[Filipp0s]

A. Make sure you have pop-up blocking enabled. [ Tools | Options | Web-features | Block popup windows ]

B. GetAdblock and import the G.Filterset, to suppress advertising pop-ups the blocker considers wanted.

C. To block pop-ups from plugins (such as Flash) type about:config in the location bar; right-click anywhere in the page and choose New>Integer; type privacy.popups.disable_from_plugins and press Ok; type 2 and press Ok
[You can choose anything between 0 and 2;
0: open allowed
1: the opened windows are treated as popups, but they're allowed to open (we limit the number of these types of popups)
2: the window is a popup, block it]

D.a. Check for spyware. Download and install Spybot and/or Ad-aware, update them and scan your computer.
D.b. Getting the Aurora popup? Read this.

E. If the pop-ups have the title «Messenger Service», disable the Windows messenger service (not MSN). Read how.



Note: This is about advertising pop-ups. If you want to block error alerts (such as "The operation timed out...", "The document contains no data" etc) and change them with error pages :
a. Type <code>about:config</code> in the location bar
b. Look for the line <code>browser.xul.error_pages.enabled</code>
c. Change its value to <code>true</code>


[Feedback appreciated]

[craigevil]

Secure your system and keep out Spyware, Adware, viruses and Popups.

This may seem a little overkill, and some of it maybe. However it will give you a reasonably secure PC. Not only will it get rid of popups/popunders it will help too keep malware like adware, spyware, and viruses off your pc. Personally I use Debian GNU/Linux and don't have to worry about spyware, trojans, adware or viruses.

For detailed security checklists and more information see "Internet Security Overview "

1) Use a Mozilla browser (Mozilla suite, Netscape or Firefox), preferably Firefox. If you must use IE only use it on secure sites like your bank,etc. Never for surfing the net unless you know how to set all the security and privacy features properly.
"Locking down Internet Explorer remains important even if you're not regularly using Internet Explorer to browse the internet. " Spyware Warrior: Getting Help w/ Spyware
"Another way to disable IE"
http://forums.mozillazine.org/viewtopic.php?t=185554

2) The first thing to do is to make sure these pop-ups are not being generated from within. Many parasites, adware enabled software downloads and P2P files will create pop-ups. Remove them by scanning your system for spyware and parasites. See #3.

Next make sure these pop-ups are not "Messenger Service Spam".
GRC: Shoot the Messenger

3) Install good antispyware and run the scans 3 times. Update regularly.
Know "How to Detect Spies"

Before using any removal programs check them out first at:
"Rogue/Suspect Anti-Spyware Products & Web Sites"
"Protecting your PC w/ quality anti-spyware applications"
"What Adware/Spyware can do"
These programs are excellent aids in the removal and prevention of spyware and other nuisances.
Spybot Search and Destroy
Spyblaster
Spyguard
Adaware
Hijackthis
CWShredder V2.13 is the latest defense against the new Cool Web Search variants.

4) Use Firefox's Popupblocker to allow popups only from sites you trust.
5) Do not accept cookies from any site you do not trust. Also check from "originating site only."
6) Clear your Cache frequently.
7) Use a good antivirus program. Why pay for one when there are good free ones?
Use an antivirus that is updated daily and make yourself a schedule for scanning (once a week, once a month,twice a month). When I ran WinME my system was scanned daily at 4am.
If you don't have an anti-virus program, you can scan your computer with one of these online anti-virus scanners"
AVG
AntiVir
F-Prot
Avast
Clamwin


8 ) Use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Lock your Host file so it is read only. For more detailed information and a good HOSTS file to use visit;
"Blocking Unwanted Parasites with a Hosts File"

Add a list of ad servers to your hostperm.1 file to block ads.
A list of ad servers and how to use them to easily block 90% of ads on the web
http://pgl.yoyo.org/adservers/serverlis ... hostperm.1

Or you can use Bust Banner Ads with Proxy Auto Configuration

Use a Proxy Program:
Guidescope
Privoxy
Proxomitron
DansGuardian
Squid Web Proxy Cache

DO NOT use one of the anonymous open free proxy lists.
While thinking that you have made yourself more secure, you have actually opened yourself up for attack. When using an open proxy server, your PC is making a direct connection to another computer. You also do not know who is in control of this computer. Your passwords can be sniffed and your firewall tunneled. Your privacy can also be invaded as this person reads your email, snags your ICQ, IRC, AIM, MSN messages or any other unencrypted data.

