Slashdot Mirror
Domain: abuse.ch
Stories and comments across the archive that link to abuse.ch.
Comments · 139
-
My HOSTS updates "automagically" every 15 min.
Via a PyThon script, that does the following:
---
1.) Removes duplicates/normalizing the HOSTS file
2.) Alphabetizes it
3.) Changes the larger & slower 127.0.0.1 loopback adapter std. address MOST hosts files use typically, opting for the smaller & FASTER read in (and with no loopback, pure "blackholing" only) 0.0.0.0 address!
4.) It also removes any # comments that bloat hosts, along with "trailing nulls or blanks" many have that additionally bloat the HOSTS file.
---
Once she's read up into the DNS client cache (must turn this off for large ones like mine, currently @ 1,017,970++ entries strong), OR, into the local DISKCACHE (since it's just a filtering file for the IP Stack)?
She's fast as nobody's business!
APK
P.S.=> That's how I do it, & all that, & from these reputable & reliable sources for HOSTS file data vs. adbanners &/or KNOWN bad sites/servers/hosts-domain names:
http://www.malwaredomains.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN
bad servers blocked):http://www.safer-networking.org/en/download/index.html
& it works... even many slashdotters use them, by the by, & my list of 20++ points in favor of HOSTS files quotes their results as well (for some "peer evidences" from the likes of your fellow posters on this website in fact, in addition to myself).
... apk
-
My HOSTS updates "automagically" every 15 min.
Via a PyThon script, that does the following:
---
1.) Removes duplicates/normalizing the HOSTS file
2.) Alphabetizes it
3.) Changes the larger & slower 127.0.0.1 loopback adapter std. address MOST hosts files use typically, opting for the smaller & FASTER read in (and with no loopback, pure "blackholing" only) 0.0.0.0 address!
4.) It also removes any # comments that bloat hosts, along with "trailing nulls or blanks" many have that additionally bloat the HOSTS file.
---
Once she's read up into the DNS client cache (must turn this off for large ones like mine, currently @ 1,017,970++ entries strong), OR, into the local DISKCACHE (since it's just a filtering file for the IP Stack)?
She's fast as nobody's business!
APK
P.S.=> That's how I do it, & all that, & from these reputable & reliable sources for HOSTS file data vs. adbanners &/or KNOWN bad sites/servers/hosts-domain names:
http://www.malwaredomains.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN
bad servers blocked):http://www.safer-networking.org/en/download/index.html
& it works... even many slashdotters use them, by the by, & my list of 20++ points in favor of HOSTS files quotes their results as well (for some "peer evidences" from the likes of your fellow posters on this website in fact, in addition to myself).
... apk
-
There's MANY valid sources you can use
http://www.malwaredomains.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN
bad servers blocked)http://www.safer-networking.org/en/download/index.html
---
"You ARE a spamming nutbag" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage
Oh, really? Do you have your:
---
1.) A PHD in Psychiatry to your name/credit?
2.) A license to practice it professionally??
3.) Years-to-Decades of professional experience in the field of psychiatry???
4.) A formal examination of myself in a professional environs to make your "instant snap prognosis" of my alleged mental state according to you, the "/. SiDeWaLk PsYcHo-AnALySt"????
---
No to ALL/EACH of the above????? So much for THAT "ad hominem" effete attempt on your part directed MY way then, eh??????
I.E.-> You personally just don't have the credentials to make your assessments in calling me a nutbag, period. In fact, you're libelling me in doing so... don't you KNOW that?????? There's LAWS against it you fool!
Instead - Why don't you attempt to attack the 20 points in favor of HOSTS files I put out??????
---
Oh, that's right - YOU ALSO SAID THIS:
"although you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage
That's right I am RIGHT... always am!
APK
P.S.=> Take your pick... I just happen to consolidate them ALL, into 1 file here (via a PyThon script engine that does so every 15 minutes, removing duplicates/normalizing it, and alphabetically sorting them also, & changing the larger + slower 127.0.0.1 loopback address (slower due to loopback ops) to the faster & smaller + most compatible 0.0.0.0 blackhole address instead)... apk
-
There's MANY valid sources you can use
http://www.malwaredomains.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN
bad servers blocked)http://www.safer-networking.org/en/download/index.html
---
"You ARE a spamming nutbag" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage
Oh, really? Do you have your:
---
1.) A PHD in Psychiatry to your name/credit?
2.) A license to practice it professionally??
3.) Years-to-Decades of professional experience in the field of psychiatry???
4.) A formal examination of myself in a professional environs to make your "instant snap prognosis" of my alleged mental state according to you, the "/. SiDeWaLk PsYcHo-AnALySt"????
---
No to ALL/EACH of the above????? So much for THAT "ad hominem" effete attempt on your part directed MY way then, eh??????
I.E.-> You personally just don't have the credentials to make your assessments in calling me a nutbag, period. In fact, you're libelling me in doing so... don't you KNOW that?????? There's LAWS against it you fool!
Instead - Why don't you attempt to attack the 20 points in favor of HOSTS files I put out??????
---
Oh, that's right - YOU ALSO SAID THIS:
"although you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage
That's right I am RIGHT... always am!
APK
P.S.=> Take your pick... I just happen to consolidate them ALL, into 1 file here (via a PyThon script engine that does so every 15 minutes, removing duplicates/normalizing it, and alphabetically sorting them also, & changing the larger + slower 127.0.0.1 loopback address (slower due to loopback ops) to the faster & smaller + most compatible 0.0.0.0 blackhole address instead)... apk
-
HOSTS files can do the same... apk
See subject-line. You already have an alternate viable working solution vs. this FireFox ONLY browser addon: It's called your HOSTS file, and it works on ALL webbrowsers (in fact, ANY webbound program, e.g.-> External to webbrowser email programs like Outlook &/or Outlook Express, among others)!
So, if you're able to edit a text file, which most folks CAN & have done before? You can work with it, easily.
