Slashdot Mirror

torsorophy buddy, aka irrefutable smoking gun. Try googling it.

Except not because Google purposely fed this data to Microsoft through their toolbar.

torsorophy buddy, aka irrefutable smoking gun. Try googling it.

HTH: http://www.bing.com/search?q=google+linux+juju&go=&qs=n&sk=&form=QBLH&filt=all

Which is the MAIN "WHY" of why "tuning guides" like I've been doing since 1997 online for users of NT-based OS (& far before that on Win9x/DOS before it), worked for so many others over time. To wit:

"Reducing memory usage in Windows 8 is more about reducing the churn of pages through the various kernel data structures in the memory manager. " -by tgd (2822) on Saturday October 08, @10:19AM (#37647620)

Per the above, in fact, as I told another user here in another thread in this article here?

http://tech.slashdot.org/comments.pl?sid=2466512&cid=37649154

I have literal, actual, concrete & verifiable data from a benchmark test that shows cutting services you DO NOT NEED actually boosted benchmarks bigtime!

(Simply because services are programs, & they consume MORE THAN RAM, they also consume hWnds, many forms of I/O to disk/memory etc.-et al, & CPU cycles (boosting work for the kernel mode memmgt subsystem's one YOU "hit on" in fact)).

Lessen the workload on the OS? All else has a MORE than "potential gain"...

See, I've been into & "tuning" NT-based OS since they came out, around 1992... & I can say just 1 thing "IT WORKS"... for better performance, & yes, even security!

* It ALL "boils/distills down" to 1 concept, a solid one -> "DOING MORE WITH LESS" = Good Engineering!

Period...

---

"As the article says, that involves things like optimizing old code to not trigger page faults all the time, or to suspend threads or otherwise idle background services that aren't being used. (A thread waking up, and going immediately back to sleep because it has nothing to do will still ptentially cause a page to be re-loaded from disk.)" -by tgd (2822) on Saturday October 08, @10:19AM (#37647620)

I totally agree here, & have been aware of it forever, per the above... heck, on these Windows NT-based OS since nearly "day #1" of them releasing. E.G.:

To "immunize" a Windows system vs. attack (and yes, to save memory/cpu time/other forms of I-O etc. also for speed/performance/efficiency, et al), I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.p

Most quality web hosting provides customers with shell access to the web server, or when cases where they don't, usually something like PHP is installed that usually allows for arbitrary execution.

On a web server that hosts a few thousand sites, using the Bing IP Search, you can find a list of all the domains. Usually there will be a lowest hanging fruit that's easy enough to pluck. Or, if you can't get shell access through a front-facing attack, you can always just sign up for an account with the hosting company yourself.

So once you have shell, then it's a matter of being a few steps ahead of the web host's kernel patching cycle. Most shared web hosting services don't utilize expensive services like ksplice and don't want to reboot their systems too often due to downtime concerns. So usually it's possible to pwn the kernel and get root with some script-kiddie-friendly exploit off exploit-db. And if not, no doubt some hacker collectives have repositories of unpatched 0-day properly weaponized exploits for most kernels. And even if they do keep their kernel up to date and strip out unused modules and the like, maybe they've failed to keep some [custom] userland suid executables up to date. Or perhaps their suid executables are fine, but their dynamic linker suffers from a flaw like the one Tavis found in 2010. And the list goes on and on -- "local privilege escalation" is a fun and well-known art that hackers have been at for years.

So the rest of the story should be pretty obvious... you get root and defeat selinux or whatever protections they probably don't even have running, and then you have access to their nfs shares of mounted websites, and you run some idiotic defacing script while brute-forcing their /etc/shadow yada yada yada.

The moral of the story is -- if you let strangers execute code on your box, be it via a proper shell or just via php's system() or passthru() or whatever, sooner or later if you're not at the very tip top of your game, you're going to get pwn'd.

All wearing the same mask? That sure would be stealthy and make it easy to blend into a crowd!

Shop here for that mask!

It is true that you can search flights on Bing www.bing.com/travel/flight, but if you check the results at the bottom of the page it says "Results powered by KAYAK.com". So technically it's not Bing's search engine that is giving you the results - the Bing page is just a front end to Kayak's search engine. Does it matter? Maybe the user experience is similar, but it says something that Microsoft outsourced their travel search engine instead of developing it inhouse.

Kayak is enormously frustrating with the way it opens multiple windows, searches through popups, and redirects you to different sites. It feels clunky and not "legitimate" because most serious sites don't popup so much stuff and leave orphan browser windows all over your desktop. The USER EXPERIENCE with Bing is much better than Kayak and IT DOES MATTER. Bing presents all the data in one spot right unobtrusively from a common search without a bunch of extra annoying popup windows... and thing's like adjusting the time and seeing the fare relative to specific time windows is in real-time rather than a re-search. It might be a "skin" on Kayak data but the frontend in Bing is much better.

It is true that you can search flights on Bing www.bing.com/travel/flight, but if you check the results at the bottom of the page it says "Results powered by KAYAK.com". So technically it's not Bing's search engine that is giving you the results - the Bing page is just a front end to Kayak's search engine. Does it matter? Maybe the user experience is similar, but it says something that Microsoft outsourced their travel search engine instead of developing it inhouse. Kayak is enormously frustrating with the way it opens multiple windows, searches through popups, and redirects you to different sites. It feels clunky and not "legitimate" because most serious sites don't popup so much stuff and leave orphan browser windows all over your desktop.

The USER EXPERIENCE with Bing is much better than Kayak and IT DOES MATTER. Bing presents all the data in one spot right unobtrusively from a common search without a bunch of extra annoying popup windows... and thing's like adjusting the time and seeing the fare relative to specific time windows is in real-time rather than a re-search. It might be a "skin" on Kayak data but the frontend in Bing is much better.

It is true that you can search flights on Bing www.bing.com/travel/flight, but if you check the results at the bottom of the page it says "Results powered by KAYAK.com". So technically it's not Bing's search engine that is giving you the results - the Bing page is just a front end to Kayak's search engine. Does it matter? Maybe the user experience is similar, but it says something that Microsoft outsourced their travel search engine instead of developing it inhouse.

I've had good results with SkyScanner. In particular, their date drop down allows you to select "view whole month", which will show the cheapest flights by day, and they manage to bypass and scan the budget airline sites that try to block flight search engines (e.g. the world's largest international carrier Ryanair is notorious for this). It shows the flight with fees and confirms the price before providing you with a link to the actual vendor. And you don't need to register with their site or buy the tickets through their site - it's just a search engine.

Speaking of "reporting", anyone find it odd that a search for Simon Negus on MSNBC returns no results? The Bing page shows mostly non-scandal related links (only two "negative" articles on the first two pages). Filtering results maybe?

Mij

Mathematics of Relativity

As you can see, the first two hits are to Wiki with a very nice synopsis of the math subjects required.

Just become somebody clicks through to the site doesn't mean the search result was a success.

Just because somebody doesn't click through doesn't mean the search result was a failure, either. Google often turns up many more results, and relevant results at that, than Bing. Try this experiment...

Go to Bing Image search and search for the following:

Asterodon miliaris

Bing gives you a grand total of two search results and neither of them are correct. The first is an Coscinasterias calamaria (eleven-armed starfish) and the second is an Coriaster granulatus (Pink cushion).

Repeat the same search on Google Image search and the first eight results are correct or relevant. The next score or so of results appear on pages that at least mention Asterodon miliaris.

In the Google world you're probably spoilt for choice and your answer may directly appear in the search results - no click throughs.

The claims of Hitwise don't explain why I keep finding things like Microsoft service pack download pages better through google than through bing.

That's because unlike Google, Bing doesn't favor its own services over others.

Since when does Google have a service to download Microsoft service packs?

There are also differences in algorithms. Bing doesn't count so called junk-links while Google does. Bing prefers link inside good, relevant content. Google, on the other hand, counts all kinds of links.

Google also filters on link farms. Of course their filtering isn't perfect, but it would surprise me a lot if Microsoft had discovered the magic algorithm to get rid of all "search engine optimization" gaming, and it's simply wrong to say that Google "counts all kinds of links".

Judging by the usual slashdot response of "but they should just improve their algorithms", people don't seem to get how immersively complex current search engines and their algorithms are.

One of my main issues with bing has nothing to do with complex search algorithms. Just search for e.g. shoes. The first page of results already contains two sets of duplicate results in my case: www.shoes.com and www.shoes.com/womens (sic, it actually stands for "women's"), and www.shoes.be and www.shoes.be/schoenwinkels.asp?l=k.

I get this with virtually every search term I've ever tried on Bing, which means that there are much less individually useful results than on Google (which will group all similar results from the same domain and then let you move on).

