Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Web Extensions
uMatrix SOFT third-party blockmode with whitelist to allow some TLD's
Message
<blockquote data-quote="Windows_Security" data-source="post: 821706" data-attributes="member: 50782"><p><strong>Why a seperate thread?</strong></p><p></p><p>I got a few questions in the uB0 thread settings about uMatrix. Posting about two different extensions (although both written by same developer) causes confusion. Therefore I will repost the uMatrix related post in this thread.</p><p></p><p><strong>What is the idea behind this uMatrix configuration?</strong></p><p></p><p>In the <a href="https://github.com/gorhill/uMatrix/wiki/Default-ruleset-at-installation" target="_blank">default configuration</a> uMtarix uses a ' soft' third-party sources block. Gorhill calls it soft, because third-party images and stylesheets are allowed in the default rules configuration. The benefit of blocking third-party sources is that it reduces the risk of malware infection and at the same time blocks 90% of the trackers (so good for privacy also). The problem with blocking all third party scripts, (i)frames and xmlHttprequests (XHR) that functionality on most websites is broken. That is why the uMatrix wiki also contains a <a href="https://github.com/gorhill/uMatrix/wiki/How-to-%22allow-all%22-in-uMatrix" target="_blank">ALLOW ALL</a> how to.</p><p></p><p>As published by phishtank and some DNS services some TLD's and country code have a high percentage of malware (<a href="https://krebsonsecurity.com/tag/top-20-shady-top-level-domains/" target="_blank">see post</a>). When Google Chrome was launched some smart power users started to post how to block scripts in general, allowing only a few Top Level Domains to execute scripts (block scripts by default and allow for example all domains with TLD is COM, NET, INF, ORG, GOV and a few country codes like DK is for Denmark). This whitelist on some general Top Level Domains (COM, ORG, GOV) and a few country code's makes sense since most of us only speak one or two languages.</p><p></p><p>This idea used on Google Chrome is used for the uMtarix setup "Soft third-party blockmode with whitelist to allow some TLD's" . Benefit of using uMatrix is that you apply it on other (non-chromium based) browsers also and that umatrix also block XHR (XMLHTTPRequests) and (i)frames besides scripts.</p><p></p><p>IN the Netherlands I was thought French, German and English. Because I used English and German for work, I forgot most French and only read (besides Dutch) German and English sources. So you won't find websites from France or China, North Korea, Russia and Ukraine in my bookmarks. When I normally don't visit these websites, I just as well can block those country codes in uMtarix. Since uMtraix has a default deny, in stead of blocking I am whitelisting the TLD's I use to visit.</p><p></p><p><strong>ALLOW SOME THIRD-PARTY RULE SET.</strong></p><p><strong></strong></p><p><strong>Bottom line: this is not as safe as a BLOCK ALL third-party, but is safer that a ALLOW ALL. The setup is a cross-over of the SOFT THIRD-PARTY block and ALLOW ALL (when you replace the NL country code with the country code of the country you live in and websites publishing content in a foreign language you speak. It is probably more beneficial to users who add an ALLOW ALL for websites often. </strong></p><p><strong></strong></p><p><strong>[ATTACH=full]216080[/ATTACH]</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Check whether 3rd-party TLD whitelist is working</strong></p><p></p><p>When I surf to CNN.com and use the above ruleset I can see that CNN.IO is blocked (other com, net are allowed when not blocked by my assets).[ATTACH=full]216089[/ATTACH]</p><p></p><p></p><p>-------------------------</p><p></p><p></p><p>Converted the W3techs.com most used ad & trackers in top 10 million websites (it are actually only 175 <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite135" alt=":giggle:" title="Giggle :giggle:" loading="lazy" data-shortname=":giggle:" /> ) to uMatrix rules. Just download and open the text file and copy them into My Rules. I now run uMatrix without any blocklist assets.</p><p></p><p>Upside of using default blocklists us that the My Rules section remains clear and uncluttered.There is NO memory or CPU advantage in further reducing blocklist from 50K to (Peter Low, MVPS, Adguard DNS and Easylist Host) to only top 175 most used ads and trackers worldwide of Alexa top 10 million websites (derived from W3techs.com)</p></blockquote><p></p>
