New Update uMatrix SOFT third-party blockmode with whitelist to allow some TLD's

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Why a seperate thread?

I got a few questions in the uB0 thread settings about uMatrix. Posting about two different extensions (although both written by same developer) causes confusion. Therefore I will repost the uMatrix related post in this thread.

What is the idea behind this uMatrix configuration?

In the default configuration uMtarix uses a ' soft' third-party sources block. Gorhill calls it soft, because third-party images and stylesheets are allowed in the default rules configuration. The benefit of blocking third-party sources is that it reduces the risk of malware infection and at the same time blocks 90% of the trackers (so good for privacy also). The problem with blocking all third party scripts, (i)frames and xmlHttprequests (XHR) that functionality on most websites is broken. That is why the uMatrix wiki also contains a ALLOW ALL how to.

As published by phishtank and some DNS services some TLD's and country code have a high percentage of malware (see post). When Google Chrome was launched some smart power users started to post how to block scripts in general, allowing only a few Top Level Domains to execute scripts (block scripts by default and allow for example all domains with TLD is COM, NET, INF, ORG, GOV and a few country codes like DK is for Denmark). This whitelist on some general Top Level Domains (COM, ORG, GOV) and a few country code's makes sense since most of us only speak one or two languages.

This idea used on Google Chrome is used for the uMtarix setup "Soft third-party blockmode with whitelist to allow some TLD's" . Benefit of using uMatrix is that you apply it on other (non-chromium based) browsers also and that umatrix also block XHR (XMLHTTPRequests) and (i)frames besides scripts.

IN the Netherlands I was thought French, German and English. Because I used English and German for work, I forgot most French and only read (besides Dutch) German and English sources. So you won't find websites from France or China, North Korea, Russia and Ukraine in my bookmarks. When I normally don't visit these websites, I just as well can block those country codes in uMtarix. Since uMtraix has a default deny, in stead of blocking I am whitelisting the TLD's I use to visit.

ALLOW SOME THIRD-PARTY RULE SET.

Bottom line: this is not as safe as a BLOCK ALL third-party, but is safer that a ALLOW ALL. The setup is a cross-over of the SOFT THIRD-PARTY block and ALLOW ALL (when you replace the NL country code with the country code of the country you live in and websites publishing content in a foreign language you speak. It is probably more beneficial to users who add an ALLOW ALL for websites often.

View attachment 216080


Check whether 3rd-party TLD whitelist is working


When I surf to CNN.com and use the above ruleset I can see that CNN.IO is blocked (other com, net are allowed when not blocked by my assets).View attachment 216089


-------------------------


Converted the W3techs.com most used ad & trackers in top 10 million websites (it are actually only 175 :giggle: ) to uMatrix rules. Just download and open the text file and copy them into My Rules. I now run uMatrix without any blocklist assets.

Upside of using default blocklists us that the My Rules section remains clear and uncluttered.There is NO memory or CPU advantage in further reducing blocklist from 50K to (Peter Low, MVPS, Adguard DNS and Easylist Host) to only top 175 most used ads and trackers worldwide of Alexa top 10 million websites (derived from W3techs.com)
 

Attachments

  • W3techs_Ads_Trackers_uMatrix..txt
    4.3 KB · Views: 740
Last edited by a moderator:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
uMatrix does not has the option to addblockplus rules, so the block third-party on of HTTP://* websites is not possible. When you are on a chromium browser you can however set Scripts to block in site permissions and allow HTTPS://*

View attachment 215528

I tried the latest stable and discovered that it is possible to add Top Level Domain allow rules. So when using these TLD allow rules it is possiible to add a SOFT-third-party blocking setup. Here is what I have done:

1. Tweaked the Assets to trim down the number of rules: allowed two of the defaults and added two using filters.com
- MVPS Hosts
- Peter Low's
- Easylist Host
- Adguard DNS Host


2. Added Top Level Domain Exceptions for COM, ORG, NET and NL (Netherlands) in My Ryles and slightly changed the default hard-block-third-party rules (added allow media, removed block all of Frames)

View attachment 215526

3. Checked whether it worked on CNN (it should block CNN.IO which you have to enable to play movies):
View attachment 215527
Thanks for trying it out on uMatrix. I added allow media which is gonna come out handy. But is it really necessary on uMatrix to add com, net, org, etc? Doesn't it already allow those and all first parties by default?
eg:

mat.png
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
The hard third-party block, only allows FIRST party and ALL stylesheets and images. It blocks all frames and at the same time allows first party frames seperately (????????) and blocks ALL third-party.

The soft third-party block as I showed you, Allows FIRST party and ALL stylesheets, image and media AND allows third party from the Top Level Domains, so Yes it is essential (otherwise ALL third-party would be blocked, now ORG, NET, COM Top Level Domain third-party is allowed).
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Update on uMatrix in soft 3rd-party blocking mode: I like uMatrix' interface over uBlock's and also the more granular control of the ' dynamic' rules. What I miss in uMatrix is this option (link) and the more granular control of the ' static' AdBlockPlus rules to only a block a specific first-party script, or frame (with uMatrix I found no way to block the advertisements on Google ot Startpage results page).

I also wonder why the privacy options of uBlock and uMatrix are not the same. Normally programmers like to re-use code and apply same code or simular functionality, but Mr Hill will have his reasons for this irregularity (hope I am using the correct English word for it).

Strange user experience: although uBlock offers me more functionality, uMatrix (specifically allowing something) feels easier to use manage, so i decided to keep uMatrix on Edge-chromium use uBlock on old Edge.
 
