Slashdot Mirror

KNOWN bad sites/servers/hosts-domains, botnet C&C servers, & bogus DNS servers? I am, guaranteed...

Via layered security at the HOSTS file level alone!

The rest is done by:

Norton DNS (filters the SAME STUFF as my hosts does)

OpenDNS (another DNSBL filtering DNS system)

ScrubIT DNS (yet another filtering DNS system)

Firewall rules tables vs. IP address based examples of the same here...

My layered security guide's practices as well:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

Which produce results the likes of these testimonials attest to:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

AND

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit

Who's this "martin.lawrence" person who posts your e-mail address and says it belongs to him, apk?

http://forums.theplanet.com/index.php?s=29cdd45a60d864805ae62ac143dd6c5c&showtopic=89123&view=findpost&p=604017

martin.lawrence
Rating: 0
View Member Profile

post Feb 12 2010, 05:43 AM
Post #66

Newbie

Group: New Members
Posts: 1
Joined: 12-February 10
Member No.: 54,811

The use of a CUSTOM ADBANNER BLOCKING HOSTS FILE (my personal one houses, as of this date, 90,000 known adbanner servers, OR sites known to bear malicious code & exploits (per GOOGLE mostly, from stopbadware.org)) ... (blah blah blah) ... For a copy of mine, write me, here -> apk4776239@hotmail.com

Because everyone here thinks it's you, using fraudulent IDs to "review" your own software. Too bad you forgot you shouldn't drop your primary e-mail address when you're doing that. Also it says that the thread got closed/locked, I guess the forum admins reviewed those posts and verified that the IP addresses proved that it was really you posting those things.

"I've found by moving users away from IE I've had their rate of infection drop by a good 75% on fully patched XP machines tells me all I need to know in all honestly" - by hairyfeet (841228) on Monday January 03, @01:35AM (#34741562)

By using a custom HOSTS file, I've seen myself go to NO MALWARE INFESTATIONS for over 15++ yrs. now online, & others have been seeing the same results for over 5 yrs. now:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122

---

Wait, because IT GETS BETTER (especially for this fellow, considering he runs Windows 2000 UNPATCHED, with no antivirus program & no antispyware program, or a firewall even (though we did substitute in PORT FILTERING, often called "the poor man's firewall" for him)):

---

""the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK."

FROM -> http://forums.theplanet.com/index.php?showtopic=89123&st=60&start=60

---

That's a GIGANTIC & MANY ORDERS OF MAGNITUDE DECREASE IN MALWARE INFESTATIONS, far more than 75% that moving away from IE gave you per your quoted statements... & it's also on a totally unpatched system + otherwise unsecured system via antivirus/antispyware programs, OR even a typical firewall program

(Where the user removed SOME ENTRIES in the hosts file himself (he likes "certain kinds of sites" is why, you fill that in yourself), & even thinks that is where he got his infection from & how - we'd spoken via email before, & he wanted to see just how effective a hosts file can be, for added layered security, & there was nobody offering a BETTER WAY TO TEST IT, than he had, from those I correspond in email with regarding that much either... so, we tried it, & those were the results)).

APK

P.S.=> So, overall? Well - That's better results, using a custom HOSTS file, than you're saying by moving away from IE alone!

Even though I'd recommend that myself, & I do, here http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE for added "layered security" (more like added layered common-sense)... apk

"You can believe what you want. Everybody else knows better." - by countertrolling (1585477) on Monday June 28, @01:22PM (#32718744)

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

So much for your off topic b.s. & trolling... because as you can see above from testimonials, & users who frequent websites noted above + users of Spybot Search & Destroy? There are 1,000's of folks that use a HOSTS file and DO know better (than your b.s.).

APK

"Your hosts file crap has been thoroughly debunked elsewhere." - by tomhudson (43916) on Monday June 28, @10:09AM (#32716076) Homepage

Where's THAT then, tomhudson... fantasyland?

Also, & on what points of mine from my original posts in favor of HOSTS files over adblock or other browser addons alone -> http://tech.slashdot.org/comments.pl?sid=1699526&cid=32709564 have been 'debunked'? Not in your post, that was certain, lol...

(After all - You didn't do a decent job of it above/earlier here http://tech.slashdot.org/comments.pl?sid=1699526&cid=32715870 , lol, & screwed up on your so-called "points" to the point of even contradicting yourself!)

Of course, tomhudson will avoid providing proofs of his statements, as he always does... hilarious! Watch him avoid answering this by all means... he always does when he's cornered on his mistakes (which are, as anyone here reading can see, numerous & erroneous).

---

"Your "solution" is more of a problem than it's worth" - by tomhudson (43916) on Monday June 28, @10:09AM (#32716076) Homepage

Others tend to disagree, tomhudson, see here (material from my 1st post here):

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

ADDITIONALLY:

Layered security IS the "trend" tomhudson, & it works (it's the best solution we have currently is why & how)...

(That's all HOSTS are in combination with other methods (but, they not only provide extra security, but also more speed, and a single one that covers ALL webbounds apps too... browser addson CANNOT do that, period, as they are restricted to single browser families only typically/usually (not in ALL cases though))).

(Tom, give up - you rea

"I bet if you block the ad servers, your speed would double" - by countertrolling (1585477) on Saturday June 26, @01:59PM (#32703448)

Per my subject-line above, I agree, and know it's true (and, you'll not only surf F A S T E R by far, but also safer)...

How so?

Ok, some "proofs thereof via testimonials" (in regards to using a custom HOSTS file to do what you are speculating about):

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

SO - you're probably wondering WHY do I elect to use a custom HOSTS file over say, a browser addon (like Adblock alone)? Ok:

Because HOSTS FILES ARE ADBLOCK'S SUPERIOR ON SEVERAL GROUNDS (& in combination/together? Pretty much the best "browser level" security, in "layered security fashion" you can do currently)!

----

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

Per my subject-line above, & your quote below next? I'll give you an INSTANT SOLUTION for faster webpages, & a more secure one as well from a SINGLE FILE you already have in your Operating System called a HOSTS file (with evidence thereof):

"I'm not sure how I feel about this." - by tpstigers (1075021) on Thursday June 24, @12:46AM (#32673814)

Then, take a read below, & I am sure you'll feel better once you are aware of this (in regards to something you ALREADY HAVE that can make you go faster AND SAFER in the same pass from 1 single file only (The HOSTS file)):

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

Additionally: So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my security guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

HOSTS FILES ARE ADBLOCK'S SUPERIOR ON SEVERAL GROUNDS (& in combination/together? Pretty much the best "browser level" security, in "layered security fashion" you can do currently)!

