Two Major Ad Networks Found Serving Malware

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

Of course!

[MadUndergrad]

What do you expect from a company called "Doubelclick"? I bet Googel tampers with their search results too.

Re:Of course!

[icebike]

Doubleclick is Owned by Google, so they probably don't need to tamper.

Oh, ah, Whooosh, I guess.

Re:Of course!

[oliverthered]

umm... not in violation of one click shopping patents?

Re:Of course!

No, that's zero-click shopping. You don't click anything and the malware authors and advertisers do the (drive-by) shopping for you.

I've seen stuff coming from MSN for quite sometime

Is this really the first instance of it?

Re:I've seen stuff coming from MSN for quite somet

[SpacePunk]

I doubt they check the scripts before they are put up for rotation, and this is their chance to find a scapegoat. As long as they get paid, I doubt they care to check.

Noscript wins again

[wizardforce]

One more example of why ad blocking has its security benefits. What's worse is that doubleclick and friends are used by pretty much every site out there including Slashdot. It's a shame that although a lot of people would be willing to support sites like Slashdot allowing a few ads to load occasionally; doubleclick just isn't trustworthy enough to allow that.

Re:Noscript wins again

[cappp]

And this is why I blanket block all ads on all sites. It's an incrediably blunt instrument, but its the only way to avoid this kind of thing apparantly.

What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines, but I just can't justify exposing myself to whatever that week's ad-based crazy shit danger happens to be. It's similar to how I feel about porn sites - the responsible part of my wants to subscribe and send them a little cash for the assistance rendered by their presentation of jiggly bits being jiggly...but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

So now I find myself chosing between doing that right thing - supporting the services I use - and the secure thing. And as it happens, the secure thing wins out.

Re:Noscript wins again

[icebike]

Agreed.

I use OpenDNS to block doubleclick but they have a lot of domains they serve under in addition to their own.

I don't begrudge the advertising, I've even been known to click on it occasionally if it interests me. And I don't worry too much about the malware, running Linux and tight filters. But a few jerks like ADShufffle.com screw over all the advertiser. And I wager nothing at all happens to them.

Re:Noscript wins again

[Jah-Wren+Ryel]

What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines,

Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems. I'm sure that many would anyway, but they would at least have other options.

but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

Micropayments could solve that problem too - anonymous microcash would be almost completely immune to the kind of abuses that you are avoiding.

Re:Noscript wins again

[Maxo-Texas]

Aye!
Adblock, No-Script.

I use AVG, not sure what is best free virus scanner. Don't think the commercial scanners are significantly better (maybe not better at all) than the free ones.

Re:Noscript wins again

[symbolset]

You can subscribe to many sites like slashdot, and pay them directly.

Re:Noscript wins again

AVG has gotten pretty bad lately, though you are right about the free ones being more or less equal to the paid ones. I'd personally recomend Microsoft Security Essentials (yes Recommending a Microsoft security product does send chills down my spine, but it actually is impressively good), or avira.

Re:Noscript wins again

[CosmeticLobotamy]

A "push" credit card transaction would also solve those problems. Why is it that I can only pay for something by giving my entire credit balance to someone and trusting them to give me back everything but what their invoice says? Why can't I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits. ... I mean, the jiggly bits he has video of, not the ones between his pockets.

Re:Noscript wins again

And this is why I blanket block all ads on all sites. It's an incrediably blunt instrument, but its the only way to avoid this kind of thing apparantly.

Or you can use a Linux or Mac OS X box and not worry about it. OR you can learn how to correctly configure your Windows box.

Re:Noscript wins again

[capnkr]

I used - and recommended to MS using clients - MSE for a while, but found it annoying how often it made me wait to open up directories while it (I'm fairly certain) was phoning home to check whether something therein was suspicious or not.

Getting around that wait was as simple as opening the MSE interface, disabling 'real time protection' (whereupon said directory would immediately open) and then re-enabling 'real time protection'. But... why have to do that, so often? And having to do that, kind of makes it pointless to be running the application, anyway. This behavior persisted through several upgrades, until I finally had enough...

I use Avast on my Win systems now, it seems to be the best of the free a/v's. AVG borks end users systems with their upgrades too often for my taste, Comodo works well but is a little too 'forgetful' of what usually are persistent settings...

Re:Noscript wins again

[Karellen]

I use a debit card for online transactions. It has its own separate bank account, with no overdraft or other type of negative balance facility. When I want to buy something online, I get to the checkout page, see how much the total is, use online banking to transfer just enough money into the account from my main account to cover the cost, and then proceed with the purchase. If a retailer tries to take too much, or tries to take payment twice, or if the card number is compromised and is used fraudulently, payment requests just bounce with an "insufficient funds" error.

I think I might get charged for payment bounces, but however much that is is probably going to be less than the value of the invalid payments. And the people messing about get nothing from it.

Re:Noscript wins again

[lxs]

Sure, but nobody wants to subscribe to many sites. One or two is fine but twenty or more? Especially when most only have interesting content once a fortnight.
(I know that's not what you meant but it gets to the heart of the problem as I see it.)

Re:Noscript wins again

[hairyfeet]

As a PC repair guy with waaaay too many click happy customers I'd say your best bets in the free AV category are MS Essentials and Comodo AV. In my experience thanks to its auto sandboxing of all apps unless told otherwise Comodo is a little better protection, but of course as with most of the "smart" AVs it has a bit of a learning curve, and will ask you questions for about a week until you've launched all your daily apps. Nice thing is it has built in limited whitelists with core Windows system behaviors so it don't bug you when Windows is doing what it is supposed to be doing, like scheduled tasks. MS Essentials doesn't ask you squat and is pretty unobtrusive but I wouldn't recommend it for those that are click happy or go to dodgy sites because of its lack of sandboxing and registry virtualization so if anything does manage to get past it your borked. But it does have a good detection rate and is a hell of a lot less bloated and buggy than AVG.

As for TFA this is why I install Firefox with ABP on every customer's PC and show them how easy it is to use. by having them block ads I've found their rates of return because of infection dropped by a good 80%. While I understand that sites like /. need to make money, having their PCs turned into a zombie or having their CC stolen by a keylogger simply makes ads too risky at this point in time. It is as I said that JavaScript is becoming just as big a vector of infection as ActiveX ever was. I'm sure that we'll look back in 5 to 10 years and go "WTF were we thinking?" with JavaScript just as we do with ActiveX now. Trusting third party code served up from some ad bunch with no control over content or risk is just a bad way for a site to do business. If they are gonna serve ads than maybe we should go back to simple text and picture ads which don't require code to run.

Re:Noscript wins again

[Flixie]

Flattr is on it... http://flattr.com/ From their blog http://blog.flattr.net/2010/12/claiming-content/: "Wouldn’t it be wonderful if Flattr could figure out that you own a piece of content and automatically let others flattr it, without you doing anything? "

Re:Noscript wins again

Not the only way. You can avoid connecting to websites too.

Re:Noscript wins again

Aside from using Noscript, I take its approach with Adblock too, i.e. block everything, allow only who you trust.

There are some ad networks out there that do it right. They only serve images and ads are targetted based on site content instead of violating your privacy up the ass.

projectwonderful.com is one of those. Since advertisers pick which sites to run their ads on (right from the site the ads get shown) I find interesting ads suprisingly often. Granted, they might be too small to consider for big sites.

I really don't know why Google is the leading ad network, though. Their ads are utter crap. Not that MSN was any better. I was never even tempted to click any of their ads before I blocked them.

Re:Noscript wins again

[oobayly]

Well I thought I was running a properly configured box. Everything up to date, not using IE etc. Clicked on a link and got a Google warning about the sit. Fine I thought, I'll use the get me out of here button and suddenly I'm being bombarded by AV warnings. Noticed a Java console icon in the Systray, so that was how it arrived. What was unbelievable was that within seconds every HTML doc was infected with fucking vbscript.
I gave up on windows for home use there and then and now use Linux full time (instead of occasionally), and just windows for .net stuff.
As an aside, time to install Ubuntu, about 40 minutes. Time to install XP (from slipstreamed SP3 CD), half a fucking day including a call to India to ask for an OEM number that fucking worked. None of the driver bullshit either.

Re:Noscript wins again

> If a retailer tries to take too much, ...
> payment requests just bounce with an
> "insufficient funds" error.

I used to think I was safe like that with a no-overdraft debit card account, until I went overdrawn!

The bank *will* honour all transaction requests received through the VISA network ( in my case ) regardless of funds. They claim this is because balancing occurs at the end of the business day.

The "lack" of overdraft just meant that I was charged an exorbitant fee for going overdrawn, though I managed to negotiate it down to a penny after making a protest.

Re:Noscript wins again

[KiloByte]

In most of the world there is a thing called "bank transfer". For most transactions it is even free. All you need is to know the recipient's account number, which is published by everyone interesting in receiving non-cash payments.

Re:Noscript wins again

[Pharmboy]

Ditto on MS Essentials. I made the switch about a year ago after many years of AVG, including corporate licensing. AVG is still a decent product, but more naggy and has gotten more resource hungry over the years. MS Essentials isn't perfect but seems to use less resources and catches as much or more than others. Being free is also nice. Being updated very regularly, almost daily, is also good.

Re:Noscript wins again

[Bert64]

Be careful with that, even tho you have no formal overdraft facility some banks will give you an "unarranged overdraft" and charge you stupid fees for it...
I used to use a card with an extremely low credit limit for online purchases, until i found that the credit limit isn't the limit that you can spend, its just the limit that you can spend without being charged extra fees.

Re:Noscript wins again

[Ecuador]

You think that is smart eh? Oh, boy, are you in for a suprise!
Using debit cards to be "safer" is the worst idea possible. All credit cards have fraud protection. If someone uses it fraudulently, as long as you catch it within a couple of months, you are not responsible for paying it. When you give your credit card number to someone you are giving access to your credit line, provided by your bank, not your money directly, and when they charge your card they won't draw money from you, they will post a charge for which they will get paid later by the bank and you will be asked to pay for it.
Now, if you give your debit card, you are giving your bank account. A transaction draws money from your account immediately, good luck trying to reverse that later, I mean it is YOUR money gone, not the bank's money. Then, the fact that you don't have overdraft protection does not mean much. First of all you will have the bounce fee. Secondly, there have been many instances where banks go ahead and honor the overdrawing (it has happened to me once, they charged both the fee AND overdrew the account, it was either Wacovia or Chase...) and when you ask them about it they say "because you are a good customer our system allowed it".
There are of course many other reasons for using a credit card. For example you get extended warranty (AMEX doubles 1-year warranties), cashback etc.
If you want to be secure there are virtual account numbers that many CC provide. Some of them can be set with a pre-set limit. But be careful, similar to a bank account there are times where the bank will still honor going over the limit. The difference is, you will NOT have paid it with your money. You will receive a bill showing the fraud and you will file for it to be cleared. It has happened to me a couple of times and I shudder at the thought of that being my debit card...

Re:Noscript wins again

[martin-boundary]

Ad views have become the defacto micropayment system.

I like to think of ad views as the squeegee guy at the red light intersection. He'll mess up your windscreen while you're stopped, and then on top of that, he expects you to pay him for it.

Re:Noscript wins again

[edgr]

Most of the big banks in Sweden allow you to create a temporary (virtual) credit card with a specified limit and expiry date. You type the credit limit and expiry in, push a button and it spits out a new mastercard number. At least one bank (Swedbank, one of the largest in Scandinavia) requires this kind of card for all online transactions.

Re:Noscript wins again

When such a payment bounces, the bank takes money from the people trying to withdraw. They don't like that obviously, and will try to get it back from you and are allowed to add a service charge. In Europe, you can expect to pay at least 10 Euros when that happens, of which 7.50 Euros are going to the bank.

So it's not really true "the people messing about" aren't getting anything out of that.

Re:Noscript wins again

you're not protected and you do have overdrafting even if you think you opted out. look up "set off (law)" in wikipedia. as long as you have any other business with the bank of your debit card they can take any money they think you owe them from any other payment you send them or account you have.

Re:Noscript wins again

[DamonHD]

You kinda can, eg with EntroPay that I was a founder of, you can create a new card (new number) with just enough credit/balance on it to support the transaction you want to do.

Rgds

Damon

Re:Noscript wins again

[Dachannien]

I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits.

You mean like PayPal?

Re:Noscript wins again

[thejynxed]

It wasn't phoning home. It was scanning the contents of the directory for things that may be triggered "on load", namely, malware that triggers itself into action when the directory is opened and read for a listing of contents. Such malware exists and has since at least 2002, and probably even way earlier than that in cruder forms for Win 95/98/ME. Works as intended.

Re:Noscript wins again

[Ecuador]

You are not bad on the insulting department. Not great on the how things work department though, but with that attitude you can't possibly be helped.

