******************************* ** ** ** AtGuard/NIS Ad Block List ** ** ** ******************************* ------------ - Contents - ------------ * Introduction * Compatibility - Compatible Versions - NIS 2003 Professional, NIS 2003, NIS 2002 Professional, NPF 2003 NIS 2004, NIS 2004 Professional, & NPF 2004 & higher - Windows XP and .ZIP Archives * Versions of Block Lists - "Full" vs. "Lite" vs. "Super-Lite" - "Straight" vs "Original" - Versions and Files * Installation - Older Block Lists - Manual Installation - Automated Installation - Updates - License Agreement * AGNIS - the Ad Block List Utility - Installing AGNIS - Missing Files - AGNIS & Windows NT/2000/XP - CHOICE.EXE & Window 2000/XP - Backups Created by Windows 2000/XP * Troubleshooting - "HTTP Filter Error - BuildTable: Memory allocation failure!" & System Crashes/Reboots - JavaScript Errors in Internet Explorer * How the Ad Block Lists Were Created * The Default AtGuard & NIS Lists * A Note on the "Adult" Sections * AtGuard & the HOSTS File * Editing an Ad Block List * Problems & Questions * Credits & Acknowledgements ---------------- - End Contents - ---------------- ============ Introduction ============ AGNIS contains a set of customized ad block lists for AtGuard, Norton Internet Security (NIS), and Norton Personal Firewall (NPF) 2003. When you "merge" the appropriate ad block list .REG file into the Registry (see "Installation," below), the list of entries is added to the "Ad Blocking List" used by AtGuard or Norton Internet Security 2000/2001/2002. (Note: users of NIS 2002 Pro, NIS 2003, NIS 2003 Pro, NPF 2003, NIS 2004, NIS 2004 Pro, and NPF 2004 can use AGNIS block lists, however, they should not attempt to merge .REG files to install AGNIS; instead, they should use the ProWAGoN block list utility to isntall AGNIS block lists. See below for more information.) The customized ad block list supplied in this file greatly expands the number of servers and URL "phrases" recognized by the ad blocking engine of AtGuard, NIS, and NPF. Please note that when this new ad block list is "merged" into the Registry, it merely adds to the currently loaded ad block list -- it does not "replace" the current list. These block lists are based in part on info from: 1. discussions in major anti-spyware forums such as: SpywareInfo Forums: (http://www.spywareinfo.com/forums/) Spyware Warrior: (http://spywarewarrior.com/index.php) CastleCops: (http://castlecops.com/forums.html) 2. the latest updates to well-known anti-crapware programs such as: SpyBot Search & Destroy: (http://security.kolla.de/) Lavasoft Ad-aware: (http://www.lavasoft.de/) SpywareBlaster: (http://www.javacoolsoftware.com/spywareblaster.html) 3. other crapware reference sites such as: and.doxdesk.com: (http://www.doxdesk.com/parasite/) CounterExploitation: (http://cexx.org/adware.htm) Kephyr.com: (http://www.kephyr.com/) PestPatrol: (http://www.pestpatrol.com/) SpywareGuide.com: (http://www.spywareguide.com/) Webhelper:(http://www.webhelper4u.com/) 4. the latest updates to HOSTS files from: hpguru: (http://www.hosts-file.net/downloads.html) MVPS: (http://www.mvps.org/winhelp2002/hosts.htm) ============= Compatibility ============= ~~~~~~~~~~~~~~~~~~~ Compatible Versions ~~~~~~~~~~~~~~~~~~~ The block lists included with AGNIS are compatible with the following versions of AtGuard or Norton Internet Security: AtGuard 3.x NIS 2007 10.0 * NPF2006 * NIS 2006 9.0 * NPF 2005 * NIS 2005 8.0 * NPF 2004 7.0 * NIS 2004 7.0 Pro * NIS 2004 * NPF 2003 * NIS 2003 6.0 Pro * NIS 2003 6.0 * NIS 2002 4.5 Pro * NIS 2002 4.0 NIS 2001 3.0 NIS 2001 2.5 NIS 2000 2.0 NIS 2000 1.0 * Users of Norton Internet Security 2002 Professional, Norton Internet Security 2003, Norton Internet Security 2003 Professional, Norton Personal Firewall 2003, Norton Internet Security 2004, Norton Internet Security 2004 Professional, Norton Personal Firewall 2004, Norton Internet Security 2005, Norton Personal Firewall 2005, Norton Internet Security 2006, Norton Personal Firewall 2006, and Norton Internet Security 2007 should see the note below for special information on using AGNIS with those versions of NIS. Ad blocking is new to NPF in NPF 2003 v. 6.0. Users of earlier versions of NPF cannot load or use ad blocking lists at all. For ad blocking to be available in NIS 2007, the Norton Internet Security Add-on Pack must be downloaded and installed: http://service1.symantec.com/SUPPORT/custserv.nsf/docid/2006092616462646 Please be sure to use the appropriate ad block list (see "Installation," below). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NIS 2003 Professional, NIS 2003, NIS 2002 Professional, NPF 2003 NIS 2004, NIS 2004 Professional, & NPF 2004 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The AGNIS block lists can be used with Norton Internet Security 2002 Professional, Norton Internet Security 2003, Norton Internet Security 2003 Professional, Norton Personal Firewall 2003, Norton Internet Security 2004, Norton Internet Security 2004 Professional, and Norton Personal Firewall 2004, however, you must use the ProWAGoN utility written by Christian Haagensen to load, remove, and backup the block lists. The AGNIS.BAT batch file utility cannot be used to add and remove block lists from these versions of NIS and NPF due to anti-tampering restrictions in these firewalls. Use ProWAGoN instead. See the ProWAGoN section on the AGNIS download page below for more information on downloading, installing, and using the ProWAGoN utility with AGNIS: http://www.spywarewarrior.com/uiuc/resource.htm#prowagon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Windows XP and .ZIP Archives ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AGNIS is distributed in ZIP archive files (either as a plain .ZIP file or as a self-extracting .EXE file). If you're using Windows XP, you should be aware of how Windows XP handles ZIP archives. Windows XP displays and treats ZIP archives as folders, allowing users to click on the files to open them just as they would a regular folder or directory on the hard drive. Even though these ZIP archive files may look like and behave somewhat like regular folders on Windows XP, you should move all the files out of those ZIP "folders" before attempting to use any of them. If you don't move all of the AGNIS files out of the ZIP "folder" and into a regular folder of their own, the files may not work properly -- especially the AGNIS.BAT installation utility. The easiest thing to do is create a new folder for AGNIS, then copy all of the AGNIS files out of the ZIP "folder" into that regular new folder. Once you've copied out all of the files, you can run AGNIS.BAT and proceed to install AGNIS. ======================= Versions of Block Lists ======================= In this package you will find eight different versions of the AGNIS block list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Full" vs. "Lite" vs. "Super-Lite" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AGNIS.EXE ships with three main versions of the new custom ad block list for both AtGuard and NIS: * a "full" version (AG-ADS.REG and NIS-ADS.REG), * a "lite" version (AG-LITE.REG and NIS-LITE.REG) * a "super-lite" version (AG-SUP.REG and NIS-SUP.REG). The "lite" version is roughly two-thirds the size of the "full" version; the "super-lite" version is roughly one-third the size of the "full" version. The "lite" and "super-lite" versions have been included primarily to assist users who experience problems with the "full" list in either AtGuard or NIS. For more information on reasons you might want to use the "lite" version, see the "Troubleshooting" section, below. For more information on the differences between the "full" vs "lite" vs "super-lite" versions of the ad block list, see the section below titled, "How the Ad Block Lists Were Created." ~~~~~~~~~~~~~~~~~~~~~~~~ "Straight" vs "Original" ~~~~~~~~~~~~~~~~~~~~~~~~ Each of the "Full" and "Lite" block lists for AtGuard and NIS is supplied in "Straight" and "Original" versions. (The "super-lite" lists, howver, do not have "full" and "original" versions.) "Original" versions use .REG files that are divided into sections to facilitate readability. These "Original" versions of the "Full" block lists also include a "Not For Everyone" section, which is comprised of potentially problematic entries that are "remarked out" but which may be enabled by users. Finally, the "Original" versions of the block lists do include "overlapping" entries -- entries that are rendered redundant because of similarities in what they block. The "Original" versions of the block lists can be found in the \ORG sub- directory. "Straight" versions use .REG files that are NOT divided into sections. These "Straight" versions of the "Full" block lists eliminate all "remarked out" entries. The "Straight" versions of these block lists also eliminate all "overlapping" entries. The "Straight" versions of the block lists can be found in the \SRT sub-directory. (Thanks go to "Cosmos," a moderator in the Agnitum Outpost forums, for the scripts used to produce the "Straight" versions of the AGNIS block lists.) By default, the AGNIS batch file utility (AGNIS.BAT) uses the "Straight" versions of the block lists. The "Original" versions are supplied mainly to allow