If you need to be anonymous use one of the paid services. They are legit and safe.
The Proxy Connection
Anonymizer
Proxify
Steganos Internet Anonym

9) Use a good firewall. Read the manuals. Know how to set program permissions. For help configuring
your firewall see "Summary of Can't Connect/timeout Solutions"
Pay attention to what programs are requesting access. If you don't know what it is say deny.
Outpost Firewall
Zonealarm
Kerio Personal Firewall
Sygate Personal Firewall

10) Install the Adblock extension
Install the newest set of filters from Filterset.G @ pierceive.com Check for updates frquently, usually once a week.
Try adding /[\/.]*popup*[\/.]/ To Block popunders as well as popups.

11) Add a Startup Monitor to your Layered Protection. WinPatrol

12) Uncheck Allow Websites to install software. You can make exceptions for the ones you trust.

13) In your Javascript options only click "Change Images".
Get the <b>NoScript extension</b>
NoScript provides extra protection for your Mozilla Firefox browser: this extension allows JavaScript execution only for trusted domains of your choice. This whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality.

14) Flash popups seems to be everywhere on the net. Here is how to take care of them.
If you do not use Flash you can uninstall it or block it by adding the following to your userContent.css
/* Disable Flash */
embed[type="application/x-shockwave-flash"] {display: none !important;}

The Flashblock extension allows you to click and turn it on.
Spyblaster can set a kill switch disabling Flash.

15) You can add the following to your about:config to stop plugins from opening popups.
privacy. popups. disable_from_plugins Integer
Sets limits on popups generated from plugins (e.g. Flash)
0: lets all popups through
1: limits their number to dom.popup_maximum (even with popup blocker disabled)
2: blocks popups from plugins

16) Disable Java and only use it when you really need it. Turn off the Java Cache.

17) Secure your incoming emails. Use Thunderbird and not Outlook.
Use a email Spam filter. Use plain text instead of HTML.
Make sure your Anti-virus program scans your emails.
Windows: "SpamPal is a mail classification program that can help separate your spam from the mail you really want to read." I recommend using the "HTML Modify Plugin" Plugin Guide HTMLModify removes Javascript, Applets, Sounds, Webbugs in html emails, so that you can use your email program for reading HTML-Mails without giving Spammers/Hackers the chance to damage your PC or to track their mails. HTMLModify will also rename dangerous file attachments that could contain a virus (such as .bat,.scr etc. etc) and may, as a result, stop such a file form auto-running.

Linux: SpamAssassin: uses a wide variety of local and network tests to identify spam signatures."

18 ) Don't use ActiveX and block bad scripts. (Firefox does not use ActiveX unless you have installed the extension/plugin)
AnalogX Script Defender
SpywareBlaster systematically sets the kill bit for a long list of known ActiveX spyware.

19 ) Install a anti-trojan program. Anti-Trojan Software Reviews

20) Empty the Recycle Bin frequently.

21 ) Download and run CCleaner as the Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.

22) Defrag the hard drive regularly especially after CCleaner.

23) Download Windows Prefetch Clean and Control if you use WinXP then run it and clean the Prefetch monthly. There debate whether this is actually helpful or whether it hurts your system Use with care.

24) Keep your OS updated with the latest patches/service packs.

25) Be careful when installng programs. Never download anything if it is not from trustworthy site.
"Staying parasite-free"

26) By all means, be extremly careful when using any P2P file-sharing programs. As they can be spawning vats for viruses. Cracked and pirated programs are especially dangerous.

27) Practice safe surfing. "Safe Surfing"

28) Here is a good site to help one understand pc security and to take preventative measures.
Privacy and Security

By taking most of the above steps not only will you keep your system free of malware but also help others stay free by stopping the spread of malware. Be Safe not sorry.
<b>If all you are worried about is blocking Popups follow the first post.</b>

Comments are welcome. If something doesn't work or you find that somethng is incorrect please post in this thread and I will corrct it. Thanks.