APK
P.S.=> It's a matter of editing/adding to a simple text file for HOSTS files, from reputable/reliable sources, such as these:
---
http://www.safer-networking.org/en/download/index.html
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
https://spyeyetracker.abuse.ch/monitor.php
https://zeustracker.abuse.ch/monitor.php?filter=online
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
---
(The last one also has an EASY TO USE "point-N-click" GUI easy tool to help manage the HOSTS file, called HOSTSMAN, which allows for auto-update as well, very little user interaction required... & it removes duplicate entries and keeps you updated as well, "automagically"!)
Yes, a simple text file which YOU, the end user, has COMPLETE control over, which is all the HOSTS file really is, a text file based filter for the IP Stack running in Ring 0/RPL 0/kernel mode (PnP driver design in MacOS X & Windows case - not 100% sure of Linux, but probably similar & kick "on" fully, on demand by usermode code programs) for the best in speed/efficiency over this add on also, since the addon runs in Ring 3/RPL 3/usermode... apk
-
HOSTS files can do the same... apk
See subject-line. You already have an alternate viable working solution vs. this FireFox ONLY browser addon: It's called your HOSTS file, and it works on ALL webbrowsers (in fact, ANY webbound program, e.g.-> External to webbrowser email programs like Outlook &/or Outlook Express, among others)!
So, if you're able to edit a text file, which most folks CAN & have done before? You can work with it, easily.
APK
P.S.=> It's a matter of editing/adding to a simple text file for HOSTS files, from reputable/reliable sources, such as these:
---
http://www.safer-networking.org/en/download/index.html
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
https://spyeyetracker.abuse.ch/monitor.php
https://zeustracker.abuse.ch/monitor.php?filter=online
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
---
(The last one also has an EASY TO USE "point-N-click" GUI easy tool to help manage the HOSTS file, called HOSTSMAN, which allows for auto-update as well, very little user interaction required... & it removes duplicate entries and keeps you updated as well, "automagically"!)
Yes, a simple text file which YOU, the end user, has COMPLETE control over, which is all the HOSTS file really is, a text file based filter for the IP Stack running in Ring 0/RPL 0/kernel mode (PnP driver design in MacOS X & Windows case - not 100% sure of Linux, but probably similar & kick "on" fully, on demand by usermode code programs) for the best in speed/efficiency over this add on also, since the addon runs in Ring 3/RPL 3/usermode... apk
-
Want to protect yourselves vs. SpyEye & Zeus?
Defend yourselves vs. both SpyEye &/or Zeus botnets, via these 2 sites that track the entire server network of both the ZEUS &/or SpyEyE botnets:
---
SPYEYE TRACKER:
https://spyeyetracker.abuse.ch/monitor.php
ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
---
I populate (and have been doing so for years since 1997 or thereabouts for many malicious websites/servers) a custom HOSTS file vs. them (along with firewall rules tables (software here usually, as my router rules table is NOT that allowably "big" in my LinkSys/CISCO unit))...
HOWEVER: You can do it exclusively in better routers out there, or purely by firewalls in software too (because they cover IP addresses whereas HOSTS files do not - however, a good 99% of the attackers use host/domain names, because they are "recyclable" & these 2 botnets in particular, are NOTORIOUS for it (they must have learned a 'trick-or-two' from the RBN (russian business network)).
I just believe in the concept of "layered security", so I do them all... as layered security is currently the best thing we have going!
... * Some "Food-4-Thought" & yes, it really works!
APK
P.S.=> Enjoy... apk
-
Want to protect yourselves vs. SpyEye & Zeus?
Defend yourselves vs. both SpyEye &/or Zeus botnets, via these 2 sites that track the entire server network of both the ZEUS &/or SpyEyE botnets:
---
SPYEYE TRACKER:
https://spyeyetracker.abuse.ch/monitor.php
ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
---
I populate (and have been doing so for years since 1997 or thereabouts for many malicious websites/servers) a custom HOSTS file vs. them (along with firewall rules tables (software here usually, as my router rules table is NOT that allowably "big" in my LinkSys/CISCO unit))...
HOWEVER: You can do it exclusively in better routers out there, or purely by firewalls in software too (because they cover IP addresses whereas HOSTS files do not - however, a good 99% of the attackers use host/domain names, because they are "recyclable" & these 2 botnets in particular, are NOTORIOUS for it (they must have learned a 'trick-or-two' from the RBN (russian business network)).
I just believe in the concept of "layered security", so I do them all... as layered security is currently the best thing we have going!
... * Some "Food-4-Thought" & yes, it really works!
APK
P.S.=> Enjoy... apk
-
ZEUS Tracker can help you then & here's how
ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
Add what's in there hostname-domain/subdomain name-wise into your HOSTS file, and zeus can't touch you, because you stop access to ANY of its botnet's servers or enslaved zombies.
(And, when you get IP Addresses in there rather than URL's as 99% of them are, add them in as a new firewall rule that denies access to them (either in your software based firewall OR router)).
APK
P.S.=> It works. It's what I do for myself, family, & friends until ZEUS (& other bots like SpyEye which also has such a tracker of its command & control, dropzone, etc. servers also) is "taken down", which is probably only a matter of time... apk
-
Re:Your "script kiddie script" doesn't work fully
What is this zeustracker bullshit? Are you blind? Can you not read? The script gets hosts data from:
http://www.mvps.org/winhelp2002/hosts.txt
http://someonewhocares.org/hosts/
http://hostsfile.org/Downloads/BadHosts.unx.zip
http://hostsfile.mine.nu/Hosts
http://support.it-mate.co.uk/downloads/hphosts.zip
https://zeustracker.abuse.ch/monitor.php?filter=online
which are all of the sources you claimed to be using. Have you actually resorted to bare faced lies now? -
Don't laugh too soon, because this works vs. this
See my subject-line above, & these host/domain names, blocked off (via the 0.0.0.0 blocking "IP Address"):
---
0.0.0.0 xtremedefenceforce.com
0.0.0.0 elvis.com.au---
SOURCE: http://krebsonsecurity.com/2011/01/white-house-ecard-dupes-dot-gov-geeks/
Also, since this thing is allegedly suspected to be a ZEUS variant:
---
PERTINENT QUOTE/EXCERPT:
"A 75GB cache of stolen data shows that the botnet, which is a variant of Zeus, has been used to steal a wide range of information, including tens of thousands of login credentials -- mainly for financial accounts
SOURCE: http://www.computerworld.com/s/article/9158778/Kneber_botnet_hit_374_U.S._firms_gov_t_agencies
---
?
