Slashdot Mirror

People are moderating above post as funny. In fact, a Microsoft Security Update really did shut down a nuclear reactor.

Nuclear reactors are vulnerable to shut downs caused by network, malware, and "normal" Microsoft Windows related issues. See: malware shutting down a nuclear reactor, and network trouble shuts down a nuclear reactor.

"You can believe what you want. Everybody else knows better." - by countertrolling (1585477) on Monday June 28, @01:22PM (#32718744)

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

So much for your off topic b.s. & trolling... because as you can see above from testimonials, & users who frequent websites noted above + users of Spybot Search & Destroy? There are 1,000's of folks that use a HOSTS file and DO know better (than your b.s.).

APK

"Your hosts file crap has been thoroughly debunked elsewhere." - by tomhudson (43916) on Monday June 28, @10:09AM (#32716076) Homepage

Where's THAT then, tomhudson... fantasyland?

Also, & on what points of mine from my original posts in favor of HOSTS files over adblock or other browser addons alone -> http://tech.slashdot.org/comments.pl?sid=1699526&cid=32709564 have been 'debunked'? Not in your post, that was certain, lol...

(After all - You didn't do a decent job of it above/earlier here http://tech.slashdot.org/comments.pl?sid=1699526&cid=32715870 , lol, & screwed up on your so-called "points" to the point of even contradicting yourself!)

Of course, tomhudson will avoid providing proofs of his statements, as he always does... hilarious! Watch him avoid answering this by all means... he always does when he's cornered on his mistakes (which are, as anyone here reading can see, numerous & erroneous).

---

"Your "solution" is more of a problem than it's worth" - by tomhudson (43916) on Monday June 28, @10:09AM (#32716076) Homepage

Others tend to disagree, tomhudson, see here (material from my 1st post here):

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

ADDITIONALLY:

Layered security IS the "trend" tomhudson, & it works (it's the best solution we have currently is why & how)...

(That's all HOSTS are in combination with other methods (but, they not only provide extra security, but also more speed, and a single one that covers ALL webbounds apps too... browser addson CANNOT do that, period, as they are restricted to single browser families only typically/usually (not in ALL cases though))).

(Tom, give up - you rea

"I bet if you block the ad servers, your speed would double" - by countertrolling (1585477) on Saturday June 26, @01:59PM (#32703448)

Per my subject-line above, I agree, and know it's true (and, you'll not only surf F A S T E R by far, but also safer)...

How so?

Ok, some "proofs thereof via testimonials" (in regards to using a custom HOSTS file to do what you are speculating about):

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

SO - you're probably wondering WHY do I elect to use a custom HOSTS file over say, a browser addon (like Adblock alone)? Ok:

Because HOSTS FILES ARE ADBLOCK'S SUPERIOR ON SEVERAL GROUNDS (& in combination/together? Pretty much the best "browser level" security, in "layered security fashion" you can do currently)!

----

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

Per my subject-line above, & your quote below next? I'll give you an INSTANT SOLUTION for faster webpages, & a more secure one as well from a SINGLE FILE you already have in your Operating System called a HOSTS file (with evidence thereof):

"I'm not sure how I feel about this." - by tpstigers (1075021) on Thursday June 24, @12:46AM (#32673814)

Then, take a read below, & I am sure you'll feel better once you are aware of this (in regards to something you ALREADY HAVE that can make you go faster AND SAFER in the same pass from 1 single file only (The HOSTS file)):

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

Additionally: So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

HOSTS FILES ARE ADBLOCK'S SUPERIOR ON SEVERAL GROUNDS (& in combination/together? Pretty much the best "browser level" security, in "layered security fashion" you can do currently)!

----

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs,

"That's not what a HOSTS file is meant for, and you should generally not optimize for the abusive case." - by Your.Master (1088569) on Wednesday June 16, @01:40AM (#32587616)

Again, really? Funny, but Mr. Oliver Day of SECURITYFOCUS.COM feels otherwise:

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

"Your five megabytes of HOSTS file is probably irrelevant compared to real performance problems." - by Your.Master (1088569) on Wednesday June 16, @01:40AM (#32587616)

Oh, really? Well, it seems that even Foredecker (Senior Manager of Microsoft's "Windows Client Performance Division" whom I referred to above) even felt otherwise & said that a larger file reads slower than a smaller one would... & using a smaller blocking address lends to that "smaller, faster, & more efficient", period... any fool knows that in fact (except you it seems).

---

"Ideally you'd just use your application's native method for dealing with address-blocking" - by Your.Master (1088569) on Wednesday June 16, @01:40AM (#32587616)

A single-layer that may have bugs in it, such as Firefox addons have had & that ONLY work for that particular application, whereas HOSTS files work "universally" blocking out more than potentially bad content that foists malware on users? No thanks... Why should one give up a SINGLE FILE that provides more security & more speed from just 1 file??

(I have entire scores of people above you can "argue the numbers & results" with, so, go for it... good luck!)

DNS servers are another, & you can ask Dan Kaminsky OR Moxie Marlinspike about all the bugs in DNS servers out there (big news for 2-3 yrs. now in fact).

---

"and if you need a blanket block such a huge number of addresses then a local proxy is the way to go, eg. Privoxy." - by Your.Master (1088569) on

You might lead the casual reader to think that merely throwing a switch has no real world consequences, which is anything but the truth. When you are dealing with systems of such magnitude of energies even the smallest delay in rectifying an issue has a very lasting effect. e.g http://englishrussia.com/index.php/2009/08/17/hydro-electic-power-plant-explosion/ There are any number of ways to force mechanical failures simply by using 'control' software. Any mechanical system can be forced to fail if you know how it is built, and what problems plague the internal design of that system. The US is vulnerable to many such attacks against the control systems (e.g. SCADA ) and these threats should be taken VERY seriously until such time that we know the internal control networks are unreachable from any outside influence. http://www.securityfocus.com/news/11465

You can be sued for listening to signals bombarding you without your consent?