Just so we are clear, originally I did not think you were dumb. My tone was aiming to make it clear to you and to other people that debit cards are a bad idea regardless how well you think you have thought things through. In my second favorite forum (FW Finance) I have read so many stories about how people have gotten screwed, it is not even funny. For example, do you know that debit card transactions are processed by the end of the day in an order the Bank decides? What do you think will happen with a fraudulent charge the same day as a legit purchase? Also, did you know that normally a merchant asks for authorization before putting a charge through (and gets declined in your case if you don't have funds), but at least the VISA network also allows charges WITHOUT authorization (and think whether a fraudster will ask for authorization)? That was probably how I got a negative charge on an account that had no overdrawing and if you think a negative balance on your bank account does not mean that is your money missing, you are sadly mistaken.
  Anyway, I at least hope you don't use a really bad (customer-friendly-wise) bank (like, say, BofA).
And to re-iterate, no, I did not think you were dumb, but you did come out as a douche with your second post.

Re:Noscript wins again

Why can't I say, "Hey, MasterCard, give this guy $50."

Bank of America has just such a service. They have a Java applet (works on Windows, Mac AND Linux!) which lets me create single-use credit card numbers with specified limits and expiration dates.

I use it any time I'm dealing with an online company I don't know and trust.

Re:Noscript wins again

[whitehaint]

Debit cards with visa/mc etc logo are the same as credit cards, meaning they have the same fraud protection. CC companies are more of a threat.

Re:Noscript wins again

[Spad]

Time to install XP (from slipstreamed SP3 CD), half a fucking day

That's odd, it took me less than 20 minutes to install it into a VM this morning.

Re:Noscript wins again

[sourcerror]

Please tell me how's a Visa debit card is worse than a Visa credit card? And how is it better losing your own money vs losing someone elses money that you have to pay back?

Re:Noscript wins again

[Skater]

I've done it a couple times recently and found it was closer to the half-day mark. Don't forget the time to create the slipstream CD, then to set up the drivers that the slipstreaming ignored for some reason (audio and video, in my case), and then to download basic software and updates (IE8, Firefox, and about 84 security updates, in my case), plus associated reboots.

Re:Noscript wins again

[nosferatu1001]

Well in the UK the COnsumer Credit Act 1974 means you have no liability for fraudulent transactions. That does not apply to Debit Card transactions.

Re:Noscript wins again

[Ecuador]

Please tell me how's a Visa debit card is worse than a Visa credit card? And how is it better losing your own money vs losing someone elses money that you have to pay back?

No, that's a false dichotomy since you are not responsible for fraud.
In one case it is losing your money which the bank has to pay back to you. In the other case it is losing the bank money which you don't have to pay back to anyone.
In which case is the bank more likely to sort it out?
Also, I don't know if it is still true, but for VISA/MC debit cards you had a $50 liability on fraudulent charges, which was always waived on CC's.

Re:Noscript wins again

[NJRoadfan]

American Express used to have it (Private Payments), but discontinued it. Citi and BoA are the only ones left with the feature in the US market that I have seen. Even then its limited to certain cards each bank issues.

Re:Noscript wins again

[SuricouRaven]

The serial numbers printed on the computer stickers are utterly useless. If you need to reinstall windows, you're basically screwed: You need to either buy the retail version, or use the OEM's restore function...which, if they even supplied CDs for you (They usually don't) will install all their sponsored crapware too. There are times I've had to give people who have a perfectly valid Windows XP Home OEM licence a pirate copy of Home, then try to change the serial afterwards.

Re:Noscript wins again

What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines

I run a medium-sized website that started without advertising. Only last year did we insert an ad unit to the page. The click-through rate is consistently 0.20% over any interval, and 15% of users use adblock. 40% IE, 35% Firefox, 12% Chrome, 13% other (Safari, Opera, etc).

With that said, I make enough to cover the bandwidth and server costs for an infrastructure that comfortably supports 500,000 unique visitors per day. With some left over to handle the marketing, and other working costs of the website (a few writers, etc). The profit margin is essentially zero.

I drive a Pontiac Vibe.

Now, we did a test for about 8 weeks, where we emulated many of the larger websites on the Internet, where we had a skyscraper along the right side, and a medium rectangle within the content, and possibly a small link bar or small banner at the bottom of articles. We saw the click-through drop to 0.12%, but the overall $$ increase by almost 90%. I can see why websites throw as many ads as possible onto the page.

But, here's the problem. Once a user clicks on the ad, they leave the website. Many users are more casual than before. They don't remember URLs as much, and getting into that user's top 10 sites per day, is difficult. By keeping the ads to only 1, we increased visitor loyalty, and absolute click-throughs within in the site. Users started reading more articles, discussing more concepts, posting more content, etc.

There's an element of "trust" involved when you visit a site that doesn't hound you with popups and other ads. Every time I search on Google for something, 50% of the time I end up on some made-for-adsense blog or gateway page that offers nothing, or has a 200 word article full of keywords and fluff.

Re:Noscript wins again

[NJRoadfan]

They don't even have to be click happy. They just have to browse to a page with a poisoned banner ad that exploits a buggy plug-in like Flash or Acrobat. In the real world, nobody has time to make sure that things like Flash, Adobe Reader, and Java have the latest security patches installed.

Re:Noscript wins again

[theskipper]

Quick, someone grab the Modalizer gun. We're gonna need a mixed dosage on this one...a healthy dose of -1 Troll, lots of -1 Clueless and some -1 Flamebait.

Then throw in a few drops of +1 Funny just for kicks.

Re:Noscript wins again

The account number is also all you need to know to transfer money *from* a recipient's account. This is why you're able to transfer money from your bank to vanguard *from* vanguard.com, and is essentially how checks work and why people who published uncensored pictures of their $2.56 reward check from Knuth caused bank fraud problems. AFAIK banks don't provide truly one-way payment credentials.

Re:Noscript wins again

[drinkypoo]

Why is it that I can only pay for something by giving my entire credit balance to someone and trusting them to give me back everything but what their invoice says?

It's called paypal.

Re:Noscript wins again

[drinkypoo]

You're obviously not including the required updates which are larger than the OS even after installing SP3, the runtimes which are as large as the OS, or the variety of required reboots mixed in between them. That, or you didn't really do a complete install.

Re:Noscript wins again

[mlts]

Careful on that. Banks at their discretion can honor the charge, then sting you for big fees, as well as the difference in the amount.

What you really want is to get one of those disposable cards from your local 7-11 that allow one to load money on it. Then use that card for all your credit card needs. This way, when the value reaches 0, it reaches 0, and no bank can start stinging you with extra fees.

Re:Noscript wins again

[mlts]

This analogy can't be better. To boot, the guy gets mad when you ignore him.

I'd take the guy trying to rub a filthy newspaper on a windshield over the ad guys though. At least the squeegee guy gets too belligerent, he will get taken down. Ad companies can be as aggressive as they want without fear of reprisal.

Re:Noscript wins again

But isn't PayPal evil because they refused to do business with Wikileaks?

Re:Noscript wins again

It's half a solution to your problem, you need to block port 80.

Re:Noscript wins again

[Lorien_the_first_one]

Hmmm. I've read down to the bottom and I don't see anything like this:

http://www.freerepublic.com/focus/f-news/2486741/posts
90% of Windows 7 security issues go away if users are not admin and UAC is turned on.

This thread also has discussion about how hard it is to write programs that don't require admin to run. Quickbooks and Quicken are two that come to mind - they are two of the worst examples of how hard it is to get stuff work as non-admin.

The difficulty in getting stuff to work as non-admin is a topic worthy of discussion, but few talk about it as it's not well known by the public. The failure of the OS vendor and application vendor to get their heads together and cooperate on security needs to be highlighted so that there is at least full disclosure.

While I applaud your efforts to attain security for your customers, this part of security needs to be explained to them. I do that for every PC I build for someone else. I let them know that they have a choice. They could either put their butt out in the wind for all to see as admin or, they could set up an admin account for maintenance and run as a limited user for everything else. Heck, with Windows 7, you can even set up automatic update notifications for non-admins so they never really have to login as admin unless they need to install a new program or a printer.

For me, this is the first layer of security and everything else follows.

Re:Noscript wins again

So... the reason you don't have convenient bank transfers in the US is that your banks let anyone take money out of anyone else's account? Are you sure that is an actual problem?

Re:Noscript wins again

[mcgrew]

Also a good reason to use a *nix based OS rather than Windows. AFAIK, "Drive-by" infections of Linux, Mac, BSD, etc are virtually impossible.

Re:Noscript wins again

[capnkr]

If it wasn't phoning home, then why the opened network connection and subsequent traffic, coinciding with these slowdowns?

Anything to do this line in the settings, which you *must* agree to?

"Send basic information to Microsoft about software that Microsoft Security Essentials detects, including where the software came from, the actions that you apply or that Microsoft Security Essentials applies automatically, and whether the actions were successful."

Seems to me, that once MSE had checked and "OK'ed" a directory, it wouldn't need to do so again, had nothing in that directory changed...

At any rate, and whatever the reason, the poor performance made me give up on it.

Re:Noscript wins again

[GameboyRMH]

Just use NoScript + Flashblock instead of Adblock. No danger from scripts, no popups, no Flash, but most ads are still displayed so you're supporting the sites you surf.

Re:Noscript wins again

[hairyfeet]

Maybe your bank just sucks? I never worry about using my debit online because if a retailer double dips or pulls any other shit I just walk into the bank and say "I ordered something online and they overcharged me" and the girl behind the counter goes "Oh don't you just HATE that? It happened to my husband last month!" and she types on the keyboard for a minute and then says "There you go, it'll take about an hour for the system to update and then your money will be back. Have a nice day!" and that's it. One of the nice things about sticking with a small bank over supermegabank.

As for TFA? Sites can scream about going broke but it is their own damned fault. You want us to pay for your content by opening us to to a possible infection or CC fraud via a keylogger just because you want to outsource your ads to some third party? Then don't be surprised when we block your ass en mass. I've cut my customers repeat infection rate a good 80% by switching them to Firefox with ABP, and from talking to other local shops most are doing the same. JavaScript is becoming another ActiveX and sandboxing is just putting band aids on a bullet wound.

If we are gonna allow third party code from just anywhere with NO oversight to run then perhaps we need to toss JavaScript and start over with a new language designed from the ground up for security. Or even better ban third party ad servers from using JavaScript and go back to text and animated GIFs for ads. But until things change I think you'll continue to see more and more sites finding their ad revenue falling like a stone because the current model is simply too dangerous. When I can lower repeat infections by over 80% simply by blocking ads? Then the entire ad delivery system is broken.

Re:Noscript wins again

[mcgrew]

Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems.

It's actually the fault of advertisers web sites that adblock exists at all. Screw 'em if they can't be responsible.

There's no reason to use popups, popunders, flash, or javascript for an ad.

Re:Noscript wins again

As a PC repair guy with waaaay too many click happy customers I'd say your best bets in the free AV category are MS Essentials and Comodo AV.

Have you looked at the MalwareBytes.org A/V product? I've had more success with it on my WinPC "repairs" than with Comodo AV.

Re:Noscript wins again

[hairyfeet]

Then you are doing it wrong I'm afraid. Use the combo of XP ISO Builder and RyanVM and you are looking at maaaybe 20-30 minutes, and that is if you want the full customized unattended install with everything from the desktop to services preconfigured.

For XP X64, Vista, and Windows 7 I've found having WSUS Offline makes it trivial to bring a machine from fresh install to fully patched. It will even integrate service packs if you so choose, but I prefer to simply have a disc with the latest service pack slipstreamed so WSUS Offline can fit all the X86 on a single DVD and all the x64 on a second single DVD. That way I just require 2 DVD to update ANY Windows OS from Win2K- Windows 7 X64. Just burn a new Driverpack disc every couple of months and that will cover a good 90% of the hardware out there, more if you go to the forums and pick up the third party packs like TV cards and funky drivers for things like Bluetooth.

Finally for software your old friend Ninte has that covered, with more than 90 of the most common apps in x86 and x64 with NO toolbars or other crap to worry about, and you can even suggest your favorite apps and they will check them out and often add them. I personally like Klite Codec pack because of its hardware acceleration, so I suggested it and voila! There it is. And the apps are constantly being updated to the latest version, all unattended and ready to go. Finish it off with Filehippo Update Checker so the user doesn't have to worry about keeping up when the latest version of an app has been released. And all is gravy. Time? Maybe an hour and a half on a slower P4, less than an hour on most modern systems.

So now instead of all the BS I simply run WSUS offline once a month after Patch Tuesday, burn the two DVDs (x86 and x64) it automatically produces for me which also has all the Office patches included, and check driverpacks Base app once every month or so to make sure I have the latest X86 and X64 drivers. my actual time for doing so is maybe 5 minutes, since I can simply launch the apps and let them do the work. So if it is really taking you a half a day then you are simply taking the long way about it. So please enjoy these free tools and not have to deal with the long wait again!

Re:Noscript wins again

Do yourself a favor and don't mention this within eyeshot of Kyle over at HardOCP...this will earn you a permanent ban. No discussions, and when you try to discuss it, you get a round of "I'm so awesome, I do all of this work for you for FREE" yadda yadda, as if to negate the facts because they've chosen a shit poor method of income. I'm all for supporting good sites, I love to donate to sites that earn it.

I now have to rethink the critical thought process of any "tech editor" who takes this kind of contrary stance based off his income. How do I trust someone's analysis when I know they will toss security to the wind for cash? How else does money affect their decision making? Are the products they review that good? I dunno, I'm losing more and more respect for places like this who would rather ban hammer and insult than work with people. It seems wrong, I dunno.