This post is also available online at Secure your System

[DEverett]

craigevil-

Excellent, useful post. It's people like you that make user forums work as they should.

Best,
D.

[WhyBeNormal]

Note: This is about advertising pop-ups. If you want to block error pop-ups (such as "The operation timed out...", "The document contains no data" etc) and change them with error pages :
a. Type about:config in the location bar
b. Look for the line browser.xul.error_pages.enabled
c. Change its value to true

Is this feature still a little buggy? Does it still remove the last visited page from the Back button history?

[JoelG1967]

Sorry to be off topic. Can this post be put at the top without a Sticky or FAQ? People do not look at the Sticky's or FAQ.

[Guest]

Isnt there a bug where we can report popups so that they are blocked in the future?

[G'Dad]

Isnt there a bug where we can report popups so that they are blocked in the future?

Any built-in blocking mechanisms can only be as current as the browser release date. Plan on popup "creators" having a work-around out by the next day, if not sooner.

[sasquatch]

Isnt there a bug where we can report popups so that they are blocked in the future?

Bugzilla Bug 253831 sites with pop-ups that get past our pop-up blocker

[DEFIANT]

can this be stickied? lots of good info for the new people and vets alike.

[Filipp0s]

Too many stickies; there is a link to it in Frequently Asked Support Questions :: Read before posting

[scissor]

krishnika, you can find instructions for using the hosts file in a forum search. If that's not enough I suggest taking your questions to a new thread. I think this particular thread can serve best with a minimum of basic implementation back-and-forth posts.

[scissor]

The complete list of everything it's possible to do is nice, but I think a minimal list would be handy as well. Personally I do just these things:

Minimalist Firefox configuration changes necessary to block all popup windows

1. Turn on the popup blocker, obviously (Filipp0s A).
2. Disable popups from plugins (Filipp0s C). Personally I don't use Java and I keep Flash disabled, so Filipp0s C is normally not necessary for me. But when I want to let Flash out of its cage, this protects me from its worst abuses.
3. Use some sort of content filter to control websites that try to open unwanted windows when you mouseclick on their page (craigevil 2). Personally I use a Proxy Auto Configuration file, and I block only these sites: *.paypopup.com, *.casalemedia.com, and *.tribalfusion.com. At this time these three domains blocked controls almost every clickhandler advertising popup there is, and there doesn't seem to be any downside.

That's it. The complete list if you have a healthy installation of Firefox. It's true that Firefox's popup blocker does have some other esoteric vulnerabilities I haven't mentioned here, but I've never seen them used in a real website. Regardless, after taking these steps some fairly common things that some people consider popup windows can still get through. I'll list every type of popup I've ever seen in the wild:

All common varieties of popup window, and what to do about each

1. Malware and Windows Messenger Service.
2. Incompatible extensions have been known to break Firefox's popup blocker.
3. Classic popup windows opened after the page has finished loading. Examples: ABC News, AOL.
4. Plugins subverted to open popup windows. Examples: DarkLyrics, HPANA, Mugglenet, SpaceDaily, Warp2Search.
5. Click handler popups. Many websites have given up on opening classic popup windows, and now use script that opens an advertising window when you mouseclick in their page, in addition to doing whatever the mouseclick should have done. Examples: Drudge Report, ngemu, Useless Facts.
6. Web content designed to look like a popup window. Examples: kephyr.com's "popup" test #12, and (for quite some time now) hindustantimes.com.
7. Alerts and dialogs. Example: kephyr.com's "popup" test #21.

Doing everything that's mentioned in the first two posts is overkill. I'll list what I do to address each item.