----

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs,

Per my subject-line above, here is a person who runs Windows 2000, no service packs &/or hotfixes, and NO ANTIVIRUS or ANTISPYWARE programs running resident in memory all the time (tasktray icon + services etc.) and has drastically reduced his malware infestation rate gigantically by merely using a custom HOSTS file only:

---

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

---

It costs him nothing (other than taking the time to read his email & extract out the HOSTS file I use which I send to him each day after it is updated from reputable reliable sources online, & those sources are noted in the security guide's URL above @ its termination) &, it works for securing he FAR better than he was doing without one, and it also makes he faster online as well (bonus).

I have seen him go down from 200++ infestations a month, down to MAYBE 1 infestation every year at most (real ones, not just registry entries to amend for better security etc. which the 2 I have seen from him were, one being the "DSO exploit" patch which Spybot S&D recommended he reset vs. it)... & he got that because he downloaded "questionable material" from some website in my HOSTS file he "comments out" (essentially removes by preceeding them with a "#" symbol, the *NIX analog of a REM or : leading statement in batch files) so he CAN use that website (even if it is to his dismay, he still goes there).

This part though, I cannot control - what a user does that "does him in", himself... he realizes this though.

Nuff said...

APK

P.S.=> HOSTS files work on the SIMPLEST PRINCIPLE THERE IS, & that is "If you can't go into the kitchen, you can't get burned" basically... &, yes, they work, to stop YOU from infesting yourself essentially by blocking YOU from known bad sites &/or servers, AND, they work to stop malware, once it IS inside of your system, from talking back to "the mothership" for orders (as in botnet "command & control" servers), because if YOU yourself cannot reach the URL sites that botnets use? Well, then neither can the malware for the botnet to control you either!

In fact, as an aside? Well - When Kings Joker & I used to do my COMPLETE GUIDE's POINTS to his systems (now he only does the HOSTS file to test its efficacy alone, this is an actual test he & I have been doing for around 1 yr. now in fact to see how effective it is)?

He did better than he is doing now even...

Layered security + conscientious patching in hotfixes & service packs? IT WORKS, & no "antivirus + antispyware" is REALLY needed (IF you know how to spot infestors & remove them, & process explorer alone is usually enough for THAT much, believe it or not)! apk

"That's not what a HOSTS file is meant for, and you should generally not optimize for the abusive case." - by Your.Master (1088569) on Wednesday June 16, @01:40AM (#32587616)

Again, really? Funny, but Mr. Oliver Day of SECURITYFOCUS.COM feels otherwise:

---

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

So do the folks @ MVPS.ORG, BlueTack/BISS, & other sites that are dedicated to use of a HOSTS file, as well as myself, & those who use "Spybot Search & Destroy" also (because it populates a HOSTS file vs. known bad sites &/or servers too), & also there is this "pertinent quote" from a user who tests it for me as well & his results:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

---

"Your five megabytes of HOSTS file is probably irrelevant compared to real performance problems." - by Your.Master (1088569) on Wednesday June 16, @01:40AM (#32587616)

Oh, really? Well, it seems that even Foredecker (Senior Manager of Microsoft's "Windows Client Performance Division" whom I referred to above) even felt otherwise & said that a larger file reads slower than a smaller one would... & using a smaller blocking address lends to that "smaller, faster, & more efficient", period... any fool knows that in fact (except you it seems).

---

"Ideally you'd just use your application's native method for dealing with address-blocking" - by Your.Master (1088569) on Wednesday June 16, @01:40AM (#32587616)

A single-layer that may have bugs in it, such as Firefox addons have had & that ONLY work for that particular application, whereas HOSTS files work "universally" blocking out more than potentially bad content that foists malware on users? No thanks... Why should one give up a SINGLE FILE that provides more security & more speed from just 1 file??

(I have entire scores of people above you can "argue the numbers & results" with, so, go for it... good luck!)

DNS servers are another, & you can ask Dan Kaminsky OR Moxie Marlinspike about all the bugs in DNS servers out there (big news for 2-3 yrs. now in fact).

---

"and if you need a blanket block such a huge number of addresses then a local proxy is the way to go, eg. Privoxy." - by Your.Master (1088569) on

"It's not as if people didn't already know about Microsoft's abysmal security record." - by StuartHankins (1020819) on Thursday June 10, @11:16AM (#32523878)

Ok, let's take a peek at that statements & it's "anti-Microsoft" implications, & we'll do so, by simply using the stats of the "latest/greatest" from the "big 3" OS vendors/OS types out there today, from a respected security vulnerabilities reporting website, in SECUNIA.COM:

---

Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 5% (11 of 217 Secunia advisories)

(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (so, I.E.-> How much more would be added by diff. distros & their softwares/shells (KDE/Gnome), etc.- et al?))

---

APPLE MacOS X SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:

http://secunia.com/advisories/product/96/?task=advisories

Unpatched (approximately) 1% (8 of 1233 Secunia advisories)

(NOTE: I had to calculate the %, & I + others do NOT like how Apple & SECUNIA are reporting on the errors in security present in Apple's MacOS X there... see the comments below those stats, for an "example thereof"...)

---

MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:

---

http://secunia.com/advisories/product/27467/?task=advisories

Unpatched 13% (2 of 16 Secunia advisories)

REMEMBER/AGAIN: This is the ENTIRETY of Windows 7 being analyzed - not just its kernel, as is the case with Linux 2.6x above... & ONLY 2 security problems are present!

Top that off with the fact that 1 of them IS EASILY "worked-around" no less, in the AERO problem, simply by selecting the "Windows Classic" theme, or, shutting off the "Themes" service!

The other only deals in SSL, for those that run an IIS 6/7 server (which is FAR from everyone, especially desktop users)... so, for example, from the system I am posting on now during lunchtime @ home? I have no IIS running, & thus, I am "proof to it".

----

(Sure, now I am certain I will also see repliers here to my post here say

"but the 2 security vulnerabilities in Windows are 'remote' in nature"

Well, newsflash - ANY OF THESE SECURITY VULNERABILITIES REALLY "BOIL DOWN" TO BEING LOCAL, IN THAT SOONER OR LATER, THEY HAVE TO "TOUCH" THE LOCAL SYSTEM ANYHOW IN ORDER TO EXPLOIT THEM PERIOD! Javascript exploits being the MOST "prevalent" of this type, and where do they ACTUALLY RUN? LOCALLY, inside a webbrowser program's javascript processing engines... turn off javascript (on "every site under the sun", & use it only where you HAVE TO and where you can trust the website)? Problem solved!)

