Slashdot Mirror

"I have on occasion used Firefox plugins that filter out most banner ads. I've found my pages load about 70% faster." - by pecosdave (536896) on Sunday September 07, @07:37AM (#24908933) Homepage

Agreed, & I do the same here for FireFox 3.01 (via AdBlock Plus, + NoScript, & Perspectives .xpi FireFox addons)...

However, I go '1 step further', by using a custom HOSTS file!

Plus, "not just any HOSTS file", but one built from reputable sources over a decade now!

I used valid/reputable sources for my custom HOSTS file, such as:

A.) The wikipedia page for HOSTS files (which showcases ones like mvps.org's model & 4-5 others)

B.) My own HOSTS file that had 28,000 blocked adbanner servers, bad sites, &/or bad adbanner serving servers etc. blocked

C.) SpyBot "Search & Destroy" immunize functions' lists

D.) Gaining "the most current intel on this subject" (known malicious websites), via Dancho Danchev's blogspot for this, & stopbadware.org (google)

It's very comprehensive, & uses literally the MOST efficient format there is for blocking alone, by using 0 as the blocking IP address-to-URL equation addy used. Very small this way, took my file down from 20mb to 12mb in size, yet it allows the SAME blocking function - thus, a more efficient structure, that lends/yields the SAME benefits for both speed & security.

Thus, this HOSTS file universally extends to ALL of my web-bound programs, such as other webbrowser programs (IE8 & Opera 9.6x) & email programs, you-name-it (as long as it "hits the internet")

Guess what...? Yes, it works, & for FAR better speed and security online. How do I accomplish this? Via a program I created.

E.G.-> A friend of mine is using the 12mb sized custom HOSTS file I use & the file is additionally "normalized" (all repeat duplicate entries removed & all entries FULLY alphabetized for easy search also via notepad.exe) monthly, via a program I have written for this:

APK Hosts File Grinder 4.0++:

http://www.tcmagazine.com/forums/index.php?s=30295b6f438594c7be59eb6bec884eb0&showtopic=2662&st=25&start=25#

(Pictured on that page in post #36)

This program also speeds up access to my fav. websites, via hardcoding their IP address (true one, not blocking 0, 0.0.0.0, or 127.0.0.1) equation into the HOSTS file & the program has a pinger built into it to make those be @ their current IP address from OpenDNS servers as my DNS servers & the program is written in Borland Delphi - Thus, it is easily portable to Linux as well!

I am considering "open sourcing it" (once I add in the FTP code which I have working in another of my apps, just a matter of "transplanting it" to this one, for downloads of new updated HOSTS files), via Kylix, & quickly, via my use of the literally proven fastest language for both MATH & STRINGS there is short of pure assembler!

(Yes, even faster than say, MSVC++ & was proven thus in Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB5 COMPILER", of all places (competing language mag no less, where Delphi absolutely TRASHED both MSVB5 &/or MSVC++ 6 in speed on 7/10 tests, & DOUBLED them in math & strings, which every program does, but especially strings on this one, so... it made sense to build it in this because of that))

Anyhow, my main tester (He is 1 of 2 testers I have so far), states he literally feels he surfs 3x as fast using this file (vs. when he has javascript on (recommend this, & all other browser plugins stay off for both security & speed's sake + iframes too = off) + adbanners shown).

Yea, it works, & for both security AND SPEED, online today (especially nowadays, & the past 2-4 yrs. now, in this "era of the poisoned webpage &/or adbanner").

In its DEFAULT setup, especially regarding security? Maybe... but, NOT if you do this:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, + make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=69e3a8383c24ab823ef36b246b66ce88&showtopic=2662

Then again, IF you look there? Linux doesn't do ANY BETTER "outta-the-box/oem-stock" (yes, even SeLinux bearing distros) either, as both OS' stock only score into the mid-40's of 100 possible ranges, initially (until you 'security-harden' them).

Both reach 90's++ ranges, IF you take the time to do the work required, per CIS Tool guidance and the other points that guide notes to look out for, & shore up.

