Slashdot Mirror

HOSTS files also SECURE YOU FAR BETTER too (and get you your money's worth you pay for online speed + bandwidth in a few ways)

E.G. #1 - The words of a security expert, Oliver Day (SECURITYFOCUS) will speak for me on that account:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

---

There you go!

A.) HOSTS work vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially)

AND

B.) HOSTS work vs. problems in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also)

PLUS?

Well, you'll also get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here

Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS

& even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL

As well - DOUBLE-BONUS!

---

Going to "continue the trend" of letting others speak for me on HOSTS files next too...

15++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I ac

Here are the lists for: Chrome which shows zero vulnerabilities, and Firefox, which shows two. Ah, good old cognitive dissonance -- making people ignore evidence that doesn't match their conclusions since the dawn of man.

Here are the lists for: Chrome which shows zero vulnerabilities, and Firefox, which shows two. Ah, good old cognitive dissonance -- making people ignore evidence that doesn't match their conclusions since the dawn of man.

I think the folks at SecurityFocus disagree. Although IE 9 is more secure than previous releases, IE still has plenty of vulnerabilities

Here's your fix: IF you use a relatively "larger" HOSTS file to fix that all you have to do is stop the local DNS clientside cache service in services.msc!

That "lag" goes away for good... very easy to do!

This is a "fault" in MS Windows OS', not in Linux or MacOS X afaik though, & one I've had active debates with, w/ MS' own senior mgt. no less...

I.E.-> The local DNS clientside cache service "flakes out" w/ larger hosts files, & is apparently designed to use a "Fixed Size" structure for its member entries ( imo @ least? VERYbad design & what you see proves that much easily!).

PUT IT THIS WAY, by example: I current have 1,648,110++ entries in my HOSTS file (250 are my fav. sites sped up via hardcodes in it, the rest are blocked out known malicious sites/servers or adbanners)... &, I have an "experimental mode" (uses AIRELLE HOSTS data, bit overkill imo & has erroneous entries but has gotten better over the years imo), as many as 3,383,650 entries in it, no lag either - as long as you kill the local DNS clientside cahe that is.

The caching of HOSTS for better read/re-read speeds is then taken up by the kernelmode diskcache subsystem (like it does for any file).

So, if you don't change it (flagging it as changed/dirty which means a read back into cache), it remains in memory to speed up hosts-domain names resolution to IP addresses from RAM.

(The latter's what "offsets" diskread latencies/speeds, but I don't get that here, as a direct my system to read my HOSTS up from a Gigabyte IRAM RamDisk/RamDrive card (4gb DDR2)).

As to speed gains (as well as security ones using a HOSTS file? Here are some testimonials "to that effect"):

E.G. #1 - The words of a security expert, Oliver Day (SECUNIA) CLEARLY disagree w/ you:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less...

Additionally - Guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

(& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive

In my init. post you replied to? There, I note I use a firewall too (learn to read) & per my subject-line above? Ok, here goes:

E.G. #1 - The words of a security expert, Oliver Day (SECUNIA) CLEARLY disagree w/ you:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less...

Additionally - Guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

(& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also)

PLUS?

Well, you'll also get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL as well - DOUBLE-BONUS!

---

Slashdotters've "modded up" my posts on HOSTS files in these posts also - you're outnumbered approximately 23:1 in them:

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722

HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608

HOSTS MOD UP:2009 ->

On HOSTS files? Many others on /. no less (and security pros too) disagree with you:

E.G. #1 - The words of a security expert, Oliver Day (SECUNIA) CLEARLY disagree w/ you:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less...

Additionally - Guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

(& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also)

PLUS?

Well, you'll also get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL as well - DOUBLE-BONUS!

---

Slashdotters've "modded up" my posts on HOSTS files in these posts also - you're outnumbered approximately 23:1 in them:

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722

HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608

HOSTS MOD UP:2009 ->

The words of a security expert, Oliver Day (SECUNIA)
disagree w/ you:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL as well - DOUBLE-BONUS!

---

Slashdotters've "modded up" my posts on HOSTS files in these posts also - you're outnumbered 23:1 in them:

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632
HOSTS MOD UP:2010 ->

FIRST - I don't use 127.0.0.1, first of all (you're WRONG):

"And yet in your stupid hosts file stuff you use 127.0.0.1" - by hakahaka (2485890) on Monday October 31, @04:58AM (#37892484)

See the above, lol... you're WRONG (I use 0, or 0.0.0.0).

---

"and flood your local HTTP daemon and other ports with useless requests that need to time out EVERY FUCKING TIME, SLOWING DOWN BROWSER AND WHOLE SYSTEM as more threads need do be created and applications need to wait for the time out." - by hakahaka (2485890) on Monday October 31, @04:58AM (#37892484)

SECOND - YOU'RE WRONG AGAIN, & I'll even have Mr. Oliver Day of SECURITYFOCUS.COM back me on it, as far as what HOSTS files do for websurfers:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html !

---

"Maybe you're too stupid to see why this i a problem." - by hakahaka (2485890) on Monday October 31, @04:58AM (#37892484)

Ahem/THIRD: See above... lol, & perhaps YOU'RE TOO STUPID TO KNOW THAT TURNING OFF THE LOCAL DNS CLIENTSIDE CACHE SERVICE IN WINDOWS (for large HOSTS files only) WHICH STOPS ANY SLOWDOWNS, & also saves CPU/RAM, & other forms of I/O associated with that unnecessary service running (not the http daemon as you stated by the by also)..

(AND, because the HOSTS file is just a FILE, like any other? IT GETS CACHED BY LOCAL KERNELMODE DISKCACHE SUBSYSTEMS, for speed of access/re-access)

Please, I am going to tell you what you TRIED to tell me & where wrong about: LEARN YOUR MODERN OPERATING SYSTEMS BOY AND HOW THEY WORK!

---

"but that wouldn't surprise me BECAUSE YOU'RE A NOOB AND JUST GOT SERVED!" - by hakahaka (2485890) on Monday October 31, @04:58AM (#37892484)

No, I don't just *THINK* this, I truly now KNOW this: You're the noob that just got served, & for opening your BIG MOUTH & INSERTING YOUR OWN FOOT INTO IT.

* How's it taste? The bitter "taste of defeat"?? Absolutely... see the above!

APK

P.S.=> This? Ah, I just GOTTA SAY IT, as-per-my-usual with noobs like yourself: This was just "too, Too, TOO EASY - just '2EZ'"...

Now I KNOW why you "talk a big game" but have zero to show for yourself in freeware/shareware, commercial softwares code, or your work being featured in any publications of note in the computer sciences arena (as I have to them all), lol, per the above... BOTTOM-LINE HERE IS "know your role boy", and you just smoked yourself... badly!