Re:Noscript wins again

[AlexiaDeath]

A small word of warning to Comodo users - it WILL mess with your GIMP install and prevent it from loading its plug-ins. If you cant open jpg files with GIMP and you have Comodo installed, go tell it to behave.

Re:Noscript wins again

[prestonmichaelh]

You just need a better credit card. There are tons of cards out there, with no annual fee, that let you create virtual account numbers with set dollar and time limits. For example, I have the Citi Forward Visa that has no annual fee, pretty good rewards, and free, unlimited virtual account numbers.

Anytime I need to pay for something on a site I am not that sure about (sometimes due to shadyness, sometimes due to hard to get out of auto-renewal), I create a virtual account number online, set a limit at or maybe $5 over what I need to pay them (in case tax works out differently or something) and set a time limit of a month. Then I give them a one time use number and limit my liability to just the amount I want to pay them, for the shortest time possible.

Re:Noscript wins again

[tibit]

A transaction draws money from your account immediately, good luck trying to reverse that later, I mean it is YOUR money gone, not the bank's money.

Do you have trouble reading?

There is no money in the account, ever, except when I'm just about to buy something, and then only enough to pay for the thing I'm buying. I never have to worry about reversals, as no unauthorized payment can be taken to be reversed.

LOL. It doesn't matter whether you have money in the account. One day you'll wake up to a negative balance, and guess what: the bank will have you pay it, or your credit rating will take a dump.

Re:Noscript wins again

Ever heard of PayPal? Login, type in someone's email address and how much you want to send them, and click send.

Re:Noscript wins again

[Karellen]

Just so we are clear, originally I did not think you were dumb.

Hmmm....

You think that is smart eh? Oh, boy, are you in for a suprise!

Ah, yes. The thinly-veiled, plausibly-deniable version of "I think you're dumb". Well, excuse me for reading between the lines.

with that attitude you can't possibly be helped. [...] you did come out as a douche with your second post.

Or, maybe that's just the attitude you inspire in people (well, it worked for me) and you just suck at helping them.

Re:Noscript wins again

[Ecuador]

If you want to read "between the lines" there is a difference between "You think you are smart eh" = "I think you are dumb" and "You think that is smart eh? Oh, boy, are you in for a suprise!" = "Nice theory, doesn't work when the everything is rigged to go against consumers".
So if you don't get the difference, read just the lines and not between them.

Re:Noscript wins again

[I(rispee_I(reme]

I have had fine results from ClamAV for windows. The underlying engine is GPL and cross-platform, and it uses a peer-to-peer network to share virus signatures between users, so your virus definitions are always up-to-date. This requires negligible bandwidth.

I'm uncertain how it avoids corrupt data being shared, but it seems to work well- I've ran several suspicious executables on virtual machines to test it, and it quarantined each of them. Strangely, it also gives the standard AV false alarm on many key generators.

That shouldn't be a problem here, since we all only run properly licensed software, right? ;)

Re:Noscript wins again

[VortexCortex]

Debit Cards Can add security, they are also not secure at all. I would like to see mobile payments (such as the Nexus S now supports) become commonplace -- it's more secure.

Until then I use a personalized rechargeable debit card I purchased at my local grocery store to make purchases in RL.

It costs $3.00 to put more money on it, I can use it at ATMs, I can use it online, I've even used it where a "only credit cards" were required.

This costs more than just using my actual debit card that is linked to my account, but if the number is stolen (e.g. by my Waiter, or from a lost wallet), they can only get the $100 or so that I have placed on the card. I throw away the card and get a new one.

For online purchases I typically use my credit card and generate a one-time-use card number.

The banks call this software by different names. Citibank calls it Virtual Account Number. Bank of America calls it ShopSafe. Discover calls it Secure Online Account Number. Under the hood, they are pretty much the same thing. The software is made by the same company: Orbiscom in Dublin, Ireland. Orbiscom is recently acquired by MasterCard for $100 million.

as discussed here

One day at work, I took my wallet out of my pants prior to crawling into a trash compactor...
When I climbed out, my wallet had been stolen. That same day I went to my bank, Wells Fargo, and reported the incident. They told me I would have to get a new account, so I did. I closed my account, got a new account, new account numbers, purchased new checks, ordered new debit-cards.

One week later someone used my "deactivated" debit card for the closed account to charge a $515.00 room in a hotel on the other side of the country. I was irate to say the least, what was the point of getting a whole new account if my old card could still be used? Furthermore, when I refused to pay for the fraudulent fees on the closed account, why did the charge against the closed account get deducted from my new account? Clearly, the Wells Fargo employee was more concerned with the perks they get for new account sign-ups, than with canceling my old card. I immediately closed my "new" account and went to a different bank.

Moral of the story: Don't trust anyone, they are all crooks. I still "owe" Wells Fargo that $515.00 plus double overdraft fees ($0.00 balance in the first closed account, so it magically rolled over into the second closed account and created MORE overdraft fees). I refuse to pay Wells Fargo any of the fraudulent charges, luckily I signed up with a new bank before that got on my credit report; No bank will give me a new bank account until the "bad debt" against Wells Fargo is remedied.

Re:Noscript wins again

[LO0G]

Running as a non-admin has been a Windows logo requirement since 2000. So MSFT has been asking people to write for non admin accounts for over a decade. They've also provided resources to help developers switch to non admin accounts.

The problem is that developers are lazy. Even though getting an app to run as a non-admin is good for your users and it isn't that difficult (basically you need to avoid writing to system-owned locations), people won't do it without a forcing function.

That's actually why UAC exists - it acts as a forcing function on developers. If they write their apps so they can run without being an admin, they can avoid the annoying popup. If they don't, they can still run but their customers get annoyed by the popup every time their app runs.

And it's really not that challenging to get the vast majority of the apps out there running as a non-admin user (I've done it before). In reality, very few apps require admin privileges to do their job and for them, there are ways that it can be managed (bifurcate your app into a UI element and a demand-start service that runs as LocalSystem (you can even use a COM object for this), then IPC to the service when you want it to do something).

Re:Noscript wins again

[I(rispee_I(reme]

"Drive-by" infections of Linux, Mac, BSD, etc are virtually unprofitable.

FTFY.

Re:Noscript wins again

[Mike+Van+Pelt]

I don't block ads, because as others have said, I do want to support the web pages I like, but I also run NoScript. No advertiser needs to run scripts on my browser to show me an ad. I never permit ad servers to run scripts.

Well, hardly ever. Not intentionally. Sometimes, a web page I want content from is balky due to some javascript not getting enabled, and I've hit "allow all this page", though usually in that case, I hit "temporarily allow all this page."

Every now and then, I audit my NoScript whitelist and remove anything that's an ad server. What I really should do is get a list of all ad servers and blacklist them in NoScript.

Re:Noscript wins again

[mcgrew]

"Drive-by" infections of Linux and BSD are virtually unprofitable (or completely unprofitable), but they sell millions of Macs every year. AND, they are still virtually impossible because of the way Windows decides whether or not a file is executable.

Re:Noscript wins again

[default+luser]

Debit cards with visa/mc etc logo are the same as credit cards, meaning they have the same fraud protection. CC companies are more of a threat.

This is true...now. But that's a recent change. Fraud on debit cards used to be handled by the bank issuing the card, and they often could do nothing for you (or WOULD do nothing for you). I'm certain that the bank still handles debit card fraud today, but the threat of Visa badgering them means they might actually try to help you.

That said, unless you have an exotic setup like the grandparent with limited funds and no overdraft, you're still better-off with a credit card. This is because the money charged against your credit account has a grace period before you need to pay (and in the case of fraud, you won't have to pay until the case is resolved), whereas money fraudulently removed from your bank account is gone until the fraud is resolved.

I'd personally rather have cash-in-hand if someone raped me online.

Re:Noscript wins again

[oobayly]

I'm going to have to reread this when I've had a little less wine in the evening so that I can see how it's done with less grief.
However all I can say is, therein lies the problem: 4 paragraphs to describe installing and patching an OS to bring it up to spec. This is all well and good for business use, but this was my home laptop.
Don't get me wrong, what you've said looks pretty helpful, it just winds me up that's it's so much hassle in the first place.

A description of what I did to install Ubuntu:
Download ISO
Download unetbootin
Write ISO to usb stick
Restart machine
Install Linux
Download patches & new kernels
Restart
Try to find best app to burn CDs
Curse while tring to find best app to burn CDs

The last two steps were the most agro I had, as WMP really is a piece of piss to use to rip CDs, tag & retrieve album art (even if you take issue with MP3/WMA)

Re:Noscript wins again

[oobayly]

To be honest, I just called MS, told them XP wouldn't accept the serial and that I refused to use the OEM CD as it was rubbish. I explained I was using an XP Pro CD and that I had a license. I did get admonished for saying it was "bullshit" that I've paid for a license and they wouldn't allow me to use the OS I paid for. Apparently it's not professional to curse on a consumer helpline!
It may have helped for me to say "fine, I'll use a pirated OEM number, as the sticker on the machine says I've a license".
In short, if you're willing to waste some time, they'll provide an OEM license.

Re:Noscript wins again

[jroysdon]

BankAmerica's ShopSafe virtual credit card online app lets you do just that. You ask it to generate a temporary card number (you pick how long it is good for, I think a minimum of the current month + 1 month) and you pick the amount. I've been using this since back when MBNA had it and they offered the LinuxFund card (before they cancelled it and LinuxFund had to move to US Bank)

CitiBank has a Virtual card option as well, but gives you no control as to limiting the length and amount, but it is still limited to the current month + 1. I figure this is good enough, and worst case I can always dispute the charges.

As the accounts these cards are used 100% online, it's easy to keep track of what I bought. I wouldn't mix these cards with physical card usage (which I could do as I have permanent numbered physical cards), but the whole point for me is to be able to keep the physical card limited to places I really know, and the accounts with virtual card options to just online.

Re:Noscript wins again

[jroysdon]

I've gone a step further than not using my Debit Card and even replaced my Debit Card with ATM-only cards and then destroying my Debig Card. That's right, I don't want the VISA/MC digits. I want it to be ATM-only and require my PIN.

Re:Noscript wins again

[hairyfeet]

Actually my way is even simpler:1.- Install Windows from disc (you can slipstream if you want, but frankly just having a relatively recent disc with the latest service pack installed is just fine) 2.- Run Driverpack disc on first boot, or just run it from flash and let it do its thing, 3.-Run WSUS Offline disc, let it do its thing, 4.-Go to Ninite and pick the apps you want (it will do an unattended install of all picked apps for you) 5.-There is no step 5.

Sorry if it looked more complex than it actually is, I simply gave detailed explanations of each tool when their actual usage is "clicky clicky" simple. Hell my 15 year old on his first try made his own custom XP Sp3 disc, complete with theme packs and all kinds of add ons and fully unattended.

As for burning CDs, do you want simple or fancy? Because in windows there is IMGBurn (which is on Ninite so you can simply check the box) which has all the options and sub options you could ask for, or there is Ashampoo burning free, which is so simple my clueless Aunt Sue burns her own DVDs with it. Either will give you nice trouble free burns, it is more of a preference thing really. And while I'm glad you found an OS that works for you frankly Ubuntu and Linux is too much of a PITA for me. Too much time spent trawling forums and looking for "fixes" thanks to badly or non existent support for hardware, and the always lovely "update foo broke my drivers" mess.

The machine I'm typing this on took a grand total of 45 minutes to install and that was nearly 3 years ago. The XP Sp3 is fully updated, as are the apps, and NO BREAKAGE. Frankly I never did get Ubuntu to do a single upgrade without some, usually multiple, drivers shitting themselves and dying hard. I fix PCs six days a week, I sure as hell ain't gonna waste what little free time I get dealing with OS issues. For me and my customers Windows "just works" as long as you stay away from the den of evil known as Vista. Good luck!

Re:Noscript wins again

[I(rispee_I(reme]

Perhaps you misunderstood?

My correction of your comment was intended to point out that "drive-by" infections are far from impossible on Linux, BSD, or Mac, but rather, no one bothers to find such exploits because the market segment is minuscule compared to the low-hanging fruit that are machines running Windows.

Just because the neighbors leave their front door wide open doesn't mean your burglar-repelling underwear are functional, to make 3 AM analogy.

Re:Noscript wins again

Micropayments could solve that problem too - anonymous microcash

http://www.bitcoin.org/

Can't say I'm surprised...

[TestedDoughnut]

Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago. With that in mind, I can't say I'm really all that surprised that advertisers would be the source of ad/spy/malware...

Re:Can't say I'm surprised...

I've used mvps' hosts file for years. No plugins to deal with and they block ads in all programs, not just the browser.

HOSTS files are the way to go.

It's the second thing I setup after MS Security Essentials.

Re:Can't say I'm surprised...

[gmhowell]

Oh no, between you and the AC, you've mentioned HOSTS files twice. If you mention them a third time, the apk troll shows up, like a techno Candyman with Tourette's.

Re:Can't say I'm surprised...

16++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
http://blog.fireeye.com/ [fireeye.com]
http://mtc.sri.com/ [sri.com]
http://news.netcraft.com/ [netcraft.com]
http://www.shadowserver.org/ [shadowserver.org]

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.