Old news

Yes they do:

http://www.securityfocus.com/bid/36299/discuss

And yet the Pwn2Own competitions keep showing that Macs aren't hard to hack...

http://bit.ly/adukJN:

In its last several releases, everyone's favorite Open Source browser has become an unstable mess of add-ons, plugins, and other hacks that chew up memory like a fat kid with a chocolate-dipped corn dog. In fact, just last week, SecurityFocus released news of a devastating exploit in Firefox 3.5.5 that they blame squarely on its unstable architecture.

From its infancy Firefox has been the product of collaborative effort, unifying code from hackers worldwide. But thanks to the Hayes Law, we see that there is a "sweet spot" to such a development style, and that Firefox has long since left it behind. In the chart below, we can see that the number of Firefox developers has increased exponentially since 2002, and that number will more than double in 2010.

But it's time to be honest: either Firefox, as a modern web browser, will have killer performance on 64-bit, multicore Intel chips or it's not worth downloading and installing. And since, as we have seen in the recent past, that Firefox is actually getting slower with each release, Firefox is certainly a waste of time for anyone who takes their web browsing seriously.

The Hayes Law states that, given a specific type of software project, there is a certain complexity associated with it, and with that complexity an optimal number of developers. It's actually a little more complicated than that, taking into account development model, coding platform, programming language, and code repository platform, but in the end it's easy to plug in the numbers and see where a project's headed.

Against the Hayes Law, Firefox appears to have jumped the shark sometime after the Firefox 2.0 in 2006. The next major release, Firefox 3.0 in 2008, introduced many issues users today complain about: bloat, sloth, instability, and insatiable hunger for memory. Firefox user complaints increased in tandem, all syncing up with the jump in developers. Ergo Firefox's problem: too many cocks in the kitchen.

To further underline this growing problem, Firefox completely falls down in Acid3: Firefox 3.5 scores 93/100, and Firefox 3.6 scores only 87/100. Needless to say, Firefox 4.0 mockups score 0/100. Sadly, this is a continuation of a trend: Firefox took the longest of all browsers to beat Acid2. And don't even think about Acid4. Firefox is collapsing under its own weight.

The core of this problem looms: the number of developers, as seen in the chart above, will only continue to skyrocket for Firefox 3.6 and beyond. By the time Firefox 4.0 is released, sometime in December 2010, the number of developers will be nearly 4,000, almost a full magnitude greater than the optimal 445 or so in 2006. Clearly, Firefox is about to capsize.

So what is to be done? Users can petition the Mozilla Corporation and the Mozilla Foundation to rethink their development model, focus on optimization instead of new features, and perhaps backpedaling on some of the less sensible projects like Mozilla Mobile and the non-standard XUL interface. Concerned individuals should log into Mozill

"Hey, are you the same loser that believes it is appropriate to abuse the hosts file as a security measure?" - by Anonymous Coward on Saturday April 03, @03:17PM (#31717934)

I believe they are effective in security, yes (and for speed gains as well)... & per my subject-line above? Well, so does someone who works for SECURITYFOCUS.COM (a respected site for computer security no less). See this quote:

====

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

====

And, per his quote? Well, so do the folks @ SPYBOT "SEARCH & DESTROY" (a known & respected antispyware program).

(So, how's THAT MUCH suit you?)

Additionally, per a security guide I wrote up that is over 350,000++ views strong online across 15 forums I put it onto (late 2007 I did it) & that even got me PAID for writing it up, and has been rated "5/5 stars" on 15 of the forums its on, OR, it has been made an "ESSENTIAL GUIDE" on them (or both combined), and also usually it's in those forums "MOST VIEWED POSTS" as well too!

Here are some testimonials to its efficacy (and specifically on HOSTS files no less from 1 of the repliers):

----

http://www.xtremepccentral.com/forums/showthread.php?t=28430

PERTINENT QUOTES/EXCERPTS:

http://www.xtremepccentral.com/forums/show...8430&page=2

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" (04/2008)

"...recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual. Now I don't recommend this for the average joe, but it if can work for a kids PC it can work for anything!"

and

http://www.xtremepccentral.com/forums/show...8430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"

Thronka - forums member @ xtremepccentral.com

Removing names isn't necessarily enough. The recent netflix case shows that . I think it's interesting that nobody catches the broader implications of that discussion -namely that whether they're "anonymizing" data for purposes of providing it for research, or selling it for marketing... the ability to reverse engineer patterns to undo it remains a risk. -

He's either dodging the question, or he really didn't think about what he was doing? Most people in the malware authoring business probably at least understand the consequences of what they do, even if they don't care. Akin to these guys: http://www.securityfocus.com/news/11476

You can't get good security by improving something that's not designed to be secure

Uh, the actual design of Windows NT is secure. Every object has a security descriptor and can be secured by an ACL. The problem was just a set of poor implementation choices and mistakes over the years, like home users running as Administrator, or leaving the RPC service exposed. But it's not like we haven't seen the same thing with rpc.statd on Linux, or this gem on Solaris.

You can't get good security by improving something that's not designed to be secure

Uh, the actual design of Windows NT is secure. Every object has a security descriptor and can be secured by an ACL. The problem was just a set of poor implementation choices and mistakes over the years, like home users running as Administrator, or leaving the RPC service exposed. But it's not like we haven't seen the same thing with rpc.statd on Linux, or this gem on Solaris.

IIS doesn't really run as any specific user. The packet router, HTTP.sys, runs as LocalSystem. However the thread processing the request changes its security context very early in the request processing to a low priviledged account.

http://www.securityfocus.com/infocus/1765

This was all fixed seven years ago. IIS 6 and later have a pretty decent security record.

