Slashdot Mirror

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT QUOTE/EXCERPT:

---

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

---

* That's a DIRECT QUOTE from said URL I just posted from rootkit.com

( ... & nobody knows better on just how to bypass "std. protective measures" that I've seen to date (I've posted this to Microsoft before, they didn't deny it either))...

---

"There aren't really any noteworthy Linux-specific viruses that affect desktop systems." - by heypete (60671) on Friday June 22, @04:35PM (#40416263) Homepage

Oh, that's an EASY one to "shoot down in flames" too - simply because malware makers in general are JUST LIKE PICKPOCKETS, & target the most easily exploited less security-conscious "noobz" (for lack of a better expression here) & where they generally are - on the MOST USED OPERATING SYSTEM PLATFORM on PC desktops + Servers combined - that's Windows.

ANDROID shows you the same thing happening on a Linux variant (since Android IS A LINUX) - most used = most attacked.

Makes sense from the malware makers' point-of-view - better "ROI" for efforts expended on malware creations!

---

As far as Antivirus programs?

Hey - first, they are NOT perfect, & ARE TARGETTED BY MALWARE once it "gets inside", to be "turned off"... & they DO make false positives (I've proven that YEARS ago vs. CA, & more recently vs. Comodo, McAfee, ArcaBit/ArcaVir, Symantec/Norton, & others - each of which has either recanted/removed a false positive detection, OR, are in process doing so (when 70++ others did NOT find such findings on the ware concerned)).

(No youngsters - the BEST THING WE HAVE GOING is the concept & yes, practice, of "layered-security"/"defense-in-depth" & yes, it really works!)

APK

P.S.=> Lastly - Someone rated you funny (yourself via your alternate registered 'luser' accounts here no doubt) - what's even funnier is how I am going to systematically TEAR YOU APART & watch you run from disproving my points here, and here -> http://yro.slashdot.org/comments.pl?sid=2933305&cid=40421131 ... NOW that's going to be funny, as it always is, when I "dust & dispatch" puny trolls like yourself...

... apk

Per my subject-line above, & this URL below (where you asked your questions):

http://slashdot.org/comments.pl?sid=1495166&cid=30715150

"Hi APK :)" - by Foredecker (161844) * on Sunday January 10, @11:57AM (#30715150) Homepage Journal

Hello Foredecker!

----

"Happy new year! Its been the Christmas and New years holiday. I've been on vacation. So has almost anyone else I'd need to talk to about this. We're all back now, but we're all very busy getting going after the Holidays." - by Foredecker (161844) * on Sunday January 10, @11:57AM (#30715150) Homepage Journal

Great, that's good news (& pretty much what you wrote in your email also)...

----

"Be patient :) Ill get to this. I just dont know when. I think I can get back to you by mid February, but it may be March.." - by Foredecker (161844) * on Sunday January 10, @11:57AM (#30715150) Homepage Journal

That's ok - See... this isn't just for "my benefit", but for all the folks that use HOSTS files

(Folks like Mr. Oliver Day @ securityfocus.com -> http://www.securityfocus.com/columnists/491 who KNOWS it gains you better online speeds AND security (as he states it in his article there for SYMANTEC) , the folks @ mvps.org -> http://www.mvps.org/winhelp2002/hosts.htm and the folks @ bluetack/BISS who do also -> http://blocklistpro.com/biss-hosts-file-manager.html & many others online, like myself, who know BOTH the added speed and security benefits inherent in the use of a CUSTOM HOSTS file...

I mean, hey - After all:

You folks @ Microsoft can regain what you yourselves made as a BETTER STANDARD (setting a new one) in HOSTS files being able to use a 0 blocking address (which in turn yields a faster internal parsing format per each line record in a HOSTS file for blocking purposes by doing so, because of less characters per line (using 0, vs. 0.0.0.0 or worse yet, 127.0.0.1) as well as a small HOSTS file...) back as far as Windows 2000, albeit, in a service pack AFTER its original distro on CD... which you kept up even into VISTA, up until MS "Patch Tuesday" on 12/08/2008, when it was suddenly removed... why though?

The fairly "recent" changes to the IP stack in VISTA/Windows Server 2008/Windows 7 have resulted in some "StRaNgE" stuff happening like -> http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx OR here -> http://www.microsoft.com/technet/security/advisory/977544.mspx and, of course, what rootkit.com said about unhooking the firewall design based on NDIS6/WFP now being EASIER TO UNHOOK THAN THE OLDER MODELS OF WINDOWS HAD -> http://www.rootkit.com/newsread.php?newsid=952 ...

(I'm only trying to help you AND your company, by pointing this issue I have noted on HOSTS files being unable to use a 0 blocking address internally is all (because HOSTS files are invaluable for gaining both SPEED, and LAYERED SECURITY)... &, because the numbers & "physics of it" tend to bear out what I state here as the absolute truth is all as to the efficiency of the 0 blocking address format, vs. 0.0.0.0 &/or 127.0.0.1 ...)

There is, again, per my email to you, another issue surrounding this: That's the local DNS Client Cache FAILING on larger HOSTS files... that's another one to look into, in regards to this HOSTS files issue too.

"you're talking to the person who implemented samba's 2nd nmbd improvements, back in 1996, and demonstrated the world's first multi-workgroup / multi-PDC server on microsoft's campus, in about 1998." - by lkcl (517947) on Saturday December 26, @09:13AM (#30555560) Homepage

Good: Then YOU are EXACTLY the kind of person around here I'd like to "run this by" so please: Read this, end-to-end, & comment back if you would (thanks):

I am going to tell you a way to get around this NetBIOS flaw (HOSTS & LMHOSTS) & other DNS issues until it's fixed (& I think YOU, of all people here, will understand, & yes, appreciate it (if not be able to "punch holes" into what I write (good luck)):

It's a QUITE OLD way, that works, in custom HOSTS files (specifically, via "hardcoding" your fav. most used sites into it - this technique is DEEP into this post, so read it, end-to-end, IF you are interested in a working "fix"):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you most likely use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in th

"Ever heard of DNS cache poisoning?" - by AigariusDebian (721386) on Friday December 25, @10:13PM (#30553924) Homepage

Yes, I have... & TOO MANY TIMES the past 5++ yrs. now (see lists below in fact)... So, thus, I am going to tell you a way to get around it: And, a VERY OLD way, that works, in custom HOSTS files (specifically, via "hardcoding" your fav. most used sites into it - this technique is DEEP into this post, so read it, end-to-end, IF you are interested in a working "fix"):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you most likely use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. et al)?

WELL - I also use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:

This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs.

"Appletalk Name Binding Protocol (NBP) is also likely to be vulernable, as is Novell's Service Advertising Protocol (SAP), was well as Multicast DNS (sort-of-aka Avahi, Zeroconf, Bonjour). At the end of the day, you can't completely trust what somebody else says unless you already explicitly trust them." - by anti-NAT (709310) on Saturday December 26, @05:47AM (#30555096) Homepage

Here is a VERY OLD 'something' that can fix this problem in BOTH NetBIOS and yes, DNS itself, in the meantime - for the end user: A CUSTOM HOSTS FILE!