11.) HOSTS files are EASILY us

Re:Can't say I'm surprised...

[maxwell+demon]

Let me add one disadvantage of host files vs. AdBlock/NoScript & Co.:

The host file approach is completely unusable on machines where you have no root/admin access. And even on networks where you have root/admin access, but don't own the network and are not the one responsible for networking, you may get into troubles if you try to change host files. OTOH, Firefox plugins can be installed at the user level, without a need for root/admin access, and since user-installed plugins only affect the single user (i.e. you), they are much more likely to be accepted.

Re:Can't say I'm surprised...

Picking on people on the internet is fun and all, but in cases where mental handicaps are clearly involved you should be more understanding. It's pretty clear that APK is likely quite autistic...

Re:Can't say I'm surprised...

[Kalriath]

They're also completely useless in proxied environments. Or at least, properly configured ones.

Re:Can't say I'm surprised...

How about Privoxy?

That way you can do *.domain.com or even ads.* or /ads/ filtering.
Hell, it'll even let you rewrite pages in-flight with regex, I use it to strip ads from Hulu and rewrite pages that break when using NoScript.

Combined with an outbound firewall, you selectively force applications to go through the proxy for 'net access.

Re:Can't say I'm surprised...

Egads, not this again.

If you're going to copy-paste comments like that, at least get the links correct.

Re:Can't say I'm surprised...

[Lorien_the_first_one]

Ah, yes. I recall that Super AntiSpyware does this automatically. It will redirect blacklisted website addresses to the loopback. Interesting.

Re:Can't say I'm surprised...

[drinkypoo]

You say that like "properly configured" means that the proxy will be doing all name resolution, but you could not be further from the truth.

Re:Can't say I'm surprised...

[Kalriath]

Ok, maybe I should clarify - "properly configured" is one where the environment doesn't belong to you - i.e corporate or even home where you're not the admin. In those cases, you should not have the ability to resolve before requesting content from the proxy.

Re:Can't say I'm surprised...

[vlueboy]

YMMV: Spybot hostsfiles and this mvps.org list twice affected my protégées' Windows stability until restored to empty files.

You should reboot and test uniquely-cached sites at each PC before you leave. Beyond 100,000 host entries Windows 2000 SP4's DNS cache may cause get 2-minute delays prior to the login screen. Slowdowns for the large amount of DNS comparisons per website reached supposedly even affected XP, though I can't really vouch noticeable issues here. Dual-core computers do not seem affected, but we know relatives and businesses get stuck in the past with Win2k, and you might remember the advice down the road.

MSN sucks! This would never happen to Google!

Oh wait... Google's doubleclick got tricked too.... okay, nevermind.

  -The Anonymous Google Fanboy

Re:MSN sucks! This would never happen to Google!

[icebike]

Quote Story:

A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.

So, MSN was clueless. Google was merely slow to act.

Re:MSN sucks! This would never happen to Google!

Quote Story:

A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.

So, MSN was clueless. Google was merely slow to act.

I thought you were going for funny/irony, but I see you are modded informative.. Nothing in the text whatsoever supports a conclusion like that. Nowhere does it say MSN was slower to react than Google. You are really proving the point GP was ironizing (word? :) over.

Re:MSN sucks! This would never happen to Google!

[jimicus]

Does seem a little odd. Google has malware filters for ads, the filters detected the malware but (and this is the big but) not before it had been served out for a while.

That sounds rather more like a human malware filter than a machine one.

Re:MSN sucks! This would never happen to Google!

[m_ilya]

Testing ads for malware presence is not as simple as testing an executable for a virus because in general case ad is a combination of Flash, JavaScript and HTML documents hosted on 3rd party servers which may change content of these documents at any time. This means the testing machinery have to do repeat tests all the time but given that there are many creatives in ad network there is a limitation on how quickly you can do repeat tests. If malware author is smart and for example implements a strategy where malware is active only on each 100th impression it may take quite long time to detect the problematic ad.

is there anyone left NOT running adblock?

Both of you should install it.

And who the fuck has their machine set up for "drive by downloads" in this day and age? After the last decade of headlines about malware? Really, what kind of idiot to you have to be to run a machine configured like that these days?

In the early days, yeah, shame on the malware people. But fool me 48120912312 times? Shame on me.

Re:is there anyone left NOT running adblock?

[scdeimos]

Really, what kind of idiot to you have to be to run a machine configured like that these days?

How about 90% of the people on the internet, those who are in the "mom and pop" or "poor student" class of user and don't actually know anything about computers except for turning them on and off, and double-clicking the Outlook Express and Internet Explorer icons.

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

Re:is there anyone left NOT running adblock?

[MichaelSmith]

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

Then my mother would have no access to the internet. She only uses three or four functions on her ubuntu system and I reckon its pretty safe.

Re:is there anyone left NOT running adblock?

[Push+Latency]

Don't forget the folks who believe it's morally wrong to block ads. I had a long conversation with a college professor of programming who believes that quite strongly.

Re:is there anyone left NOT running adblock?

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

There really should be standards for browsers on the internet - you don't let cars with a gas pedal on the left on the road, do you?

The problem with IE is insecure defaults. A browser that allows auto-install by default is BROKEN. Same deal with "hide extensions by default"... sorry... MS's stupid defaults are a pet peeve. It's such a simple and obvious thing, and their reputation wouldn't be nearly as bad if they just fixed their defaults.

Re:is there anyone left NOT running adblock?

[countertrolling]

There really should be a license requirement for using computers on the internet

No way! Next you'll be demanding sobriety checks. So let's just nip that dumb idea in the bud, shall we?

Re:is there anyone left NOT running adblock?

[scdeimos]

Exhibit A: Beer Goggles for Gmail :)

Re:is there anyone left NOT running adblock?

[arkhan_jg]

We require training and driving licences because failure to control a ton and a half of metal and plastic at high speeds can easily kill people, including the driver.

Your mom getting a virus, thus needing you to go and clean her machine yet again does not rise to quite the same level of public safety. What's the next licence, being allowed to use a mobile phone in a public place?

Re:is there anyone left NOT running adblock?

We require training and driving licences because failure to control a ton and a half of metal and plastic at high speeds can easily kill people, including the driver.

Your mom getting a virus, thus needing you to go and clean her machine yet again does not rise to quite the same level of public safety. What's the next licence, being allowed to use a mobile phone in a public place?

If you hadn't noticed. Your moms virus infected computer occasionally kill people. There are both unintended and intended attacks from bot-nets against hospitals (even if only databases with patient information that go down, it may kill people, not to mention obvious things like life supporting machinery controlled by a PC), vital infrastructure, human rights groups et.c. When your mom want to show of picture of her grandchildren, she brings a USB-memory to work, I hope she doesn't work in a hospital, or a nuclear plant, or somewhere with computer controlled heavy machinery, or a bank, or... . So the car analogy holds, a virus infected computer is as dangerous as a car with a drunk driver.

It wasn't a good idea to use standard PC:s with a MS OS to run vital equipment, or even important administrative tasks. It was a really bad idea to hook up computers doing anything important to internet. But as it is, this is standard practice, your moms virus infected computer may very well be the last straw that kill someone.

Re:is there anyone left NOT running adblock?

Are you retarded? Since when did not knowing how to use a computer kill anyone? Good lord.

Re:is there anyone left NOT running adblock?

[couchslug]

"There really should be a license requirement for using computers on the internet "

No. Mistakes on the internet are annoying and trivial compared to tens of thousands dead and far more maimed every year on the roads of the US alone.

Adding another government bureaucracy so we can feel good and accomplish nothing would be expensive and stupid. A

s for the idiots (this IS supposed to be a site for the technically literate) who agree with you on the license, may someone kill them in their sleep so they don't breed, That level of stupidity is not worthy of respect.

Re:is there anyone left NOT running adblock?

[RobertLTux]

and what i say to those people is
sure i will stop blocking ads when

1 every provider can certify under penalty of law that the ads being served are relevant safe to view and are less than 10% of the page content

2 everybody stops cramming 60% of a given page with various ads cross site links and widgets so that an article thats 4 paragraphs does not need to be on 8 pages because the content pane is smaller than a postit

3 everybody also stops doing videos for everything and actually writes articles (a video of a talking head should be replaced with what the talking head said)

Re:is there anyone left NOT running adblock?

morals, schmorals.

those that believe so strongly that ad blockers are bad deserve to be stuck with an unpatched winxp and ie6 without so much as NAT between their pc and the wild wide open internet.

Re:is there anyone left NOT running adblock?

[Skater]

1 every provider can certify under penalty of law that the ads being served are relevant safe to view and are less than 10% of the page content

How did you decide on 10%? I was just thinking that the Simpsons episodes these days are about 22:30 long. That means about 25% of the 30 minute "content" is ads. I wonder what percentage of a magazine or newspaper are ads... 50%?

Re:is there anyone left NOT running adblock?

[SuricouRaven]

And 4) Even under these conditions, ads will remain blocked on any connection for which there is a fixed transfer limit and overuse charge. I'm thinking mostly of mobile phones and internet. Ads are huge. Due to their need to attract attention, the old GIF banner just doesn't cut it any more: Many ads now are interctive flash files with many component graphics, scripts and even audio embedded.

Re:is there anyone left NOT running adblock?

[drinkypoo]

There really should be a license requirement for using computers on the internet

Agreed. You just proved you're a massive douche, so I'm revoking your license.

Re:is there anyone left NOT running adblock?

Meh! The usual inversion of responsibility.

Better yet, regulate and license advertising software used on the Internet and
the programmers who write it.

Create serious fines and jail time for violators including proxies.

You'd see a whole different commercial environment almost immediately.

Re:is there anyone left NOT running adblock?

Then tell him to pay for the repair bills for those infected by what he so strongly believes in.

He sounds like those in favor of more deregulation of big pharma....'cause they don't hurt people...and they have to make money!

Or you could just plainly state that those who blindly support that which hurts other solely based on revenue are human turds....I'd love to hear his argument for that one.

Re:is there anyone left NOT running adblock?

[mlts]

You don't want a license requirement. You really don't. What will happen is that a "license" for access to an open, unfettered device like a standard PC would be harder to get than a class 3 automatic weapons license for a pistol in NYC, DC, or SF. Someone with connections and a rich family would have it. Everyone else would end up with completely locked down desktops with F/OSS being a happy memory.

Instead, what we need is to focus on programs and research in this security arena. Some examples come to mind:

1: Sandboxie functionality on all platforms, where all writes are redirected, essentially a BSD jail, but with the ability for users to save files outside of it. When the browser is closed, everything that the user has not selected to keep gets wiped.

2: Kicking developers in the rear who do not provide adequate security. If one writes for Windows, their code needs to run under DEP, support ASLR, and use a least privilege model (see DropMyRights source for how to do this right.) This isn't hard -- almost all UNIX programs have been doing this for decades. We shouldn't see the lessons learned by sendmail have to be retaught over and over.

3: Backups. Ideally it would be nice to have a separate machine store backups and have both push and pull abilities, so the stored can't be tampered with once saved off. For the most part, backup technology is still in the 1970s. It would be nice to have an OS independent format that can replace tar, support block level deduplication, compression and encryption, have cryptographic signing capabilities, support ECC so data can be rebuilt if damaged, support filesystem extensions, and be able to be used on tape, DVDs, BD media, files, or raw hard disks, support snapshots, and be usable for not just bare metal restores (restoring the filesystems, but the ODM/Registry/NetInfo/System State), but machine cloning. This way, if a box gets compromised, it can be snapshotted for forensic reasons, then PXE booted and restored (if the time of the compromise is definitely known), or just reinstalled with the data being restored (if the time of the compromise is unknown).

4: PGP/gpg built into the OS, with an OS-protected area for cryptographic keys. Everyone on the Internet doesn't really need a license, but they do need a private key to start a WOT. PGP's WOT should not just cover other users, but it would be good to have functionality to mark repositories as trusted as well.

5: A move to signed repositories. Ideally, the only time one needs to download and execute an installer directly is if it is custom code, or the machine is not kept online for security reasons.

6: Built in TPM chips that ship disabled/turned off, but can be turned on by the user. TPMs are a double edged sword, but would be instrumental in protecting the OS in case the MBR or boot sector get modified by malware. Used right, it would go a long way in protecting the core parts of the OS.

Re:is there anyone left NOT running adblock?

[RobertLTux]

easy to sort out the percentage you print out the page (it should be no more than say 3 sheets anyway) and then
subtract the print borders and then measure with a ruler the amount of space on the page and then the amount taken up by ads adspace/total space X 100 will give you the percentage.

so lets see 8.5X11 sheets half inch borders gives you 75square inches of space so you need to have less than 7.5 squares inches of ads per page

Re:is there anyone left NOT running adblock?

[Skater]

Missing the point...how did you decide on 10%? Why should the web be lower than every other media form?

coulda told ya

I could have told you that. I narrowed down the issue to MSN/Hotmail a couple days ago and was advising users to stay away for as long as possible/use adblock/noscript.

I've been dealing with removing this horseshit from end users pc's all week.

Something interesting I noticed was the malware authors were amateurs- they forgot to setup the fake HDD defrag malware to run at boot on any other user profile besides the one that was infected.

Made disinfection pretty easy...

Adblock

[Dhilung]

That is why we have Adblock.