users to understand the entries included in the block lists and to provide users with optional entries from the "Not For Everyone" section. ~~~~~~~~~~~~~~~~ Versions & Files ~~~~~~~~~~~~~~~~ The following table details the various versions of the AGNIS block lists and their corresponding files. -------- ------------- ------------- ------------- ------------- ---------- Program Full-Straight Full-Original Lite-Straight Lite-Original Super-Lite -------- ------------- ------------- ------------- ------------- ---------- AtGuard ag-ads.reg ag-ads-org.reg ag-lite.reg ag-lite-org.reg ag-sup.reg NIS/NPF nis-ads.reg nis-ads-org.reg nis-lite.reg nis-lite-org.reg nis-sup.reg All "straight" versions can be found in the \STRT sub-directory. All the "original" versions can be found in the \ORG sub-directory. All "super-lite" versions can be found in the \SUP sub-directory. There are several other .REG files included with AGNIS: ag-clr.reg & - These two files completely clear the currently installed nis-clr.reg block list in the Registry. ag-def.reg & - These are the "default" block lists from AtGuard, NIS, and NPF. nis-def.reg These four other files can be found in the \DEF sub-directory. The AGNIS.BAT installer makes use of both of these files, though you can use them independently of AGNIS.BAT. Just double-click on them to "merge" their contents into the Registry. Keep in mind that the changes are isntantaneous, so if you merge AG-CLR.REG or NIS-CLR.REG, your currently loaded block list will be cleared immediately. ============ Installation ============ After downloading and unpacking AGNIS.EXE (which is a self-extracting ZIP archive), you can install the appropriate new ad block list either manually or automatically (with the Ad Block List Utility, AGNIS.BAT -- see below). Before making any changes to the currently loaded ad block list (whether manually or with AGNIS.BAT), it is recommended that you close down AtGuard or NIS first. Changing the currently loaded ad block list involves manipulating the Registry. It is safest that AtGuard/NIS not be running when these changes are made. After you have implemented all the changes you wish to, then restart AtGuard or NIS. On some systems, a complete reboot of the PC may be necessary in order for AtGuard or NIS to "take" the new block list additions. Note: users of Norton Internet Security 2002 Professional, Norton Internet Security 2003, Norton Internet Security 2003 Professional, Norton Personal Firewall 2003, Norton Internet Security 2004, Norton Internet Security 2004 Professional, and Norton Personal Firewall 2004 should use the ProWAGoN utility written by Christian Haagensen to install AGNIS. See the ProWAGoN section on the AGNIS download page below for more information on downloading, installing, and using the ProWAGoN utility with AGNIS: http://www.spywarewarrior.com/uiuc/resource.htm#prowagon All further installation and uninstallation instructions below are for users of AtGuard or NIS 200/2001/2002. Do not attempt to merge .REG files with NIS 2002 Pro, NIS 2003, NIS 2003 Pro, NPF 2003, NIS 2004, NIS 2004 Pro, or NPF 2004. ~~~~~~~~~~~~~~~~~ Older Block Lists ~~~~~~~~~~~~~~~~~ If you have installed a previous version of one of the block lists supplied with AGNIS.EXE, you do not need to uninstall that old block list before installing one of the new versions, although you can if you wish. In fact, it is probably safest simply to install the new list on top of the old list, as you won't risk losing any custom entries that you've added. If you do wish to "uninstall" an older version of the AGNIS block list, there are several limitations you should be aware of. Unfortunately, the only way to "uninstall" an old block list is to completely clear the currently loaded block list, a process which effectively eliminates all entries (including entries that you may have added yourself). You can re-install a backed up version of a previous block list (made automatically for you by AGNIS.BAT) to recover custom entries, but that backed up version won't, of course, include any custom entries you added after the backup was created. You can use the AGNIS.BAT batch file utility (see below for more info) to clear out the old block list before installing a more recent block list. Alternately, you can also merge the AG-CLR.REG file (for AtGuard) or the NIS-CLR.REG file (for NIS) into the Registry to clear the currently loaded block list, if you don't wish to use the AGNIS.BAT utility. ~~~~~~~~~~~~~~~~~~~ Manual Installation ~~~~~~~~~~~~~~~~~~~ To manually install one of the new ad block lists, simply double-click on the appropriate .REG file, which "merges" it into the Windows Registry. -- For AtGuard, double-click on either AG-ADS.REG ("full" version) or AG-LITE.REG ("lite" version). For the "super-lite" version, double-click on AG-SUP.REG. -- For NIS, double-click on either NIS-ADS.REG ("full" version) or NIS-LITE.REG ("lite" version). For the "super-lite" version, double-click on NIS-SUP.REG. If the appropriate .REG file is "merged" successfully into the Windows Registry, you will receive the message: "Information in has been successfully entered into the Registry." If you receive an error, the most likely culprits are: -- a missing or damaged REGEDIT.EXE (which should be somewhere in your Windows folder) -- incorrect file association information for the .REG file type (in other words, Windows doesn't know what to do with .REG files) If you receive an error while attempting to merge the appropriate .REG file into the Registry, you should consult the online Windows Help, correct the problem, and try again. After installing the new block list, restart AtGuard or NIS. On some systems, a complete reboot of the PC may be necessary in order for AtGuard or NIS to "take" the new block list additions. ~~~~~~~~~~~~~~~~~~~~~~ Automated Installation ~~~~~~~~~~~~~~~~~~~~~~ Included with this package is a batch file utility called the "AtGuard/NIS Block List Utility" -- AGNIS.BAT -- hereafter referred to as AGNIS. AGNIS allows users to perform several useful chores with ad block lists for AtGuard and NIS, all of which are detailed in the next section ("The Ad Block List Utility"). Users can employ AGNIS to automate the process of installing the new ad block list (either the "super-lite," "lite," or "full" version) for AtGuard or NIS. AGNIS will automatically detect whether you are using AtGuard or NIS and install the appropriate .REG file. To let AGNIS install the new ad block list, simply double-click on AGNIS.BAT and follow the instructions from the Main Menu. Please note that AGNIS requires that a backup of your ad block list exist before it will install a new ad block list. AGNIS automatically creates a backup (named AG-BACK.REG or NIS-BACK.REG) for you the first time you run AGNIS.BAT. This required backup need only be created once. You can create subsequent backups by choosing option [1] from the main AGNIS.BAT menu. After installing the new block list, restart AtGuard or NIS. On some systems, a complete reboot of the PC may be necessary in order for AtGuard or NIS to "take" the new block list additions. ~~~~~~~~~~~~~~~~~ The Default Lists ~~~~~~~~~~~~~~~~~ AtGuard and NIS do ship with "default" block lists. Most (if not all) of the entries in those "default" lists are included in AGNIS. When installing AGNIS, you would ideally clear your block list before loading a new one. If you do not clear your block list first, however, any entries in your current block list that are duplicated in the block list being loaded will simply be overwritten. You will not end up with duplicates in your block list. For more information on the AtGuad and NIS "default" block lists, see the section below titled "The Default AtGuard & NIS Lists." ~~~~~~~~~~~~~~~~~ License Agreement ~~~~~~~~~~~~~~~~~ By installing and using any of the AGNIS block lists and/or the AGNIS.BAT installation utility, you acknowledge that you have read and agreed to the terms and conditions outlined in the "License Agreement," copies of which are included at the end of this ReadMe as well as in the LICENSE.TXT file included with this distribution package. ~~~~~~~ Updates ~~~~~~~ The AGNIS block lists are regularly updated. You can download updated versions of AGNIS from the same page where you downloaded your original copy of AGNIS. http://www.spywarewarrior.com/uiuc/resource.htm That page lists the last time that AGNIS was updated. I usually try to update AGNIS several times a month, though I may update more frequently if circumstances warrant. There is no special forum, newsgroup, or web board for AGNIS. I do hang out regularly in the following newsgroups and forums, however, and you can often find folks talking about AGNIS (and other things related to privacy & security) in these places: CastleCops http://castlecops.com/forums.html DSLR/BBR Security Forum http://www.dslreports.com/forum/security,1 http://www.broadbandreports.com/forum/security,1 GRC Discussion Groups http://grc.com/discussions.htm Safer Networking Forums http://forums.spybot.info/ SpywareInfo Forums http://www.spywareinfo.com/forums/ Spyware Warrior http://spywarewarrior.com/index.php Wilders Security Privacy Software Forum http://www.wilderssecurity.com/index.php?board=20 I periodically announce updates