---

So, can Windows be secured far better than it comes "out of the box/oem-stock"? Absolutely. Heck, any OS usually can be... such as is shown here:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

(Much of what's in it "principles-wise" (uses the concept of "layered security") & yes, tools-wise, can also be applied to LINUX (or other *NIX variants too like MacOS X (done via Apple's guide for this, no CIS Tool exists for MacOS X, sorry) + other BSD variants, Solaris, etc.) & e.g. -> There is a CIS Tool for them also (again, except MacOS X, but Apple's got a GREAT GUIDE for this too

"Windows, if administered right?" - by erroneus (253617) on Monday May 31, @09:52PM (#32413378) Homepage

Yes, such as is shown here:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

(Much of what's in it "principles-wise" & yes, tools-wise, can also be applied to LINUX (or other *NIX variants too like MacOS X + other BSD variants, Solaris, etc.) & e.g. -> There is a CIS Tool for them also, as it is a cross-platform benchmark for security analysis, and it's been highly rated over time by various sources in publications like Computer World & others also)

----

"There are new critical flaws found almost daily." - by erroneus (253617) on Monday May 31, @09:52PM (#32413378) Homepage

Per SECUNIA.COM it appears that currently the Linux kernel (not counting other distros with diff. softwares & functions + interfaces to them being diff. at usermode GUI shell levels either) seems to have more going on wrong with it than does Windows 7 for example (keeping it current version vs. current version here as to both OS'):

----

Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 05/31/2010:

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 5% (11 of 217 Secunia advisories)

(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (how much more would be added by diff. distros & their softwares/shells etc.- et al?))

----

MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 05/31/2010:

----

http://secunia.com/advisories/product/27467/?task=advisories

Unpatched 13% (2 of 16 Secunia advisories)

----

Errors in both, but, less apparently in the current builds of Windows (7, Server 2008) than there is in Linux, and that includes Windows kernel/core AND ITS OS SHELL in this analysis... not just kernel's like Linux 2.6x shown above (there is most likely even MORE security holes in Linux, especially if you toss on GUI shells & Windows managers most likely, inclusive of diff. distros variations of both to compound that more).

(PLUS, AGAIN - This is a comparison of the "latest/greatest" cores of the OS too, mind you!)

So older versions of Windows, if brought up, would allow me to add on older versions of Linux too and their security problems too mind you (keep this in mind).

So, sure: There are "other older flavors" of Windows, such as what VISTA &/or Windows 7 + Windows Server 2008 are based upon, in Windows Server 2003 (& it shows some "holes" but, they're not that bad - for instance, there isn't any I can't really handle here via ACL's or either cutting services or usage of some features (not that I use many that have security vulnerabilities in them anyhow) but, once more - We're keeping this comparison CURRENT VERSION vs. CURRENT VERSION here only).

Both OS' turn up new vulnerabilities all the time, & thank goodness they tend to patch them quickly nowadays (within a month's time, USUALLY, from Microsoft but sometimes they have ones that take longer, but they typically seem better/faster @ patching, than say, Apple is... Linux has a fast patch time also!)

----

"Windows can be locked down pretty tight if you remove the network cable though." - by erroneus (253617) on Monday May 31, @09:52PM (#32413378) Homepage

Others from using the guide of mine in the URL have seen differently. Here are some of their testimonials quoted in fact

"The Web is not the be-all and end-all of the Internet
Browsing without autoloading images is not nearly as bad as you make it out to be
Most of what I go on the web for is news (where the text is usually more important) and journal articles (which are distributed as PDFs)

As a case in point, Slashdot is perfectly fine without images or Javascript (as long as you request Javascript-free pages, which are readily delivered)." - by betterunixthanunix (980855) on Saturday May 29, @11:23AM (#32389070)

Additionally, per my subject above? You probably rarely, IF EVER, see a malware (that's while running Windows too, the most attacked OS there is) based on what you stated!

(I know I don't + I have not for, well... easily going on more than a decade++, & neither do users I have "turned on" to the very points you enumerated above also).

Most of the malware infestations out there nowadays are put into users' systems off of bogusly malscripted websites &/or bogusly scripted HTML emails (as well as users, more on that below, and what they download too).

This guide covers what you speak of & I expound upon here, and implements what's largely been called the concept of "layered security" for users of modern Windows NT-based Operating Systems (2000/XP/Server 2003, & even VISTA/Server 2008/Windows 7 too):

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said

"The Web is not the be-all and end-all of the Internet
Browsing without autoloading images is not nearly as bad as you make it out to be
Most of what I go on the web for is news (where the text is usually more important) and journal articles (which are distributed as PDFs)

As a case in point, Slashdot is perfectly fine without images or Javascript (as long as you request Javascript-free pages, which are readily delivered)." - by betterunixthanunix (980855) on Saturday May 29, @11:23AM (#32389070)

Additionally, per my subject above? You probably rarely, IF EVER, see a malware (that's while running Windows too, the most attacked OS there is) based on what you stated!

(I know I don't + I have not for, well... easily going on more than a decade++, & neither do users I have "turned on" to the very points you enumerated above also).

Most of the malware infestations out there nowadays are put into users' systems off of bogusly malscripted websites &/or bogusly scripted HTML emails (as well as users, more on that below, and what they download too).

This guide covers what you speak of & I expound upon here, and implements what's largely been called the concept of "layered security" for users of modern Windows NT-based Operating Systems (2000/XP/Server 2003, & even VISTA/Server 2008/Windows 7 too):

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said

"Instead of using kill process tree you can use suspend process. That way it won't relaunch itself or other related processes" - by Xoltri (1052470) on Friday May 28, @03:35PM (#32380382)

Why stop there?

See - Once you have suspended the malware executable (or even library being called by another parent process, such as a bad .DLL being loaded into say, explorer.exe), you can delete it on disk to stop it from running ever again, in addition to stalling out their startup entries with tools like MSConfig OR autoruns (also by Dr. Mark Russinovich of Microsoft).

That is, assuming it's NOT part of another executable, say as a hidden resource contained INSIDE another program!

(Yes, you can store executables (OR other types of data too) of any kind inside another executable to either hide them, I have done so with .avi files inside of screensavers I have written for example, &/or, to dynamically load them too (PnP driver programs do this & in fact, I am fairly certain Dr. Mark Russinovich does it in this very program & others he writes, to extract out & load drivers of Plug-N-Play nature inside his programs based on the platform they are running on, what's called "hybrid design" (combined 32 bit/64 bit apps that need drivers do this)).