There is an interesting note at security focus http://www.securityfocus.com/infocus/1765 about how IIS is implemented securely by requiring kernel dll's to perform the heavy lifting. Kernel dll's, from what I understand, setup a shared state [ie. lump of memory ] between the application and the kernel for the given API.

After the foreplay is over, the application's privilege is lowered, however it still has that lump of shared memory that the kernel will rely on. It seems from the parent article about this exploit, that some jump table is being relied upon in the kernel that the app has done a poor job of cleaning up. Bad app! Worse Kernel!

Strangely, security focus seems to think this is an example of least privilege. This interface design is what has made windows so hard to lock down; and is what calls BS on the apologists. Although UNICES often have glaring holes in, for example, ioctl services, I've never seen one that was stupid as to callback into the application....

Did you even read the links you posted? The lupper was patched years ago. Same for XMLRPC. See this link here: http://www.securityfocus.com/bid/14088/solution.

One of your great links is just a forum of people who say Linux is vulnerable. No documentation of any virus.

Also, these threats hardly count as virii. They are injection attacks on the web server. Most desktop users are not even running a web server. They don't infect OS files, just PHP scripts. If we count PHP injection as virii, then Windows has thousands more vulnerabilities to include.

Lots of the virii noted for Linux are proof of concept code that have never been seen in the wild and only the anti-virus companies seem to have any knowledge of it at all. Maybe because it is in their best interest to find Linux virii. And to spread these virii requires an unsecured system and a priveleged user to run the infected program.

There are plenty of Windows virii that do not require a privileged user to run the virus code. Any user can just connect to a website with code that can infect Windows.

You may be too young to remember, but there are virii for MS that you just have to stick an infected floppy in your drive and it will infect the system all by itself. No program needs to be executed by the user at all.

Their product can be very useful indeed:

http://search.securityfocus.com/swsearch?query=symantec&sbm=bid&submit=Search!&metaname=alldoc&sort=swishlastmodified

To attackers aka hackers ;).

There are rumours that Apple are less enthusiastic about 10.4 as there are vulnerabilities patched in 10.5 updates that have not been released for 10.4 (here are the 10.5 fixes).

A major difference is that IE is integrated deeper with the operating system, which means that flaws in IE can go deeper and have more serious effects

Internet Explorer is just an application and a set of libraries. They are included in the OS and reused in many places, but they cannot do more than any other user application. If iexplore.exe crashes it doesn't mean it will affect explorer.exe just because they both use mshtml.dll.

But the core problem lies in the fact that applications aren't normally started in an isolated sandbox with controlled access to the surroundings but with the access of the logged in user. So an user with full privileges will always get all apps having full privileges too, which they normally doesn't need.

Vista and newer Windows versions implement application integrity levels which run applications in a lower privilege level than the logged in user. When a user runs Internet Explorer (with Protected Mode) it actually runs under a very low integrity level which does not allow writing to user files. It is restricted to writing to special versions of folders like Cookies and Favorites, and must use broker processes to do anything that requires elevated access.

Prove it. Show us the facts that Mac catches more viruses, trojans, or general malware over a Windows based computer. Show us the 'lie'. It doesn't matter if OS X is completely open and exposed with no protection at all. If it's not being infected, it is by definition, more secure.

Over 60,000 known viruses for Windows. Approximately 40 for Mac, and 40 for Linux. No active viruses for Mac, just trojans, meaning they can't even spread on their own. Math is fun, no? (Ref: http://www.securityfocus.com/columnists/188)

Your argument about market majority is also flawed since web servers, arguably much more lucrative targets, are overwhelmingly Linux based yet Windows servers still get more of their fair share of infections.

As to the rest of your post, it reeks of trolling, flamebait, and doesn't merit a response.

Per my subject-line above, & this URL below (where you asked your questions):

http://slashdot.org/comments.pl?sid=1495166&cid=30715150

"Hi APK :)" - by Foredecker (161844) * on Sunday January 10, @11:57AM (#30715150) Homepage Journal

Hello Foredecker!

----

"Happy new year! Its been the Christmas and New years holiday. I've been on vacation. So has almost anyone else I'd need to talk to about this. We're all back now, but we're all very busy getting going after the Holidays." - by Foredecker (161844) * on Sunday January 10, @11:57AM (#30715150) Homepage Journal

Great, that's good news (& pretty much what you wrote in your email also)...

----

"Be patient :) Ill get to this. I just dont know when. I think I can get back to you by mid February, but it may be March.." - by Foredecker (161844) * on Sunday January 10, @11:57AM (#30715150) Homepage Journal

That's ok - See... this isn't just for "my benefit", but for all the folks that use HOSTS files

(Folks like Mr. Oliver Day @ securityfocus.com -> http://www.securityfocus.com/columnists/491 who KNOWS it gains you better online speeds AND security (as he states it in his article there for SYMANTEC) , the folks @ mvps.org -> http://www.mvps.org/winhelp2002/hosts.htm and the folks @ bluetack/BISS who do also -> http://blocklistpro.com/biss-hosts-file-manager.html & many others online, like myself, who know BOTH the added speed and security benefits inherent in the use of a CUSTOM HOSTS file...

I mean, hey - After all:

You folks @ Microsoft can regain what you yourselves made as a BETTER STANDARD (setting a new one) in HOSTS files being able to use a 0 blocking address (which in turn yields a faster internal parsing format per each line record in a HOSTS file for blocking purposes by doing so, because of less characters per line (using 0, vs. 0.0.0.0 or worse yet, 127.0.0.1) as well as a small HOSTS file...) back as far as Windows 2000, albeit, in a service pack AFTER its original distro on CD... which you kept up even into VISTA, up until MS "Patch Tuesday" on 12/08/2008, when it was suddenly removed... why though?