Last edited:

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Update on uMatrix in soft 3rd-party blocking mode: I like uMatrix' interface over uBlock's and also the more granular control of the ' dynamic' rules. What I miss in uMatrix is this option (link) and the more granular control of the ' static' AdBlockPlus rules to only a block a specific first-party script, or frame (with uMatrix I found no way to block the advertisements on Google ot Startpage results page).

I also wonder why the privacy options of uBlock and uMatrix are not the same. Normally programmers like to re-use code and apply same code or simular functionality, but Mr Hill will have his reasons for this irregularity (hope I am using the correct English word for it).

Strange user experience: although uBlock offers me more functionality, uMatrix (specifically allowing something) feels easier to use manage, so i decided to keep uMatrix on Edge-chromium use uBlock on old Edge.
I knew this day would come.
Why are you using old Edge and what are you using it for?
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Why a seperate thread?

I got a few questions in the uB0 thread settings about uMatrix. Posting about two different extensions (although both written by same developer) causes confusion. Therefore I will repost the uMatrix related post in this thread.

What is the idea behind this uMatrix configuration?

In the default configuration uMtarix uses a ' soft' third-party sources block. Gorhill calls it soft, because third-party images and stylesheets are allowed in the default rules configuration. The benefit of blocking third-party sources is that it reduces the risk of malware infection and at the same time blocks 90% of the trackers (so good for privacy also). The problem with blocking all third party scripts, (i)frames and xmlHttprequests (XHR) that functionality on most websites is broken. That is why the uMatrix wiki also contains a ALLOW ALL how to.

As published by phishtank and some DNS services some TLD's and country code have a high percentage of malware (see post). When Google Chrome was launched some smart power users started to post how to block scripts in general, allowing only a few Top Level Domains to execute scripts (block scripts by default and allow for example all domains with TLD is COM, NET, INF, ORG, GOV and a few country codes like DK is for Denmark). This whitelist on some general Top Level Domains (COM, ORG, GOV) and a few country code's makes sense since most of us only speak one or two languages.

This idea used on Google Chrome is used for the uMtarix setup "Soft third-party blockmode with whitelist to allow some TLD's" . Benefit of using uMatrix is that you apply it on other (non-chromium based) browsers also and that umatrix also block XHR (XMLHTTPRequests) and (i)frames besides scripts.

IN the Netherlands I was thought French, German and English. Because I used English and German for work, I forgot most French and only read (besides Dutch) German and English sources. So you won't find websites from France or China, North Korea, Russia and Ukraine in my bookmarks. When I normally don't visit these websites, I just as well can block those country codes in uMtarix. Since uMtraix has a default deny, in stead of blocking I am whitelisting the TLD's I use to visit.

ALLOW SOME THIRD-PARTY RULE SET.

Bottom line: this is not as safe as a BLOCK ALL third-party, but is safer that a ALLOW ALL. The setup is a cross-over of the SOFT THIRD-PARTY block and ALLOW ALL (when you replace the NL country code with the country code of the country you live in and websites publishing content in a foreign language you speak. It is probably more beneficial to users who add an ALLOW ALL for websites often.

216080



Check whether 3rd-party TLD whitelist is working


When I surf to CNN.com and use the above ruleset I can see that CNN.IO is blocked (other com, net are allowed when not blocked by my assets).
1562089223784.png
 
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Being a fan of minimal blocklist I often add Steven Black's hostlist to uMatrix and disable others. When I posted this thread, I could not find the correct URL (the one I found through searching with Google gave errors when I added it), I found it in old post of @Evjl's Rain (remembered he suggested that blacklist to me for its efficiency).

Just click on import and copy this text into the text box (replace hXXps with https): hXXps://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

1563462892341.png
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
My girlfriend is in town shopping to use some coupons to buy clothes and shoes. I did not mind, watched Ireland - Samoa. So now I am killing time and playing with my Manaro Linix setup :) replaced Privacy Badger with uMatrix, using this great thread.

I disabled all assets and enabled Stephan Black's host file (link) because @Evjl's Rain and W_S are very positive about it and implemented these My Rules using Windows_Security guidelines (W_S does not seem to post anymore).
 

Attachments

  • 1570890670026.png
    1570890670026.png
    57.5 KB · Views: 359
  • mijn-umatrix-back-up.txt
    3.7 KB · Views: 406
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Both blocklists based on the W3Ctech surveys of most used software and service frameworks for the internet are updated
raw hostnet: https://raw.githubusercontent.com/K...d_survey_blocklist/master/w3tech_hostfile.txt

I am using uMatrix with only this small but effective blocklist and these My Rules
___
matrix-off: about-scheme true
matrix-off: chrome-scheme true
noscript-spoof: * true
* * * block
* * css allow
* * image allow
* * media allow
* 1st-party * allow
* com * allow
* inf * allow
* net * allow
* nl * allow
* org * allow

___

This setup allows:
1. All (first and third-party) CSS stylesheets, images and media
2. All first party
3. Some third-party Top Level Domains: COM, INF, NET, ORG and Country Domain: NL (Netherlands)

Reason for using uMatrix over uBlockOrigin:
a) I have enabled "Delete blocked cookies" and "Delete blocked local storage content" (which is a functionality bonus of uMatrix)
b) uMatrix uses less CPU and simply is faster (with a 10 year old laptop every CPU clock cycle counts :) )
c) uMatrix provides more info for a tech-nerd like me (y)
 
Last edited:

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Steven Black has some false positive which don't get fixed as the Dev doesn't care about legit domains
It's fine in some cases but not for all.

Just a info for other user's here.
but still great blacklist especially for phishing attack i import their updated host file periodically each week in Emsisoft
also the list from Phishing Army | The Blocklist to filter Phishing! is good thanks to @Sampei Nihira
the cool thing that it blocks also telemetry from certain programs such MBAM
1583666037999.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top