Block malware with HOSTS file

[jepotter1-archive]

e.g. Malware Domain List, Coin Blocker List.

Other considerations:

• Set an APT hook to update the filter lists every time the system updates.
• Allow toggling malware blocking on/off in Switchboard.

[xfbs]

I don't think this is necessary, because:

• Maleware isn't really a problem (I have never encountered it)
• A misconfigured block list can potentially block useful websites, and most users won't know how to fix it
• By default, many browsers (such as Firefox and Chrome) already have some mechanisms built-in to query if websites are known to be questionable and will warn users by default (unless that feature is turned off)
• Better security can be achieved by using a sensibly configured firewall
• Having a block list gives users a false sense of security.

[codygarver]

Agree with @xfbs, the potential side-effects are really bad. Good idea for an AppCenter submission though.

[jepotter1-archive]

@xfbs Cryptojacking and malvertising are big problems, and not platform specific. They aren't blocked by Google Safe Browsing.

e.g.

coinhive.com
propellerads.net
deloton.com
coinimp.com
adless.io
popads.net

There is no reason any website should rely on these domains to function.

[xfbs]

I don't disagree with you, there are some shady things going on in the internet. But that's not something a hosts file should be used to try to fix. First, anything ad-related is best taken care of in the browser. Sure, Google Safe Browsing isn't a panacea. But there's also adblockers like uBlock Origin. Adblockers like these are much more efficient at blocking, because in addition to blacklisting they can also use heuristics to block content.

Then the other issue is that hosts-file based black lists can only block known domain names. It takes 10 seconds and about $6 for me to register a new domain name. I can do that all day (until the money runs out). And the other reason is that if people want to, they could host malicious content on CDNs or other public sites (do you want to block all of Akamai's CDN just because they host one malicious javascript?)

I don't think any distro should block any domain names by default, just like we don't want ISPs or governments to block anything. People should have the means to do it themselves in a sensible way, maybe by installing a proper adblocker, or by editing the hosts file themselves if they are so inclined.