This MAY come in very "handy" as well:
---
ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
---
Symantec uses it
---
PERTINENT QUOTE/EXCERPT:
"Sites such as Abuse.ch Zeus tracker have for some time now been doing an excellent job in tracking Zeus command & control (C&C) servers and hosts of Zeus files.
SOURCE: http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits
---
So do I... because it allows you to "keep up/keep current" vs. that botnet C&C servers this thing utilizes.
"Blacklists" (which HOSTS files can function as, but also as "whitelists" too), especially in THIS situation? Work!
APK
P.S.=> So - Simply add those host/domain names, blocked off as shown, to your OWN hosts file (typically located in %WinDir%\system32\drivers\etc, on modern Windows OS, &
-
Not if the user uses custom HOSTS files... apk
See my subject-line above, & these host/domain names, blocked off (via the 0.0.0.0 blocking "IP Address"):
---
0.0.0.0 xtremedefenceforce.com
0.0.0.0 elvis.com.au---
SOURCE: http://krebsonsecurity.com/2011/01/white-house-ecard-dupes-dot-gov-geeks/
Also, since this thing is allegedly suspected to be a ZEUS variant:
---
PERTINENT QUOTE/EXCERPT:
"A 75GB cache of stolen data shows that the botnet, which is a variant of Zeus, has been used to steal a wide range of information, including tens of thousands of login credentials -- mainly for financial accounts
SOURCE: http://www.computerworld.com/s/article/9158778/Kneber_botnet_hit_374_U.S._firms_gov_t_agencies
---
?
This MAY come in very "handy" as well:
---
ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
---
Symantec uses it
---
http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits
PERTINENT QUOTE/EXCERPT:
"Sites such as Abuse.ch Zeus tracker have for some time now been doing an excellent job in tracking Zeus command & control (C&C) servers and hosts of Zeus files."
---
So do I... because it allows you to "keep up/keep current" vs. that botnet C&C servers this thing utilizes.
"Blacklists" (which HOSTS files can function as, but also as "whitelists" too), especially in THIS situation? Work!
APK
P.S.=> So - Simply add those host/domain names, blocked off as shown, to your OWN hosts file (typically located in %WinDir%\system32\drivers\etc, on modern Windows OS, &
-
And this protects you from basically nothing?
"And this protects you from basically nothing except some advertising." - by Anonymous Coward on Thursday December 30, @09:05PM (#34717748)
You're WRONG... see below:
---
HACKERS USE ADBANNERS ON MAJOR SITES TO HIJACK YOUR SYSTEM: -> http://www.wired.com/techbiz/media/news/2007/11/doubleclick
THE NEXT AD YOU CLICK MAY BE A VIRUS: -> http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus
NY TIMES INFECTED WITH MALWARE ADBANNER: -> http://news.slashdot.org/article.pl?sid=09/09/13/2346229
MICROSOFT HIT BY MALWARES IN ADBANNERS: -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm
2 MAJOR AD NETWORKS FOUND SERVING MALWARE: -> http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware
ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml
ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss
---
By blocking out adbanners, not only do you get more SPEED, but... also more SECURITY, against malwares that have been shown to exist in some adbanners maliciously embedded & obfuscated code in javascript.
Additionally, by my populating my hosts file, nearly hourly, from reputable sites for that vs. KNOWN BAD SITES/SERVERS?
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)I can't get burned, if I can't go into the KNOWN BAD SITES' "malware kitchen"...
(Very simple, & it works!)
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
APK
P.S.=> Ah, I just gotta say it, as per my usual: "too, Too, TOO EASY", just '2EZ'... apk
-
You're going to eat your words YET AGAIN
"For your magical woobie to work you will not only have to have EVERY site you visit that MAY OR MAY NOT be infected at that very moment in your magical HOPES file, but every single site they link to such as ad servers and your list has to be accurate to the minute or it is nothing but a woobie" - by hairyfeet (841228)
on Wednesday December 22, @02:24AM (#34638726)That "woobie" IS actually "accurate to the minute" here, & 915,000 unique entries of KNOWN BAD SITES/SERVERS/HOST-DOMAIN NAMES... simply because I update it from sites that contain information on bad sites/servers/hosts-domain names, & they update 4 or more times a day themselves:
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500So, as per usual? So much for that from you!
---
"You have bet your ENTIRE existence on a 20 year old tech nobody uses anymore!" - by hairyfeet (841228) on Wednesday December 22, @02:24AM (#34638726)
I think you had best check with places like mvps.org from my reputable sources list above, & their forums people as a counter-example... there are 1000's of them there alone & there are other sites like they too.
Then again also? There are testimonials like this one too:
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
To further substantiate this for me (and as I said before here -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834 I can produce more like that quoted testimonial above)... he, like myself & many others, due to using hosts files, good sense, & layered security concepts, DO NOT GET MALWARE (which blows your points here http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834 away, with ease, right at their foundations!)
You still have not "debunked & disproved" my 20++ points in favor of HOSTS files here either:
http://it.slashdot.org/comments.pl?sid=1916240&cid=34607890
Have you? Nope.