to AGNIS and IE-SPYAD (my other main block list) in the all of the above forums. ================================= AGNIS - The Ad Block List Utility ================================= The "AtGuard/NIS Ad Block List Utility," AGNIS.BAT (introduced in the previous section), can also perform several other useful functions beyond merely installing the new ad block list supplied with this distribution. AGNIS can also... * BACKUP the Current Ad Block List (recommended) Back up your currently loaded ad block list to a .REG file. (Any existing backups will be overwritten.) * CLEAR the Current Ad Block List Completely clear your currently loaded ad block list of ALL entries. * RESTORE an Ad Block List (original or backup) Clear the currently loaded ad block list and restore the original or default ad block list supplied with AtGuard or NIS. * EDIT a Block List (new or backup) Open the either a new ad block list or your backed up ad block list in Notepad so that you can edit it. Before you are allowed to INSTALL, CLEAR, or RESTORE an ad block list, AGNIS requires that you first BACKUP your current ad block list (the backup will be a .REG file named AG-Back.reg or NIS-Back.reg). Every time you run AGNIS it will check for a backup in the AGNIS directory. If no backup exists, one will be created automatically. Further backups can be created from the main menu. Although AGNIS allows you to edit, clear, and restore ad block lists at will, there is very little chance that you can do any serious damage with it provided you create a backup of your current ad block list first. By default, the AGNIS batch file utility (AGNIS.BAT) uses the "Straight" versions of the block lists. Note: users of NIS 2002 Pro, NIS 2003, NIS 2003 Pro, NPF 2003, NIS 2004, NIS 2004 Pro, and NPF 2004 should not use the AGNIS.BAT batch file utility to load, remove, or backup AGNIS block lists. Use the ProWAGoN utility written by Christian Haagensen instead. See the ProWAGoN section on the AGNIS download page below for more information on downloading, installing, and using the ProWAGoN utility with AGNIS: http://www.spywarewarrior.com/uiuc/resource.htm#prowagon ~~~~~~~~~~~~~~~~ Installing AGNIS ~~~~~~~~~~~~~~~~ AGNIS requires no special installation. After you've unpacked AGNIS.EXE, just double-click on AGNIS.BAT to run it. ~~~~~~~~~~~~~ Missing Files ~~~~~~~~~~~~~ Please note that to perform its several functions, AGNIS requires that the following files supplied with this distribution be located in these sub-directories of the main AGNIS installation directory: Location/File Description ------------- ----------- \DEF\ag-clr.reg clears currently loaded AtGuard block list \DEF\ag-def.reg loads default AtGuard block list \DEF\nis-clr.reg clears currently loaded NIS block list \DEF\nis-def.reg loads default NIS block list \STRT\ag-ads.reg loads "full-straight" AtGuard block list \STRT\ag-lite.reg loads "lite-straight" AtGuard block list \STRT\nis-ads.reg loads "full-straight" NIS block list \STRT\nis-lite.reg loads "lite-straight" NIS block list \SUP\ag-sup.reg loads "super-lite" AtGuard block list \SUP\nis-sup.reg loads "super-lite" NIS block list In addition, any backup files created by AGNIS (AG-BACK.REG or NIS-BACK.REG) will be written to the same directory as AGNIS.BAT, so that AGNIS can find those backups. The \ORG sub-directory contains the "original" versions of the AGNIS block lists, but these are not used by the AGNIS.BAT utility. See the "Straight vs. Original" section above for a discussion of the differences between these block list versions. If AGNIS.BAT complains about a missing file when you attempt to install, the most likely reason is that the AGNIS package you downloaded wasn't completely unpacked. The AGNIS installation package contains several sub-directories under the main \AGNIS install directory, and your "un-zipper" program may not have properly unpacked all the sub-directories. If you downloaded the .ZIP file, the easiest solution is to download the self-extracting .EXE install package and use that package instead. The .EXE file should extract on its own to the directory C:\AGNIS. All the sub-dirs should be properly unpacked. ~~~~~~~~~~~~~~~~~~~~~~~~~~ AGNIS & Windows NT/2000/XP ~~~~~~~~~~~~~~~~~~~~~~~~~~ AGNIS.BAT makes use of CHOICE.COM, a DOS utility which shipped with every version of MS DOS 6.0 and above as well as all versions of Win9x, including Windows 95, Windows 98, and Windows Me. Windows NT 4.0, Windows 2000, and Windows XP do not, however, include a copy of this file. Moreover, CHOICE.COM apparently has compatibility issues with the Windows XP command shell interpreter. This distribution includes a copy of both CHOICE.COM (from Windows 95 B - OSR2) and CHOICE.EXE (from the Windows 2000 Professional Resource Kit), which has equivalent functionality to CHOICE.COM. If AGNIS.BAT detects that you're running Windows NT/2000/XP, it will automatically install CHOICE.EXE to your Windows directory (usually \WINNT). (If you're running Windows 95/98/Me and CHOICE.COM seems to be missing, AGNIS.BAT will instead install CHOICE.COM to \WINDOWS.) If you're running Windows XP and AGNIS.BAT gives you errors every time you reach one of the menus, the problem is likely that a straight DOS version of CHOICE.COM is somewhere on your path. Even when CHOICE.EXE is installed in the Windows directory (\WINNT), if AGNIS.BAT finds CHOICE.COM, it will use CHOICE.COM instead of CHOICE.EXE. We want AGNIS.BAT to use CHOICE.EXE, which is compatible with Windows XP. Check your Windows directory (usually \WINNT) as well as your System directory (\WINNT\SYSTEM32). If you find CHOICE.COM (as opposed to CHOICE.EXE), remove it. Also, if you downloaded an earlier version of this utility that included only CHOICE.COM, make sure that CHOICE.COM is not located in the top level installation directory (a copy is included in the \CHOICE sub-directory, but that's OK). In other words, make sure that there is no chance that CHOICE.COM will be used. On Windows XP, you should be using CHOICE.EXE instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CHOICE.EXE & Windows 2000/XP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you attempt to run the AGNIS batch file installer (AGNIS.BAT) on a user account without Admin privileges you may encounter problems. As noted just above, the installer attempts to copy CHOICE.EXE to the Windows directory if it is not already present. If you're running on a user account that lacks Admin privileges, Windows will not allow the file to be copied to the Windows directory, and the installer batch file will fail. There are several workarounds for this issue: 1) Log in as Administrator and copy the CHOICE.EXE to the Windows directory before launching the installer. 2) Do not use the AGNIS.BAT batch file to install and uninstall AGNIS. Instead, manually merge the appropriate .REG files using the directions supplied earlier in this ReadMe for manual installation of AGNIS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Backups Created By Windows 2000/XP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The ad block lists used and created by AGNIS take the form of .REG files, which are Windows Registry files. Windows Registry files are themselves used and created by the native Windows Registry Editor, REGEDIT.EXE. Windows 2000 and Windows XP ship with a later version of REGEDIT.EXE (version 5.0) than Windows 9x/Me and NT 4.0 (which shipped with version 4.0). Although .REG files created by the earlier version of REGEDIT can be used by the Windows 2000/XP REGEDIT, .REG files created by the Windows 2000/XP REGEDIT are incompatible with earlier versions of REGEDIT. Thus, any backups of your ad block list that you create in Windows 2000 or Windows XP using AGNIS cannot be used on Windows 9x/Me or Windows NT 4.0 installations. In addition, .REG files created by the Windows 2000/XP REGEDIT are twice as large as those created by earlier versions of REGEDIT, because REGEDIT 5.0 creates Unicode text files, not ANSI or UTF-8 text files. =============== Troubleshooting =============== Several users have reported problems after merging one of the new block lists for either AtGuard or early versions of Norton Internet Security (v. 1.0 - 2.5). What follows are troubleshooting tips for the two most common errors that have been reported. -------------------------------- "HTTP Filter Error - BuildTable: Memory allocation failure!" & System Crashes/Reboots -------------------------------- Some users have reported that after they load the "full" version of the block list for either AtGuard or NIS they start seeing the following error reported repeatedly in the "Event Log" on the "System" tab: "HTTP Filter Error - BuildTable: Memory allocation failure!" In some cases this problem may be so severe that their systems crashed completely, even spontaneously rebooting. If you receive this error or experience crashes after loading the AGNIS list, you might notice several accompanying effects: 1) changes or additions to the AtGuard/NIS block list may not take effect until you completely reboot the PC. 2) the "CookieAssistant" or "Java/ActiveX Assistant" may start popping up excessively on virutally every web page you visit. This problem has been reported with both AtGuard and NIS on Windows 9x, Windows NT 4.0, Windows 2000, and Windows XP. NIS v. 3.0 appears to have resolved this problem. ~~~~~~ Causes ~~~~~~ The cause of this "BuildTable" error is difficult to pin down, yet the error ultimately stems from memory management issues in WRQ's code. AtGuard simply has problems handling and processing large block lists. It seems that a large ad block list will cause the "BuildTable" error in combination with one of the following factors: -- a poor networking connection (esp. on dial up connections) -- low System Resources (on Windows 9x systems) These errors often start occurring when users make changes to AtGuard's/NIS's "Ad Blocking" or "Privacy" configuration through the AtGuard/NIS interface (esp. manual additions to the "Ad Blocking" list using the "Add..." button). Another initiator of these errors can be the "CookieAssistant" or "Java/ActiveX Assistant," esp. if these Assistants are popping up excessively. Although, the precise causes of this "BuildTable" error are tough to nail down, it seems that a large ad block list stresses the AtGuard/NIS memory management to such a point that certain functionality breaks down. ~~~~~ Fixes ~~~~~ If you experience this "BuildTable" error, you can take the following steps to fix the problem. 