Praise for adblock

[Matt+Perry]

This is why I block all ads and all your moral arguments and begging be damned. Ad blocking is sensible risk management.

Re:Praise for adblock

[Mashiki]

Queue people whining and crying that people are thieves and all that because they block ads. Sorry, but if you can't be sure you'll never serve malware. You'll never be allowed to serve ads which might infect my machine with something...nasty. Especially now that ransomware is starting to become the next trend.

Re:Praise for adblock

[Deathlizard]

Let em whine. I'm sorry, These ad firms put themselves into this mess.

The day ad firms decided to allow advertisers to use Flash and JavaScript in their advertisements is the day I started blocking them. Seriously, What was wrong with simple images and text? Was the monkey way too easy to punch or something?

Re:Praise for adblock

[Mordok-DestroyerOfWo]

I must have punched that spanked that damned monkey a dozen times and all it did was make my mouse hand sore.

Re:Praise for adblock

[Spad]

Cue.

Re:Praise for adblock

[Tom]

add animated GIFs to that list.

I started blocking ads when two things happened, pretty much simultaneously:

One, ad content took over a considerable part of the screen real estate and
two, ads started to distract from the actual content through animation, blinking, sound, etc.

I know advertisement is all about getting your attention, but it tries to do that in contexts where I don't want my attention diverted to something else. I don't mind advertisement on the WC or on the bus that much, it's not as if I had anything better to do there. But when I'm driving or browsing, I hate every single ad I encounter. Luckily, for browsing there is AdBlock.

And I don't like the whining, either. If you business model relies on ads, then your business model is broken. But if you absolutely want to give me ads, how about using text ads? I don't mind those, they are a ton less distracting, which greatly improves your chances of me actually clicking one instead of hating it.

Re:Praise for adblock

[houghi]

In hindsight AdBlock solves these kind of things. However I am sure that most people who use AdBlock just do not want to see ads. Not even the standard 1 banner we used to have.

People do not like ads, even though they understand why they are there.

When the ads come up on TV, I do not go "Oh, I will watch them, so I do not need to pay more for TV", I go channel hopping. I have subscribed to robinsonist.be so people will not send me snail-mail advertisement. I have a sticker that clearly states that I do not want folders in my mailbox. I use AdBlock and a hosts file to not see ads online.

So even if there would be only text ads served by the domain I went to itself, I would still try to get rid of ads.

Re:Praise for adblock

[Mashiki]

I agree, ad firms have put themselves into that mess. The reality is, they don't even realize it. I'm still wondering who had the brainwave to allow flash and js, to play outside of the sandbox.

Re:Praise for adblock

[Haedrian]

Is that what you kids are calling it these days?

Re:Praise for adblock

[SuricouRaven]

But statistically, those annoying ads *work*. They wouldn't be used otherwise - I'm sure the advertising industry has done many studies of this. People will learn to just ignore unobtrusive advertising, given time - they filter it out of their perception, and the companies then need a new way to get attention. This has just been escalating for years, with measure after measure to force through users' perceptual filter. First it was text, then images, then flashing animation. Then some person with a heart of pure evil invented the pop-up ad. Then ads started to fake the appearance of error dialogs, relying on the users' trained reaction to click the X to get rid of the message. Ads started growing more interactive, with mini-games like Spank the Monkey. Some sites started trying to force ad viewing by making it imposisble to get to the content without seeing a full-browser-window ad. They started getting sound, even streaming video ads.

I don't know what comes next. Maybe sites in another year will start requiring users answer a simple question about the advert before they can access the content, to prove that attention really was paid.

Re:Praise for adblock

[Tom]

But statistically, those annoying ads *work*. They wouldn't be used otherwise - I'm sure the advertising industry has done many studies of this.

Yes and no. Mind you, my marketing class has been more than 10 years ago, but I'm not sure if the basics have changed so much. True is that the marketing industry does invest a lot into research and studies. However, like in many other areas in business, that doesn't mean those results actually get applied. And while results of ad campaign get regularily checked, more often than not the results tell you whether it worked or not (i.e. sales increased) but not why. Which results in many, many legends that have no empirical support whatsoever, but a huge "nobody ever got fired for..." effect - basically, there are things you just do because if you don't and the campaign fails, everyone will blame it on you.

People will learn to just ignore unobtrusive advertising,

People are great at filtering out pretty much anything. It's just that the obtrusive stuff requires more subconscious processing power.

I don't know what comes next. Maybe sites in another year will start requiring users answer a simple question about the advert before they can access the content, to prove that attention really was paid.

Usually, things move in sinus-like waves. I don't know if we have reached the top yet, but I can hardly imagine how much worser it could get. So I imagine pretty soon things will start to move in the other direction, and we just may get the ad insanity under control again. Or things escalate further, until the counter-reaction is likewise strong and we will see a flat-out global ban on advertisement. Now that would be a sight to behold.

Re:Praise for adblock

[GameboyRMH]

Then don't block the ads, block the JS & Flash, or you're not really taking care of the problem. See my above post:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34534052

Re:Praise for adblock

[Bert64]

The worst thing is ads that have sound, i find them EXTREMELY intrusive and generally block such ad brokers immediately...
I like to open lots of tabs in the background (eg as i scroll down a list of news articles somewhere) and trying to work out which one is offending my ears is a huge pain.

Re:Praise for adblock

[Archangel+Michael]

Actually, it could be either Cue or Queue, depending on the meaning desired by the author.

Cue: To clue in. "I took that as a cue to start posting witty retorts"
Queue: To line up. "The witty retorts are lined up in the queue"

I have no idea which one the author intended, and neither do you.

Re:Praise for adblock

[mcgrew]

But statistically, those annoying ads *work*.

Then why are the ad agencies whining about AdBlock?

Re:Praise for adblock

[Abcd1234]

In hindsight AdBlock solves these kind of things. However I am sure that most people who use AdBlock just do not want to see ads.

I'm not convinced of that.

I'm willing to bet if advertisers returned to simple text and images, and obviated obnoxious flash and animated ads, you'd see far less blocking. These things are fundamentally a) obnoxious, and b) resource intensive, which is why I end up blocking them, and I suspect the same is true of a lot of people.

Fundamentally, for me, ad blocking is about improving the *performance* of the web. Flash is just godawful slow to load, and means I have to wait that much longer to see the content I'm interested in. Return to more simple, less obnoxious ads, and I have little problem unblocking them (as I've done on sites like Ravelry, which have done exactly this).

Re:Praise for adblock

[RESPAWN]

Hey, just think. It could be worse: you could be an IT manager for an ad agency. Try blocking ads at one of [i]those[/i] places!

Re:Praise for adblock

[mcgrew]

I think he meant "get in line."

Re:Praise for adblock

s/sinus/sine/g

Re:Praise for adblock

[Tom]

uh right. Language error, sorry. The german word for "sine" is "Sinus".

Re:I've seen stuff coming from MSN for quite somet

[scdeimos]

No, here's some prior art... http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx

Trust model

[Inf0phreak]

The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.

With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.

AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.

Re:Trust model

[mrvan]

... it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.

Erm? I would say the trust model works exactly as promised.

I trust slashdot.org (I know, silly me) and ask my browser to download and display HTML content from their domain
The HTML at /.org instructs my browser to go get and display some other content from an ad domain
I do not trust that ad domain and refuse to display their content
Everybody happy?

*Browsers*, however, need to become more explicit about this and realize that if I instruct them to get a page from x.com I don't really want to get images, frames and whatnot from Y.com. Firefox used to have an "don't display images from external sites" option but I think it was lost in translation somewhere? I would really like a general "don't download content from other domains" and more specific don't download images/javascript/flash/pdf etc from other domains" options, with some sort of statusbar notification and whitelisting.

I would say that the trust model would be broken if slashdot would serve external content as if it is part of their domain, which they could if they wanted, so we should be happy that the ad-services insist on serving their own content...

Re:Trust model

[amorsen]

You want RequestPolicy

I have to warn you that many sites have REALLY obscure dependencies.

and sandbox

[__aaeuwj6541]

and sandboxes, and no script, and external firewall devices, and backup drive images from previous weeks

Re:and sandbox

and OS X or any flavor of Linux ... que for not being most popular OS and therefore nobody cares (with malware et all)

Re:and sandbox

[jimicus]

"Que" is what the Spanish waiter Manuel said in the cult British sitcom Faulty Towers. ITYM "cue"

Oh, and pure Javascript/social engineering driven malware is starting to appear. Right now it's only annoying (it does silly things like spams all your friends on facebook) but it does exist and it runs on OS X just fine, TYVM.

Adblock is not that great a protection on its own

Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.

Much better to have secure systems inside than walls trying to block everything.

Anti virus isn't totally useless

[countertrolling]

My MS messenger has been setting off the anti-virus alarms for several months now. They come in through the ads at the bottom of the main window.

Re:Anti virus isn't totally useless

[srodden]

Another reason to not use MSN messenger :)

Re:Anti virus isn't totally useless

Pidgin?

Re:Anti virus isn't totally useless

this is why I refuse to use the default msn/aim clients - built in ads

Re:Anti virus isn't totally useless

[Bert64]

Take a given piece of malware and upload it to virustotal.com... Most malware gets missed by at least one common AV product, usually more than one...
So the question is, how much malware has gotten through and not been blocked by whatever AV you use?

Just Another Reason...

[Nom+du+Keyboard]

Just another reason to block all ads possible - as if we needed one.

Solution

[Lucky75]

For the very few oblivious people (esp on /.), here's your solution: Adblock

It's really just one more reason for me to not feel guilty about blocking ads. Sometimes I click on ads from sites which I trust and wish to support, but other than that, the hell with them.

Re:Solution

[rickb928]

How do you configure Adblock to give you the option to click on ads you want to?

Re:Solution

[heypete]

Click on the "stop sign" icon for Adblock in Firefox, then select "Disable on [sitename]" or "Disable on this page only".

Of course, there's no way to know if the ad is trustworthy before loading it...

Re:Solution

[rickb928]

That was the real question of course.

Since we can't know which ad to trust, we might as well block them all.

Or pretend that shooting trespassers after they've shot us is a solution.

Re:Adblock is not that great a protection on its o

[sirsnork]

Because it's not the web server being comprimised per say. It's the Ad network either being fooled, or willfully putting up exploit code rather than any sort of hack going on. Also considering the turnover of data/files on an ad networks servers, it's much harder for them to keep this from happening

How about Ubuntu instead of adblock?

Well there a better distro's but Ubuntu is best for doorknobs that say things like "Oh adblock your the greatest I want your juice".

Aw damn!

[countertrolling]

No wonder my centrifuges were running crazy..

Re:Adblock is not that great a protection on its o

NoScript isn't annoying at all once you get the hang of it.

Just click on the button at the bottom of the screen and say to allow/temporarily allow a site, then it won't interfere. You don't lose your protection by doing this; you allow the site you're browsing but still forbid the 3+ unknown sites which also have scripts in your page. These outsiders are where the problems come from, so you can allow the content without allowing the malware.

When the fuck will ad networks learn?

[mysidia]

ad network should serve the images/text and a link URL, nothing more

stop letting advertising providers provide custom HTML and remote-load scripts/images into ads

Re:When the fuck will ad networks learn?

[jack2000]

Some one should put an option in firefox( a native option mind you not a whole extension) that basically says break third party javascript. We'll see who wins the damn war then.

And if sites start puting bullshit javascript on the main domains then fuck em.

Re:When the fuck will ad networks learn?

They'll never do this, that way they'd end having larger bandwidth bills and their little consumer exploitation based buisness model will stop working as efficiently as it does now (Collect information, while being supplied third party ads they don't even need to host themselves). It's not going to go away, ever, unless they will be held responsible for things like this happing by a court ("Buts these are third parties").

Re:When the fuck will ad networks learn?

[jimicus]

Your idea, while clever, isn't going to solve the problem. Javascript will just wind up being pulled in at the server side rather than through <script src="http://dooberidooberidoo....">

The problem is a combination of idiot ideas concerning computer security. Read something like "The Six Dumbest Ideas in Computer History" some time - it's eye-opening and it explains a lot. In the case of web browsing and Javascript, you've essentially integrated four of those ideas into basic computer use.

For those who haven't time to read the article, I'll summarise the idiot ideas that have made it into web browsing:

1. Default Permit. Why on Earth is it the default for most web browsers to run every single little thing they download? It's completely insane - seriously, I can't think of a better way to transmit malware than to sit somebody at a computer and give them a nice easy way to download and automatically run every silly thing they can find, even if the only thing they will run is supposedly sandboxed.

2. Enumerating Badness. We tell ourselves that it's OK to do this, as long as the end user (if they must run Windows at all) does so with half-decent AV installed. But AV works by keeping a list of "things that are bad" and blocking them all - you know how long that list is these days? You only need one thing to slip the net and your system's 0wned anyway. It's the computer equivalent of having sex with every disease-ridden cheap whore you can find working the streets and hoping to Christ the condom never breaks. The bad thing only needs to be lucky once, you need to be lucky every time.

