Slashdot Mirror

Before they charge $150-$300 for their newest Operating Systems in VISTA, Server 2008, & Windows 7 (per your quote below, & WHY, more importantly):

"I think the hosts should charge their guests $100 to come in." - by DoofusOfDeath (636671) on Friday September 04, @02:15PM (#29314383)

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

Why (especially for blocking adbanners)?

Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491

PERTIN

Oh, here, I'll be nice and supply you with the first link: http://www.securityfocus.com/news/8472

You're on your own, after this one. Bottom line, the corporate heads are thieves and sharks. Don't expect me to sympathize if some of their broadcast content is stolen.

"they built a reasonably secure operating system from the ground up and decided to actually enforce the programming paradigms. The problem isn't with Vista, it's with the antiquated applications that still need tons of shims to work" - by onionman (975962) on Tuesday August 18, @12:06AM (#29101085)

They did SOME things, VERY right ("under-the-covers") but, they also "screwed up" a couple things... what, you ask? Well, HOSTS files, & WFP + NDIS6 (in terms of efficiency & possibly security, respectively, & SEE MY P.S. please, because I am NOT the only person stating it, ROOTKIT.COM does also)...

Ok, here goes: Read on (IF you don't mind long, & technically detailed posts, or if you don't have ADD/ADHD or DYSLEXIA, because it is, a LOT to read + "Drink in & Digest"... but, I wager, you'll find it VERY interesting)!

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your POV (mine's based solely on efficiency & security - which ought to concern ENTERPRISE class users/admins, greatly), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post, because it says it better than I do really!

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in

"And this time, unlike Windows 95, Windows 98, Windows 98SE, Windows ME, Windows NT, Windows 2000, Windows XP, and Windows Vista, Windows 7 really will be secure. Really!" - by Anonymous Coward on Tuesday August 18, @12:06AM (#29101087)

ROOTKIT.COM, says quite otherwise (& I say even more, & didn't get an answer from MS in regards to what I will put out next) - I sense your sarcasm: It's NOT unjustified either, because if you keep reading, all the way down to my "p.s." below? You'll be even more sarcastic... read on:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your POV (mine's based solely on efficiency & security - which ought to concern ENTERPRISE class users/admins, greatly), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post, because it says it better than I do really!

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can

"...despite its age, XP works." - by tecker (793737) on Tuesday August 18, @12:08AM (#29101099) Homepage

Righter than you know, in regards to HOSTS files & WFP/NDIS... read on:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your POV (mine's based solely on efficiency & security - which ought to concern ENTERPRISE class users/admins, greatly), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post, because it says it better than I do really!

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to use 0 as a valid blocking IP address in a HOSTS file for VISTA/Server 2008/Windows 7 - MS has literally promoted bloat in this file, making it load slower from disk, into memory! T

"I recently put Windows 7 on my Bootcamp partition and I've been pleasantly surprised. It runs pretty snappy on this older MacBook with 2GB of ram" - by ducomputergeek (595742)on Tuesday August 18, @01:26AM (#29101715) Homepage

Snappy? First of all - You can make ANY Windows NT-based OS 'snappier', simply by trimming off excessive services & tuning/tweaking. You probably know this, but yet you failed to mention/note it. It is, after all, largely what MS did over the VISTA setup this way (& yes, they did more that was GOOD, but some that was bad... read on):

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your POV (mine's based solely on efficiency & security - which ought to concern ENTERPRISE class users/admins, greatly), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post, because it says it better than I do really!

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point

"The real test of Windows 7 won't be users, it would be enterprise customers... The decision to switch would in that case be taken by Sysadmins and the like." - by quarterbuck (1268694) on Monday August 17, @11:54PM (#29100981)

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your POV (mine's based solely on efficiency & security - which ought to concern ENTERPRISE class users/admins, greatly), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to use 0 as a valid blocking IP address in a HOSTS file for VISTA/Server 2008/Windows 7 - MS has literally promoted bloat in this file, making it load slower from disk, into memory! Thi

"Feedback about how Windows 7 works in these respects would be much appreciated" - by JustNiz (692889) on Tuesday August 18, @01:30AM (#29101761)

Adding 2 more, than most folks are NOT aware of, regarding HOSTS, & WFP/NDIS6. See subject-line, & this next - "Ask & ye shall receive" (per your quoted request)... read on (IF you can handle a long, technically detailed read, that is):

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to use 0 as a valid blocking IP address in a HOSTS file for VISTA/Server 2008/Win

""'the operating system that both Microsoft and its consumers have been waiting for.'"" - by korean.ian (1264578) on Wednesday August 05, @02:13AM (#28952467)

There are some things in Windows VISTA, Server 2008, & yes, Windows 7 that consumers HAVE been waiting for... such as OpenGL gaming support!

(E.G. -> Where is it?)

See - The last time I checked into OpenGL on VISTA? Well, you could not even install Quake 4, let alone play it, because of Microsoft playing "DirectX 'Uber Alles'" games on VISTA onwards... & to get it to work??

Well, last I knew you had to 'hack in' something called an OpenGL icd layer (not trivial to do, & only translates API calls from an OpenGL game to DirectX api calls, & then looks like "$heet" when its played, from what I have heard on this note (don't quote me on this, it is only "rumor mill" stuff I heard over time, about how to get OpenGL gaming working again in VISTA)).

I.E.-> Thus, I do NOT see how Microsoft can say "Windows 7 is better", when it clearly LACKS FUNCTIONALITY & ABILITIES its older predecessors had that worked fine!

There's more "hassles" in Windows VISTA, Server 2008, & Windows 7, albeit, on a networking oriented note... & until I am proven WRONG on what I am about to state here? I will stick by it, & I won't "buy into" Windows 7 until these issues are fixed (because Windows 2000/XP/Server 2003 can do them, just fine, & better than Windows 7 or VISTA/Server 2008), & here we go, on my points on those:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this sl

"Security for starters. Vista changed a lot under the hood to improve security" - by wjousts (1529427) on Wednesday July 29, @03:02PM (#28871253)

Well... they did, AND THEY DIDN'T: Like what, you might ask?

1.) HOSTS files not being able to use 0 as a blocking IP address in a CUSTOM HOSTS FILE (for both added speed & security), vs. 0.0.0.0 or 127.0.0.1 (the "loopback adapter" being the WORST of the lot, in terms of efficiency & internal file read speed in loops to 'suck it in' to either the local DNS cache client OR the diskcache (which again, MS has a problem in the DNS Client of it 'breaking down' on LARGER hosts files (purely relative, iirc, when they go over the 4mb mark in size) & it should not be - it's like it is a static sized array/buffer, vs. a dynamic one, like the local diskcache uses, which "takes over" when you turn off the faulty DNS client).

AND

2.) WFP & NDIS6 (which I get into the former & why I think it's not as solid as the 3 part "zone defense"/"greek phalanx" of the older models of Windows for IPSEC.SYS, IPNAT.SYS, TCPIP.SYS, IPFLTDRV.SYS, & AFD.SYS, which acted like a zone defense/greek phalanx via 3 separate drivers, operating @ 3 DIFFERENT LEVELS of the IP stack (whereas it appears WFP only uses a single point layer defense, & when it's down? It's done for, which is NOT the case with the older model))...

3.) NDIS6 based firewalls... see my p.s. below, for that from ROOTKIT.COM

Lots more, & here are the details:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & ma

"man ure so deep you relly sshould make a blog or a twitter or something" - by Anonymous Coward on Wednesday July 29, @10:35AM (#28866195)

Heh, thanks... but, well - NOT really: Most ANY network tech or admin even (users with a better password really, because they only USE tools guys like myself, software engineers/coders/programmers write for them to USE) knows about this even...

So, that "all said & aside"?

Well - I cannot put it any better than this:

"Learn to know the dark side of the force and you will achieve a power greater than any Jedi." - Darth Sidious/Emperor Palpatine (last of the SITH)

http://www.entertonement.com/clips/msydsyxplv--Learn-to-know-the-dark-side-of-the-force-and-you-will-achieve-a-power-greater-than-any-JediStar-Wars-Episode-III-Revenge-of-the-Sith-Ian-McDiarmid-Supreme-Chancellor-Palpatine-

Jedi's being my "naysayers" here, & whom I strongly suspect, are merely techies &/or network admins/engineers @ best/most... not coders (who ARE the "sith lords" basically, since many of us, like myself, have done THEIR JOBS, and written the code they merely USE)... period!

APK

P.S.=>

"i hope evry1 woud use HOSTS instead of crappy slow and insecure dns servers then the internet would be a better place." - by Anonymous Coward on Wednesday July 29, @10:35AM (#28866195)

As is, right now, what with Dan Kaminsky's findings on DNS server faults, as well as this article's points (& network solutions being pilfered this week also, & afaik because of DNS poisoning)? They work... & do anyhow, for superior speed, & security online.

Evidence thereof, per Mr. Oliver Day of SECURITYFOCUS.COM:

----

http://www.securityfocus.com/columnists/491

RESURRECTING THE KILLFILE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

----

Since "my word here" is apparently, NOT good enough? You have Mr. Days as well, saying exactly what I have pretty much (& I am fairly sure he has read my security guide also & agrees with my points in it about HOSTS files value for BOTH added speed, AND SECURITY, online today (especially today in the era of the poisoned DNS server, or malicious sites + adbanners))... especially in LIGHT of this article about DNS troubles, AND this one (bad adbanners):

----

IT: The Next Ad You Click May Be a Virus

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus?from=rss

---- ... apk

Per my subject-line above? See this testimonial to HOSTS files effectiveness on increased speed alone (let alone more security by blocking out KNOWN bad sites &/or servers):

http://www.securityfocus.com/columnists/491

Resurrecting the Killfile Oliver Day, 2009-02-04

PERTINENT QUOTE/EXCERPT:

----

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now"

----

As the saying goes? "NUFF SAID...", as the REAL 'BOTTOM-LINE' is about results...

APK

P.S.=> "NEXT...", lol - apk

See subject-line, & "just sayin", right back @ ya... because, it works, "exactly as advertised" with a 100% free price (especially considering I am not selling a thing & you all have one already, lol).

My approach isn't stupid in regards to that. Free? That's a "pretty good price", wouldn't YOU say? And, you're also FREE to customize it, & thus, YOUR PERSONALIZED VERSION OF A CUSTOM HOSTS FILE, JUST GOES ALONG WITH YOUR PERSONALIZED SPED UP & SAFER VERSION OF THE INTERNET... &, just as YOU see fit & like, easily. Notepad.exe for instance? My gosh - lol, just "does wonders" here, on this account... lol!

(Plus, using HOSTS files makes me FAR faster online, by double just by blocking adbanners (javascript on the rest helps too, IF it is not demanded for full function), as people will attest to that much by the truckload, go to say, mvps.org & see their forums on that note, as 1 example... & it makes me FAR SAFER too).

ALL, from a simple text file no less that you already have as long as you have a BSD derived IP stack, & you most likely do, & that YOU can completely control + customize to your liking, yourself, easily. So can anyone else, for free, same bennies, as long as you can read english & use notepad.exe (in Windows that is on the latter).

Put it this way -> I'll let others speak for me, on this account, instead, via these evidences thereof:

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

"Also, your approach is stupid because I like to use the internet." - by ShakaUVM (157947) on Wednesday July 29, @12:21AM (#28862259) Homepage

QUESTION: How does going almost double as fast and safer make you not be able to use the internet?

(Thanks for your answer!)

Aha, this "epiphany/revelation" just struck me... lol:

You are merely a reply from, no doubt, a webmaster worried about page adbanner hits, or an ads server marketing man, lol... ok, to that? I can only say, this:

----

The-Next-Ad-You-Click-May-Be-a-Virus:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

That's for readers' reference... & I am certain they too, realize you are either a malware maker/botmaster/hacker-cracker/spyware-virus-rootkit maker, or "money man online" (Both it seems, are profiting by the misfortunes of others basically, by possibly infecting them... and yet making monies from them also for pageviews & adbanner hits...? A good 'hosing' of the customer, & From BOTH ends (literally & figureatively)).

Time for enough of that, I think.

APK

P.S.=> I'll gladly discuss any of this & add to that above too... that's just for starters on this "antiquity" item, being EXTREMELY useful, TODAY, & for better security AND BETTER SPEED, online, today (reliability too it looks like from this article) - & I'll do so, because I love this topic + know it actually works, & WELL!

On this? Hey man, I am, truly, "The LORD OF HOSTS", on the subject of HOSTS files, so glad to entertain any debate on them... apk

L0pht Heavy Industries went corporate in 2000, and became "@Stake", which was acquired by Symantec in 2004, and disappeared into the Symantec empire.

L0pht, founded in 1992, was itself a descendant of the Cult of the Dead Cow, founded in 1984 and still around, more or less.

There have been various spinoffs and buybacks along the way, but it's been a while since cutting edge work came from that crowd.

Lynx vulnerability

"Microsoft has greatly approved their testing process, with automated regression testing on literally thousands of machines. Full regression tests that used to take 3 weeks now take 4 days, with three of those days being failure investigation. You can read the Windows 7 team blogs for information on the process, but one key component is that daily builds off the main branch should be of very high quality, as close to release quality as feasable. This, along with the improved testing, allows regression tests to be run on virtually all desired interim builds and integrations, so that by the time RTM testing is hit, there are very few surprises. - by Gouru (1568313) on Wednesday July 22, @06:23PM (#28788853)

Oh, really? Then, "GET READY FOR A SURPRISE"... I say that, simply because I DIRECTLY confronted S. Sinofsky + the Windows tesms on the "Engineering Windows" blogs, & specifically (near verbatim in fact) on the points I note below in this very posting no less, & I got "blown off" or, was NOT offered a sound logical technical reason (for improvement) on why the 2 things I bring up below were done... even though I raise points in this post now that are DEFINITE "hassles" in Windows that SHOULD HAVE BEEN CAUGHT IN REGRESSION TESTING by QA PERSONELL @ MS... what points are those?? Here we go:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.o

"As a true technologist, I try to stay technology-agnostic because good things often come out of the strangest places. Truthfully, many flavors of Linux are great, Mac OS is great, and Windows 7 looks like it should be great. Considering all these various flavors of greatness, I'd say it's still as good a time as any to be a techie! Maybe I'm just tired of all the negative slant the world puts on everything and am being overly optimistic." - by SixDimensionalArray (604334) on Wednesday July 22, @06:12PM (#28788717)

Agreed, 110%: I just want Windows 7 to be the BEST Windows NT-based OS ever, & I will voice my findings/opinions on what I see on it, even IF it makes me look like a "detractor" of Microsoft's (which I am not - they've kept me employeable actually) - I don't like what happened w/ OpenGL for gaming in VISTA (but, that's another topic entirely), & I do NOT like what I see in terms of security &/or efficiency in their latest networking stack either... read on:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it,

"Win7 is definitely a major improvement in many areas" - by cbhacking (979169) on Wednesday July 22, @11:13PM (#28791099) Homepage

Well, "opinions vary", & yes - some of what's going on in Windows 7 is GOOD vs. VISTA... however, still? Well - I don't like what I have seen in regards to OpenGL gaming on VISTA (vs. older Windows models) & also some BAD things that have changed in terms of networking efficiency, & security, read on:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to use 0 as a valid bl

"Do you even know what changed?" - by Anonymous Coward on Wednesday July 22, @06:22PM (#28788821)

Yes, many things "for the good", but also, some for the "bad" (I also don't like what I see with OpenGL either, but that's another subject - this is about its networking & security + efficiency, read on):

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to use 0 as a valid blocking IP address in a HOSTS file for VISTA/Server 2008/Windows 7 - MS has literally promoted bloat in this file, making it load slower from disk,

"You want to know why I refuse to disprove what you wrote? I've told you - I don't care about them." - by Anonymous Coward on Sunday July 19, @04:16PM (#28749759)

Well, you ought to: After all - They're in direct response to your words &/or "points" that were geared to "discredit me" & completely disprove your words and your outrageous b.s., so that "said & aside"?

Well... I will quote each, "A - D", next below, AND just as you stated them in your 'sock puppet modded up' post that "earned" a "+5 INFORMATIVE" score (b.s.):

----

A.) ON HOSTS FILES AND WHAT THEY CAN BE USED FOR (security and added speed online)

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

(HOSTS files are also used by "Spybot 'Search & Destroy'" to help secure Windows' systems vs. malware attacks as well!)

I go faster, hardcoding in 250 of my favorite websites also, not doing port 53 udp queries to a possibly downed or redirected/DNS poisoned DNS server which are slower than calling them from a HOSTS file, then I block out ALL adbanners for more speed still, & then protect my system from KNOWN bad sites that bear malicious javascript code exploits etc. et al for the utmost in security protection from them (IF YOU CAN'T GET INTO THE KITCHEN YOU CAN'T GET BURNED, is why).

The way I do it, using 0 as my blocking IP address (vs. 127.0.0.1 loopback adapter, or 0.0.0.0) makes the file perform F A S T E R since there is less of it to read (ranging from 30% (0.0.0.0) - 40% (127.0.0.1) less), so the file loads faster, & is more efficient on caching (since more of it fits into each 4kb read of the cache/memory/file kernel mode subsystems @ work) + can potentially avoid the hex-to-decimal conversion that takes place when these are used by the IP stack, since 0 decimal = 0 hexadecimal... then, lastly, I place mine on a Gigabyte IRAM SSD (4gb DRAM based, fast on reads + writes & longer lasting than FLASH solutions) via altering the DataBasePath Parameter here -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, putting my HOSTS file onto an NTFS compressed 4kb/allocation unit-cluster formatted disk (to match the memory/caching/filesystem readsize too), so the file is smaller still & reads up @ a 134mb/sec rate on this SSD, & access @ 0.1 ms + 3% CPU usage (SSD), only...

AND?

Other /.'ers are noting the advantage of HO

"You want to know why I refuse to disprove what you wrote? I've told you - I don't care about them." - by Anonymous Coward on Sunday July 19, @04:16PM (#28749759)

Well, you ought to: After all - They're in direct response to your words &/or "points" that were geared to "discredit me" & completely disprove your words and your outrageous b.s., so that "said & aside"?

Well... I will quote each, "A - D", next below, AND just as you stated them in your 'sock puppet modded up' post that "earned" a "+5 INFORMATIVE" score (b.s.):

----

A.) ON HOSTS FILES AND WHAT THEY CAN BE USED FOR (security and added speed online)

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

(HOSTS files are also used by "Spybot 'Search & Destroy'" to help secure Windows' systems vs. malware attacks as well!)

I go faster, hardcoding in 250 of my favorite websites also, not doing port 53 udp queries to a possibly downed or redirected/DNS poisoned DNS server which are slower than calling them from a HOSTS file, then I block out ALL adbanners for more speed still, & then protect my system from KNOWN bad sites that bear malicious javascript code exploits etc. et al for the utmost in security protection from them (IF YOU CAN'T GET INTO THE KITCHEN YOU CAN'T GET BURNED, is why).

The way I do it, using 0 as my blocking IP address (vs. 127.0.0.1 loopback adapter, or 0.0.0.0) makes the file perform F A S T E R since there is less of it to read (ranging from 30% (0.0.0.0) - 40% (127.0.0.1) less), so the file loads faster, & is more efficient on caching (since more of it fits into each 4kb read of the cache/memory/file kernel mode subsystems @ work) + can potentially avoid the hex-to-decimal conversion that takes place when these are used by the IP stack, since 0 decimal = 0 hexadecimal... then, lastly, I place mine on a Gigabyte IRAM SSD (4gb DRAM based, fast on reads + writes & longer lasting than FLASH solutions) via altering the DataBasePath Parameter here -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, putting my HOSTS file onto an NTFS compressed 4kb/allocation unit-cluster formatted disk (to match the memory/caching/filesystem readsize too), so the file is smaller still & reads up @ a 134mb/sec rate on this SSD, & access @ 0.1 ms + 3% CPU usage (SSD), only...

----

B.) ON BORLAND DELPHI (vs. MSVC++ &/or MSVB and HOW MU

"You want to know why I refuse to disprove what you wrote? I've told you - I don't care about them." - by Anonymous Coward on Sunday July 19, @04:16PM (#28749759)

Well, you ought to: After all - They're in direct response to your words &/or "points" that were geared to "discredit me" & completely disprove your words and your outrageous b.s., so that "said & aside"?

Well... I will quote each, "A - D", next below, AND just as you stated them in your 'sock puppet modded up' post that "earned" a "+5 INFORMATIVE" score (b.s.):

----

A.) ON HOSTS FILES AND WHAT THEY CAN BE USED FOR (security and added speed online)

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

(HOSTS files are also used by "Spybot 'Search & Destroy'" to help secure Windows' systems vs. malware attacks as well!)

I go faster, hardcoding in 250 of my favorite websites also, not doing port 53 udp queries to a possibly downed or redirected/DNS poisoned DNS server which are slower than calling them from a HOSTS file, then I block out ALL adbanners for more speed still, & then protect my system from KNOWN bad sites that bear malicious javascript code exploits etc. et al for the utmost in security protection from them (IF YOU CAN'T GET INTO THE KITCHEN YOU CAN'T GET BURNED, is why).

The way I do it, using 0 as my blocking IP address (vs. 127.0.0.1 loopback adapter, or 0.0.0.0) makes the file perform F A S T E R since there is less of it to read (ranging from 30% (0.0.0.0) - 40% (127.0.0.1) less), so the file loads faster, & is more efficient on caching (since more of it fits into each 4kb read of the cache/memory/file kernel mode subsystems @ work) + can potentially avoid the hex-to-decimal conversion that takes place when these are used by the IP stack, since 0 decimal = 0 hexadecimal... then, lastly, I place mine on a Gigabyte IRAM SSD (4gb DRAM based, fast on reads + writes & longer lasting than FLASH solutions) via altering the DataBasePath Parameter here -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, putting my HOSTS file onto an NTFS compressed 4kb/allocation unit-cluster formatted disk (to match the memory/caching/filesystem readsize too), so the file is smaller still & reads up @ a 134mb/sec rate on this SSD, & access @ 0.1 ms + 3% CPU usage (SSD), only...

----

B.) ON BORLAND DELPHI (vs. MSVC++ &/or MSVB and HOW MU

"You keep holding up these 3 URLs as if they're proof of something. They're not. You want to know why I refuse to disprove what you wrote? I've told you - I don't care about them." - by Anonymous Coward on Sunday July 19, @04:16PM (#28749759)

Well, you ought to: After all - They're in direct response to your words &/or "points" that were geared to "discredit me" & completely disprove your words and your outrageous b.s., so that "said & aside"?

Well... I will quote each, "A - D", next below, AND just as you stated them in your 'sock puppet modded up' post that "earned" a "+5 INFORMATIVE" score (b.s.):

----

A.) ON HOSTS FILES AND WHAT THEY CAN BE USED FOR (security and added speed online)

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28690179

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

(HOSTS files are also used by "Spybot 'Search & Destroy'" to help secure Windows' systems vs. malware attacks as well!)

I go faster, hardcoding in 250 of my favorite websites also, not doing port 53 udp queries to a possibly downed or redirected/DNS poisoned DNS server which are slower than calling them from a HOSTS file, then I block out ALL adbanners for more speed still, & then protect my system from KNOWN bad sites that bear malicious javascript code exploits etc. et al for the utmost in security protection from them (IF YOU CAN'T GET INTO THE KITCHEN YOU CAN'T GET BURNED, is why).

The way I do it, using 0 as my blocking IP address (vs. 127.0.0.1 loopback adapter, or 0.0.0.0) makes the file perform F A S T E R since there is less of it to read (ranging from 30% (0.0.0.0) - 40% (127.0.0.1) less), so the file loads faster, & is more efficient on caching (since more of it fits into each 4kb read of the cache/memory/file kernel mode subsystems @ work) + can potentially avoid the hex-to-decimal conversion that takes place when these are used by the IP stack, since 0 decimal = 0 hexadecimal... then, lastly, I place mine on a Gigabyte IRAM SSD (4gb DRAM based, fast on reads + writes & longer lasting than FLASH solutions) onto an NTFS compressed 4kb/allocation unit-cluster formatted disk (to match the memory/caching/filesystem readsize too), so the file is smaller still & reads up @ a 134mb/sec rate on this SSD, & access @ 0.1 ms

"You keep holding up these 3 URLs as if they're proof of something. They're not. You want to know why I refuse to disprove what you wrote? I've told you - I don't care about them." - by Anonymous Coward on Sunday July 19, @04:16PM (#28749759)

Well, you ought to: After all - They're in direct response to your words &/or "points" that were geared to "discredit me" & completely disprove your words and your outrageous b.s., so that "said & aside"?

Well... I will quote each, "A - D", next below, AND just as you stated them in your 'sock puppet modded up' post that "earned" a "+5 INFORMATIVE" score (b.s.):

----

A.) ON HOSTS FILES AND WHAT THEY CAN BE USED FOR (security and added speed online)

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28690179

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

(HOSTS files are also used by "Spybot 'Search & Destroy'" to help secure Windows' systems vs. malware attacks as well!)

----

B.) ON BORLAND DELPHI (vs. MSVC++ &/or MSVB and HOW MUCH FASTER IT IS (& Delphi's creator CREATED .NET for MS!))

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28674253

"You complain here about how people obviously aren't programmers because they disagree with you yet your language of choice is object pascal via Delphi, hardly the language of choice for an expert programmer and second only to pre-.NET Visual Basic for the horifically bad bloatware it results in." - by Anonymous Coward
on Monday July 13, @05:00AM (#28673669)

Per my subject-line above?

See VISUAL BASIC PROGRAMMER'S JOURNAL, Sept/Oct 1997 issue entitled "INSIDE THE VB5 COMPILER":

That's where Delphi, oddly considering it was a competing language trade journal for coders, absolutely KNOCKED THE SNOT out of both VB5 & MSVC++ 5 also mind you, in 7/10 tests done...

(AND, most importantly, doubling even C++ in math & strings work (which mind you? EVERY PROGRAM DOES, & strings work is crucial to HOSTS file processing) speed...)

So much for that...

Proof is always nice, but putting words into others' mouths they never stated?

"You keep holding up these 3 URLs as if they're proof of something. They're not. You want to know why I refuse to disprove what you wrote? I've told you - I don't care about them." - by Anonymous Coward on Sunday July 19, @04:16PM (#28749759)

Well, you ought to: After all - They're in direct response to your words &/or "points" that were geared to "discredit me" & completely disprove your words and your outrageous b.s., so that "said & aside"?

Well... I will quote each, "A - D", next below, AND just as you stated them in your 'sock puppet modded up' post that "earned" a "+5 INFORMATIVE" score (b.s.):

----

A.) ON HOSTS FILES AND WHAT THEY CAN BE USED FOR (security and added speed online)

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28690179

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al)):

----

http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

(HOSTS files are also used by "Spybot 'Search & Destroy'" to help secure Windows' systems vs. malware attacks as well!)

----

B.) ON BORLAND DELPHI (vs. MSVC++ &/or MSVB and HOW MUCH FASTER IT IS (& Delphi's creator CREATED .NET for MS!))

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28674253

"You complain here about how people obviously aren't programmers because they disagree with you yet your language of choice is object pascal via Delphi, hardly the language of choice for an expert programmer and second only to pre-.NET Visual Basic for the horifically bad bloatware it results in." - by Anonymous Coward
on Monday July 13, @05:00AM (#28673669)

Per my subject-line above?

See VISUAL BASIC PROGRAMMER'S JOURNAL, Sept/Oct 1997 issue entitled "INSIDE THE VB5 COMPILER":

That's where Delphi, oddly considering it was a competing language trade journal for coders, absolutely KNOCKED THE SNOT out of both VB5 & MSVC++ 5 also mind you, in 7/10 tests done...

(AND, most importantly, doubling even C++ in math & strings work (which mind you? EVERY PROGRAM DOES, & strings work is crucial to HOSTS file processing) speed...)

So much for that...

Proof is always nice, but putting words into others' mouths they never stated?

"You're obviously a parody. Next time, try to pick a bizzarre complaint that could at least be real. It's just not believable that someone cares that much about shaving a few bytes off a hosts file, or seriously proposes using such a gigantor one." - by Millenniumman (924859) on Friday July 17, @03:24PM (#28733673)

Typical: The "Ad-Hominem" straw-man troll style attack of myself, as per usual, vs. the points & evidences I use... fine, dispute ALL of these that back my points on HOSTS specifically:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

IMPORTANT POINT TO STRESS HERE, is this -> THAT IS PER EACH HOSTS FILE ENTRY/RECORD... you create bloat in each line by not using 0, vs. 127.0.0.1 or 0.0.0.0...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because:

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

ALSO?

Using a 0 also eliminates (or, could possibly eliminate this step) -> the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

OTHERS THAT SEE MY POINT HERE? Ok, We have that also:

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND??

So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

MOST OF ALL/LASTLY (the most satisfying for me to see @ least, was this one):

Even 1 of my "naysayers" on this subject, ADMITTED a savings exists (in string processing) here:

----

""Perhaps it would be a reduction of a couple dozen CPU cycles to read a "0" rather than "127.0.0.1"," - by ericfitz (59316) on Monday July 13, @01:21AM (#28672821)

----

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox a

"XP is Windows 7 competition, not Linux or OSX." - by Jeng (926980) on Thursday July 16, @11:42AM (#28717635)

Agreed, 110%:

I am in utter 110% agreement with you & your reasoning, albeit with a SLIGHT difference (& Linux is UNIX derivants' competition, imo @ least - Linux IS a "better *NIX than *NIX is", because it's more versatile than most of its relatives in the *NIX family tree, plus the fact that Linus Torvalds, "Penguin #1", has the GOOD SENSE to NOT allow a fracturing of the kernel/core of HIS Operating System @ least (which "killed *NIX" imo, because if that did not happen, we'd ALL be most likely running a *NIX variant on our PC's today, instead of mostly Windows)... & the only one close to it is MacOS X, but lately? The Linux crew's done a good job on patching holes (whereas MacOS X, a bsd derivant, has 1 unpatched hole in scripting issues still outstanding & only partially fixed))...

SO - all that "said & aside", between what I've found & still have not been answered on (even by MS themselves, & I asked about what I note below 3x on their "Engineering Windows 7" blog) & OpenGL issues (another one that ticks me off)? Well, take a read, & YOU decide:

Anyhow/anyways - Back to my subject-line above & points on why I'd state that (Me, the "Windows fanboy himself @ /."? Ok, here we go:

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here ->

"Windows 7 finally got me excited about Microsoft OSes again. Server 2008 did also." - by HerculesMO (693085) on Thursday July 16, @11:52AM (#28717793)

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

Even 1 of my "naysayers" on this subject, ADMITTED a savings exists (in string processing) here:

----

"Perhaps it would be a reduction of a couple dozen CPU cycles to read a "0" rather than "127.0.0.1"," - by ericfitz (59316) on Monday July 13, @01:21AM (#28672821)

----

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to

Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) 127.0.0.1 (the "loopback adapter address")
b.) 0.0.0.0 (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0

PER EACH HOSTS FILE ENTRY/RECORD...

You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) 127.0.0.1 = 9 bytes in size on disk & is the largest/slowest
2.) 0.0.0.0 = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

Using a 0 also eliminates the need to perform the "decimal-to-hexadecimal" conversion process that 127.0.0.1, or even 0.0.0.0 go thru, since 0 decimal = 0 hex... plus, since the filesystem, memory mgt, & caching kernel mode subsystems of the OS itself use 4 kb sweeps/reads/passes to load up, using a SMALLER string via 0 usage (vs. 0.0.0.0 or 127.0.0.1) will tend to "pack" more records into each pass of the read being done, on disk & in memory, per pass/sweep/read as well.

Even "security guru" Oliver Day @ SecurityFocus.com sees using HOSTS as a good thing for added layered security AND MORE SPEED ONLINE -> http://www.securityfocus.com/columnists/491

AND?? So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

Hey - Even this slashdotter, sootman, uses one & made many interesting points that support his usage of a HOSTS file, from mvps.org, here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28677363

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs - HOSTS also provide a single easily managed point to control this, & if you can read english + use a text editor like notepad.exe? It is truly a good tool for extra layered security + an easily managed one)

Anyhow/anyways - by removing the ability to use 0 as a valid blocking IP address in a HOSTS file for VISTA/Server 2008/Windows 7 - MS has literally promoted bloat in this file, making it load slower from disk, into memory! This compounds itself, the more entries your HOSTS file contains...

For instance:

My HOSTS file currently contains nearly 654,000 entries of known bad adbanners, bad websites, &/or bad nameservers (used for controlling botnets, misdirecting net requests, etc. et al).

Using 127.0.0.1? My "huge" HOSTS file would be a

"You use it to filter fucking ad servers who you'll only ever be contacting via HTTP so would be much better served by an HTTP specific block such as say, a browser plugin or a proxy style app" - by Xest (935314) on Monday July 13, @01:22PM (#28679117)

First of all, my guide for securing Windows 2000/XP/Server 2003 contains references to that (layering those types of tools ontop of HOSTS files, for layered security), see here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=36f1cc98e45da59b7e9de03974163fe1&showtopic=2662

----

AND? HOSTS files are UNIVERSAL/GLOBAL, & browser addons/plugins are NOT. For example, some plugins (e.g.-> NoScript for MOZILLA/FireFox browsers) are ONLY for particular browsers (i.e./e.g. -> NoScript doesn't run on IE or Opera, for example)... However, HOSTS files cover ALL browers, all email programs (any program that is web-bound/internet-bound) from 1 central & easily managed location, using a text editor like notepad.exe...

WoW... AND, you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al):

----

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

----

So much for your blatant b.s. (try to either learn to tell the truth, or learn how HOSTS files, really work (& for the benefits of users))

APK

P.S.=> Let's see YOU dispute & disprove that much above, ok? apk

"Your complaint is about the performance of using the hosts file for something it's never meant to be used for and the resultant performance drops of reading such a large file." - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

WoW... you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al):

----

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

----

So much for your blatant b.s. (try to either learn to tell the truth, or learn how HOSTS files, really work (& for the benefits of users))

APK

P.S.=> The "resultant performance drops" you said I noted, are about using 127.0.0.1, or even 0.0.0.0, vs. the smaller & F A S T E R 0 hosts file blocking IP address ONLY...

That is because when coming up from disk into memory (diskcache or DNS local cache)? You slow down using the larger/longer blocking IP addresses & you can prove that to yourself with this test -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28672971

(& you can try that test, if you code you can try it yourself & see (I wish you would)) ...

NOW - with a tinier HOSTS file (such as the one sootman uses & stated so here (from mvps.org))?

Then, you don't have to stall the DNS Client Service in Windows IF you use a smaller HOSTS file...

It only happens when you use a larger (& more comprehensive one for coverage vs. KNOWN BAD SITES from sources like this one -> http://en.wikipedia.org/wiki/Hosts_file & reputable sources such as Spybot S&D, SRI, stopbadware.org & others of that ilk )

HOWEVER - The fact that using a larger HOSTS file like mine that covers a lot more because it is composed of data from all those sources clearly indicates that MS needs to revise the local DNS Client Cache also... it should NOT 'break down' & slow you up on larger HOSTS period. Easy to get around though, just stop the local DNS client cache is all!

Please - get a clue, but more importantly, a life... apk

"you're as much of an idiot as the AC guy lol" - by Anonymous Coward on Tuesday July 14, @04:28AM (#28687813)

Do you even REALIZE how dangerous adbanners can be, nowadays especially, but also for many years now? Take a read, get informed:

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

So much for that...

SO - anything else about HOSTS files you'd care to discuss?

Because whatever you bring up, I will disprove easily (this is the part I like, keep talking - NOW, you will have to face & disprove facts I put up vs. your b.s.)

(AND, this is where my detractors ALWAYS run or get their tails handed to them... lol!)

ALSO? Well - It seems that even the "security gurus" online like Mr. Oliver Day champion the use of HOSTS files... see here:

http://www.securityfocus.com/columnists/491

(Care to say he doesn't know what he's about? )

And, the day you can do ALL OF THIS on your part?

----

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

Windows NT Magazine (now Windows IT Pro) pril 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):

"But by the grace of God I am what I am: and his grace which was bestowed upon me was not in vain; but I labored more abundantly than they all: yet not I, but the grace of God which was with me." - Corinthians Chapter 10, Verse 10

----

Well - the day you can do all of that? That'll be the day you can make me "eat my words", & I will do so, + even apologize to you... but, I am fairly confident that you have not so... there you are.

(You aren't fooling anyone in that much by this point - you're doubtless another "arstechnica forums troll" who had impersonated me online, & his hosting provider removed large portions of his website because of that. He was then forced to admit he had impersonated me (& google tur

"Prior to the invention of DNS, hosts files were the only way to do name -> address lookups on a IP network. So hosts files quickly became rather large." - by WuphonsReach (684551) on Monday July 13, @12:07PM (#28677687)

WuphonsReach - thanks for posting facts, vs. their misleading fictions etc. et al!

NOW - Want to laugh & see the type of thing I have been dealing with here?

See this one, it's CLASSIC (& there are TONS of others like it thru this thread, adhominem attacks galore, mistating facts, stating falsehoods, name calling & profanity + more DIRECTED MY WAY, instead of attacking my list of premises in my init. post's points (The "LORD OF HOSTS" is my 1st, start from there, review its points first & THEN see this) -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673713 )

Heh - You read that, & the posts immediately around it... (& tell me - SO, why was I modded down here for asking others to prove my points wrong for with concrete verifiable facts...?)

I also 'backup' my points as well, such as Oliver Day of SECURITYFOCUS.COM also recognizing the layered security value of HOSTS files here -> http://www.securityfocus.com/columnists/491

(That plus, let alone testing offered proof, like the URL above where the poster flipped out on me, spewing profanities + adhominem attacks on me galore, & THAT kind of thing? Hey, all thru this thread no less you can see it directed MY way, when I posted proofs either @ a coding or tools level for said tests & THAT is what I get when they KNOW my "naysayers" here have messed up hugely - GEEK ANGST, for lack of a better expression, is what gets directed my way with other "trollery")

Anyhow/anyways - Thanks for your time...

APK

P.S.=> DNS is all "fine & dandy" but... Dan Kaminsky's work shows it CANNOT be 'fully absolutely trusted' either though, due to DNS poisoning & other hacks/cracks foisted upon it as well as "holes" in it that appear over time (Not that I do NOT use them, I opt for the best one I know of is all, in addition to my HOSTS file, in OpenDNS)...

My security guide here, they say I am NOT using "layered security"? Hey see here, IF you are curious -> http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 & tell us what YOU think... again, thanks for YOUR time... apk

"While I agree with you, Vista has two technologies which speed up this sort of thing. Actually, three. Two are shared with XP, one of which is shared with pretty much everyone in existence. Vista has disk caching, which will probably keep that 14MB in RAM at all times." - by drinkypoo (153816) on Monday July 13, @09:44AM (#28675419) Homepage

Which I REPEATEDLY mentioned here, & how this even works better for THAT, by using a smaller blocking IP addy of 0, vs. 0.0.0.0 & certainly vs. 127.0.0.1 (4kb reads can 'pack more', per each read/pass/sweep of the filesystem & memmgt kernelmode subsystems, into said diskcache)... see here -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673103 for a detailed explanation thereof... thanks for your time.

----

"Obviously, tampering with DNS results is a better solution than tampering the hosts file. It's not available to dumbasses though... but it seems like it should be, and it wouldn't be that hard to just give people a package that would provide it. I wonder if you can run dnsmasq on Windows " - by drinkypoo (153816) on Monday July 13, @09:44AM (#28675419) Homepage

I hope you're not calling me any names, had quite enough of THAT here from these trolls who use profanity, evade my questions, screw up on points THEY made no less, & frothing @ the mouth replies & such (but never documented facts, like Mr. Oliver Day of SECURITYFOCUS.COM also using HOSTS files -> http://www.securityfocus.com/columnists/491

Now, I know you boys THINK you're "All That", but compared to he? I KNOW HE IS "ALL THAT"... & until one of you can show you've done what I did while you were still in diapers in this field possibly? Well... check it:

----

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):

"But by the grace of God I am what I am: and his gr

"Anyone who seriously uses a hosts file as a filter should be shot on sight" - by silanea (1241518) on Monday July 13, @09:48AM (#28675467)

Really? Are you threatening to shoot me or Mr. Oliver Day of SECURITYFOCUS.COM -> http://www.securityfocus.com/columnists/491

?

He uses one. Just like I do... it works, read his article! Spybot S&D, a respected antispyware program, also uses them & helps make them stronger too... I suppose you know more than me, but Mr. Oliver Day & Spybot's people?

I must be standing in the PRESENCE OF A GOD (a troll god)...

----

"Anyone who relies on the Windows firewall alone for security should be publicly whipped, anyone who does so in a corporate environment should, again, be shot." - by silanea (1241518) on Monday July 13, @09:48AM (#28675467)

I don't, & in fact?

I layer on several layers of software protection, in the interests of "layered security" (the recommended trend by security pros in computers) &, that seems to be doing well for others, not just myself:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 [tcmagazine.com]

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com

----

(Myself, many others & even their clients no less, per this guide above I authored, & testimonial to its effectiveness (it has done well too for others, not just me & mine & was often made an essential guide @ 15/20 forums its on, 5/5 star rated, most viewed (to the tune of 250,000++ in 1 yrs. time across those forums no less & it even got me PAID $100 @ pcpitstop for writing it, which is why I posted to as a service to others, for free no less, to be of service to others on my part))

Have YOU done the same, Mr. Wannabe expert?

APK

P.S.=>

"Anyone who uses FORTRAN or "pascal" examples in relation to on-client security on a modern Windows OS should be hung up by their genitals. For the love of Christ, please do the world a favour and take a C/C++ class!" - by silanea (1241518) on Monday July 13, @09:48AM (#28675467)

Uhm, I like Borland C++ & have used it on professional assigments, as well as MSVC++ too (since version 2.0)... "Don't speak too soon, for the wheel's still in spin (& there's no tellin' who that it's namin' (cuz the loser now will be later the WIN)" - Bob Dylan, per the watchmen lately...

apk

"Microsoft haven't really taken away the layers, they've just changed the underlying code structure of those layers. The firewall platform is still performing all the checks it always has, it's just integrated together now." - by Xest (935314) on Monday July 13, @08:42AM (#28674823)

QUESTION:

Does the NEW "WFP" model use 3 diff. drivers that operate @ 3 diff. levels of the IP stack, as the older models of Windows did (2000/XP/Server 2003) via ipsec.sys, ipfltdrv.sys, & ipnat.sys (working in combination with afd.sys & tcpip.sys etc. et al)?

(If not, then it is NOT the same...)

SO, please, don't avoid my question above, & simply prove your words are truth, because I'd like to be proven wrong, but I demand proof of it too, so I feel better about Windows 7 actually... so do so, with a little documentation to that end preferably from MS themselves, to answer MY QUESTION now, & thanks for your time...

(Why do I get the impression that he will NOT show up with said proof? Maybe because all my "naysayers" above & trolls fail to provide any either & all they do is troll & adhominem attack me here + mod my post down but do so without any facts backing them?? NAW, couldn't be (sarcasm))

These trolls, they "talk a good game" but proofs? I never see them from them... documented proofs, from respectable sources by the by, ARE REQUIRED on your part, like the ones I provided from MS themselves no less + other reputable sources.

-----

"The hosts stuff is a load of crap too, the top parent doesn't seem to understand what the hosts file is for, it's certainly not designed to be used as a 650,000 entry blacklist, it's merely meant to contain a couple of hosts and even then only as a fix for broken DNS" - by Xest (935314) on Monday July 13, @08:42AM (#28674823)

It would appear that even a Mr. Oliver Day of SECURITYFOCUS.COM disagrees with you, per his "RESURRECTING THE KILLFILE" article here -> http://www.securityfocus.com/columnists/491

(Got "counter evidence" from an equally reputable source as to HOSTS files effectiveness and that they do NOT work for better layered security above software firewalls, ipsec policies, port filtering, & hardware NAT router TRUE stateful packet inspecting routers all in combination (part of what I use only mind you, my guide covers far more))

----

"Real layered security comes quite rightly from separate devices, not separate pieces of software on a system. You might have a hardware router at the front, a hardware firewall behind it and so on. For most home users a simple router with a built in firewall is fine, but you'll probably want them separate in a commercial environment." - by Xest (935314) on Monday July 13, @08:42AM (#28674823)

Well, so YOU say (do you have any degrees or certifications in security to back you up even as an alleged authority? Mr. Day does above I wager & he writes for a respected site, I have degrees in this science + 15++ yrs. of actual hands on ranging from programming/architecting thru network engineering on the job + 8 languages under my belt I have used on/off during that time coding too)... this result & person, THRONKA, seems to disagree with you though, & he uses my techniques for "layered security" which DO include hardware routers & multiple software defenses (so "don't speak too soon for the wheel's still in spin, & there's no tellin' who that it's namin" per Bob Dylan):

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 [tcmagazine.com]

A TESTIMONIAL OF ITS EFFECTIVENESS: (se

"Get a hardware firewall already, or NoScript or something" - by Fred_A (10934) on Monday July 13, @07:46AM (#28674431)Homepage

Per my subject-line, Fred? As to your "something"?? What would you think about results like this, on Windows???

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=684fc342293777e89be01afad224dc63&showtopic=2662

----

A TESTIMONIAL TO ITS LAYERED SECURITY EFFECTIVENESS FOR A USER OF ITS POINTS & PRINCIPALS FOR HE AND HIS CUSTOMERS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, a user @ xtremepccentral.com who applied my guide above's points...

----

(AND, that guy above in THRONKA's NOT THE ONLY ONE WHO SEES THAT EITHER - the guide's become a 5/5 star rated one, or "most viewed" in forums, or made an "ESSENTIAL GUIDE", or sticky/pinned thread @ across 15/20 forums it has been on in 1 yrs' time, to the tune of 250,000++ views strong... but, more/MOST importantly is, it works, & is proof that Microsoft Windows CAN be secured... now, if only MS would ship Windows thus, eh?).

My guide's ALL about layered security, & as you can see? IT WORKS... unlike others' less comprehensive methods @ times... including yours, but... oddly?

My guide has your points & FAR MORE (for layered security, & IT WORKS) & HOSTS files (and why, see below, other notables in this field are noting it in fact as good) + a lot more too (& CIS Tool? What makes it easier for folks?? May appeal to you also, if you use Linux, Solaris, BSD's etc. et al also (it's multiplatform, based on industry best practices for each & helps large - see the results again for windows folks though, above, for your reference Fred & enjoy...)).

APK

P.S.=> As to "how it works in Windows", well it can use HOSTS files as an added layer of protection & even Mr. Oliver Day of SECURITYFOCUS.COM finds them useful & is thinking it may be time to "RESURRECT THE KILLFILE", from the 'olden days' (I was there too, sounds like YOU may have been too, on a *NIX judging from your reply no less), here -> http://www.securityfocus.com/columnists/491

Take a read, & "Drink that in, & digest it", Fred (some 'food for thought'), & thanks for your time... apk

Please read this thru, & consider its points (above & beyond what I wrote above)... thanks for your time:

"To really fix the security of windows they'd have to redesign it from the ground up" - by Anonymous Coward on Monday July 13, @03:13AM (#28673255)

All that's REALLY needed, is to "ship WINDOWS out the door", thus:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com

----

"In any case any filtering / firewalling / proxying that windows itself can do generally can be done a LOT more efficiently by a dedicated function setup not running Windows but something like PFSENSE, IPTABLES, SQUID, SNORT" - by Anonymous Coward on Monday July 13, @03:13AM (#28673255)

WELL, the fellow above (& myself + others I can produce quotes from if you wish, no less, who have used my guide above)? MIGHT tend to disagree... lol!

AND, my guide (which goes FAR above the points I note here in this post you replied to, proactively showing users how to use layered security via easy points to follow + an EASY TO USE well noted tool, in CIS TOOL)?

My man - IT works & goes FAR beyond mere HOSTS files usage, which mind you? Even OTHER "security gurus", like Oliver Day of SECURITYFOCUS.COM "see the light on" & agree with me on, per this posting of his -> http://www.securityfocus.com/columnists/491

No... you CAN secure a Windows system to the levels that you don't see hassles like infections by malwares etc. et al... In fact, I am doing something here called "running naked" & NOT using ANTIVIRUS + ANTISPYWARES RESIDENT (which produce false positives, & slow you down etc. & sometimes just DO NOT WORK vs. threats they are not aware of, rootkits, or various new "blended threats", period)... no infestations, & THRONKA's heading on 2++ yrs. solid now with his clients seeing the same... myself? Thru my past 3 systems, 10++ yrs. now... no joke, no lie.

(AND, that guy above in THRONKA's NOT THE ONLY ONE WHO SEES THAT EITHER - the guide's become a 5/5 star rated one, or "most viewed" in forums, or made an "ESSENTIAL GUIDE", or sticky/pinned thread @ across 15/20 forums it has been on in 1 yrs' time, to the tune of 250,000++ views strong... but, more/MOST importantly is, it works, & is proof that Microsoft Windows CAN be secured... now, if only MS woul

"The HOSTS file was never intended as a filtering mechanism, and MS, et al have no obligation to make it work or continue to work for that purpose." - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

Pretty CHEAP "cop out" that I say, but, have you considered its merits in LAYERED SECURITY? Oliver Day of SECURITYFOCUS.COM has, here -> http://www.securityfocus.com/columnists/491

----

"Run a proxy or firewall." - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

I do, & you had best read the rest of my post regarding the new WFP based single part firewall, AND WHAT ROOTKIT.COM FOUND, in regards to NDIS 6 based firewalls also (see my first post, you guys are SKIMMING & MISSING THE REST OF WHAT IT NOTES - because I cover what you state also, & all for "layered security" - thanks!)

HOSTS do work as a layered security filter though, regardless of what YOU state!

(AND, hey - Even "security guru" Oliver Day @ SecurityFocus.com sees its usage thus -> http://www.securityfocus.com/columnists/491

AND??

So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

AND, I want you to PLEASE, read this, all the way thru (and my original post, you guys are blowing off really important stuff to consider):

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673103

Read it ALL THE WAY THRU... thanks! "Drink it in, & digest it", then, form your opinions...

----

"The ludicrously minimal built-in firewall was never intended to be an anti-spyware utility. If you want to run dangerous code on your system, and not have it bypass your security, then relying on any version of Windows' firewall is insane. More than half of the windows GUI runs SUID root, for chrissakes!" - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

I don't depend on ANY single layer, & espouse LAYERED SECURITY... in fact, I wrote a guide that has gone across the internet in 1 yr. to a total views mark of 250,000++ by now & rated 5/5 stars, made an "ESSENTIAL GUIDE" @ nearly all forums it is on, plus showing folks (once they apply ALL my points, & practice a few simple things, including HOSTS files usage) stating things, like this, verbatim for themselves & even clients who paid them to implement it for them:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=684fc342293777e89be01afad224dc63&showtopic=2662

----

TESTIMONIAL TO ITS LAYERED SECURITY EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client

"The HOSTS file was never intended as a filtering mechanism, and MS, et al have no obligation to make it work or continue to work for that purpose." - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

Pretty CHEAP "cop out" that I say, but, have you considered its merits in LAYERED SECURITY? Oliver Day of SECURITYFOCUS.COM has, here -> http://www.securityfocus.com/columnists/491

----

"Run a proxy or firewall." - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

I do, & you had best read the rest of my post regarding the new WFP based single part firewall, AND WHAT ROOTKIT.COM FOUND, in regards to NDIS 6 based firewalls also (see my first post, you guys are SKIMMING & MISSING THE REST OF WHAT IT NOTES - because I cover what you state also, & all for "layered security" - thanks!)

HOSTS do work as a layered security filter though, regardless of what YOU state!

(AND, hey - Even "security guru" Oliver Day @ SecurityFocus.com sees its usage thus -> http://www.securityfocus.com/columnists/491

AND??

So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

AND, I want you to PLEASE, read this, all the way thru (and my original post, you guys are blowing off really important stuff to consider):

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673103

Read it ALL THE WAY THRU... thanks! "Drink it in, & digest it", then, form your opinions...

----

"The ludicrously minimal built-in firewall was never intended to be an anti-spyware utility. If you want to run dangerous code on your system, and not have it bypass your security, then relying on any version of Windows' firewall is insane. More than half of the windows GUI runs SUID root, for chrissakes!" - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

I don't depend on ANY single layer, & espouse LAYERED SECURITY... in fact, I wrote a guide that has gone across the internet in 1 yr. to a total views mark of 250,000++ by now & rated 5/5 stars, made an "ESSENTIAL GUIDE" @ nearly all forums it is on, plus showing folks (once they apply ALL my points, & practice a few simple things, including HOSTS files usage) stating things, like this, verbatim for themselves & even clients who paid them to implement it for them:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=684fc342293777e89be01afad224dc63&showtopic=2662

----

TESTIMONIAL TO ITS LAYERED SECURITY EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client

When you use a LARGER hosts file, you have to unfortunately disable the local DNS cache (bad design in & of itself by MS)...

YES, it's true, & even the folks @ mvps.org will tell you this much, since my word isn't good enough (& if you don't disable the local DNS cache, with a larger HOSTS file? You LAG, badly)...

So, that FACT, functions to answer your question now:

"I'm not necessarily defending the method, but is the hosts file really parsed each time a lookup is performed?" - by kestasjk (933987) * on Monday July 13, @01:52AM (#28672933) Homepage

See the above... thanks! Once your local DNS cache is off, & with a LARGER hosts file (custom ones like mine have 654,000 records in them, mine's composed of ALL of them over @ the wikipedia.com site for HOSTS files, mvps.org's is one such & others there are reputable as well & contain valid data (except for the one from france, it's got more than a few I had to pull)) YOU HAVE TO CRANK OFF THE LOCAL DNS CACHE or you lag, badly.

So yes, until the local diskcache kicks in & has read the ENTIRE FILE record for record into its structures? You DO perform, multiple reads, per each request for URL to IP resolutions...

THEN - You depend on the diskcache, & it depends on the filesystem, which does 4kb block reads...

SO - with a HUGE file like mine? YOU EXCEED 4kb total size of a HOSTS file, easily, & multiple reads are incurred in the File I/O Open/Read-Write/Close cycle...

(AND, there is NO guarantee you will read to the end of the file (EOF marker) trailer record either, reading IN THE ENTIRE FILE, each time you make a request for URL-to-IP resolution).

Thus, multiple reads are incurred, until the entire file is read in, in 4kb blocks (memmgt uses 4kb blocks too, by the by)...

THUS - The smaller this file is, by using a smaller blocking IP address like 0? Then, the MORE OF IT FITS into the cache & ram each time your read it... bear/keep THIS in mind! It's important...

Using 0 vs. 127.0.0.1 (as your blocking IP addy)?

You can "get more in" per read, to cache it (even in the local diskcache, which again, with a larger file? This IS what happens, & the diskcache takes over, since with larger HOSTS files, you MUST shut off the local DNS cache, or you will lag)

----

"You can bet DNS queries aren't performed every time you need to find google.com, so why would it read /etc/hosts every time?" - by kestasjk (933987) *
on Monday July 13, @01:52AM (#28672933) Homepage

Oh, I agree, & KNOW not, but... that's what a local DNS cache IS FOR... with a larger HOSTS file?

AGAIN - You do NOT have that luxury anymore!

(In fact? That IS another mistake on MS' part imo as well)...

AND, as I stated here already?

Well, per Oliver Day of SECURITYFOCUS.COM in his article called "RESURRECTING THE KILLFILE" here -> http://www.securityfocus.com/columnists/491

?

Well - you can see, that even the "security gurus" out there are seeing what I stated & agree, it works for LAYERED SECURITY (which is the trend they recommend, though the lazy & non-security conscious do NOT agree with it, that's THEIR problem, not mine)... especially if things like the rest of my post mention, regarding WFP & NDIS 6 (rootkit.com findings, & those guys are GOOD, better than I am @ this stuff imo)... do read my ENTIRE post please.

There is a reason I mention both... if you get your firewalls based on WFP or NDIS 6 blown down, then @ least you cannot go into the kitchens that are bad & get burnt, via HOSTS files that block said bogus sites.

APK

P.S.=> In fact? Hey - I also challenge anyone that codes to try THIS simple test:

http://tech.slashdot.org/comments.pl?sid=13001

"While 0 is a valid IP address and should work in a hosts file, dude, STOP ABUSING the hosts file like a clueless idiot! Seriously, 14MB of plain text that needs to be parsed for every lookup? That's the most retarded thing I've ever seen" - by TCM (130219) on Monday July 13, @12:12AM (#28672489)

First of all: 0 is no longer useable in the VISTA hosts file, after the 12/09/2009 patch tuesday update... & it isn't in Windows Server 2008, or Windows 7. AND, if you read lower, even "security experts" agree HOSTS are useful... so please, do read on (& the name tossing & such is not helping your case)...

Secondly: Ever heard the term "layered security"? I use HOSTS files to supplement IPSec, Port Filtering, & the native Windows firewall (to block access to known bogus sites)... &?
----

Oliver Day of SECURITYFOCUS.COM tends to "2nd my opinions" & findings, here, per his article "RESSURECTING THE KILLFILE":

http://www.securityfocus.com/columnists/491

----

(Nuff said, on THAT account... either you favor layered security, as much of it as you can use as possible, or you don't...)

----

"And anyways, diverting traffic to 127.0.0.1 or 0.0.0.0 is changing semantics in so many ways." - by TCM (130219) on Monday July 13, @12:12AM (#28672489)

First of all - I don't run a webserver here (moot point on your part, that)... &, secondly?

Not for BLOCKING ACCESS to known bad sites, it works - I get my data from various sources for that, including SpyBot S&D's hosts file populations, SRI.com, stopbadware.org, & other reputable sources for that purpose (to stay safe - "if you can't go into the kitchen, you can't get burnt" type thinking)...

----

""Blocking" hosts by listing them in the hosts file is an evil evil evil ugly hack conceived by clueless idiots that can't manage to run a local proxy where you could block domains with simple regular expressions and only for protocols which need them blocked. Or running a local DNS cache where you could blacklist domains so you get a semantically correct (for your purpose) NXDOMAIN error." - by TCM (130219) on Monday July 13, @12:12AM (#28672489)

Oliver Day of SecurityFocus.com above would disagree with you, & so do I...

(Your name tossing & profanity doesn't make YOU sound too intelligent, so I wouldn't go tossing names anymore like idiot...)

APK

P.S.=>

"At those proportions, there are WAY more efficient methods." - by TCM (130219) on Monday July 13, @12:12AM (#28672489)

AND, I use them, in a layered security manner (things in my webbrowsers even, like opera's filter.ini, Firefox's block lists, & even IE's restricted zones) alongside IPSec, Port Filtering, & Windows native firewall (plus a CISCO technology based linksys router)... layered security is the trend & the way, & smart to do imo @ least...

(Whoever modded you up might have made a mistake, but... oh well, opinions vary - facts & noted security experts agreeing with my points, do not!)... apk

That's normally between 24 hours and 7 days

Just because something is customary doesn't mean it's mandatory. RFC1035 explicitly states TTL should be set to 0 (zero) if the "[Resource Record] can only be used for the transaction in progress, and should not be cached" or "for extremely volatile data."

The article you mention (which btw. seems to be a wikipedia invention)

Damn those Wikipedians! They've poisoned SecurityFocus, Whatis.com, The EU SPAM Trackers group, and even Google!

would be done with custom DNS anyway, otherwise it's easily blocked by the ISP setting its cache to ignore a TTL less than a couple of hours (as most do.. hell, my even my home DNS does that).

It would be done by setting your DNS record (yes, a DNS RR you are responsible for) to have a short TTL. Not a custom DNS server, just administrative rights to the DNS record associated with one or more resources. And if, by setting the TTL to a low value, I tell you that my DNS record is going to be quite volatile, you can disagree with me all you want (by "ignor[ing] a TTL less than a couple of hours"), but don't be surprised when your cache goes stale.

Gosh, I wish I could live in the world you live in, with deathless and ultrastable interfaces and static network architectures. You could probably get by with just a really big "hosts" file. But out in the real world, sometimes you need short DNS TTLs for stuff like warm-failover high-availability architectures.

I do that anyway.

Because:
1) I don't trust either IE or Firefox to be secure enough.
2) I don't use AV software for my machines - AV software is getting crappier nowadays, it's getting harder to tell whether a machine is infected by malware or crappy AV software.

e.g. Lots of things running slower? System instability? Weird/dubious shit happening[1]? Hard to uninstall the crap? All of the previous?

BTW both Symantec and McAfee recently agreed to settle charges that they automatically charged customers software subscription renewal fees without their permission.

From a _technical_ viewpoint Linux is just as insecure as Windows, if not more so.

See the zero-day exploit for Firefox here: http://www.securityfocus.com/bid/34235

Even though it was exploited on windows there's NOTHING technically preventing it from being exploited on Linux. And keep in mind Firefox is not normally part of the default install of windows but it's in the default install for most Desktop Linux distros.

At least Vista and Windows 7 have IE sandboxed out of the box. Neither ubuntu nor opensuse have firefox sandboxed by default yet. I have made some suggestions to both Ubuntu and Opensuse on how to improve their stuff, maybe they'll get to them in 5 years time. Maybe never.

FWIW, I use Windows, Linux and FreeBSD at home.

[1] http://it.slashdot.org/article.pl?sid=09/03/10/139229
http://blogs.howstuffworks.com/2009/03/10/what-is-piftsexe/
http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html

> Every year I've read about it, the order from first to last compromised has been Windows, Mac, and Linux.

Which year? And which pwn2own contest are you talking about?

In 2006, there was no pwn to own cansecwest contest.
In 2007, it was mac first, but only macs were prizes ;).

In 2008, it was mac first again (out of OSX, Ubuntu and Vista) on day 2 (nobody managed to pwn anything under the day one rules), and vista only on day 3 (due to adobe flash exploit).

http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture?info=EXLINK

Day 1 rules = remote exploit - no user interaction
Day 2 rules = default client apps
Day 3 rules = popular 3rd party apps.

In 2009, it was safari on OSX first again, on day 1, followed by IE8 on Win7, followed by safari on OSX again, followed by firefox on Win7 (however multiple platforms were actually vulnerable to nils' attack[1]). All in day 1.

http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
http://blogs.zdnet.com/security/?p=2917
http://blogs.zdnet.com/security/?p=2934

[1] http://www.securityfocus.com/bid/34235

Rules:
Day 1: Default install no additional plugins. User goes to link.
Day 2: flash, java, .net, quicktime. User goes to link.
Day 3: popular apps such as acrobat reader ... User goes to link

And Charlie Miller one of the pwners says OSX is easier:

http://blogs.zdnet.com/security/?p=2941

"It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows."

"For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they're paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac."

And exploit code: http://downloads.securityfocus.com/vulnerabilities/exploits/35558.rb

Basically, it's exploiting a buffer overflow in the MSVidCtl ActiveX control. It has it load a malformed GIF which causes a buffer overflow somewhere, which then loads in shellcode.

Not much to it, really. You could make this into a static exploit if you so desired and pop it on any webpage you liked.

Securityfocus has more details, including the secret identity of the 'private reporter'

Take the iPhone for example. Its used by a lot of people but its nigh impossible to exploit simply because its locked down.

Bullshit. What exactly is all this about? And this?

What do you think jailbreaking is? Older firmware could even do it over the Web.

A while back, there was even a bug that let anyone bypass the lock screen (and the password).

"But not Adblock Plus, which is the one I REALLY like." - by Z00L00K (682162) on Friday June 19, @09:31AM (#28388855) Homepage

Per my subject-line, Z00Look: You've had the answer, all along, as long as your "OS of choice" bears a BSD-derived IP stack (or one that functions like it) such as Microsoft ones do (assuming you're a Windows user, but Linux, BSD, or Mac & other *NIX's can use this also, as they have one already)...

Take a read here -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285

(That's about HOSTS files benefits and "universality/globality" (not sure if those are 'real words' or not, but, hope you "catch my drift" once you read it))

Also, for more from myself on that note, & where it can help even more, see here -> http://slashdot.org/comments.pl?sid=1270901&cid=28364263

(That's about how it can shield folks from what's going on lately in Germany, DNS port 53 queries over udp logging)

Plus, lastly, but not least - Some "backup/backing" from the likes of Oliver Day, in regards to HOSTS files usage, here -> "Resurrecting the Killfile" by Oliver Day, 2009-02-04 http://www.securityfocus.com/columnists/491

(By using said customized HOSTS files, which YOU, yourself, can FULLY control yourself, for a high degree of control over adbanners (especially bogus malware script bearing ones) + gaining more speed as well (via blocking those banners but also "hardcoding IP addresses" of your fav. sites) & more)...

APK

P.S.=> Enjoy, hope that helps - &, sorry I could not be of more help, but I am busy today & have to make a meeting (ugh!)... apk

IANAL, but actually I think that you would be correct. Most of you I'm sure recall from not too long back that it is illegal to violate a website's Terms of Service - http://www.securityfocus.com/news/11519. I haven't checked, but it is a good bet that the Terms of Service for Myspace, Facebook, etc., forbid you from giving out your password to anybody. Additionally, were the city to recieve the username and password and then use those to log into your account, they would (within the spirit of the law even) be violating the same law.

This line of thought also raises the interesting possibility of using arbitrary terms of services to shield ones self from compulsory searches, such as drug screenings at work. You're asked to pee in a cup and reply "I'm sorry, but I just signed up for website X, and it forbids me from taking a drug screening when no probable use of illicit substances is shown. Violating the terms of service would be illegal."

"Sorry you're fired."

"oh really? You're firing me for refusing to break the law? I'm pretty sure that is grounds for a lawsuit, so the question is, do you want to pay my salary in exchange for me doing work for you, or after an expensive lawsuit?"

(Note, you wouldn't be able to agree to the terms of service if an existing employee agreement already requires you to submit to random drug tests, so don't be stupid. Also, again, IANAL, so don't blame me if you get fired/don't get a job.)