... apk

A national EAS test... What could possibly go wrong? The problems with EAS insecurity have been know for a long time and the FCC has failed to do anything about it. See the following SecurityFocus stories: http://www.securityfocus.com/news/613 http://www.securityfocus.com/news/9324

A national EAS test... What could possibly go wrong? The problems with EAS insecurity have been know for a long time and the FCC has failed to do anything about it. See the following SecurityFocus stories: http://www.securityfocus.com/news/613 http://www.securityfocus.com/news/9324

GPS includes a (currently disabled) feature called Selective Availability (SA) that adds intentional, time varying errors of up to 100 meters (328 ft) to the publicly available navigation signals. This was intended to deny an enemy the use of civilian GPS receivers for precision weapon guidance.

http://www.securityfocus.com/news/10140

President Bush has ordered plans for temporarily disabling the U.S. network of global positioning satellites during a national crisis to prevent terrorists from using the navigational technology, the White House said Wednesday.

So from what I understand, the accuracy of GPS can be degraded for civilians whenever the US government wishes to do it, and GWB tried to make it possible to switch off the network whenever a terrorist attack hits U.S. You have to admit that this doesn't make non-US users of the system feel very secure. I guess that in case of a terrorist attack, the US would not be very concerned about an ongoing French military operation in Ivory Coast for instance, and would switch off or degrade the system without a second thought.

Don't forget CheckPoint and Sourcefire.

http://www.securityfocus.com/news/11382

A citation for (A) is here and a quick search reveals that this vulnerability was known at least 5 years ago yet is still unpatched.

I'll see your LMGTFY and raise you a "simply click a link on the same fucking page" to read "Vendor updates are available." And it has been available the very day this citation was written. And if you actually read the results instead of just looking at dates: that's a completely unrelated vulnerability, also long been fixed.

We know for certain that OS/X is not secure, that there are in fact (A) unpatched local privilege escalation vulnerabilities, and (B) Safari is vulnerable to drive by code execution initiated by simply loading a web page.

Combine these two, and the conclusion that "Macs are only secure because they are less popular" is most certainly true.

Going further, Apple is also incapable of protecting iOS in spite of their extensive efforts to lock it down, that it too is vulnerable to drive-byes that will entirely root the thing (considered a feature by many, since they hate the Apple lock-down)

A citation for (A) is here and a quick search reveals that this vulnerability was known at least 5 years ago yet is still unpatched.
A citation for (B) isnt needed. The latest patch for Safari fixed 47 known drive-by remote code execution exploits, the patch before that fixed 57 known drive-by remote code execution exploits.

To stall this & other threats like it, "en masse" pre-emptively, via "layered security concepts":

---

1.) DNSBL vs. malware-in-general such as Norton DNS -> http://it.slashdot.org/comments.pl?sid=2306598&cid=36696360 (if not HOSTS files such as I use, which currently in its "temp file" for actual HOSTS overwrite houses 1,468,088++ KNOWN bad sites/servers/hosts-domains & bogus DNS servers + botnet C&C servers too - it updates from 17 reputable sources online for that type of data, every 15 minutes here, "automagically"). Combining HOSTS, with DNSBL, & Firewall rules tables (@ both hardware & software levels)?? An excellent "pre-emptive move/strike" beforehand...

---

In fact, on HOSTS file efficacy?

2.) See this: How about DIRECT quotes from users here on /. that use HOSTS files instead:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]" - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"put in your /etc/hosts:" - by Anonymous Coward on Friday December 03, @09:17AM (#34429688)

---

And, THERE YOU GO DIRECT QUOTES FROM SLASHDOT USERS TOO, & ON HOSTS FILES USEFULNESS TO THEY AS WELL!

---

Also, how about a DIRECT QUOTE from a respected security pro (from securityfocus.com, a division of SYMANTEC/NORTON) on the note of HOSTS files too?

Resurrecting the Killfile

Oliver Day, 2009-02-04

FROM -> http://www.securityfocus.com/columnists/491

---

PERINTENT QUOTES/EXCERPTS:

"The host file on my day-to-day lapt

http://it.slashdot.org/comments.pl?sid=2306598&cid=36696390

I use it, it works (based on a constantly updated DNSBL as well by Norton Safeweb), in combination with HOSTS files usage for doing the same in "layered security fashion" here!

(Which my personal custom HOSTS file here updates every 15 minutes here from 17 reputable + reliable sources to supplement those from Norton DNS also, via a Python script system for that!)

It works, albeit @ a different level (right in the IP Stack itself, no added filtering drivers necessary either, as HOSTS are merely a filter for the IP stack itself, & running @ the FASTEST MOST EFFICIENT LAYER POSSIBLE, Ring 0/RPL 0/kernel mode (actually "PnP" level in Windows OS since XP onwards)).

ON HOSTS FILES AS A "LAYERED SECURITY SUPPLEMENT"?

How about DIRECT quotes from users here on /. that use HOSTS files instead:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]" - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"put in your /etc/hosts:" - by Anonymous Coward on Friday December 03, @09:17AM (#34429688)

---

And, THERE YOU GO DIRECT QUOTES FROM SLASHDOT USERS TOO, & ON HOSTS FILES USEFULNESS TO THEY AS WELL!

---

Also, how about a DIRECT QUOTE from a respected security pro (from securityfocus.com, a division of SYMANTEC/NORTON) on the note of HOSTS files too?

Resurrecting the Killfile

Oliver Day, 2009-02-04

FROM -> http://www.securityfocus.com/columnists/491

---

PERINTENT QUOTES/EXCERPTS:

"The host file on

conserve bandwidth, easily, and can help get you back SOME of what you spend your hard-earned dollars for, easing this and off-setting your concerns, & to a decent degree, with quoted proofs below and in terms of online security also - read on:

Far better than not doing it at all.

Hey, listen:

If "the man" wants to start burning you for the monies you spend to be online, burn him back by stalling yourself spending time hauling in his advertisements & processing their contents ( adbanners are just designed to psychologically make you spend your money too anyhow ).

Speaking of "processing adbanner content"?

Blocking banners not only gets you speed, noticeable speed (per Mr. Oliver Day of SECURITYFOCUS.COM, who read my articles on them in the mid to late 90's in forums and now wrote about them in 2009) but, also more "layered security" too vs. malware poisoned adbanners (evidences below):

A RETURN TO THE KILLFILE: from the yr. 2009

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

and

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html !

---

ADBANNERS HAVE ALSO BEEN SEEN MANY TIMES SINCE 2003 WITH MALICIOUSLY SCRIPTED CONTENT IN THEM AS WELL:

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/21

hey, i'm a PC and check the md5 of every file i download against that posted on the software page. I learned that from a little problem with irssi a while back http://www.securityfocus.com/bid/4831/discuss

See subject-line, & this statement from yourself:

"I agree that it will save some bandwidth." - by Oxford_Comma_Lover (1679530) on Sunday May 01, @03:26PM (#35992306)

That's all I really wanted to hear: That you DO know that bandwidth you pay for is saved for useful things, especially vs. bandwidth caps per month like AT&T is instituting (per this article's premise).