(Instead, all we get from you is easily disproven B.S. (via testimonials alone even), and foaming at the mouth hysterically utt
-
Time 4 U2 EAT YOUR WORDS HERE too... apk
"For your magical woobie to work you will not only have to have EVERY site you visit that MAY OR MAY NOT be infected at that very moment in your magical HOPES file, but every single site they link to such as ad servers and your list has to be accurate to the minute or it is nothing but a woobie" - by hairyfeet (841228)
on Wednesday December 22, @02:24AM (#34638726)That "woobie" IS actually "accurate to the minute" here, & 915,000 unique entries of KNOWN BAD SITES/SERVERS/HOST-DOMAIN NAMES... simply because I update it from sites that contain information on bad sites/servers/hosts-domain names, & they update 4 or more times a day themselves:
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500So, as per usual? So much for that from you!
---
"You have bet your ENTIRE existence on a 20 year old tech nobody uses anymore!" - by hairyfeet (841228) on Wednesday December 22, @02:24AM (#34638726)
I think you had best check with places like mvps.org from my reputable sources list above, & their forums people as a counter-example... there are 1000's of them there alone & there are other sites like they too.
Then again also? There are testimonials like this one too:
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
To further substantiate this for me (and as I said before here -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834 I can produce more like that quoted testimonial above)... he, like myself & many others, due to using hosts files, good sense, & layered security concepts, DO NOT GET MALWARE (which blows your points here http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834 away, with ease, right at their foundations!)
You still have not "debunked & disproved" my 20++ points in favor of HOSTS files here either:
http://it.slashdot.org/comments.pl?sid=1916240&cid=34607890
Have you? Nope.
(Instead, all we get from you is easily disproven B.S. (via testimonials alone even), and foaming at the mouth hysterically utt
-
Easy to beat with a custom HOSTS file
"1) Russian criminals have control over the wikileaks.org and wikileaks.info domains and are distributing malware. The current real wikileaks website is wikileaks.ch." - by Anthony Mouse (1927662) on Saturday December 18, @08:04PM (#34603730)
ping wikileaks.ch IS YOUR FRIEND!
Enter the result of that into your custom HOSTS file (Windows: %WinDir%\system32\drivers\etc OR on LINUX: root/etc OR ON ANDROID PHONES: by mounting the system mountpoint first, w/ read + WRITE ability, & then using the SDK tool ADB to PUSH the new HOSTS file into the etc folder there, overwriting the stock-oem model)
E.G.-> (from MY "ping" result, that would go into a HOSTS file for this):
178.21.20.9 wikileaks.ch
PUT THAT INTO YOUR CUSTOM HOSTS FILE (after pinging wikileaks.ch, because the IP address you come up with MAY be different than that which I come up with here).
That's doing a "whitelisting" in your HOSTS file, w/ the proper IPAddress - to - HOST/DOMAINName resolution, so you reach that site (and, you avoid DNS request log tracking in doing so also, bonus, because you NEVER USE THE ISP/BSP (or other) DNS server, period).
---
"2) Spamhaus has been telling people about (1). 3) The Russian criminals are now retaliating by using their botnets to DDoS Spamhaus under the flag of AnonOps." - by Anthony Mouse (1927662) on Saturday December 18, @08:04PM (#34603730)
Hey - They're easy to beat too (Russian criminals), & also by using a HOSTS file...
Albeit, this time, NOT FOR WHITELISTING A SITE, but, rather for "blacklisting" the sites/servers they use or redirect you to, for loading malware onto your systems!
(Between that, & using NoScript or turning off javascript period, you ARE PROTECTED (you really only need it for database accesses when you come down to it, to do "real things" (not playtime stuff, or eyecandy) usually, after all)).
APK
P.S.=> Reputable, reliable, & regularly updated sources for blacklisting data for a HOSTS file are as follows:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
-
HOSTS files are superior to AdBlock &/or DNS a
20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
-
HOSTS files are superior to AdBlock &/or DNS
20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
-
HOSTS files are superior to AdBlock & DNS even
20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
-
With a HOSTS file? You don't NEED to do that...
"Reading the report, it sounds like they were just testing the browsers' databases of known malware/phishing sites" - by gman003 (1693318) on Wednesday December 15, @03:51PM (#34565790)
Per my subject-line above? With a GOOD UP-TO-DATE HOSTS FILE?? You don't even NEED to do that!
I update mine daily, from these reliable & reputable sources (for blocking out KNOWN bad sites/servers/host-domain names etc.):
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500---
So, IF/WHEN you have a HOSTS file that has up to date blocking data in it? There's really no real need to do "browser based checks" of URL's, other than for "layered-security" purposes (which isn't a BAD THING TO DO, & it's the "current trend" for better security online).
Besides: IE, FireFox, and Opera ALL have methods for blocking out known bad sites already:
---
Opera has URLFILTER.INI (Spybot S&D populates this, alongside the Opera community doing updates to it too)
FireFox has an analog to Opera's filter file (which is what SpyBot S&D populates alongside a HOSTS file too vs. known bad sites)
IE has "restricted zones"
---
Still - the folks @ MS doing this in IE9 (which I use here)? Not a bad thing at all, for "layered-security"...
APK
P.S.=> Even the folks @ WIKIPEDIA aren't against blacklists like HOSTS:
---
PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ )
"we are in favour of 'Blacklists', be it for mail servers or websites
---
Why? Well, because they work... especially for layered security online... apk
-
I update my custom HOSTS file once a day here
Once a month! Do you really think that's enough? DNS records change all the time. Not all of them, but enough to make that list obsolete in a couple of days." - by icebraining (1313345) on Friday December 10, @04:13AM (#34512138) Homepage
Well - For blocking out known bad sites, that's "adequate" (that's mvps.org's schedule though - I do it FAR MORE FREQUENTLY, as far as blocking of sites that harbor malware exploits)...