3. Penetrate and Patch. Today the issue is at the server end. Four days ago, the issue was in Firefox (latest release was on the 9th December, it fixes a number of security holes). Next week it might be in Adobe Reader or Chrome. Exactly when did it start making good sense to play whack-a-mole with security holes? You don't see them building high-security prisons out of temporary Portakabins and then tacking extra things on in a blind panic every time inmates escape, so why are so many pieces of software that are likely to be exposed to malware designed in exactly this way?

4. Educating users. Telling people not to click blindly on every ad doesn't work, as anyone who's ever done serious amounts of user support can attest. You always have some people who will click on everything that appears on their PC, if education was going to fix that it would have stopped being a problem years ago. There's a damn good reason why larger companies frequently lock their PCs down so thoroughly they may as well be dumb terminals, and it's not because the IT department is run by a bunch of power-thirsty mini-hitlers. It's because it's the only way to stop the helpdesk being overrun with people ringing in to say "I clicked on this attachment and now I've got everyone complaining that I emailed them a virus. I didn't!".

Re:When the fuck will ad networks learn?

[Lazy+Jones]

Some one should put an option in firefox( a native option mind you not a whole extension) that basically says break third party javascript. We'll see who wins the damn war then.

That would break CDNs serving JS for the site owner and cookieless domains used for the same purpose, both are considered good practice at the moment for faster web sites. In addition, it would need countless (hardcoded?) exceptions for sites like ajax.googleapis.com which are used to help users reduce traffic by caching frequently used JS libraries more.
I use NoScript and although it has its deficiencies, it generally works very well.

Re:When the fuck will ad networks learn?

It's not necessarily the ad networks. Sites want these fancy shmancy ads because they can charge more for intrusive ads. Ads where the top banner interacts with the right side ads.. very annoying and distracting for the user, good for the ad sales folks down the hall.

It's not ever going to change for the better until someone has the balls to try something new. No amount of complaining on slashdot will change anything. No amount of complaining to the sites with horrible ad experiences will likely change anything either.

Re:When the fuck will ad networks learn?

[drinkypoo]

Some one should put an option in firefox( a native option mind you not a whole extension)

Firefox is a platform, not just a web browser, and there is no substantive difference between a plugin and more crappy native interface.

Re:When the fuck will ad networks learn?

Tried the link in your sig, doesn't appear to work anymore (account suspended)

Re:When the fuck will ad networks learn?

[thoromyr]

Unfortunately it isn't just "third party javascript" and it isn't necessarily interpreted by the browser.

  - Adobe PDF: you can put in javascript and by abusing it can do bad things. Browser "breaking third party javascript" isn't going to help you there.

  - Oracle nee Sun Java: this isn't javascript and can be abused (e.g., a one-shot download-and-execute java applet)

  - Adobe Flash: what can I say, it not only sucks its a serious security hole

this list can (and I expect will) be extended by any sufficiently popular browser plugin

Re:When the fuck will ad networks learn?

[Waccoon]

It would at least make it easier for web site operators to keep tabs on what the advertisers are doing. I don't think admins are too happy to find out after-the-fact that their ad services are dishing out mal-ware.

Re:When the fuck will ad networks learn?

[mysidia]

That would break CDNs serving JS for the site owner and cookieless domains used for the same purpose

As a security admin, I would think of this as an unexpected bonus. I would love to see CDN vhost madness go away, and CDNs go away for serving scripts, images, and especially videos.

You wouldn't believe how horrible CDNs are for administrators monitoring networks, attempting to identify malware activity, and other shenanigans.

IP address information would become useful again for tracking malicious websites, abuse, and people visiting inappropriate sites.

With CDNs you block the IP address of one abusive site, and it turns out to be a CDN serving 500 other sites, 2 of which some of your people need legitimate access to.

Re:When the fuck will ad networks learn?

[jack2000]

I agree the problem is more fundamental but at least some of those can be fixed.
Which brain dead moron decided putting javascript in PDF files, P D F FILES was a good idea.
Java asks you to run things these days? so that's a step in the right direction.
And yeah flash is a overloaded with feature creep. But hey, it's adobe, what're you gonna do. Same with their recent abuses of pdf.

Re:When the fuck will ad networks learn?

[Phantom+Gremlin]

2. Enumerating Badness. ... But AV works by keeping a list of "things that are bad" and blocking them all - you know how long that list is these days? You only need one thing to slip the net and your system's 0wned anyway. It's the computer equivalent of having sex with every disease-ridden cheap whore you can find working the streets and hoping to Christ the condom never breaks. The bad thing only needs to be lucky once, you need to be lucky every time.

I'd like to rephrase your analogy a little:

I'd say it's the computer equivalent of encountering a random whore, checking a list of names of infected whores that you carry with you, and then deciding to have unprotected sex with this whore. After all, her name isn't on your list.

Unfortunately I didn't work on my rephrasing for long enough to completely maintain the spirit in which your original was written. E.g. I didn't include the colorfully descriptive phrase "disease-ridden cheap whore". But you get the idea.

Re:When the fuck will ad networks learn?

[jimicus]

Hmm. Nicely done, if a little wordy. Maybe:

"The computer equivalent of keeping a list of cheap crack-addled whores who are known to have an STD and merrily having unprotected sex with any whose names aren't on the list."

It's not just IE

[Anonymous+Brave+Guy]

The problem with IE is insecure defaults. A browser that allows auto-install by default is BROKEN.

People in glass houses, and all that.

The only time any PC I run has been compromised to my knowledge was a relatively recent drive-by download via a Java applet. The machine was running Firefox, and both it and the Java VM were fully patched. The machine was also behind a properly configured firewall, and running up-to-date anti-virus software and assorted security/privacy plug-ins in the browser. Unfortunately, none of that helps if you get hit by a zero-day exploit. Also unfortunately, I hadn't yet found where they moved the "enable/disable Java" functionality in Firefox 3.6, not that knowing that would have helped me much, because some tools I need for work actually do use Java applets and therefore the related plug-ins anyway.

BTW, I had just started browsing social news sites like Slashdot, opening a handful of tabs to normally reputable sites to read the articles (yes, really, some of us actually do). I'm pretty sure I got hit via either a third party source that AdBlock missed or a compromised comment on a blog post.

In any case, please don't kid yourself that this is only a problem for dumb Windows/IE users surfing for warez/pr0n/whatever. Just because you're running Linux instead of Windows, or Firefox/Chrome/Opera/whatever instead of IE, or visiting legitimate sites that are themselves not going to attack your system, that doesn't mean you're somehow immune. It just means you're a less likely target. Pride comes before the fall.

Re:It's not just IE

[maxwell+demon]

BTW, I had just started browsing social news sites like Slashdot, opening a handful of tabs to normally reputable sites to read the articles (yes, really, some of us actually do). I'm pretty sure I got hit via either a third party source that AdBlock missed or a compromised comment on a blog post.

A plugin which probably wouldn't have missed it (unless it comes directly from a site you explicitly surfed to, e.g. because the site became compromised) is RequestPolicy. It by default blocks any request from one site to another. However I have to admit that sometimes it can be quite some work to figure out what to enable to make the site work.
Oh, and NoScript can be configured to not allow Java applets by default, but only after explicit clicking, even from otherwise trusted sources. That way, you'll never get a Java applet running on drive-by, because you have to click every time to start the applet.

In any case, please don't kid yourself that this is only a problem for dumb Windows/IE users surfing for warez/pr0n/whatever. Just because you're running Linux instead of Windows, or Firefox/Chrome/Opera/whatever instead of IE, or visiting legitimate sites that are themselves not going to attack your system, that doesn't mean you're somehow immune. It just means you're a less likely target. Pride comes before the fall.

Yes, each of the measures doesn't make you immune. But each one reduces the probability of getting affected. At some point, the probability drops low enough that you can basically neglect it. That's not related to pride (I'm not at all proud for having to make extra effort to get a page display properly; also the reason I'm using Linux isn't related to pride, indeed not even to security, but simply to the fact that it works better for my needs; if I were a hardcore gamer, I'd probably use Windows).

Re:It's not just IE

> I hadn't yet found where they moved the "enable/disable Java" functionality in Firefox 3.6

Go to the add-ons manager, it has a tab where you can manage your plugins. You can enable or disable any plugin individually there. Check with about:plugins to confirm.

Re:It's not just IE

[Anonymous+Brave+Guy]

Oh, I know that noooooow... :-)

Unfortunately, what I didn't know was that in the minor version upgrade that moved this particular parameter, they silently turned Java back on even if you'd explicitly disabled it before, so instead of enabling it only when work required, I was running with it enabled by default. By the way, if anyone is interested in a tragi-comic demonstration of people on the Firefox team completely missing the point when it comes to security issues, here you go. Please try not to throw rocks at your screen while reading...

Re:It's not just IE

Also unfortunately, I hadn't yet found where they moved the "enable/disable Java" functionality in Firefox 3.6

Tools -> AddOns -> Plugins

not that knowing that would have helped me much, because some tools I need for work actually do use Java applets and therefore the related plug-ins anyway.

Install NoScript and block Java by default, then selectively allow it for trusted sites. It's not perfect, granted, but it should help.

Re:It's not just IE

[Bert64]

Malware will always target the largest audience..

IE is down from 95% of the target audience to about 50% or less in some places, it becomes less attractive to target... Firefox is at about what, 40%? Less attractive target...

On the other hand, flash is still present on 95% of systems regardless of what browser they run, as is acrobat reader and java so the attackers just cast their net in the biggest pond.

Windows still makes up 95% too, so its still the primary target.

As you pointed out, you still got infected despite being up to date and following best practices, and i've seen many other cases of this. What it basically tells me, is that the currently established "best practices" are flawed.

It seems the best way is simply to move yourself out of the target area, you used to be able to do that by ditching IE and using Firefox, but these days ditching windows is probably the only way. Ofcourse there's no way to tell how long (depending what you replace it with) this strategy will be effective.

Re:It's not just IE

Pride comes before the fall.

Please quote your cliche accurately, otherwise it may take on meaning.

Re:It's not just IE

[mcgrew]

OK, explain to me how you can write a drive-by exploit for a *nix OS? Because I can't think of any way at all.

Re:It's not just IE

[Anonymous+Brave+Guy]

What makes you think a *nix OS is any different to a Windows one?

Running as a user with limited privileges protects against certain types of attack, but rarely the ones most of us are worried about.

Re:It's not just IE

[mcgrew]

What makes you think they're in any way similar? Windows decides if a file is executable by its extension, where with nix OSes you have to mark the file as executable before it will run. I don't see how you could do a drive-by with that.

Trojans, sure -- any OS is vulnerable to trojans. But that's a completely different animal.

Re:It's not just IE

[Anonymous+Brave+Guy]

I suspect you're using the term "drive-by download" in a much more specific way that I am.

The process I'm talking about is this:

1. Unwanted Java applet downloads and runs.
2. Applet exploits vulnerability in Java VM to escape sandbox.
3. Applet uses the resulting additional privileges to download and execute further malware.

What protection is gained by having a separate execute permission on files, if you're already executing code that can chmod anyway?

Re:It's not just IE

[mcgrew]

Good point. I couldn't see how a drive by could chmod until I did a tiny bit of looking and found it's also a C language command.

Human factor?

[saikou]

I find it a bit odd that an extra "f" would have duped "the system". I believe what may have been happening is that human verification part of the equation could have been "hacked".

You create an account, you specify where the banner data lives, it gets submitted for an approval.

Except in this case whoever looked at the data saw "trusted" domain and figured everything is fine. Heck, the "fake" domain could have served an innocent javascript up until owners knew that banner got approved, then swapped out the script and off the drive-by script malware goes.

And then Google/Doubleclick detects bait-and-switch ("hey, we didn't approve this virus!") and it gets flagged.

Block Doubleclick and MSN ads at firewall

[Animats]

This is a strong argument for blocking DoubleClick and MSN's ad server at the corporate firewall.

Re:I've seen stuff coming from MSN for quite somet

I've been seeing this for the past few months. First I was wondering where the "PC Antivirus 2010" virus was coming from (this one pretends to be an antivirus product). Then one day I saw it's popup from a random message board (googling for some information led me to that particular board). Since I was on my Fedora box at the time it didn't affect anything. However I traced it back to the ad that came along with the web page. Don't remember which ad network it came from though.

This drive by thingy everyone is talking about

[Ismellpoop]

well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.

Re:This drive by thingy everyone is talking about

well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.

Yeah, you've gotta do it manually. Open up a terminal and run 'rm -rf ~/' and it ought to be a close approximation.

Re:This drive by thingy everyone is talking about

Hey, you forgot the space between ~ and /. It's supposed to be

rm -rf ~ /

... otherwise you won't get all the content! If you want to make it machine-wide, remember to do a su first.

Re:This drive by thingy everyone is talking about

[sorak]

well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.

don't worry. I hear WINE is adding support for that.

Re:This drive by thingy everyone is talking about

[Thud457]

Here's a cool story for ya, bro:

So, my laptop is dual-boot Ubuntu & Windows XP. I pretty much never boot XP anymore.
At one point, I installed Wine and was using it to run some stuff from the Windows partition. Then I got bored with that and stopped using. Didn't uninstall Wine. Because hey, I might want it again some day.


So, I'm also a big Progressquest player. (Level 54 bastard lunatic eelman) One day, I notice they've finally got a package for progressquest for Ubuntu, which I promptly install and run.
Later on, after weeks of running progressquest "under ubuntu", I start noticing some strange behavior when visiting some strange sites, (yea, probably pr0n). WTF?!

