Site blocking by modifying WebShield.ini

[REDACTED]

I'm blocking a ton of malicious sites using the hosts file, but after doing this for over a decade I have finally stumbled on a program that actually needs the DNS Client service to be enabled. With a hosts file of 2.5MB this causes windows to take about 2 minutes extra to finish logging in.
So I remember Avast has a site blocking feature and after a bit of work I got everything from my hosts file in the right format for the WebShield.ini file. However Avast seems to only read a small part of it. It stops after maybe a few hundred and the last URL in the list in Avast is cut halfway through. The strange thing is I can still add more to the list using Avast and it will make the list in WebShield.ini longer, any new lines I add will just be put right after the part where that last URL got cut off. So then I didn't really hit a limit but it does still not read any further from the file unless they are manually added.
I deleted some URLs where it would stop just to make sure it's not simply stopping at something it can't read right, but it doesn't really make much of a difference so that's not it either.

I'm sure nobody expected site blocking to be used like this and it's not really an important issue to me, but I just thought it was interesting to see the list get cut off and wondered if there's anything more I could try.

[DavidR]

I don't believe it isn't that no one considered the mass blocking that you consider, but that it wasn't designed to cater for that.

There are some issues that you also need to consider; you can't include https addresses in the list as the web shield doesn't monitor https (secure encrypted) traffic, so it wouldn't block those. I'm guessing that there would be a performance hit during your browsing if the web shield was checking a massive list.

Malicious sites are also a constantly changing/moving target and you would have to constantly update your list. There are other tools that can be used, such as the AdBlockPlus add-on/plugin as it has Filter Lists that can be added, one such filters is the Malware Domains list. This is good in that you personally don't have to maintain the list.

[REDACTED]

I'm blocking a ton of malicious sites using the hosts file

Wow, 2.5 MB of hosts - that's huge.  But I'm sure very effective.

I use hosts as well.  In addition to some entries I have added, I append the MVPS hosts file, and they have an ongoing policy of maintenance removal of entries that are offline.  The file is only about 500 kb, and I rarely boot or log in (system is on 24/7).

The hosts file cuts deeper than Avast and goes well beyond the browser.  Hosts will even block code inside applications from resolving addresses to malicious sites (assuming they do it by name).  And David makes a good point about the https traffic.  I'd think twice about changing from using hosts to Webshield.ini.

Maybe your strategy should include trying to cull your hosts data to bring the file down to a manageable size, rather than to overwhelm Avast's service with such a big block of URLs.

-Noel

[REDACTED]

There is a link to Hostman on the mvps site. Hostman is great for updating manually or automatically. And you can trim down your list to just mvps hosts. HPhosts(Add and tracking...) is enormous. Don't use it.

Hostman now includes on the fly disable/enable DNS client. So run HM then Tools>DNS Client service for the application that needs it disabled. You may need to flush DNS cache first. Not sure.

I don't know how it would work. Or Not. Because HOSTS is normally loaded by Windows on bootup and stays there. Tweaking DNS client back and forth is something I haven't tried, but it is definitely worth a shot.

[REDACTED]

Thanks for all the responses. I figured that this probably wouldn't be practical a while back, but even when I know things aren't gonna be the best solution I still tend to keep trying anyway to learn a bit more by overcoming problems. Like how to quickly convert a huge hosts file in a single row list seperated by semicolons.
But I think I've learned about enough through this attempted method by now. I sure know a lot more about Avast than when I started.

Hadn't considered the option with AdBlock and it seems that I might be able to make a custom list for it so that will be my next challenge.
Yeah I know it's probably overkill anyway but nice to have something to work on.

I could cut down the hosts file and probably be just as safe, I hadn't really noticed how big it got until I started needing the DNS client service. But I just feel like if I can get around this problem without removing some lists that would be a better solution. I'm actually using HostsMan with lists from MVPS, hphosts, Spybot S&D, SomeoneWhoCares and some more.
But it is a very good point that the hosts file blocks traffic outside the browser too so I will probably end up with a smaller hosts file with mostly malware and then a huge AdBlock list.

Might look into tweaking DNS caching a bit too, that seemed like a pretty good idea.

Thanks again for all the replies.