However, the HOSTS file can be used to do more than just that though in "hardcoding in" your favorite websites IPAddress - to - domain/host name equation for more speed, & blocking out known bad sites is a part as I noted it above... so is blocking out adbanners (good OR BAD ones http://apcmag.com/microsoft_apologises_for_serving_malware.htm).
(See, icebraining - You're ONLY hitting on 1 use of a HOSTS file only here, in noting hardcoding the "IPAddress-to-Domain/Host Name resolution" into them for more speed, which also gives you the speed advantage of avoiding DNS request roundtrip time, & also the security advantage of avoiding DNS request logs tracking too - HOWEVER, custom HOSTS files are also a great layer of defense vs. being malware attacked by malicious scripts known bad sites have too).
Personally, I use mvps.org's lists for update vs. adbanner servers, & also known bad sites... I use them, alongside MANY others also (see below):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500For blocking out adbanners &/or known bad sites? I do updates from the above sources, everyday (working on one now as I write this)
---
NOW: For more speed to my favorites for my top 250 "favorite sites" (like this one)?
The same program I wrote that does this as well:
1.) Removes duplicate HOSTS files entries
2.) Trims trailing blanks (which a SELECT * DISTINCT ORDER BY query leaves in say, Access, because no VARCHAR exists (like mySQL, Oracle, SQLServer, DB2 etc. have))
3.) Alphabetizes the entries in my HOSTS file
4.) Changes the blocking IP address used from 127.0.0.1 (std./stock loopback adapter address, slowest & largest read of the lot here), to 0.0.0.0 (better in speed/size for reads, & just as compatible as the loopback), to 0 (smallest & fastest of the lot, but, only works in Windows 2000 SP#2 onwards/XP/Server 2003 (used to in VISTA up to 12/09/2008 MS "Patch Tuesday", & it no longer does after that on Windows VISTA/Windows Server 2003/Windows 7))
My custom HOSTS updating program (APK Hosts File Grinder 4.0++) also "Pings" my list of my fav. sites (read up from a text file into a listbox) to keep them curren
-
metrix007 disprove these points then on HOSTS
"Kid, you have no idea what you're talking about... You are strongly misinformed on several points. I can't be bothered to respond to you, (i.e. feed the troll) because I don't think it would be worth my time. You're obsessed, and not interested in rational discussion - by metrix007 (200091) on Monday December 06, @07:03AM (#34458496)
Ok, you FINALLY came back in, & NO: I am TRULY interested in "rational discussion", not avoiding it (as you obviously are with your 2 trollish replies here in this thread), so with that said? Disprove each of these 15 points on HOSTS files then:
15++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.ab -
Thanks for the info.: Why? See inside... apk
Thanks for supplying the bogus domains information. I checked on yourisp.ru, and sure enough - a known bogus malware domain/host name. It's blocked out here now, alongside payment8ltd.net, & how? Here is HOW & WHY:
15++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).
9.) AdBlock & DNS servers are program
-
I never see their crap. How? Block spammer domains
What blocks off known bogus sites/servers or entire hostnames/domains better than anything (because it's not a program, and because it's just a filter that operates @ the IP Stack level, and covers ALL your webbound programs, plus mine at least gets updated from reputable & reliable sources, daily): a custom HOSTS file.
You've also already got one, whether you all know it or not, & it's just a matter of either downloading a prebuilt on (sources are below), or filling one in yourself, and yes, they work even vs. spam mail (& better than adblock does, because that only covers browsers it's designed for (maybe 1-3 of them), but not external HTML + script based external email programs, like Outlook Express/FULL Outlook)).
15++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spyb -
At least you were "modded up" for HOSTS use... apk
15++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).
9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.
10.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.
11.) HOSTS files are E
-
I've written such a program, as have others
"All you have to do now is automate the process of updating it. You could have some sort of program that acted both as a client and a server..." - by maxume (22995) on Wednesday December 01, @09:23AM (#34403684)
Examples of what you're asking for have been done (I've done one myself even), but here are some "examples thereof":
HOSTSMAN:
http://www.abelhadigital.com/hostsman
HOSTESS:
http://www.raymarron.com/hostess/
I am FAIRLY sure those do "remote updates", but check to be sure...
(and, there ARE others too, but that's what I came up with on "short-notice" - I *think* mvps.org possibly even has one with the HOSTS file they distribute)
OR
You can just go to these sites & get current copies:
https://zeustracker.abuse.ch/blocklist.php?download=hostfile
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=DownloadTo name a few reputable & reliable + regularly updated models of HOSTS files (the program I wrote consolidates them all, removes duplicates, alphabetizes the entries, + changes the "blocking IP Address" format from 127.0.0.1 (slowest & largest), to 0.0.0.0 (next slowest & largest) to 0 (not compatible w/ all OS' anymore, but was until Windows VISTA & still is on 2000/XP/Server 2003) & lastly "Trims" them so that no trailing bloating blanks remain (which is what happens in DB engines like Access since no VARCHAR type is present in Access, as it is in mySQL, SQLServer, Oracle, DB2 etc./et al where you can use SELECT * DISTINCT / ORDER BY type queries to do the same as far as removing duplicates, sorts, etc.)
APK
P.S.=> Mine's for personal use (I didn't build in the HTTPGET functionality into it, because I simply email my HOSTS file (a composite of all others + 30,000 or so adbanner blocks I put into it myself) to others that request it, & other programs like that already exist (but they don't do quite as much as mine does otherwise per the list of its functions I put into it above))... apk
-
HOSTS files benefits (over AdBlock &/or DNS ev
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
4.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
5.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
6.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
http://ddanchev.blogspot.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).
8.) AdBlock is a program, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.
9.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content.
10.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)
11.) You don't have the sourcecode to Adblock. With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).
12.) Hosts files are easily secured via using MAC/ACL &/or Read-Only attributes applied.
13.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF
-
HOSTS files are superior to AdBlock & how/why
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
4.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw for years now - hosts protect against that via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
5.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
6.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
http://ddanchev.blogspot.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).