1. Shut Down & Reboot; Re-Establish Network Connection ------------------------------------------------------ Often you can stop these errors by simply rebooting the PC and restarting Windows along with establishing a new network connection. Simply shutting down and restarting only AtGuard may stop the errors, but any configuration changes that you've made will still not take effect until you completely reboot and restart Windows. 2. Use a Smaller Version of the Block List ------------------------------------------ Try using the "super-lite" version of the block list or even one of the "lite" versions. THe "lite" and "super-lite" versions are all much smaller than the full-sized block lists and still provide decent protection against the alrgest advertisers on the net. Users who have experienced this "HTTP Filter Error" problem have generally reported that one of the "lite" or "super-lite" versions works perfectly well for them without generating this error. AGNIS contains four different versions of the block list. In descending order/size, they are: File Description Notes ag-ads-org.reg full-original the largest of all AGNIS versions ag-ads.reg full-straight still very large ag-lite-org.reg lite-original much smaller, but not the smallest ag-lite.reg lite-straight a still smaller AGNIS version ag-sup.reg super-lite the smallest of all AGNIS versions Note: the above files are AtGuard versions of AGNIS. There are similarly named versions of these files for NIS as well. Ultimately, using a smaller block list is the surest route to resolving these errors. Keep in mind, though, that even the smallest version of AGNIS will continue to grow in size with new updates. 3. Disable the Java/ActiveX Assistant & Cookie Assistant -------------------------------------------------------- Try disabling the Java/ActiveX Assistant or Cookie Assistant. When either of these Assistants is configured to pop up warnings, AtGuard's memory management is stressed severely. Combined with a large block list, incessant pop-up warnings from either of the Assistants will eventually cause the "HTTP Filter Error - BuildTable: Memory allocation failure!" If you're used to relying on the Java/ActiveX Assistant or the Cookie Assistant, disabling them may be disconcerting. You can still use AtGuard to manage cookies, ActiveX controls, Java applets, and scripts on the "Privacy" tab; you just won't be able to use the Assistants. Sacrificing the Assistants just may enable you to continue using AGNIS without fear of getting the dreaded "HTTP Filter Error - BuildTable: Memory allocation failure!" 4. Modify SYSTEM.INI -------------------- Several users have reported that adding two entries to the [386Enh] section of SYSTEM.INI did help alleviate the problem, though not in all situations (see below). Please note that this "fix" works only on Windows 9x (95, 98, 98SE, Me); it will have no effect whatsoever on Windows NT 4.0 or Windows 2000. To modify SYSTEM.INI and add the appropriate lines... -- Open SYSTEM.INI (located in \WINDOWS) in Notepad or an equivalent text editor. -- Scroll down to the [386Enh] section. -- Add the following to lines to the bottom: MaxBPs=16384 MinSPs=8 -- Save your changes to SYSTEM.INI. -- Exit Notepad (or your custom text editor). -- Reboot to allow the changes to take place. For more information on what these two additions to SYSTEM.INI do, see the following web page (which contains a wealth of info on SYSTEM.INI): http://www.mdgx.com/lastweek.htm Unfortunately, these additions to SYSTEM.INI may not completely solve the problem. Several users have reported that while these additions to SYSTEM.INI did temporarily alleviate the problem, the "HTTP Filter Error" returned if they tried to make manual modifications to the block list through the AtGuard or NIS "Settings." And while shutting down and rebooting would again alleviate the problem, further modifications would cause the error to return. 5. Close AtGuard/NIS Before Changing the Block List -------------------------------------------------- One final step you can take to avoid "HTTP Filter Error" problems is to close AtGuard/NIS before making any changes to the ad block list. You should also seek to refrain from using the "Add..." button to make manual additions to the ad block list from within AtGuard/NIS. 6. Build Your Own Custom "Lite" List ------------------------------------ Given that even the "lite" list is growing in size, users may be interested in building their own custom "lite" list from one of the AGNIS lists. For tips on building a custom list, see the "Editing an Ad Block List" section below. Also, I'd suggest starting with one of the "original" lists in the \ORG directory. The "original" lists are divided into sections that may help you decide what to keep and what to excise. At a minimum, I'd suggest keeping the following sections: PHRASES PREFIXES WEB BUGS BIG AD DOMAINS ADULT NETWORKS/SERVICES Those sections will give you plenty of protection or coverage, yet still allow you to load a small list. In fact, the "super-lite" list is includes exactly those sections. You can still customize any of the lists to suit your own tastes/needs, however. ~~~~~~~ Summary ~~~~~~~ I wish that I could offer a complete and final solution to this problem. Unfortunately, I can't. If you experience this "HTTP Filter Error" problem, you should try one or several of the solutions discussed above. Often a simple reboot will solve the problem (so long as no more additions to the block list are made manually through the AtGuard/NIS interface). If the problem becomes persistent, switching to the "lite" or "super-lite" version of the block list will usually avoid the error. In addition, the modifications to SYSTEM.INI discussed above may also help alleviate the problem to some extent. Keep in mind, though, that even the smallest AGNIS block list will continue to grow in size. There will undoubtedly come a time when even the smallest block list will cause the "HTTP Filter Error," and when that happens there will be little if anything that can be done about it, as AtGuard is no longer being developed by WRQ. If you are interested in still using AGNIS, you may need to consider either building your own custom "lite" list (as described above) or switching to one of the more recent versions of Norton Internet Security (at least version 3.0) or Agnitum Outpost. Versions of AGNIS exist for both of these firewalls, and neither of them has the same memory management problems as AtGuard. -------------------------------------- JavaScript Errors in Internet Explorer -------------------------------------- Several users of Internet Explorer 4 and 5 have reported experiencing numerous JavaScript errors on many web pages after loading one of the block lists on either AtGuard or NIS. This problem appears to be caused by the inability of scripts embedded within certain web pages to access sites or addresses blocked by AtGuard. The straightforward solution is to prevent the scripts from running. There are several strategies that you can try, all of which revolve around the "Security Zones" feature of Internet Explorer (IE). The "Security Zones" of IE allow you to assign web sites and even entire domains to different "zones," each of which follows different security policies. ~~~~~~~~~~ Solution 1 ~~~~~~~~~~ FIRST, try adding the ad/spy domains or servers which are being blocked to the "Restricted" zone of Internet Explorer. By adding these ad/spy servers or domains to the "Restricted" zone, we should be able to prevent the scripts from running. One easy way to add a long list of known ad/spy servers and domains to the "Restricted" zone is to download and install the IE-ADS.REG block list from my web site. You can download the file which contains this .REG file, IE-SPYAD.EXE, from the same page where you got AGNIS.EXE (http://www.spywarewarrior.com/uiuc/resource.htm). IE-ADS.REG is simple to install (just double-click on the .REG file after you unpack from the .EXE file) and contains