[QUOTE="Windows_Security, post: 821706, member: 50782"] [B]Why a seperate thread?[/B] I got a few questions in the uB0 thread settings about uMatrix. Posting about two different extensions (although both written by same developer) causes confusion. Therefore I will repost the uMatrix related post in this thread. [B]What is the idea behind this uMatrix configuration?[/B] In the [URL='https://github.com/gorhill/uMatrix/wiki/Default-ruleset-at-installation']default configuration[/URL] uMtarix uses a ' soft' third-party sources block. Gorhill calls it soft, because third-party images and stylesheets are allowed in the default rules configuration. The benefit of blocking third-party sources is that it reduces the risk of malware infection and at the same time blocks 90% of the trackers (so good for privacy also). The problem with blocking all third party scripts, (i)frames and xmlHttprequests (XHR) that functionality on most websites is broken. That is why the uMatrix wiki also contains a [URL='https://github.com/gorhill/uMatrix/wiki/How-to-%22allow-all%22-in-uMatrix']ALLOW ALL[/URL] how to. As published by phishtank and some DNS services some TLD's and country code have a high percentage of malware ([URL='https://krebsonsecurity.com/tag/top-20-shady-top-level-domains/']see post[/URL]). When Google Chrome was launched some smart power users started to post how to block scripts in general, allowing only a few Top Level Domains to execute scripts (block scripts by default and allow for example all domains with TLD is COM, NET, INF, ORG, GOV and a few country codes like DK is for Denmark). This whitelist on some general Top Level Domains (COM, ORG, GOV) and a few country code's makes sense since most of us only speak one or two languages. This idea used on Google Chrome is used for the uMtarix setup "Soft third-party blockmode with whitelist to allow some TLD's" . Benefit of using uMatrix is that you apply it on other (non-chromium based) browsers also and that umatrix also block XHR (XMLHTTPRequests) and (i)frames besides scripts. IN the Netherlands I was thought French, German and English. Because I used English and German for work, I forgot most French and only read (besides Dutch) German and English sources. So you won't find websites from France or China, North Korea, Russia and Ukraine in my bookmarks. When I normally don't visit these websites, I just as well can block those country codes in uMtarix. Since uMtraix has a default deny, in stead of blocking I am whitelisting the TLD's I use to visit. [B]ALLOW SOME THIRD-PARTY RULE SET. Bottom line: this is not as safe as a BLOCK ALL third-party, but is safer that a ALLOW ALL. The setup is a cross-over of the SOFT THIRD-PARTY block and ALLOW ALL (when you replace the NL country code with the country code of the country you live in and websites publishing content in a foreign language you speak. It is probably more beneficial to users who add an ALLOW ALL for websites often. [ATTACH type="full" alt="216080"]216080[/ATTACH] Check whether 3rd-party TLD whitelist is working[/B] When I surf to CNN.com and use the above ruleset I can see that CNN.IO is blocked (other com, net are allowed when not blocked by my assets).[ATTACH type="full" alt="1562089223784.png"]216089[/ATTACH] ------------------------- Converted the W3techs.com most used ad & trackers in top 10 million websites (it are actually only 175 :giggle: ) to uMatrix rules. Just download and open the text file and copy them into My Rules. I now run uMatrix without any blocklist assets. Upside of using default blocklists us that the My Rules section remains clear and uncluttered.There is NO memory or CPU advantage in further reducing blocklist from 50K to (Peter Low, MVPS, Adguard DNS and Easylist Host) to only top 175 most used ads and trackers worldwide of Alexa top 10 million websites (derived from W3techs.com) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