8.) AdBlock is a program, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.
9.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content.
10.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)
11.) You don't have the sourcecode to Adblock. With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).
12.) Hosts files are easily secured via using MAC/ACL &/or Read-Only attributes applied.
13.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name
-
Ummmm, yes... apk
"How about if - rather than an FBI warning or whatever - the site is replaced by a clone that sniffs your info or installs trojans?" - by phorm (591458) on Friday November 26, @01:29PM (#34351528) Homepage
HOSTS can also be used to block KNOWN bad websites that serve up malware:
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=onlineMany of those sites have "removal lists" IF a site cleans itself up, or if it just "drops out of site"!
(The latter I don't trust though, because malware makers "recycle" domainname/hostnames they own, & the RBN (russian business network) though thought 'dead'? Has had it's domain/host names reused by ANOTHER botnet recently!)...
Thus, I add those sites that are known as serving up malware exploits as BLOCKED in my HOSTS file, and I can't get to them, until they're proven clean (I don't remove ones that just "drop" because they've been shown to get "recycled/reused").
APK
P.S.=>
"And when the server gets bushwhacked instead of the domain, and they move to a new host - but you're still getting the old IP from your hosts file - then what?" - by phorm (591458) on Friday November 26, @01:29PM (#34351528) Homepage
I again confronted you today on this, as to HOW you were "modded up" here -> http://slashdot.org/comments.pl?sid=1887878&cid=34387450 because I already covered the other part in my initial reply with this statement (as to sites changing IP addresses) requoted, again, below next:
"& if they change it again? Re-Ping (with a double verifying WHOIS) said site & the TLD that does NOTHING but resolve hosts/domains to their correct IP will give you a correct IP address (provided you're NOT being "man-in-the-middle" attacked) to reinsert into your hosts file to update it..." - by Anonymous Coward on Friday November 26, @12:36PM (#34351132)
As to verifying IP addresses changing on sites.
So, if a site also is proven to harbor malware exploits?? A custom HOSTS file is also used to block those out until they are proven CLEAN... get it??
I don't see HOW/WHY you were modded up, because I cover the 1st point & anyone that knows how to use a HOSTS file knows it can be used to BLOCK OUT BAD SITES/SERVERS THAT SERVE UP EXPLOITS TOO, per the above... apk
-
I add between 50-2000 new bad sites a day... apk
To a custom hosts file: That tell you anything? It used to only be that many a month years ago prior to I'd say, 2004 or thereabouts...
Additionally, to so do, I'm still using the same decent sources as well as my own I built up from the same sources since 1997:
Spybot Search & Destroy's "IMMUNIZE" feature
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=onlineToday/Nowadays? It's worse than it was as far as PC's being @ risk online just on sheer numbers of bogus sites or even banner ads that are maliciously scripted in intent. Just on sheer numbers alone.
APK
P.S.=> In summation, all I can tell you, from my "POV" of making a hosts file full of known malware or maliciously scripted sites for a LONG time now is, it's gotten worse, & is happening FAR faster than it used to be (more folks understand coding now is why most likely & the tools are simpler/better too), & I've been building up a closing in on 1 million bogus sites based HOSTS file for over 14 or so years now as my basis in fact here is all...
-
Whew, what a *RELIEF*, lol... apk
GOT IT NOW, "whew"...!
The "Article moved" message I was seeing is GONE now (@ least in my LINUX/KUbuntu setup for multi-boot here, but not in Windows 7 "oddly" - however, I strongly suspect it's because I do NOT use OpenDNS there in my Linux bootup, only in Windows7, @ least, thusfar (which protects me sort of, vs. waiting on DNS servers & what-not to update)) & thank goodness:
Apparently? Well - Thank goodness, again, that the article is NOT about the site I use that I saw in a cursory skim so far while in Linux, & noted in my 1st post (because that site url below next IS what I use the populate my custom HOSTS file vs. this botnet, which is this one (again) -> https://zeustracker.abuse.ch/monitor.php?filter=online )...
APK
P.S.=> I'll say 1 thing though: LOL, those "bastidges" (Roman Maroni, lol) had me more "spooked" by this article & what they did (they being the "malware crew" that make this botnet) than I have been by malware in general, in ages... whew, what a RELIEF - but, I have to hand it to them, what a pack of cagey bastidges these freaks are! apk
-
Vs. ZEUS? I use this & a question... apk
https://zeustracker.abuse.ch/monitor.php?filter=online
(So, first of all - someone please tell me that the site above's NOT what this article's about!)
Above all else? Thanks for the information (& I will have to wait until the parent site the article here links to cuts that message I see below thusfar on this)).
I use the site above to populate a custom HOSTS file vs. the ZEUS botnet is why!
APK
P.S.=> Now, I sincerely *HOPE* that's NOT the site being spoken of here, in the URL I posted above, & MAINLY because the funniest part is, I cannot verify what this article's about now!
I.E.-> From here @ least? Well, it appears has the main site for this article has been "/.'d" - "pseudo-DDOS'd" by this being posted here!
E.G.-> I keep getting this damned message from the linked to article:
302 Moved Temporarily
for HOURS now, no less!
Anyhow/anyways - I say that & I wonder, because it's AMAZING how many other sites are linking to this very site for this article, & you can check google on that much, just by searching the title of this article here (which, of course, works out GREAT for CmdrTaco & crew here though, the "bright-side" of it I suppose @ least))... apk
-
HOSTS are better than Privoxy, AdBlock, etc.
A custom HOSTS file will do what the Privoxy, or Adblock softwares will, for less CPU usage (& very possibly RAM usage also) simply by making it impossible to go into KNOWN BAD SITES/SERVERS.
After all: You cannot get burned by what you cannot touch, essentially... & making it impossible to access known bad sites or servers is ONLY A GREAT PART of what hosts files can do (because they do even more, read on)... sound familiar to this Privoxy software? Yes, it does in that case!