The rest of the story -- one of the dependencies of the Progress Quest package Wine.
(Ok, so that wasn't the source of the problem, Wine was. That just led me to investigate WTF was going on).

Computers are a dying breed

This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use. Few people *really* need a 'real' computer when a small "device" will do everything they need.

Re:Computers are a dying breed

[MichaelSmith]

Thats true. She is mainly interested in "passive" content. She loves the Bureau of Meteorology site for example because she loves to garden, but needs to correlate her gardening with the weather. I set up an RSS feed reader with links to blogs such as boingboing, and news sites, but she is not so interested in those. A tablet would be fine but we are kidding ourselves if we think malware is going to just go away.

Re:Computers are a dying breed

An iPad (and smartphone, for that matter) is still a computer. It is still running software that was written by humans and potentially has bugs that could lead to vulnerabilities. To think otherwise is simply wishful thinking.

Re:Computers are a dying breed

[AtomicJake]

This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use. Few people *really* need a 'real' computer when a small "device" will do everything they need.

Unless you want to access something that Steve Jobs does not want you to access (wait until iSomeThing will block wikileaks, porn sites, piracy sites, or just the wrong download site).

Who bares the cost?

[Required+Snark]

This will never change as long as the companies that failed, MSN and Google, don't really bare the cost of their failure. Yes, they're really really sorry, but mostly because they lost some revenue. They couldn't care less about what happens to the end users.

If they had to pay real money proportional to the amount of damages the situation would be completely different. Estimate them number of visits to poisoned web sites, multiply that by the amount of time required to check for and fix damage, multiply that by a real per hour rate for someone to check all the machines, triple the dollar amount for punitive damages and present them with the bill. If this would happen one time I guarantee that neither Google or MSN would ever let this kind of problem happen again.

The same goes for Gawker loosing all those passwords and emails. So it puts them out of business. So what. Someone else will be glad to take their place. Good riddance to the fools who think that security is an unnecessary cost.

Put lame car analogy about exploding tires/engines/electronics here.

Adblock doesn't always work

That's why I run all my websites without scripts calling ads and calling all ads as images from the server its self. Users like you would have to block all gif files, and if you do that the sites are essentially useless (no navigation, etc.). If you don't want to at least view ads on my sites, I don't need your taking up my server bandwidth. I pull in 6 figures a year and the last thing I'm worried about, having had sites online since 1996, is loosing traffic of people using noscript and/or adblock.

Re:Adblock doesn't always work

Ad blocking tools are much more sophisticated now. You can block an image (or a whole subset of the page) based on its position in the HTML structure. Plus, the browser may be downloading the ads and chewing up your bandwidth but never showing them to the user and you wouldn't be able to tell.

Re:Adblock is not that great a protection on its o

Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit?

It's about risk mitigation, not necessarily risk elimination. Suppose website X has content I'm interested in, and iframes to three ads I don't care about. That's 4 risk exposures. If I allow X but not the three ads, then then I have reduced my risk from 4 exposures to 1 without sacrificing the content of X. It's not perfect, but it's better. To eliminate the risk, I would have to sacrifice X itself, but I choose to accept that risk.

Note, also, that allowing ad servers is riskier than allowing content servers. Content servers can host malware in two major ways: compromise of the site, or cross-site scripting and related attacks. Ad networks are subject to hosting malware via the same methods as content servers, but they also deliberately accept code from third parties that might be untrusted. That's a different vector which historically has much higher incidence of hosted malware than content sites.

[Posting AC because I used mod points. -- morty]

What I use. Is there more?

MSE + Chrome Incognito + Facebook Disconnect + Ghostery + Analytics Opt-Out + AdBlock

Re:Adblock is not that great a protection on its o

[rtfa-troll]

To expand on this; the job of an ad agency is to put you in touch with many groups who normally you wouldn't be in touch with. Preferably even groups who you wouldn't want to be in touch with. There's a differece between going to a place you trust which might be compromised and a bunch of such places having the chance to pay to get in touch with you.

bluh

This is why I use Adblock Plus. :/
Glad a friend of mine told me about it. Not like I've been to a lot of Doubleclick or MSN webpages recently... if at all.

How is this News?

[_KiTA_]

How is this news? 90% of the Spyware I see comes from banner ads that redirect to malware.

Pick your poison:

1. Ad redirects upon load to Malware
2. Ad appears normal, redirects after X seconds to Malware
3. Ad appears normal, then redirects to Malware upon closure
4. Ad redirects to Malware upon specific click event (mouseover, clicking something in the page, etc)

Where Malware in this instance is 99% of the time a PDF exploit. And since Flash lacks basic security measures (such as, say, an option to refuse to run scripts in SWF files, or to refuse to open URLs without you clicking through, or...) well, you're screwed.

The solution is simple: Block Adobe products and cheap knockoffs (like Silverlight) from your machine outright.

This goes to show you

[Khyber]

The only 'safe' way to serve ads is from your own databases, after having thoroughly checked the ads to be displayed for any malicious behavior.

As I stated yesterday, and got modded troll for; you can only be the provider yourself. You cannot trust anybody else. You must act as the filter or else you will hurt your customer base.

Re:This goes to show you

[Khyber]

To add, this same statement holds true to my LED business. If I do not serve as the filter for all the marketing bullshit, I end up losing sales even though I never sold anything, because the potential customer base has become jaded and distrustful, either from personal experience with sham lights or through hearing about stories from other users about said sham lights.

There is no other way around this, it is a fact and cannot be changed. It is logical, and anyone that ignores it, especially content distribution networks, are going to suffer.

Re:Adblock is not that great a protection on its o

[maxwell+demon]

It's annoying because you recognise that the pages often need scripts from sites you actually don't want to enable (e.g. more and more pages need googleapis, even pages where it's absolutely pointless).

Re:Adblock is not that great a protection on its o

Per what? No need to thank me, it's my job.
--
In case of emergency, dial 1-911-GRAMMAR

Block ads!

[xenobyte]

I started blocking ads when they started blocking me or my use of webpages.

Static banner ads were okay, but as soon as they started blinking, jumping, making noise, popping up or sliding in front, they were unacceptable and had to go. It's a simple as that.

Using Adblock Plus with NoScript have made sure I've yet to experience my first ad-borne infection.

I always wondered that acquisition

At the time Google bought DoubleClick, Google owned the advertisement network with the best reputation (Goolge AdWords/AdSense. Relevant, not-very-annoying text ads) and DoubleClick had perhaps the worst reputation (horrible flash banners, etc.) of them all. I couldn't understand why Google would buy that. Then again, these days Google is pretty horrible towards Ad publishers (closing or freezing accounts without offering any explanation, etc... If you aren't a big name, expect to get buttfucked by Google) while DoubleClick is decent-ish (they should really send their lawyers after dishonest advertisers more... But arguably that's the publisher's responsibility). So doubleclick screws the users but is good for the publishers, Google screws the publishers but is good for the users, both are pretty fine for advertisers. I guess it works out.

(Disclaimer: I work for an agency that does - among other internet related things - SEO, internet advertising and the like. I'm obviously not in any way assosciated with either of the companies unless you count the fact that we hold a number of Google certificates...)

No no, MSN is right on the ball

[SmallFurryCreature]

MS for the security holes, MSN for the exploits. One stop shopping! We have you rooted the fastest! Where do you want someone to make you go today!

Re:No no, MSN is right on the ball

[NewbieProgrammerMan]

Microsoft's new slogan appears to be, "Be What's Next," which seems to fit pretty well, too.

Why should this surprise anyone?

[wierd_w]

Personally, I'd be surprised at the discovery of an ad serving network that DIDN'T serve malware on the side.

I have never understood why advert networks allow their "Partners" to cross-load javascript, and other scripted media objects. If the advert requires a "phone home" script, then it should have that script hosted, and vetted by the advert network they are partnered with, rather than playing a shell game of spot the malware.

Any advert that tries to hot-load a javascript or other scripted media object should be immediately rejected. (it should be pretty trivial to catch such hot-loading attempts with a submission filter, same with loading PDFs, etc. Likewise the use of obfuscated javascript techniques should auto reject.)

There really is no reason for this, other than that the ad networks themselves dont trust EACH OTHER. (EG, they dont want their partners to get their 'oh so important' metrics data instead of them-- or rather, they want to get that data directly themselves, and dont trust their partners to give it to them quickly enough, or accurately. [the potential for the ad-host to screw over the ad-producer over faulty serving metrics would be outstanding if the ad producer had to rely on metrics recorded exclusively by the ad-host, but fuck them.])

Internet advertising is one of the few things about the modern internet that could actually stand to have a little multinational regulation imposed on it. (And then, purely technical regulations intended to greatly frustrate malware distribution, and nothing else.)

Ubuntu is the same as using a taxi

[SmallFurryCreature]

Yes a taxi is a car but you don't need a license to use one.

In the same tone: OSX is like using a chauffeur driving limo (but a male chauffeur since, well... you are gay)

BSD is like driving a bike through rain and wind because you damn well will be independent of those oil companies, then have everything delivered through your home with gass guzzling van's.

OS2 is like running that CV2, the ugly duckling BUT the cheapest car to do Paris-Dakar!

DOS is like riding the wheel from the B.C. cartoon.

Windows? That is like riding a nice posh car, in the trunk while the MS mafia is driving you towards whereever they damn well want to take you.

There you are, the ULTIMATE car anology.

Re:Ubuntu is the same as using a taxi

[MichaelSmith]

I think thats a 2CV.

Re:Ubuntu is the same as using a taxi

[DamonHD]

Thanks for the gratuitous rude stereotyping.

Damon

Re:Ubuntu is the same as using a taxi

[drinkypoo]

Looks like you told him.

Signed, a douche who doesn't understand signatures. Wait, that's you.

WTF?

Funny how supposedly "smart" people here are so desperate to believe whatever spin a random marketing droid/ad executive spews out just because they're employed by Google. Ofcource it must be because Google at its core is an open source company. Afterall Google search, maps, youtube, gmail and other 'money-making' products are open source. Yeah, that must be it.

Adblock Plus

and NoScript. Problem solved.

This is why we need to go back to....

[toygeek]

88x31 and 468x60 animated GIF's.

I'm going to implement ad blocking at the router level at my house....

One letter away

I would have guessed AIDShuffle.com.

GPCode virus

[ub3r+n3u7r4l1st]

No wonder I saw a spike of GPcode infections at my workplace last week.....

Physician, Thy Self.

[westlake]

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

The doctor is licensed. The accountant. The lawyer. The mechanical engineer.

Each are held to standards of professional competence and integrity.

But not the programmer. Not the geek.

Re:Physician, Thy Self.

[mcgrew]

Incompetent doctors, lawyers, and accountants can really screw your life up. Incompetent programmers and geeks can't.

Re:First post

Whoosh

Ipads are a dying breed

[mjwx]

This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use

You forget that we tried this before, many times and each time the general purpose computer won out because...

A large number of people only use 10% of their computers but it's never the same 10%. People require different things and it's always been cheaper and easier to do it with a "jack of all trades" device then try to flood the market with 100 different devices and OS's that never meet that 10% exactly.

Trying to tell me that computers will be made safer by taking away their function is like trying to tell me that cars can be made safer by removing their ability to turn right (we drive on the left hand side of the road here). In theory this does make our roads safer by stopping people from crossing over oncoming traffic but in practice all you end up with is most people doing dodgy manoeuvres to turn right when they need to. This is why most people jailbreak their iDevice, because it can't do what they need it to.

So the Ipad is doomed, either by a more functional tablet or lack of actual need for a tablet. Neither will it be safe with a large majority willing to open up security holes just to do what they want with it.

Re:Ipads are a dying breed

[mcgrew]

BadAnalogyGuy, is that you?

Trying to tell me that computers will be made safer by taking away their function is like trying to tell me that cars can be made safer by removing their ability to turn right

It's more like making cars sound an alarm if the seat belt's unbuckled. Yes, some people jailbreak this feature.

Re:I've seen stuff coming from MSN for quite somet

They don't, traffickers rarely posses more than a basic understanding of HTML.

Tell me again why I shouldn't block ads.

[John+Hasler]

n/t

Re:I've seen stuff coming from MSN for quite somet

[mlts]

One of my honeypot VMs I use for Web browsing got hit by that when I was visiting a top named site.

In my experience, now that a lot of users are not just running executables willy-nilly, compromised ad networks serving up malicious pages to try to compromise browsers or add-ons is the #1 threat in my book.

To drive the point home, I use AdBlock on the main machine I use for Web browsing. I have yet to see a single script related to PC Antivirus. In reality, AdBlock provides more protection than most AV utilities, because once the Web browser is compromised, most AV utilities are completely useless in detecting and stopping that.

Locked down only to the end user....

This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use. Few people *really* need a 'real' computer when a small "device" will do everything they need.

Such "locked down in a walled garden" devices will prove to be only locked down to the end user. The hackers and other various internet evil-doers will be able to pwn these devices eventually. but the end users, even the moderately tech-savvy ones will prohibited from doing anything about it either.

Suckers!

