Question Blocking unreliable sites

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
IMO it's unlikely that Google, and it's subsidiaries, would try to hack a computer, so are other trustworthy sites like Mozilla, GNU, and other longstanding sites with a good reputation. Is there a software that will either completely block any site that aren't reliable, and possibly give a warning if it's below completely reliable (so between very very low risk and very low risk) ? It's for a use that doesn't have the ability to install an OS and only have a system with Windows XP as a possible secondary (system). If the software is less than very easy to install, I could open a remote session and do it for the user.

Thank you kindly
 
May 6, 2021
12
0
10
0
Hello DynV!

Try This Steps:
On your computer, open Chrome. On the page where a warning is displayed, click Details. Click Access this unsecured website. The page will load.
 

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
I want the Windows XP system to get into paranoid mode. First the solution would work on every program, as some programs have direct access to internet and I want it to be applied to those as well; ie

has an internal browser. The software would--completely--block anything than less than very reliable sites, and anything other than very very reliable would be blocked with the option of unblocking; ie Google is very very reliable, and CNET Download is only very reliable (thus require a confirmation to unblock).

Update 1: Oh! Preferably the software would log any attempt to access anything than less than very reliable sites, and perhaps make a soft sound when something is added (to the log).
 

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
Modify the hosts file, which can be found in C:\Windows\system32\drivers\etc. You can have it redirect URLs to something like 127.0.0.1 which is local.

Here's a tutorial on it: https://helpdeskgeek.com/how-to/block-websites-using-hosts-file/

You can probably find a pre-made hosts file somewhere on the internets.
I need the reverse: Only a limited amount of sites allowed, a couple hundred at most, and all the rest blocked.

what you need a firewall.
Which? Which settings?
 

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
The 2nd system has nothing important on it and the user is having issues on the main system. I've talked to the user about the risks of the 2nd system in detail some months ago but I'm convinced without blocking less than very reliable sites, that it will be infected in no time.
 

hotaru.hino

Respectable
The 2nd system has nothing important on it and the user is having issues on the main system. I've talked to the user about the risks of the 2nd system in detail some months ago but I'm convinced without blocking less than very reliable sites, that it will be infected in no time.
Why does this computer need to be on the internet? If this person wants to use the internet "like normal but blocking unreliable websites", a whitelist approach is going to be incredibly annoying.
 

USAFRet

Titan
Moderator
Mar 16, 2013
141,217
7,893
174,040
21,843
We're just trying to work around an unfixable situation.

"Only a limited amount of sites allowed, a couple hundred at most "
Do you know what these "couple hundred" are? By specific IP address?

As mentioned above, a firewall would "help" with this, but that is using a hammer to kill a mosquito.


I say "unfixable", because XP is not a good choice to continue being exposed to the internet. No matter what you whitelist or blacklist.
And especially with a non-techie user.
 

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
"Only a limited amount of sites allowed, a couple hundred at most "
Do you know what these "couple hundred" are?
Amongst the category that I want the user to be access without having to confirm, I want in order of priority
  1. major email providers (gmail, hotmail, etc), government sites (especially those with domain .gouv.qc.ca and .gc.ca), major video and image sharing sites (youtube, vimeo, imgur, etc),
  2. very reputable software sites like those with curated GPL ones
  3. linux distros sites, softwares to create boot discs & USBs.
For the category I want the use to confirm access, would be anything with a decent reputation, in a previous post of mine I mentioned CNET Download, and can't think of something else off the top of my head.

[what these "couple hundred" are?] By specific IP address?
Sorry, no.

As mentioned above, a firewall would "help" with this, but that is using a hammer to kill a mosquito.
Much better than getting infected and information being stolen, even if it's just stolen login info (because I insist for the user to keep nothing important on that 2nd system).

I say "unfixable", because XP is not a good choice to continue being exposed to the internet. No matter what you whitelist or blacklist.
And especially with a non-techie user.
If I return to the user, I intend to make that 2nd system dual-boot with a lightweight linux, but knowing that user, it will only be used as a backup.
 

USAFRet

Titan
Moderator
Mar 16, 2013
141,217
7,893
174,040
21,843
anything with a decent reputation
Who has defined "decent"?

Personally, I would put 'CNET downloads' and their recommendations on a blacklist. Never to be touched or seen.
Under "Best tools and Utilities software", we have such gems as Driver Booster, Driver Easy, Advanced System Care.
Those should not exist on ANY system...they do far more harm than good.


Without a strong firewall system, and a defined whitelist/blacklist, any XP system should NOT be exposed to the internet.