The fairly "recent" changes to the IP stack in VISTA/Windows Server 2008/Windows 7 have resulted in some "StRaNgE" stuff happening like -> http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx OR here -> http://www.microsoft.com/technet/security/advisory/977544.mspx and, of course, what rootkit.com said about unhooking the firewall design based on NDIS6/WFP now being EASIER TO UNHOOK THAN THE OLDER MODELS OF WINDOWS HAD -> http://www.rootkit.com/newsread.php?newsid=952 ...

(I'm only trying to help you AND your company, by pointing this issue I have noted on HOSTS files being unable to use a 0 blocking address internally is all (because HOSTS files are invaluable for gaining both SPEED, and LAYERED SECURITY)... &, because the numbers & "physics of it" tend to bear out what I state here as the absolute truth is all as to the efficiency of the 0 blocking address format, vs. 0.0.0.0 &/or 127.0.0.1 ...)

There is, again, per my email to you, another issue surrounding this: That's the local DNS Client Cache FAILING on larger HOSTS files... that's another one to look into, in regards to this HOSTS files issue too.

"while Chrome has no such alternative." - by mr_flea (776124) on Friday January 15, @12:33PM (#30780860)

Not quite true: It has a BETTER one in fact - called a CUSTOM HOSTS FILE!

It's an alternate solution here which is better, because HOSTS:

----

1.) HOSTS files eat no CPU cycles like browser addons do no less!

2.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://en.wikipedia.org/wiki/Hosts_file ) & edited too.

3.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers.

4.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE

5.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.

----

Using HOSTS files, you may also SUBSTANTIALLY & NOTICEABLY speed yourself up using HOSTS files too!

That's easily done, with a text editor like notepad.exe for example, by adding in your favorite websites into it - what I call "hardcoding" them into a HOSTS file & in addition to adbanner blocking (which soak up your CPU, & linespeed too, & have been found to have malicious code in them also)?

That practice not only speeds you up even more, but, it also makes you "proofed" vs. DNS server log requests also...

IN ADDITION TO THAT, you're also "proofed" vs. compromised or downed DNS servers as well!

(This is happening like crazy too, per Dan Kaminsky's findings which get published a lot about on this very website no less in regards to the Domain Name System & it's difficulties in security vulnerabilities & spoofable designs etc. et al).

You speedup via this use of HOSTS files, simply by avoiding calls to external DNS servers, which take 70ns roundtrip to get the DOMAIN/HOST NAME RESOLUTION back to a requesting system (be it a recursive DNS server, or an end user even)!

Whereas by way of comparison? Calling out to you local HDD instead, vs. 70++ns or more accesses & returns from remote DNS servers? HDD's only take 7-10ns, tops. That's a 10-fold or more order of magnitude speed gain & even F A S T E R off of a SSD!

Do the math...

Now, improving on that even MORESO here? I do my hosts file location (via a registry hack) being done up off of a SSD, which has way, Way, WAY faster ACCESS SPEEDS than even electro-mechanical 10k rpm disks do, exceeding them in performance on THAT note, by far... CENATEK RocketDrive & Gigabyte IRAM user here is why/how I do that!

(A SSD is where I house MY personal custom HOSTS file, 655,500++ entries of known BAD sites/servers in it like maliciously coded sites, known botnet "C&C servers" or bogus name servers for them, and adbanners (which have also been shown to house malicious code more than a few times the past 4-5 yrs. now no less, & also slow you down too, when YOU PAY FOR YOUR LINETIME, mind you))

It flies!

APK

P.S.=> IF "my take" is not 'good enough' on this account? Well, take a peek @ this instead then:

====

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day SECURITYFOCUS.COM)

http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lis

As I understand it, any file in an NTFS partition can have one or more Alternate Data Streams associated with it, regardless of its type or location. So if you tell someone not to scan something like "Edb.log", does that imply that they should not scan "Edb.log:virus.exe" either?

I have to agree with Trend Micro on this one. Completely skipping specific files in specific directories may prevent performance issues, but it may also make it easier for malware authors to find new hiding places.

"So you are saying that using a hosts file is supposed to be faster?" - by Anonymous Coward on Monday November 30, @04:39PM (#30275160)

I am, but, don't just take MY word for it - take a read:

====

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

====

"nuff said..."

APK

P.S.=> If my word's not "good enough", then read what others have stated (from a respected security forums no less)... &, if THAT's not enough? Take a trip to mvps.org (they produce a widely used HOSTS file) & see what their forums members have to say... & if THAT's not enough, go visit bluetack's forums, they'll do the same as I have, alongside Mr. Oliver Day of SECURITYFOCUS.COM, quoted above! apk

"That's not what a hosts file is for. Loading it up will slow down your DNS." - by Anonymous Coward on Monday November 30, @06:22PM (#30276852)

Really? Funny, that's not what people from SECURITYFOCUS.COM said:

====

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

====

Also, the folks from "SPYBOT 'Search & Destroy'" would tend to disagree with you as well, considering they have kept people safer online for YEARS (if not a decade++ by now), via populating HOSTS files, vs. KNOWN bad sites &/or servers. Top that off, with the entire mvps.org forums? I think you are NOW, "put in your place" (in the refuse heap).

APK

P.S.=> And, as far as DNS clientside caches, in Windows @ least? They're FLAWED, & I pointed this out to MS people here, + how/why as well as how to stop it occurring:

http://slashdot.org/comments.pl?sid=1452248&cid=30184734

AS WELL AS HOW TO GET AROUND IT (with a larger HOSTS file), easily, by cutting off the local DNS clientcache service (which is flawed because it "flakes out" with larger HOSTS files, but not once you turn it off, no longer wasting CPU cycles, RAM, or other forms of I/O running a service you clearly do NOT need, and one that IS indeed, flawed, because of its failure with larger hosts files? That goes away too, AND YOU GO FASTER ONLINE (as well as much, Much, MUCH safer today, especially today/nowadays in "the era of the poisoned adbanner & webpage")...