---

"It is also a speed boost, although whether it is a noticeable one depends on a lot of variables. Certainly on low end machines or with badly done advertising it can be. And it can theoretically help with security, although NoScript and the like will help more." - by Oxford_Comma_Lover (1679530) on Sunday May 01, @03:26PM (#35992306)

Here are some people, other than myself, that can testify to & "immediately SECOND" what you have stated (& that I always have from the onset here), that there IS A SPEED BOOST & IT IS NOTICEABLE:

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

AND, Mr. Oliver Day of SECURITYFOCUS.COM (A Symantec subsidiary):

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"I do not think it will significantly offset capping. It will reduce bandwidth" - by Oxford_Comma_Lover (1679530) on Sunday May 01, @03:26PM (#35992306)

Above here earlier, I quote you @ the top of this very reply of mine to you stating it WILL save bandwidth, & IF HOSTS FILES DO THAT (and, they do)? Then, you ARE "off setting" caps (putting them off farther into the distance, because you didn't waste bandwidth sucking in adbanners all month long during your billing cycle).

---

"There is also an argument that you steal what they are paying for." - by Oxford_Comma_Lover (1679530) on Sunday May 01, @03:26PM (#35992306)

Funny: I didn't see any "locked doors" on any of these websites, first of all... & secondly? Too bad - it's still MY MONIES being spent for online time & I want ALL of what I paid for (not 1/2, not just some... ALL!).

They can always go to a "pay model" if they like, as the N.Y. Times has for instance... which has "gone over like a lead balloon" & folks go to their competition now is all by the droves!

APK

"I do so enjoy pointing [paretologic.com] out [adoko.com] the total [dslreports.com] uber fail [ehow.com] of your magical woobie so" - by hairyfeet (841228) on Friday April 01, @02:27PM (#35689938)

There's YOUR sources, & then? There's mine (an actual security guru's in the mix, and HE read MY WORK back from the late 90's on it & is RECOMMENDING using them now, in the 21st century for added protection - so does mvps.org, highly respected themselves in this capacity):

How about Mr. Oliver Day & his article from 2009 called "A Return to the Killfile":

http://www.securityfocus.com/columnists/491

---

PERTINENT QUOTES/EXCERPTS from SecurityFocus (a division of Symantec):

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet â" particularly browsing the Web â" is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

(Thus, as you can see - SPEED and LAYERED SECURITY is the gain... it's huge on both, noticeable, & yes - EFFECTIVE!)

---

Folks can read that, & decide for themselves...

Oh, wait: Many /.'ers have (see below)

How about all the folks from this site that use them (since we're here):

PERTINENT QUOTES/EXCERPTS:

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years, ever since one of those annoying GIF popups" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

Amongst MANY others here, but I think that'll do with myself included to outnumber 9:1 for starters, vs. YOUR "mere opinion" (which is now, for shit, after the post you replied to shows only SOME of your many Sub - BestBuy Techie skillz level, lol!)

(So... go on, ask ANY of them how or WHY they use HOSTS files (which are free, you have one already, & to fill it there are PLENTY of reputable sources like mvps.org , they DO come here after all!)

(That again, in addition to the 1,000's using mvps' HOSTS file (highly esteemed & recognized/respected too -> http://www.mvps.org/winhelp2002/hosts.htm (which is FREE, current, & WORKS!):

APK

P.S.=> As to myself being a VALID & highly esteemed source on "things PC-security"? Ok, & for 15 yrs. now no less, to great acclaim:

I also created the 1st guide for secu

"I also personally consider it a public service to point people to solutions [superantispyware.com] that actually [comodo.com] work [malwarebytes.org] instead of relying on magical woobies and anecdotes" - by hairyfeet (841228) on Friday April 01, @02:27PM (#35689938)

The effectiveness of those solutions is FAR from perfect & everyone knows it... but, in case they do NOT? See here:

---

MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:

http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/

http://www.securityfocus.com/infocus/1839

http://it.slashdot.org/it/08/11/07/1545238.shtml

---

From COMPLETELY VALID & RESPECTED SOURCES no less, as is per my usual!

APK

P.S.=> No, single solutions (even HOSTS, which I have NEVER ONCE said is "the end all/be all" of security - just a great layered added part vs. known malicious sites &/or servers (botnet C&C ones etc.) for security, and SPEED (blockout adbanners & hardcode your favs for reliability vs. DNS poisoning, DNSBL, & DNS request logs etc.) too + more - it's VERY "versatile", free, & you can get them from reputable sources like this one -> http://www.mvps.org/winhelp2002/hosts.htm

As to my "know how" & experience in security for a PC (as well as in the real world where I was the manager for a couple years in THAT VERY CAPACITY)? Ok:

I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 300,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) 2.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... have YOU done better, troll?

No, obviously.

(So much for your attempts @ "discrediting me" with "std. troll disinformation protocol", because it falls apart in the light of FACTS... easily! Just "too, Too, TOO EASILY" in fact!)... apk

"As in you HOPES that one of the 300,000+ constantly changing" - by hairyfeet (841228) on Friday April 01, @02:27PM (#35689938)

Your "math" (lol)! To wit:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35686444

and

http://it.slashdot.org/comments.pl?sid=2061048&cid=35686566

as well as this:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35686630

& more... lmao!

(So, tell us another one, about "math"... lol!)

Here, on MY end though: Yes, things are always "in flux" but I don't type it out as you stupidly accused me of & not since 2004 in fact (first using Delphi code I wrote for it as a local app to populate my HOSTS file)... Because I went up from roughly 944,000++ known bad sites/servers (C&C) last night, up to nearly 948,000 last night without my raising a finger to protect myself, guaranteed, against them (because UNLIKE YOU, I can automate ANY process via code - & testing a new PYTHON-based screen scrape script to do so this round (going "web" this round is why!)).

---

"That you HOPES nobody notices your only "proof" is anecdotes, often by your own sock puppets like Kingsjester?" - by hairyfeet (841228) on Friday April 01, @02:27PM (#35689938)

Oh, I don't *think* so (heck I KNOW not) - from here on down:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576

In thet exchange I posted links to from this site's where you stalked me to, trolled me, & LIBELLED me? Those are no "mere anecdotes"... and on KingsJowker?

He's not I - you'll find that out soon enough (we actually got to be pals & he's coming to rent out space in 1 of my rental properties in fact): Poor guy had a stroke/brain aneurism though & that's why nobody's heard from him since.

By the by - how do you know him?

---

"If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are" - by hairyfeet (841228) on Friday April 01, @02:27PM (#35689938)

Hahaha, ok: "Sure"! How about the 1,000's that use them over @ http://www.mvps.org/winhelp2002/hosts.htm & use them for protection as I do vs. malicious sites/servers?