And if you're going that far....buy them a $200 laptop that can run a current OS that is not 20 years old, and a decade out of support.
Seriously, not trying to be funny.
 

rgd1101

Titan
Moderator
Last edited:

OrlyP

Proper
Aug 20, 2020
211
37
140
5
As others have said, your biggest problem is Windows XP. It's way beyond its prime and it's one of the worst OS to use for the kind of security that you're expecting to achieve.

XP aside, there are a number of ways to protect your clients:

  1. Deploy Pi-hole or equivalent to block known advertisement and malware sites
  2. Use OpenDNS with customized categories
  3. Use a UTM such as Untangle NG with Threat Prevention enabled. Threat Prevention evaluates the reputation scoring of each site you visit
 

carocuore

Upstanding
Jan 24, 2021
317
84
290
5
it's unlikely that Google, and it's subsidiaries, would try to hack a computer
well let's say they just "hack" in legal ways, hacking involves stealing data from a system without user's consent and that's what big G does lol

anyway, why XP? is your computer 20 years old or something? most browsers stopped being compatible with XP years ago, #14 is right, you'll need a firewall and a whitelist to allow only a bunch of sites to be loaded on your system. Hardware firewalls will require... well, aditional hardware, pihole also needs extra hardware and only works in a handful of OSes. DNS won't prevent malware/adware/etc from installing.

I mean XP is fine if all you want an offline computer let's say for old games or specific programs but is not for casually browsing the net.
 

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
And if you're going that far....buy them a $200 laptop that can run a current OS that is not 20 years old, and a decade out of support.
Seriously, not trying to be funny.
I already proposed to the user to buy a Raspberry Pi 4 kit ~135 CAD and proposed to mount it for free when to user comes my way, which is rare. I won't pay for that.

if the user don't know about how to change dns. could use dns filter

or
Are the easy ways to set them up? ie there's level of risks and you toggle between completely blocked, partly blocked, and pass-through.

protect your clients:

  1. [...]
  2. Use OpenDNS with customized categories
  3. Use a UTM such as Untangle NG with Threat Prevention enabled. Threat Prevention evaluates the reputation scoring of each site you visit
I mentioned user, because I'm paid a whopping 0$. About #2, see right above the quote of yours. About #3, the 2nd system was released in 2004, so have little resources to spare during use, I could have the user leave it on a few hrs after use if it check things afterward, still think it's a good choice? If so, is it easy to configure?

anyway, why XP? is your computer 20 years old or something? most browsers stopped being compatible with XP years ago[...]

I mean XP is fine if all you want an offline computer let's say for old games or specific programs but is not for casually browsing the net.
Do you think users that install unsupported OSes to have the look & feel of the past don't know how to deal with it? See right above the quote of yours for the date.

you'll need a firewall and a whitelist to allow only a bunch of sites to be loaded on your system
Which, and which settings?
 

punkncat

Honorable
Ambassador
Does this seem pointedly "cloak and dagger" as well as obfuscated to anyone else?

What is the primary system? What is it doing in this mysterious picture you are painting for us all?
If this is a hardware issue, in regard to the second system, why aren't you considering a lite Linux install, or the like?
 

USAFRet

Titan
Moderator
Mar 16, 2013
141,217
7,893
174,040
21,843
I already proposed to the user to buy a Raspberry Pi 4 kit ~135 CAD and proposed to mount it for free when to user comes my way, which is rare. I won't pay for that.
No, not a Pi.

An inexpensive laptop that comes with Win 10.
Or their current hardware, running Linux.

Anything but XP.

But your premise of "a couple hundred reliable sites", on an XP platform, is unworkable.
 

DynV

Distinguished
Aug 13, 2009
181
1
18,685
0
There are plenty of articles available that will instruct you on how to harden Windows XP in 2021 and I'd only go this route as a last resort. One such article is this: https://turbofuture.com/computers/How-To-Safely-Use-Windows-XP-After-Microsoft-Ends-Support
Very good page, and am so glad I diagonally read it. (y) Point "6. Allow Users to Log in Only Under a Non-Administrator Account" is such a good one, and since I used to own that system and am convinced nor the user nor the person it was lent to for some time, created another profile, the only one is administrator.

No, not a Pi.

An inexpensive laptop that comes with Win 10.
I suggested a Pi as it's small, has WIFI, plug in the large user TV (instead of the small monitor), is new and quite cheap. I guess a laptop that has an HDMI output would also do the trick, with the added benefit of Win 10 ; although your suggestion as of today is 80% more expensive (200 USD = 242.70 CAD) / 135 CAD. The user has a large # of acquaintances, I could suggest it be asked.

Or their current hardware, running Linux.
It was mentioned in post #13.
 

ASK THE COMMUNITY

TRENDING THREADS