Reviewer's Ratings	Avg Company Rating
Overall Feeling
Customer Support
Value for the money
Product's ease of use
Ease of installation
Product website
Reliability

Compare Product Reviews in this Class

PROXOMITRON REVIEW (01 JUN 2001)
In this review, I have tested Proxomitron using the following "testbed":

1. CNN.com
   
2. ABCNews.com
   
3. TheStandard.com
   
4. Google.com
   
5. Space.com
   
6. Yahoo.com
   
7. Discovery.com
   
8. Some promiscuous sites (contact me for more information).
   
9. WebWasher.com
   
10. Privacy.net

URL list is the same in order to check the functionality of Proxomitron when it encounters such items as cookies, pop-ups, web bugs, and advertisements.

Now to the review. Downloading the application revealed two full release versions, one with an installer and one without. An installer is not required as Proxomitron can be easily copied to any directory and run without making any changes to the operating system. Un-installing Proxomitron involves simply a deletion of the directory in which it resides.

Caveat, for Win2k users, the installer is known to cause issues. It is highly recommended to download the version without the installer. Just Proxomitron is 668 KB, whereas with the installer is 847 KB. Since this test is on a Win2k box (as are all the other reviews), I downloaded just Proxomitron.

A beta version exists, but lacks the help file and other extras (author states that in actually the help file is all that is missing). Once can download the full version, and then copy the contents of the beta application over the full version, thereby making sure one has access to the extras not found in just the beta download.

Proxomitron.exe is 225 KB in length and takes 2,888 KB of memory usage.

Upon launching the executable, Zone Alarm Pro (ZAP or Zone Alarm [ZA]) alerts the user that Proxomitron (during the test, version Naoko-3 Rev. B) wants to ace as a server. For testing purposes, I set it to a permanent yes. Once testing is finished, this shall be set to permanent no.

Once authorized to access the Internet, the memory usage jumped slightly to 2,892 KB.

By default, the following options are checked:
click me.

1. Web page filters
   
2. Outgoing header filters
   
3. Incoming header filters
   
4. Freeze gif animation

Clicking the option for Web page filters, a list of options are displayed in a new window (* = enabled by default, $ = I enabled, # = I disabled):

1. Banner replacer
   
2. Banner blaster (limit text) *
   
3. Banner blaster (full text) $
   
4. Area map ad blaster *
   
5. Area map ad blaster pt2 (show all links) *
   
6. Kill javascript banners *
   
7. Kill hyper banner *
   
8. Counter killer
   
9. Webpage background killer
   
10. Webpage background replacer
    
11. Kill all backgrounds (even tables)
    
12. Sounds to links
    
13. Sound silencer
    
14. Embedded MIDI silencer *
    
15. Blink buster (Blink to bold) *
    
16. Freeze font's face
    
17. Onload unloader
    
18. OnUnload unloader *
    
19. Kill all pop-up windows *
    
20. Restore pop-up windows after page loads *
    
21. Link De-Obfuscator *
    
22. Anti-auto-refresher
    
23. Wordwrap all form textboxes *
    
24. Geocities branding killer
    
25. Kill add-on javascripts *
    
26. Suppress all javascript errors
    
27. Kill alert/confirm boxes *
    
28. Stop status bar scrollers
    
29. Kill dynamic html javascripts
    
30. Stop javascript timers
    
31. Disable javascript
    
32. Kill nosey javscripts
    
33. Disable javascript cookies $
    
34. Hide browser's referrer from JS *
    
35. Hide browser's version from JS $
    
36. Hide browser's identity from JS $
    
37. Kill the worst pop-up windows $
    
38. Kill window.external methods *
    
39. Stop onmouseover events
    
40. Frame jumper-outer *
    
41. Kill style sheets
    
42. Kill layers *
    
43. iframe/ilayer to link
    
44. Frame exploder
    
45. Allow for frame resizing
    
46. Deframer
    
47. Convert frames to links
    
48. DeTabler
    
49. Table with unlimiter
    
50. Skinnier table border
    
51. Foreign content-type filter

Next is the Headers filter, where you can control how the Proxomitron edits the HTTP header messages that pass between your browser and the Internet. Selecting the Headers filter, the following options were listed (* = enabled by default, $ = I enabled, # = I, (Two check boxes for each, OUT and IN) disabled):

1. Accept encoding: prevent webpage encoding (out) OUT *
   
2. Authorization: Example password entry (out)
   
3. Content-type: character set filter (in) IN *
   
4. Content-type: Fix javascript mime types IN *
   
5. Content-type: Fix MIDI mime types IN *
   
6. Content-type: Fix mp3 mime types IN *
   
7. Content-type: Show contents of a .pac files
   
8. Content-type: View Realaudio links
   
9. Cookie: Fake a cookie (out)
   
10. Cookie: Kill a cookie (out)
    
11. Forwarded:
    
12. If-Modified-Since: Always reload pages (out)
    
13. Last-modified: (in)
    
14. Pragma: Don't force reloads
    
15. Proxy-authorization: Send password to proxy server
    
16. Referrer: Hide where we've been (out) OUT *
    
17. Set-cookie: Never accept cookies (in)
    
18. URL-Killer: kill-a-URL (out) OUT *
    
19. User-Agent: OUT *
    
20. WWW-Authenticate: filter out passwords requests (in)
    
21. X-Forwarded-For:

Each of these can be customized. For instance, there is no default configuration for Web Bugs, but a filter does exist here which also includes instructions how to merge it with the default config file. I was unable to merge the web bug filter config file successfully, so I added it manually. Here is a snapshot of how it looks from within the Web page filter button.

