IPadres of your router|your favourite insecure HTTP website
• Added five pages of most recent malware links of URL Haus, so ChatGPT could check how many HTTPS websites had the status on-line
• Reminded ChatGPT that this was a less than 5 minutes old list, while uBol with its low frequent filter updates uses an outdated version and (very important) uBol uses only the most recent (short) version with on average 5 to 6 thousend URL's (while DNS sources often have hundreds of thousends actual links).

This was the response of ChatGPT
View attachment 297976

Don't matter operationally (no practical value) is not zero but good enough for me

Because the lists are updated every 12 hours (see picture below), I dare to say that ChatGPT's first response (minimal value) is true for uBo and the second (no practical value) applies for uBol

View attachment 297977

I in UBOL disable the protetcion vs malware adn phinshing. For this protection i use Bitdefender Traffic Light + UBOL (whit this list disable).
In UBO this list is important able.

 

[Sampei.Nihira]

If you run various tests in the URLHaus database using recent malware added to the Online Malicious URL Blocklist, it may happen, within a certain time frame, that the malware is not blocked.
This is despite the fact that URLHaus reports that the malware is blocked by OMUB.

The last time I calculated the percentage of HTTP vs. HTTPS malware in the URLHaus database, the figures were as follows:

https = 17.44%
http = 82.56%

If anyone would like to try their hand at today's calculation:

https://urlhaus.abuse.ch/downloads/text_online/

P.S.

As I write this, the figures I have are:

HTTPS malware = 35.51%
HTTP malware = 64.49%

 

[LinuxFan58]

I in UBOL disable the protetcion vs malware adn phinshing. For this protection i use Bitdefender Traffic Light + UBOL (whit this list disable).
In UBO this list is important able.

Yes, makes more sense to add TLBD or MBAM or Symantec BrowserGuard

 

[LinuxFan58]

If you run various tests in the URLHaus database using recent malware added to the Online Malicious URL Blocklist, it may happen, within a certain time frame, that the malware is not blocked.
This is despite the fact that URLHaus reports that the malware is blocked by OMUB.

The last time I calculated the percentage of HTTP vs. HTTPS malware in the URLHaus database, the figures were as follows:

https = 17.44%
http = 82.56%

If anyone would like to try their hand at today's calculation:

https://urlhaus.abuse.ch/downloads/text_online/

P.S.

As I write this, the figures I have are:

HTTPS malware = 35.51%
HTTP malware = 64.49%

On average it is less than 20 percent when you look at online (still alive) https links.

 

[Sampei.Nihira]

On average it is less than 20 percent when you look at online (still alive) https links.

When I did the calculation, those were the percentages,probably rounded up.
My list is available online and allows you to use your browser’s “find” function.
Just search for “https,” then determine the total number of “http” and “https” instances and calculate the partial percentages:



However, even if we assume an https percentage of 35%, with “always use https” enabled in the browser, we can conclude that the effectiveness of malware protection extensions is 0 in 65% of cases.

The potential impact of the remaining 35% is significantly reduced not only by DNS protection + browser antimalware protection + download-phase protection + any dynamic filtering + static filtering from the ad blocker used in the browser.

So what percentage remains after that?
I can’t quantify it; perhaps AI can solve this complex problem.

I hypothesize that the remaining percentage is so low that, in my case, I consider the use of dedicated anti-malware extensions unnecessary.

 

[LinuxFan58]

When I did the calculation, those were the percentages,probably rounded up.
My list is available online and allows you to use your browser’s “find” function.

I hypothesize that the remaining percentage is so low that, in my case, I consider the use of dedicated anti-malware extensions unnecessary.

I did take a look at URL haus and HTTPS is less than 20% (simply copied 100 latest malware URL's in a spreadsheet and sorted it) and only 2 were online (that is only 2%), so with DNS and SafeBrowsing API v5 (or Smartscreen) I also see no need for an AV-extension. (and de-installed Bitdefender Traffic Light )