PS: yes, this is the first time in my life I've searched for the term "shoes" on the Internet

Because NEITHER Microsoft, Apple, or Linux (or others) ships their Operating Systems as SECURED AS THEY CAN BE, period!

Proof? Ok:

How come there is something called:

---

1.) The "CIS Tool" for Windows (& other OS' too)

2.) The Microsoft Baseline Security Advisor

3.) SeLinux

4.) Apple has a security guide also that pretty much follows the SAME DAMNED GENERAL GUIDELINES as what I do for Windows users here then:

http://www.apple.com/support/security/guides/

---

???

(Ask yourselves that... if these OS' are "So Secure" then...)

---

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

That gets testimonials like this after applying it:

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does ac

See subject-line above. They're scriptable too. Hence why, for 5++ yrs. now online, I've been telling others to TURN OFF SCRIPTING IN IT (doable in Acrobat Reader's configuration/setup), here:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Simply because it poses a MORE THAN POTENTIAL DANGER!

* Scripting ANY document poses this type of threat...

E.G.-> Heck, look @ the web today with its HTML documents being abused with javascript "everywhere" (often needlessly imo), & that in turn, abusing users!

(Scriptable documents in business have their place, but like any programming, it can be abused as a 'double-edged sword' also)

APK

P.S.=> Yes, the same goes for MS stuff, but when you use it you can press the SHIFT KEY while you open Word docs, Excel Sheets, & Access DB's to bypass autoexec macros (just like the old days in DOS to bypass autoexec.bat during bootup, processing ONLY config.sys)

... apk

A return to the "old" to combat the problems of "the new" & why, in combination with filtering DNS servers (vs. malware-in-general in most ALL forms) that use DNSBL's vs. them! I have done so for YEARS now (since 2002 in my older Delphi model, which used "brute force" dedup methods which was FINE on HOSTS files in those days that only MAYBE hit 16k lines - lately, they're a LOT larger than that, so I switched to a Python system my nephew & I co-wrote that processes MILLIONS @ a time & faster dedup algorithms in place is why because of Python's built in routines).

It does the following things:

---

1.) Data gather from reputable sources for HOSTS data (some listed below, not all though), DNSBL's too!

2.) Alphabetize the data

3.) Removes duplicates/normalizes the data

4.) Changes from the larger & slower 127.0.0.1 "loopback adapter address" to the just as compatible & faster 0.0.0.0 "blackhole routing" address instead

5.) Filtering vs. "problematic" sites that MAY 'disturb' some sites IF their adbanner servers are disrupted (YAHOO, AOL, MSN & quite a few others)

6.) Commits back (from a "temp/scratch" file) to the ORIGINAL HOSTS file for use by the system &/or apps (@ RPL 0/Ring 0/kernelmode level, FAR faster & more efficient than Ring 3/RPL 3/Usermode filtering solutions are mind you) by OVERWRITE, assuring CLEAN COPY & a pristine unaltered (by malware) HOSTS file!

---

As well as a recommendation for this, in combination with it (using the excellent CIS Tool as a guide) -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

My custom HOSTS file currently protects me vs. 1,554,666++ (& growing every 15 minutes) KNOWN bad sites/servers/hosts-domains that are KNOWN to be either maliciously scripted, or serving up malware-in-general, plus spamming/phishing sources as well as botnet C&C servers.

How/Why? Ok, read on:

20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

2.) Adblock blocks ads in only 1-2 browser family, but not all (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY th

From/By "Yours Truly" -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier.

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getti

Especially this part:

"This kind of skiddie hacktivism is what spineless yobs do when they're too scared to go out and try to make a difference in the real world. It's just another breed of armchair combat, and a pretty sorry one as well. If you want to make a difference then do something out in the real world. Most people can actually relate to that." - by DurendalMac (736637) on Monday August 01, @12:14AM (#36943634)

They really SHOULD be doing more "good" than they have (only decent thing these LulzSec &/or Anon folks did was warn the NHS about their admin passwords being exposed, but, they did NOT abuse them vs. NHS - I have to give them that much)... & MOST of the "attacks" they have done?

Not that tough (especially DoS/DDoS & even SQLInjection's easy enough to find to take advantage of)...

HOWEVER: They HAVE pointed out where the problems are that need fixing!

(That, in fact, is the ONLY "good thing" I have to say about any hacker/cracker or even malware maker - though they may NOT "like it", it's truth (I'd say the same thing to Satan - that God allows his existence to "test us", & he's God's "tool" too, like it or not)).

I just try to find "Good" in "the Bad" & avoid the UGLY is all...

Anyhow/anyways:

Perhaps this IS their "area of expertise" & that's where every one of us SHOULD be trying our best to help make the world in whatever way, shape, OR form, better!

(In whatever that is one's GOOD/BEST at - Be it engineering, computing, lawmaking, you-name-it... this is where you stand the biggest chance of doing so is why because you're good @ it!)

Yes - Imo @ least? THIS is how CHANGE, good change, starts & radiates imo (a "pay-it-forward" type of thing, hopefully compounding & expanding, via "geometric progression")).

Hence why I don't FULLY agree with your next statement though:

"Do it through a computer and far less people will give a shit. Those who think they do are deluding themselves into believing that they're actually doing something great from the basement. It's lazy self-justification." - by DurendalMac (736637) on Monday August 01, @12:14AM (#36943634)

You CAN make a difference there too.

For instance, my brother is a U.S. Military Officer... he tells me the "Virginia Farm Boys" & "FEEBS" absolutely HATE geeks (sometimes, with good reason, ala Anonymous &/or LulzSec)...

AND, he's been "hit" many years ago (1996-1997) by computer hackers @ home, & he told me:

"They ought to be hung by their balls!"

I agreed, to a large extent in fact... Especially the kind that REALLY cause problems (stealing vital information, or monies, from others OR institutions).

So, back in 1997 (after he got "hit")?

I was already doing it on IRC anyhow, but I discovered "the web" & forums, & put this out:

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MO

Imo @ least, You'd have to be silly to NOT use Opera!

Mainly, because:

---

1.) Opera's generally, over time, been the FASTEST OVERALL & over decades now... & I can produce a load of benchmarks to that effect from many years to present date if anyone requests them (I have them bookmarked here).

(AND, not just in javascript which it's always done well in, but FF & Chrome seem to have "taken the crown" there lately from tests I've seen recently... Javascript speed = faster way to get "ill online" really! Javascript speed seems to be the "big deal" lately in speed tests, but it's also the "harbinger of doom" typically as far as malware infestations as well (double-edged sword))

---

2.) Opera has the most options "natively built in" also which other browsers copied from it OR had to have addons put into them for such functions.

---

3.) HOWEVER - What I like MOST about it, is its flexibility in security-related features, in its "By Site Preferences"!

(Which I set to GLOBALLY turn off plugins, javascript, frames/iframes, cookies, popups, & far more... & I only "turn those on" for sites that DEMAND their usage in order to function (which, for MOST sites, they don't really)).

So, who NEEDS a "sandbox", if you're not pouring gas all over yourself & lighting matches in essence?

Sure - It would be NICE to see that tech in Opera too (as well as a 64-bit Windows build also), but... I get by just fine!

(No infestations since 1996 in fact here, but that's also due to a lot of "layered-security/defense-in-depth" work I do to Windows NT-based OS too per this -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE )

* Makes sites faster too not using all that stuff imo as well... if you DON'T NEED THEM? Why leave them on by default then??

That's like leaving your lights on in your home during the day - Dumb (almost like running services/daemons in your OS of choice too that you don't need - senseless waste of CPU cycles, RAM, & other forms of I/O as well as a security hazard potential too!).

---

4.) Opera, year-in-&-year-out has shown the LEAST OVERALL SECURITY VULNERABILITIES of the "big 3" in IE, FF, & Opera since man... I don't KNOW when even (ages, & far longer than Chrome's been around, that's certain) per SECUNIA.COM stats, typically.

---

Opera = "The 'SUPERIOR WARRIOR'" online in the way of webbrowsers... My IQ typically scores between 130-135 on tests I've taken for it over time.

APK

P.S.=> So - Does it mean you are "smarter" for using Opera? Perhaps it does, but, more for the reasons above than some IQ test...

However, I also think other browsers are coming along great as well (Chromium, FF Nightlies, & IE9 specifically)...

... apk

The "FULL GAMUT" of what I use for BOTH added online security AND SPEED (& have done since 1997 or so, in the form of guides for Windows users (but the principles apply to other OS' too, & so does the CIS multiplatform security test it uses to help "guide a user" & make it "fun-to-do" as well, like a benchmark almost (albeit for security, not speed only))) is below:

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the first link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Grea

http://yro.slashdot.org/comments.pl?sid=2356916&cid=36935730

Good luck... you'll NEED it!