How about Mr. Oliver Day & his article from 2009 called "A Return to the Killfile":

http://www.securityfocus.com/columnists/491

How about all the folks from this site that use them (since we're here):
PERTINENT QUOTES/EXCERPTS:

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years, ever since one of those annoying GIF popups" - by ScottCooperDotNet (929575)

Oh, really? Then, I'd have to be the DUMBEST THERE IS then, because I've been showing the PLANET how to secure vs. that on Windows for 14++ years, to EXCELLENT ratings!

To wit/E.G.:

"He is a known troll and malware writer" - by hairyfeet (841228) on Thursday March 31, @05:45PM (#35683144)

So, does THIS link I showed here before, which was + 5 INFORMATIVE rated no less here:

---

COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:

http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

---

NOT prove that much? Sure does!

In a way? Thanks - You're only allowing me to expose my false accusers publicly once again for the slime they are, & to vindicate myself of your libel... thank you!

Also - CA & others like they have done the same to Dr. Mark Russinovich of Microsoft, and Nir Sofer of NIRSOFT as well - calling THEIR wares, malware too, & they're KNOWN in this field as decent... so, I suppose I am in TRULY, "good company" on this account no less!

Again, IF I were a "malware maker/hacker-cracker"? I'd have to be the STUPIDEST one there is, because I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which has well over 300,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)

---

Across 15-20 or so sites I posted it on back in 2008... have YOU done better, troll?

No, obviously.

(So much for your attempts @ "discrediting me" which ALWAYS FALLS APART IN THE LIGHT OF DOCUMENTED, CONCRETE & VERIFIABLE facts!)

APK

P.S.=>

"There is a reason why everyone abandoned HOSTS files" - by hairyfeet (841228) on Thursday March 31, @05:45PM (#35683144)

LOL, again: Oh, really? See here:

http://www.mvps.org/winhelp2002/hosts.htm

MANY 1,000's use them for better layered security, speed, & even ANONYMITY (vs. DNS request logs) & vs. DNSBL too!

HOW ABOUT MR. OLIVER DAY & SECURITYFOCUS.COM TOO?

E.G./to wit:

http://www.securityfocus.com/columnists/491

Dated from 2009 no less... that doesn't look like the 1990s!

(You've never even DISPROVED the 20 points I post that HELP USERS here either... lol!)

(SO - How stupid do you wish to keep appearing, hairyfeet?)

Apparently, even STUPIDER than HERE already:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060

LMAO - It appears that you don't even KNOW the diff. between the word STATIC (IP addressed) or DYNAMIC (domain/hostname based)... and yet YOU claim to be a TECH? Please.

---

"while giving NO protection from malware" - by hairyfeet (841228) on Thursday March 31, @05:45PM (#35683144)

Again, see Mr. Day's article above, AND mvps.org (the most highly rated HOSTS file on the planet & BOTH are NOT from the 1990's OR abandoned!)

OR my highly rated & W

"You made the extravagant claims, back them up with the math" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

Here, I am GUARANTEED 100% protected now currently vs. 944,397 KNOWN BAD SITES/SERVERS (C&C & other types) that these hacker/crackers use, & because of a HOSTS file...

Can YOU say the same? No, certainly not. See below!

(Especially about the tools you "merely use" like the "trained chimp" (lol) that you are, as a mere TECHIE, "ITT Tech Boy"... lmao!)

Proof? Ok:

---

MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:

http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/

http://www.securityfocus.com/infocus/1839

http://it.slashdot.org/it/08/11/07/1545238.shtml

---

From COMPLETELY VALID & RESPECTED SOURCES no less, as is per my usual!

APK

P.S.=> Hairyfeet: You came in here, as per your usual, libelling me & trolling me, OFF TOPIC as usual -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35667932

& got yourself SHOT DOWN IN FLAMES on each "so-called point" you tried making, lol!

Why? Because unlike yourself, I am MORE than able to "run with the best"...

People like Dr. Mark Russinovich, who has also been called a "malware maker" unfairly as I have been, of which I showed the source in CA are a pack of criminals (busted for accounting fraud).

(Yes, that's right - ask him yourself! Dr. Mark Russinovich of MS, whose work I have even corrected before AND HAD TO TELL HIM how/when/where/why to do so no less, & yes, I have even gotten the best of in technical debates as well @ Windows IT Pro forums, shown in the URL above no less)...

We used to do work for the SAME company ITT Tech Boy... have you worked with the likes of he as a peer? No!

Suggestion: Get a better education than "ITT Tech" (you need it if you're going to try to "get the better of me" which to date, despite your constant trolling of myself, you have YET to do, and you never will - you aren't intelligent or educated enough to do so, period!).

Heck, on security, especially for the most attacked OS family there is, because it's MOST USED? For guides, I wrote the VERY FIRST ONE, highly rated no less, for Windows NT-based OS out there back in 1997-2001 in that edition:

PROOF:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

So, you're trolling a "source"/authority on the subject, & for more than 14++ yrs. now no less, per what others have done with my posts on that subject (see below, across 15/20 forums currently & more from the past) right here...

That's from 2001, but the original they took it from was from 1998 @ NTCompatible.com!

(more comprehensive by far, & for more current MS OS'):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

At over 300,000++ views strong (actually near 400,000++ because 1 site it was on 'went down' & had 75,000++ views more than 1 yr. back in fact), that's usually:

---

1.) Made an "Essential Guide"

2.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID)

3.) Is in their TOP 10-20 MOST viewed posts

4.) Is usually 5

On the side of good hacking in movies, how about Trinity hacking into the power grid network using nmap and a ssh exploit, and it was done properly?

http://www.securityfocus.com/news/4831

A scene about two thirds of the way through the film finds Carrie-Anne Moss's leather-clad superhacker setting her sights on a power grid computer, for plot reasons better left unrevealed.

But at exactly the point where audiences would normally be treated to a brightly-colored graphical cartoon of a computer intrusion, ala the 2001 Travolta vehicle Swordfish, or cheer as the protagonist skillfully summons a Web browser and fights valiantly through "404 Errors," like the malnourished cyberpunk in this year's "The Core," something completely different happens: Trinity runs "Nmap." link

Without wishing to be rude, see the reply I gave to the other comment - here's a couple I chose at random (possibly quite old) from Google:

OpenSSH vulnerability
SAMBA vulnerability

If you're paranoid about it then you subscribe to Security Focus or CERT and keep an eye open for any new ones - then turn the daemon off or restrict connectivity until it's been updated.

The point is not to get complacent about security - every OS needs to be watched for vulnerabilities and updated to fix them.