all of the same domains and servers as the AtGuard/NIS block list. Installing it adds a long list of known ad/spy servers to the "Restricted" zone, preventing these sites and domains from using JavaScript. You can use the "Restricted" zone of IE in tandem with AtGuard or NIS as yet another layer of protection against advertisers and marketers. I do so myself, and have yet to notice any great performance hit or conflict between the two. For more information on using the "Restricted" zone of IE and the IE-ADS.REG list, see the documentation which accompanies IE-SPYAD.EXE. ~~~~~~~~~~ Solution 2 ~~~~~~~~~~ SECOND, try adding the sites which generate the JavaScript errors to the "Restricted" zone of Internet Explorer. By adding these problematic sites to IE's "Restricted" zone, we are preventing them from being able to run JavaScript. To add a site to the "Restricted" zone so manually... -- Open "View" (IE4) or "Tools" (IE5), then "Internet Options..." from the menu bar to open the "Internet Options" box. -- Hit the "Security" tab and click on the "Restricted" zone icon to highlight it. -- Click the "Sites..." button to open the "Restricted sites" box. -- In the field titled "Add this web site to the zone:" type in (or paste) the URL for the web site which is generating JavaScript errors. -- Click "Add," then click "OK" to close the "Restricted sites" box. -- Hit the "General" tab of the "Internet Options" box and then click the "Delete Files" button to clear your browser's file cache. -- Click "OK" to close the "Internet Options" box. -- Reload the page that was generating the errors. You can also download an add-on tool to IE from Microsoft that makes the process of adding a site to the "Restricted" zone very simple. Grab the "Power Tweaks Web Accessories" (pwrtwks.exe) from: http://www.microsoft.com/Windows/IE/WebAccess/default.asp It adds to menu options to your "Tools" or "Views" menu: "Add to Trusted Zone" or "Add to Restricted Zone." These menu items will add the currently loaded web page in IE directly to the specified security zone. This solution may not be a desirable one in that adding a web site to the "Restricted" zone may disable functionality in the web page if it depends on Java, JavaScript, or ActiveX technologies or requires cookies. This solution may even prevent the page from loading at all in certain circumstances. If you simply must have the functionality of the web page that disabled by the "Restricted" zone or the page requires cookies to allow access, then you may have to remove the block list entry that is causing the JavaScript errors from the AtGuard or NIS ad blocking list. To find out which entries are causing the JavaScript errors, try looking at the most recent entries in the "Ad Blocking" tab of the "Event Log." You will have to make a decision on a case by case basis as to whether the functionality of a particular web page is worth the security and privacy risks presented by letting a web site operate outside of the "Restricted" zone. ~~~~~~~~~~ Solution 3 ~~~~~~~~~~ The THIRD solution I can offer is a more comprehensive version of the first and second solutions. The difference is this: instead of using the "Restricted" zone to prevent JavaScript from running, we'll use the "Internet" zone. In other words, instead of adding either known ad/spy servers and domains or web sites generating JavaScript errors to the "Restricted" zone (where strict security policies disable JavaScript), we'll set the default policies of the "Internet" zone, to which all web sites go by default, so that they're just as restrictive and secure as the policies in the "Restricted" zone. In effect we'll be enforcing an "Opt In" policy for all web sites. In IE, all web sites are assigned to the "Internet" zone by default unless you put them in the "Trusted" or "Restricted" zone (as we discussed doing above). If we change the security settings of the "Internet" zone, we can prevent all web sites by default from running JavaScript (or doing any number of other things which can compromise your privacy and security). In other words, we must "opt in" to functionality like JavaScript. This solution solves our problem with JavaScript errors because no site will be allowed to run JavaScript unless we assign it to the "Trusted" zone (like we assigned sites to the "Restricted" zone above). Here's how to set the security policies of the "Internet" zone: -- Open Internet Explorer's "Internet Options" (off either the "View" or "Tools" menu bar option). Hit the "Security" tab. Select the "Internet" zone. Click the "Custom Level" button. -- Change every entry in the "Custom Level" settings box for "Restricted sites" to "Disable" (or "Prompt" or "High safety," if "Disable" is not an option for a particular entry). Esp. important here are any entries related to JavaScript. -- Close the "Custom Level" settings box by clicking "OK." Close the "Internet Options" box by clicking "OK." The disadvantages to this solution are the same as for the second solution: some web sites may not function properly or even load at all because they won't be able to use technologies like JavaScript, Java, or ActiveX, or be able to set cookies in your browser. If you wish to allow certain sites to follow more lax security policies, you can add sites to the "Trusted" zone on an individual basis by following the same steps as we did above to add sites to the "Restricted" zone in Option 2 -- just make sure you choose the "Trusted" zone instead of the "Restricted" zone. And you can also make use of the Microsoft add-on tool mentioned above -- grab the "Power Tweaks Web Accessories" (pwrtwks.exe) from: http://www.microsoft.com/Windows/IE/WebAccess/default.asp Of course, if you assign the page which is generating JavaScript errors to the "Trusted" zone, you'll be right back at square one (because JavaScript is enabled in the "Trusted" zone), meaning that you'll have to consider removing the entries from the AtGuard/NIS ad block list which are causing the JavaScript errors. Using the "Internet" zone to enforce an "Opt In" policy for all web sites has many advantages above and beyond merely resolving JavaScript errors with the ad block list -- it's simply a safer way to surf in Internet Explorer. =================================== How the Ad Block Lists Were Created =================================== The domains, servers, and prefixes were taken from many sources. These were merged with the defaults supplied by AtGuard and Norton Internet Security (NIS). Finally, the entries were divided into the sections to facilitate readability and editing. Here's a table that breaks down the various sections contained in the "Full" list and which of those sections is and is not included in the "lite" and "super-lite" versions: ------------------------------------------------ Section Full Lite Super-Lite ------------------------------------------------ PHRASES X X X PREFIXES X X X WEB BUGS X X X EMAIL NASTIES X - - BIG AD DOMAINS X X X COUNTERS X - - MISC AD DOMAINS X - - CRAPWARE DOMAINS X X - DIALERS X - - ADULT NETWORKS\SERVICES X X X ADULT HOSTING X - - MISC SERVERS X - - HYBRIDS X - - NOT FOR EVERYONE X - - REMOVED X - - ------------------------------------------------ While the "lite" version of the block list is about 2/3 the size of the "full" block list, it still covers all the most prominent and "popular" advertising/marketing and adware/crapware servers & domains. The "super-lite" list is only 1/3 the size of the "full" list, and differs from the "lite" version only in that excludes the "Crapware Domains" section The last section in the "full" version of the block list, NOT FOR EVERYONE, contains a number of entries that are not enabled by default. The entries in NOT FOR EVERYONE are "disabled" because they might prevent users from accessing certain popular Web sites and services (e.g., Hotmail, or Yahoo! Clubs). To enable these "disabled" entries, edit the appropriate .REG file in a text editor like Windows Notepad and remove the semi-colon and space (; ) before each entry. For more information on editing .REG files, please see the following section, "Editing an Ad Block List." Please note that there used to be a long list of misc., "run-of-the-mill" porn sites and adult domains in AGNIS. That section has now been moved to a separate file, which you can find in the \ADULT sub-directory of the main AGNIS installation directory. For instructions on how to install those misc. adult domains, if you so choose, see the file ADULT-NOTE.TXT in the \ADULT sub-directory. ============================================== Where Does the Info for New Entries Come From? ============================================== AGNIS and IE-SPYAD (my Restricted zone list for Internet Explorer) are built from the same basic block list. Users of IE-SPYAD and AGNIS often ask, "Where do you get your information to add new entries to AGNIS or IE-SPYAD?" The answer to that question isn't a simple one, and what follows is a somewhat detailed explanation. I get my info from a number of different sources: 1) Other block lists IE-SPYAD and AGNIS were originally based on Stephen Martin's old HOSTS file (http://www.smartin-designs.com/), but Stephen Martin no longer updates or supports his HOSTS file. I do occasionally