NOW - IF the offending malware is instanced by being a library being called by another app (say Explorer.exe, I'll stick to that as an example because I've seen it actually happen & get used that way before), you sometimes also have to stall/suspend the calling parent process too (but, don't delete it, lol, especially IF it's a crucial process like explorer.exe, which IS your desktop shell) because it's maintaining a call handle to the malware lib being used too (in my example case here, explorer.exe), and then suspend the offending malware lib/dll too, and then delete it on disk (as well as any associated startup entries + registry or .ini file entries it uses too).

This is how/where Process Explorer's "DLL VIEW" lower pane view option can & IS extremely useful in fact (ferreting out "hidden" malwares that are running under another process' hWnd as a lib loaded by them - a bogus shell extension, for example, could be an example here of what I mean).

I cover how (and why) that's done here in this guide's "malware removal" section:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

----

In that security guide for Windows NT-based OS' "malware removal section"... & yes, it works! Per my subject-line, I also noted this technique to DigiShaman here http://yro.slashdot.org/comments.pl?sid=1668142&cid=32388064 who was another user here commenting on the usage of Process Explorer as a tool vs. malware infestations.

NOW, additionally, IF the malware is instanced as a driver? Another tool by SysInternals/WinTernals/Microsoft that's useful is LoadOrder (it can show drivers loads) and regedit.exe also (drivers & services typically instance here -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services in those keys and their subkeys iirc) or RECOVERY CONSOLE's LISTSVC, & DISABLE commands work well here also (they list drivers AND SERVICES plus their startup states, which you can control this way).

APK

P.S.=> Thus, no antispyware/antivirus/antimalware-in-general (the part of DigiShaman's quote where I replied to he here in how to use PE, that I did not quote which followed directly after it in the URL above) is even required really...

Again - That is, once you spot an odd lib or exe running

"Basically, you run Process Explorer to kill the thread in question, then use Autoruns to prune the malware from bootup and other places it has it's hooks into." - by DigiShaman (671371) on Friday May 28, @10:49PM (#32385810) Homepage

Why stop there? Once you have suspended the malware executable (or even library being called by another parent process, such as a bad .DLL being loaded into say, explorer.exe), you can delete it on disk to stop it from running ever again, in addition to stalling out their startup entries with tools like MSConfig OR autoruns (also by Dr. Mark Russinovich of Microsoft).

That is, assuming it's NOT part of another executable, say as a hidden resource contained INSIDE another program (and yes, you can store executables of any kind inside another executable to either hide them, I have done so with .avi files inside of screensavers I have written for example, &/or, to dynamically load them too (PnP driver programs do this & in fact, I am fairly certain Dr. Mark Russinovich does it in this very program & others he writes, to extract out & load drivers of Plug-N-Play nature inside his programs based on the platform they are running on, what's called "hybrid design" (combined 32 bit/64 bit apps that need drivers do this)).

I cover how (and why) that's done here:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

----

In that security guide for Windows NT-based OS' "malware removal section"... & yes, it works!

APK

P.S.=> Thus, no antispyware/antivirus/antimalware-in-general (the part of your quote above I did not quote which followed directly after it) is even required really...

That is, once you spot an odd lib or exe running & sometimes you have to use Process Explorer's "DLL VIEW" lower pane (you have to turn this feature on manually, it's NOT on by default) to determine this first!

Then, you look up the potentially offending process or library on GOOGLE (or any search engine, & I'd suggest using a few sources to be sure of what you are deleting is in fact, a malware) & after determining it is indeed, a malware executable?

You can pull what I noted with Process Explorer (or, as an alternate method of doing it, recovery console (because it allows you to get to these things before they can even startup in usermode when you logon to your machine))... apk

"Call me defeatist but I believe there is no way the whitehats can out software manoeuvre the blackhats with software only solutions." - by Mattpw (1777544) on Friday May 28, @11:16PM (#32385992)

The best solution I have come up with is to use what's in this guide (it uses the concept of "layered security"), and results users have seen are as follows:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

----

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from

"Call me defeatist but I believe there is no way the whitehats can out software manoeuvre the blackhats with software only solutions." - by Mattpw (1777544) on Friday May 28, @11:16PM (#32385992)

The best solution I have come up with is to use what's in this guide (it uses the concept of "layered security"), and results users have seen are as follows:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

----

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from

"Will you explain why you think HOSTS is an adequate solution given the above OBVIOUS statements debunking it" - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

Illiterate one, APK's security guide espouses a lot more than the use of a HOSTS file only. You're not only stupid, but you have "fixated yourself" on 1 portion of this only. His security guide here:

http://forums.theplanet.com/index.php?s=79c7b230a57544836234fc76bec0634f&showtopic=89123

Works based on the concept of "layered security" moron. Learn to READ, because it's ALL UP THERE IN THAT URL (one of many like it).

"My guess? You honestly think that people will delay giving their money to real anti-virus companies" - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

Oh, you mean the "real antivirus companies" who have flaws in their wares like this one that showed up today:

Critical Flaw Found In Virtually All AV Software

http://tech.slashdot.org/story/10/05/09/1343239/Critical-Flaw-Found-In-Virtually-All-AV-Software

Hmmmm? You mean the SAME antivirus companies that have also called others like Dr. Mark Russinovich's wares or Nir Sofer of NirSoft's wares as malware too, as CA has for APK's single ware (of many he has made)??

"who you're pissed at for identifying your tools as crapware and components of malware." - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

OR, how about this "real antivirus company" that blew up a bunch of computers by falsely identifying a valid Windows program (part of windows itself no less) as a virus:

McAfee To Pay For PC Repairs After Patch Fiasco:

http://it.slashdot.org/story/10/04/26/1338222/McAfee-To-Pay-For-PC-Repairs-After-Patch-Fiasco

Hmmm?? They identified a malware alright, lmao: A critical piece of Windows itself? Give us a break.

(LMAO! Your "LOGIC"?? Blows, and falls apart in the light of easily verified documented FACTS and ones right from slashdot article on this website too, no less!)

"People can see through ad-hominem arguments, indeed, that's why there's a name for that kind of argument." - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

They surely can, and they can see through your illiterate mistakes too, shown in my last paragraph above in reply, lol! Also, I am not the one calling names, you and yours are, but it is hilarious to produce facts from actual articles from this very website to make you "eat your words" (your words, from an unqualified "wannabe expert" in computers, with no degree to his name like you? LOL, don't make me laugh!)

"But of course you're not going to answer, are you?" - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

LOL, I answered SO WELL, that you're shown to be a skimming idiot or illiterate fool that spouts incorrect data or erroneous data that "suits his weak arguments" but falls apart fast in the light of actual data in quoted articles as I have produced now. Your "mere words" versus mine backed by actual articles and facts? Good luck dolt, lol!