Specifically, the "DOMAINNAME/HOSTNAME-to-IP ADDRESS" equation in them, & "hardcoding" it there (so you do NOT get "misdirected" by an attacker of DNS or NetBIOS). That's fairly DEEP into this post, so, if you are interested? Read on:

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you most likely use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially h

"So a new flow in the Netbios protocol, tell me something new. Once we had a rogue router plugged in the network who was happily changing the DNS setting on the Windows workstations. Nothing else, just DNS settings. This case alone should give nightmares to any Netbios administrator." - by Krneki (1192201) on Saturday December 26, @08:03AM (#30555354)

What I will tell you MAY be "something new" to YOU, but... it's actually QUITE OLD, but, can work vs. this flaw: HOSTS FILES!

THIS? This is just yet another reason (many more exist below, regarding DNS itself is why I state that) WHY the "old faithful" HOSTS file can be of use here: To counter this NetBIOS + DNS flaw!

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/ [blogspot.com]

C.) Sites like FireEye -> http://blog.fireeye.com/ [fireeye.com]

D.) SRI -> http://mtc.sri.com/ [sri.com]

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. et al)?

WELL

"All that said, most places have it absolutely wrong which is why AdblockPlus and NoScript are my first two stops when installing FireFox." - by gnick (1211984) on Thursday December 17, @10:45AM (#30474120) Homepage

Per my subject-line above: How about a GLOBAL solution, instead, & one that extends to ALL of your "webbound apps", instead, AND acts as "layered security" in combination with the FF/Mozilla only methods you use (which slow your browser down, use CPU cycles & more... where this solution does not & covers ALL webbound apps, globally)??

Ok, well then - Here we go, & on that note, specifically:

Here is a GOOD SOLID & GLOBAL WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can also be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/ [blogspot.com]

C.) Sites like FireEye -> http://blog.fireeye.com/ [fireeye.com]

D.) SRI -> http://mtc.sri.com/ [sri.com]

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 that it is EASIER

Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

Hey - NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. et al)?

WELL - I use another "

Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

Hey - NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. et al)?

WELL - I use another "

Adblock is not good & WHY.

Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

Hey - NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. e

Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

Hey - NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. et al)?

WELL - I use another "

"I can't count how many times I've stared for 10+ seconds at a white screen with "connecting to foo.ads.doubleclick.com" is in the status bar at the bottom. I really don't know if its the browser(s), or if the pages in question are designed to load ads first.... either way, its goddamn annoying." - by Killall -9 Bash (622952) on Monday November 30, @12:39PM (#30271714) Homepage

Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

Hey - NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? M

"Technology: Are Ad Servers Bogging Down the Web? Yes. Period." - by Monkeedude1212 (1560403) on Monday November 30, @12:32PM (#30271618)

Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!

(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file & a file eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:

SO - "that all said & aside"? Well, per your reply??

Hey - NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

"Quite often you will be loading a website, and be staring at a blank screen with "making connection to ads.blablabla" at the bottom.... The page itself has loaded, but won't display until the browser has managed to retrieve the ads. Also you will see ad servers in completely different locations to the site you're viewing, and therefore much slower. Also, some ads are especially large, especially animated flash ones, and can add a noticeable delay to a page load even if the ad server isn't slow or lagged. My pet hate btw, are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things. - by Bert64 (520050) on Monday November 30, @12:31PM (#30271612) Homepage

Per my subject-line, Hello Bert64 (again), & here is a GOOD SOLID WORK-AROUND (especially considering you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, & from a single easily edited file (which I am sure you know about, but, others may not, so... here goes):

NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

"Give the UI back to the user and leave the flashing marquee tags in Las Vegas" - by eldavojohn (898314) * on Monday November 30, @12:27PM (#30271582) Homepage

NO PROBLEM, 110% agreement here on that account... & more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):

I use a custom HOSTS file, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...

SO, to "CIRCUMVENT" THAT WHICH YOU NOTE & to get more speed online (besides/above potentially hijacked adbanners etc. et al)?

WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:

This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.

(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &

"One of the things that pisses me off to no end, are third party ads that are spewing crap/malware to driveby web browsing. I don't personally get infecgted by them, because I run all the latest anti-malware defenses (adblock, noscript, firefox etc). But I'm in IT, and I see way too many machines compromized by the lastest "Antivirus 2010" styple crap/malware all the time. Websites that house such malware should be blacklisted. Screw them if they can't make a living without using dubious adverts - by Archangel Michael (180766) on Monday November 30, @12:33PM (#30271632)

Archangel Michael, meet "the LORD OF HOSTS" (just in keeping with your nick/handle here, AND the fact that much of what you note is covered by another tool you omitted mentioning that is easily edited, everyone has one (if their OS IP stack is BSD based, most all are iirc), & eats no CPU cycles like a local DNS server can (& are not as security vulnerable either if you protect write access to a HOSTS file also):

I use a custom HOSTS file, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, & that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", & of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).

HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too!

You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!

(More on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I also further populate & keep current my custom HOSTS file with up to date information in regards to all of those threats, via:

----

A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)

B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/

C.) Sites like FireEye -> http://blog.fireeye.com/

D.) SRI -> http://mtc.sri.com/

----

My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).

(I combined ALL reputable HOSTS files with one of my own (30,000 entries), & I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

Another EXCELLENT benefit of HOSTS file usage? More speed online, & also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &/or Moxie Marlinspike finding various security vuln

"1) If there is a flaw in the software, i can tell you DNS server that I slashdot is at 80.65.228.129 or that your bank resolves to my MITM attack site.
2) I can use up all of your routers resources and then you can't lookup any sites yourself" - by RiotingPacifist (1228016) on Sunday November 15, @09:38AM (#30105686)

RP, that is why I use a custom HOSTS file & not only to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too, from reliable reputable lists but also for speed (more on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I further populate my custom HOSTS file with up to date information in regards to all of those threats, via Spybot "Search & Destroy" updates (populates HOSTS and browser block lists), but also via sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/ or sites like FireEye -> http://blog.fireeye.com/ , stopbadware.org, & also SRI (just to name a few of my sources) & my HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia (all duplicates removed via a Borland Delphi app I wrote to do so, and also change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

HOWEVER, to "CIRCUMVENT" THAT WHICH YOU NOTE? WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:

This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP (especially since I use external DNS servers too, beyond my hardcoded favs in my HOSTS file because I can't ping & resolve the ENTIRE internet after all), making it harder for them to track me... sure, they could do a "reverse DNS lookup" via pings &/or traceroutes & the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))

ALSO, AS A "BONUS" in HOSTS FILES:

It speeds you up, for one thing, & a buddy of mine says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a years, & he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), & if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:

====

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major

Per my subject-line above, & the findings of ROOTKIT.COM in regards to Windows VISTA/Server 2008/Windows 7's NDIS6 firewall(s) & also in regards to some things done in HOSTS files after 12/09/2008 that Microsoft has done that made a HOSTS file (for those that use them for BOTH added speed & added security online, & there are many 1,000's of us mind you, such as the folks that use SpyBot "Search & Destroy" + mvps.org's members, as just a SMALL FRACTION of "that faction"):

Per -> http://slashdot.org/comments.pl?sid=1429510&threshold=-1&commentsort=0&mode=thread&cid=29967174

That URL above's where I addressed a member here named Foredecker, for the 3rd time now (along with other folks here who claimed to be MS employees), since he claims to be a development mgr. @ Microsoft:

====

THIS IS ADDRESSED TO ANY PERSONNEL FROM MICROSOFT:

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

----

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

----

(AND, more importantly, since you claim to be a senior development mgr. @ Microsoft, what you plan to do about it (or, if you plan to @ least investigate their claims @ least - because this is only to POINT THIS OUT TO YOU PEOPLE @ MS, & up to you to @ least "check it out", as to the veracity of it... thanks!))

I am pointing this out to you, based on their claims @ ROOTKIT.COM and for the fact the seemingly provide actual exploit code for "unhooking" (making useless) the firewall(s) designed based from NDIS6... please, look into it, or @ least give us an idea of your intent in regards to this. Thanks.

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then (it was in VISTA prior to 12/09/2008 MS "Patch Tuesday" though, so how come it is gone now? You folks added it into Windows 2000, but, it was NOT in Win2k onwards (2000SP#?/XP/Server 2003/ & yes, VISTA, until 12/09/2008)), until MS put 0 as a legit blocking IP address into Windows 2000 in a service pack because prior to that SP for Windows 2000, the BEST IT COULD DO/USE, was 0.0.0.0, because in HOSTS files:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & using hosts thus, speeds you up online as well as a bonus for speed (see Mr. Oliver Day below as well as myself on THIS note) , not only yielding one more safety online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? and in doing so, you also gain speed by not downloading or calling out to said adbanner servers also) and, HOSTS also provide another option for more speed, by allowing a user to optionally also speed ones' self up online as well, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!) or, even allows a user to avoid being logged on a DNS request log theoretically @ least I would think

(AND, sure: An ISP/BSP can check where you went, & so can anyone because of the top-level domain that maintains the reverse DNS request lookup tables, & a ping or traceroute does the rest of the job, but this makes it harder to do by "the infamous they" is all, in hardcodes of favs & avoiding DNS server request logs potentially).

AND

b. HOSTS also make you SAFER online, not as much CPU + o

Per my subject-line above, & the findings of ROOTKIT.COM in regards to Windows VISTA/Server 2008/Windows 7's NDIS6 firewall(s) & also in regards to some things done in HOSTS files after 12/09/2008 that Microsoft has done that made a HOSTS file (for those that use them for BOTH added speed & added security online, & there are many 1,000's of us mind you, such as the folks that use SpyBot "Search & Destroy" + mvps.org's members, as just a SMALL FRACTION of "that faction"):

Per -> http://slashdot.org/comments.pl?sid=1429510&threshold=-1&commentsort=0&mode=thread&cid=29967174

That URL above's where I addressed a member here named Foredecker, for the 3rd time now (along with other folks here who claimed to be MS employees), since he claims to be a development mgr. @ Microsoft:

====

THIS IS ADDRESSED TO ANY PERSONNEL FROM MICROSOFT:

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

----

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

----

(AND, more importantly, since you claim to be a senior development mgr. @ Microsoft, what you plan to do about it (or, if you plan to @ least investigate their claims @ least - because this is only to POINT THIS OUT TO YOU PEOPLE @ MS, & up to you to @ least "check it out", as to the veracity of it... thanks!))

I am pointing this out to you, based on their claims @ ROOTKIT.COM and for the fact the seemingly provide actual exploit code for "unhooking" (making useless) the firewall(s) designed based from NDIS6... please, look into it, or @ least give us an idea of your intent in regards to this. Thanks.

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then (it was in VISTA prior to 12/09/2008 MS "Patch Tuesday" though, so how come it is gone now? You folks added it into Windows 2000, but, it was NOT in Win2k onwards (2000SP#?/XP/Server 2003/ & yes, VISTA, until 12/09/2008)), until MS put 0 as a legit blocking IP address into Windows 2000 in a service pack because prior to that SP for Windows 2000, the BEST IT COULD DO/USE, was 0.0.0.0, because in HOSTS files:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & using hosts thus, speeds you up online as well as a bonus for speed (see Mr. Oliver Day below as well as myself on THIS note) , not only yielding one more safety online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? and in doing so, you also gain speed by not downloading or calling out to said adbanner servers also) and, HOSTS also provide another option for more speed, by allowing a user to optionally also speed ones' self up online as well, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!) or, even allows a user to avoid being logged on a DNS request log theoretically @ least I would think

(AND, sure: An ISP/BSP can check where you went, & so can anyone because of the top-level domain that maintains the reverse DNS request lookup tables, & a ping or traceroute does the rest of the job, but this makes it harder to do by "the infamous they" is all, in hardcodes of favs & avoiding DNS server request logs potentially).

AND

b. HOSTS also make you SAFER online, not as much CPU + o

Foredecker, per my subject-line above - Please answer on these following points, thanks (I would like answers on what you folks @ MS plan to do, in regards to points 1- 2 a & b):

Per -> http://slashdot.org/comments.pl?sid=1429510&threshold=-1&commentsort=0&mode=thread&cid=29967174

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

(AND, more importantly, since you claim to be a senior development mgr. @ Microsoft, what you plan to do about it (or, if you plan to @ least investigate their claims @ least - because this is only to POINT THIS OUT TO YOU PEOPLE @ MS, & up to you to @ least "check it out", as to the veracity of it... thanks!))

I am pointing this out to you, based on their claims @ ROOTKIT.COM and for the fact the seemingly provide actual exploit code for "unhooking" (making useless) the firewall(s) designed based from NDIS6... please, look into it, or @ least give us an idea of your intent in regards to this. Thanks.

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because in HOSTS files:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & using hosts thus, speeds you up online as well as a bonus for speed (see Mr. Oliver Day below as well as myself on THIS note) , not only yielding one more safety online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? and in doing so, you also gain speed by not downloading or calling out to said adbanner servers also) and, HOSTS also provide another option for more speed, by allowing a user to optionally also speed ones' self up online as well, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!) or, even allows a user to avoid being logged on a DNS request log theoretically @ least I would think

(AND, sure: An ISP/BSP can check where you went, & so can anyone because of the top-level domain that maintains the reverse DNS request lookup tables, & a ping or traceroute does the rest of the job, but this makes it harder to do by "the infamous they" is all, in hardcodes of favs & avoiding DNS server request logs potentially).