(So, thus - You have a chance to prove yourself, by disproving every point I put down there then, & make me out to be "nothing" then... ok?)

APK

P.S.=> Because right after that? You'll also have to disprove this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

(Which contains the REST of what I do to, above & beyond my last few posts here, to as fully-as-I-know-of-possible, "layered security/defense-in-depth" secure a Windows NT-based Operating System (& I've been doing guides like this since 1997 online, & long before that on IRC also)).

Of course, after that too?

Well - You'll also have to show others here that you've done more in the "art & science" of computing than I have, before I have, & I probably did it while you were STILL IN DIAPERS I strongly wager (& I quit "chasing ink" a decade ago in this field, mind you AND, this is only a small, PARTIAL LIST of my "favs" over time (I can put out a LOT more, easily)):

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

It's also been myself helping out the folks at the UltraDefrag64 project (a 64-bit defragger for Windows), in showing them code for how to do Process Priority Control @ the GUI usermode/ring 3/rpl 3 level in their program (good one too), & being credited for it by their lead dev & his team... see here -> http://ultradefrag.sourceforge.net/handbook/Credits.html or here http://sourceforge.net/tracker/?func=detail&aid=2993462&group_id=199532&atid=969873

AND lastly: http://g-off.net/software/a-pyt

OR, as I call it, "layered security". I, & others I know that do the guides I have written since 1997 online (& before that) for Windows do well using it (I haven't had a "malware-in-general" infestation since 1996 in fact because of it):

"You get used to the concept that everything is fallible and you need defense in depth. Virus scanners help provide that defense in depth. They scan incoming things for known threats (by the way good ones are updated more than once a day). It is not your only line of defense, but one of them." - by Sycraft-fu (314770) on Tuesday July 26, @02:24PM (#36886646)

Correct, & they all "compliment one another" + tend to make up for each others' "shortcomings"... because "layered-security/defense-in-depth" IS really the best thing we have going... IF you take the time to implement it.

On Windows NT-based systems of "more modern varieties" (ala 2000/XP/Server 2003/VISTA/7/Server 2008), that takes about 1-2 hours of your time, albeit gaining you YEARS of uptime into the distance as your "ROI" for effort expended...

This takes time, but it's well worth doing if you value a stable long-term setup of a computers.

This means:

---

1.) OS & app patching conscientiously

2.) Updating antispyware/antivirus

3.) ONLY using java/javascript ONLY WHERE IT'S ABSOLUTELY NEEDED ONLINE (think ecommerce sites), as well as the same for frames/iframes/plugins to browsers

4.) Email in TEXT ONLY

5.) Securing rights to filesystems ACL/MAC-wise

6.) Securing group & local system security policies (which are NOT setup as strong as possible by default mind you in shipping OEM init. default setups by the makers of them)

7.) Disabling unneeded potentially "dangerous" services that establish "listeners" on the internet (thus, possible "handles" to grab for illegal ingress)

8.) The use of custom HOSTS files (for both speed & security, more on that below)

9.) Using filtering DNSBL utilizing DNS servers to compliment them (more on that below with examples of DNS servers that do that)

10.) Firewall rules tables (both in routers &/or software firewalls in combination), if not also the "poor man's firewall" of IP filtering @ both the TCP/UDP portions of the IP stack.

... and more...

All of those measure work on a very, Very, VERY SIMPLE PRINCIPLE TOO:

"You can't get burned if you don't go into the malware-in-general kitchen", or better yet "If you don't get in bed with the devil, you can't F**** & get impregnated by he" either...

That, along with educating users is the most important part!

(This last one, it is the most important part imo, so they understand as best they can in laymen's terms when possible, on HOW/WHY/WHEN/WHERE malware-in-general works on them to steal their information or money, or to enslave their systems for nefarious purposes, etc./et al!).

---

To "immunize" a Windows system thus, I effectively use the principles in "layered security" possibles!

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online:

http://w

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, set

All I do is follow the guidelines I set down here, to the letter (& not just myself, or my friends or family either... but others that have applied this guide in the link next below (some of their testimonials are quoted below in fact or they use the same type of techniques in part I illustrated)):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

And, a decade++ before it, here:

http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml

(In part of its "original prototype" I started working on while adminning "the official Windows help channel" on DALNET IRC in #Windows, circa 1994-2000)

Which NeoWin picked up on & rated pretty highly circa 2001, here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

---

That guide?

It's ALL ABOUT the best thing we have currently going: "Layered Security" & User Education really (the latter IS the "main problem" along with the botnet/malware-in-general makers imo!).

* And, yes - it works... proofs thereof (small sampling, I can produce many others upon request):

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

---

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

AND

Norton DNS does http://nortondns.com/ can be a GREAT thing to help stall, or even stop, the malware problem online.

They filter on "malware-in-general" such as KNOWN bad sites/servers/hosts-domains, botnet C&C servers, & even bogus DNS servers by default (and their updates every few minutes for continuously updated protection are here http://safeweb.norton.com/buzz with site-checkers & even a removal appeals process etc./et al... IF a site does "clean up its act" etc. )

Another decent set of these are:

---

ScrubIT DNS -> http://www.scrubit.com/

&

Open DNS -> https://store.opendns.com/get/basic (with built in phishing protection even in the FREE basic model)

---

I use all 3 @ once in my NAT stateful packet inspecting Linksys/CISCO router + my IP stack setup for my Local Area Connection here... in layered security fashion!

* Each as a write up on how they work, why they help, & more... enjoy!

APK

P.S.=> Between the layering of Filtering DNSBL utilizing DNS servers listed above, because I use them ALL in "layered-security fashion" in both my routers & IP stack setup here in Windows, in combination with:

---

1.) A custom HOSTS file ( currently with 1,494,865++ entries of known bad sites/servers/hosts-domains, botnet C&C servers, & even rogue DNS servers blocked in it currently & growing "automagically" from 17 reputable & reliable sources for that type of data for HOSTS as well as DNSBL lists here from a Python script that does so for me),

and

2.) IP addressed threats inserted into my router & software firewalls

3.) And lastly, system security-hardening, in depth -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

---

?

I haven't caught a "malware of any kind" infection/infestation since, oh, around 1996 or so in fact!

"Layered security", the best thing we have going currently, really WORKS!

... apk

Are ALL you need to secure yourself? Do that... or look the fool you are cbiltcliffe... as is your usual!

You can't & you know it. I want an explicit quote of myself saying that! Good luck... you need it!

Tomhudson, & gmhowell tried that, they both RAN because they could not do that... no, all you have is trying to put words in my mouth I never said...

"No, no, no...all you need to do is add a HOSTS file, and everything will be 100% secure until the end of the universe!! hehehe." - by cbiltcliffe (186293) on Friday July 15, @09:11AM (#36774056) Homepage

and

"Nope. It's a proven fact that adding a HOSTS file will improve the speed of any driver to the point that it runs at 150% of the speed of itself. The fact that this will cause a rip in the space/time continuum, making the universe implode is irrelevant, because the HOSTS file also creates 100% security from thin air, so the driver will continue to exist in perpetuity. HOSTS files FTW! Is there anything they can't do?!" - by cbiltcliffe (186293) on Friday July 15, @09:14AM (#36774098) Homepage

and

"Well, obviously Manning should have had a HOSTS file installed, as that would have prevented any security breach whatsoever!! hehehelol - by cbiltcliffe (186293) on Friday July 15, @09:16AM (#36774114) Homepage

Let's see what I asked for, a quote of myself explicitly stating that HOSTS files are "all you need" for security then... good luck, I never have stated that, ever (not I). They are useful layered security tools is all.

* U FAIL, as usual!

cbiltcliffe - adhominem attack #1 of 3 on HOSTS files after my destroying him on rootkit/botnet

Just like your consolidated FAIL list vs. myself here today shows clearly:

http://slashdot.org/comments.pl?sid=2324592&cid=36776760

APK

P.S.=> That's where I let you trash yourself... especially by using your own mistakes, & technical inadequacy/impotency, even when you went off topic & tried putting words in my mouth I never once said!

Also?

Please - Don't tell me you're not trying to get my goat on HOSTS either, because the other repliers to you (probably your pals or sockpuppets) are mentioning my name:

http://slashdot.org/comments.pl?sid=2324592&cid=36774834

and here:

http://slashdot.org/comments.pl?sid=2324770&cid=36774146

(Doubtless more of your sock puppet alternate registered accounts you have, or those of others I have trashed before (cowards like yourself ALWAYS do that in rather "effete retaliation")).

And you did these posts today on HOSTS files here:

MANY times already today... WELL, back it up, prove I say HOSTS are "all you need" for perfect security then!

I'll be waiting... lol, until the "12th of never" & when the clock hand strikes 13, because I never once ever said that OR implied it even! I preach layered security:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

That does far more than just HOSTS files, but they are an excellent layered security measure.