Recalling that Proxomitron does not touch any files on the system since this was not an install, only a copy form the zipped file to a directory, I had to manually enter the proxy information for IE to use Proxomitron. I used localhost with port 8080 (this was the port that Proxomitron had in its configuration by default).

Enabling the Log window I embark on the tests without any further configuration.

Running through the URL list revealed no CNN.com cookie, which is a first.

However, doubleclick was able to penetrate, and Space.com exploded a couple pop-up windows on me. Advertisement were blocked, however, as stated, doubleclick was able to send a cookie through.

I found a Yahoo Groups forum for Proxomitron, and I had to ask some questions about Space.com, and why my setup was not filtering out cookies nor pop-ups. You can see here. Basically, I had kept in the Web page filter list the onload unloader disabled (which I had to enable) and kept the restore pop-up windows after a page loads enabled (which needed to be disabled). Once I modified my configuration with this tidbit of information and ran another test on Space.com, I found complete success. No cookies nor pop-ups. Here are some log entries in Proxomitron's HTTP Message Log:

35: Kill All pop-up windows
35: Suppress all JavaScript errors
35: Kill alert/confirm boxes
Match 35: Kill the worst Pop-Up windows
Match 35: Kill the worst Pop-Up windows
Match 35: Onload unloader
Browser reload detected...
Match 35: Banner Blaster (limit text)
Match 35: Frame Jumper-Outer
Match 35: Kill IFRAME popups
Match 35: Kill Layers
Browser reload detected...
Match 35: Kill Layers
Match 35: Kill IFRAME popups
Match 35: Block Web Bugs
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Banner Blaster (limit text)
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Block Web Bugs
Match 35: Frame Jumper-Outer
+++CLOSE 37+++
+++CLOSE 36+++
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Frame Jumper-Outer
Match 35: Block Web Bugs

Much to my surprise, I didn't even know Space.com had Web Bugs. This HTTP Message Log when activated reveals exactly what a web page throws at users. Talk about detailed information. Proxomitron seems to really get into the HTTP header information and filters out the 'bad stuff' starting there. The message log can capture three times, HTTP Headers, HTTP Filters and HTTP Debug Info. The test above for space.com had the first two enabled.

Even running through the mysterious adult website, nothing came up... no cookies, no pop-ups, no URL redirects. Amazing. Here is an excerpt of what was filtered:

Match 190: Kill the worst Pop-Up windows
Match 190: Disable JavaScript cookies
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Link De-Obfuscator
Match 190: Link De-Obfuscator
+++CLOSE 191+++
Match 190: Link De-Obfuscator
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Frame Jumper-Outer
Match 190: Hide Browser's Referrer from JS
Match 190: Hide Browser's Version from JS
Match 190: Hide Browser's Identity from JS
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer
Match 190: Hide Browser's Referrer from JS
Match 190: Hide Browser's Identity from JS
Match 190: Hide Browser's Version from JS
Match 190: Disable JavaScript cookies
Match 190: Hide Browser's Identity from JS
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer
Match 190: Banner Blaster (limit text)
Match 190: Frame Jumper-Outer

After reading a little of the help file, one interesting option I enabled is the Kill Nosey JavaScripts. Here is what it does: Kills any JavaScript that asks the wrong questions! Contains a list of "naughty" functions and properties that no JavaScript should use in polite company (including referrer, cookies, history, etc). Use it to stop JavaScripts from revealing personal information about you or your computer. Of course, you can customize the list according to what you feel is appropriate to reveal.

There does exist a couple default configuration files one can load, and here is a reference to what they are:

1. Proxomitron Defaults: Is another copy of all default settings - keep it as a reference if you change any of the defaults.
   
2. Proxomitron Retro: Same as the Default set, but shows an example of using an alternate background texture set.
   
3. Proxomitron Black Project: Another texture set example, but this one also has all settings enabled for more "anonymous" net surfing.

Without using any of these defaults, and only using what I have set thus far, I want to add another test URL, privacy.net. With the options I have enabled thus far, the privacy.net test showed the following results:

The system attempted to place the following persistent cookies on your system. Reload to see if the cookies were accepted

Privacy.net = Privacy Analysis
No Cookie from this site is on your system from prior visits.
You linked from here (if you linked from another web page):

»privacy.net/analyze/

Your Browser Type and Operating System:

SpaceBison/0.01 [fu] (Win67; X; ShonenKnife)

All information sent by your web browser when requesting this web page:

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us

Host: privacy.net Referer: »privacy.net/analyze/ User-Agent: SpaceBison/0.01 [fu]

(Win67; X; ShonenKnife)

Is JavaScript, VBScript, or JAVA enabled? Text will appear if these features are enabled.