AND

b. HOSTS also make you SAFER online, not as much CPU + other forms of I/O burning use needed, vs. things like local DNS servers, or other forms of OS level/IP stack level filtering &/or caching solutions do...

(As seen in more complicated filter like iptables in Linux for example: Yes, no cpu burned there either, but that's just more complex than editing a text file like HOSTS is)

Nor does using a HOSTS file with favorites/bookmarks hardcoded involve communicating with a potentially compromiseable DNS server that definitely use more RAM in a local DNS program being used by a user, vs. a HOSTS file, as well as other forms of IO + CPU usage (as much, or more, than a HOSTS in a local diskcache or DNS local client cache would).

Using HOSTS files, YOU can also, for safety, EASILY "Block out" known bad servers using HOSTS files, for security!

(From RELIABLE lists, that are easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy + WIKIPEDIA even)

"This APK guy goes away if you ignore him for a while. He needs meds." - by symbolset (646467) on Tuesday November 03, @11:03PM (#29973298)

Symbolset, this isn't the 1st time you've used an "adhominem" style attack of myself on me, rather than attacking my points (so, I thought I'd let that be known, first of all). Secondly, I tend to agree with what was said here by others:

http://slashdot.org/comments.pl?sid=1429510&cid=29977664

And, you'd need an attorney (if not meds for being the crazy one here), if you keep libelling others that way, online or otherwise, symbolset (if not an iron jaw, because sooner or later? You'll run into a "real bad motor scooter" that's going to "punch out your lites" for your libellous mouth).

Above all else - Do you possess a license to practice psychiatry & to dispense such diagnoses? No?? Didn't think so. Did you perform a formal psychiatric examination on myself to come up with your "sidewalk surgeon/quack" immediate "prognosis/diagnosis"??? No again????

So much for YOU, and, if THAT is "the best you have"????? I suggest you get over your "wannabe PHD in psychiatry status"...

====

And, another "added note" on HOSTS files, from SECURITYFOCUS.COM (just to put the "icing on the cake" from my original post, & this IS IN FAVOR OF HOSTS FILES, again):

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

----

A noted security expert/journallist is even "seeing the light" as to HOSTS files benefits for both SPEED, AND SECURITY, as I stated to foredecker (our alleged MS dev mgr. here on /.)

AND, of course, there IS the issue of the single/dual layer "WFP" firewall design in Windows being EASIER TO "UNHOOK", by rootkit.com's analysts as well (once more):

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

====

The main thing is, WHY DOESN'T FOREDECKER RESPOND? Have I, "little ole' me", caught MS with their "pants down"? Wouldn't be a first: Ask Dr. Mark Russinovich about that, & his "rookie hardcodes" in his pagedefrag.exe tool I pointed out he hardcoded C:\ into, & that I told he EXACTLY why/where/how to fix it + he thanked me for it.

(Nuff said... &, "too, Too EASY")

APK

P.S.=> Of course, above ALL else, is the fact that this alleged development manager from Microsoft, in Foredecker, is refusing to respond here, vs. my original initial points as well on both HOSTS files in VISTA/Server 2008/Windows 7 and the WFP firewall design (vs. the older & NOT EASILY UNHOOKED firewall designs in Windows 2000/XP/Server 2003 in my original post to here, here -> http://slashdot.org/comments.pl?sid=1429510&threshold=-1&commentsort=0&mode=thread&pid=29967174 )... apk

To FOREDECKER (an MS mgr.):

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

(AND, more importantly, since you claim to be a senior development mgr. @ Microsoft, what you plan to do about it (or, if you plan to @ least investigate their claims @ least))

They provide code for "unhooking" (making useless) the firewall(s) designed based from NDIS6... please, look into it, or @ least give us an idea of your intent in regards to this. Thanks.

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because in HOSTS files:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & using hosts thus, speeds you up online as well as a bonus for speed, not only safety (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? ) and, optionally also speeding ones' self up online as well, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!)

AND

b. HOSTS also make you SAFER online, no CPU or RAM + other forms of I/O burning use needed

(As seen in more complicated filter like iptables in Linux for example: Yes, no cpu burned there either, but that's just more complex than editing a text file like HOSTS is)

Nor does it involve communicating with a potentially compromiseable DNS server that uses RAM, CPU, & other I/O.

YOU can easily "Block out" known bad servers using HOSTS files, for security!

(From RELIABLE lists, that are easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy + WIKIPEDIA even)

Doing that, YOU CANNOT BE BURNED by many a malware!

A hosts file is on EVERY SYSTEM THAT USES A TCP/IP stack based on BSD ref. designs (not some fantasy land db that doesn't exist, but, instead in a HOSTS file you have already that is easily edited or downloaded from places like mvps.org or here -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] )

----

I noted this to you MS folks here on THIS site, and same here, on MS' own blogs on "Engineering Windows 7":

Welcome to our blog dedicated to the engineering of Microsoft Windows 7:

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

(Albeit there @ that blog, with a HELL of a LOT more technical detail on the comparison of the 3 part design of the older IP stack defense system (tcpip.sys surrounded by ipfltdrv.sys (gone now in WinVISTA/WinSrv2k8/Windows7), ipsec.sys, & ipnat.sys) & it is NOT AS EASY TO "UNHOOK" as is the "single/dual part only" based "WFP" (windows filtering platform) based firewalls now in VISTA/WindowsServer 2008 & Windows 7, per rootkit.com quoted above no less))

----

At MS' "Engineering Windows Blog" in the URL above? Well - I said pretty much the SAME stuff, & in that latter one? Well... I was "blown off" as was everyone else in the end!

(Hey - We're (guys like myself or others pointing out things we have noted) ONLY TRYING TO HELP MS)

NOW - I actually hope I am wrong, but...

Loads of a smaller HOSTS file, LINE BY LINE smaller, are entirely PROVABLE easily as being faster (in the File Open/Read/Flush-Close i-O cycle usin

SMALL AMENDMENT TO MY EXAMPLE ABOVE (which anyone can test, who codes @ LEAST):

E.G.->

====

Using 127.0.0.1 here, on a HOSTS file I have with 660,000 known bad servers in it?

I get a 22+mb sized HOSTS file

----

Using 0.0.0.0 here, on the SAME line entries in that HOSTS file I have with 660,000 known bad servers in it, albeit using 0.0.0.0 now instead of 127.0.0.1??

I get am 18+mb sized HOSTS file

----

Using 0 here, on the SAME line entries in that HOSTS file I have with 660,000 known bad servers in it, albeit using 0 now instead of 0.0.0.0 or 127.0.0.1??

I get am 14+mb sized HOSTS file

====

Amending that from my parent post, to make the point ABSOLUTELY clear on HOSTS files using the smaller, faster, & MORE EFFICIENT 0 based blocking "IP Address" vs. the larger & slower 0.0.0.0 + the worst of all 127.0.0.1 (because of size AND THE FACT IT IS A "LOOPBACK" operation as well, where 0 & 0.0.0.0 are not) cases in HOSTS files.