"Now that you mention OpenBSD, I recall an email from Theo de Raadt (2007-06-27 17:08:16 - source):" - by the_brobdingnagian (917699) on Monday July 14, @04:49PM (#24187095) Homepage

This guy, Theo DeRaadt? Though I don't know him personally?? I have to say, just judging by what I have read about & around him the past 2-3 yrs. now online, mostly here???

Theo DeRaadt IS one SMART "S.O.B."!

That's a compliment from me by the way, though a bit 'gruff' on my part... & yes - I've seen him get wickedly pissed @ others who doubted him or gave him crap, & rightfully so!

(Even Bruce Perens felt that way, that 'justified anger' on T. DeRaadt's part was ok)

The funny part is???? He USUALLY turns up right! Especially when all the other "so-called experts" are way, WAY wrong... Heck, face it (& I am SURE many of you will agree) most "computer experts" I know (such as many a "Microsoft MVP" for instance)?????

Most are only spitting back what they have read, & that is about it (hell, most of them you see on forums can't even code, let alone do they possess actual DEGREES in this field of endeavour)

AND? Very few actually DISCOVER anything new or unique!

However - This is NOT the case w/ this guy T. DeRaadt @ all (He really UNDERSTANDS this stuff, unlike many others, & @ levels that most folks will NEVER touch in this field/art & science).

(I also agree with he about running OS' under VM's: You're creating MORE complexity, & with that, usually comes room for more "holes" (more moving parts in ANYTHING usually means that, more room for breakdown, even if only potentially) - 1 hole in that virtual machine/emulator, etc. et al? That's ALL one needs... just like this stuff).

-----

ALSO: I've been saying for YEARS now, "turn off java/javascript/activeX/browser plugins" (etc. et al), & more in your web-based programs, such as here:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=09dee17b0d30e3f0e2ab682867bf3d08&showtopic=2662

Know why now, people?

Heck - these "browser extensions & languages" (interpreted slow buggy crap is more like it) @ the heart of nearly EVERY exploit out there nowadays, including thos ein bad adbanners...

(SECUNIA & other sites can show anybody that much!)

NOW - Simply just cut off the root causes/attack vectors (by NOT using java/javascript on "every site you go to" etc.)???

Even Mr. Kapersky's attack means ZERO - can't get burned, if you do NOT go into the kitchen... period!

APK

P.S.=> I feel bad for the folks that have INTEL cpu's @ this point (& yes, because of Core/Core2 etc. Intel DID seem to have the better processors, due to speed... but, speed isn't everything - especially when that speed, kills... or potentially could!)... Makes me GLAD I still use my "old" (circa 2006) AMD Athlon64 X2 4800+... @ least it appears to be safe from this (for now)... apk

APPLE ROOT ESCALATION PRIVELEGE ON MacOS X, dated 06/18/2008:

http://it.slashdot.org/article.pl?sid=08/06/18/1919224

----

There's your link!

----

And, as to "Windows being insecure", which is the "big F.U.D." that "Pro-*NIX" folks @ /. (this site) like to spread around (total b.s.)?

NEWFLASH - ALL OS' are, outta the box/oem stock, pretty damned insecure!

That is, until you security harden then, thus (examples from Linux &/or Windows on that page below):

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=3546c7ae707f5ab5a641ae7cf14b9d41&showtopic=2662

----

AND, it works (PLUS, the CIS Tool is MULTIPLATFORM (e.g.-> Sun Solaris, BSD variants (sorry, no MacOS X one yet), Linux variants, & Windows NT-based OS variants too)!

APK

P.S.=> Everyone likes to say "HOW SECURE LINUX IS" vs. Windows, yet they BOTH nail around 46.xxx/100 scores on CIS Tool outta the box, simply illustrating they have a LOT of room for improvement, by end users, in terms of 'security-hardening', period... apk

"What are nations going to do about it?" - by jd (1658) on Thursday May 22, @07:18PM (#23512592) Homepage Educate the end-user(s), first!