"You're just going to reply to this with a demand for more lists of qualifications" - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

Which you don't have, obviously (qualifications), lol!

"or bizarre rants about how great you are." - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

Great enough to where your puny moderators here have to try to "snuff" my ability to post? Why is

First of all, you can't even program (I've repeatedly asked if you have a degree in computers and you evade that question, because you do not.

Logic doesn't work that way I'm afraid. Not answering a personal question you have no right to ask that's ludicrous on the face of it doesn't mean the answer is "No", and further, an absolutely huge portion of this industry is comprised of people who program and who don't have degrees.

What you've implied, repeatedly, is that nobody has the right to comment on your "achievements" unless we've done something similar.

Your achievements are writing crapware, including software classified, for several years, as malware by the malware community, and writing a guide to system protection based upon a ludicrous, stupid, and demonstrably useless "anti-virus" system, namely placing all of the hostnames used to deliver viruses in a HOSTS file. As has been pointed out, the system can easily be bypassed either through the use of dynamically generated hostnames and wildcard DNS, or even more simply, and even more obviously, by using IP addresses, neither of which HOSTS can bypass. Add that to the lead time required to identify a new "evil" site and get it into HOSTS files for all users, and it's fairly obvious that not only is the method flawed, but anyone proposing it as a solution is either a certifiable idiot, or is being deliberately disingenuous.

My guess? You honestly think that people will delay giving their money to real anti-virus companies, who you're pissed at for identifying your tools as crapware and components of malware.

Here's the billion dollar question: will you respond to these points? Will you explain why you think HOSTS is an adequate solution given the above OBVIOUS statements debunking it, or else withdraw your claims about it as a virus-protection system, or will you continue to stonewall, demanding to hear people's educational history, employers, applications (which in my case are stuff you'd never have heard of anyway, unless you work for one of several major automotive concerns, and then only if you work in particular departments, so why would I bother telling you them?) we've written, and other crap that has nothing to do with matters at hand?

People can see through ad-hominem arguments, indeed, that's why there's a name for that kind of argument. They especially see through ad-hominem arguments based upon nothing at all, which is what you have.

But of course you're not going to answer, are you? You're just going to reply to this with a demand for more lists of qualifications or bizarre rants about how great you are. And meanwhile, people will ask themselves about IP addresses and wildcard DNS entries, and see your lack of a response as yet more proof that you're full of it.

"Will you explain why you think HOSTS is an adequate solution given the above OBVIOUS statements debunking it" - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

Uhm, illiterate one? APK's security guide espouses a lot more than the use of a HOSTS file only. You're not only stupid, but you have "fixated yourself" on 1 portion of this only. His security guide here: http://forums.theplanet.com/index.php?s=79c7b230a57544836234fc76bec0634f&showtopic=89123 Works based on the concept of "layered security" moron. Learn to READ, because it's ALL UP THERE IN THAT URL (one of many like it).

"My guess? You honestly think that people will delay giving their money to real anti-virus companies" - by Anonymous Coward on Sunday May 09, @10:35PM (#32151184)

Oh, you mean the "real antivirus companies" who have flaws in their wares like this one that showed up today and this week earlier too, so they are ABSOLUTELY CURRENT evidences thereof? See here: Critical Flaw Found In Virtuall

"There are no competent people, no secure or quality products, and no certain outcomes. Get over it and get to work trying to get whatever result you want" - by h00manist (800926) on Saturday May 01, @08:03AM (#32055292)

This seems to show otherwise, and it is about the closing portion of that quote of your words above: Getting to work and trying to get the result you want (an "impervious to attack" based OS):

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----
http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

----

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from other users & sites online)

HOWEVER - There's ONLY 1 WEAKNESS TO IT:

Human beings, & they not being 'disciplined' abo

"OpenBSD is more secure than windows/OSX.whatever" - by YrWrstNtmr (564987) on Sunday May 02, @05:49PM (#32066704)

By default, perhaps yes. However, any Operating System out there today can be "security hardened" (including BSD variants such as MacOS X, because Apple themselves publish a guide for doing it that's pretty thorough & comprehensive on their website no less), including Windows, Linux (yes, even SeLinux bearing distros of Linux), MacOS X, Solaris, and BSD's other than MacOS X too. This is indicated by the existence of CIS Tool versions out there, and for each of them, and yes, it does do more to security-harden them all than the std. oem distribution setups they're issued with (inclusive of SeLinux bearing distros).

Examples of what the outcome is once it is applied, along with other layered security measures, in the case of Microsoft Windows-NT based OS of more modern varieties:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----
http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC e

"apk and anyone else who recommends a hosts file as the be-all and end-all of security is a moron. That includes you. But you already knew that, sock-puppet." - by tomhudson (43916)
on Saturday May 01, @01:03PM (#32057022) Homepage

Tomhudson, you obviously do not read or are illiterate. The security guide of apk's covers far more than just hosts files use. It covers how to use layered security (many tools and options) to be safer online. See here, you need it: http://www.tcmagazine.com/forums/index.php?s=69ee646c6f6c227d431fa6ac15ed8c58&act=SF&f=87&st=0&changefilters=1 and at roughly 85,000 views there on that forums (and over 350,000 views in less than 2 yrs. time online no less across 15 forums where it was made a "sticky or pinned thread", an "essential guide", and being the most viewed at those forums plus highly rated, typically at 5/5 stars by users of those forums too) it appears to be doing quite well, see this small amount of testimonials from others (professional techs too, no less, in THRONKA):

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was

Funniest part is, you show you do NOT KNOW HOW TO READ EVEN, because King's Joker here said:

http://forums.theplanet.com/index.php?s=ead2343dd3c88358f1b63cdc948e64c4&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

Note the bolded part? I was one of the people that have written J walburger (Kings Joker is walburgerj@yahoo.com by the way and he welcomes emails in regard to that, if you proceed them with apk in the subject line) who uses apk's security guide for windows. He gets caught on viruses on Pr0n sites and by using javascript on websites he doesn't know very well. He told me so in email because I wrote him to find out what he was doing to go from 200 viruses a month down to 2 only and maybe only if that. He told me that he doesn't follow that guide "to the letter' is all, and where he differs is that he doesn't use a browser like Opera where you can specify through Opera's native features to do so, whether to use javascript or not. Anyone can go to SECUNIA.COM or SECURITYFOCUS.COM and see that most attacks nowadays? They happen to users thru javascript in bad adbanners, malscripted websites, and bad downloads. All of which APK's guide and HOSTS files cover no less. Funny how you ran from disputing each point made though tomhudson and failed on all else.