The JAVA window may not appear until the page finishes loading.

VBScript is enabled and working.

Your screen width is : 1024 pixels
Your screen height is : 768 pixels
Your viewable Width is : 990 pixels
Your viewable Height is : 612 pixels

ShockWave Flash Plug-in - ShockwaveFlash.ShockwaveFlash is installed
Real Player Plug-in - rmocx.RealPlayer G2 Control is installed
Media Player - MediaPlayer.MediaPlayer.1 is installed
Adobe Acrobat Reader Plug-in - PDF.PdfCtrl.1 is installed
MS Agent 1.5 - Agent.Control.1 is installed
MS Agent 2.0 - Agent.Control.2 is installed
MS DirectAnimation Control - DirectAnimation.DirectAnimationIntegratedMediaControl.1 is installed


Upon reload a cookie was set. Hence...

Enabling the Set Cookie: Never accept cookies (In) has not allowed any cookie in whatsoever (including Privacy.net). The easiest way to allow a cookie entry, say for DSLR, is to click the bypass button, obtain the cookie, and unclick the bypass to re-enable filtering.

When confronted with the new "pop-under" ads, I am told that Proxomitron will indeed stop these. You can read that here. This link also contains an article on "pop-under" ads.

Testing pop-under ads at FastClick (a new URL test), revealed that Proxomitron did as was configured, it blocked the pop-under ad (using the bypass option, which does not filter anything, I reloaded FastClick and the pop-under appeared). Here is a copy of the log file:

+++GET 595+++
GET /members/pop_example.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Referer: »www.fastclick.com/members/pop_example...
Accept-Language: en-us
User-Agent: SpaceBison/0.01 [fu] (Win67; X; ShonenKnife)
Host: www.fastclick.com

+++RESP 595+++
HTTP/1.1 200 OK
Date: Sat, 02 Jun 2001 00:36:52 GMT
Server: Apache/1.3.19 (Unix)
Last-Modified: Mon, 09 Apr 2001 01:51:32 GMT
ETag: "10082b-5d2-3ad115a4"
Accept-Ranges: bytes
Content-Length: 1490
Connection: close
Content-Type: text/html
595: Kill All pop-up windows
595: Suppress all JavaScript errors
595: Kill alert/confirm boxes
595: Kill Dynamic HTML JavaScripts
Match 595: Disable JavaScript
Match 595: Disable JavaScript cookies
Match 595: Disable JavaScript cookies
Match 595: Disable JavaScript cookies
Match 595: Disable JavaScript cookies
+++CLOSE 595+++


There is a Naoko 4 Beta 4 version of Proxomitron which for instance makes cookie management easier - you can just add sites you want to an "Allow Cookie" list that's used on all the cookie filters. The beta version will not be reviewed here, but sure enough I will be upgrading once this review is complete.

Back to the test, visiting ABCnews on the URL test list also found no cookies for instance.

Excerpt from the Message Log:

Match 1056: Block Web Bugs
Match 1056: Disable JavaScript
Match 1056: Disable JavaScript cookies
Match 1056: Disable JavaScript
Match 1056: Banner Blaster (limit text)
Match 1056: Frame Jumper-Outer


Testing the rest of the URL links revealed no cookies got through in the Cookies folder or even in the TIF. No other application I have tested to date has been able to block cookies from entry into the TIF.

One issue I have seen, the WebWasher link that contains advertisements was able to get through. Out of all the URLs tested, no advertisements were able to penetrate Proxomitron, yet the link for WebWasher did for my current configuration.

This review can go on even longer, but I think a point has been made here which will cause me to stop the review. Any longer than this, and I can write a novella. This application is very powerful, very customizable, and has a high learning curve. It is very easy not to set the right option, and that may cause something unwanted to get through.

For example, here one can see the categories that are covered in functionality of Proxomitron (for those that do not have a Yahoo groups account, these are: Block list files, Config files, Cosmetic, Feature-block, Forms, Privacy, Security, Site specific, Spam blockers and Other).

So if I may make an analogy, this is similar to the question of Zone Alarm and Tiny PF.

Zone Alarm works for the masses, and for the people who want more control of their firewall, TPF is the way to go.

So this review, in my humble opinion will say the same thing. If you want ease, stay with the HOSTS file since that is updated and all one has to do is write over your old when updates are released. Or one can continue to use alternatives like WebWasher, Cookie Pal, Cookie Wall, PopKi, and the list goes on. But if you want what appears to be full power (including scripting control), then Proxomitron is for you.

This review was originally posted at DSL Reports in this thread. Some of the original links were broken so this review has updated links. 24 Feb 2002.

Added: February 24th 2002

Related Link: Proxomitron
Hits: 18462
NOTE: Product reviews are independently written by our members and do not necessarily express the opinions or views of CastleCops.