1. If you get popup windows at regular intervals, even if you're not doing anything, and especially if you get popups when you're not even running a web browser, you have problems. Get rid of the malware and disable WMS (see the original post).
2. If you stop getting popups when running in safe mode, you know you need to update or uninstall some extensions. I don't know which ones, only you do. Note if safe mode doesn't help, you should also try a new profile, just to be certain. That's a guarantee that you don't have any extensions getting in the way.
3. Turn on the popup blocker.
4. Disable popups from plugins.
5. Firefox has no really useful built-in defenses against sites that want to open windows when you mouseclick in them. You need to selectively block certain kinds of content to defeat these windows. I use a Proxy Auto Configuration file. Other equivalent solutions include extensions like AdBlock, the hosts file, and rules added to userContent.css. Note you can also remove "click" and "mouseup" from the events allowed to open a window in the dom.popup_allowed_events pref. This is what the recent Pop-ups Must Die extension, sometimes mistakenly called a "new popup blocker," does. In my opinion this is overkill and you'll want to revert this change.
6. Repeat after me. These are not popup windows. Personally I do nothing about these, but you may want to use something like the AdBlock extension to filter page content. See craigevil's post above.
7. It's possible to stop alerts and certain Firefox dialogs like kephyr's "popup" #21, but you don't really want to. (See http://forums.mozillazine.org/viewtopic.php?t=15570 and http://forums.mozillazine.org/viewtopic.php?t=238166). Neither has been a real problem yet, because it's difficult to make money from alerts.

PAC file addendum
I don't like any of the commonly available solutions, so I'll expound on the minimalist solution I use. PAC instructs your browser to give special treatment to certain URLs of your choosing. Using PAC is like editing your hosts file but more flexible, or like installing an extension like AdBlock but less flexible and less invasive. On some systems, like recent versions of Windows, it's very easy to install. schooner.com has instructions.

You can download and use their PAC file if you like. Its purpose is to block all sorts of banner ads and the sites that use them. I find it to be prejudiced overkill. Mine is geared more toward blocking popup windows. The PAC file contains JavaScript. Here's the simplest functional version:

Code: Select all

function FindProxyForURL(url, host) {
  host = host.toLowerCase()
  if (dnsDomainIs(host, ".casalemedia.com") ||
      dnsDomainIs(host, ".paypopup.com") ||
      dnsDomainIs(host, ".tribalfusion.com"))
    return "PROXY 127.0.0.1:80"
  return "DIRECT"
}

This tells your browser to behave normally, except when asked to fetch anything from any server in the casalemedia, paypopup, or tribalfusion domains. In their case, there is nothing any of them has to say that you're interested in hearing, for any reason. I think it's reasonable.

Slightly off topic
Personally I also add these:

Code: Select all

      dnsDomainIs(host, ".doubleclick.net") ||
      dnsDomainIs(host, ".intellitxt.com") ||


Doubleclick doesn't open popups that I know of. But they are nothing but advertising, and they annoyed me at some point in the past. So I'm prejudiced too, but my prejudice is fairly small.

Intellitxt is that in-line advertising technique that opens little tooltip windows as you mouse over certain words on the page. Example: go to AnandTech and open any sub-document. The first link under "Latest Reviews" will do. You'll probably notice that the page took considerably longer to load than it should have, and you'll notice what looks like hyperlinks on the page that actually aren't, they just open little advertisements when you get too close to them. I think the advertising concept is kind of clever but in practice it annoys the bejeebers out of me, so I block it. At this time the design of the system makes that easy to do.

[Plenz]

The popup blocker blocks too much! It even blocks popups which I want to see because I clicked a link. I want the popup blocker only to block popups which pop up automatically. What can I do?

[AmboyGuy]

Second Test Version of Improved Popup Blocker Extension
http://mozilla.osuosl.org/pub/mozilla.o ... die1.1.xpi

[Guest]

A. Make sure you have pop-up blocking enabled. [ Tools | Options | Web-features | Block popup windows ]
C. To block pop-ups from plugins (such as Flash) type about:config in the location bar; right-click anywhere in the page and choose New>Integer; type privacy.popups.disable_from_plugins and press Ok; type 2 and press Ok
[You can choose anything between 0 and 2;
0: open allowed
1: the opened windows are treated as popups, but they're allowed to open (we limit the number of these types of popups)
2: the window is a popup, block it]

Hi Filippe or whoever can help. I followed the instruction above and I am experiencing problems (in certain sites) with the {BACK}operation: a window pops up saying that cannot go back without refreshing the page and all info provided including forms etc, will be lost. This is annoying and also some popups still pass. Please advise me how can I revert changes.