Man in the middle no no, you mean buffer overflow, Like this critical exploit from from 2005? http://www.eweek.com/c/a/Security/VMWare-Virtual-Machine-Security-Flaw-Very-Serious/

Or the 300 exploits starting on this page ? http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&c=12&op=display_list&vendor=VMWare&version=&title=ESX%20Server&CVE=

Vming doent help, install patches, have intrusion prevention and early detection, have a measurement and hardening practice, have an AV and firewall, dont run as Admin, or root, don't let your kids or admins install applications willy nilly, dont allow servers to browse the internet, dont play games on the same computer as your banking.
But the best single piece of advice is to physically segregate your banking from all other activities and Keep all your off line files encrypted by password and key. Think PGP virtual disk, or true crypt volume, NOT full volume bit locker type encryption. Worth less crap for on line security.

But nothing and no security measure will surpass "You should have known better 20 20 hind sight attack."

Using a live CD? really? How secure is that CD, who made it, who if anyone vetted it? why do you trust it, may be it IS the attack, how would you know? Security is more about being informed and making yourself a hard target and measuring your security posture. Primarily by not doing stupid things you know are wrong, you will and can skip being seen by most of the attack surface which is looking for you.

So please give me a scenario where an internet attack could actually do some damage to any kind of infrastructure.

Hows this one?

"self-destruct signal to every existing PS3"

DirectTV did something like that in 2001 to combat DirecTV card piracy:

http://www.securityfocus.com/news/143

"I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work" - by hairyfeet (841228) bassbeast1968NO@SPAMgmail.com> on Monday January 03, @03:04PM (#34746796)

Ready fool? Ok, let's see how "perfect" your "solutions" REALLY are, below (not yours, you didn't create them - you merely USE THEM, like a trained chimpanzee that you are, techie boy):

---

MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:

http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/

http://www.securityfocus.com/infocus/1839

http://it.slashdot.org/it/08/11/07/1545238.shtml

---

(Want more? Here comes, on their "heuristics" too)

ANTIVIRUS HEURISTICS EFFECTIVENESS EVIDENCES (i.e. - NOT 100% EFFECTIVE AND GETS FALSE POSITIVES):

---

The sorry state of Avira anti-virus heuristics:

http://grack.com/blog/2010/03/17/the-sorry-state-of-avira-anti-virus-heuristics/

PERTINENT QUOTE/EXCERPT:

"Considering that the risk of false positives is so high (and users might be trained to ignore other, potentially valid virus warnings), I'd say that users are worse off with this virus definition than they are without."

---

(As "1 example thereof", because the very word "HEURISTICS" equates basically to hairyfeet's very bitch here - guesstimation technology really, in that it uses "does it smell/taste/look like a duck" type tech, & it makes mistakes... period, see above!)

---

"You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. Now for your HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if you had twenty fingers and subscribed to every security list on the planet your HOPES file will ALWAYS BE OUT OF DATE and behind the curve. Always. Don't like those numbers? Use the ones from Securina, Grisoft, Symantec, any reputable security site. YOU CHOOSE. I have shown mathematically you are full of shit, now lets see you math that proves me wrong PETEY." - by hairyfeet (841228) bassbeast1968NO@SPAMgmail.com> on Monday January 03, @03:04PM (#34746796)

I just did above, vs. your "suggested solutions" lol... easily!

You're "shot down in flames", yet again, hairyfeet... TOO easily!

There is NO WAY THEY CAN KEEP UP WITH NEW MALWARES BEING MADE either... and you say they "work"? See above!

(They're "better than nothing", & I use them myself, for added LAYERED SECURITY - but, I don't put my entire FAITH ON THEM, as you appear to do!)

---

"As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today?" - by hairyfeet (841228) bassbeast1968NO@SPAMgmail.com> on Monday January 03, @03:04PM (#34746796)

I use these reputable, reliable, & regularly updated (by the HOUR no less) sources to populate my HOSTS file:

---

http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/

FROM YOUR POINTS HERE -> http://slashdot.org/comments.pl?sid=1930156&cid=34734160 quoted & disproved, "point-by-quoted-point" as is my style in blowing away undereducated trolls like yourself, on the value of HOSTS files as an added layered security measure:

"I also personally consider it a public service to point people to solutions [superantispyware.com] that actually [comodo.com] work [malwarebytes.org]" - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

Yea, they work alright (about as well as you say HOSTS files do) - NOT: Nothing alone is 100% effective:

---

MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:

http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/

http://www.securityfocus.com/infocus/1839

http://it.slashdot.org/it/08/11/07/1545238.shtml

---

(Want more?)

There is NO WAY THEY CAN KEEP UP WITH NEW MALWARES BEING MADE either... and you say they "work"? See above!

(They're "better than nothing", & I use them myself, for added LAYERED SECURITY - but, I don't put my entire FAITH ON THEM, as you appear to do!)

---

"You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc." - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

So would "your solutions", see above, on the SAME NOTE!

(Which aren't really "your tools" - you only use the tools of others like a trained chimpanzee, except that I am kept "up-to-date", by the minute, by these reputable sources for HOSTS file data!)

AND, AGAIN? I don't only "just use hosts" - I use this for my "layered security" setup:

---

HOW TO SECURE WINDOWS 2000/XP/SERVER 2003 & even VISTA, + make it "fun to do" using CIS TOOL & beyond:

www.bing.com/search?q="HOW+TO+SECURE+Windows+2000%2FXP"&go=&form=QBRE

---

It works, and practices the current trend of "layered security", which HOSTS are a part of!

In fact, that guide of MINE?

On 15 forums it's featured on since 2008, w/ over 750,000 views on how to secure a modern Windows setup (making it the MOST viewed in fact, & I stopped checking counts in 2008 + 1 forum it was on went down & lost 1 example of it having over 100,000 views) & has been made a:

---

1.) Sticky/Pinned Thread
2.) Essential Guide
3.) 5/5 star rated
4.) Most Viewed in forums sections its in

Wherever it is featured! Have YOU done the same? No.

---

It even got me PAID for it, @ PCPitstop -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/

See Jan. 2008 (completely unexpected, but in January 2008 it won me a $100 prize there for its content)... That's the "total gamut" of "layered security" I use in addition to the HOSTS file (though I consider IT my "arc reactor core" of that security guide).

etc./et al...

---

"That is the nice thing about math, it doesn't lie or believe in anecdotes." - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)" - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

RIGHT - then, it's a pity that you rely on your 1.3 million ESTIMATED # of "bad sites" out there as you did from SOFTPEDIA.COM -> http://news.softpedia.com

" I also personally consider it a public service to point people to solutions [superantispyware.com] that actually [comodo.com] work [malwarebytes.org]" - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

Yea, they work alright (about as well as you say HOSTS files do) - NOT: Nothing alone is 100% effective:

---

MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:

http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/

http://www.securityfocus.com/infocus/1839

http://it.slashdot.org/it/08/11/07/1545238.shtml

---

(Want more?)

There is NO WAY THEY CAN KEEP UP WITH NEW MALWARES BEING MADE either... and you say they "work"? See above!

(They're "better than nothing", & I use them myself, for added LAYERED SECURITY - but, I don't put my entire FAITH ON THEM, as you appear to do!)