NOW, as far as DNS servers? Well, this ought to prove "what is what", on that note:

====

DNS PROBLEMS:

Number of Rogue DNS Servers on the Rise:

http://tech.slashdot.org/article.pl?no_d2=1&sid=08/02/15/2118212

----

Security Researcher Kaminsky Pushes DNS Patching:

http://it.slashdot.org/article.pl?sid=09/02/19/2322231

----

Ten Percent of DNS Servers Still Vulnerable:

http://tech.slashdot.org/article.pl?no_d2=1&sid=05/08/04/1525235

----

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208

----

Another DNS Flaw Found:

http://tech.slashdot.org/article.pl?sid=09/01/09/2348240

----

Attack Code Published For DNS Vulnerability:

http://it.slashdot.org/article.pl?no_d2=1&sid=08/07/23/231254

----

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/article.pl?no_d2=1&sid=08/08/09/123222

----

DDoS Attacks Via DNS Recursion:

"If any lone black hat can pwn thousands and millions of machines from his bedroom, it stands to reason a well resourced organisation with even half-assed methodological inclination can do things that boggle our script kiddie minds. They have very few barriers to whatever they want to do" - by w0mprat (1317953) on Thursday November 19, @06:36PM (#30165882)

Per my subject-line above? THERE'S A BARRIER, right here:

----

HOW TO SECURE Windows 2000/XP/Server 2003/VISTA/Windows Server 2008/Windows 7, per CIS Tool Guidance & more tools like it (and beyond):

http://www.tcmagazine.com/forums/index.php?s=81bc1c6a14043ef2c95a0ddc8c9de8bd&showtopic=2662

----

AND, "it works"...

(LOL, that quote above? It's per Tony Stark & IRON MAN, in regards to his "Arc Reactor Technology" to Obadiah Stane - because one of its STRONGEST POINTS is a HOSTS file & using a custom one (and I have a way of "making it smaller" (and thus, faster), which is what Mr. Stark did to his "arc reactor" basically, &, "in a cave... with a bunch of scraps" per Obadiah Stane once he stole it from Stark... my technique is known & used by many also, like Mr. Oliver Day of SECURITYFOCUS.COM, for a faster & safer internet experieence no less - & that's just a TINY PART of that guide, but a major one, nevertheless!))

How well does it work?

OK, some testimonials:

----

http://www.xtremepccentral.com/forums/showthread.php?t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff!" THRONKA user @ xtremepccentral.com

----

Security on Windows? ENTIRELY DOABLE & POSSIBLE... fairly easily.

APK

P.S.=> On the HOST file part of it, how well IT works? Ok:

----

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

Nuff said, enjoy the read, & KNOW that Windows? It's as securable as ANY OS IS, if not moreso (per its ACL's which OS' like Linux needed "bolted on" via SeLinux, & it didn't come that way originally mind you, Windows does - Windows "problem" is that MS ships it "WIDE OPEN", so "everything just works" especially on mass deployments. Were I MS? I'd do the OPPOSITE - ship it locked down, & totally, until the user tries to do things + then build a nice easy to use interface that asks them "what is it you wanted to do, & you could not?" & then have it "open that particular door" for them only, @ THE USER'S DISCRETION, but then only... not "open by default"))... apk

"1) If there is a flaw in the software, i can tell you DNS server that I slashdot is at 80.65.228.129 or that your bank resolves to my MITM attack site.
2) I can use up all of your routers resources and then you can't lookup any sites yourself" - by RiotingPacifist (1228016) on Sunday November 15, @09:38AM (#30105686)

RP, that is why I use a custom HOSTS file & not only to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&C servers" too, from reliable reputable lists but also for speed (more on that later & WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -> http://en.wikipedia.org/wiki/Hosts_file or those from mvps.org (a good one this one))

I further populate my custom HOSTS file with up to date information in regards to all of those threats, via Spybot "Search & Destroy" updates (populates HOSTS and browser block lists), but also via sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/ or sites like FireEye -> http://blog.fireeye.com/ , stopbadware.org, & also SRI (just to name a few of my sources) & my HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia (all duplicates removed via a Borland Delphi app I wrote to do so, and also change the default larger & SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller & thus faster than 127.0.0.1 default) or the smallest & fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (& it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (& now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -> http://www.rootkit.com/newsread.php?newsid=952 that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))

HOWEVER, to "CIRCUMVENT" THAT WHICH YOU NOTE? WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:

This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP (especially since I use external DNS servers too, beyond my hardcoded favs in my HOSTS file because I can't ping & resolve the ENTIRE internet after all), making it harder for them to track me... sure, they could do a "reverse DNS lookup" via pings &/or traceroutes & the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))

ALSO, AS A "BONUS" in HOSTS FILES:

It speeds you up, for one thing, & a buddy of mine says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a years, & he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), & if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:

====

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major

"Remember when a 768kbps DSL line was whizzo fast? Because all it had to download was some simple HTML, maybe some gifs? I want my old Internet back." - by rho (6063) on Thursday November 12, @03:09PM (#30078024) Homepage

I'm using that EXACT speed of connection... & IT FLIES!

How?

Easy...

Use a custom HOSTS file, & then use some GLOBAL disabling of javascript on "every website under the sun" (& ONLY USE IT WHERE YOU ABSOLUTELY HAVE TO).

Both practices result in a FASTER AND S A F E R internet, period (according to my pal Jack, a certified PI, it is "twice as fast"... but, he values the security end more (because he would literally get NAILED, each week, by (&, I kid you not) @ LEAST 200++ viruses/spwyares/trojans/malwares-in-general)).

(So - My word, & my buddy's results not good enough? Fair enough then, ok... how about the word of a published security analyst then from SECURITYFOCUS.COM?)

----

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

----

"Nuff said/I rest my case..."