Ever since Windows 2000 SP#1=#4, not the original OEM model of Windows 2000 on CD distro from MS? You could use 0... it was put in place to use, probably exactly because of what I note here (faster, smaller, thus more efficient to use for the purposes of blocking bad content online in bad sites or bad adbanners). This "held true" all the way from Windows 2000 SP's, thru Windows XP, into Windows Server 2003... & yes, into VISTA (up until 12/09/2008 "patch tuesday")...

SO, WHY REMOVE IT NOW?

APK

P.S.=> "Size matters"... & for speed + efficiency here, & SMALLER IS BETTER/FASTER/MORE EFFICIENT, by far! AND AGAIN, perhaps MOST importantly, there IS this:

http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com]

----

PERTINENT EXCERPT/QUOTE:,/b>

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

----

Some "food 4 thought", on BOTH accounts... apk

"That said, I'd be interested in seeing answers (rather than responses like my own) to these questions." - by Hucko (998827) on Tuesday November 03, @02:16AM (#29960820)

Ok, HERE? We are in UTTER AGREEMENT - I have confronted Microsoft on their "Engineering Windows 7" blog:

----

Welcome to our blog dedicated to the engineering of Microsoft Windows 7:

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

----

(search "APK" there, you will see my posts on this, with FAR MORE TECHNICAL DETAIL and SOURCES from MS themselves no less, comparing the design of the new "WFP" based NDIS6 firewalls + port filtering methods, vs. those in older Windows NT-based OS such as Windows 2000/XP/Server 2003, which used a 3 part system)

AND, I did so there, with the exact points I enumerated above with even MORE DETAIL, because it was @ MS, & about engineering their new OS' no less!

(AND, the link IS in my initial post clearly boldly marked as such no less, as it is above now... & this is why I AM BAFFLED as to why you cannot figure out my sources & where I posted them etc. et al) + a user named FOREDECKER here on /., who claims to be a senior development mgr. @ Microsoft, & then these gents here who claimed to be MS employees as well...

I have REPEATEDLY confronted ALLEGED Microsoft personnel here & on other forums as well (only to get evasions or outright avoidance of my points also., if not "effete down mods" & being flamed/harassed/trolled by others about LAME things like 'writing style')

WELL - to those types, I can only say this:

PRODUCE YOUR PHD IN ENGLISH? I just *might* (might mind you) listen, but even IF they had a PHD in English, it is like resumes - 1 "expert on writing" will say it's fine, another will not (so, so much for writing critics, because beauty &/or readability IS in "the eye of the beholder" (and his brain too)).

Something's up though - because I have gotten NOTHING but evasions on both HOSTS files having 0 removed in HOSTS file as a possible blocking "IP ADDRESS" (when Microsoft in fact, DID put it into place in a Service Pack in Windows 2000, not its original shipping OEM model on CD mind you, & kept it there all the way into VISTA until MS "patch tuesday" on 12/09/2008) AS WELL AS ON ROOTKIT.COM's statements I quoted in my original post, and outline here also below...

http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com]

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

====

"They, if true, are baffling." - by Hucko (998827) on Tuesday November 03, @02:16AM (#29960820)

Oh, they're TRUE alright - AND, quite easily verified as well, no less!

In fact - check for yourself (if you can code, it is EASY to do, by making a larger HOSTS file (relative term) & 1 version using 0 as a blocking "IP Address", another version using the less efficient line by line read 0.0.0.0 as a blocking address, & lastly a version using the least efficient 127.0.0.1 "loopback adapter" std. IP address for blocking out bad website or adbanners etc. et al).

E.G.->

----

Using 127.0.0.1 here, on a HOSTS file I have with 660,000 known bad servers in it?
I get a 22+mb sized HOSTS file

Using 0.0.0.0 here, on the SAME line entries in that HOSTS file I have with 660,000 known bad servers in it, albeit using 0.0.0.0 now instead of 127.0.0.1??
I get am 18+mb sized HOSTS file

Using 0.0.0.0 here, on the SAME line entries in that HOSTS file I have with 660,000 known bad servers in it, albeit using 0.0.0.0 now instead of 127.0.0.1??
I get am 18+mb sized HOSTS file

----

"As a long time MS employee I can say that what the article says is only partially true. Because Ballmer is no businessman either.
He would rather save a dollar than earn 10. He is so focused on reducing costs that he leaves billions in the table to save millions.
His management style could make sense in a company whose main problem is low margins, but when you have >50% operating margins and your only threats come from your competitors being able to outinnovate you (in many cases, simply through investing more, such as in mobile), then focusing on cost is not only absurd, it is irresponsible. If it wasn't his money as well I would claim he's a crook. Since it is, he's just a jerk." - by Anonymous Coward on Saturday October 31, @10:48PM (#29939173)

Ok, that said by you? Couple things I wanted some answers out of MS folks about, which I got NOTHING BUT EVASIONS from them on here:

http://tech.slashdot.org/comments.pl?sid=1417741&threshold=-1&commentsort=0&mode=thread&cid=29934743

(from a user here named "ForeDecker" who claims to be a senior level dev mgr. @ MS - he won't respond either, & here is the "long & short of it" I wrote he)

BOTTOM-LINE, to FOREDECKER (an MS mgr.):

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because it:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & hosts speed you up online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? ) and, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!

AND

b. HOSTS also make you SAFER online, no CPU or RAM + other forms of I/O burning use needed (as in more complicated filter like iptables in Linux for example, no cpu burned there, just more complex than editing a text file like HOSTS) or a potential compromiseable DNS server that uses RAM, CPU, & other I/O. Block out known bad servers (easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy)? YOU CANNOT BE BURNED, & a hosts file is on EVERY SYSTEM THAT USES A TCP/IP stack based on BSD ref. designs (not some fantasy land db that doesn't exist, but, instead in a HOSTS file you have already that is easily edited or downloaded from places like mvps.org or here -> http://en.wikipedia.org/wiki/Hosts_file )

----

and same here, on MS' own blogs on "Engineering Windows 7":

Welcome to our blog dedicated to the engineering of Microsoft Windows 7:

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

----

Where I said pretty much the SAME stuff, & in that latter one? Well... I was "blown off" as was everyone else in the end!

(Hey - we're ONLY TRYING TO HELP MS, & I actually hope I am wrong, but loads of a smaller HOSTS file, line by line smaller, are entirely PROVABLE easily, via anyone that can code that is

After I read ALL of this + the "adhominem" attacks I suspect YOU used vs. myself (only to YOUR own dismay - you aren't intelligent enough to even BEGIN to try to 'take me on' in this area, & you're obviously unarmed as well on this topic, what with your 'fantasy land' DB filesystem that doesn't exist, vs. the reality EVERYONE has a HOSTS file that's easily edited via notepad.exe & good valid ones are around online like mvps.org for better speed AND SAFETY onlnie)?