"Kings Joker" is a known APK sock-puppet. And the AC you replied to is also APK, posting anonymously and not signing his name to the post... as if he thinks that will fool anyone." - by Anonymous Coward
on Friday April 30, @06:35PM (#32050814)

I suggest you prove that. You're rhw onw not fooling anyone. As to KingsJoker, his email is posted in apk's securityguide, and his name is not the same as apk's because I wrote him before and his name is J. Walberger. You can write him and his name is close to that of his email walburgerj@yahoo.com and he is the guy that's one of the people that have done well using apk's guide. Here are the testimonials of that much from Mr. Walburger and those of others doing well using it:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

----

So use all your transparent tactics and unprovable bullshit accusations that have no proof behind them. I'll use verifiable facts instead. It's a pity all of these /. wannabe experts talk such a big game, but not a single one of them has anything anyone can verify that makes them computing

"Well, if you're not a spyware maker then obviously it's unfortunate" - by squiggleslash (241428)
on Thursday April 29, @08:14PM (#32038998) Homepage

No, I am not. But, neither is apk, because I have yet to see a malware maker create a Windows security guide (most viewed online and the very first ever made in fact for Windows users, from back as far as 1997-1998 and it's only gotten better) here http://www.tcmagazine.com/forums/index.php?s=69ee646c6f6c227d431fa6ac15ed8c58&act=SF&f=87&st=0&changefilters=1 that has results like these from its users:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

----

From one of apk's posts, and I use that guide myself. It does "work as advertised" above.

----

"but in the US libel does require an element of malice" - by squiggleslash (241428)
on Thursday April 29, @08:14PM (#32038998) Homepage

Anyone can read from here down

Thanks for the links, though, I've never read any of those guides, just had a lot of experience dealing with this kind of bullshit on behalf of others. Though I have read plenty of articles by the great Russinovich himself. Now those are some good reads.

The bloke who wrote the guide used to work alongside Dr. Mark Russinovich for the same company (Sunbelt) in the same period in the 1990's and the bloke even actually corrected 'the great Russinovich himself' in code, believe it or not http://www.pcmech.com/article/defragging-the-windows-page-file/ when he found that Dr. Russinovich had actually hardcoded the path to C: drive in pagedefrag.exe for the location of the pagefile.sys and to the eventlogs and registry hives (all can be moved to other drives to lessen the work C drive does, provided a user has multiple disks) and from what I read at Windows IT Pro, Dr. Russinovich even thanked him in email for it. That bloke posts here as anonymous coward, and signs his posts as 'APK'. His guide (cut from his post I found and bookmarked it here as) for securing Windows turns up results like this for users (quoted):

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decre

Now THIS is libel. Prove your accusation or cease.

Plus, coming from someone who was PROVEN to be sock-puppeting to endorse his own guide, I don’t think you have much room to claim the moral high ground.

"It undoubtedly helps that I am not using Windows (just why that helps is a separate debate). That to me is basic common sense combined with a few minutes of Googling." - by causality (777677) on Friday April 23, @11:45AM (#31956250)

Windows can be secured, & here's how, for "bulletproof & bugfree operation", especially over "the long haul" & I've tried to promote that which you speak of, by creating guides for end-user security (which network techs can use on LANS/WANS endpoints such as PC workstation nodes & yes, even servers to an extent), per this guide below:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----

Fact is, what you're saying?

It is the "WHY" of why I wrote the VERY FIRST/OLDEST security guide for Windows NT-based OS, which NEOWIN picked up on in 2001 & rated it extremely well too, no less, here -> http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text and it had its "dim early beginnings" back in 1997-1998 @ NTCompatible.com as their "Article #1" here http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

(Which however, is now as of late 2007 to present, has become far, Far, FAR MORE EFFECTIVE in its latest iteration shown below, w/ evidences thereof to that effect (solid, uninfested uptime for YEARS & how/why too))

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

"His OS is used 90% of US computers, including military ones. And it security holes you could sail an aircraft carrier through. " - by peter303 (12292) on Wednesday April 07, @11:56AM (#31762284)

It CAN BE SECURITY-HARDENED though, with about 1-2 hours of effort (mostly automated too), see below: but, as you note? MS also ship a security hardened model to the US gov't. &/or military + have done so a couple times over the years (iirc, last year & in 2002 too). They ought to to everyone else too! However, you CAN do it yourself, fairly easily too...

----

"MicroSoft has been more diligent about security lately. But the damage has already been done." - by peter303 (12292) on Wednesday April 07, @11:56AM (#31762284)

Again - They have been, but, they also ship a security hardened model to the US gov't. &/or military + have done so a couple times over the years (iirc, last year & in 2002 too).

In fact? Your point's the "WHY" of why I wrote the VERY FIRST/OLDEST security guide for Windows NT-based OS, which NEOWIN picked up on in 2001 & rated it extremely well too, no less, here -> http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text and it had its "dim early beginnings" back in 1997-1998 @ NTCompatible.com as their "Article #1" here http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

(Which however, is now as of late 2007 to present, has become far, Far, FAR MORE EFFECTIVE in its latest iteration shown below, w/ evidences thereof to that effect (solid, uninfested uptime for YEARS & how/why too))

I've tried to promote that which you speak of, by creating guides for end-user security (which network techs can use on LANS/WANS endpoints such as PC workstation nodes & yes, even servers to an extent), per this guide below:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try th

"Virus and malware attacks provoke some immune response, but if we are to become strong something must weed out the weak." - by couchslug (175151) on Wednesday April 07, @12:08PM (#31762428)

110% agreed, I agree, wholeheartedly, which is the "WHY" of why I wrote the VERY FIRST/OLDEST security guide for Windows NT-based OS, which NEOWIN picked up on in 2001 & rated it extremely well too, no less, here -> http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text and it had its "dim early beginnings" back in 1997-1998 @ NTCompatible.com as their "Article #1" here http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

(Which however, is now as of late 2007 to present, has become far, Far, FAR MORE EFFECTIVE in its latest iteration shown below, w/ evidences thereof to that effect (solid, uninfested uptime for YEARS & how/why too))

I've tried to promote that which you speak of, by creating guides for end-user security (which network techs can use on LANS/WANS endpoints such as PC workstation nodes & yes, even servers to an extent), per this guide below:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----

It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

----

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still tro

"So tell me, which OS would you choose that could stop all malware even with stupid users?" - by Galestar (1473827) on Monday March 15, @01:45PM (#31485434)

Reiterating my subject-line, once more: Windows, albeit AFTER security hardening & user education!