NOW - Just because you ran from where that took place too in the topmost link above? Talking behind my back's the "best you've got" along with adhominem attacks?? LMAO... & on each point noted in the link above, OR you failed vs. trying to disprove them!

(Where you also tried to put words in my mouth about TcpView &/or ProcessExplorer in regards to detecting rookits or removing them using those tools & I never said that once, either you have reading troubles, OR as I suspect, a troll that tr

Are ALL you need to secure yourself? Do that... or look the fool you are cbiltcliffe... as is your usual!

You can't & you know it.

Tomhudson, & gmhowell tried that, they both RAN because they could not do that... no, all you have is trying to put words in my mouth I never said...

"No, no, no...all you need to do is add a HOSTS file, and everything will be 100% secure until the end of the universe!! hehehe." - by cbiltcliffe (186293) on Friday July 15, @09:11AM (#36774056) Homepage

and

"Nope. It's a proven fact that adding a HOSTS file will improve the speed of any driver to the point that it runs at 150% of the speed of itself. The fact that this will cause a rip in the space/time continuum, making the universe implode is irrelevant, because the HOSTS file also creates 100% security from thin air, so the driver will continue to exist in perpetuity. HOSTS files FTW! Is there anything they can't do?!" - by cbiltcliffe (186293) on Friday July 15, @09:14AM (#36774098) Homepage

* U FAIL, as usual!

cbiltcliffe - adhominem attack #1 of 3 on HOSTS files after my destroying him on rootkit/botnet

Just like your consolidated FAIL list vs. myself here today shows clearly:

http://slashdot.org/comments.pl?sid=2324592&cid=36776760

APK

P.S.=> That's where I let you trash yourself... especially by using your own mistakes, & technical inadequacy/impotency, even when you went off topic & tried putting words in my mouth I never once said!

Also?

Please - Don't tell me you're not trying to get my goat on HOSTS either, because the other repliers to you (probably your pals or sockpuppets) are mentioning my name:

http://slashdot.org/comments.pl?sid=2324592&cid=36774834

and here:

http://slashdot.org/comments.pl?sid=2324770&cid=36774146

(Doubtless more of your sock puppet alternate registered accounts you have, or those of others I have trashed before (cowards like yourself ALWAYS do that in rather "effete retaliation")).

And you did these posts today on HOSTS files here:

MANY times already today... WELL, back it up, prove I say HOSTS are "all you need" for perfect security then!

I'll be waiting... lol, until the "12th of never" & when the clock hand strikes 13, because I never once ever said that OR implied it even! I preach layered security:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

That does far more than just HOSTS files, but they are an excellent layered security measure.

NOW - Just because you ran from where that took place too in the topmost link above? Talking behind my back's the "best you've got" along with adhominem attacks?? LMAO... & on each point noted in the link above, OR you failed vs. trying to disprove them!

(Where you also tried to put words in my mouth about TcpView &/or ProcessExplorer in regards to detecting rookits or removing them using those tools & I never said that once, either you have reading troubles, OR as I suspect, a troll that tries putting words in others' mouths they never said & later behind their backs too, in "effete geek angst" (that's what women do, not men))

... apk

Are all you need to be 100% secure - show me explicitly stating that please.

You can't & you know it. Tomhudson, & gmhowell tried that, they both RAN because they could not do that... no, all you have is trying to put words in my mouth I never said...

"No, no, no...all you need to do is add a HOSTS file, and everything will be 100% secure until the end of the universe!! hehehe." - by cbiltcliffe (186293) on Friday July 15, @09:11AM (#36774056) Homepage

* U FAIL, as usual!

Just like your consolidated FAIL list vs. myself here today shows clearly:

http://slashdot.org/comments.pl?sid=2324592&cid=36776760

APK

P.S.=> That's where I let you trash yourself... especially by using your own mistakes, & technical inadequacy/impotency, even when you went off topic & tried putting words in my mouth I never once said!

Also?

Please - Don't tell me you're not trying to get my goat on HOSTS either, because the other repliers to you (probably your pals or sockpuppets) are mentioning my name:

http://slashdot.org/comments.pl?sid=2324592&cid=36774834

and here:

http://slashdot.org/comments.pl?sid=2324770&cid=36774146

(Doubtless more of your sock puppet alternate registered accounts you have, or those of others I have trashed before (cowards like yourself ALWAYS do that in rather "effete retaliation")).

And you did these posts today on HOSTS files here:

MANY times already today... WELL, back it up, prove I say HOSTS are "all you need" for perfect security then!

I'll be waiting... lol, until the "12th of never" & when the clock hand strikes 13, because I never once ever said that OR implied it even! I preach layered security:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

That does far more than just HOSTS files, but they are an excellent layered security measure.

NOW - Just because you ran from where that took place too in the topmost link above? Talking behind my back's the "best you've got" along with adhominem attacks?? LMAO... & on each point noted in the link above, OR you failed vs. trying to disprove them!

(Where you also tried to put words in my mouth about TcpView &/or ProcessExplorer in regards to detecting rookits or removing them using those tools & I never said that once, either you have reading troubles, OR as I suspect, a troll that tries putting words in others' mouths they never said & later behind their backs too, in "effete geek angst" (that's what women do, not men))

... apk

KNOWN bad sites/servers/hosts-domains, botnet C&C servers, & bogus DNS servers? I am, guaranteed...

Via layered security at the HOSTS file level alone!

The rest is done by:

Norton DNS (filters the SAME STUFF as my hosts does)

OpenDNS (another DNSBL filtering DNS system)

ScrubIT DNS (yet another filtering DNS system)

Firewall rules tables vs. IP address based examples of the same here...

My layered security guide's practices as well:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which produce results the likes of these testimonials attest to:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

AND

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit

An even earlier link, from 1997-2001:

http://it.slashdot.org/comments.pl?sid=2282088&cid=36761268

From "The wayback machine" no less...

"Guess neowin didn't think it was important enough to keep around, huh?" -

No biggie, it went on to "bigger & BETTER things:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Much bigger & MUCH better... as well as more comprehensive: AND YOU CERTAINLY HAVE NOT DONE BETTER, now have you? Nope...

---

"Really? You're trying to secure telnet 3 years ago? Anybody with a lick of sense hasn't been using telnet at all in any environment with secure requirements for well over a decade, and 3 years ago you're giving advice on how to secure this decade-broken, unsecurable protocol?" - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage

Actually, that's a remnant of my OLDEST guide, see link @ the top, from 1997-2001, but, it's there "just in case", that's all... so, your "point" is again, moot.

AND YOU CERTAINLY HAVEN'T DONE BETTER YOURSELF IN SUCH A GUIDE, now have you?? Nope again...

---

"The first section of this thread shows this information actually comes from " a Mr. Markuss Jansson on his point on TELNET service", and "He also has more on things like "EFS" (encrypting filesystem) ". - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage

Yes, but the other methods are mine... & they work, just as his do. The point was NEVER ABOUT MYSELF, it was to help others vs. the possibility of attack on any front I could think of... that's all!

And, of course, once more - YOU CERTAINLY HAVEN'T DONE BETTER YOURSELF IN SUCH A GUIDE, now have you?? Nope yet again...

---

"In it, you recommend to run the Remote Registry, and telnet (which I didn't notice the first time) as the LocalService Account, rather than LocalSystem. You do not recommend to turn them off, as you claim in your post I'm replying to." - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage

NO, it's stated to turn it to "manual" which unless you INVOKE IT, does not run... trying to put words in my mouth I NEVER SAID YET AGAIN?

(You're so dumb you can't be real... lol, the "2 prime examples" of you doing that earlier are in my p.s. below & U RAN FROM THEM!

LMAO!

---

"But that's the whole point. It can't function that way. Its function requires network access, which running as LocalService denies. It will not work for it's intended function. Same with telnet. Both services cannot function that way, at all." - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage

Which IS MY POINT - to secure them, even if "set to manual", those services cannot be accessed remotely if set to another logon entity (in this case, LocalService).

So once again like usual, your "so-called point"? Moot & nullified, easily...

---

"let's assume for now that you completely messed up your security guide, and you actually meant to have people turn this service off, which is not at all what you said" - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage

No, let's not ASSUME anything - I show folks how to effectively nullify potentially dangerous services is all, & you even ADMIT that my methods do so, easily enough!

(This is your "big problem", you ASSUME things (see my p.s. below, those are your two HILARIOUS blunders!)).

---

"You really do have no comprehension of reality at all"

Did you check your links?

Well, let's see, your first "proof" link, leads to:

"The page you were looking for could not be found"

Guess neowin didn't think it was important enough to keep around, huh?

And the second leads to a thread that starts out with a section on "securing telnet" that was posted in 2008.

