It looks like what ever was causing the high pull-the-plug rate on the hosts is over now.
Sad but true...
I think my advice is to tell people to merge this file with what ever they have with HostsMan on Windows...
Just live with the dead hosts in the file (they are very good at removing them now) and realize that they don't have all of the problem hosts out there.
Calculations - part 1:
In late 2008,it was estimated that there were about...300 million porn sites out there on the net.
Now - just how many are the supposedly "well-recognized" legitimate sites of the porn industry?
50-100 maximum i would dare saying...but let's add to these the lesser known ones - say 400 more?
Assume that each one out of them also has...2000 different commercially affiliated partner sites: counting 2.500 now in total.
Let's be generous...and assume that each one of the above webmasters,actually runs...500 different sites: which brings us up to 1.250.000
But i'll even "round it" up to 2 million...thereby,counting 298 million sites left...
Calculations - part 2:
Anyone really thinks that i'm way too strict with the above?...
He/she should feel free to multiply with 10x...it would still leave us with 280 million "suspicious" sites,lol...
And even so...i still feel like i should be even more "generous" than that,he-he:
let's say that merely 5% out of these serves nasties and the like...which leaves us with 14 million sites.
Now,what's the point of all the above...MDL lists about 7.000 sites at the moment.
Other blocklists have 50.000 entries,and some others maybe even 100.000 in total.
Even if a blocklist file had 1 million entries,someone can easily see that it is more or less the "poor man's AV".
Thereby,what makes a blocklist effective,is obviously not the number of domains listed.
Even more,it's not that much the "how often" it is updated per day/week...although this plays a quite major role.
It's the "quality" of the malware that it can block at a given moment in time,what is actually important...
ie.samples with low detection rate who represent a newer threat that mutates/spreads in a small fraction of time,
pages that can act as a carrier/dropper for multiple drive-by infections in a row etc...
...If the whole process of blacklisting domains was "organized" in a 100% optimal way,
i'd dare saying that most of the "new and important" malware threats could be prevented from spreading
with a daily updated blocklist that would contain only 4000,or maybe say 5000 entries...
Prevented from spreading
means...until the AV products fully dissect the newer threats presented by the sites in question,
add the samples in their database,improve their engines to deal with possible future variants proactively etc etc:
for decent products,this is usually just a matter of a few days...same goes for browsers and search engine proactive filters.
Now,if only more ISPs/netops also somehow made use of such blocklists during these few days...
Spamhaus seems to be the only notable exception of blacklisting service which is widely utilized for the time being.