How so? Ok:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

----

It works!

It's based on the concept computer security folks the past few years have been calling "LAYERED SECURITY"...

Proofs to its efficacy?

Ok, some quoted testimonials:

----

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

AND

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

----

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from other users & sites online)

Addtionally - Users

Well, at least for HTTP certs, the price is coming down considerably. The Planet has $15 certs: https://ssl.theplanet.com/ With 99% browser acceptance rate. I used to avoid SSL for my customers b/c of the cost. Now, I don't have any aversion to using them. The low cost certs are just as secure, but they lack some of the "frills" like badges for your site. For most of my customers and their user base, all that matters is the lock icon in the browser and no security warnings when the page loads.

...

The article covered some math that had been performed to determine the true, actual weight of the data that makes up the Internet. Starting with the weight of a single electron (2 x 10^-30 pound), the author broke down the number of electrons required to charge a single capacitor (the charge equaling a âoe1â in binary) in a computerâ(TM)s memory (40,000), assuming a roughly 50 â" 50 split on 1â(TM)s and 0â(TM)s in a typical 50 kilobyte e-mail. The resulting sum can then be used to determine an electron count per message (8 billion), landing us at a weight for a single e-mail of two ten-thousandths of a quadrillionth of an ounce. Now extrapolate that math across the whole of all Internet traffic; all the e-mail, Web pages, music, videos, instant messages and everything else we all contribute to the Internet. Data-wise you arrive at a mind-blowing 40 Petabyte number. However, that 40 Petabytes only equates to a weight of 1.3 x 10^-8 pound. Thatâ(TM)s right ⦠in real-world terms, all that data equals the weight of the smallest possible grain of sand, one measuring only two-thousandths of an inch across.

It's client-server all over again? Umm. Yeah? So?

So, what happens when you can't get to the server because there has been a fire in your data center? Or, a crucial fiber optic center? Or, a meteor could be involved.
What do you do when your server, or your customer's service, is unavailable for a week or three?

Is their website hosted in America, otherwise, how can Hasbro ask the courts to disable it?

Dekortage:~ $ ping scrabulous.com
PING scrabulous.com (209.62.127.41): 56 data bytes
...
Dekortage:~ $ nslookup 209.62.127.41
...
Non-authoritative answer:
41.127.62.209.in-addr.arpa name = ev1s-209-62-127-41.theplanet.com.

And ThePlanet.com is located in Texas (which is still part of the United States, despite past attempts to secede). Note that the domain name is registered through Godaddy, and their Facebook app is hosted in the U.S.

I'm clicking on your link, but nothing is happening. Am I doing it wrong?

I click the link and it DOES bring up the page. Unfortunately, since it is a cached copy of the page, it is sometimes out of date. I.e., there have been updates to the actual page that are not reflected in what the Coral Cache copy displays. :/

As of this writing (Monday morning, 06/02/08), it appears that ThePlanet Datacenter folks have created a NEW STATUS PAGE to lessen the load on their servers:

• http://service-update.theplanet.com/ new status page at ThePlanet
• http://service-update.theplanet.com.nyud.net:8080/ Coral Cache link to the new status page at ThePlanet.

I'm clicking on your link, but nothing is happening. Am I doing it wrong?

I click the link and it DOES bring up the page. Unfortunately, since it is a cached copy of the page, it is sometimes out of date. I.e., there have been updates to the actual page that are not reflected in what the Coral Cache copy displays. :/

As of this writing (Monday morning, 06/02/08), it appears that ThePlanet Datacenter folks have created a NEW STATUS PAGE to lessen the load on their servers:

• http://service-update.theplanet.com/ new status page at ThePlanet
• http://service-update.theplanet.com.nyud.net:8080/ Coral Cache link to the new status page at ThePlanet.

The Planet's video tour of why this wouldn't happen is up and working. Click on "Take the tour", which has many data center pictures. I like the "100% uptime" part.

It turns out they didn't have all the redundancy they said they had. Their central server management system and the DNS servers for those hosts were all in that data center. So customers couldn't get in and switch the DNS to another location for hours.

They now claim to have the server management system back up.

He did by providing a URL - it's a hosting site called @ http://www.theplanet.com/

Blog about it, too. Make sure potential customers of theirs know how they treat their employees.

He did:
I work at a large hosting company in Texas, and recently decided to go work for a smaller competitor

The fact that he wrote this as AC kinda makes me want to scream sour grapes or an attempt at a smear. Hell, if you want you can see the name of the guy who served up the news that they were going to sue him.

>> Also, ANYTIME someone has unrestricted access to A government computer system it could be dangerous. What if a
>> member of this committee grabs the FBI File for their opposition in the next election? Then goes willy-nilly with
>> CIA records?

Well, it seems like that's just what happened, doesn't it? Well, minus the willy-nilly part.

>> American separation of powers mean that outside well-defined limits, Congress cannot interfere with the Executive
>> branch (like the FBI, CIA, and other institutions).

Seems to me that would fall under "checks and balances" inbetwixt the branches, as is commonly done now with senate oversight hearings and subpoenas.

The problem is we have gaping holes in our national IT security, and following conventional courses will not get them patched quickly enough to avert major problems.

The president is inisiting that the government have special powers over the people, well we the people *own* those insecure systems. We need to insist on better checks and balances, as the scales are really tipped to one side.

Congress should have the power to clean house, thats why we elect them. Not just power to complain but power to actually do something. You don't need full access to a network to know its insecure, a quick look at the planet tells you that.

We need CCIP / CCIE's in congress. Not MCSE's, not RHCE's (I.e. forget the "worthless paper" certs), real certified internet professionals who can not only help to plug our own holes but bring sanity to the leigslation that threatens net neutrality.

I'll get off the soapbox now.

Same is true of The Planet, a datacenter in Dallas.
I'm sure we all know more than one site hosted there!

Especially because they are both under the same ownership now.

First of all, don't go with 'flashy' hosts that try to woo you with their whiz-bang web design unless it's one of the big, well-known hosts. By this, I mean look at their website design. Does it look like a template? The sort that involve stock art pictures of people. If so, stay away.

Second, are the prices absurdly low, or are the figures absurdly high for the price? If so, stay away. (I would also imagine that you want to go for neither the lowest or the highest price you can find.)

Third, you probably don't want to go with one-man webhosts, or hosts run by teenagers. If you can find proof that the webhost is neither, that too makes it a better candidate.