look at other block lists that folks have built for web filtering programs. I go through those lists, looking for new domains that are primarily associated with advertisers, marketers, and crapware pushers. I then visit those domains to verify that they are in fact used by marketing and advertising outfits. I do not blindly dump new sites or domains into IE-SPYAD and AGNIS -- I pick and choose. Many of these other block lists aren't maintained very well, so it's rare that I find much of anything that I didn't already have. 2) SpywareInfo Support Forums Mike Healan's SpywareInfo hosts several important discussion forums: http://www.spywareinfo.com/forums/ ...where people with crapware problems can seek help. In particular, the "Spyware and Hijackware Removal Support" forum is esp. useful. Several other forums now specialize in troubleshooting crapware problems for users as well: cexx.org Discussion Boards http://boards.cexx.org/index.php? CastleCops http://castlecops.com/forums.html Safer Networking Forums http://forums.spybot.info/ Spyware Warrior http://spywarewarrior.com/index.php Tech Support Guy Forums http://forums.techguy.org/ ...to name only the most prominent ones. Users regularly bring system logs generated with HijackThis! and StartupList (both available from http://www.spywareinfo.com/~merijn/ ) into these forums for troubleshooting advice. Those logs (and the discussions that result from them) are invaluable for identifying new sources of spyware/adware/hijackware. 3) Other Crapware Reference Sites I constantly comb through several well-known crapware reference sites for leads on new forms of crapware and the outfits that distribute them: and.doxdesk.com http://www.doxdesk.com/parasite/ CounterExploitation http://cexx.org/adware.htm Kephyr.com http://www.kephyr.com/ PestPatrol (Safersite) http://www.pestpatrol.com/ http://www.safersite.com/ Spyware Guide http://www.spywareguide.com/ Webhelper http://www.webhelper4u.com/ All five of the above sites keep excellent data about spyware, adware, hijackers, and dialers, including distribution and uninstallation information. 4) Anti-Spyware Program Updates I monitor the updates to programs such as: Ad-aware http://www.lavasoft.de/ SpywareBlaster http://www.wilderssecurity.net/spywareblaster.html SpyBot Search & Destroy http://security.kolla.de/ ...looking for new forms of crapware. SpyBot Search & Destroy is esp. useful because of the included .NFO files that contain detailed info on the programs it targets. Occasionally, all I'll get is the name of a program or direct marketing outfit -- some digging in Google turns up the rest. 5) News Stories Direct marketers and crapware pushers are often desperate to get their names in front of the public in order to attract sales and investors. Thus, major tech media outlets such as: CNet http://news.com.com/ IDG http://www.idg.net/ Wired.com http://www.wired.com/news/ ZDNet http://www.zdnet.com/ ...(to name a few) regularly carry stories about direct marketing outfits and crapware pushers, esp. those who are doing things new and noteworthy. The online technology sections for newspapers such as: New York Times http://www.nytimes.com/ San Francisco Chronicle http://www.sfgate.com/ San Jose Mercury News http://www.bayarea.com/mld/mercurynews/ Washington Post http://www.washingtonpost.com/ ...are also helpful in this regard. 6) Discussion forums I monitor privacy & security oriented forums such as: DSLR/BBR Security forum http://www.dslreports.com/forum/security,1 http://www.broadbandreports.com/forum/security,1 Wilders.org http://www.wilderssecurity.com/ GRC's newsgroups http://grc.com/discussions.htm ...as posters often provide useful info about and pointers to new forms of advertising and crapware. 7) Web sites of direct marketers themselves I spend a good amount of time going through the web sites of known advertisers and crapware pushers themselves. You'd be surprised what a little digging can turn up. When I visit a direct marketer's web page, I look at the HTML source as well as the following sections of the web site (if they exist): * About Us (Our Company) * Partners * Privacy Policy * Products * Services * History * Demos * Contact Us I'm looking for affiliated/related web sites, names of products and services, names of partners/affiliates, etc. Esp. in the case of adult-oriented companies, the network of relationships can be quite complicated. I'll often follow up by doing searches within Google (which can be a more trustworthy/reliable source of info than the marketers and crapware pushers themselves). Occasionally I stumble across web sites that yield a "mother load" of links to direct marketers and crapware pushers. This is esp. true of web sites targeted towards webmasters (and adult site webmasters), as such web sites often include handy indices of direct marketing networks, technologies, partnering programs that webmasters might be interested in. A lot of this is just persistence and following one link to another, looking through the HTML source for web pages, or taking the name of a marketing outfit and digging for info in Google. 8) My own web surfing I monitor my firewall logs and track down new entries based on info that I find there. I pay attention to what's happening at web pages that I visit. I've even been known to drop all my "defenses" and deliberately go trolling for crapware and other obnoxious direct marketing gimmicks at dodgy web sites. If I come across an unfamiliar program, I'll download it and inspect it. I unpack .CAB files when necessary, and look at the Properties and Digital Signatures for each file. I also look at installer .INF files for clues as to the origin or author of the program. Again, often all it takes is a name that I can plug in to Google. --- So, there's no one source for the information that feeds into AGNIS and IE-SPYAD. It comes from a lot of different places. For a more complete discussion of the reasons that sites and domains might be included in AGNIS, see the following web page: Targeting & Inclusion Policy http://www.spywarewarrior.com/uiuc/target-policy.htm =============================== The Default AtGuard & NIS Lists =============================== Some AtGuard, NIS, and NPF users wonder about the "default" block list that appeared when they originally installed one of those programs and what happens to that "default" list when AGNIS is installed. Unless the current block list is "cleared" first, the AGNIS list simply adds itself on top of the current list. Any duplicates in the "default" list are simply overwritten. There is no need to clear the default block list before adding the AGNIS list. As AGNIS includes most, if not all, the entries from the default list anyway, it is recommended that you simply install AGNIS over the top of the existing list. The default list that ships with NIS and NPF hasn't changed much over the past few versions of those applications, however, occasional new items in the more recent "default" lists have been added to the AGNIS list. Finally, remember that you can go back to an earlier version of the block list (before AGNIS was installed): 1) The AGNIS batch file utility creates a backup of your current list (AG-BACK.REG or NIS-BACK.REG) the first time you run AGNIS.BAT. You can always revert to this list if need be. 2) The AGNIS batch file utility allows you to back up your block list (use the appropriate menu option from the Main menu of AGNIS.BAT). 3) AGNIS ships with copies of the default (or "original") block lists for AtGuard, NIS, and NPF. The \DEF sub-directory contains the following files: Location/File Description ------------- ----------- \DEF\ag-clr.reg clears currently loaded AtGuard block list \DEF\ag-def.reg loads default AtGuard block list \DEF\nis-clr.reg clears currently loaded NIS block list \DEF\nis-def.reg loads default NIS block list You can load these block lists manually (by double-clicking on them) or by using the AGNIS batch file utility and choosing the appropriate options from the Main menu. Users of the ProWAGoN utility (used to load AGNIS on later versions of NIS and NPF) can find a set of "default" block lists for those version of NIS and NPF in the \DEFAULTS sub-directory of the ProWAGoN installation directory. ============================== A Note on the "Adult" Sections ============================== There are two "Adult" sections: * Adult Networks/Services This section target advertising networks, referrers, counters, and other direct marketing sites that primarily serve "adult" web sites. * Adult Hosting This section targets large hosting networks for adult sites. You'll also find some porn-related sites in the "Crapware" section; those sites are known sources of crapware, homepage hijacking, or other malicious activity. The purpose of AGNIS is to put restrictions on obnoxious advertisers, marketers, and crapware pushers, not to block pornography or other content which some users may find offensive or objectionable. The problem with so many porno sites, however, is that they often use incredibly aggressive, even dangerous, direct marketing tactics. Moreover, web surfers can easily get sucked into these sites and domains quite unwittingly and unintentionally (and no, I'm not joking here -- it happens). I've included a large number porno sites and domains precisely because of the aggressive direct marketing that these sites and domains often use, not because I feel that the content that they serve ought to be blocked. Indeed, I take no position whatsoever on the content that you may find on those sites. Still further, because I don't want to be understood as somehow offering a porno blocking tool, I've deliberately segregated porno sites into the "Adult" sections (like Stephen Martin's old "Adult" HOSTS file) so that users who may want to use those sites without restrictions can easily remove the appropriate entries. Please note that there used to be a "Adult Domains (Misc)" section in AGNIS, which contained a large number of "run-of-the-mill" porn sites. That section has now been moved to a separate file, which you can find in the \ADULT sub-directory of the main AGNIS installation directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ What happened to the "Adult Domains (Misc)" section? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On April 26, 2003, most "run-of-the-mill" adult domains, previously classified under the section "Adult Domains (Misc.)," were removed from the main IE-SPYAD and AGNIS block lists. The reasons for this action are several: * Overly Large Block Lists The IE-SPYAD and AGNIS block lists were becoming incredibly large (4800 + domains at one point), and I became concerned that the size of these block lists might begin affecting the performance of the applications for which they were built. At least one program, AtGuard, is known to fail when very large block lists are used. Removing the misc. adult domains (about 930+ domains) gives the IE-SPYAD and AGNIS lists room to grow. * Questions of Value The value of continuing to add these misc. adult domains was becoming increasingly dubious. While "run-of-the-mill" adult sites can present dangers to users, most of those dangers seem to take the form of crapware, homepage hijackers, dialers, and aggressive advertising that are pulled from other sources which are already covered in the main (non-adult) sections of IE-SPYAD and AGNIS. Moreover, the list of potential adult domains is virtually endless and ever growing. Stephen Martin used to make an "Adult" HOSTS file available from his site (http://www.smartin-designs.com/). That file contained about 31,000 unique adult domains. By contrast, at its peak the misc. adult domains section in AGNIS and IE-SPYAD contained about 1300. So why target those 1300 and not a different group of adult domains? There is (and was) no good reason, save the fact that I just happened to stumble upon them. But I could spend all day every day for months on end collecting adult sites/domains and not exhaust the potential supply. And the value of adding all those domains to IE-SPYAD and AGNIS would still be questionable. * Efficiency It seemed much more efficient to target three particular types of adult domains, rather than the whole lot of them: 1) Adult domains that are known purveyors of spyware, homepage hijackers, and porn dialers. These sites were (and are) already included in the main (non-adult) sections of IE-SPYAD and AGNIS. 2) Adult networks & services There is an entire marketing and advertising industry on the Internet almost exclusively devoted to supplying adult sites with banner ads, counters, affiliate programs, dialers, and link exchange programs. (Adult sites also use the same standard counters and banner advertising networks that non-adult sites do.) Domains that are devoted to marketing and advertising for web sites on the "adult" Internet are now included in the "Adult Networks/Services" section in IE-SPYAD and AGNIS. 3) Adult hosting sites Again, there is an entire industry on the Internet devoted to supplying adult web masters with hosting for the web sites and ventures, just as there are hosting plans for non-adult sites. These adult hosting sites are now included under the section "Adult Hosting" in IE-SPYAD and AGNIS. Between the "Adult Networks/Services" and "Adult Hosting" sections, over 300 adult-related domains are targeted. Add to those the adult domains that are included the main sections of IE-SPYAD and AGNIS, and the total easily goes over 500. Targeting those domains should provide users plenty of protection against rogue web sites on the Net without having to throw in potentially thousands of other "run-of-the-mill" adult sites that do little more than serve up porn. It was never my intention to target porn sites for their content alone. Rather, I targeted porn sites in IE-SPYAD and AGNIS because they tend to use incredibly aggressive direct marketing tactics. Removing misc. adult sites and instead targeting adult networks, services, and hosting sites along with known "adult" sources of "crapware" allows IE-SPYAD and AGNIS to protect users in a more efficient manner. I will not be making any further additions to that "Adult Domains (Misc)" list, which is now included as a separate file. I will continue to add sites and domains to the other "Adult" sections described above and which are included in the main IE-SPYAD and AGNIS block lists. I know that some users of IE-SPYAD and AGNIS may not be entirely pleased with this decision to remove the misc. adult sites from those block lists. For those users, the old "Adult Domains (Misc)" section is now available as a separate file in the \ADULT sub-directory of the AGNIS or IE-SPYAD installation directory (i.e., as a sub-directory of wherever you happened to unpack the AGNIS or IE-SPYAD package that you downloaded). For instructions on how to install those misc. adult domains, if you so choose, see the file ADULT-NOTE.TXT in the \ADULT sub-directory. ======================= AtGuard & the HOSTS File ======================= I occasionally get the question: "If I'm using a HOSTS file, why should I use AtGuard's/NIS's ad blocking features as well? Aren't they redundant?" If you are using a HOSTS file to block advertising and other undesirable content, there are still several advantages to using AtGuard's/NIS's ad blocking features (and this AGNIS block list) as well: First, the AtGuard/NIS block list uses wild cards (*.doubleclick.net), making it much more flexible than the HOSTS file, which can only block individual servers (ad.doubleclick.net and ad1.doubleclick.net, et al). The AtGuard/NIS block list can, therefore, catch servers that are unknown to the HOSTS file. Online marketers are always adding new servers to their stable of ad servers. The HOSTS file might not include some of these newer servers, in which case the AtGuard/NIS will pick them up Second, AtGuard/NIS replaces blocked ads with equivalent sized blank GIF's, allowing you to avoid those ugly "missing GIF" graphics that result from GIF's which are blocked by the HOSTS file. While you can compensate for this aesthetic problem by using by using something like eDexter, the question is: why bother running yet another program on top of one that will already do it for you?. Third, I have added many domains that might not be covered in your HOSTS file to the AGNIS block list. Finally, the AtGuard/NIS block list allows you specify "fragments" of URL's (e.g., ad. or ad1-, et al), which you can't do with the HOSTS file, allowing you to block even more ads. In sum, there are distinct advantages to using AtGuard or NIS as an ad blocker over the HOSTS file. The one real advantage to using the HOSTS file is that it works at the networking level, blocking ALL outbound network traffic to specified servers, whereas AtGuard/NIS blocks ads only on designated HTTP ports (used mainly by your web browser). This aspect of the HOSTS file makes it especially useful for controlling Internet access for non-web browser applications like "adware" or "spyware." So, yes, using AtGuard or NIS does do something different than using the HOSTS alone. There is quite a bit of overlap between the two, but each has its blind spots and its advantages. If you're wondering, I use BOTH, and I've never experienced any appreciable performance hit. ======================== Editing an Ad Block List ======================== The two new ad block lists for AtGuard and NIS take the form of .REG files -- Windows Registry files. .REG files are, in reality, merely text files formatted for use by REGEDIT.EXE. As such, they can be edited using any simple text editor like Windows Notepad. To open an ad block list (AG-ADS.REG or NIS-ADS.REG) in Windows Notepad you can either: -- right-click on the appropriate .REG file and select "Edit" from the context menu that pops up -- use AGNIS (the batch file utility introduced and discussed above) and select option [6] from the Main Menu If you edit one of the .REG file block lists in a text editor like Notepad, you will not only be able to see the entries that will be added to the block list utilized by AtGuard or NIS, but you will be able to add or modify entries. Here's a quick introduction to the syntax of the entries in the ad block .REG files: To add this entry... .doubleclick.com/ ...into our currently loaded ad block list, we would need an entry in the appropriate .REG file that looks like this... ".doubleclick.com/"=hex:01 Note the use of quotes ( " " ) at the head and back of the entry, as well as the "value" (=hex:01). As explained above, the NOT FOR EVERYONE section includes a number of entries which are not enabled by default. These entries are "disabled" (and will not be added to your ad block list) because they have been "remarked out" with a semi-colon and space ( ; ). Thus, to enable the following "disabled" entry... ; "msid.msn.com/"=hex:01 ...you would edit the entry to look like... "msid.msn.com/"=hex:01 ...save your changes in Notepad, and then merge the .REG file into your Registry by double-clicking on it. Please note that any backups that you create with AGNIS will not include "remarked out" or "disabled" entries because those entries were never loaded into the Registry to begin with. ==================== Problems & Questions ==================== I hope you find the ad block lists as well as the AGNIS batch file utility helpful in your use of AtGuard, Norton Internet Security, or Norton Personal Firewall. If you run into serious problems with an ad block list or the AGNIS batch file utility, and you have made every attempt to address the problem but remain stumped, I can be reached at: eburger68@myrealbox.com Please keep in mind that my busy schedule may not allow me to respond immediately. I will attempt to get back to you, though, and address your questions. Other helpful resources for getting answers to questions about ad blocking and general privacy questions include the GRC Privacy & Security news groups, which are generously hosted by Steve Gibson of Gibson Research (GRC): http://grc.com/discussions.htm ...and the DSL Reports (Broadband Reports) Security Forum: http://www.dslreports.com/forum/security,1 http://www.broadbandreports.com/forum/security,1 For questions and problems specific to AtGuard or NIS, an excellent resource is the "AtGuard Newsgroup": news://news.gpick.com/atguard I've found the folks who hang out in all of these groups to be helpful, knowledgeable, passionate, and more than wise to the wiles of the marketing droids which infest the Net. Finally, you might also check out my web site at The University of Illinois at Urbana-Champaign, a site which contains a bevy of links to information and software relevant to Privacy & Security on the Internet: http://www.spywarewarrior.com/uiuc/ There's even a list of AtGuard and NIS related resources on this page: http://www.spywarewarrior.com/uiuc/soft7a.htm#AG-NIS ========================== Credits & Acknowledgements ========================== The list of servers in these block lists was originally based on the HOSTS file compiled by Stephen Martin. These block lists are also based on info from: 1. discussions in major anti-spyware forums such as: SpywareInfo Forums: (http://www.spywareinfo.com/forums/) Spyware Warrior: (http://spywarewarrior.com/index.php) CastleCops: (http://castlecops.com/forums.html) 2. the latest updates to well-known anti-crapware programs such as: SpyBot Search & Destroy: (http://security.kolla.de/) Lavasoft Ad-aware: (http://www.lavasoft.de/) SpywareBlaster: (http://www.javacoolsoftware.com/spywareblaster.html) 3. other crapware reference sites such as: and.doxdesk.com: (http://www.doxdesk.com/parasite/) CounterExploitation: (http://cexx.org/adware.htm) Kephyr.com: (http://www.kephyr.com/) PestPatrol: (http://www.pestpatrol.com/) SpywareGuide.com: (http://www.spywareguide.com/) Webhelper:(http://www.webhelper4u.com/) 4. the latest updates to HOSTS files from: hpguru: (http://www.hosts-file.net/downloads.html) MVPS: (http://www.mvps.org/winhelp2002/hosts.htm) Let me extend a very heart-felt thanks to Christian Haagensen and David Stockbridge, both of whom selflessly gave of their valuable time and attention to supply needed info, test early versions of AGNIS.BAT, and provide much needed feedback in the creation of this whole package. Without their efforts, this ad block list package for AtGuard and NIS would likely not exist. Thanks also go to "Cosmos," a moderator in the Agnitum Outpost forums, for the scripts used to produce the "Straight" versions of the AGNIS block lists. "Cosmos" originally created the scripts in order to convert the AGNIS block lists for use with Agnitum's Outpost firewall. You can find the Outpost versions of AGNIS in this thread on the Agnitum support groups: http://www.agnitum.com/forum/showthread.php?s=&postid=4342 ------------------------------------------------- Date: 11/28/00 10/17/01, 3/19/2002, 3/26/02, 4/14/02, 5/1/02, 7/29/02, 10/26/02, 11/23/02, 12/22/02, 3/1/03, 3/16/03 3/29/03, 4/19/03, 4/26/03, 7/2/03, 11/14/03, 11/28/03, 12/6/03, 3/21/04 4/12/04, 6/21/04, 7/30/04, 3/28/05, 8/19/05, 10/2/05, 11/20/05, 10/22/06 From: http://www.spywarewarrior.com/uiuc/ Made By: Eric L. Howes (eburger68@myrealbox.com) ------------------------------------------------- ------------------------------------- License Agreement: Terms & Conditions ------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ COPYRIGHTS, TRADEMARKS, DISTRIBUTION, WARRANTY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AGNIS (including the block lists, the AGNIS.BAT installation utility and the ReadMe) is Copyright (c) 2000-2004 Eric L. Howes. AGNIS can be downloaded from: http://www.spywarewarrior.com/uiuc/resource.htm If you distribute AGNIS, please include all the files. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Some files distributed with this package may not be covered by the GNU GPL. Those files remain the property of their original owners and are covered by the licenses under which they were originally distributed. All trademarks are the property of their respective owners. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation 59 Temple Place - Suite 330 Boston, MA 02111-1307, USA ~~~~~~~~~~~~~~~~ CONTENT BLOCKING ~~~~~~~~~~~~~~~~ By installing and using any of the AGNIS block lists and/or the AGNIS.BAT installation utility, you acknowledge that you have read, understood, and agreed to following terms and conditions: a) The AGNIS block lists contain lists of domains, web sites, and other URL information that your ad blocking program will use to block content from the sites and domains covered in the AGNIS block lists from being displayed in your web browser. b) By installing any of the AGNIS block lists included in this distribution package, you acknowledge that it is your decision to block advertisements and other content at the web sites and domains covered in the AGNIS block lists -- including sites and services that may prohibit you from blocking content or otherwise interfering with their services and software -- should you choose to use those sites, services, and domains. c) If you do not wish to block content at certain of those sites, you can selectively edit the AGNIS block lists -- either in their source file form or through your ad blocker's graphical user interface (GUI) -- to remove the list entries that block content at those sites. d) You agree to accept any and all legal responsibility for the consequences that may result from the blocking of content at the sites and domains covered in the AGNIS block lists when you use those domains and sites. e) If you have entered into contracts or agreements with the companies whose sites and domains are included in the AGNIS block lists, and those contracts or agreements prohibit you from blocking content at those sites or otherwise interfering with the companies' software or services, you agree that it is your responsibility to resolve those contractual obligations in a satisfactory manner. ---------------------------- Advice on Distributing AGNIS ---------------------------- As noted above, AGNIS is distributed under the terms of the Gnu General Public License, a copy of which is online HERE. That license gives you broad rights to modify and distribute AGNIS, but in order to exercise those rights, you must abide by the terms of the license. At a minimum, to distribute, modify, or distribute modified versions of AGNIS under the terms of the GPL: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) Furthermore, you must: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) Since the AGNIS block list does not consist of binary code, the following would be sufficient: 1) Include a notice somewhere in the installation stating the following: This program makes use of a modified version of the AGNIS block list, which is available from: http://www.spywarewarrior.com/uiuc/resource.htm AGNIS is (C) Copyright 2000-2004 Eric L. Howes. AGNIS is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. AGNIS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You can obtain a copy of the GNU General Public License from the Free Software Foundation online: http://www.fsf.org/licenses/gpl.txt 2) Include something like above notice in the ReadMe as well. In fact, you could include the above notice with any other acknowledgements and "thank you's" in your standard documentation. 3) Make a plain text version of the list available If you've embedded the AGNIS block list in a binary program, make a separate plain text version of the list (including your own additions and modifications to the basic list) publicly available either on your web site or with the program itself. ------- CONTACT ------- The author of AGNIS can be contacted at: eburger68@myrealbox.com (Eric L. Howes) July 30, 2004