APK

P.S.=> You can get good reliable HOSTS files from these sources (stay away from the ones from France @ Wikipedia though - TOO many "falsies" in that one), like WIKIPEDIA's page on HOSTS files -> http://en.wikipedia.org/wiki/Hosts_file, or, mvps.org's is a good one too!

From all the choices in DECENT HOSTS FILES above? Well - I used them ALL... &, I consolidated them ALL into 1 HUGE HOSTS file here via a program I wrote in Borland Delphi 7 to do it, since this involves string processing, some of the heaviest work a PC does in fact, & DELPHI RULES THAT ROOST, even DOUBLING MSVC++ in that speed cateogory, which is why I chose to write my tool in it (I use it to keep duplicates out of & then to "reformat the interior" of the HOSTS I use, to use the smallest/fastest blocking IP address there is for Windows 2000/XP/Server 2003, in 0 preceeding domainnames/hostnames to block out, &/or 0.0.0.0 for Windows VISTA/Server 2008 + Windows 7 (MS made a change after 12/09/2008 taking out the ability to use 0 (smaller & faster) as a blocking "IP Address" in HOSTS files (when it could before that in VISTA, & oddly, Windows 2000/XP/Server 2003 STILL CAN USE 0 (vs. the larger & slower 0.0.0.0 but worse yet, the default 127.0.0.1 "loopback adapter" address)). I wish MS would change this 1 thing in Windows 7 in fact, because IF the do? I would think it is NEAR PERFECT, in fact.

(Plus, keeping them populated & "up-to-date" is easily done if you use SpyBot "Search & Destroy", because it not only 'fortifies' private webbrowser "block lists" like Opera's URLFILTER.INI/FILTER.INI, or also IE restricted zones too (FF has this also), but, it also populates your HOSTS file with blocking entries vs. KNOWN BAD WEBSITES/BOTNET COMMAND & CONTROL SERVERS/BAD ADBANNERS, "automagically" via its IMMUNIZE feature (yes, these too, have had malscript in them the past few years now here & there also), & there are PLENTY of sites like Dancho Danchev's security blog for ZDNet, SRI, FireEye, & many more that provide latest/up-to-date info. on bad sites, so YOU can edit your hosts with notepad.exe & add in blocks vs. those known bogus sites &/or servers yourself, with ease... apk

alternate data streams

according to the list here, the oldest vernerable kernel is 2.6.23

(That list isn't fully sorted though, 2.6.23.2 is just above Linux kernel 2.6.31-rc5-git3)

"This APK guy goes away if you ignore him for a while. He needs meds." - by symbolset (646467) on Tuesday November 03, @11:03PM (#29973298)

Symbolset, this isn't the 1st time you've used an "adhominem" style attack of myself on me, rather than attacking my points (so, I thought I'd let that be known, first of all). Secondly, I tend to agree with what was said here by others:

http://slashdot.org/comments.pl?sid=1429510&cid=29977664

And, you'd need an attorney (if not meds for being the crazy one here), if you keep libelling others that way, online or otherwise, symbolset (if not an iron jaw, because sooner or later? You'll run into a "real bad motor scooter" that's going to "punch out your lites" for your libellous mouth).

Above all else - Do you possess a license to practice psychiatry & to dispense such diagnoses? No?? Didn't think so. Did you perform a formal psychiatric examination on myself to come up with your "sidewalk surgeon/quack" immediate "prognosis/diagnosis"??? No again????

So much for YOU, and, if THAT is "the best you have"????? I suggest you get over your "wannabe PHD in psychiatry status"...

====

And, another "added note" on HOSTS files, from SECURITYFOCUS.COM (just to put the "icing on the cake" from my original post, & this IS IN FAVOR OF HOSTS FILES, again):

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

----

A noted security expert/journallist is even "seeing the light" as to HOSTS files benefits for both SPEED, AND SECURITY, as I stated to foredecker (our alleged MS dev mgr. here on /.)

AND, of course, there IS the issue of the single/dual layer "WFP" firewall design in Windows being EASIER TO "UNHOOK", by rootkit.com's analysts as well (once more):

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

====

The main thing is, WHY DOESN'T FOREDECKER RESPOND? Have I, "little ole' me", caught MS with their "pants down"? Wouldn't be a first: Ask Dr. Mark Russinovich about that, & his "rookie hardcodes" in his pagedefrag.exe tool I pointed out he hardcoded C:\ into, & that I told he EXACTLY why/where/how to fix it + he thanked me for it.

(Nuff said... &, "too, Too EASY")

APK

P.S.=> Of course, above ALL else, is the fact that this alleged development manager from Microsoft, in Foredecker, is refusing to respond here, vs. my original initial points as well on both HOSTS files in VISTA/Server 2008/Windows 7 and the WFP firewall design (vs. the older & NOT EASILY UNHOOKED firewall designs in Windows 2000/XP/Server 2003 in my original post to here, here -> http://slashdot.org/comments.pl?sid=1429510&threshold=-1&commentsort=0&mode=thread&pid=29967174 )... apk

This solution works, please see the links below. However I would reccomend seing what your settings are on your system
$ sysctl -n vm.mmap_min_addr to find what your setting is.
On Ubuntu 8.04 LTS servers (including Xen kernels) and on 9.10 desktops it is 65536. Not a big deal.
http://wiki.debian.org/mmap_min_addr
https://lists.ubuntu.com/archives/ubuntu-devel/2008-July/025805.html
http://www.securityfocus.com/bid/26831/info

The bug was found by Brad Spengler last month.

I thought we discussed this in July? Or is this a different exploit?

I think it's pretty clear that De Raadt and others have been discussing this vulnerability for quite sometime. On a list of affected systems, you can see it's been known on that site since August. Here's another fix discussed that involves setting PER_CLEAR_ON_SETID mask to MMAP_PAGE_ZERO and that's from July (unfortunately, as the Register article said, that might cause problems with applications). In fact I think Spengler has been talking about this for quite sometime as I believe you can find exploit code here and a video of it in use here against SELinux. If that's not the same exploit it sure seems to be very similar in nature.

As much as I hate linking to blogs SecurityFocus seems to have the most detailed story on the DirecTV lawsuits against anyone and everyone who ever bought a smart card writer. Their reasoning seems to be "People use smart card writers to pirate our service therefore everyone who purchases a smart card writer is doing so to pirate our services."

Good luck with that.

People should really stop using the word secure with Tor. Anonymous, sure, but you actually forfeit some of your security and privacy when using Tor. Anyone can snoop your outgoing connections from Exit node, or if you're using https or other secure connection, change the certificates. On top of that there's a change the exit node changes your http pages in addition to stealing or just snooping for information. Implying "secure" in news likes this gives lots of false sense of security to users, like has been seen many times before.

And this is different from regular web browsing....how, exactly? You're not forteiting any of your security or privacy. You're just not necessarily gaining any more in certain areas. But, this only applies if the exit node you happen to be using for that connection is a malicious node. Yes, governments can set up an awful lot of nodes, but the size of the network itself is going to dwarf anything a government can do. The vast majority of exit nodes are legitimate.
You can also specify not to use certain exit nodes. If you're in China, and you don't want to risk government interference, then configure your node to not use any Chinese exit nodes.

Eavesdropping by exit nodes

In September 2007, Dan Egerstad, a Swedish security consultant, revealed that by operating and monitoring Tor exit nodes he had intercepted usernames and passwords for a large number of email accounts.[15] As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[16]

So, jerks can break your security. Big news. Film at 11. Maybe the fact that this can be done anywhere at all, unless you're using an unbreakable encryption/authentication method, means you shouldn't be worrying about Tor specifically.

Another thing is that you are still usually leaking DNS queries to your ISP, which may even return false results if you're being censored in China or something and they still see what sites you're visiting.

The summary also quickly mentions geo-aware phones. If you happen to be using that bad exit node, now your geo-location updates will be transmitted via it too. And goverments should be able to set up a lot different exit nodes all around the world easily.

So no, it's not secure. It's maybe anonymous, if you use it correctly and don't login to your banking, slashdot account or whatever with it.

This is patently incorrect. All DNS queries from a Tor-surfing browser are routed over the Tor network. There are specific instructions for the setup of a Tor exit node that state basically "If your ISP blocks access to certain sites, make sure your Tor node knows about them, otherwise Tor users will get NORECORD results from DNS queries, and think the site is down/missing. If your node knows about them, the Tor network will not use your node to attempt access to those sites."

I've stumbled across a misconfigured Tor exit node before that did this. Trying to access a site over Tor resulted in an error page, but the same site over the Internet worked fine. Waited for 10 minutes for the Tor connection to cycle to a different route, and all of a sudden I could access it over Tor, too.

SSL has certification authorities. Needless to say, initiating an encrypted connection via tor with a site that is not certified is at least as careless as not using SSL at all.

Because CA signing has never been compromised ?

IE, Chrome, Safari duped by bogus PayPal SSL cert

MD5 Weakness Allows Fake SSL Certificates To Be Created

Or because no one ever gets suckered by a proxy just stripping out the SSL altogether ?

Man-in-the-middle attack sidesteps SSL

And no one has ever been tricked into clicking "OK" when a MITM attack passes on its own cert ?

TOR exit-node doing MITM attacks

Now I know you (and the guy who modded me "overrated") probably take all possible precautions but they only need to catch you or some less careful type off guard once. I don't know why anyone would route a secure connection through an untrusted node on purpose. Sounds like asking for trouble to me.

Citation, or it ain't so. 800 Linux viruses? I haven't read anything like that. 200,000 Windows viruses?

http://www.securityfocus.com/columnists/188

Of course, it's not just "regular folks" on mailing lists who share this opinion. Businesspeople have expressed similar attitudes ... including ones who work for anti-virus companies. Jack Clarke, European product manager at McAfee, said, "So we will be seeing more Linux viruses as the OS becomes more common and popular."

Mr. Clarke is wrong.

Sure, there are Linux viruses. But let's compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell's Analysis of the Impact of Open Source Software (note: the link is to a 135 kb PDF file):

"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory." >>Editor's note: unfortunately we have been made aware that this quote by Dr. Peeling and Dr. Satchell is incorrect; the independent WildList organization produces a monthly "in the wild" list of viruses. While the vast majority of viruses in their report are Windows-based, there are still some Linux-based viruses (listed as "Other") found in the wild as well.>>

So there are far fewer viruses for Mac OS X and Linux. It's true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. Why?

----------------
Granted, that article is 6 years old - but you'll be hard pressed to come up with the numbers you give for Linux OR for Windows. I think that it's safe to say that there aren't 800 viruses - real working viruses - for all of open source. Again, I say, citations or it isn't so.

Secure, anonymous access to the web via Tor on Android is now a reality

People should really stop using the word secure with Tor. Anonymous, sure, but you actually forfeit some of your security and privacy when using Tor. Anyone can snoop your outgoing connections from Exit node, or if you're using https or other secure connection, change the certificates. On top of that there's a change the exit node changes your http pages in addition to stealing or just snooping for information. Implying "secure" in news likes this gives lots of false sense of security to users, like has been seen many times before.

Eavesdropping by exit nodes

In September 2007, Dan Egerstad, a Swedish security consultant, revealed that by operating and monitoring Tor exit nodes he had intercepted usernames and passwords for a large number of email accounts.[15] As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[16]

Another thing is that you are still usually leaking DNS queries to your ISP, which may even return false results if you're being censored in China or something and they still see what sites you're visiting.

The summary also quickly mentions geo-aware phones. If you happen to be using that bad exit node, now your geo-location updates will be transmitted via it too. And goverments should be able to set up a lot different exit nodes all around the world easily.

So no, it's not secure. It's maybe anonymous, if you use it correctly and don't login to your banking, slashdot account or whatever with it.

That looks like Malware. Stuff that people install voluntarily because of social engineering.

I could put:
-
#!/bin/bash
sudo rm -rf /
-
into a file tell you that it'll give you more free hard drive space.

I'm talking about Viruses & Trojans. The stuff that is automated and requires 0 user interaction. The stuff that infects an XP SP1 machine with in 20 minutes of being on the internet.

Hackers sued for tinkering with Xbox games - Sued by a video game maker

Hacking the Xbox - Excerpt: "Last year, a Microsoft lawsuit temporarily shut down the Hong Kong-based company Lik Sang, which sold mod chips over the Internet."

Apple serves DMCA notice to OSx86 Project

> Filtering user input properly would have stopped this though

Yeah but I think a lot of people underestimate the difficulty of "properly".

Even when it comes to simple stuff like escaping angled brackets:

http://cansecwest.com/csw09/csw09-weber.pdf
http://www.securityfocus.com/archive/1/437948/30/0/threaded

More here:
http://nedbatchelder.com/blog/200704/xss_with_utf7.html
http://www.securityfocus.com/bid/31183/discuss
http://ha.ckers.org/blog/20060817/variable-width-encoding/

Worse if you need to allow _some_ fancy stuff but not all.

To use a car analogy, browsers nowadays are like cars with 1000+ gas pedals, many placed in strange and unexpected places. But not a single brake pedal.

To stop, you must ensure that NONE of the 1000+ gas pedals are pressed.

If a hacker rides past and manages to press one of those pedals, you crash and burn.

I've been proposing a brake pedal for browsers for years: http://slashdot.org/comments.pl?sid=1384497&cid=29565569

I really don't care what it ends up looking like as long as it works and is easy to use.

What if one day your filters disagree with some of your users browsers in their parsing? All the different browsers and filters might be correct according to different interpretations of the standard(s) - just some ambiguity makes them all right and yet some different.

With my proposal as long as they interpret the brake pedal correctly, they could still be safe (there's no 100%, but hey at least things will be safer).

> Filtering user input properly would have stopped this though

Yeah but I think a lot of people underestimate the difficulty of "properly".

Even when it comes to simple stuff like escaping angled brackets:

http://cansecwest.com/csw09/csw09-weber.pdf
http://www.securityfocus.com/archive/1/437948/30/0/threaded

More here:
http://nedbatchelder.com/blog/200704/xss_with_utf7.html
http://www.securityfocus.com/bid/31183/discuss
http://ha.ckers.org/blog/20060817/variable-width-encoding/

Worse if you need to allow _some_ fancy stuff but not all.

To use a car analogy, browsers nowadays are like cars with 1000+ gas pedals, many placed in strange and unexpected places. But not a single brake pedal.

To stop, you must ensure that NONE of the 1000+ gas pedals are pressed.

If a hacker rides past and manages to press one of those pedals, you crash and burn.

I've been proposing a brake pedal for browsers for years: http://slashdot.org/comments.pl?sid=1384497&cid=29565569

I really don't care what it ends up looking like as long as it works and is easy to use.

What if one day your filters disagree with some of your users browsers in their parsing? All the different browsers and filters might be correct according to different interpretations of the standard(s) - just some ambiguity makes them all right and yet some different.

With my proposal as long as they interpret the brake pedal correctly, they could still be safe (there's no 100%, but hey at least things will be safer).

Agh, the line: browser treated some unicode characters as ""

Should read:

browser treated some unicode characters as "<".
See this: http://cansecwest.com/csw09/csw09-weber.pdf

Forgot that Plain Old Text is not Plain Old Text in Slashdot.

Oh yeah there's also: http://www.securityfocus.com/archive/1/437948/30/0/threaded

That's all very nice and simple till stuff like UTF8, UTF7, etc get involved...

See:
http://nedbatchelder.com/blog/200704/xss_with_utf7.html
http://www.securityfocus.com/bid/31183/discuss
http://ha.ckers.org/blog/20060817/variable-width-encoding/

You don't have to believe me when I tell you there are 1000 (or more) gas pedals and no brake pedal and it's a crazy situation. But that's the truth as I see it.

I daresay many of the website folks who have been burnt before will believe me. Yes you can and SHOULD use the escaping libraries out there, but you'd still be screwed the day some hacker discovers a way to exploit a browser bug or new "feature" or even an ambiguity in standards[1] that causes the browser to see things differently from what the library handles.

My memory isn't so good but I think there was even a case where a browser treated some unicode characters as "" for some reason with exploitable results.

[1] Both the browser and library could be "right" but that's no comfort to your exploited users and you.

http://www.securityfocus.com/bid/5408/discuss

Okay, how about that one? It was announced and discussed quite a few years ago. How could a security engineer not know about this?

"Okay, you probably don't want to host one of these parties." - by bigman2003 (671309) on Friday September 04, @06:04PM (#29317911) Homepage

Regarding the word HOST? Ms needs to host a "WORK PARTY" on THE HOSTS FILE & to fix how it works in Windows VISTA, Windows Server 2008, & yes, Windows 7: Microsoft has made it grossly more inefficient (30% or so) by making it unable to use 0 as a blocking IP address in it (for VISTA after the 12/09/2008 Ms "Patch Tuesday" & for the rest it was always thus), vs 0.0.0.0 (next most efficient due to smaller size) & lastly 127.0.0.1 (the largest & slowest of the lot)...

I don't like that, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

Why (especially for blocking adbanners)?

Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using pos

Before they charge $150-$300 for their newest Operating Systems in VISTA, Server 2008, & Windows 7 (per your quote below, & WHY, more importantly):

"I think the hosts should charge their guests $100 to come in." - by DoofusOfDeath (636671) on Friday September 04, @02:15PM (#29314383)

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

Why (especially for blocking adbanners)?

Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491

PERTIN