Really? You're trying to secure telnet 3 years ago? Anybody with a lick of sense hasn't been using telnet at all in any environment with secure requirements for well over a decade, and 3 years ago you're giving advice on how to secure this decade-broken, unsecurable protocol?

ULTIMATE FAIL

There's really, absolutely nothing else that needs to be said. You are a complete and total loser when it comes to security. You know nothing. You understand nothing. You are incapable of doing anything technical with any competence whatsoever.

Not only that, but you bitched about my "1 hit wonder" cd (while knowing nothing at all about it) that "must have used other people's software", as if you wrote everything you've ever done from scratch, including all libraries, and probably your own compiler, FFS.
The first section of this thread shows this information actually comes from " a Mr. Markuss Jansson on his point on TELNET service", and "He also has more on things like "EFS" (encrypting filesystem) ".

Not only are you a complete loser, you're a complete hypocrite, also.

(BTW, my CD will let a tech run the recovery console on a machine remotely, over the Internet, with no KVM over IP hardware. No technical knowledge is required by the end user. Network connections, encryption, etc, are all handled automatically. It will also allow remote repair of corrupt filesystems that prevent the computer from booting with an UNMOUNTABLE_BOOT_VOLUME error. It can also do remote investigation on a computer, with forensically sound methods, transferring a hard drive image over the network from a remote PC for local analysis, if required. It can also do a pile of other things, most of which are probably beyond your comprehension. Even if it was the only thing I'd ever done, which it's not, it's so versatile, it could never be called "1 hit".)

The version of your guide that I read was the first link on your Bing search that you're ever so proud of. You know, this one?

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

This is the one I read:

http://forums.pcpitstop.com/index.php?showtopic=150310

This was posted in 2007, so it's not like it's really old, or anything.

In it, you recommend to run the Remote Registry, and telnet (which I didn't notice the first time) as the LocalService Account, rather than LocalSystem. You do not recommend to turn them off, as you claim in your post I'm replying to.
These services require, for their only functionality, to have network access. Running them as LocalService therefore kills their entire useful functionality, while still leaving the service running, taking resources, slowing the system down, and potentially offering local exploits.

Why do you *THINK* I put "remote registry" running as a LocalService for? It can still function that way,

But that's the whole point. It can't function that way. Its function requires network access, which running as LocalService denies. It will not work for it's intended function. Same with telnet. Both services cannot function that way, at all.

but if it were to be activated again by some interloper malware, it'd be SAFE(r) because it was set as "LocalService" logon entity - "get it"?):

Ok..so let's assume for now that you completely messed up your security guide, and you actually meant to have people turn this service off, whi

http://www.google.com/search?hl=en&q=%22%22It%20was%20then%20discovered%20that%20these%2011%20'Muslim%20preachers'%20were%20all%20Israeli%20nationals%20%22

http://www.bing.com/search?q=%22%22It%20was%20then%20discovered%20that%20these%2011%20'Muslim%20preachers'%20were%20all%20Israeli%20nationals%20%22

@ the root - Disable BlueTooth oriented functionality, temporarily only if needed, until patch is issued

http://www.google.com/search?hl=en&source=hp&q=Disable+bluetooth&btnG=Google+Search

Yes... really simple, & that's how good things are made/done imo (the "KISS" principle, doing more with less etc.)

What I liked seeing while reading thru this, is it's good to see that others here are sensible enough to do that themselves now, without guidance too!

Personally, I've been doing things like that & from as far back as 1997 & putting them out "onto the wire' for "public consumption" too, ala my 1st speed & security guide for Windows -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml

Just as a "pay-it-forward" type of thing, & a "contribution back to society"...

Hey - It was done for myself by others in this art & science of computing before me, & they too, "stood on the shoulders of giants" before they also...

Yes - imo, it's just how it works (I once saw Madonna say how she "turned her life around", & she DID, by being of service to others... so, I took from her & others' example. Why not? It's the right thing to do, & there IS a "joy in giving" as well!)

That 1st guide of mine on security/speedup for Windows NT-based OS LATER evolved into this in 2008 "layered security" model (much better, & far, Far, FAR more comprehensive & adjusted for today's more modern Windows NT-based OS too):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Yes - @ first I did guides like that circa 1997-2000 so folks got the "most" out of their rigs as I was... & yes, initially @ least?

Just to save CPU cycles, RAM ops, & other forms of I/O wasted on services + features in Operating Systems that run by default, that I actually don't use...

(Dumb to do, like leaving your lights on in your home, during the daylight hours really!)

HOWEVER - Later, when I figured the "malware explosion" was about to "hit" (circa 2004 it really did, & my HOSTS file population programs can prove that much for me)?

I realized that there's security benefits (around 2000) to doing the same as well ("Double-Bonus", yea!, right?)

* In any event - ONE THING MICROSOFT'S BEEN really, Really, REALLY GOOD ABOUT, is when things like this occur? They issue an "emergency-out-of-band" fix...

(So - Expect it shortly is my guess here, IF it's really needed/necessary, that is...)

APK

P.S.=> Well - time to go fix my lawnmower & snowblower (yes, bit early, but a "stitch-in-time, saves 9" on the latter)

... apk

Right here, regarding my use of RC tools listsvc, disable, & fixmbr to KILL THE ROOTKIT PART:

"Will it get rid of an MBR rootkit? Yes. Will it get rid of a driver-based rootkit with a discrete .sys file for the driver? Yes." - by cbiltcliffe (186293) on Tuesday July 12, @03:12PM (#36738656) Homepage Journal

I don't mention ProcessExplorer in my technique on the rootkit portion of this botnet @ all...

NOW, since this rootkit:

---

1.) "Hauls in" other malware for the BOTNET portion running in Ring 2/RPL 2/Usermode?

2.) Once you kill the rootkit part in Ring 0/RPL 0/Kernel Mode, using RC tools which you ADMIT MY TECHNIQUE FOR WORKS ON THIS ROOTKIT/BOTNET COMBINATION (rootkit part)?

3.) Then, you "mop up" using ProcessExplorer once the rootkit's dead, to kill in the malware it hauls in, THAT RUNS THE BOTNET PORTION in Ring 3/RPL 3/UserMode!

---

No, your either trouble in reading comprehension, OR, simply trolling to cover your behind because of your false accusations & mistakes regarding both ProcessExplorer & TcpView stating I said I use them to "detect rootkits", when I use them BOTH vs. botnets & other malware in usermode, period!

Simply/Again, because you admit my technique WORKS FOR KILLING THE ROOTKIT PORTION using RECOVERY CONSOLE TOOLS!

(And I don't use ProcessExplorer for that @ all on the rootkit part)

In fact? Show me where I said I do use ProcessExplorer, explicitly, on the ROOTKIT PORTION of this rootkit/botnet!

Ok??

---

"Go back to updating your host file, little boy." - by cbiltcliffe (186293) on Wednesday July 13, @10:23PM (#36757884) Homepage

First of all? I'm 6' 2" & 230 lbs. currently... that's NOBODIES' "Little Boy" (are you larger? Doubt it!)

Secondly, I just did...

The commit to my HOSTS file now has me guaranteed protected vs. 1,483,950 known bad sites/servers/hosts-domains, botnet C&C servers, bogus DNS servers, & even adbanners in hosts-domain names

(Yes even adbanners on 2 accounts too - as they have been shown as infested with malicious scripts too & they slow you down for what you pay for online in bandwidth)...

So - Can you say the same without such a protective shield that also yields more speed?

Between my HOSTS file & Norton DNS (primary DNS here), and ScrubIT DNS (secondary DNS), & OpenDNS (third DNS), all of them do "filtering"?

* Well...If you're NOT doing the same, you're letting yourself down on protection... as well as speed online you pay for too!

Between HOSTS, DNS servers, & firewalls vs. IP address threats? It's no small wonder I never get infected/infested, & the rest of what's in my highly rated layered security guide for Windows does the rest:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

(Have YOU done a better guide for layered security than that?)

---

"There are thousands of malware domains registered daily, and according to a post of yours on another thread" - by cbiltcliffe (186293) on Wednesday July 13, @10:23PM (#36757884) Homepage

WTF? I never said that # are out there daily... your link doesn't show it either... that's quite old also - what are you doing??

Stalking me via diff. usernames???

The username/person I replied to was "Haedrian" & it is over 7 MONTHS OLD TOO!

---

"Maybe you don't get malware because, between the ungodly amount of time you must spend updating that hosts file" - by cbiltcliffe (186293) on Wednesday July 13, @10:23PM (#36757884) Homepage

I don't get malware, & neither do others I showed the effectiveness of my security guide to who apply it (posted that her

http://it.slashdot.org/comments.pl?sid=2282088&cid=36751240

Better luck next time, even IF something slips past WFP, Group Policy (and my bcdedit commandline layered protection method to top those off too) as well as Windows warning you are in "TEST MODE" if unsigned driver installation is set to be "ok" by a hacker/cracker!