Fourth, yes, WHT is a very good community. You should do a search on any host before choosing them. It's usually the negative reviews, not the positive reviews that really matter. There can be any number of positive reviews for a company, but one negative review can tell you everything the positive ones didn't.

Fifth, what does the host claim, datacentre-wise? You might want to look for hosts that host in GNAC or ThePlanet, or claim to, rather than claiming to (or having) have their own datacenter (unless it's one of the very big hosts). Even if the host does have its own datacentre, ask yourself: is it really likely to live up to the former two?

Sixth, yes, do ask people you know. I don't reccomend Google. Search engines use ranking algorithms, and thusly can and are gamed. People aren't so much.

Seventh, I have heard very good things about ASmallOrange.

Your average web server only has a 10mbps uplink. Some have 100mbps, but most only have 10.

You go from Backbone Provider -> Datacenter's Router -> [shaped for internal distro] -> Public access switch [10 or 100] -> isp -> DSLAM or switch -> cable, fiber or 30 year old copper -> home user

While having that kind of speed is great, and you're sure you can take advantage of all of the speed the serving server is willing to give you ... until there's some major changes at most data centers, you aren't gonna get much over 5 or 6. If you use DSL you have to take the age of the copper running to your home into consideration, how many places its spliced, etc.

Have a look at the topography of Savvis, here and you'll see what I mean. Many sites you visit live there, or in a place pretty much like it for all intensive purposes.

Other's would be The Planet , EV1 and similar.

So FTTP users, enjoy the capacity .. but you are still limited to whatever the nic in the web server you are accessing is going to give you .. and the quality of the network its connected to. For an average surfer that's a future handicap in getting the speed you pay for and its not the fault of your provider.

For people who use it for endpoint VPN's etc, yeah it rocks - but speed only happens if the other end of it is suitably connected.

So next time you see SIX MEG DOWNLINK .. subtract a few .. but still good speed :)

'Wanna see something *really* scary?' heheh What homeland security doesn't realize is one of the largest threats we have regarding domestic 'cyber terror' is the fleet of hundreds of thousands of compromised web servers residing in places like Texas (ironic, isn't it).

Here's how the process works:

Step 1 - Joe Q Host wanna be goes to The Planet and orders himself a spiffy new server with C-Panel

Step 2 - Joe Q Host spends 10 minutes setting up the server and just assumes its all nice and secure. Builds PHP with everything and gives unrestricted access to 13 fiber rings to anyone who has a PayPal account or credit card.

Step 3 - Joe Q Host gets tons of sign ups, makes bank, and doesn't realize his server is more infested with spam bots, rouge torrent trackers, UDP blasters, IRC bombs .. and moreover doesn't care unless his users make an issue out of it.

Considering the several Million servers re-sold to people vastly underqualified to maintain them, I'd say that constitutes one hell of a DOS network. The scary, scary, scary part? Those bots are controlled centrally, and most places (like The Planet) do *not* watch outgoing traffic.

You are 100% correct , 'script kiddie' is the word, not 'hacker'.

Hosts can't disable that kind of functionality in PHP else their customers will go to someone who allows it, too many things depend on php being able to make shell calls, like image galleries / etc. suexec + php breaks too many things, people don't care about security they want their freebie sourceforge specials to work.

We create the need that creates the opportunity folks. Plain and simple. You need a license to fart in most states (figure of speech), should need some sort of cert to be a provider. That not only increases our domestic IT security, it cuts down on spam drastically.

Food for thought :)

I can't but get a little sick when I see a whole book written on something so incredibly simple.

The reason you see PHP being exploited is not the security of the host OS, not the security of PHP (well almost never) , its the lack of knowledge by the person owning the computer hosting the sites and companies like The Planet who hand them out to literally anyone with a Paypal account or credit card number.

I can in 20 minutes show any experienced Linux system administrator how to run PHP completely wide open as far as functionality is concerned on a shared hosting environment and how to do it relatively safely.

Your average web hosting company is a business person who has money to buy servers with idiot proof (nearly) control panels such as C-Panel / WHM.

They're also likely to come with RHEL, Centos 3 or 4 or Fedora. Very rarely do I see a Debian server used in a shared hosting situation (That should also tell you something).

These boxes are not secure yet they go immediately into production.

SO! To anyone who cares, (and reads this far) here is Tinkertim's checklist :

1 - Egress filtering (firewall the damn box),

2 - Get rid of that fat, bloated leaky modular kernel. Monolithic kernels are too easy to build not to do it. Don't forget to keep iptables, test with your firewall when done.

3 - Seek and loop world writeable directories, or mount them as noexec. Even doing that is not going to save you all of your trouble. As nobody I can run /bin/sh -x /tmp/mybot.sh just fine on most linux distros even if /tmp is noexec. So dammit go toss the 3 lines of code in /bin/sh that keps uid/gid 99 from doing that.

4 - Don't even THINK about using apache/proxy on a shared hosting setup. Thats just incredibly stupid and self destructive.

5 - Look around in /dev ... make sure you took ALL the tools away that helps people get bad code onto your box in the first place. /dev/tcp is just as lethal as leaving wget available on a fedora / RHEL installation. Use mknod and make them safe. Same with /dev/udp .. remake them.

6 - Get rid of what you don't need. Rename what you do and use scripts to help govern them. Lynx / wget / POST / GET (and everything else RHEL/Centos comes with) can be used to do dastardly things. Take advantage of user / group ownership that is found in Unix.

7 - lsof is your friend. Write a script to check for open accepting inet sockets that don't belong.

8 - (finally) VERIFY YOUR ORDERS ... stop making instant setup hosting accounts. Use fraud screening services. Remember a security hole is only a problem if you sell space to someone who's intention is to exploit it.

Web hosts are the scurge of the planet. I know , I am one :) But I do things a bit differently than most. There's things you (yourself) can do if your stuck on shared hosting to ensure and nudge your host into securing their boxes.

I may just re-post later or re submit with that list too. I'm off the soap box now. My point is this. We (shared web hosts) made this problem. We have a responsibility to admit it and stop it. I'll work on some checklists and scripts to do it for the lazy bastards and GPL them. Tired of people getting rich writing books making hype about what (should be) a very trivial issue.

I do a fair amount of business with them and their services are pretty decent.

http://www.theplanet.com/

Call 1-800-377-6103 and Ask for Enterprise Sales

Also to those who say drop Exchange, what would recommend in place of it? Lotus blows (the client does anyways) so that leaves groupwise in the Groupware product market. I've yet to find a decent GPL groupware product that has a client on Windows that isn't some plugin for exchange.

According to The Planet's Homepage, their offerings start at $199/month.

I'd say you really need to cut back on the caffeine.