Well - since you complain (which fools no one) that you cannot READ or UNDERSTAND my points (old stale troll trick that)?

I am going to enumerate my points, short & sweet (albeit minus a good deal of detail, but most mgt. doesn't understand details where the "devils" are) to "ForeDecker" a mgr. @ MS:

BOTTOM-LINE, to FOREDECKER (an MS mgr.):

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because it:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & hosts speed you up online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? ) and, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!

b. HOSTS also make you SAFER online, no CPU or RAM + other forms of I/O burning use needed (as in more complicated filter like iptables in Linux for example, no cpu burned there, just more complex than editing a text file like HOSTS) or a potential compromiseable DNS server that uses RAM, CPU, & other I/O. Block out known bad servers (easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy)? YOU CANNOT BE BURNED, & a hosts file is on EVERY SYSTEM THAT USES A TCP/IP stack based on BSD ref. designs (not some fantasy land db that doesn't exist, but, instead in a HOSTS file you have already that is easily edited or downloaded from places like mvps.org or here -> http://en.wikipedia.org/wiki/Hosts_file )

----

Well, @ this point? Unfortunately, I suspect this IS "foredecker" responding as "A/C" & he is caught with his pants down, as most mgt. is, & all they say is "I don't understand or I could not read it" instead of coming clean & owning up to it, then learning more (they are not about learning, they are about scamming imo, having been one in my past & knowning i needed to know more so I went back for CSC degrees ontop of my MIS ones, which were on info. systems basically, NOT how this stuff REALLY works @ the lowest levels as CSC degree tracks DO show you + the theories behind them).

So, I would just like to KNOW WHY as to WHY the more efficient on diskspace & faster loading into RAM 0 based HOSTS file was removed in Microsoft VISTA, Windows Server 2008, & Windows 7 - there really MAY be a GOOD REASON, but everyone @ MS is avoiding it... this reeks of something BAD, imo, almost like a 'cover up'. Sounds nuts, but a straight answer like "here is the trade off we made" or "yes, we screwed up - expect a patch" would be FAR better. Own up to a fuckup, or just say "You have a point, expect a patch"

This was intentional, but, on WHAT GROUNDS? That's all I wish to know here.

This happened, again, after 12/09/2009 patch Tuesday, & onwards in Windows Server 2008 + Windows 7.

I just asked for a VALID techni

Thank you for stating the truth which is obvious. Personally, after I read ALL of this? I am going to enumerate my points, short & sweet (albeit minus a good deal of detail, but most mgt. doesn't understand details where the "devils" are) to "ForeDecker" a mgr. @ MS:

BOTTOM-LINE, to FOREDECKER (an MS mgr.):

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because it:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & hosts speed you up online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? ) and, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!

b. HOSTS also make you SAFER online, no CPU or RAM + other forms of I/O burning use needed (as in more complicated filter like iptables in Linux for example, no cpu burned there, just more complex than editing a text file like HOSTS) or a potential compromiseable DNS server that uses RAM, CPU, & other I/O. Block out known bad servers (easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy)? YOU CANNOT BE BURNED, & a hosts file is on EVERY SYSTEM THAT USES A TCP/IP stack based on BSD ref. designs (not some fantasy land db that doesn't exist, but, instead in a HOSTS file you have already that is easily edited or downloaded from places like mvps.org or here -> http://en.wikipedia.org/wiki/Hosts_file )

----

Well, @ this point? Unfortunately, I suspect this IS "foredecker" responding as "A/C" & he is caught with his pants down, as most mgt. is, & all they say is "I don't understand or I could not read it" instead of coming clean & owning up to it, then learning more (they are not about learning, they are about scamming imo, having been one in my past & knowning i needed to know more so I went back for CSC degrees ontop of my MIS ones, which were on info. systems basically, NOT how this stuff REALLY works @ the lowest levels as CSC degree tracks DO show you + the theories behind them).

So, I would just like to KNOW WHY as to WHY the more efficient on diskspace & faster loading into RAM 0 based HOSTS file was removed in Microsoft VISTA, Windows Server 2008, & Windows 7 - there really MAY be a GOOD REASON, but everyone @ MS is avoiding it... this reeks of something BAD, imo, almost like a 'cover up'. Sounds nuts, but a straight answer like "here is the trade off we made" or "yes, we screwed up - expect a patch" would be FAR better. Own up to a fuckup, or just say "You have a point, expect a patch"

This was intentional, but, on WHAT GROUNDS? That's all I wish to know here.

This happened, again, after 12/09/2009 patch Tuesday, & onwards in Windows Server 2008 + Windows 7.

I just asked for a VALID technical reason WHY this was done (especially after it was added to the reference TCP/IP design, altering it, by Microsoft & for ONCE, for a GOOD PERFORMANCE ORIENTED REASON, instead of intentional bloat to sell more INTEL CPU's by eating more power by being less efficient)...

It was NOT in the OEM original Windows 2000... it was added, but, ONLY after Windows 2000 was patched, because it's original OEM pre service pack version did not have that, it was added (& SOMEONE knew it was a "good thing", or else, wh

"and let's not even get into news of such obviously evil behaviour as offering a free CLI version of their compiler." - by Moraelin (679338) on Saturday August 29, @08:32AM (#29241739)

Dope dealers do "freebies", also, to get you "hooked" & on that 'crazy train'... & to tell the truth? They're completely evil, and in the worst way, by taking advantage of addiction & also human frailty/stupidity (which is NOT their fault though, on the latter, &, on the converse).

Do I feel MS does what you state, for those reasons? ABSOLUTELY. It makes good "business sense", & you see it all the way thru the entire 'business strata', from street levels thieves & thugs, up thru "KORPORATE AMERIKA", MS being an evidence thereof. Is that their SOLE reason to do that? No. I do not think so, but it does "figure in" as to why though imo.

Personally, I am SO surprised @ Microsoft lately: It truly bothers me in fact!

First off, I am a software dev that primarily does work around Win32 OS' over time (they're the most used is why imo & thus, provide the "greatest surface area" for potential employ would be my guess, & thusfar, it seems to have worked out that way for myself & others, & the numbers DO seem to "bear that out" in my experience @ least, so, "argue with the numbers"). In a way, I suppose MS has provided myself & others in this trade, a living, as well as nice tools for others to utilize. Still - this past year though, ever since VISTA came out & especially since 12/09/2008 (more on that below, details)? They're making me wonder.

1.) MS made things in the HOSTS file NOT WORK RIGHT (using 0 is no longer possible on VISTA, for a "blocking 'ip address'" in HOSTS files, as of the 12/09/2009 "Patch Tuesday" update & it continues in Windows Server 2008, as well as Windows 7)

2.) What was said @ rootkit.com regarding NDIS6 firewalls (as well as the entire 1 piece "WFP" design, vs. the older "greek phalanx"/"Zone Defense" methods used in previous builds of Windows) ->

----

PERTINENT QUOTE EXCERPT:

http://www.rootkit.com/newsread.php?newsid=952

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

----

Now, however?