Mainly, in how to secure PC's (for starters)... AND, it's NOT HARD, with the right tools (like CIS Tool, or even Microsoft's Baseline Security Analyzer), ala this guide:

-----------------

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, + make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=c89978d2e90631e7547c94c6285319ed&showtopic=2662

-----------------

& also training of coders (be in on the job, or in academia), both web devs & std. executables devs, on how to sanitize inputs fields correctly, as a followup, as imo @ least? MOST back-end DBA's (experienced ones) KNOW how to do so in their stored procedures... but, in case THEY don't? Well, then DBA's also must go for training here too...

The stuff that's in that guide also extends to LAN/WAN & Server environs too... with some "minor variations" is all (they are listed inside it also).

IPv6 will probably help though, @ the levels YOU are speaking of... but, how to "turn the world over on a dime" is the question: Like David Bowie said (as Nikola Tesla in the film "The Prestige"):

"SOCIETY ONLY TOLERATES 1 MAJOR CHANGE @ A TIME..."

(More-or-less, the point's there)

Sometimes? I think they don't WANT folks to know how to secure themselves! There's more monies in "prevention", than an outright cure! Heck, cutting off the indiscriminate use of JavaScript/IFrames, &/or ActiveX controls would go a LONG WAYS to cutting off many of today's threats... but, you don't hear the likes of CA, Norton/Symantec, Microsoft, or any other major software production house telling you that simple truth!

(If you follow security news? Hitting sites like SECUNIA.COM, SecurityFocus.com, SANS, SRI, SpamHaus, or others will note it, for me... the most WIDELY USE ATTACK VECTOR is something your webbrowsers & email programs of today need to counter for, wholesale - turn off javascript for "every site under the sun" basically, & limit their usage solely to sites that DEMAND it for full function (such as online shopping &/or banking sites, period/only)).

That way, you limit the amount of sites that could have infected/infested you, period (limiting the attack surface AND the ability to identify WHO did it to you... assuming no "man-in-the-middle" type attack was occurring that is, & the site you assumed was EBay/Amazon, or your bank, was in fact, NOT them @ all))

APK

P.S.=> Nicest part of the whole thing is that the CIS Tool is NOT just restricted to Windows NT-based OS', but also has versions for Linux variants, BSD variants, Sun Solaris, & more... &, the points it notes (based on industry best practices), work! apk

"The problem is the users. No matter how secure you make an operating system users will still click on every link and give people their passwords." - by jon3k (691256) on Thursday May 22, @12:06PM (#23506636) Good point jon3k... but, then (given that I also feel you are telling it "how it is" or can be), you have to INFORM & EDUCATE USERS, thus:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, & make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=f1f6a7861e9c39384f4f492f61e94e60&showtopic=2662

That's the kind of stuff the "typical end-user/avg. user" has to be made aware of & how to do it (I did so via the use of a very good tool for this, based on "industry best practices for security" via CIS Tool, which has reviewed well in places like COMPUTERWORLD for instance - which makes it a HECK OF A LOT simpler/easier for the "avg. joe user" to do a security inspection & shoring up of various policy settings (& more) via a somewhat "fun" tool/benchmark for them to have to act as their guide more-or-less)...

It works, with a dose of "common-sense" (sometimes, that's NOT 'so common' though, especially if users use javascript & iframes (2 hugely known & used methods of attack via folks' email programs &/or webbrowsers))...

APK

P.S.=> Make people aware of such tips/tricks/tools/techniques? They can be secure as possible... & the NICEST PART, is that CIS Tool is NOT RESTRICTED SOLELY TO WINDOWS either - there are versions for Linux distro variants, BSD variants, Sun Solaris, & yes, Windows versions too... All it takes, is 1 HOLE to be "hacked/cracked" into, so plug as many as you can! That guide above, helps in that capacity... apk

- by jon3k (691256) on Thursday May 22, @12:06PM (#23506636) Good point jon3k... but, then (given that I also feel you are telling it "how it is" or can be), you have to INFORM & EDUCATE USERS, thus:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, & make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=f1f6a7861e9c39384f4f492f61e94e60&showtopic=2662

That's the kind of stuff the "typical end-user/avg. user" has to be made aware of & how to do it (I did so via the use of a very good tool for this, based on "industry best practices for security" via CIS Tool, which has reviewed well in places like COMPUTERWORLD for instance)...