---

"You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

So would "your solutions", see above, on the SAME NOTE!

(Which aren't really "yours" - you only use the tools of others like a trained chimpanzee, except that I am kept "up-to-date", by the minute, by these reputable sources for HOSTS file data!)

AND, AGAIN? I don't only "just use hosts" - I use this for my "layered security" setup:

---

HOW TO SECURE WINDOWS 2000/XP/SERVER 2003 & even VISTA, + make it "fun to do" using CIS TOOL:

www.bing.com/search?q="HOW+TO+SECURE+Windows+2000%2FXP"&go=&form=QBRE

---

It works, and practices the current trend of "layered security", which HOSTS are a part of!

In fact, that guide of MINE?

On 15 forums it's featured on since 2008, w/ over 750,000 views on how to secure a modern Windows setup (making it the MOST viewed in fact, & I stopped checking counts in 2008 + 1 forum it was on went down & lost 1 example of it having over 100,000 views) & has been made a:

---

1.) Sticky/Pinned Thread
2.) Essential Guide
3.) 5/5 star rated
4.) Most Viewed in forums sections its in

Wherever it is featured! Have YOU done the same? No.

---

It even got me PAID for it, @ PCPitstop -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/

See Jan. 2008 (completely unexpected, but in January 2008 it won me a $100 prize there for its content)... That's the "total gamut" of "layered security" I use in addition to the HOSTS file (though I consider IT my "arc reactor core" of that security guide).

etc./et al...

---

"That is the nice thing about math, it doesn't lie or believe in anecdotes." - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

RIGHT - then, it's a pity that you rely on your 1.3 million ESTIMATED # of "bad sites" out there as you did from SOFTPEDIA.COM -> http://news.softpedia.com/news/Number-of-Infected-Websites-Almost-Doubled-During-the-Second-Quarter-156591.shtml BECAUSE NOBODY KNOWS THE EXACT TRUE # OF MALWARE SITES OUT THERE, period!

---

"Now for his HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if he had twenty fingers and subscribed to every secu

Citation needed.

Ok then, the first hit from "openbsd auditing" leads to an OpenBSD Security page which has a section claiming that OpenBSD has a continual audit process and that it is successful..

I'm not necessarily thinking the opposite, but is OpenBSD really that much audited? Are we talking about the kernel? The network stack? Or the encryption protocols?

As I understand it, OpenBSD refers to the whole release, everything they ship.

Now, I'm not sure if claims from the OpenBSD marketing department actually translates to a citation.. I am of the feeling that an "audit" would imply that there were specific procedures followed (searching for particular algorithms known to be problematic for instance) and specific records kept of the results but I have never been able to find public records of those.. Yes, there is the OpenBSD CVS repository but that includes things which are not part of any audit. I found a quote from Theo de Raadt "Most bugs in software are the same ten to fifteen mistakes made over and over" but I don't know what he thinks those mistakes actually might be.

So in conclusion I [as a NetBSD devloper] would be interested to see such records.. I know that many open source projects are subject to Coverity scans which are more public, though it seems that OpenBSD is not listed at this time..

"I never said the Hosts file wasn't useful. I said "it's not a replacement for DNS". Using both is NOT an argument against what I said." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

FIRST: Can you show us where I had EVER said "HOSTS are a replacement for DNS"?

With that little tidbit from you, for the 2nd time now? Well - You're trying to put words in my mouth I never stated, first of all... so, please - DO show us where I state that HOSTS are a "replacement for DNS", ok?? Thank you.

(I said HOSTS are an excellent SUPPLEMENT to DNS, especially in cases where the registrars pull the DNS record, as is the case here in this article in fact!)

ADDITIONALLY:

You're missing the point entirely here: Let's use a quote from Mr. Oliver Day of SECURITYFOCUS.COM in that regard (since this is about "blackholing" the site's you're trying to reach @ a DNS level):

A RETURN TO THE KILLFILE by Security Columnist Mr. Oliver Day

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

"Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites."

Read that, read what this article's about, & then realize this: My espousing the use of "hardcoded favorites" of your fav. sites IPAddress - to - Host/Domain name equations IS DOING JUST THAT (the "DNS PROOF METHOD OF REACHING SITES" Mr. Oliver Day of SECURITYFOCUS.COM speaks of here!)

---

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

Aha - SO THE "TRUTH COMES OUT", eh?

---

"It's useful." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

Aha "again": THAT'S ABOUT ALL I EVER WANTED TO HEAR OUT OF YOU..., along with your showing us I stated HOSTS are a REPLACEMENT FOR DNS... please, show us where I ever once stated that.

"OpenDNS isn't slow to progagate." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

They ALL are, there IS TIME TAKEN for that to happen between DNS servers "synching up"... even SECUNIA.COM noted it here:

"Due to standard DNS caching at some Internet Service Providers, some users may still be redirected." FROM -> http://secunia.com/blog/153/ (the "horses mouth", no less - so much for caching servers, which YOU YOURSELF USE NO LESS & YOU'RE SHOWN QUOTED IN IT BELOW NO LESS)

---

"So that works for the what, dozen of websites you can manually manage and update?" - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

Absolutely: Nice to see you ADMIT THIS TOO IN FAVOR OF HOSTS FILES, @ last... I love it!

(It's not just "dozens" I do this with in seconds mind you, but literally hundreds (could be thousands, but I don't visit that many sites that regularly)).

---

"What about the millions that you haven't even accessed before, all of which can be blocked before you try to access them?" - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

There's always alternate sources online for almost anything you could ever want to know/read/download etc. many times, so, there you are... & IF they're KNOWN purveyors of exploits/malware etc.? I get notice from the sources I use to block out such malicious sites, & I even posted my sources

A metrix007 "classic" w/ he acting the trolling skimming fool, with his own words quoted making him into a fool:

"1.Oliver Days article. He talks about using a HOSTS file as a WHITELIST" - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

FROM -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614

LOL, oh, really? See this quote from said article then specifically on how a highly esteemed program in SPYBOT "Search & Destroy" does what I state (blacklisting):

"More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware." Mr. Oliver Day of SECURITYFOCUS.COM -> Source Article quoted from here -> A RETURN TO THE KILLFILE -> http://www.securityfocus.com/columnists/491

metrix007 can't even get THAT much right, and it was there for him to read!

2 posts later, he even "gave up" after trying to disprove a list of 15 points I post here in favor of HOSTS files use, which gives a user more speed, AND FAR MORE SECURITY in the same file!

---

Then, metrix007 (who could not show anyone he had in fact really taken a logic course and passed it from an accredited college/university no less) misuses his "forums illogic" here in that same exchange. Metrix007's own words quoted again for proof thereof:

"He is clearly ignorant/misinformed" - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

from -> http://slashdot.org/comments.pl?sid=1888084&cid=34378092 (where he also did much more trying to attack myself, rather than the points he was challenged to later dispute & disprove, of which you can see his "results" lol, above, quoted!)