APK

P.S.=> This 'takes the cake' lol:

"Whether you want to admit it or not, my statements regarding you implying TCPview could show connections from rootkits are true. You did imply it." - by cbiltcliffe (186293) on Wednesday July 13, @02:27PM (#36752240) Homepage

No, your reading comprehension obviously sucks... or you skimmed!

Simply because I can show, here, EXACTLY what I said EXPLICITY on this account also where you tried to put words into my mouth I NEVER SAID or even IMPLIED (quoting myself yet again to disprove you):

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"I can watch who/what/when/where/how my system "talks" to other systems online, & if I see one I am NOT talking to? It gets added to my firewall list (by IP address), and the offending unknown interloper malware/botnet gets "BLOWN AWAY" by ProcessExplorer.exe, as I noted in my last post/other post in reply to YOUR last post." - by Anonymous Coward (Myself, APK) on Saturday July 02, @11:35PM (#36644860)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36644860

---

And as to detecting rootkit's presence? I said this

---

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"& in my guide? I post a NUMBER of reliable tools for rootkit detection:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

(And, there you are - TcpView is only for checking WHERE it communicates back to... as a possible way of seeing that, for adding the bogus C&C server destinations to HOSTS &/or Firewall rules tables - that's all!)" - by Anonymous Coward (Myself, APK) on Saturday July 02, @11:35PM (#36644860)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36647626

---

Which now after your quoted statement @ the top of my reply here make you look to be either:

1.) ILLITERATE, or skimming

or

2.) Just "trying to get the last word a week later" like a FOOL would when I said nothing of the KIND as you state!

... apk

Installs, easily & Windows WARNS YOU of "test mode" when one's installed to bypass signed drivers checks - I know this from building & testing filtering drivers in fact:

---

Configure Driver Signing Through Group Policy Editor:

http://www.lockergnome.com/nexus/windows/2006/03/27/configure-driver-signing-through-group-policy-editor-xp-2/

You can BLOCK it even happening vs. rootkits like this one OR others like it that try to install bogus drivers as this one did in hello_tt.sys!

(In fact... Using GPEDIT.MSC &/or SECPOL.MSC this way is in my "layered-security guide" for Windows -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE & has been for YEARS now (since 2007))

---

AND, Again - This can also as a "layered security defense" here too vs. unsigned drivers installations along with the bcdedit commandlines I showed in my post I replied to here as well! See my post parent to this one...

---

(Once more - Group Policy can too, LAN/WAN wide if needed & iirc, it's ON BY DEFAULT too - but it would adversely affect those who develop device drivers - you might be 'forced into' making another usergroup is all, for devicedriverdevs is all... @ most!)

However - The nicest part is here?

Well once more - Windows "warns you" when you enter this mode using UNSIGNED DRIVERS!

(I know this, because when I've built filtering drivers, it says in the lower right-hand corner of your screen, above the clock TEST MODE when unsigned drivers are allowed during testing of device drivers!)

* Once more/Again? "Here endeth the lesson..."

APK

P.S.=> Quoting my fav. hero as a boy here, from classical Greek Mythos, in AKhilleus (Greek spelling of Achilles), son of Peleus (when middle names are usually those of the father or grandfather = APK, lol!):

---

"Is there no one else? IS THERE NO ONE ELSE??" - Achilles, son of Peleus, portrayed by Brad Pitt in the classic 2004 film, TROY here:

http://www.youtube.com/watch?v=SP74aJBbIoY

---

Play it from 2:50 onwards, for the "FULL EFFECT" (lol) & "Absolutely LIVE!"

(For what I feel I've done to this rootkit, & others like it via my techniques, lol, since "Boagrius" was "so bad" & "indestructable" like this rootkit/botnet was alleged to be, and to my naysayers here also, easily!)

... apk

Installs, easily & even Windows WARNS YOU of "test mode" when one's installed to bypass signed drivers checks - I know this from building & testing filtering drivers in fact:

---

Configure Driver Signing Through Group Policy Editor:

http://www.lockergnome.com/nexus/windows/2006/03/27/configure-driver-signing-through-group-policy-editor-xp-2/

You can BLOCK it even happening vs. rootkits like this one OR others like it that try to install bogus drivers as this one did in hello_tt.sys!

(In fact... Using GPEDIT.MSC &/or SECPOL.MSC this way is in my "layered-security guide" for Windows -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE & has been for YEARS now (since 2007))

---

AND, this can also (as a "layered security defense" here too vs. unsigned drivers installations):

---

In fact?

I already posted this DAYS ago here on /., regarding this rootkit, & on the subject of bypassing unsigned driver installs

http://it.slashdot.org/comments.pl?sid=2306598&cid=36694960

PERTINENT QUOTE/EXCERPT:

---

"Should the rootkit/botnet maker alter His rootkit/botnet's design to protect the registry area driver init. section for hello_tt.sys as well as the bootsector as he currently does for this "blended threat tech" rootkit/botnet?

Well - You can stop unsigned driver loads & installs, this way, via a .bat batchfile, or .cmd command script (or even a logon script for those amongst you that are networkers):

ADD THESE 2 LINES TO LOGON SCRIPTS or .bat/.cmd scripts to run @ machine startup:

---

bcdedit /deletevalue loadoptions

bcdedit -set TESTSIGNING OFF

---

* That will stop ANY unsigned driver installation bypass used by malware/botnet/rootkit makers attempting to use drivers in their malwares!" - by APK on Friday July 08, @11:11AM (#36694960)

---

Yes - There's also other ways to implement it as well, such as a scheduled task if one wishes, or a network machine level or domain level admin wishes...

(Group Policy can too, LAN/WAN wide if needed - but it would adversely affect those who develop device drivers - you might be 'forced into' making another usergroup is all, for devicedriverdevs is all... @ most!)

However - The nicest part is here?

Well - Windows "warns you" when you enter this mode using UNSIGNED DRIVERS!

(I know this, because when I've built filtering drivers, it says in the lower right-hand corner of your screen, above the clock TEST MODE when unsigned drivers are allowed during testing of device drivers!)

* Once more/Again? "Here endeth the lesson..."

APK

P.S.=> Quoting my fav. hero as a boy here, from classical Greek Mythos, in AKhilleus (Greek spelling of Achilles), son of Peleus (when middle names are usually those of the father or grandfather = APK, lol!):

"Is there no one else? IS THERE NO ONE ELSE??" - Achilles, son of Peleus, portrayed by Brad Pitt in the classic 2004 film, TROY here:

http://www.youtube.com/watch?v=SP74aJBbIoY

Play it from 2:50 onwards, for the "FULL EFFECT" (lol) & "Absolutely LIVE!" for what I feel I've done to this rootkit, & others like it via my techniques, lol, since "Boagrius" was "so bad" & "indestructable" like this rootkit/botnet was alleged to be, and to my naysayers here also, easily!

... apk

First, see subject-line above:

"My issue has always been with your claim that could detect a root kit with Process Explorer and TCPview" - by cbiltcliffe (186293) on Tuesday July 12, @06:04AM (#36731236) Homepage

Second: Produce proof of my stating that TcpView &/or ProcessExplorer are for detecting rootkits!

(I said they're respectively useful for detecting communications of botnets or malwares, and for eliminating them in UserMode/Ring3/RPL3 operations, once a rootkit's destroyed in Ring0/RPL0/Kernelmode (so it cannot perform deceiving API call intercepts on usermode wares))

Fact is - I never once did state what you "inferred" above, dolt! Learn to READ!!!

In fact - Here is where I mention TcpView & what I stated about it, AND ProcessExplorer also (not in regard to rootkits, but malwares rootkits can haul in as this one does):

---

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"I can watch who/what/when/where/how my system "talks" to other systems online, & if I see one I am NOT talking to? It gets added to my firewall list (by IP address), and the offending unknown interloper malware/botnet gets "BLOWN AWAY" by ProcessExplorer.exe, as I noted in my last post/other post in reply to YOUR last post." - by Anonymous Coward on Saturday July 02, @11:35PM (#36644860)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36644860

---

And as to detecting rootkit's presence? I said this

---

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"& in my guide? I post a NUMBER of reliable tools for rootkit detection:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

(And, there you are - TcpView is only for checking WHERE it communicates back to... as a possible way of seeing that, for adding the bogus C&C server destinations to HOSTS &/or Firewall rules tables - that's all!)" - by Anonymous Coward on Sunday July 03, @03:08PM (#36647626)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36647626

---

Which now after your quoted statement @ the top of my reply here make you look to be either:

1.) ILLITERATE on, or skimming

or

2.) Just "trying to get the last word a week later" like a FOOL would when I said nothing of the KIND as you state!