THIS type of slimy, "not man" like behavior?? IF this is the truth??? Microsoft is slipping, & BADLY... stuff like this, gets out. We've all seen in it "the real world", & although some of you may not find it disgusting, I do & I am quite certain, I can assure you, that others feel thus as well - Why???? I hate "weasels & rats" who gang up on others to try to "harangue" them, or take them down, is why & I am not so different from most folks really, just an ordinary human being here.

I hate it, because I feel that type of activity IS "the province of scumbags"... & I have never, EVER felt that way, about Microsoft (@ least the "microsoft that was" under the guidance of "King Billy" & guys like Jim Alchin (but, they're "gone w/ the dawn" now pretty much). You want to do better?

Listen to your customers, deliver what they WANT (ala NO MORE DRM & the things I noted above on HOSTS + WFP/NDIS6) - build that better moustrap as "King Billy" put it during the hearings of United States vs. Microsoft, & you win, and you do so, on honorable grounds one can be proud of... not this type of crap. That's what PUSSIES do.

APK

P.S.=> I honestly hope this is NOT the truth about MS though, most of all, on this "ganging up on GOOGLE" really... because I hate seeing GOOD things, go BAD! Reputation's important, & people are NOT stupid, they can "see through" stuff like this, & I do not think most folks like it so, MS: Guys, cut the crap, you do NOT need to go about things this way, period... apk

"Windows may be guilty of 7 sins, but its main competitor on the desktop is derived from an OS with a daemonic mascot." - by Trepidity (597) on Thursday August 27, @04:52AM (#29213649) Homepage

Windows IP Stack is derived from that SAME OS, w/ a "daemonic mascot", BSD...

(Not that that's bad, because BSD's widely recognized as "the best in the business" afaik, for things IP - only thing is, I personally just don't LIKE what they've done to HOSTS files in VISTA, since 12/09/2008 "Patch Tuesday" onwards, into Windows Server 2008 &/or Windows 7)

That problem, is NOW the inability to use 0 as a blocking IP address in a HOSTS file, vs. 0.0.0.0 (next smallest & next most efficient) & 127.0.0.1 (worst of the lot, in the "loopback adapter address"))

That, & what rootkit.com found:

PERTINENT QUOTE EXCERPT:

http://www.rootkit.com/newsread.php?newsid=952

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

APK

P.S.=> I just don't understand MS lately - they're trying to sell folks what they do NOT want (the DRM stuff is probably the BIGGEST 'sticking point' for most folks, vs. what I note above on a guess though)... that? That doesn't work for greater sales - if they start listening to us "geeky types", they'd be far better off, because nowadays, folks don't pay as much attention to CORPORATE ANALYSIS/REVIEWS, but, instead, those of end-users like themselves (especially more "techie" users opinions/views/reviews)... apk

First of all - See subject line... & tell me you're NOT 'off topic'?

"I have no need or desire to address your supposed "facts" as doing so is not the purpose of this forum" - by ikkonoishi (674762) on Monday July 13, @11:48AM (#28677391)

Funny - I always felt forums WERE a place to discuss the topic @ hand, & not exercise profanity + adhominem attacks on the person stating ideas, but attacking &/or disproving ideas that are erroneous, for the good of all reading...

(Don't you mean that you lack the intelligence, facts, & overall wherewithall + intestinal fortitude to do so, rather? LOL!)

----

"You, of course, had the right to post your view, but you have to put up with whatever the internet sends your way in regards to comments." - by ikkonoishi (674762) on Monday July 13, @11:48AM (#28677391)

Yes, I do, & I have every right to expect others who do NOT disagree with them, to disprove the facts & tests I put up, instead of being called names, being modded down & when my post was modded up, modded down again, albeit based on name calling & profanities directed my way (the SURE SIGN OF LOSING & DEFEAT in debate, is "losing one's cool" & this post is REPLETE with that type of thing directed my way, in adhominem attacks, instead of disproving the points I made, with facts, or doing tests I noted such as this one when the poster was in error on this very topic -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673713 )

See HIS reply, because it is the "CLASSIC CASE" of what I am stating now, in being trolled, called names, adhominem attacked etc. & for what? Showing him he screwed up hugely??

He is not alone, this thread's full of THAT... nuff said.

APK

P.S.=> You like the film "The Watchmen"? Because ALL of you are making me laugh, thus you're ALL the "Comedian" & from the opening of the film & my "now famous list of accomplishments" I put up (fraction only mind you), well like I said there "My Name is OZYMANDIAS" & we ALL know, what HE did, to Comedian... lol!

"Windows 7 is coming." - by ikkonoishi (674762) on Monday July 13, @11:48AM (#28677391)

Never said it wasn't, only that it has problems & potentially really bad ones, especially per ROOTKIT.COM's findings, even more than my own... see here:

PERTINENT QUOTE EXCERPT:

http://www.rootkit.com/newsread.php?newsid=952

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

Speaking of the "Watchmen" again, on THAT particular note (& this musical one by Bob Dylan, once again)?

"Big BATTLE, outside ragin'... will soon shake your (Microsoft) Windows & RATTLE your (fire) walls... oh the times, they are a changin'..."

LMAO! apk

Physical memory analysis is an up and coming challenge for many law enforcement agencies. How can you guarantee that a suspect's computer was not infected by some bad memory-only malware? Current tools only address the hard drive and what it contains. There has been a lot of research into physical memory analysis over the past few years:

Rootkit.com: has been researching physical memory for years http://www.rootkit.com/newsread.php?newsid=130, but in a slightly different context (hiding vs finding).

BlackHat Talks:
http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Burdach/bh-fed-06-burdach-up.pdf
http://www.blackhat.com/presentations/bh-usa-07/Butler_and_Kendall/Presentation/bh-usa-07-butler_and_kendall.pdf

Papers: http://www.stormingmedia.us/50/5037/A503754.html
FatKit: http://www.4tphi.net/fatkit/
Contests: The Digital Forensics Research Workshop is running a Challenge to see who can create the best linux physical memory analysis tool: http://dfrws.org/2008/challenge/index.shtml

Now the commercial world is entering the fray: http://www.hbgary.com/hbgary_responder_datasheet.pdf

I'm looking forward to using some tools that don't require me to keep a notebook of esoteric command lines and a usb key full of dependencies. Not to mention some report friendly output. Should be a good year!