Funny that: When metrix007 was confronted to say what he thought I said was "ignorant and misinformed"?

He failed right away on his 1st "so-called point", shown quoted above with accompanying evidence from the source I used no less that disproves him, & he failed yet again, miserably no less, because of his skimming + his arrogance!

---

metrix007 also AGAIN tried to use "logic" as his defense later, and yet his derisive attacks using name tossing are a violation of one of logical debates' tenets ("ad hominem attack" - meaning "to the man" & attacking the man, rather than his points)):

"You're an idiot." - by metrix007 (200091) on Monday December 06, @02:39PM (#34463470)

That's an ad hominem attack AGAIN from metrix007, right there, because yet again? metrix007 resorts to what he understands only, in name calling... but that's attacking the man, not his points, violating logical debate rules.

---

However, in the end, if/when you use facts and the ignorance, skimming, and stupidity of trolls like metrix007, you get THIS result (they run and they show their "true colors"):

"I give up..." - by metrix007 (200091) on Monday December 06, @02:39PM (#34463470)

from -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34463470

Where he also stated "you don't know what you're talking about or doing" in that reply... funny that: See the start of this reply from myself... it seems to show QUITE the opposite (lmao).

APK

P.S.-> In short: metrix007's an ad hominem attack utilizing skimming troll who likes to impersonate others as well and that entire thread above shows it clearly with his own words quoted. The facts speak for me, and in his own words quoted to support my statements to that effect here, as well as his trolling name tossing and impersonating others actio

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, from my initial & subsequent posts here in this very exchange no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially).

In fact, even SECUNIA.COM got "hit" that way this week -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

The problem? YOU GUESSED IT - the "Kaminsky FLAW" in DNS! Being exploited right there, this week!

(And those guys? They're SECURITY PROS - there is no real defense vs. that weakness in DNS servers... especially if set into "recursive mode")

Additionally - not only are DNS servers "weak", but they eat up CPU cycles I don't need to be using up on something I truly do NOT need!

---

"Malware writers in particular started using it heavily to block all communications with antivirus and patch servers. Others used it as a way to give servers nicknames that are frequently used."

Which is WHY I put up the list of sources I use to populate my hosts file daily, vs. EXACTLY that quote above, & guess what? IT WORKS! I can't get burned if I don't go into a "malware kitchen"... to block out KNOWN compromised or infected sites, AND to make sure I get going where I am going reliably (and the file is protected via not only READ only attribs here, but also ACL protections).

---

(Need more? Just ask & "ye shall receive" - that's only a SMALL sampling of what I could put up in favor of HOSTS files over DNS servers lately, & even browser addons like AdBlock (which cannot speed you up in as many ways as a hosts file, and is stuck to only what? 1 browser type (FF), & is a program & thus subject to bugs, and doesn't cover EVERY webbound app for speed & security the way a HOSTS files can & does!).

That's just a tidbit for your to chew on troll.

APK

P.S.=> Of course, you could also go to mvps.org & see their forums and try to debate them on HOSTS files too, metrix007... GOOD LUCK - you'll need it, & just as you would vs. that "tidbit" from a security pro above!

(Whi

War driving is a common technique and I've had at least one customer's WIFI hijacked by a spammer.

And of course there are worse things they can do with your internet connection.

"Hosts files can be, but usually are not, configured to block numeric addresses" - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

Uhm, lol... I HAVE TO ASK: So, tell us - HOW CAN A HOSTS FILE BLOCK AN IP NUMERIC ADDRESS?

(Afaik? It cannot... this is only showing myself and the rest of us reading you shoot your mouth off and only prove the more you go how little you know!)

---

"In short, your wonderful list you are so EXCITED about is a bunch of crap that will slow your system down, make it less secure, and isn't actually as functional as you seem to think it is." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

As to "slowing my system down"?

AHEM - anyone here is free to go to say, mvps.org, and ask their forums members (1,000's of them) if hosts speed them up, or slow them down... lol, ok??

As far as "less secure" AND "slower", well, lets see what MR. OLIVER DAY OF SECURITYFOCUS.COM SAYS ABOUT HOSTS FILES AND SECURITY, ok?

http://www.securityfocus.com/columnists/491

Resurrecting the Killfile Oliver Day, 2009-02-04

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

and

"The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Thus, hosts are shown, by a published personnage in the arena of security, as both speeding you up and securing you better... vs. your "ranting and raving" and technically inaccurate frothings here.

---

"Let's be nice, and ignore the amount of time your system would spend sifting through your tens of thousands of entries in your hosts file. We'll pretend that it's not wearing a hole in your hard drive to access that file 20, 30, 50 times per webpage you visit in your quest for pr0n... err... interesting web content." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

Ahem: A HOSTS FILE IS A FILE, and THUS IT GETS CACHED BY THE LOCAL DISKCACHE!

(Does this not register in your head? It reads out of memory at the speed of RAM, yes, even when you turn off the local DNS Cache which you must do with larger HOSTS files, and yes, still at the speed of RAM via requests for it (if unchanged/not marked as "dirty") from the local diskcache too!).

This is really the part showing me you are truly, a "noob" at this (let alone your trolling 8 digit ID here, that also helps "give away the fact" you're a troll also, clearly!)

---

"I try not to respond to AC posters, but this is the biggest bunch of stupid I've ever seen someone try to promote as gospel truth. I had to stop you before someone actually believed the drivel you're spewing." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

Time to show anyone reading here, QUITE THE REVERSE, and to continue showing others reading here YOUR PITIFUL TECHNICAL ERRORS LIKE THOSE ABOVE, and more... here we go:

---

"Ok, simple experiment. Toss 20,000+ "127.0.0.1" entries into your hosts file, as you are recommending. See if your browsing doesn't slow down by an order of magnitude as your system searches a multi-megabyte sequential file instead of asking the DNS server with the database first. Note: this affects *all* browsing, not just the "bad hosts"." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

I use 0, or 0.0.0.0 first of all (smaller & faster to read from disk/file into RAM), so where did I recommend 127.0.0.1?

"Hosts files can be, but usually are not, configured to block numeric addresses" - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

Uhm, lol... I HAVE TO ASK: So, tell us - HOW CAN A HOSTS FILE BLOCK AN IP NUMERIC ADDRESS?

(Afaik? It cannot... this is only showing myself and the rest of us reading you shoot your mouth off and only prove the more you go how little you know!)

---

"In short, your wonderful list you are so EXCITED about is a bunch of crap that will slow your system down, make it less secure, and isn't actually as functional as you seem to think it is." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

As to "slowing my system down"?

AHEM - anyone here is free to go to say, mvps.org, and ask their forums members (1,000's of them) if hosts speed them up, or slow them down... lol, ok??