However: Can Privoxy speed you up more, ontop of protecting you? Yes!
HOSTS files can also not only protect you vs. known bad sites or servers, but they can also aid in speeding you up online websurfing even more by avoiding DNS lookups by using hardcodes of hostsnames/domainnames to IP addresses of your favorite websites and by blocking ad banners also (which have also been shown to have malicious script in them many times over the years now no less).
You can keep a hosts file updated daily that way easily, by using the following whitehat sites for information on what are the "latest/greatest" known bad sites &/or servers found daily in fact:
http://hosts-file.net/?s=Download
http://www.mvps.org/winhelp2002/hosts.htm (great overall explanation of what HOSTS files can do for you is here and how to manage them (such as tips on turning off your local DNS Client Cache if you use a "largish" hosts file))
http://www.malware.com.br/lists.shtml
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malwareurl.com/
http://hostsfile.org/hosts.html
http://someonewhocares.org/hosts/
http://hostsfile.mine.nu/downloads/
http://ddanchev.blogspot.com/
http://www.safer-networking.org/en/download/index.htmlUsed in combination with AdBlock for instance? Great layered security, albeit redundant. Used in combination with NoScript though? An EXCELLENT defense vs. malware attacks online.
APK
P.S.=> HOSTS files do what other wares do, albeit, without eating up CPU cycles &/or RAM as Privoxy, DNS servers, or even the NEW "BLADE" software that just came out... & hosts files are not programs, they are filters - They won't have "programming bugs" in them either, because they are NOT code (just IP stack filters)! apk
-
HOSTS files are superior to Adblock... apk
First of all: Per subject-line above, a custom HOSTS file will do most of what this "BLADE" software will, simply by making it impossible to go into KNOWN BAD SITES/SERVERS.
(After all: You cannot get burned by what you cannot touch, essentially... & making it impossible to access known bad sites or servers is what hosts files can do... sound familiar to this "BLADE" software? Yes, it does, but blade cannot speed you up more, and HOSTS files can ontop of protecting you (HOSTS files can also not only protect you, but they can also aid in speeding you up online websurfing even more by avoiding DNS lookups by using hardcodes of hostsnames/domainnames to IP addresses of your favorite websites and by blocking ad banners also (which have also been shown to have malicious script in them many times over the years now no less)).
You can keep a hosts file updated daily that way easily, by using the following whitehat sites for information on what are the "latest/greatest" known bad sites &/or servers found daily in fact:
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malwareurl.com/
http://hostsfile.org/hosts.html
http://someonewhocares.org/hosts/
http://hostsfile.mine.nu/downloads/
http://ddanchev.blogspot.com/
http://www.mvps.org/winhelp2002/hosts.htm
http://www.safer-networking.org/en/download/index.htmlHOSTS files also do all that, without eating up CPU cycles &/or RAM as DNS servers do, or this "BLADE" software... & hosts files are not programs, they are filters... they won't have "programming bugs" in them either!
APK
P.S.=> HOSTS FILES ARE ALSO SUPERIOR TO ADBLOCK ON THESE SPECIFIC GROUNDS - 10 ADVANTAGES OF HOSTS FILES OVER BROWSER ADDONS ALONE, & EVEN DNS SERVERS:
----
1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!
2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).
3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).
4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).
5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).
6.) HOSTS files are EASILY user controlled, updated and obtained (for reliable ones see mvps.org ) & edited too, via texteditors like Windows notepad.exe or Linux nano or kate (etc.)
7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers, as they are NOT code, & because of what's next too
8.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.
9.) HOSTS files
-
A hosts file does most of what BLADE does anyhow
"Great idea, and I can't wait for it to surface" - by Rurik (113882) on Sunday October 10, @03:09PM (#33853662)
It's been "surfaced" for AGES online now, albeit in the form of CUSTOM HOSTS FILES!
Per subject-line above, a custom HOSTS file will do most of what this "BLADE" software will, simply by making it impossible to go into KNOWN BAD SITES/SERVERS.
(After all: You cannot get burned by what you cannot touch, essentially... & making it impossible to access known bad sites or servers is what hosts files can do... sound familiar to this "BLADE" software? Yes, it does, but blade cannot speed you up more, and HOSTS files can ontop of protecting you (HOSTS files can also not only protect you, but they can also aid in speeding you up online websurfing even more by avoiding DNS lookups by using hardcodes of hostsnames/domainnames to IP addresses of your favorite websites and by blocking ad banners also (which have also been shown to have malicious script in them many times over the years now no less)).
You can keep a hosts file updated daily that way easily, by using the following whitehat sites for information on what are the "latest/greatest" known bad sites &/or servers found daily in fact:
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malwareurl.com/
http://hostsfile.org/hosts.html
http://someonewhocares.org/hosts/
http://hostsfile.mine.nu/downloads/
http://ddanchev.blogspot.com/
http://www.mvps.org/winhelp2002/hosts.htm
http://www.safer-networking.org/en/download/index.htmlAPK
P.S.=> HOSTS files also do all that, without eating up CPU cycles &/or RAM as DNS servers do, or this "BLADE" software... & hosts files are not programs, they are filters... they won't have "programming bugs" in them either! apk
-
Here IS a way to stall users (admins step inside)
"If Joe User is dumb enough to run "JustinBieberNaked.exe" as root/admin/whatever then no amount of OS security will prevent the machine from being compromised. The weakest point of any system is always between the keyboard and the chair." - by Spad (470073) on Wednesday September 29, @10:37AM (#33734258) Homepage
Don't mean to "burst your bubble" bro, but, this WILL/SHOULD do the job here on this very account (per your quote), and specifically regarding ZEUS:
ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
You add the sites that that site tracks into say, your local HOSTS file (preceed each entry with 0.0.0.0 (smallest and most "universal" blocking IP address you can use for ALL OS' that use a BSD derived IP Stack)), on each users' system (via say, logon script merges) & there you go!
(After all: IF a user can't go into "the malware kitchen", & they won't usually be able to once you block access to such sites @ the hosts file level, then? Then, they cannot be burned! Pretty simple... &, it works!)
APK
P.S.=> There's other means also, especially for "layered security", such as at the router level via their blocking ranges possible too, but this is just noting it for end points/workstation nodes AND regular users @ home even (not just on the job @ work)... apk
-
I don't know about 1 million in Q2 2010, but...
"Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase. *In Sean Connery's James Bond voice* Of course they have." - by AnonymousClown (1788472) on Thursday September 16, @12:25PM (#33600940)
I don't know about THAT, however? Well - I DO know that my personal custom HOSTS file is nearly @ 1 million absolutely unique entries of known bad sites/servers, and it took me nearly 10++ yrs. now to get it to that # no less!
I populate it from very reputable & reliable sources listed below:
----
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home+ Spybot "Search & Destroy" IMMUNIZE feature add ons also...
----
In fact, as far as growth this summer alone? It's been more than usual, and last summer last year was the same it seems/iirc too...
However: Ahem - 1 million++ new known bad sites &/or servers, & in just 1 quarter?
(Hey, anything's possible, but that's a bit "excessive/steep" imo @ least... still, one never knows! Still, I somehow DOUBT it's that bad out there. Yes, it's bad, but not THAT bad... I don't think so @ least, and I tend to keep pretty steady-eddy tracking of this up (for over 10++ yrs. now @ sites & sources such as those listed above via populating my custom HOSTS file for both added security AND added speed))
I.E./E.G.-> The # of entries of known bad sites &/or servers in my HOSTS file, which a great deal of came from my sources listed above no less, had grown this year from July 15th 2010 to Sept. 15th 2010 by almost 18,000 entries alone at the tail-end of this summer alone (up to 881, 543++ total entries, & gaining typically between 50-250 more each day).
It's crazy out there now, but it doesn't affect "me or mine", because I cannot be hurt by that which I cannot enter to get hurt by it, such as a bad website that's malscripted or bears a malware, because that's what HOSTS files do, at least part in the way of security (and more for speed such as adbanner blocking (which also helps security too, because many a banner ad has been found with malicious code in it too the past few years now as well), and site IP-to-URL hardcoding): HOSTS files, if done right, can keep you from getting burned in a bogus kitchen, so-to-speak!
Still - 1 million++ new known bad sites in just 1 quarter this year 2010? I have trouble with that estimation, in believing it to be blunt about it, & yes, I have been looking at this type of data for quite a long time now (over 10++ yrs. in fact, in making a custom HOSTS file to protect vs. this type of lunacy).
APK
P.S.=> Since I
-
Re:in the wild
Here are some sites that I have used for malicious sites: http://www.malwaredomainlist.com/ http://www.malwareurl.com/ http://iblocklist.com/lists.php https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist http://mtc.sri.com/live_data/malware_dns/ Also if you use Snort you are able to use the rules created over at Emerging Threats as well as others: http://emergingthreats.net/rules/emerging-drop.rules
-
If this is about stopping botnets, malware, etc.?
Per my subject-line above. & this quote from the article here on
"The Cybersecurity Act of 2009 passed a Senate panel, giving the president unprecedented power to issue a nation-wide blackout or restriction on websites without congressional approval" - by Akido37 (1473009) on Tuesday March 30, @10:49AM (#31670706)
?
Well, then from the SOUND of it @ least, I am ALL FOR IT personally!
Why??
Well, because online attacks DO go on, & they DO exist, & they DO INTERFERE WITH PEOPLE'S LIVES IN SERIOUS WAYS IS WHY!
(AND, in many ways, because a LOT goes over "the public internet" people, a lot more than say, slashdot webpages, whether you know it or not)...
E.G.-> Such as databases' drivers & libs using ports on the net, like:
----
A.) SQLServer = default ports usually used -> 1433/1434/4022/2382/2382/443 (SSL)/135 (RPC) & on both UDP & TCP/IP
B.) Oracle = default ports usually used -> 66/1521/1525/1526/1527/1529/1571/1575/1630/1748/1754/1808/1809/1830/2481/2482/2483/2484/3872/3891/3938
C.) IBM DB/2 = default ports usually used -> 523/532/6789/50000/60000 (probably more here, this is the one I am LEAST familiar with, sorry I could not be more "complete" here)
D.) MySQL = default ports usually used -> 3306 (probably more here too, I am JUST "getting into" this one lately (hey, it's FREE man!!!)
----
(Those tools, as I am sure MOST of you know, are for businesses where YOU yourself do business, which means YOUR MONIES or other life-crucial information, for instance - which again, is a LOT more than & of most likely far greater import than merely the web's HTML data alone you use, while you browse websites, in other words...)
And, then there are things like POWER PLANTS (which, like it or not, DO conduct things over the public internet), & even life-monitoring devices + security systems.
SHOULD THE GOV'T. TAKE ACTIVE MEASURES vs. ATTACKS ON THESE THINGS NOTED ABOVE? Hey guys...?? ABSOLUTELY!
(Especially IF they're being "cyber-attacked", OR, just to prepare for such an event, JUST IN CASE!)
APK
P.S.=> See- The past 12 yrs. now or so, I've taken a more than "somewhat" active interest in things 'security-related' online... &, know what sort of "spooks me" (& yes, even shocks me, because of the cultures/nations I see it coming from mainly)?
CHINA...
Yes - It really "blows my mind" that a culture w/ more than 5,000++ yrs. of recorded history behind it is showing up, & MORE THAN ANY OTHER NATION BY FAR, in the lists I use to populate my HOSTS file here, & here are the sources (all known & reputable) I typically utilize, so you can check this yourselves (or, perhaps, even USE THEM yourselves for hosts file population to block out known bogus sites &/or servers):
-----
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file