APK

P.S.=> Go on though, show us a quote of my stating what you said I did... good luck - because I show QUITE OTHERWISE above, complete with quotes of myself and the links they came from in this very exchange (quit deluding yourself here - U "FAIL", badly, because putting words in others' mouths is NOT valid debate @ all, period!)

... apk

Teun: That's "arguments" they'd use (or a pedophile FREAK would also)... but, on that note:

See subject-line, & this -> http://nortondns.com/ It's got a very easy to navigate page, and on it, it has good detailed explanations that aren't "too technical for the avg. joe" either!

* ENJOY!

---

"I can see you are a Norton troll." - by Teun (17872) on Sunday July 10, @03:06AM (#36709544) Homepage

No, per my subject-line? I just tell it how it is, & the truth!

In fact, I wrote the MOST viewed security guide & most highly rated ones there are, since 1998 online:

Fact is, unlike most of you trolls around here TRY to imply?

I "preach" layered security, & have since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... have YOU done better, troll?

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I

For layered security IN ADDITION to HOSTS files here (and firewall rules tables) for the utmost BEST in "layered security"... all per my guide for it here:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Now, to your MOST LIKELY erroneous statements, your question:

"But I don't use DNS servers" - by Anonymous Coward on Sunday July 10, @05:24AM (#36709862)

I'd wager you DO, & don't know it... check your Windows DNS settings in your IP Stack Properties in your network connection(s)... first of all.

Secondly? Check your router's interface page... it's usually HARDWIRED by your ISP's setup for it to talk to THEIR ISP/BSP level DNS (& is most likely NOT filtered vs. malware threats out there online by DNSBL).

---

"is this DNSBL downloadable to be incorporated in my hosts file?" by Anonymous Coward on Sunday July 10, @05:24AM (#36709862)

I do it via the "safeweb" page for Norton's data (see my 1st post)!

All, via a system I have written & re-written for best efficiency here in Python... & other DNSBL's are VERY easily incorporated via PyThon (or PERL, or any language that has RegExp which is most nowadays in some form) into a HOSTS file!

Easily too, once the code's written that is...

* In fact? Every 15 minutes here, I get updated into a copy temp of my original HOSTS file, which gets updated into the actual HOSTS file by OVERWRITE (not append, assuring it's clean here)!

That temp file's then:

---

1.) "Filtered off" vs. repeats, problem sites you shouldn't block either (the filter's immense, around 150 sites++) to avoid hassles with SOME sites that demand, say, adbanners (their images are served from the SAME servers is why for their other webpage content usually, so unless you want a Lynx like text only webpage experience? You HAVE to accept them!)

2.) My system also de-duplicates/normalizes HOSTS entries

3.) Plus it alphabetically orders the entries

4.) Lastly, it changes from the larger/slower less efficient "loopback adapter" address of 127.0.0.1 for blocking, to 0.0.0.0 which is smaller & faster to parse, AND DOES NO LOOPBACK OP EITHER (thus, more efficient), it's just a "DNS type blackhole" routing!

---

That ALL occurs here, without my raising a finger... pure "automagic operations"... & awesome, for extra layered security above system hardening & safe websurfing practices, + DNSBL via Norton DNS (& others as my secondary DNS for safety too, such as ScrubIT & OpenDNS in my Windows DNS settings AND my routers)...

ALL, for faster operations too via HOSTS files online!

So you know:

MUCH of that SAME process can be done in say, MySQL or Access too, via a SELECT DISTINCT * FROM but, it won't do it automagically gathering the data for you...

I started out doing it that way, circa 1997-2008, until the data sources grew to 17 I use... & the data got SO big & updated at all diff. times of day (sources are reputable & reliable, & international is why).

HOSTSMAN (see mvps.org) can do it for you though, automatically (but I don't think it's QUITE as fast or efficient as my Python system is OR as portable to other OS platforms)..

E.G.-> I wrote one before HOSTSMAN existed even, & used it from 2008-2010 in Delphi, was great, but "brute force" work sorts & dedups only!

Which was FINE back when HOSTS files were only 16k lines TOPS long, BUT... nowadays?

Currently, I have 1,468,594++ entries of:

A.) Adbanners blocked

B.) KNOWN maliciously scripted sites blocked

C.) Bogus DNS servers blocked

D.) Botnet C&C servers blocked

E.) Sites that serve malware blocked

F.) 250 of my fav. sites "hardcoded into it" (which is

1st of all - I don't get malware, ever, due to my guide's points I follow here -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

"No. You stated that "if" you were to suck in one of these" - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

I don't ever GET malware in the 1st place though, ever... ever since I started doing "layered security" back in 1996 in fact to present! Even IF I did? It couldn't talk back to the mothership, because I am updated vs. known bogus DNS servers + botnet C&C servers, by overwrite of my HOSTS, every 15 minutes here, "automagically"!

Secondly, see above, "rinse, lather, & repeat", & I am not the only one experiencing freedom from infestation, others who follow its points do as well (even only those that use HOSTS):

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

"then the update to Norton would prevent it from being able to talk back to it's C&C." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

Again -> My updates to my HOSTS & firewalls (in software, & in hardware) occur every 15 minutes from 17 reputable sources too... "automagically" by OVERWRITES, from a temp copy of the original, & not by appends, via a Python Script. No chance of poisoning them either.

And

My DNS serv

http://en.wikipedia.org/wiki/Fuzz_testing

"Fuzzing" won't protect you for long." - by Anonymous Coward on Friday July 08, @06:52PM (#36700664)

It is a method for finding "bugs" in applications ... NOT a protection method!

And, you said this? LMAO:

"as you seem to be doing a pretty good job of making yourself look stupid." - by Anonymous Coward on Friday July 08, @06:52PM (#36700664)

Who's stupid now? LOL, not I! See above on "fuzzing" you fool!

---

"Your focus on "security by obscurity" highlights that you may also be guilty of it." - by Anonymous Coward on Friday July 08, @06:52PM (#36700664)

LMAO - no, definitely NOT on that account per THAT accusation from yourself (along with your numerous troll-like attacks on my writing etc. while you post as TRULY AC):

I "preach" layered security, & have since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... have YOU done better, troll?

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, mov

Vs. this statement from you:

"Why would Google trust it? Why would every router be relying on it (especially since NAT is the last line of defence for every network)?" - by Anonymous Coward on Friday July 08, @06:52PM (#36700664)

CO$T$, "Free as in Beer" is tough to beat vs. wares that cost...

Plus, if the RIGHT PERSON'S @ "the Linux helm/wheel" driving it (networkers mainly or desktop users)? It can be security-hardened... e

Epecially once the NSA bolted on SeLinux to it (didn't come that way & it added MAC (analog to Windows' ACL's, which had that forever & was "Orange Book Certified" C2 level, since, iirc, NT 3.51 in fact - in part, because of that))

HOWEVER - by default?

SeLinux is NOT as "tightened" as it can be (nor is Windows, hence why I did this guide for that decades ago & a more recent one -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE )

* YOU seem to think "I hate Linux"... guess what? I don't & use it here myself (KUbuntu 10.10), but I know that the Linux world is JUST starting to see "what's up" en masse in Android, & if there ever IS a "year of Linux on the desktop"?

It's going to be taken advantage of, just like Windows has for decades (but is finally shoring up well vs. it after much experience that Linuxdom doesn't really HAVE yet).

Call it a prediction, that is, IF Linux ever goes largescale usage into the millions (like ANDROID shows us happened to it).

APK

P.S.=> Also, in case you don't KNOW it? Routers can be "flash attacked", just like PC's can be with flashable proms/eeproms, & Routers have been known to be hit by UPnP features in them, remotely, too... & they too can be manufactured FOR LESS, by using a FREE OS...

... apk

IF it were, It'd be a regular "boon-to-mankind" & if you saw my post the other day on that (I put a link in my last post to it)? I felt the same as you do, almost, in that ALL I SEE IS "protection" for "big business interests only" (ala the RIAA &/or MPAA):

"DNSBL used everywhere would be ripe for political/religious/idiological censorship" - by Anonymous Coward on Friday July 08, @07:10PM (#36700848)

Well, were I "in control of the world" etc./et al? It wouldn't be... MOST especially if taxpayer monies were funding it!

As, imo @ least - That makes it the property of the tax-paying constituency of a nation, imo @ least!

It would, by the same token, also "protect the big guys in business also" vs. malware (which DOES cost them)

( & would, again, be used to protect the "Joe Public" noobie type citizen of said world online most of all!)

* Just for his own good vs. malwares of ALL types!

APK

P.S.=> And, yes - the information for that? IT IS OUT THERE...