As far as "less secure" AND "slower", well, lets see what MR. OLIVER DAY OF SECURITYFOCUS.COM SAYS ABOUT HOSTS FILES AND SECURITY, ok?

http://www.securityfocus.com/columnists/491

Resurrecting the Killfile Oliver Day, 2009-02-04

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

and

"The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Thus, hosts are shown, by a published personnage in the arena of security, as both speeding you up and securing you better... vs. your "ranting and raving" and technically inaccurate frothings here.

---

"Let's be nice, and ignore the amount of time your system would spend sifting through your tens of thousands of entries in your hosts file. We'll pretend that it's not wearing a hole in your hard drive to access that file 20, 30, 50 times per webpage you visit in your quest for pr0n... err... interesting web content." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

Ahem: A HOSTS FILE IS A FILE, and THUS IT GETS CACHED BY THE LOCAL DISKCACHE!

(Does this not register in your head? It reads out of memory at the speed of RAM, yes, even when you turn off the local DNS Cache which you must do with larger HOSTS files, and yes, still at the speed of RAM via requests for it (if unchanged/not marked as "dirty") from the local diskcache too!).

This is really the part showing me you are truly, a "noob" at this (let alone your trolling 8 digit ID here, that also helps "give away the fact" you're a troll also, clearly!)

---

"I try not to respond to AC posters, but this is the biggest bunch of stupid I've ever seen someone try to promote as gospel truth. I had to stop you before someone actually believed the drivel you're spewing." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

Time to show anyone reading here, QUITE THE REVERSE, and to continue showing others reading here YOUR PITIFUL TECHNICAL ERRORS LIKE THOSE ABOVE, and more... here we go:

---

"Ok, simple experiment. Toss 20,000+ "127.0.0.1" entries into your hosts file, as you are recommending. See if your browsing doesn't slow down by an order of magnitude as your system searches a multi-megabyte sequential file instead of asking the DNS server with the database first. Note: this affects *all* browsing, not just the "bad hosts"." - by znerk (1162519) on Monday October 11, @07:27PM (#33864360)

I use 0, or 0.0.0.0 first of all (smaller & faster to read from disk/file into RAM), so where did I recommend 127.0.0.1?

The surprising part is that Dave hasn't sued for patent infringement. http://yro.slashdot.org/yro/04/06/15/1316257.shtml?tid=123&tid=99 http://www.securityfocus.com/news/8472 http://www.techdirt.com/articles/20040312/1522218.shtml Maybe they forgot to file a patent?

This is of course why Windows 7 has no security advantages over XP, and XP has no advantages over 98.</sarcasm>

Considering the same exploit holes are in Win 7 as are in 2003, XP, 2000, 98, and 95... The only part wrong about your comment is the sarcasm tag :P

http://www.securityfocus.com/bid/27100

...that Microsoft's Xbox 360 *still* has not been exploited? PS3 has had a number of exploits over the years, but Xbox 360 is still locked down tight. Too bad desktop Windows still has remote code execution vulnerabilities discovered every month...

They had hypervisor privileges years ago, it's just that it was a pain to implement. http://www.securityfocus.com/archive/1/461489

Ferguson predicts that a year from now, someone will post a HDCP master key on the Internet, and the money spent on the system will be wasted.

Except it took 9 years. Yeah, but that slowness is actually a good thing, so the companies behind HDCP actually wasted nine years worth of research and marketing money instead of just one, hehe.

Plus, Trinity uses Nmap. Who knows, maybe she used it to visualize The Matrix in her spare time?

Look this way, http://www.securityfocus.com/bid/1699/discuss

10 years earlier, Kaminsky reported it very polite and decently and obviously he didn't release an exploit. Did it change anything other than being ignored by MS?

Even Apple as far as I know (and don't like) would stay open at weekend if someone found an issue like that on OS X, until they release a fix. MS doesn't even respond to well known technical news sites run by reporters, not some no name bloggers.

Issue has so big evil potential that, they are afraid to tell the exact details. You can be sure black hats are all over the private forums, google and irc to figure out what this thing could exactly be.

What pisses me off is, it was later "tweeted" to be a 10 year old, reported bug, in official way (Bugtraq) and 3-5 kernels and explorers later, there was nothing done against it.

http://www.securityfocus.com/bid/1699/discuss

See the reporter? That is one of the most respected white hat hackers, especially in Windows land. It is not some teenager misunderstanding something and reporting as flaw.

This sounded a bit like the DNS issue. So big that it better not be detailed until top popular apps (and better, explorer itself) gets patched.

http://www.securityfocus.com/archive/1/513190

"Yeah, in a file with that many entries, the extra 8 bytes per line would create a large performance hit." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

It does in ANY file, but it merely shows itself more in larger HOSTS files (and in relatively largish HOSTS files you must turn off the local DNS client cache in Windows in fact, a bug I reported to MS years ago in fact they still have not corrected). The speed hit compounds itself the MORE line entries a HOSTS file has though.

----

I'm going to agree with the AC in a sibling thread, though: if your HOSTS file is larger than 10MB*, you're doing something with HOSTS it was never meant to do." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

First, I'd like to see documentation of that from the RFC's or a MS or PHD in this science (I have dual degrees around this science myself in a BS CSC and CIS minor from another degree in fact)... just as I told that other AC who impersonated and ad hominem trolled me here (he also says that using 127.0.0.1 is not slower than 0.0.0.0 and like yourself? I disagree on that account due to filesize, length of line entries parsing, AND loopback operations (the latter being one we BOTH noted in fact)).

Secondly - See this:

----

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

----

Well, opinions vary, but... as you can see? A respected security researcher in Mr. Oliver Day who works for securityfocus.com agrees with me and for the same reasons I extolled here on HOSTS file usage... security and speed, are better using one.

----

"It may be easier than setting up a proper DNS server, but it's not as efficient." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

See http://www.google.pl/search?hl=pl&source=hp&q=%22Dan+Kaminsky%22+and+%22DNS%22&btnG=Szukaj+w+Google on DNS servers, and their compromiseability (per Dan Kaminsky, & Moxie Marlinspike's another)... I don't rely on those alone and when I do? I use Open DNS or Scrub IT DNS, since you cannot "hardcode" the entire internet in a HOSTS file after all!

PLUS, DNS servers eat up CPU & RAM I don't need to be eating up here, when a HOSTS file and Open DNS do the trick for me rather nicely!

----

"(I appreciate distributing a HOSTS file is easier than telling people how to setup a DNS server, though.)" - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

I think they're pretty much cake personally, but to each his own... avoiding setting them into "recursive mode" is a good idea though, see the URL from GOOGLE above, on THAT very note.

----

"I think if you start worrying about efficiency enough to start shaving bytes off of lines, you should consider the efficiency of loading a 10MB file instead of a proper DNS server, which can store this data more efficiently than a plain-text list." - by agrif (960591) on Thursday August 05, @08:49AM (#331