"For the second, you're assuming that the people in question are shady characters (any evidence of that?) "

    Yep. They're a bunch of third-rate plagiarists who ripped off eEye's bootroot using IDA to disassemble it, hacked about a few bits and reassembled it. See the side-by-side comparison at http://www.rootkit.com/board.php?thread=8748&did=e dge614&disp=8748

" who are willing to risk destroying any credibility they might have over a half ass attempt to drum up publicity? "

    I think they're just idiots. They thought it would be as simple as "Oh, just find the routine that calls the TPM and returns true or false, and change the branch that tests that return value". They don't 'get' crypto.

https://www.rootkit.com/newsread.php?newsid=369

Actually I've written an article describing how to do what you speak of. The only piece of the puzzle you left out is that you need to scan the system from inside Windows first. Then boot into Linux and scan the hard drive from there so you can compare the results.

The article can be found here here.

Hey, thanks for the mention in the article but that is a really old version you've used to test! The last version I've released publicly is AFX Windows Rootkit 2005, it's open source and can be found on http://www.rootkit.com/ the other more recent versions I've sold privately.

Now on the subject of rootkit detection. Most of these use the method based on Microsoft's Strider: GhostBuster. Which uses a low-level method to gather seemingly clean system information then gathers the same information using a high-level method. The idea is that rootkits will have only hooked the high-level methods so there should be a difference in results. Whatever is listed in the low-level results and not listed in the high-level results is displayed as "hidden information". Effectively they are using the rootkit's own hiding functions against itself to detect it. If the rootkit doesn't hide itself to avoid detection it's still made itself visible.

The problem is that you put yourself in an arms race with who can hook system information at the lowest level. Luckily since we (the sysadmin) have access to the hardware and presumably the attacker does not, a hardware method of gathering system information would be the best. You can bet money that we are going to be seeing hardware level rootkit detectors sooner or later.

The final problem is that a backdoor can be hidden without using these rootkit methods. By hooking incoming socket connections we can make a hidden backdoor that creates no new processes, threads, files, registry keys or any other permanent data. I and others have released POC code already. Also, making the same attack persist after reboot is only a matter of disabling SFC and altering userinit.exe, explorer.exe or whatever you like. Your rootkit detector will come up clean everytime.

There is a wonderful set of slides from the BlackHat 2006 that outline the escalating war between the bot writers and Blizzard's Warden, culminating in the proposal to write a rootkit to hide the bot's activities from Warden: http://www.rootkit.com/newsread.php?newsid=543 If Blizzard is now looking for rootkit like behavior, or looking for specific signs of an existing rootkit, Cedega / Linux may very well raise all sort of red flags.

"How many people do you know that would cheat in an online game but would not cheat on an exam?"

Most of them. Programs like Steam/Vale-Anti-Cheat and Warden for World of Warcraft are making cheating much more technical than, say, editing your locally stored Ultima Online info. Cheating on an exam, however, continues to be as easy or as hard as it ever was, all based on your professor's level of absent mindedness.

Cripple Windows APIs and run bots via remote code using cryptic keyboard commands to control an invisible application..... or writing some cryptic mnemonics on my hand right before a test. Both are cheating, but I think for most people one is significantly easier.

Here's some more places you can get Fedora with security updates conveniently added on:

* Click here
* or here
* or here
* and finally, here (Plenty of servers, so best performance!).

HTH!

i read an article a while back that basically proved that adaware is a steaming pile of feces.
 
spybot s&d is a much better single-solution choice, although if im cleaning a machine i use adaware, spybot, defender, kazaabegone, x-cleaner, ewido and hijackthis.

It's against many, many laws to install a rootkit on certain federally-owned computers.

It does? Can you give me a reference to a single one of these many laws?

Here's a good site on rootkits: http://www.rootkit.com/.
Wikipedia has some good stuff to: http://en.wikipedia.org/wiki/Rootkit

Rootkits in windows are becoming more and more of a problem. I found this interesting site the other day when looking for a rootkit detector: www.rootkit.com

Well, the Warden scare was brought about long before they added the Blizzard Launcher. It's a small bit of code buried within the WoW.exe file that periodically downloads itself from Blizzard servers (while running the game) and compares open window titles and such to hashes of known cheatware. This ariticle from rootkit.com and this article from Wikipedia seem to indicate that it only occurs during operation of WoW.exe.

What good (used carefully, since I know some people don't think it's good at all, heheh) would Warden be to anybody if people were able to bypass it by skipping the Launcher? Warden is encrypted inside the game itself, and the Launcher (according to Blizzard's explanation) was created to help notify users of cheatware that they may not know about, which by logging into WoW with them, would be banned.

Really?

http://www.rootkit.com/blog.php?newsid=358

This is where I originally heard about this, from Greg's blog. I don't see this link on the BBC article, so I figured I'd post it.

This looks like the same worm a friend of mine got a few weeks ago. I loaded it up in VMWare and discovered that it installed, among other things, the "FU" rootkit.

I took a rootkit class at this year's Black Hat Training from the guy who wrote FU. He pointed out that it's more of a proof-of-concept rootkit. It does allow you to hide files, registry keys and drivers from both user-mode and kernel-mode processes, but, it really doesn't go out of its way to hide itself from every possible angle, so detection (and thankfully, removal) wasn't that bad.

I was able to whip up a little app to fix it from within Windows. But had the worm's author actually expanded on FU's techniques and done a better job of hiding the rootkit, recovery would not have been as nearly as easy. (Just imagine how much fun would it be to talk a novice through Windows XP's Recovery Console!)

Once the worm authors start to get better at exploiting the potential of rootkits, we've definitely got a much better problem on our hands. The old "1. get infected, 2. run anti-virus to disinfect, 3. repeat" cycle just won't work anymore. Good luck even finding a well-implemented rootkit once it's in your kernel, let alone trying to clean it up while it's effectively able to veto every action you take.

(Yet another reason why no Windows user should run as an Administrator.)

Check out these great new pics of us!! LoLz :)

Read this article! It's got all the dirt on Blizzard's Warden program, courtesy of some really talented people!

Needless to say, having a window named 'WoW!Inmate' is lethal. Who knew <title> tags could be so much fun!

(And yeah, sniffing financial/private info does happen!)

In other news, we learn that script kiddies don't actually write software.

I'd have thought 450 euros (see here, select "Golden Hacker Defender" from combo box) was a bit beyond the price range of your average copy/paste script kiddies, but then I've never met any so I wouldn't know. Either way, it's not clear to me that the site is breaking any laws by selling this software. Any lawyers around?

What's next, Virus Writers Monthly?

How about this?

False. Be careful where you make such broad "...everything..." statements.
Some spyware either is, or borders on, the definition of a rootkit. Rootkits can be detected, but there are a growing number which cannot be removed without an fdisk/format.

Check for any odd or suspicious processes running in the background. Kill processes that don't look right

Nube! Even the crappest rootkit will not show up in the process list. Seeing as how many keyloggers are installed as part of a rootkit I think that looking for "suspicious process" would be of limited use. Check out http://www.rootkit.com/index.php for more info. Thinking that you are going to see a keylogger in the process list is like people who think that they will hear clicks on the telephone when the FBI is tapping their phone lines.