In fact, I populate a custom HOSTS file vs. it, since 1997 to present & my "temp file" also (what is used prior to commission to my ACTUAL HOSTS file here) currently has nearly 1.5 MILLION known bad sites/servers/hosts-domains, bogus DNS servers, + botnet C&C servers in it... to block users from them, and to even STALL malware that communicates back to the mothership...

(I do that, along with firewall rules tables vs. IP address based malware, usually the "minority" by FAR though from data I have seen on this since, oh, 1997 to present @ least (both in software + hardware NAT router types, using DNSBL from Norton DNS in the routers))...

Between those simple measures, & this guide for "layered security online" I first authored in 1998 & then later in 2008?

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

It works!

( & on the SIMPLEST PRINCIPLE OF ALL - "You can't get 'burned' if you can't go into the malware kitchen", so-to-speak... )

Between that, &:

Judicious usage of Javascript/IFrames/Plugins here (via Opera's "by site" preferences, globally disabling those for ALL sites, & only making "Exception Sites" that absolutely NEED them)?

Well - I have managed to keep myself, friends, family, & folks that have read my security guides online since 1997 malware infestation/infection FREE!)

... apk

LOL, See subject-line above: I've done well in software commercially and in freeware/shareware (as well as multimillion line systems you have probably been a customer of (ever go to McDonalds, Burger King, or Boston Market to eat for example? I have others as well, 27 or so to my credit, "Enterprise Class" MIS/IS/IT business systems!)

Now - I can't removal malware for shit as you said? Will this work??> Yes, it does!

Does it need your "1 hit wonder" tool that I suspect uses the tools of others to do its job?? No.

---

1.) Recovery Console bootup from Install CD/DVD (read only)
2.) listsvc command to spot offending bogus MBR protecting driver (hello_tty.sys)
3.) disable command to stop it from loading
4.) Reboot to RC again
5.) Fixmbr command to clear bootsector (no longer protected by said driver since it was disabled from load)
6.) REBOOT NORMALLY (it WILL be gone, guaranteed)

---

ProcessExplorer.exe takes care of the rest (freezing any other malware in userland hidden under services or exes even as a lib/dll implementated malware even).

---

* No, this much is obvious - You're just worried that things like that show what I have told you before - in this case & probably others? Your "1 hit wonder" tool you made allegedly, is obsolete & non-sequitur.... period!

APK

P.S.=> My guides for security hardening Windows, & showing users what to use & behave like online to avoid infestations:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Can put guys like YOU, if they're done right & followed to the letter, right out of business... & you KNOW it:

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

"Eve

I don't have to detect anything: I don't catch malware of ANY KIND in the first place, & neither do others, see this:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

& in my guide? I post a NUMBER of reliable tools for rootkit detection:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

(And, there you are - TcpView is only for checking WHERE it communicates back to... as a possible way of seeing that, for adding the bogus C&C server destinations to HOSTS &/or Firewall rules tables - that's all!)

NOW, & IF THAT FAILS due to encryption (which is WHY "deep packet inspection" doesn't work for ISP/BSP on https communications)?

I already block out its older C&C servers & bogus DNS servers as well, already, which I do in this rootkit/botnet's previous incarnations (along with all other known botnets), done via firewall rules tables (hardware & software BOTH) & in HOSTS, & I get NEW ONES given me by 17 reliable sources online, EVERY 15 minutes via my Python system (via HOSTS overwrite, not append, so hosts is CLEAN too for sure))

Oh, & as I said before, I rotate DNS server & block out the known bad ones too, & literally TRIPLE VERIFY via ping for a reverse DNS lookup to the TLD's that maintain that information online... & I do it from my systems, others systems I have applied t

See subject-line, & these steps to knock out this rootkit/botnet from a read only media (Windows installation media on DVD or CD):

---

1.) Recovery Console bootup
2.) listsvc command to spot offending bogus MBR protecting driver (hello_tt.sys)
3.) disable command to stop it from loading
4.) Reboot to RC again
5.) Fixmbr command to clear bootsector (no longer protected by said driver since it was disabled from load)
6.) REBOOT NORMALLY (it WILL be gone, guaranteed)

---

And, "eat your words" now flavored with the "bitter taste of YOUR OWN DEFEAT"...

* This absolutely WILL work, no questions asked/period... vs. the CURRENT design of this botnet/rootkit that is...!

(That is, until the rootkit makers change the rootkit's bogus MBR protecting driver to not only protect the fake MBR, but also the rootkit's driver initialization area, in the registry (which disable can stop): They do THAT? "HOUSTON WE HAVE A PROBLEM!" )

Fact is, I first posted on it here 2 days ago in fact:

http://tech.slashdot.org/comments.pl?sid=2275150&cid=36593272

* I see you're trying to "sell your wares" here, but they are non-sequitur, & unneeded... folks already HAVE the tools to dispatch this thing & yes, others like it...

APK

P.S.=> Also, Since my systems don't get "sick" with malware in the 1st place because of this guide & its points:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

What do I have to worry about? I never GET malware in the first place & haven't in decades, because of that guide's points!

(Others have experienced the same, after they have applied that guide's points + practice its techniques to avoid infestations, & I believe I posted their testimonials to that effect here as well!)

Plus, I can "knock out" malwares like this rootkit/botnet blended theat tech utilizing rootkit/botnet before it gets to do anymore damage & remove it completely first on systems that do!

(Then knockout other malware it brought in later into Ring3/RPL3/Usermode GUI shell via ProcessExplorer IF need be)

Your point's moot... and you KNOW it!

... apk

IF you have the hosts-domain name for the C&C servers this botnet uses!

(And, I do have all of them for TDSS, Zeus, SpyEye, CoreFlood, & MANY others, & ones for this one also that are known from past models of it mind you)

In fact, as of RIGHT NOW (slow day today on updates, but it's a holiday weekend too)?

My HOSTS file protects me vs. 1,466,975++ known bad sites/servers/adbanners/hosts-domains... as of this writing & checking its temp file before OVERWRITE COMMIT to my actual HOSTS file (not in std. location either, I point it to another location in fact, to fool most malware that don't do the correct check for it beyond std. default location (QHosts being an example virus that did that in fact in the past)).

Then, yes - HOSTS can help see this from a /. member here in fact as a testimonial thereof to that effect above & beyond my own:

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

HOSTS, work, & help... especially in combination with:

---

A.) DNSBL protection I get from Norton DNS which filters vs. malware and updates around every 1/2 hr. or so, & that I can attest to with proof if needed

B.) Firewall rules tables (software or hardware type, vs. IP Addressed threats that do NOT use hosts-domain names)

---

* It's ALL about "layered security" & I've been practicing it, & remained infestation free, since 1996 or so in fact... because of this:

I "preach" layered security, & have since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 300,000 - 500,000++ views online, last I checked (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... have YOU done better, troll?

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

Norton DNS or my HOSTS file would block it, but I wouldn't worry about that (say if my nephew or brother who uses my system @ times infest it by accident)?

Well - Typical virus/spyware/trojans/malware-in-general, I'd knock it off using Process Explorer IF I had to!

(That's my "never fail tool" that can be used vs. malware-in-general that possibly std. tools like antivirus/antispyware doesn't kill - that IS because their signatures/mugshots of known offenders sometimes doesn't HAVE new stuff in it (&, that's usually only a matter of time too with submissions from millions all over the globe & what-not)).

Process Explorer (for std. "Ring3/RPL 3/UserMode" malware that is) is EXCELLENT for killing unknown ones (& you can always spot them, even IF they hide beneath another exe they hook (via libs) or services (libs or exes)).

You tell it to "freeze" the culprit, which it sends HLT commands to, & then? You destroy it on disk... simple!

---

Many times here in the past, I have said most security is "reactive" in nature before here, antivirus/antispyware too - but the rest of it, comes from the user being diligent patching OS & apps, PLUS, being smart about surfing!

Case in point?

E.G.-> Another PROACTIVE measure that cuts of a vector of infestation @ the root?

Disabling javascript's "all the time" - only use it, where you absolutely NEED it!

Say for ecommerce or reputable sites only!

(Opera allows for this excellently, as it has a BY SITE PREFERENCES setup, & globally I surf w/ out script active by default, plugsins too (e.g.-> Adobe Flash going thru hell all the time is why with bugs)) another PROACTIVE way to avoid trouble too!

E.G.-> Since 2004, I can show you a slew of reports on adbanners ALONE that infected folks by the 1,000's if not millions via malicious scripting, & bogusly scripted sites (which Norton DNS' DNSBL & HOSTS files block & my hosts file? Updated EVERY 15 minutes, automatically for me as I stated, via a Python system I built/co-built/rebuilt))

The rest of what I do "PROACTIVELY"? Is in my p.s. below... it works!

Would you like tesimonials to that effect? Ok:

I "preach" layered security, & have since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 300,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... have YOU done better, troll?

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED: