Slashdot Mirror

Hahaha Urinal. Nice to see that apk's security guides like this one have put a dent into your malware and botnet business with the infamous RBN, Ukie boy:

http://www.tcmagazine.com/forums/index.php?s=59a1733cda9711d7bb0c2f0b1da8e2ab&showtopic=2662

You're only showing your hand on this one. I use his guides and hosts files and I never get taken advantage of by the likes of your kind anymore because of him. It is very obvious you have taken a beating from apk before either in technical debate or because of your botnets being disabled and crippled one by one as more people do as I have done and applied apk's security guide points and hosts file versus scum like you. Trash like you deserve every second of it and the same thing is being done by online scum like you have done here to apk http://twitter.com/klastalov/status/200124793 where you said quite classlessly he could suck your sweaty cock. Small cock should have been added. Improve your English you foreign reject and improve your way of making money because you ukes have done the same to Dancho Danchev of ZDNET with his Ukranian fanclub he notes here http://ddanchev.blogspot.com/2009/09/ukrainian-fan-club-features.html and that is about all scum like you have is your online putdowns after people like Mr. Danchev and apk get through with you by blowing away your botnets and informing others online about them and how to stop them. Too bad you are too stupid and illiterate to make a living honestly and instead have to prey on grandma types online as online trash like you do. The part that makes you completely stupid is that you are obviously modding yourself up also which fools no one, you foreign moron. Go home to the Ukraine scumbag. You're not wanted here.

"I think it's actually more entertaining when I don't get it at all on any platform, because I disabled javascript." - by Anonymous Coward on Sunday September 13, @08:02PM (#29408785)

Dead on RIGHT: I have said this time & again here, & most of all, here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "Fun-to-Do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=33555fc937017deab726a927c1c4a7fd&showtopic=2662

----

AND, most of us all KNOW it - javascript can be the "harbinger of doom", on maliciously coded websites script tags OR in adbanners themselves, & this is just another evidence thereof:

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

I prefer Opera in this case (even over FireFox + NoScript, for example) because it has this "built in natively", via rightclicks on pages (after setting javascript + frames/iframes usage off too, GLOBALLY, first in Tools/Preferences menus first), & then? Then you "make exceptions sites" like e-commerce or online banking sites (that DEMAND you use javascript).

Anyhow/anyways:

You've got the right idea for how to stop MOST of all what hits you nowadays online (via HTML email that allows script tags &/or webpages that do so (& yes, even malicious adbanners, which the hosting providers for these apparently do NOT check on for malicious content in them)).

APK

P.S.=> Again & I cannot stress this enough: Yes - For SOME websites you need javascript on for, + have no choice but to use scripting on them, or you cannot use them fully or at all, period - those you make exceptions for, however you do so, & with browsers that allow for it (FF & Opera do, albeit, addons are needed for FF)

(Yes, & those you have to "take your chances on" too, as to NOT being infested/infected, such as e-commerce sites or online banking ones, but, odds are they hire "TOP NOTCH" administrators & other personnel involved w/ said website material who DO check on this hopefully, to mitigate ANY wrongdoing due to negligence on their parts)

BOTTOM-LINE: In limiting your javascript usage & WHERE YOU USE IT ONLINE? You severely 'cut down' on the inability to identify where you may have somehow gotten a scripted malware attacking you, because you only use javascript on so many sites anyhow (rather than them ALL, which would make it tough to identify where you might have drawn in the infestor into your system)... apk

"Back in the early 90's, I ran a BBS called "Hacker Heaven BBS"" - by hacker (14635) on Wednesday September 09, @11:47PM (#29374941)

I remember seeing it on various lists of BBS I travelled to in those "halcyon OLD days of yore" of the 14.4kbps - 57.6kbps dialup modem time period.

----

"People weren't coming to my BBS for research, they were coming to figure out what was the most-dangerous, and then fetch that. I could see them hit the database, search around, and then hit the virus vault to download the matching source to build their own nightmare." - by hacker (14635) on Wednesday September 09, @11:47PM (#29374941)

Man, there you go: "Humanity @ its finest", (Sarcasm) eh? Does figure though... what a shame really.

----

"IMHO, this is a bad, BAD idea." - by hacker (14635) on Wednesday September 09, @11:47PM (#29374941)

I'm with you on this one, because you're the "voice of experience" in the same area basically...

APK

P.S.=> Still, folks don't REALLY have to worry about them (either binary viruses, IF they are cautious as to what they D/L from online, OR, for scripted malware exploits really (because javascript's the "harbinger of doom" here largely & we ALL know it - & I tell folks about their options on that much below))

How so? Easily, IF they apply the "tips/tricks/techniques" of what is enumerated here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=20ac10c9cf3ceb6db2fdc32f11e10eea&showtopic=2662

E.G.-> On 15/20 forums it has been featured on, it has been rated "5/5 star" or made an "Essential Guide" or "Sticky/Pinned Thread" and has crossed well over 250,000 views worldwide in 1++ yrs.'s time, & w/ good ratings but more importantly, w/ GOOD RESULTS FOR END-USERS THAT APPLIED IT (as noted below, via feedback from users who have used it & applied its point - IT JUST WORKS!)

----

PERTINENT QUOTE/EXCERPT OF A USER'S RESULTS WHO APPLIED ITS POINTS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=feead501552d2d549fc607f5ccb524fd&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com

----

The guide utilizes an EASY TO USE & respected tool for securing one's Windows NT-based OS of modern design (2000/XP/Server 2003) in CIS Tool, & goes FAR BEYOND ITS "industry best practices" based advisements to further secure you more still, beyond doing on those measures.

----

It truly is, the best route, & a form of "PASSIVE RESISTANCE"... & no "retaliatory offensive measures required", basically!

I.E.-> Just make your system as close to impregnable as is possible? You CANNOT GET BURNED by "hacker/cracker types", period... apk

See subject-line, & this quote from the pages @ MS on how to "mitigate" this type of attack (easily done really):

http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx

"To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature"

I cover how to do that (& really, EVERYONE should on Windows 2000/XP/Server 2003, because it acts as another "layer" of defense, for "layered security" above & beyond std. firewalling, because it uses ipfltdrv.sys, which acts PERFECTLY FINE alongside all other defenses)

I cover a LOT of this here, & IP FILTERING'S VERY EASY TO SETUP (you may want to refer to the IANA ports list though, for YOUR particular needs, it does help):

-----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "Fun-to-Do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=33555fc937017deab726a927c1c4a7fd&showtopic=2662

(You MAY want to look @ points #3 - #5 there, they cover IP Filtering, IPSec, & more... specifically in regards to this, & protecting yourself vs. it, on Windows 2000... it SHOULD work, according to MS, & it is JUST GOOD "LAYERED SECURITY" anyhow!)

-----

Now, the IP FILTERING (ipfltdrv.sys) works PERFECTLY FINE alongside ipnat.sys (firewall driver), & ipsec.sys (IP Security Policies) too... all of them, alongside TCP FILTERING, work fine "all @ once"/"concurrently"... + of course, alongside tcpip.sys, the base IP driver)

The 3 other drivers work @ DIFFERENT LAYERS of the IP stack around tcpip.sys, making them function PRETTY MUCH like a "Zone Defense"/"Greek Phalanx", so if you take 1 down? The others are STILL IN THE WAY... it's neat - too bad MS did away with that w/ VISTA onwards now using the single layer (& thus, single "lock" only) WFP + NDIS6, which even the folks @ ROOTKIT.COM are stating is "much easier to unhook & bypass" vs. the older model whose architecture I just laid out...))

APK

P.S.=> Enjoy, that OUGHT to help you Windows 2000 folks out there, vs. this "bug"... do I think MS could fix it? Sure, but it'd "hurt business"... replace RDR20.DLL with MSWSOCK.DLL (for LSP/Layered Service Providers), the latter being what XP/Server 2003/VISTA onwards use, & it could be fixed imo... but, "that's business" for you! apk

"Don't know what country you live in, but around here, the only reason people tolerate hackers is because they don't really do anything." - by phantomfive (622387) on Friday September 04, @04:28PM (#29316663) Homepage

Correction: Once you apply THIS security guide & tools noted (such as CIS Tool)? THEY CAN'T DO ANTHING TO YOU @ ALL, PERIOD:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Server 2008/Windows 7, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.xtremepccentral.com/forums/showthread.php?s=feead501552d2d549fc607f5ccb524fd&t=28430

or

http://www.tcmagazine.com/forums/index.php?s=a2287e2ac08f7b36f20819c0874238ba&showtopic=2662

----

Do that? You will be FAR MORE RESISTANT to "hacker/cracker" attacks (testimonials to that effect are below, please read on...)

----

"If crackers start doing reprisals (what are they going to do, reformat the hard drive? Send a hitman?), it's only going to make people angry." - by phantomfive (622387) on Friday September 04, @04:28PM (#29316663) Homepage

No reason to get angry, if you cannot be affected by their "reprisals", such as this fellow saw for himself, his family, AND HIS PAYING CUSTOMERS (who all had the tips/tricks/techniques of my security guide above applied to their systems, & that is going on 2++ yrs. for himself, & in my case personally? Since 1998 onwards, to present day, today):

PERTINENT QUOTE/EXCERPT OF A USER'S RESULTS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=feead501552d2d549fc607f5ccb524fd&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com

----

As you can see? It really does work for better security AND a F A S T E R online experience as well...

In fact??

This guide I put out to others in late 2007/early 2008 (extending ones I had done a decade before @ NTCompatible.com + Neowin.com (where it is STILL featured & rated well)) was my "personal effort" to help others, & in this very capacity (& it was my New Year's Resolution in 2008 to do so in fact) that this article speaks of - educate users? They cannot be suckered (or, @ least as easily)...

E.G.-> On 15/20 forums it has been featured on, it has been rated "5/5 star" or made an "Essential Guide" or "Sticky/Pinned Thread" and has crossed well over 250,000 views worldwide in 1++ yrs.'s time, & w/ good ratings but more importantly, w/ GOOD RESULTS FOR END-USERS THAT APPLIED IT (as noted above). It utilizes a respected tool for securing one's Windows NT-based OS of modern design (2000/XP/Server 2003) in CIS Tool, & goes FAR BEYOND ITS "i

"I find the use of a good filtered DNS service that blacklists malware URL's upon discovery goes a long way towards limiting my exposure to this. Open DNS or Scrub IT works well. The only down side is they are often the target of DOS attacks, so their uptimes are limited. Be prepared to switch DNS settings when the "Internet" goes down. Most of my frequent sites, I keep in my local hosts file, so even if DNS goes down or DNS is hijacked, the link to my banking is still valid. Ruining as a normal user I can't be tricked into editing my hosts file. I don't have the privileges. Links; Open DNS http://www.opendns.com/ ScrubIT http://www.scrubit.com/ " - by Technician (215283) on Wednesday August 26, @01:53PM (#29204855)

See my subject-line, & this URL (especially points #'s 2 thru 5, because they cover a great deal of exactly what you state works, because, those points DO):

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):

http://www.tcmagazine.com/forums/index.php?s=555c0485c3ad66d4020d3aa92778a1b2&showtopic=2662&st=0&start=0

----

IT WORKS...

How well? Ok, a testimonial, from -> http://www.xtremepccentral.com/forums/showthread.php?s=79253c5b286c472a012ff2ef7e7f2230&t=28430&page=3

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com

----

That's 'how well'... For going on 2++ yrs. now for Thronka & his paying clients, & for myself? Since 1997-1998 or so, through many machines since those days, to the present today, same results here!

APK

P.S.=> AND, what is a MAJOR portion of that guide (as far as "the beyond" part, above CIS Tool Guidance)? HOSTS FILES, & OpenDNS or ScrubIT DNS... & you think just like I do, & it does work, for all that you noted, plus more - think about THIS one:

Like IPSecurity Policies (also covered in my guide, acting as "layered security")? HOSTS files can LIMIT what even an already "taken in" malware can do online - because, IF/WHEN you block KNOWN "bogus servers" or bad adbanners (or even malicious websites)??

Well, if YOU cannot get to them, guess what? NEITHER CAN THE MALWARE... sure, some of you might say "but the malware could just use a static IP address vs. using HOST names or URL's to communicate back to 'home base/the mothership'" but, they can't do that, because ISP/BSP's "take down" KNOWN bad servers fairly quickly once they're discovered... & thus, using an IP address would be, self-defeating - where using URLs or DOMAIN NAMES allows malware makers/botnet masters etc. et al the ability to QUICKLY re-register said domain name once more, albeit, on a diff. server next rou

"What was left out of the article is the obvious, virtually all of these platforms run some variation of MS windows .... tick, tick, tick ....." - by MrData (130916) on Wednesday August 26, @10:13AM (#29201183)

See subject-line, & no more worries... HOW? Easily enough:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):

http://www.tcmagazine.com/forums/index.php?s=348f9a2df4f9c3123de3554c49e7191f&showtopic=2662

----

IT WORKS...

How well? Ok, a testimonial, from -> http://www.xtremepccentral.com/forums/showthread.php?s=79253c5b286c472a012ff2ef7e7f2230&t=28430&page=3

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com

----

That's 'how well'... & For going on 2++ yrs. now for Thronka & his paying clients, & for myself? Since 1997-1998 or so, through many machines since those days, to the present today, same results here!

APK

P.S.=> Enjoy - that guide, once you apply its points? It MAY "change your 'pov'" on Windows... Especially because you're such a "Pro-*NIX" type, evidently! apk

"I have family that use Windows. What am I supposed to do?" - by gillbates (106458) on Sunday August 23, @09:53PM (#29168277) Homepage

THIS:

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA (& beyond), + make it "fun-to-do", via CIS Tool Guidance (& beyond):

----

http://www.tcmagazine.com/forums/index.php?s=e9bb2f3f527af8305dc4891065f330c4&showtopic=2662

----

IT WORKS...

How well? Ok, a testimonial, from -> http://www.xtremepccentral.com/forums/showthread.php?s=79253c5b286c472a012ff2ef7e7f2230&t=28430&page=3

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com

----

That's 'how well'... for going on 2++ yrs. now for Thronka & his paying clients, & for myself? Since 1997-1998 or so, through many machines since those days, to the present today, same results here!

APK

P.S.=> Enjoy - that guide, once you apply its points? It MAY "change your 'pov'" on Windows... Especially because you're such a "Pro-*NIX" type! apk

"No one knows better than a scumbag malware distributor how to protect themselves online." - by Itninja (937614) on Friday August 21, @07:24PM (#29152031) Homepage

That's not entirely true (though I do agree many of them KNOW WHAT THEY'RE DOING to a good extent, because they're no longer just "Script Kiddies", but instead, many are imo @ least, out of work software engineers, or those employed by "criminal interests" to do such bad things).

Anyone can learn how to secure a PC well, especially a Windows NT-based one of modern design (2000/XP/Server 2003 & even VISTA and beyond) though - As ANYONE can read this:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA (& beyond), + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662

----

Users who have applied it have seen NO "INFESTATIONS" for going on 2++ yrs. now for themselves & even their paying customers who had it applied to their systems, per this testimonial of such results:

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local" - THRONKA, user @ xtremepccentral.com -> http://www.xtremepccentral.com/forums/showthread.php?s=1316aff8cd028e1eda6006fa9bb30181&t=28430&page=3

----

As you can see? IT JUST WORKS!

That guide's crossed over 250,000++ views in 1++ yrs.' time online (& owns 17 of the TOP 20 in GOOGLE querying "HOW TO SECURE Windows 2000/XP"), & has usually been made a "Sticky/Pinned Thread" or "Essential Guide" & is in the topmost viewed in 15/20 forums it is on also, & many times rated very well by user commentary or "5 star ratings" etc. et al. such as here -> http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662

NO MALWARE MAKER/DISTRIBUTOR HERE EITHER!

Fact is - I am a programmer/analyst-software engineer (& network admin) by trade, professionally, for 16++ yrs. now & who has been internationally published in this field 10x or more since 1996, plus, had my work & ideas do well @ MS Tech-Ed 2001 & 2002 to the tune of "FINALIST" position in the hardest category there, SQLServer Performance Enhancement (in addition to possessing multiple degrees in this art & science), & I know how it's done, as well as (or better than) many of these 'scumbags' you describe, which only makes sense:

The sad part? Those 'scumbags' are guys pretty much like myself - who are fairly well-versed in this science @ ALL LEVELS (network tech &/or coding), & are what I call "misguided" or as you say, just scumbags... ones that make the rest of us "techies/coders" look bad, in the eyes of others!

APK

P.S.=

"No one knows better than a scumbag malware distributor how to protect themselves online." - by Itninja (937614) on Friday August 21, @07:24PM (#29152031) Homepage

That's not entirely true (though I do agree many of them KNOW WHAT THEY'RE DOING to a good extent, because they're no longer just "Script Kiddies", but instead, many are imo @ least, out of work software engineers, or those employed by "criminal interests" to do such bad things).

Anyone can learn how to secure a PC well, especially a Windows NT-based one of modern design (2000/XP/Server 2003 & even VISTA and beyond) though - As ANYONE can read this:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA (& beyond), + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662

----

Users who have applied it have seen NO "INFESTATIONS" for going on 2++ yrs. now for themselves & even their paying customers who had it applied to their systems, per this testimonial of such results:

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local" - THRONKA, user @ xtremepccentral.com -> http://www.xtremepccentral.com/forums/showthread.php?s=1316aff8cd028e1eda6006fa9bb30181&t=28430&page=3

----

As you can see? IT JUST WORKS!

That guide's crossed over 250,000++ views in 1++ yrs.' time online (& owns 17 of the TOP 20 in GOOGLE querying "HOW TO SECURE Windows 2000/XP"), & has usually been made a "Sticky/Pinned Thread" or "Essential Guide" & is in the topmost viewed in 15/20 forums it is on also, & many times rated very well by user commentary or "5 star ratings" etc. et al. such as here -> http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662

NO MALWARE MAKER/DISTRIBUTOR HERE EITHER!

Fact is - I am a programmer/analyst-software engineer (& network admin) by trade, professionally, for 16++ yrs. now & who has been internationally published in this field 10x or more since 1996, plus, had my work & ideas do well @ MS Tech-Ed 2001 & 2002 to the tune of "FINALIST" position in the hardest category there, SQLServer Performance Enhancement (in addition to possessing multiple degrees in this art & science), & I know how it's done, as well as (or better than) many of these 'scumbags' you describe, which only makes sense:

The sad part? Those 'scumbags' are guys pretty much like myself - who are fairly well-versed in this science @ ALL LEVELS (network tech &/or coding), & are what I call "misguided" or as you say, just scumbags... ones that make the rest of us "techies/coders" look bad, in the eyes of others!

APK

P.S.=

"Yeah, but noone argued that. The point is the sheer stupidity of abandoning the usefulness of DNS for a locally held hosts file. You even stir some totally uncalled-for phobia by referencing DNS poisoning or compromised DNS servers to make your "point"." - by TCM (130219) on Thursday August 20, @07:20PM (#29140923)

No one's abandoning a thing - I still use remote DNS servers, OpenDNS (mainly because Dan Kaminsky pointed out the hassles he found in BIND, & they immediately responded)...

----

"You even stir some totally uncalled-for phobia by referencing DNS poisoning or compromised DNS servers to make your "point"." - by TCM (130219) on Thursday August 20, @07:20PM (#29140923)

I suggest you look up the types of errors that both Dan Kaminsky, & Moxie Marlinspike have found in the BIND DNS system... & iirc, DJBDNS which CLAIMED TO BE "UNBREAKABLE" & offered up $10,000 to ANYONE that could find holes in it... well? They had to "pay out" recently...

I suggest you be a bit better informed, and read closer in my posts, because I still use DNS servers, & even suggest their usage (OpenDNS or ScrubIT) in this security guide I wrote that's crossed 250,000++ views in 1++ yrs.' time online (& owns 17 of the TOP 20 in GOOGLE querying "HOW TO SECURE Windows 2000/XP"), & has usually been made a "Sticky/Pinned Thread" or "Essential Guide" & is in the topmost viewed in 15/20 forums it is on also, & many times rated very well by user commentary or "5 star ratings" etc. et al. such as here -> http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662

----

"But of course, if I were also too stupid to setup a local resolver, then I would come up with such crude ideas as well. Each according to his abilities I guess." - by TCM (130219) on Thursday August 20, @07:20PM (#29140923)

Now, IF I WERE STUPID? I'd waste RAM, CPU Cycles, & other forms of I/O on a local DNS server program... lol, especially when I don't NEED to, via an easily edited HOSTS file (which if you can use notepad.exe & read english? Is VERY EASY TO DO, & anyone can do it... for cheaper/for less, than running a local DNS server & certainly this operates faster than calling out to remote DNS servers, especially for favorite websites you "hardcode" the IP address - to - URL equation record for it into your HOSTS file).

"To each his own & his abilities"...

----

"Each according to his abilities I guess." - by TCM (130219) on Thursday August 20, @07:20PM (#29140923)

I'm perceiving that as some sort of attempt to insult me... well, ok! The day you can do this:

----

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 is

Because he obviously is a botmaster (or wannabe "hacker/cracker" who loses profits by blocking known bad websites in HOSTS files since adbanners have been compromised before), or some webmaster (as they lose monies on adbanner blockage, despite it taking away a users' speed online, OR, via malicious code in them that bushwhacks the unwary user):

http://it.slashdot.org/comments.pl?sid=1139923&cid=26983715

----

"But don't you see? Your favorite sites are going to have to shut down if you use AdBlock, 'cause then you're stealing their content! You're really going to just have to take one for the team." - by ion.simon.c (1183967) on Wednesday February 25, @01:32PM (#26983715)

----

I would ordinarily stop on that note alone, seeing as Ion.SIMIAN.c is obviously one profiting by these things (even though they're known to be infested with malicious code the past few years now & the fact that adbanners eat up an online user's bandwidth THE USER PAYS FOR no less)... but, that's not all, with wannabe, Ion.SIMIAN.c... far from it!

He hangs out @ the "hacker/cracker" websites online, like this one -> http://74.125.47.132/search?q=cache:T1ikOtt242AJ:hackaday.com/2009/02/22/x11-on-android/+%22Simon+C.+Ion%22&cd=10&hl=en&ct=clnk&gl=us

Thus, it's quite possible he is trying to somehow "discredit me" to others, since I have done guides that stop that type of loser (hackers/crackers), the worst kind of online SCUM that there is, via this guide I did in late 2008 -> http://www.tcmagazine.com/forums/index.php?s=5bf29ea6ca49162314f25f9ebf2aba68&showtopic=2662

He also likes things like "PhreakNic", a 'hacker/cracker' type event apparently -> http://wiki.yak.net/0.photos.simoncion?size=L and those are his photos from it...

APK

P.S.=> Keep using TOR (another indicator ion.SIMIAN.c is nothing but someone up to "no good" again most likely), & going slow as hell due to their total lack of speed (like any "anonymous proxy" usually is) being the "wannabe hacker" you *THINK* you are, apparently... NOW - You said this to me:

"2) You're talking to APK... His depth of knowledge is *really* shallow, so don't expect a good conversation out of him." - by ion.simon.c (1183967) on Thursday August 06, @08:09PM (#28980845)

Time to show YOU, what is what & everyone else here, where it's at, on that account... with your own list of massive screwups. I will keep to my word, because I laid off on you, thinking you'd leave me be from the last time we "had it out" for your trolling me, & you lost badly (which my other replies here clearly illustrate)... So, from now on, under this "ion.simon.c" registered user account you have here? I'll do as you requested -> http://slashdot.org/comments.pl?sid=1230601&threshold=-1&commentsort=0&mode=thread&pid=28076381 , & post this in reply to your posts, see how you like eating your own words... apk

http://it.slashdot.org/comments.pl?sid=1139923&cid=26983715

----

"But don't you see? Your favorite sites are going to have to shut down if you use AdBlock, 'cause then you're stealing their content! You're really going to just have to take one for the team." - by ion.simon.c (1183967) on Wednesday February 25, @01:32PM (#26983715)

----

I would ordinarily stop on that note alone, seeing as Ion.SIMIAN.c is obviously one profiting by these things (even though they're known to be infested with malicious code the past few years now & the fact that adbanners eat up an online user's bandwidth THE USER PAYS FOR no less)... but, that's not all, with wannabe, Ion.SIMIAN.c... far from it!

He hangs out @ the "hacker/cracker" websites online, like this one -> http://74.125.47.132/search?q=cache:T1ikOtt242AJ:hackaday.com/2009/02/22/x11-on-android/+%22Simon+C.+Ion%22&cd=10&hl=en&ct=clnk&gl=us

Thus, it's quite possible he is trying to somehow "discredit me" to others, since I have done guides that stop that type of loser (hackers/crackers), the worst kind of online SCUM that there is, via this guide I did in late 2008 -> http://www.tcmagazine.com/forums/index.php?s=5bf29ea6ca49162314f25f9ebf2aba68&showtopic=2662

He also likes things like "PhreakNic", a 'hacker/cracker' type event apparently -> http://wiki.yak.net/0.photos.simoncion?size=L and those are his photos from it...

APK

P.S.=> Keep using TOR (another indicator ion.SIMIAN.c is nothing but someone up to "no good" again most likely), & going slow as hell due to their total lack of speed (like any "anonymous proxy" usually is), You haven't replied here, and have been gone for over 3++ days or so now... why? Because I am exposing YOU as the dunce you are, clearly! You said this to me:

"2) You're talking to APK. He exists to write wall-of-text comments. His depth of knowledge is *really* shallow, so don't expect a good conversation out of him." - by ion.simon.c (1183967) on Thursday August 06, @08:09PM (#28980845)

Time to show YOU, what is what & everyone else here, where it's at, on that account... with your own list of massive screwups. I will keep to my word, because I laid off on you, thinking you'd leave me be from the last time we "had it out" for your trolling me, & you lost badly (which my other replies here clearly illustrate)... So, from now on, under this "ion.simon.c" registered user account you have here? I'll do as you requested, & post this in reply to your posts, see how you like eating your own words... apk

http://it.slashdot.org/comments.pl?sid=1139923&cid=26983715

"But don't you see? Your favorite sites are going to have to shut down if you use AdBlock, 'cause then you're stealing their content! You're really going to just have to take one for the team." - by ion.simon.c (1183967) on Wednesday February 25, @01:32PM (#26983715)

I would ordinarily stop on that note alone, seeing as Ion.SIMIAN.c is obviously one profiting by these things (even though they're known to be infested with malicious code the past few years now & the fact that adbanners eat up an online user's bandwidth THE USER PAYS FOR no less)... but, that's not all, with this little toad wannabe, ion.SIMIAN.c... far from it!

He hangs out @ the "hacker/cracker" websites online, like this one -> http://74.125.47.132/search?q=cache:T1ikOtt242AJ:hackaday.com/2009/02/22/x11-on-android/+%22Simon+C.+Ion%22&cd=10&hl=en&ct=clnk&gl=us

Thus, it's quite possible he is trying to somehow "discredit me" to others, since I have done guides that stop that type of loser (hackers/crackers), the worst kind of online SCUM that there is, via this guide I did in late 2008 -> http://www.tcmagazine.com/forums/index.php?s=5bf29ea6ca49162314f25f9ebf2aba68&showtopic=2662

He also likes things like "PhreakNic" -> http://wiki.yak.net/0.photos.simoncion?size=L and those are his photos from it... now, IF I looked like a bony little weasel like that? I might be tempted to be a little prick like he is also, but... that assumes I was a wannabe like Ion.SIMIAN.c is, who can't even get a GIGABYTE IRAM to work on Linux (as he could not, but, yet it works on Windows, just fine), and he looks like an AIDS victim to boot.

APK

P.S.=> Keep using TOR (another indicator this little prick ion.SIMIAN.c is nothing but someone up to "no good"), & going slow as hell due to their total lack of speed (like any "anonymous proxy" usually is), because you're going to be unable to hide from me, from now on!

You haven't replied here, and have been gone for over 3++ days or so now... why? Because I am exposing YOU as the dunce you are, clearly!

AND, this time? I will keep to my word, because I laid off on you, thinking you'd leave me be from the last time we "had it out" for your trolling me, & you lost badly (which my other replies here clearly illustrate)... So, from now on, under this "ion.simon.c" registered user account you have here?

From now on, in every post you make here?

You're going to see, and so will everyone else, these same replies to you, so everyone can see how STUPID you are, little wannabe (and, so you cannot continue to mod me down as you have been & then posting wiseguy AC comments afterwards)... Going to send you back to "Alabama", with your tail between your legs, you 33 yr old troll.

Then, of course, you'll use your sockpuppet "Random Destruction" account to do so as he did here (note the 'wall of text' comment & same speech pattern -> http://tech.slashdot.org/comments.pl?sid=1327945&cid=28980845 ), but that's ok - I have a lot more than I have here so far on you, Ion.SIMIAN.c (this? This is JUST THE START)... lol! apk

First of all, thank you for the reply, it does make some sense on AdBlock &/or NoScript's mechanics... & now, to continue our discussion here (many good points coming out, which is, GOOD):

----

"One disadvantage host-based blocks have: It's generally a good practice to make your hosts file editable only by the administrative account. This makes it inconvenient to modify it "on demand." This is both a feature and an annoyance." - by davidwr (791652) on Thursday August 06, @03:36PM (#28977441) Homepage

I do so, via BOTH "read only" file attribute protection, AND, via the usage of ACL's in Windows (Access Control Lists)... it is, good practice, you are correct on this note (not a disadvantage to me though, as I run as "ADMINISTRATOR" here constantly (& I am safe, via the points in this security guide I authored in late 2008 which has done extremely well -> http://www.tcmagazine.com/forums/index.php?s=6480c22447b7b297e4a6e239192076c5&showtopic=2662 to the tune of many good reviews, being made a "sticky/pinned" thread &/or "essential guide" on 15/20 websites it is featured on, plus going well over 1/4 million views worldwide, even to the point of getting me paid for it (a total surprise, on that account))

----

"I've used host-file management to block out unwanted web sites myself, but I find tools like NoScript are much more effective unless your goal is to literally black-list a certain hostname 100%." - by davidwr (791652) on Thursday August 06, @03:36PM (#28977441) Homepage

QUESTION: How can you say that NoScript is "more effective", when NoScript &/or AdBlock ONLY COVERS MOZILLA/FIREFOX PRODUCTS, vs. HOSTS files covering EVERY webbound program you have or use?

(And, HOSTS use less CPU, RAM, & other forms of I/O, period...)

----

"I've also used routing-table-based blacklisting to blacklist IP addresses or ranges of IP addresses, but it was to effect a "you're totally invisible" policy, not to block ads." - by davidwr (791652) on Thursday August 06, @03:36PM (#28977441) Homepage

How did you do so? Via the "route" command, or, do you mean @ the router level?

APK

P.S.=>

"By the way, your overuse of bold, ALL CAPS, and your very long messages get in the way of what you are trying to say. My eyes glazed over as I was reading your first missive. Please be briefer and emphasize only a very small percentage of your words, or none at all." - by davidwr (791652) on Thursday August 06, @03:36PM (#28977441) Homepage

Opinions, vary... I have to write out detail, so nothing is lost & this leaves less "unanswered questions"... plus, I do use quotes of others' points, so nothing is 'lost in translation' - both of those, DO tend to "bloat my posts", but, as the saying goes? "The Devils are in the details"... & I leave no stone unturned, & am a BIG FAN of detail...

Plus, if you like the tune "Peace of Mind" by BOSTON? I guess they said it best, in this line -> "Everybody's got advice, they just keep on givin' (doesn't mean too much to me)"... especially since this is NOT the "English Grammar section" of /., & this is not my "last will & testament", nor other form of legal correspondence, nor even a paper for a grade in academia... apk

"dude please tell me you have a website or somethin coz that stuff is gold info" - by Anonymous Coward on Wednesday July 29, @05:14AM (#28863689)

Check THIS out then, because it has a LOT more that can benefit you ->

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond)

http://www.tcmagazine.com/forums/index.php?s=87203c9d6d4117d11f30ee4e89cf27d4&showtopic=2662

----

Other seeing the same results as I have, 2++ yrs. worth so far iirc on this fellow's part, after doing that guide of mine in the URL above? Ok:

----

http://www.xtremepccentral.com/forums/showthread.php?s=26a647f959425ebbbb85586b0da252e0&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)

----

Nuff said, enjoy it... IT ACTUALLY WORKS (whereas other solutions like antivirus/antispyware clearly do not, or not as well (inclusive of false positives or just plain missing many threats, especially those that come thru the webbrowser, which is MOST of them today, via the harbinger of doom itself, javascript).

----

"& i totally dont get why they mod u down ether -> probly scared of the truth that hosts is FAST like you say because then they lose money on all ther expensive dns admin stuff if everybody jsut uses hosts" - by Anonymous Coward on Wednesday July 29, @05:14AM (#28863689)

You're probably EXACTLY right, & not just from the folks who do DNS servers... I agree!

Thus To quote Ozymandias from "The Watchmen" once more:

"So I resolved to apply antiquities teachings (usage of custom malicious site &/or adbanner blocking HOSTS files) to the world, today, & so began my conquest: Conquest, NOT OF MEN, but, of the evils that beset them - Fossil Fuels (antivirus resident), Oil (antispyware resident), Nuclear Power (VM for security layers), are like a drug, & YOU GENTLEMEN, along with foreign interests (RBN, etc. et al), are the pushers..." - Adrian Veidt (Ozymandias), THE WATCHMEN

You have a STRONG possible point... no doubt about it!

(HOSTS files usage CAN & DOES affect a LOT of those items I list in my Ozzy quote (because running antivirus/antispyware/or a VM resident's FINE for "noobz" & I even recommend it in that guide URL of mine, but, once you KNOW WHAT YOU'RE DOING? You don't need to keep them resident burning CPU cycles, memory, & other forms of I/O, period)

Fact is - I've been doing it for 7 months now, NOT A SINGLE INFESTATION... not one! Just doing what is in the rest of my HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond) url guide above...

It can also adversely affect webmasters looking for adbanner vi

"1) This vulnerability exists on OSX, Windows, and Linux.

2) The annual pwn2own competition, among others, shows that Linux and Windows are similarly secure and OSX is much less secure. OSX goes down first every year, while Windows and Linux both last until later days of the competition when more direct access to the systems is granted to the contestants.

A Windows machine is more likely to be compromised, but that's because of market share. "Insecure by design" implies that you're talking about the security of the OS against someone who wants to compromise it. It's proven every year that only OSX lags in this area, and it lags quite badly (this year's winner rated the difficulty of compromising Vista and Linux as a 9-10, and the difficulty of breaking into OSX as a 3, IIRC).

3) Goto 1)" - by Colonel Korn (1258968) on Tuesday July 28, @12:54PM (#28854687)

No one could say it better than you have Colonel, GOOD JOB, & if I had the ability to give "mod points" I would mod you up, but alas, as an "A/C" here? I cannot... so, all I can say is "well said, & good job"...

APK

P.S.=> NOW - As far as the "Pro-*NIX FUD Spreader", who obviously cannot THINK for himself & thinks others are the same as he, whom you replied to? Here is what I can give HE, in response to his obvious misleading b.s.:

"A computer worm that spreads through Flash and PDFs on PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough [today.com] to still think Windows is not ridiculously and unfixably insecure by design" - by David Gerard (12369) on Tuesday July 28, @11:08AM (#28852797) Homepage

Oh, really? Then, try THIS "on for size", in response to your FUD spreading:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & yes, even VISTA (& it's descendants), + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=aeba48c4aeccd4a426f664b5db5574e8&showtopic=2662

----

Results? Ok, & from Linux AND Windows no less, @ the start of that guide (which show that Linux itself also needs added work to secure it, & guides from Apple Computer also show that MacOS X is NOT that secure "outta the box/oem stock" as well, & recommend FAR MORE to do, to secure it as much as is possible, vs. what you get from them oem/stock/outta the box):

http://www.xtremepccentral.com/forums/showthread.php?s=b38271cfc7ef82deafc78e2e2ef23a0f&t=28430&page=3

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" THRONKA user @ xtremepccentral.com

----

All with MOSTLY "native tools" already in your OS', or webbrowsers (the MAIN 'disease vector', via javascript especially (THIS NEEDS REVISION THE MOST, where is th

"Though, putting Ubuntu on your Windows boxes will save you some real cash. And help security." - by WheelDweller (108946) on Monday July 27, @10:38AM (#28837021)

You're trying to make it sound as if "Linux is the 'holy grail of security'", & it's not (because the link below shows, it is clearly, not - not how it is setup, by default, & Bert64, a user here, illustrated that plainly enough, because I used HIS results on Linux in fact, in said guide below)

So - that all "said & aside"? Well... no OS is perfectly "security-hardened", @ least "as is", from the oem & as they are shipped to BOTH typical "end users" OR corporate bodies... period!

(Which is WHY you all have to ask yourselves "Why has MS shipped the United States Military 'security-hardened' versions of its Windows OS', & not the rest of us?", because MS HAS, 2x now that I am aware of @ least, in 2004, & recently again, THIS YEAR...)

Want THAT kind of security on a Windows rig? It's doable, & QUITE EASILY, via a good tool that guides folks for it, via a checklist of "industry best practices", & 1 that makes it as simple as running a PC benchmark for performance gauging really, per this:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & yes, even VISTA (& it's descendants), + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=aeba48c4aeccd4a426f664b5db5574e8&showtopic=2662

----

Results? Ok:

http://www.xtremepccentral.com/forums/showthread.php?s=b38271cfc7ef82deafc78e2e2ef23a0f&t=28430&page=3

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" THRONKA user @ xtremepccentral.com

----

All with MOSTLY "native tools" already in your OS', or webbrowsers (the MAIN 'disease vector', via javascript especially (THIS NEEDS REVISION THE MOST, where is that EMCA script already, in other words?))... &, some 'good practices' to adopt, on the part of end users, which CAN make ALL THE DIFFERENCE, period.

APK

P.S.=> No, there is NO EXCUSE for laziness - & budget conservation's just FINE, that is, until you are hit by a security breach, & then you face lawsuits galore, for negligence... think about THAT much, CIOs/CTO's... apk

"It's the Windows way of thinking." - by KGBear (71109) on Wednesday July 22, @05:17PM (#28787937) Homepage

It's a way of thinking that works, IF you can follow some simple rules + suggestions by a tool called CIS Tool (reviewed well in COMPUTERWORLD & by other reputable sources also) & this guide below which goes "above & beyond" CIS Tool's suggestions (based on "industry best practices") in a stable, safe, & secure manner, IF you put a few practices "into motion" on it (&, a few others "out of motion", such as indiscriminately using javascript on every site under the sun for example):

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):

http://www.tcmagazine.com/forums/index.php?s=dec021749afe0b8139cbee0acf5e188f&showtopic=2662

----

The results of implementing that guide?

----

http://www.xtremepccentral.com/forums/showthread.php?s=a38e96d97e840cb3fe9e3762c05fd020&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" THRONKA user @ xtremepccentral.com

----

Thus, you can see that IF a person becomes "enlightened" (for lack of a better expression here) to what works for security on a Windows NT-based OS of modern variety (2000/XP/Server 2003 & even VISTA and beyond), they CAN & DO experience solid, stable, & safe(r) uptime + a better, & even F A S T E R online experience as well...

APK

P.S.=> It's NOT like you CANNOT secure Windows, you can... &, it works, as a single example testimonial from someone other than myself above, clearly demonstrates! You *NIX people, especially admins (users with a better password, because until you are a coder? You're only that, because all you do, is use tools guys like myself, create for you, to USE, period) are grossly misinforming others who use Windows (which happens to be the most used OS there is, from home end user machines up thru departmental servers, & clear into the "mission critical/enterprise class" range of systems also AND on the most used hardware platform for computing there is, in the x86 instruction set + CPU based family) w/ your "Pro-*NIX hype", especially on THIS website... apk

"But I also think it's silly to assume and design for Javascript unless Javascript is the whole point of your site. There's so many sites out there that use Javascript for things like drop down menus and sometimes even positioning where CSS would suffice and not require Javascript support it's silly. To turn away 1 in 20 users doesn't seem the brightest idea unless you're building a web application where absolutely the only way to do what you want to do is to use Javascript.

Javascript shouldn't be a requirement for the vast majority of the web, only for those sites that truly need it." - by Xest (935314) on Sunday July 19, @02:31PM (#28748981)

Agreed, 110% - As a user, a user of a webbrowser (or, email program, or even Adobe .pdf files etc. et al (i.e. -> Anything is capable of running javascript in essence)) should ONLY use & allow javascript for sites that DEMAND javascript, for absolutely FULL function (&, only on sites you trust)...

APK

P.S.=> It appears we can agree on some things... lol! Because, I get "into that topic" myself, here:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=f95071c12d0fc4e3d6b3c8b08dd8c05d&showtopic=2662

----

And people that've applied it have seen results like this (going on 2++ yrs. testimonial below, & no malware/trojan/virus/spyware/keylogger/worm infestations, period):

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com

----

And, on the same note as your statements here - I get into nearly exactly what you say, for security's sake, in it's 14th post, in the guide above (stop the delivery boy, the package never gets there (in bad javascript on bogus websites &/or bad adbanners))... apk

"Only behavioral controls will stop novel attacks, and you need to know what behaviors to stop. Simply stopping anything that might possibly be used to get control the system will leave you with a nonfunctioning system." - by blueg3 (192743) on Sunday July 19, @12:13AM (#28745469)

Agreed, 110%, & especially per my subject-line above (in regards to javascript mostly, but, also other things & practices to do OR avoid + more) - curb the use of it, most of the things affecting folks' machines adversely is avoided, especially in today's HEAVILY "online world"... most of the attack causes/root vectors (whatever) I see reported deal in javascript delivery mechanisms (more than malicious binaries downloaded & run)...

I recommend watching it with unlimimted, indiscriminate usage of javascript on "every site under the sun", @ least unprotected by something like NoScript (or just turning it off for MOST sites & leaving exceptions for sites that ABSOLUTELY DEMAND javascript for full/proper function only)...

And, as Ozymandias said in the film "The Watchmen"?

"So I resolved to apply antiquities teachings (usage of custom malicious site &/or adbanner blocking HOSTS files) to the world today, & so began my conquest: Conquest, NOT OF MEN, but, of the evils that beset them - Fossil Fuels (antivirus resident), Oil (antispyware resident), Nuclear Power (VM for security layers), are like a drug, & YOU GENTLEMEN, are the pushers..." - Adrian Veidt (Ozymandias), THE WATCHMEN

And since HOSTS files ARE "from antiquity" in computing? They work for that "behavioral modification", too, because of a simple principal: "You can't get burned, if you can't go into the kitchen"... & that goes for limiting indiscriminate javascript usage (NOScript + AdBlock for MOZILLA/FireFox products, & Opera's native "by site" preferences are perfect here in fact, but there's more for 'layered security', like filtering .PAC files + custom cascading stylesheets & more as well in that guide)

Those are 2 "novel techniques" that actually WORK, & for MOST folks, with 12 other things, in this guide for Windows users' security online:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=f95071c12d0fc4e3d6b3c8b08dd8c05d&showtopic=2662

----

And people that've applied it have seen results like this (going on 2++ yrs. testimonial below, & no malware/trojan/virus/spyware/keylogger/worm infestations, period):

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRON

"For what its worth, I don't use an A/V product either. And Like her, I also have a "pretty reasonable setup" and a dose of "common sense". But I'm still balancing the increased responsiveness and hassle-free experience vs the extra security. Its a trade-off that's worth it to me, but I recognize that it is still a trade-off." - by vux984 (928602) on Saturday July 18, @06:32PM (#28743977)

I recommend running one to folks in this guide for Windows users:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=f95071c12d0fc4e3d6b3c8b08dd8c05d&showtopic=2662

----

And people that've applied it have seen results like this (going on 2++ yrs. testimonial below, & no malware/trojan/virus/spyware/keylogger/worm infestations, period):

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com

----

Thus?

I say it's DOABLE to have results like that above, 100% uptime for YEARS to DECADES, + YES, on WINDOWS too... &, without AV & AS, but also, any virtualization layers (as they all lend to "performance-hits"), because I have the same here myself (along with many others)... AND, here??

I am going on a decade++ solid here now in fact, of safe 100% 'uninterrupted by online maladies' uptime, by doing the above.

HOWEVER:

Yes, even though I recommend the "layered security" of antivirus &/or antispyware programs for MOST users, just to be safe(r) online?

WELL, per my subject-line above?

Yes - I have been doing what I have seen as "running naked" (meaning w/out antivirus or antispyware programs running resident ALL THE TIME in say, your tooltray + their possible background services as well), & I have seen no problems...

Simply just by practicing what is in my guide above (going on more than a decade of safe surfing thru 3 machines now, never had a problem)

APK

P.S.=> Much of it IS, "common-sense", much of it is not - &, I'd still recommend folks run RESIDENT scanners for AntiVirus &/or AntiSpyware products in combination (say, NOD32 AV + SpyBot S&D AntiSpyware's teatimer product) for THEM to be safer...

However, here? I am not running either resident, & I'm saving CPU time, RAM, & other various forms of I/O as well by NOT keeping them running resident "all the time, 24x7", & I only use them as periodic manual scanners (say, on Sunday a.m. every week)...

100% safe & stable Windows uptime? It's doable, IF you know what you're doing - a LOT of safe computing simply boils down to that, just like it would safe driving... apk

What's not believeable, is yourself, with what appears to be ad-hominem attacks directed my way, from YOU (but, strangely, no attacking of my original posts' points (not!!!(sarcasm here)))... in fact?

The ONLY people that might "bitch" about what I've written about, are those gaining by its absence...

I.E./e.g. #1 of 2 -> Webmasters making monies off of users that visit like a leech might (that's right - don't LIKE that, "webmasters"? Find another way to generate revenue then, "your old road is rapidly aging" (Bob Dylan, The Times They Are A Changin') because adbanners have been shown to harbor malicious code, & for YEARS now (mainly since hosting providers for ads aren't even checking the code in said banners apparently, per this report from /. no less, this very website, here ->

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck... even MS themselves have been "hit" by this! Too bad, because I pay for my linetime out of MY pocket... I want ALL the speed I pay for, & adbanners only SLOW ME DOWN first of all, but for YEARS now? They've been shown to harbor malicious crap too, per the above (& yes, I can produce several JUST LIKE IT, with ease - just ask)!

SO - NO THANK YOU TO ALL OF THAT!

Hey - I'd rather have a no-commercials HBO-style internet (& judging by the success of things like mvps.org's HOSTS file, & NOScript + Adblock? I'd say others tend to agree...) AND, most of all??

Well - I'd rather have a safer online experience via HOSTS files that block both BAD ADBANNERS and KNOWN BAD SITES, which mine does (& my sources are places like mvps.org's HOSTS file, my own from 1997 to today, Stopbadware.org, Dancho Danchev's ZDNet security site, & also the HOSTS file page from wikipedia -> http://en.wikipedia.org/wiki/Hosts_file ALL completely reputable sources!)

ALSO???

I.E./e.g. #1 of 2 -> Hackers/Crackers + botnet masters & malware makers... for the BLATANTLY obvious reasons - if you show folks how to use layered security? It makes the efforts of the idiots I mention now, nearly moot... you can't get hurt, by what you never touch or see, basically... HOSTS files help here, immensely (alongside many other layers of protection)...

You CAN GET THOSE KINDS OF RESULTS... good ones... like what kind?

THIS KIND, COMPLETE WITH A TESTIMONIAL OF POSSIBLE RESULTS BY USING IT:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet i

"It's just not believable that someone cares that much about shaving a few bytes off a hosts file, or seriously proposes using such a gigantor one." - by Millenniumman (924859) on Friday July 17, @03:24PM (#28733673)

What's not believeable, is yourself, with your ad-hominem attacks directed my way (but, strangely, no attacking of my original posts' points (not!!!(sarcasm here)))... in fact?

The ONLY people that might "bitch" about what I've written about, are those gaining by its absence...

I.E./e.g. #1 of 2 -> Webmasters making monies off of users that visit like a leech might (that's right - don't LIKE that, "webmasters"? Find another way to generate revenue then, "your old road is rapidly aging" (Bob Dylan, The Times They Are A Changin') because adbanners have been shown to harbor malicious code, & for YEARS now (mainly since hosting providers for ads aren't even checking the code in said banners apparently, per this report from /. no less, this very website, here ->

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck... even MS themselves have been "hit" by this! Too bad, because I pay for my linetime out of MY pocket... I want ALL the speed I pay for, & adbanners only SLOW ME DOWN!

NO THANK YOU!

Hey - I'd rather have a no-commercials HBO-style internet (& judging by the success of things like mvps.org's HOSTS file, & NOScript + Adblock? I'd say others tend to agree...) AND, most of all??

Well - I'd rather have a safer online experience via HOSTS files that block both BAD ADBANNERS and KNOWN BAD SITES, which mine does (& my sources are places like mvps.org's HOSTS file, my own from 1997 to today, Stopbadware.org, Dancho Danchev's ZDNet security site, & also the HOSTS file page from wikipedia -> http://en.wikipedia.org/wiki/Hosts_file ALL completely reputable sources!)

AND?

I.E./e.g. #1 of 2 -> Hackers/Crackers + botnet masters & malware makers... for the BLATANTLY obvious reasons - if you show folks how to use layered security? It makes the efforts of the idiots I mention now, nearly moot... you can't get hurt, by what you never touch or see, basically... HOSTS files help here, immensely (alongside many other layers of protection)...

You CAN GET THOSE KINDS OF RESULTS... good ones... like what kind?

THIS KIND, COMPLETE WITH A TESTIMONIAL OF POSSIBLE RESULTS BY USING IT:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked

"You use it to filter fucking ad servers who you'll only ever be contacting via HTTP so would be much better served by an HTTP specific block such as say, a browser plugin or a proxy style app" - by Xest (935314) on Monday July 13, @01:22PM (#28679117)

First of all, my guide for securing Windows 2000/XP/Server 2003 contains references to that (layering those types of tools ontop of HOSTS files, for layered security), see here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=36f1cc98e45da59b7e9de03974163fe1&showtopic=2662

----

AND? HOSTS files are UNIVERSAL/GLOBAL, & browser addons/plugins are NOT. For example, some plugins (e.g.-> NoScript for MOZILLA/FireFox browsers) are ONLY for particular browsers (i.e./e.g. -> NoScript doesn't run on IE or Opera, for example)... However, HOSTS files cover ALL browers, all email programs (any program that is web-bound/internet-bound) from 1 central & easily managed location, using a text editor like notepad.exe...

WoW... AND, you are REALLY clueless, aren't you - are you trying to say that downloading adbanner data speeds up my system? It slows you down, and?? Adbanners have been shown to harbor malicious script in them (was "big news" here on this very website in fact, here):

----

THE NEXT ADBANNER YOU CLICK ON MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

----

Care to dispute the findings that even slashdot posted about? Good luck...

AND, I am NOT the only person noting you go faster online by using a custom HOSTS file (for blocking adbanners &/or hardcoding your favs into it for their URL-to-IP resolution, which also stops you from using possibly compromised DNS Servers (Dan Kaminsky did GREAT work last year & this year on that latter note by the by proving it happens via DNS poisonings etc. et al):

----

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now." Mr. Oliver Day, SECURITYFOCUS.COM

----

So much for your blatant b.s. (try to either learn to tell the truth, or learn how HOSTS files, really work (& for the benefits of users))

APK

P.S.=> Let's see YOU dispute & disprove that much above, ok? apk

"That's nice, but can you actually program?" - by Xest (935314) on Monday July 13, @01:22PM (#28679117)

Gee, does THIS answer that much:

http://www1.techpowerup.com//downloads/390/APK_Matrix_ScreenSaver.html

or how about this:

http://www1.techpowerup.com//downloads/389/foowhatevermakesgooglehappy.html

?

(Prepare yourselves for another "wall of text" & b.s. evasions or word-semantic gameplay - the 'trademarks' of the arstechnica trolls!)

Funny YOU should ask THAT though - I asked your forums members that question ages ago, circa 2000/2001 & was furiously trolled (& not a one could produce evidences like the 2 I just did, & over @ Windows IT Pro forums when Jeremy Reimer was caught impersonating me, email harassing me, off topic the whole time (trademark, like I said) & I asked him if HE had, he said he had - I asked for proofs? He had ZERO... typical arstechnica!)

They didn't like that, after they started up with me & I wanted to know their skillrange (only PeterB was 1/2 decent, but no programs to show back then either... on his part!)... I was trolled by them like now, ever since (man, almost 10 yrs. worth forums to forums - that's pretty sick & obsessive guys - get over it!)

Prepare for more easily beaten or deflected b.s., everyone & be entertained by how easy these arstech trolls are taken care of via simple facts & their own screwups:

----

"You use it to filter fucking ad servers" - by Xest (935314) on Monday July 13, @01:22PM (#28679117)

Yes, I do... you always THAT perceptive & 'smart' (NOT)? Even adbanners have been shown to harbor malicious scripts for years now, in fact, recently on this very site no less... & by doing so? I get an "HBO internet" no commercials, I stay safer, & go faster... lots of gains!

----

"There's a fundamental difference between the way they use it and the way you use it." - by Xest (935314) on Monday July 13, @01:22PM (#28679117)

Actually I use a HOSTS to do what Spybot does, because I use their data & ALL the ones @ wikipedia.com, + other sources like SRI too & more... to filter known bad sites, PLUS, to yes, block adgbanners (I pay for my linetime, I want ALL my speed, especially vs. adbanners TODAY, since they've been found to be full of bogus code & exploits too, & for years now on occasion)

----

"Similarly Spybot does not blackhole anywhere near the amount of hosts in the hosts file that you do." - by Xest (935314) on Monday July 13, @01:22PM (#28679117)

Great: I use mvps.org's HOSTS' file data too, & they do more as well... so are we "bad guys" for protecting ourselves...?

----

"Yet here you go again, you really don't understand layered security. There is little point in layered protection like you suggest on Windows, because it only takes one layer to be vulnerable for the whole system compromised because of the poor way in which Windows is architectedby Xest (935314) on Monday July 13, @01:22PM (#28679117)

LOL, you know, the same could be said of *NIX variants (look @ MacOS X's partially fixed only scripting hole still present for example, & they "rant & rave their stuff is unbreakable", or "doesn't get worms/botnets" etc. et al (I can provide CURRENT PROOF OF BOTH, would you like that??)

AND, seems folks do pretty well using my security guides to harden Windows, per this evidence testimonial thereof next:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://ww

"Prior to the invention of DNS, hosts files were the only way to do name -> address lookups on a IP network. So hosts files quickly became rather large." - by WuphonsReach (684551) on Monday July 13, @12:07PM (#28677687)

WuphonsReach - thanks for posting facts, vs. their misleading fictions etc. et al!

NOW - Want to laugh & see the type of thing I have been dealing with here?

See this one, it's CLASSIC (& there are TONS of others like it thru this thread, adhominem attacks galore, mistating facts, stating falsehoods, name calling & profanity + more DIRECTED MY WAY, instead of attacking my list of premises in my init. post's points (The "LORD OF HOSTS" is my 1st, start from there, review its points first & THEN see this) -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673713 )

Heh - You read that, & the posts immediately around it... (& tell me - SO, why was I modded down here for asking others to prove my points wrong for with concrete verifiable facts...?)

I also 'backup' my points as well, such as Oliver Day of SECURITYFOCUS.COM also recognizing the layered security value of HOSTS files here -> http://www.securityfocus.com/columnists/491

(That plus, let alone testing offered proof, like the URL above where the poster flipped out on me, spewing profanities + adhominem attacks on me galore, & THAT kind of thing? Hey, all thru this thread no less you can see it directed MY way, when I posted proofs either @ a coding or tools level for said tests & THAT is what I get when they KNOW my "naysayers" here have messed up hugely - GEEK ANGST, for lack of a better expression, is what gets directed my way with other "trollery")

Anyhow/anyways - Thanks for your time...

APK

P.S.=> DNS is all "fine & dandy" but... Dan Kaminsky's work shows it CANNOT be 'fully absolutely trusted' either though, due to DNS poisoning & other hacks/cracks foisted upon it as well as "holes" in it that appear over time (Not that I do NOT use them, I opt for the best one I know of is all, in addition to my HOSTS file, in OpenDNS)...

My security guide here, they say I am NOT using "layered security"? Hey see here, IF you are curious -> http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 & tell us what YOU think... again, thanks for YOUR time... apk

"Anyone who seriously uses a hosts file as a filter should be shot on sight" - by silanea (1241518) on Monday July 13, @09:48AM (#28675467)

Really? Are you threatening to shoot me or Mr. Oliver Day of SECURITYFOCUS.COM -> http://www.securityfocus.com/columnists/491

?

He uses one. Just like I do... it works, read his article! Spybot S&D, a respected antispyware program, also uses them & helps make them stronger too... I suppose you know more than me, but Mr. Oliver Day & Spybot's people?

I must be standing in the PRESENCE OF A GOD (a troll god)...

----

"Anyone who relies on the Windows firewall alone for security should be publicly whipped, anyone who does so in a corporate environment should, again, be shot." - by silanea (1241518) on Monday July 13, @09:48AM (#28675467)

I don't, & in fact?

I layer on several layers of software protection, in the interests of "layered security" (the recommended trend by security pros in computers) &, that seems to be doing well for others, not just myself:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 [tcmagazine.com]

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com

----

(Myself, many others & even their clients no less, per this guide above I authored, & testimonial to its effectiveness (it has done well too for others, not just me & mine & was often made an essential guide @ 15/20 forums its on, 5/5 star rated, most viewed (to the tune of 250,000++ in 1 yrs. time across those forums no less & it even got me PAID $100 @ pcpitstop for writing it, which is why I posted to as a service to others, for free no less, to be of service to others on my part))

Have YOU done the same, Mr. Wannabe expert?

APK

P.S.=>

"Anyone who uses FORTRAN or "pascal" examples in relation to on-client security on a modern Windows OS should be hung up by their genitals. For the love of Christ, please do the world a favour and take a C/C++ class!" - by silanea (1241518) on Monday July 13, @09:48AM (#28675467)

Uhm, I like Borland C++ & have used it on professional assigments, as well as MSVC++ too (since version 2.0)... "Don't speak too soon, for the wheel's still in spin (& there's no tellin' who that it's namin' (cuz the loser now will be later the WIN)" - Bob Dylan, per the watchmen lately...

apk

"Microsoft haven't really taken away the layers, they've just changed the underlying code structure of those layers. The firewall platform is still performing all the checks it always has, it's just integrated together now." - by Xest (935314) on Monday July 13, @08:42AM (#28674823)

QUESTION:

Does the NEW "WFP" model use 3 diff. drivers that operate @ 3 diff. levels of the IP stack, as the older models of Windows did (2000/XP/Server 2003) via ipsec.sys, ipfltdrv.sys, & ipnat.sys (working in combination with afd.sys & tcpip.sys etc. et al)?

(If not, then it is NOT the same...)

SO, please, don't avoid my question above, & simply prove your words are truth, because I'd like to be proven wrong, but I demand proof of it too, so I feel better about Windows 7 actually... so do so, with a little documentation to that end preferably from MS themselves, to answer MY QUESTION now, & thanks for your time...

(Why do I get the impression that he will NOT show up with said proof? Maybe because all my "naysayers" above & trolls fail to provide any either & all they do is troll & adhominem attack me here + mod my post down but do so without any facts backing them?? NAW, couldn't be (sarcasm))

These trolls, they "talk a good game" but proofs? I never see them from them... documented proofs, from respectable sources by the by, ARE REQUIRED on your part, like the ones I provided from MS themselves no less + other reputable sources.

-----

"The hosts stuff is a load of crap too, the top parent doesn't seem to understand what the hosts file is for, it's certainly not designed to be used as a 650,000 entry blacklist, it's merely meant to contain a couple of hosts and even then only as a fix for broken DNS" - by Xest (935314) on Monday July 13, @08:42AM (#28674823)

It would appear that even a Mr. Oliver Day of SECURITYFOCUS.COM disagrees with you, per his "RESURRECTING THE KILLFILE" article here -> http://www.securityfocus.com/columnists/491

(Got "counter evidence" from an equally reputable source as to HOSTS files effectiveness and that they do NOT work for better layered security above software firewalls, ipsec policies, port filtering, & hardware NAT router TRUE stateful packet inspecting routers all in combination (part of what I use only mind you, my guide covers far more))

----

"Real layered security comes quite rightly from separate devices, not separate pieces of software on a system. You might have a hardware router at the front, a hardware firewall behind it and so on. For most home users a simple router with a built in firewall is fine, but you'll probably want them separate in a commercial environment." - by Xest (935314) on Monday July 13, @08:42AM (#28674823)

Well, so YOU say (do you have any degrees or certifications in security to back you up even as an alleged authority? Mr. Day does above I wager & he writes for a respected site, I have degrees in this science + 15++ yrs. of actual hands on ranging from programming/architecting thru network engineering on the job + 8 languages under my belt I have used on/off during that time coding too)... this result & person, THRONKA, seems to disagree with you though, & he uses my techniques for "layered security" which DO include hardware routers & multiple software defenses (so "don't speak too soon for the wheel's still in spin, & there's no tellin' who that it's namin" per Bob Dylan):

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 [tcmagazine.com]

A TESTIMONIAL OF ITS EFFECTIVENESS: (se

"Get a hardware firewall already, or NoScript or something" - by Fred_A (10934) on Monday July 13, @07:46AM (#28674431)Homepage

Per my subject-line, Fred? As to your "something"?? What would you think about results like this, on Windows???

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=684fc342293777e89be01afad224dc63&showtopic=2662

----

A TESTIMONIAL TO ITS LAYERED SECURITY EFFECTIVENESS FOR A USER OF ITS POINTS & PRINCIPALS FOR HE AND HIS CUSTOMERS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, a user @ xtremepccentral.com who applied my guide above's points...

----

(AND, that guy above in THRONKA's NOT THE ONLY ONE WHO SEES THAT EITHER - the guide's become a 5/5 star rated one, or "most viewed" in forums, or made an "ESSENTIAL GUIDE", or sticky/pinned thread @ across 15/20 forums it has been on in 1 yrs' time, to the tune of 250,000++ views strong... but, more/MOST importantly is, it works, & is proof that Microsoft Windows CAN be secured... now, if only MS would ship Windows thus, eh?).

My guide's ALL about layered security, & as you can see? IT WORKS... unlike others' less comprehensive methods @ times... including yours, but... oddly?

My guide has your points & FAR MORE (for layered security, & IT WORKS) & HOSTS files (and why, see below, other notables in this field are noting it in fact as good) + a lot more too (& CIS Tool? What makes it easier for folks?? May appeal to you also, if you use Linux, Solaris, BSD's etc. et al also (it's multiplatform, based on industry best practices for each & helps large - see the results again for windows folks though, above, for your reference Fred & enjoy...)).

APK

P.S.=> As to "how it works in Windows", well it can use HOSTS files as an added layer of protection & even Mr. Oliver Day of SECURITYFOCUS.COM finds them useful & is thinking it may be time to "RESURRECT THE KILLFILE", from the 'olden days' (I was there too, sounds like YOU may have been too, on a *NIX judging from your reply no less), here -> http://www.securityfocus.com/columnists/491

Take a read, & "Drink that in, & digest it", Fred (some 'food for thought'), & thanks for your time... apk

Per my subject-line above? THANKS FOR GIVING YOURSELF AWAY arstech troll... lol, too transparent (you're doubtless modding this down, but, your mod downs don't work vs. the facts & tests I put out, now do they?? Who do you think you are fooling @ THIS point, with an attempt @ an ad-hominem attack on myself???)

Ah, hilarious, but here we go (time to make you "eat your words" for what? Around the 5th time this week as I have in other threads where you tried this????)

"But you try and justify it all by talking about security so I figured hey, I'll see what this guys credentials are. Well, a quick search turned this up:

http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=51276 [ca.com]

A piece of software that can arbitrarily run applications invisibly? Sorry what, did you really try and throw such a security threat onto consumer's PCs??" - by Anonymous Coward on Monday July 13, @05:00AM (#28673669)

AHEM, another test (readers, you're going to LOVE this one) PLUS, proofs as is usual from me vs. my "naysayers/detractors" like this one all thru this thread & others:

I want you to write NIR SOFER, or Dr. Mark Russinovich even of MS fame, & ask them if THEIR wares have been detected as malwares as mine has falsely!

(Nir & I have a conversation going on this too by the by)...

YES - soon, we're going to make another "break thru", with Nir's help & possibly the "good doctor's" also... in regard to 'false positives' by AV & AntiSpyware companies so please - do write NIR SOFER of Nirsoft fame...

AND, By the by?

My app is LISTED WITH ZERO THREAT LEVELS

(Fact is, almost to this day last year? I approached Greg Jensen about this, took their removal test, 21 questions? I do NOT violate even 1 of them (but, my program, like Dr. Russinovich's PSExec & other PsTools? Can be misused, unfortunately))

Now, they also list it & have since 2004 when a fool named "THOR SHROCK" (schmuck is more like it) put it up there as "Peter Kowalski", so I would never find it by querying google... all others removed it from their lists mind you, but not Thor SCHMUCK or CA.

(Fact is - I wrote it, in GOOD faith & with GOOD intent, for a forums person @ NTCompatible.com & decade ago or more, to launch Apache server for Windows "invisibly" since it would not by default in older models back then on Windows is all... but, like a gun (or ping even)? It can be misused, depending on parameters used (like ping of death) OR, what is loaded into it).

I can't control people, or how they use a program, anymore than I can with what folks do with guns which are useful, but also, deadly... & guns? Guns do NOT kill folks, people do.

APK

P.S.=> You seem "bent on discrediting me", ad-hominem, & apparently after you reading ALL my proofs above, & challenges above to my 'naysayers' which none dare to 'bite on' or try by this point?

WELL, this is ALL you are left with?

LOL... ok, fine, it's enough for me to see you "reduced to that", lol, but now? My turn (as to accomplishments of mine that help folks):

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662 [tcmagazine.com]

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free!

I was told last week by a co worker who doe

Please read this thru, & consider its points (above & beyond what I wrote above)... thanks for your time:

"To really fix the security of windows they'd have to redesign it from the ground up" - by Anonymous Coward on Monday July 13, @03:13AM (#28673255)

All that's REALLY needed, is to "ship WINDOWS out the door", thus:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA even, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=e4473be2a007d388932bb27882f6f31c&showtopic=2662

TESTIMONIALS OF ITS EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com

----

"In any case any filtering / firewalling / proxying that windows itself can do generally can be done a LOT more efficiently by a dedicated function setup not running Windows but something like PFSENSE, IPTABLES, SQUID, SNORT" - by Anonymous Coward on Monday July 13, @03:13AM (#28673255)

WELL, the fellow above (& myself + others I can produce quotes from if you wish, no less, who have used my guide above)? MIGHT tend to disagree... lol!

AND, my guide (which goes FAR above the points I note here in this post you replied to, proactively showing users how to use layered security via easy points to follow + an EASY TO USE well noted tool, in CIS TOOL)?

My man - IT works & goes FAR beyond mere HOSTS files usage, which mind you? Even OTHER "security gurus", like Oliver Day of SECURITYFOCUS.COM "see the light on" & agree with me on, per this posting of his -> http://www.securityfocus.com/columnists/491

No... you CAN secure a Windows system to the levels that you don't see hassles like infections by malwares etc. et al... In fact, I am doing something here called "running naked" & NOT using ANTIVIRUS + ANTISPYWARES RESIDENT (which produce false positives, & slow you down etc. & sometimes just DO NOT WORK vs. threats they are not aware of, rootkits, or various new "blended threats", period)... no infestations, & THRONKA's heading on 2++ yrs. solid now with his clients seeing the same... myself? Thru my past 3 systems, 10++ yrs. now... no joke, no lie.

(AND, that guy above in THRONKA's NOT THE ONLY ONE WHO SEES THAT EITHER - the guide's become a 5/5 star rated one, or "most viewed" in forums, or made an "ESSENTIAL GUIDE", or sticky/pinned thread @ across 15/20 forums it has been on in 1 yrs' time, to the tune of 250,000++ views strong... but, more/MOST importantly is, it works, & is proof that Microsoft Windows CAN be secured... now, if only MS woul

"The HOSTS file was never intended as a filtering mechanism, and MS, et al have no obligation to make it work or continue to work for that purpose." - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

Pretty CHEAP "cop out" that I say, but, have you considered its merits in LAYERED SECURITY? Oliver Day of SECURITYFOCUS.COM has, here -> http://www.securityfocus.com/columnists/491

----

"Run a proxy or firewall." - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

I do, & you had best read the rest of my post regarding the new WFP based single part firewall, AND WHAT ROOTKIT.COM FOUND, in regards to NDIS 6 based firewalls also (see my first post, you guys are SKIMMING & MISSING THE REST OF WHAT IT NOTES - because I cover what you state also, & all for "layered security" - thanks!)

HOSTS do work as a layered security filter though, regardless of what YOU state!

(AND, hey - Even "security guru" Oliver Day @ SecurityFocus.com sees its usage thus -> http://www.securityfocus.com/columnists/491

AND??

So do folks like "SpyBot Search & Destroy" also (since their app populates not only the HOSTS file, but, also files like Opera's Filter.ini, FireFox's block lists, & IE Restricted Zones also, for LAYERED SECURITY (this is the trend & recommended practice by security folks by the by, myself included))

AND, I want you to PLEASE, read this, all the way thru (and my original post, you guys are blowing off really important stuff to consider):

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673103

Read it ALL THE WAY THRU... thanks! "Drink it in, & digest it", then, form your opinions...

----

"The ludicrously minimal built-in firewall was never intended to be an anti-spyware utility. If you want to run dangerous code on your system, and not have it bypass your security, then relying on any version of Windows' firewall is insane. More than half of the windows GUI runs SUID root, for chrissakes!" - by geekboy642 (799087) on Monday July 13, @02:06AM (#28672989)

I don't depend on ANY single layer, & espouse LAYERED SECURITY... in fact, I wrote a guide that has gone across the internet in 1 yr. to a total views mark of 250,000++ by now & rated 5/5 stars, made an "ESSENTIAL GUIDE" @ nearly all forums it is on, plus showing folks (once they apply ALL my points, & practice a few simple things, including HOSTS files usage) stating things, like this, verbatim for themselves & even clients who paid them to implement it for them:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=684fc342293777e89be01afad224dc63&showtopic=2662

----

TESTIMONIAL TO ITS LAYERED SECURITY EFFECTIVENESS:

----

http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client

"until I hear about a botnet of macs, I'm going to be skeptical that virus software is necessary on a mac" - by je ne sais quoi (987177) on Thursday July 09, @10:17AM (#28636099)

----

Zombie Macs Launch DoS Attack:

http://it.slashdot.org/article.pl?sid=09/04/16/2327246

----

"I'm going to be skeptical that virus software is necessary on a mac" - by je ne sais quoi (987177) on Thursday July 09, @10:17AM (#28636099)

I'm actually "skeptical" that it's needed on a PC, especially after one secures a modern Windows NT-based OS (2000/XP/Server 2003 or even VISTA + Windows 7) using the principals outlined here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=4e828ad4a06cd24b41b938af0bed9a8c&showtopic=2662

----

It works (& yes, it suggests resident antispyware + antivirus programs... but, the guide was geared to help the TOTAL novice understand how to secure a PC, & the extra meaures of keeping a resident antispyware + antivirus around running helps them... but, I have actually done the concept of "running naked" for more than 1/2 a year now & am free of infestations/infections of ANY kind... just by practicing "smarter/safer computing", especially online - & that guide goes HEAVILY into that (many of you all know this stuff, but, maybe NOT all of it))

APK

P.S.=> None of them are "110% absolutely safe", but Windows rigs run on the MOST used hardware platform there is, x86, & have the possession of the largest market share from home users, thru departmental LAN workstations + servers, up to "Mission Critical/Enterprise Class" back office servers... thus, they're GOING TO BE THE MOST TARGETTED by those after monies or information (which is, monies & power in the end)... think about it - IF you were a malware maker/botnet master, wouldn't YOU target the largest target you could, with 1 single codebase? Sure you would... apk

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662 [tcmagazine.com]

I'd hate to break this to you, but when I made the switch, my PC had died. Dead HDD, dead motherboard, dead PSU, and possibly dead RAM. Your guide is not a guide to necromancing dead PC hardware for free or even cheap. It's how to harden a crapware OS.

"I do have the facts." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

Where are they, & where did I state anything different than what you have here below next:

"The fact is, unless you're running something that opens ports and leaves you waiting to accept packets from somewhere, you're safe. Period." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

I've been saying that all along, show us where I haven't?

"Your browser is always a vector for infection, but nothing you can(Other than regular patching) do can really stop a compromised browser from performing a privilege escalation then doing whatever the fuck it wants" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

LOL, javascript, is the "deliverer/harbinger of doom" here...

My guide suggests javsscript limited usage - I also noted it here, in addition to other measures to secure a browser (my guide covers TONS more that work as well "layered onto" those for COMPLETE AS POSSIBLE PROTECTION)!

AND, ABOVE ALL ELSE? Evidence, that it surely seems to work out well for this person quoted below in THRONKA (since javascript via browsers AND ADOBE delivers 95% of the hacks/cracks/malware, even in adbanners) as well as his client & her kids, + MEK_LoveBug a responder here and myself (plus many others I can produce who did well or liked the guide I wrote up for them that allows them to avoid SPENDING $2,000 - $3,000 for no good reason, when securing Windows is a CIS Tool usage + some minor rules & education for them?)...

SO - You spent #2,000 for a Mac? Well, & could have done THIS, for free (instead of running from Windows, doubtless but apparently because of your NOT doing stuff like below, in Windows)

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

& had results like these on Windows, 4 free also:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

"Linux is pretty damn close though" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

It's got security issues galore in it's time too, & other hassles (sound system coding Adobe said, for instance, is a nightmare & recently, ext4 caused file damage/losses & still does if a coder doesn't alter his coding (how many can be reached for that @ once etc. et al) for filesystem usages, forcing wholesale rebuilds of any app that talks to the sys

"You are officially an idiot." - by RyuuzakiTetsuya (195424) on Monday June 22, @11:53PM (#28434419)

Well, I didn't spend $2,000++ when I can do as well security-wise, free... so, who's the idiot, rotflmao?

MATH TIME! 271 known vulnerabilities over time, & for the version of Windows I use no less, vs. MacOS X latest @ 971 known security vulnerabilities over time? Do the math, unless you find it TOO difficult that is... lmao!

Both have 1 known unpatched hole - but, I can fix mine 2 ways, & F A S T, plus within 4 clicks tops on 1, & less on the other.

Can you patch the single MacOS X flaw that produces 3 problems in the hack present still, of System Access/DDOS-DOS/Prilege Escalation exploit?

If so? How so... using CHOWN (which your original "security recommendations" for MacOS X users "StRaNgEL" omitted (not)).

(You had to use it in the end, vs. that known exploit MacOS X has, & also to stop the attack the likes we discussed me doing to you (which I don't do stupid stuff like that, period - fact is, I use my saavy to help others against it!))

(See, that last one, privelege escalation attacks? YES - happens on Macs too, despite you only saying Windows had that in your rant of which I can easily counter each point vs. Windows posts of yours here...)

That's just another proof of my stating the *NIX crew is either not that good, or, state 1/2 truths.. readers decide from those choices I say after all this, lol!.

(AND, by the by? HIGH end Macs I've seen go for $3,000 after all is said & done - I did guess 1 thing wrong: I thought you might have bought "the very best" but, like your security measures?? LOL, you don't... read on!)

"you can buy a mac for under a grand." - by RyuuzakiTetsuya (195424) on Monday June 22, @11:53PM (#28434419)

Yea, lol, U can blow THAT much ca$h, or this 4 free:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

& had results like these on Windows, 4 free also:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

NOW, minus the usage of CHOWN on your part? You suggested this originally no less:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing,

"No, you don't." - by RyuuzakiTetsuya (195424) on Monday June 22, @10:25PM (#28433503)

Others' results seem to say otherwise, see here, again (so it "sinks in"):

$1,500, BEFORE TAX?? LOL... and you abandoned Windows, which can be secured FAR better than its defaults, & you conceded that much finally...???

Hey, you could have spent 1-2 hours using this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

And had results like this:

----

Again -> http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

You suggested this originally no less:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, by way of comparison? Here is what Apple themselves recommend:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended, original, above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny: The recommendations, from Apple computer no less? They are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (

(2000/XP/Server 2003 & to a good extent, even VISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control) via the kernel hooking addon to Linux, which isn't native to its original builds, & only lately have linux distros distribute it or AppArmor (iirc, this is the name of the one other than SeLinux))

LOL: Later, you suggest & USED, CHOWN... but you did not suggest that to others in your "security recommendations for Mac users", why is that?

BECAUSE you HAD to use to secure your MacOS X setup fully vs. various attacks!

(Including your "test" you wanted done, and it fits what the people from SECUNIA.COM recommend vs. the single known exploit that exists on MacOS X (that produces 3 problems of System Access, Privelege escalation, & DOS/DDOS),

You overspent this:

"My macmini was only 500 and my macbook was only 999. You can get a MacBook Pro for 1,129. MacBook Airs are now only 1,500! Talk about a straw man argument." - by RyuuzakiTetsuya (195424) on Monday June 22, @09:59PM (#28433265)

That's what? $1,500, BEFORE TAX?? LOL... who's the "straw man"???

(Plus, you abandoned Windows, which can be secured FAR better than its defaults, & you conceded that much finally... & NASDAQ shows 99.999% stable & secure uptime using Windows Server as I do????)

Hey, you could have spent 1-2 hours using this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

And had results like this:

----

Again -> http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

You suggested this originally no less:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, by way of comparison? Here is what Apple themselves recommend:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended, original, above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny: The recommendations, from Apple computer no less? They are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (

(2000/XP/Server 2003 & to a good extent, even VISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control) via the kernel hooking addon to Linux, which isn't native to its original builds, & only lately have linux distros distribute it or AppArmor (iirc, this is the name of the one other than SeLinux))

LOL: Later, you suggest & USED, CHOWN... but you did not suggest that to others in your "security recommendations for Mac users", why is that?

BECAUSE you HAD to use to secure your MacOS X setup fully vs. various attack

"What you will do is snip off where ever it is convenient for you not to have to face a certain reality then quote that and take that on like it's the point I'm making. That's called the straw man fallacy." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:38PM (#28416257)

Ok, then I will quote your original 'security recommendations' for MacOS X users, for all to see first:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, by way of comparison? Here is what Apple themselves recommend:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended, original, above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny:

The recommendations, from Apple computer no less?

They are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (2000/XP/Server 2003 & to a good extent, even VISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control) via the kernel hooking addon to Linux, which isn't native to its original builds, & only lately have linux distros distribute it or AppArmor (iirc, this is the name of the one other than SeLinux))

Which you HAD to use to secure your MacOS X setup fully vs. various attacks (including your "test" you wanted done, and it fits what the people from SECUNIA.COM recommend vs. the single known exploit that exists on MacOS X (that produces 3 problems of System Access, Privelege escalation, & DOS/DDOS), just as I recommend to Windows users (easy to do for both filesystem &/or registry) - proving you NEED to do more than what YOU recommended initially @ least!)

(YOU defeat yourself for me, everytime almost & NOW by "amending your original guide" by adding in suggestions of CHOWN work, which I basically tell Windows users how to do it on Windows NT-based OS in my guides... sheesh, thanks!)

----

"Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

The idea, the RIGHT idea, is to "lock down your machine incredibly tight" as is possible though, albeit w/out impacting useability!

SO - Care to show me what makes a machine "unusable" in my guides for Windows users here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

???

AND, per your statement I quoted above? THAT would be "the right idea": To lock it down as tightly as possible, w/out impacting useability (which I felt that MS ships Windows way too "open" by default - thank goodness it only takes 1-2 hours to secure it, tops (and, it remains completely useable no less))

CONVERSELY? YOUR "SECURITY GUIDE/SUGGESTIONS" I QUOTED ABOVE, YOUR ORIGINAL ONES? ARE WAY TOO "OPEN"...

----

People like you, are part of the problem, with your "1/2 baked, good enough" view, like this below:

"If you're a business and you're handling sensitive data, sure, go rig

I was published for wares I wrote, and things I did that actually accomplished tasks/goals for folks (inclusive of commercially sold code in a commercial ware for server users, but end users can use it also), as well as for guides & such.

NOW, again: Have YOU ever been? No... otherwise you'd have put that out already...

"How the hell did you get published with your atrocious use of the language?" - by RyuuzakiTetsuya (195424) on Monday June 22, @05:31PM (#28429365)

Now, you get that PHD in English? You can make comments on others' writing... until then? That's only YOUR opinion, others vary vs. yours, like the 100 or so "mod ups" I have here I showed you, which again, is another something you cannot match that I have done...

AGAIN: BOTTOM-LINE IS THIS, about your 'security suggestions', & how short you fall in them (inclusive of your suggesting chown work later on but not originally):

----

Guys like you, that think "1/2 baked is good enough" are the problem!

"Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

The idea, the RIGHT idea, is to "lock down your machine incredibly tight" as is possible though, albeit w/out impacting useability!

SO - Care to show me what makes a machine "unusable" in my guides for Windows users here:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

AND, per your statement I quoted above? THAT would be "the right idea": To lock it down as tightly as possible, w/out impacting useability (which I felt that MS ships Windows way too "open" by default - thank goodness it only takes 1-2 hours to secure it, tops (and, it remains completely useable no less))

CONVERSELY? YOUR "SECURITY GUIDE/SUGGESTIONS" BELOW, YOUR ORIGINAL ONES? ARE WAY TOO "OPEN"...

"If you're a business and you're handling sensitive data, sure, go right ahead, but, if you're not, why bother?" - by RyuuzakiTetsuya (195424) on Monday June 22, @05:26PM (#28429255)

That's not a very intelligent question, especially on the topic of security: Ever think others do have 'sensitive info.' on their machines? Sure, I'd recommend @ least offline storage instead, but sad fact is, folks do keep sensitive info., AND there are "keyloggers" which can steal it "on the fly" when you use sites like online commerce/shopping + banking sites for example too!

----

"Actually my suggestion was" - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What your ORIGINAL SUGGESTION was, for securing MacOS X IS QUOTED BELOW

(& does not include CHOWN work, which is what both myself AND APPLE both recommend (I called it what it is on Win32, ACL changes, & it's analogous somewhat to CHOWN work in Mac/BSD or any *NIX (more like SeLinux kernel patch adding MAC to Linux (mandatory access control) & only later for your "test" did you suggest using it)...

YOUR ORIGINAL HOW TO SECURE A MAC OS X SUGGESTIONS QUOTED, IN FULL:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

SO - If this is more "security recommendations" on YOUR part? YOUR SUGGESTIONS now seem to be changing & adding on

It's guys like you, that say "1/2 baked = GOOD ENOUGH" that are the problem:

"Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

The idea, the RIGHT idea, is to "lock down your machine incredibly tight" as is possible though, albeit w/out impacting useability!

SO - Care to show me what makes a machine "unusable" in my guides for Windows users here:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

???

AND, per your statement I quoted above? THAT would be "the right idea": To lock it down as tightly as possible, w/out impacting useability (which I felt that MS ships Windows way too "open" by default - thank goodness it only takes 1-2 hours to secure it, tops (and, it remains completely useable no less))

CONVERSELY? YOUR "SECURITY GUIDE/SUGGESTIONS" BELOW, YOUR ORIGINAL ONES? ARE WAY TOO "OPEN"...

"If you're a business and you're handling sensitive data, sure, go right ahead, but, if you're not, why bother?" - by RyuuzakiTetsuya (195424) on Monday June 22, @05:26PM (#28429255)

That's not a very intelligent question, especially on the topic of security: Ever think others do have 'sensitive info.' on their machines? Sure, I'd recommend @ least offline storage instead, but sad fact is, folks do keep sensitive info., AND there are "keyloggers" which can steal it "on the fly" when you use sites like online commerce/shopping + banking sites for example too!

Read on!

----

"Actually my suggestion was" - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What your ORIGINAL SUGGESTION was, for securing MacOS X IS QUOTED BELOW (& does not include CHOWN work, which is what both myself AND APPLE both recommend (I called it what it is on Win32, ACL changes, & it's analogous somewhat to CHOWN work in Mac/BSD or any *NIX (more like SeLinux kernel patch adding MAC to Linux (mandatory access control))...

YOUR ORIGINAL HOW TO SECURE A MAC OS X SUGGESTIONS QUOTED, IN FULL:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

SO - If this is more "security recommendations" on YOUR part? YOUR SUGGESTIONS now seem to be changing & adding on a LOT more than you first suggested!

In fact, now? Suddenly now, your suggesting CHOWN type work, & it's going along the lines of how APPLE themselves recommend, as do I for windows folks, & now you state FAR more than you did originally:

----

"It's a put up or shut up moment. Either browsing is inherently safe or it's unsafe. Prove me wrong that running a default install of Mac OSX 10.5 with Firefox can be as unsafe as IE7 on Vista and I'll shut up. You don't even ahve to put something up, just point me to a proof of concept that someone else put up and I'll do it." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Didn't you state you were aware of cross browser exploits via javascript? Yes, you did, here:

----

"I know there are dozens of various browser cracking techniques that go across various browser platforms. From IE to Firefox to Webkit based browsers or even Opera." - by Ryuuza

You can always use a HOSTS file! Why?

The beauty of that is, IS that HOSTS files (custom ones especially for THIS type of lunacy occurring) extend to EVERY web-bound app you have (unlike Adblock/AdBlock Plus, that only work in Mozilla/FireFox products)

So - think programs like Email also, where HTML is used (alongside scripting, the REAL "problem" (with bad adbanners for example, it IS the "delivery mechanism" basically - because it's truly the "root of all evil" here most times, & anyone can verify that statement @ SECUNIA or SECURITYFOCUS.COM for example, from their last 4-5 yrs. of data or more on records of exploits they have)).

HOSTS files provide not only security benefits here, but, also speedup benefits too, as a bonus (by blocking ads you gain speed, but blocking scripting even gets you more (only use it on sites you trust OR cannot do without to stay safe(r) vs. bad scripted pages/bad scripted adbanners)).

HOSTS files, customized ones, work here... & it's a solution that's easily edited/added to, + understood by users, as a bonus - Because as one of my best pals whom I 'turned onto' these has stated, verbatim? "All you need to do, is know how to use notepad.exe, how to read english, & to get a decent one to start with - as well as sources that update the data one needs to blockout bogus sites" (& I list a few below!)

The one I use here is populated with my own lists for HOSTS files since 1997 (30.000 entries long, mostly for adbanner blocking @ first 1997-2001), then later for security 2002 onwards...

I extended it further (to 654,000 unique entries currently & yes, I have to stop the Windows DNS client for that, it's 14mb for Windows NT/2000/XP/Server 2003, & up to 19mb (using 0.0.0.0) OR 26mb (using 127.0.0.1) for Windows VISTA/Server 2008/Windows7) per sources like:

1.) StopBadWare.org
2.) SRI
3.) Dancho Danchev's ZDNet Blog
4.) SpyBot "Search & Destroy" Immunize lists
5.) PLUS/LASTLY, using other reputable known HOSTS files shown @ wikipedia.com, here -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org]

All DAILY updated here, or nearly daily.

(& kept free of repeat entries via a program I wrote to do that, as well as alphabetize the entries, plus change them to a "faster up off disk into memory" internal schema for blocking out bad sites & adbanners, by going from the larger, slower 127.0.0.1 default loopback adapter IP, to either 0.0.0.0 (for VISTA/Server2k8/Windows 7, a mistake on MS' part I mentioned to they here -> http://blogs.msdn.com/e7/archive/2009/02/09/recognizing-improvements-in-windows-7-handwriting.aspx?CommentPosted=true#commentmessage which they started on 12/09/2008), OR the fastest & most efficient 0 blocking IP address))

HOSTS files are a good layer for this, then you can also "layer on" IE Restricted Zones, Opera filter.ini/urlfilter.ini, & FireFox addons like NoScript + its internal to browser restricted sites lists ontop of them, for the utmost in security protection AND speed (I do other things like use custom cascading style sheets & PAC file filtering as well, but those are another subject)... & guys? LAYERED SECURITY IS "the trend" & recommended pursuit by any 'security-saavy' person out there & yes, it works!

APK

P.S.=> HOSTS files give you that "Layered security" in addition to my last paragraphs' suggestions above & this guide I authored AS WELL AS MORE SPEED ONLINE...:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=d9ab7ff1c912db0a0

"Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

Neither do Windows NT-based OS users, once they cut the "SERVER" service... that controls all/each of the things you note, & if they only have a SINGLE system @ home, or more that are not "networked to one another"? Problem solved... easily! You can layer on more defenses ontop of that simple measure, just in case you DO 'suck in' a malware that reactivates it, & the guide I post below, shows how!

----

"Sure, disabling autorun, running firewalls, virus scanners, etc. is great computing practice, I think it's more to expect from a typical home user who just wants the damned thing to work regardless" - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

Want to "do it right", & as EASY as possible? See here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):

http://www.tcmagazine.com/forums/index.php?s=da9e00ecfeb1ec4065b3c748e4ee4e02&showtopic=2662

----

And, it works...

(Nicest part is, that the CIS Tool makes it as SIMPLE as it gets for Windows XP users to secure themselves @ the registry + filesystems levels by guiding them as to what to do & the directions are detailed enough & good, & then using Windows Server 2003's "SCW" (security configuration wizard) does as well, & it's "built in" as an addon you can install in Windows Server 2003).

APK

P.S.=> Layered security, above & beyond the std. practices of a software firewall, antivirus, &/or antispyware programs resident + how to make it as easy as it gets (due to the CIS Tool making it so) to have a secured Windows NT-based OS of modern variety, step-by-step, & for a user's opinion of it (just one of MANY)? See here:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

"I'm sure you already know about unix permissions and SELinux. Have you tried running Firefox via chroot on windows yet? Linux is more secure, period. It's not perfectly secure, but it has never had a major virus. Neither, AFAIK, has Mac OS X. Also, linux can be made more secure than just about any other OS, without losing functionality." - by Anonymous Coward on Friday June 12, @11:29AM (#28308857)

I sure do, & note it in this article (yes, it's for Windows, & allows securing Windows NT-based OS of "modern variety" (2000/XP/Server 2003 & even VISTA etc. et al) FAR better than they are by default) ->

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& Beyond):

http://www.tcmagazine.com/forums/index.php?s=1cfece2a1c826e6840c98db9377ac9c8&showtopic=2662

----

CIS Tool is also noted well by COMPUTERWORLD, & is MULTIPLATFORM (meaning *NIX users (BSD &/or Linux variants + SOLARIS users can use it as well)... in fact, Bert64, a user here on /.? His results are featured in that guide, 1st post... & he used SuSe Linux iirc!

SeLinux is a set of kernel hooks (kernel patching) that allows better than std. *NIX permissions, but then again? So do Windows NT-based OS' ACL's... & yes, they work:

Would you like to see others' results which have been just like my own from that guide above?

(With myself & others seeing no virus/trojan/spyware/malware in general infections here for more than a decade using the principals &/or techniques my article above notes on Windows)? I can supply them, just ask (url's & quoted testimonials)

Try this one, for starters:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral)

----

"It's a very nice troll, but we're not talking out of our asses here." - by Anonymous Coward on Friday June 12, @11:29AM (#28308857)

Funny: The lists I put up of over 50++ virus/trojans/worms & other exploits possible on Linux in my previous responses to you, DO seem to show QUITE otherwise...

APK

P.S.=>

"The wikipedia article is cute." - by Anonymous Coward on Friday June 12, @11:29AM (#28308857)

Sure is: It shows over 37++ virus/trojans/worms & other exploits possible (or, were possible) on Linux... apk

"Gee, you had to go back 8 years to find three issues. The first one isn't even malware, just bad programming by the vendor that reduces performance. The next two are specific to Apache web servers, NOT Linux." - by parodyca (890419)
on Friday June 12, @10:12AM (#28307657) Homepage

Does it matter how far back I had to go, & no, not all are from "8 yrs. ago", because below also shows otherwise!

So, to prove the subject-line is bullshit? I provided contrary evidence thereof...

However, it appears You need more proofs then, apparently, so here you are/"ask & ye shall receive":

Linux RAMEN Worm:

http://service1.symantec.com/sarc/sarc.nsf/html/linux.ramen.worm.html

Net-Worm.Linux.Mighty:/b>

http://www.viruslist.com/en/viruses/encyclopedia?virusid=23864

DroneBL Security researchers warn of Linux Router worm (PsyB0t)

http://www.tcmagazine.com/comments.php?shownews=25399&catid=5

Linux ADORE Worm:

http://www.sss.ca/sensible/home.nsf/6481a22be8dfdd19852568c900171fc6/abbbaec934169f6d85256a280054fd31?OpenDocument

New Worm Targets Linux Web Service Holes:

http://www.eweek.com/c/a/Linux-and-Open-Source/New-Worm-Targets-Linux-Web-Service-Holes/

gicumz worm:

http://blogs.securiteam.com/index.php/archives/305

Linux malware list (37 Viruses, worms, & trojans on Linux):

http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses

(Want more?? I'll supply them... & they're not all "8 years back either", don't you OR can't you read & determine dates? Apparently not...)

APK

P.S.=> Better luck next time, because all of your "it's old news" b.s. propoganda doesn't matter, if your subject-line is absolute b.s. - gotta love the Linux Penguin crew around here, with their "straight outta pravda" 1/2 truths they spout... lol! apk

"Don't panic, we will be ok! I have Windows Firewall!!!" - by C_Kode (102755)
on Thursday June 11, @04:23PM (#28299531) Homepage

Yes, you do, but you also have this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):

http://www.tcmagazine.com/forums/index.php?s=da9e00ecfeb1ec4065b3c748e4ee4e02&showtopic=2662

----

And, it works...

APK

P.S.=> Layered security, above & beyond the std. practices of a software firewall, antivirus, &/or antispyware programs resident + how to make it as easy as it gets (due to the CIS Tool making it so) to have a secured Windows NT-based OS of modern variety, step-by-step... apk

Any reason you cannot use this tool you note alongside a custom HOSTS file? After all - Layered security is "the trend", & to be blunt about it? The right thing to do.

APK

P.S.=> If you or the others replying read my entire post?? I do note that layered security is "the way to go", & no reason NOT to not layer other possible solutions ontop of the std. means/methods, IF they can "mesh", & most do (HOSTS are easy to manipulate using notepad.exe, & I noted its greatest strengths (more security, more speed, easy to manipulate + create etc. et al) with HOSTS files... In fact, on the note of "layered security"???

See here, if you're interested in securing a Windows NT-based PC of 'modern variety' (2000/XP/Server 2003 etc. et al) -> http://www.tcmagazine.com/forums/index.php?s=245278fd6a7ee0c83b965d5b019b59e7&showtopic=2662 ... apk

"Nuke spammers from orbit." - by Archangel Michael (180766) on Friday May 15, @02:48PM (#27970781)

Revelation 12:7-12

Archanbel Michael (patron of policemen, iirc) Defeats the Dragon

And war broke out in heaven; Michael and his angels fought against the dragon. The dragon and his angels fought back, but they were defeated, and there was no longer any place for them in heaven. The great dragon was thrown down, that ancient serpent, who is called the Devil and Satan, the deceiver of the whole world; he was thrown down to the earth, and his angels were thrown down with him.

Then I heard a loud voice in heaven, proclaiming, Now have come the salvation and the power and the kingdom of our God and the authority of his Messiah,* for the accuser of our comrades* has been thrown down, who accuses them day and night before our God. But they have conquered him by the blood of the Lamb and by the word of their testimony, for they did not cling to life even in the face of death. Rejoice then, you heavens and those who dwell in them! But woe to the earth and the sea, for the devil has come down to you with great wrath, because he knows that his time is short!;

----

Doing MY part, here ->

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA + make it 'fun-to-do', via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=05af24090957cd14494a83460b92e853&showtopic=2662

----

"Nuff said..."

APK

P.S.=> No, I am not some "Holy Roller", I just saw the user's name & the topic @ hand, & felt it fit (in a way)... apk

"Until the coders get total control of the project, from inception to completion, then no, they cannot be held responsible for bugs in the code.
How many companies push to get code out the door with *imperfections*" - by GuyverDH (232921) on Saturday May 09, @11:29AM (#27888515)

TOO many do, POMCO of Syracuse N.Y. does, & they call it "the POMCO way" (they force you to build shit)... I'll outline a couple examples, & with specifics, of the incompetence of their staff & mgt. there (& THEY DEAL IN SS#'s & HEALTHCARE DATA no less, very personal information no less)...

Damn straight, & it cost me a job once in 2006:

I was hired by a company called POMCO in Syracuse N.Y. to help secure their codebases done in VB6 (some of which we transitioned over to VB.NET because of its capacities for server-side apps mostly & built-in garbage cleanup) to scramble out SS#'s & such... I completed 3-4 apps in 7 months there... but?

Later, I discovered they were NOT securing down the "end points" (workstations, printers, etc. et al) fully, per this type of procedure outlined in this guide, to supplement work I & the others devs had done to the apps AND webservers + DB engines (SQLServer):

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it 'fun-to-do', via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=2ccbde62be4c73b6d069d86d5cf90200&showtopic=2662

----

I suggested that to be done, FIRST, on a "prototype" system!

(To be sure ALL of our apps would work using it (they did, @ least all the ones I worked on, because I eventually did my workstation that way @ their shop & ALL still worked), then "mass deploy" the settings using AD Group Policies &/or logon scripts (merging .reg files etc. et al)).

So, upon discovering this?

I went to the CIO (Mark) first, privately, telling him:

"This needs doing as well as securing down code & DB's! IF you don't? It WILL eventually get you "keylogged" most likely due to user error in unawareness of the dangers present online. Educate them all about it, in a meeting @ some point is the way to go! Simply, because all the security in the world won't help once the user's passwords are 'sniffed' out upon logon (to their workstations &/or DB backends through the front ends we devs built for they)".

I also used users to consult on the design of apps we built or rebuilt for they, which proved a TOTALLY "new wrinkle" for them, because the main user of one of the apps was in our morning meeting we had once a week and actually THANKED ME for it!

(The sad part? The others developers, not all, but the main one? Literally called them "STUPID", & I was like "You're the stupid one: Those people, first of all, know THEIR JOBS far better than we do, & THEY KNOW WHAT THEY WANT TO SEE & USE... plus? They're the reason WE HAVE A JOB IN THE FIRST PLACE!").

This was a mere 6 yr. VB6 &/or VB.NET community college educated developer leading that shop, & it showed!

Especially w/ THAT attitude towards his users!

E.G. -> His work was also quite shoddy, lacking error traps & wasn't 'automated' enough... so much so, that I had to run one of his 'apps' daily, costing me 30 hrs. a month in MY TIME as a junior dev. there (though I had 15 yrs. under my belt as a pro in this field, with VB/C/C++/Fortran/COBOL/Assembler & more under my belt by that time, I was still the "new kid on the block" learning their data schema, which was NOT puny (insurance company data never is))).

What happened near the end? Well, I found a virus on my system, after asking "Are you monitoring me with somekind of application", they said "NO", so I showed it to them... turns up, it was a virus (keylogger w/ random names on diff.