It works, with a dose of "common-sense" (sometimes, that's NOT 'so common' though, especially if users use javascript & iframes (2 hugely known & used methods of attack via folks' email programs &/or webbrowsers))...

APK

P.S.=> Make people aware of such tips/tricks/tools/techniques? They can be secure as possible... & the NICEST PART, is that CIS Tool is NOT RESTRICTED SOLELY TO WINDOWS either - there are versions for Linux distro variants, BSD variants, Sun Solaris, & yes, Windows versions too... All it takes, is 1 HOLE to be "hacked/cracked" into, so plug as many as you can! That guide above, helps in that capacity... apk

"Yes, I am sure it has nothing to do with decent user permissions" - by Monsuco (998964) on Thursday May 01, @01:30PM (#23265486) Homepage Linux distros, by default, are no more "decently secured" outta the box/oem stock than Windows are!

Stock setup on both (via BOTH Linux &/or Windows default security policies), relatively suck. In fact, your own Bert64 (a slashdot poster no less) helped PROVE that much, & w/ an SeLinux bearing LINUX distro no less (i.e.-> BOTH Linux and Windows score around 47/100 oem stock outta the box on the multiplatform CIS Tool).

Proof? See here:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun" to do, via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

Thus, with THAT proof aside (via screenshots w/in the very first post there, of BOTH Linux & Windows test results on CIS Tool (both after security tuning & also non-security hardened stock as well))?

I wish you /. ignoramuses would cease your stupid "F.U.D." anti-windows campaigns, because I hate to tell you this - it's too essy to make you look stupid for doing it.

---

"and holes being patched quicker." - by Monsuco (998964) on Thursday May 01, @01:30PM (#23265486) Homepage Yea, and TONS MORE HOLES than Windows does by far as well. Maybe they patch faster, but they have to patch 10x as many holes, & the funniest part is, on an OS that does 1/2 of what Windows can & DOES do because Linux runs only about 1/2 the hardwares peripherals AND SOFTWARES than Windows does (plus Windows also maintains largely nearly perfect backwards compatibility with older MS OS' softwares (all the way thru DOS + Win3.x wares, thru those for Win9x as well).

Linux vs. Windows? No contest on TOO many levels (& Linux is not the winner, market share alone shows that much).

OR, users of Windows applied this:

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun" to do, via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?showtopic=2662

(At over 70,000 views strong to date, from Dec. of last year to date, I'd say it's a safe bet that my assumption is quite true)

"Don't pretend this is the same thing as tens of millions of Windows bots compromised with a single vulnerability. Some poorly administered linux servers got compromised. That's bad, but that's not the same thing as your own windows box allowing a Lithuanian hacker to remotely administer your XP machine while you sleep and feed the username and password he captured from your keyboard log to instruct your bank from your computer to transfer all of your funds to his account. That's a completely different level of exploitability." - by symbolset (646467) on Sunday April 27, @03:59AM (#23212460) Homepage It's EXACTLY the same thing, since you mentioned "poorly administered" - see this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, & make it "fun" to do, via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

Because it LITERALLY shows you the level of security that BOTH Linux (AND WINDOWS) have, via their DEFAULT security policies settings, & out of the box/oem stock (this is inclusive of SeLinux bearing distros as well, mind you).

(And, by default, they're BOTH setup pretty poorly for security... until you "security-harden" them).

It's not like I couldn't produce you a fairly sizeable list of hacks/cracks/security vulnerability holes & incidents over the past 2-3 yrs. now for you, should you ask, ok? Just ask.

APK

P.S.=> Right now, as long as Macs, Linux, & all other *NIX distros/versions variants are less used, they DO have the phenomena known as "security-by-obscurity" operating in THEIR FAVOR... & that's about it, because you CAN security-harden a Windows rig & have it as secure as ANY *NIX variant out there, if not moreso, for around 1-2.5 hrs. of your time doing what's in that thread, in addition to using some common-sense, for YEARS to DECADES of secure, stable, & security-hardened uptime... apk