[Lilith's+Heart-shape]

I have no sympathy for the suckers who got nailed by malware served by ad networks. Shit like this is why I block all ads and refuse javascript from sites I don't trust.

Huh?

[phorm]

Except that the iDevice walled garden has been broken already, and some of the newer exploits are actually browser-based. In many cases they're used as an easy way to jailbreak, but could likely be used for malware as well.

"Walled gardens" are not immune to exploits. They may have extra layers of protections, but an initial exploit followed with a privilege-escalation bump and they're done for. They may also be harder to "clean" in that regard as well.

On top of that, there's also the issue of data-protection and malicious apps. It's not like Apple-et-al actually goes line-by-line through the code of every app, and there have already been malicious apps in the iPhone Store, Android store, etc. IMHO blackberry seems to do the best at dealing with this as it asks *when an app tries to do something* whether to permit it (no, just now, or forever).

The scary thing about smart-devices and the "walled garden" is the path to obsolescence. iPhones are a bit better in the "keeps on trucking" aspect of things, but there are *plenty* of Android-based devices that will never see a current-gen OS and may be harbouring unpatched vulnerabilities.

Re:Block Doubleclick and MSN ads at firewall

All ad servers should be blocked from getting into a business unless there is a need to see them. Waste of bandwidth.

Ad blocking is the wrong approach!

[GameboyRMH]

Strictly from a security standpoint, before I get into any moral arguments, Ad blocking is wrong, Script and Flash blocking is the way to do it. Blocking ads instead of scripts & Flash is like having your airport security block brown people instead of terrorists. It's ineffective and - now I'm getting into moral stuff - harmful.

Say you allow ads on Slashdot.org, and their ad provider is carrying an ad with a malicious script which you run across on your Windows work machine (of course Linux viruses are theoretically possible and there have been a few in the past, but I'm being realistic here). Say it exploits a Flash (or possibly even Firefox) zero-day vulnerability, whoops you're pwned!

At the same time, the sites you browse regularly and would probably like to support are no longer getting those fractions of a penny from you viewing ads.

Now say you block scripts and flash. No Flash object loads without your permission, so you get no Flash-powered ads (they're too resource-hungry anyways). But most sites don't use those and you're still seeing their ads, although the scripts in them won't run, but sites usually still get paid for this. You can browse Slashdot while allowing ads that don't require JS/Java or Flash. They're harmless JPEGs, GIFs or text ads.

By doing this you're also voting with your eyeballs by blocking annoying, intrusive or resource-hungry ads, while allowing benign ads. This is good.

Re:Ad blocking is the wrong approach!

[Matt+Perry]

Although I agree with blocking flash, and do so by default, blocking scripts renders many sites unusable. It's too much manual work to whitelist each site by hand. AdBlock Plus is the only content and scripting blocking plug-in with a whitelist subscription that I have found. I enable it and it works without my intervention. That's how computers should function. They do the work so that I don't have to.

As for supporting sites, it's not my responsibility to make a company's business model work. Here in the US there is no guarantee for a business' success and citizens are not required to patronize companies to keep them operational. Any company is free to refuse me service if they choose. I am also free to do as I wish with the product once I have it. I've taken a copy of the local free paper only to read one article and then throw it away. I choose what I want to read and read only that.

Likewise, I choose what content I want my browser to load. Just because a site offers more data to me doesn't mean that I am compelled to download it. If a web site operator doesn't like that, they are free to not serve me. I will go elsewhere. I won't let other people dictate to me how I use my computer.

I think many web sites would find more success in providing additional content for subscribers. LWN.net seems to do well with this model.

Re:Ad blocking is the wrong approach!

[Matt+Perry]

I forgot to add that I don't think that Flash blocking will be a long term solution. With the push to replace Flash with HTML 5 it won't be possible to block a single type of object to prevent annoyance and infection.

Re:Ad blocking is the wrong approach!

[swb]

Blocking ads instead of scripts & Flash is like having your airport security block brown people instead of terrorists. It's ineffective and - now I'm getting into moral stuff - harmful.

You are getting moral and ignoring facts. How many cases of terrorism have been implemented in the U.S. or elsewhere that did not involve "brown" people? AFAIK, it has been exclusively "brown" people in the US and elsewhere.

I'd agree that as an absolute measure of security, racial profiling doesn't work, but in the case of Islamic extremism it would be extremely effective even on its own. There's some question as to whether it would contribute to racial hostility, but in my mind that's a reasonable trade-off versus treating all people like common criminals when they are not remotely part of the group staging attacks.

Re:Ad blocking is the wrong approach!

[GameboyRMH]

I was hoping my example wouldn't turn into an off-topic discussion on racial profiling, as it was merely an example of how ads != dangerous content even if the second, relatively microscopic group consists of a majority (or at least a sizable fraction) of the first, just like brown people and terrorists.

Now since you wish airport security would just leave all the nice white people alone and focus on them darn a-rab Muslims, here are some white people who could have killed you, or may do so in the future:

Richard Reid
Ted Kaczinski (Unabomber)
Joe Stack
Timothy McVeigh, and every other member of any US right-wing militia group, such as the Hutaree.

And these are only groups that have posed a threat in the US. Outside of the US you have the IRA, Black Widows, and many other groups of mostly non-Muslim whitish people. These are all just off the top of my head, pull yourself away from Fox News for a minute and do a little research, and maybe you'll stop being a racist fucktard.

Re:Ad blocking is the wrong approach!

[swb]

Richard Reid is non-white and attempted to bomb a passenger airplane in pursuit of al-Qaeda's Islamist agenda; racial profiling may likely have uncovered him.

Of the remaining domestic terrorists individually listed, all are white but none of their terrorist actions required them to go through any kind of screening at all, rendering any debate about the utility of racial profiling moot in these cases unless you would advocate security screening for posting packages, renting trucks and buying fertilizer, or flying small aircraft.

I will note that you include "...every other member of any US right-wing militia group, such as the Hutaree" which is either political profiling or likely a case of implied racial profiling, which is unusual considering your opposition to profiling.

I will also note that none of the Hutaree have been convicted of any crimes and despite the protests of the prosecution in their cases, a Federal judge has released all of them without bail, saying the government has failed to demonstrate that they pose any threat.

Your other wide-ranging list of evil white terrorists? The IRA was involved in a political dispute over territory in Ireland and for the last 20 years has been more interested in extortion, loan sharking and drug dealing than anything remotely resembling international terrorism, and even when most active as a terrorist organization they were almost exclusively focused on a specific regional conflict, not terrorism directed generally at Western populations.

The same is true of the other "white" terrorist organizations -- ETA, FLNC, etc are exclusively in conflict over regional political autonomy, not engaged in a broader conflict with Western society nor do they generally target the public as a whole by trying to bomb passenger airliners or fly them into buildings.

Re:Ad blocking is the wrong approach!

[GameboyRMH]

I will note that you include "...every other member of any US right-wing militia group, such as the Hutaree" which is either political profiling or likely a case of implied racial profiling, which is unusual considering your opposition to profiling.

US right-wing militia groups usually have some white supremacy aspect to them and are all-white, although I'll admit it's totally possible to have a US right-wing militia group that accepts non-white members.

So now you're saying that strictly in terms of flying airliners into buildings, all terrorists have been middle-eastern and Muslim. That's true. But that's what, 5 people? You're going to profile against a large chunk of the human population because less than a van-full of people the same color as them flew airliners into buildings on one occasion? And what happens when they just recruit a white guy who successfully carries out an attack (say he carries a powerful bomb on board and sets it off with no suspicious prior activity), and 99.999999% of middle easterners were profiled against for nothing? Do you switch to profiling against white people, or just call it a freak accident and make no changes?

Re:Ad blocking is the wrong approach!

[GameboyRMH]

Oh here's a fresh piece of news you might also find interesting:

http://www.telegraph.co.uk/news/worldnews/asia/pakistan/8204958/Drone-kills-white-al-Qaeda-pair-in-Pakistan-mountains.html

Re:Ad blocking is the wrong approach!

[swb]

Missing from this discussion is the scope of "profiling" -- I would not advocate stopping people on the street based on their race or religion, but that's because I'm opposed to stopping people on the street if they have not committed a crime. I'm referring most specifically to security checks at airports, where we have developed a ridiculous security regime that inefficiently wastes resource on the majority of travelers who are not participants in a war against Western society.

While "5 people" (I think it was closer to 12 people, 3 per flight, 4 flights on 9/11 -- two that downed the Twin Towers, one that went into the Pentagon, and the other that went down in Pennsylvania) may have crashed those planes, what's missing here is the question: "What is the nature of this conflict?"

This conflict is very nearly exclusively a war between Middle Eastern Islamic actors on one side and predominately white Western populations on the other. I'll grant there have been aberrations -- the odd white Westerner who has converted to Islam, like John Walker Lindh, but even in that case he joined the Taliban and was captured in Afghanistan, not attempting terrorist acts against the West in the West.

But I think those ARE aberrations, especially statistically and sociologically, and that profiling the population most likely and historically most associated with terrorist acts only makes sense. Obviously it would be no security if this is ALL we did, but I think it would be a far better use of our resources to intensively scrutinize non-white Muslims traveling on airplanes.

And it doesn't have to be torture in closed rooms -- it could be as simple as answering questions from a trained person prior to leaving airport security and heading to a boarding gate, more intensive imaging of luggage than given the 'non-threat' population.

If, and when, 50-something white women from the Midwest start bombing planes we can alter our strategy, but thus far that hasn't happened and the causes, beliefs and practices of Middle Eastern Islamists seem unlikely to find support among Whites of a Judeo-Christian background in the near future.

I think the US Government and the media have gone to great lengths to make these conflicts about abstract issues with easy good/bad guys ("terrorists") while glossing over the obvious nature of the conflict (largely, radical Arab Muslims angry at the West) and I think it has warped our view of the conflict and made us believe that there are legions of White Islamists in our own back yards.

As for white radicals accepting non-whites, from what I've seen, I'd say the majority of white groups generally aren't "supremacists", they seem to have more generally adopted a separatist philosophy. IIRC, there was even a meeting between a white power group and the Nation of Islam where they both agreed they wanted seperate, racially segregated homelands. But by and large, these groups aren't really to be taken seriously and are generally more closely associated with prison gangs and low-level criminality than serious political advocates.

Re:Ad blocking is the wrong approach!

[GameboyRMH]

The problem here is that by focusing on middle-easterners at airports, you create a vulnerability - they don't check white people so thoroughly. This causes the enemy to change their tactics and makes the whole thing useless - it's the same reason AV vendors don't only scan files handled by IE, Flash, Java RE and Adobe Reader. They could save system resources and pay more attention to the more likely threats, but it's just a speedbump, the threat will change and damage will be done when it does.

A middle-eastern-looking Muslim terrorist could just change their appearance - if he shaves his beard and spikes and dyes his hair and speaks good English, is he middle-eastern or a surfer dude? Some recent UK terrorists were born and raised in the UK, if they change their appearance years ahead there would be nothing on their passports to trigger your profiling system. How do you tell who's middle-eastern or Muslim, and who makes the call? I look sort of middle eastern but I've never been to that part of the planet and I'm not a Muslim at all, will I get the security focus while a less-middle-eastern-looking terrorist, or the rare white terrorist slips through the easy screening? Will they go after the terrorist who's given himself a makeover and is dressed like a hipster instead of the family in the burkhas and turbans speaking poor English?

And what about other races? There's been an airplane bombing attempt by a black guy and there are plenty of black Muslims. How will black + Muslim trigger the system vs. white + Muslim? This raises the question again of how you know if someone is a Muslim at all.

All this is ignoring the massive political and societal damage of racial profiling, but you already said you're OK with that so I've avoided the topic.

You're welcome to disprove ANY of this gmhowell

"Oh no, between you and the AC, you've mentioned HOSTS files twice. If you mention them a third time, the apk troll shows up, like a techno Candyman with Tourette's." - by gmhowell (26755) on Monday December 13, @01:47AM (#34532348) Homepage

You can ad hominem attack me gmhowell, but it never stands up very well vs. this list of points below in favor of HOSTS files, and certainly in the case of blocking ad banners (which I block them, good or bad, because of this list of ad banners that were shown in the past as doing what's happening in this current thread of malware being inside the code for ad banners):

HACKERS USE ADBANNERS ON MAJOR SITES TO HIJACK YOUR SYSTEM -> http://www.wired.com/techbiz/media/news/2007/11/doubleclick

THE NEXT AD YOU CLICK MAY BE A VIRUS -> http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

NY TIMES INFECTED WITH MALWARE ADBANNER -> http://news.slashdot.org/article.pl?sid=09/09/13/2346229

MICROSOFT HIT BY MALWARES IN ADBANNERS -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm

ADBANNERS SLOW DOWN THE WEB -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218

For just SOME examples of how HOSTS can stop that (by blocking out KNOWN BAD SITES/SERVERS/HOSTS-DOMAIN NAMES, and yes, even blocking adbanners as shown below in my list of points in favor of HOSTS files).

So - You're once again MORE THAN WELCOME to disprove the list of points in favor of HOSTS files below, point-by-point where you see fit and especially vs. them all if you can, especially over AdBlock alone, or (since hosts does things adblock just cannot do that improve your online experience in both speed &/or security), over DNS servers alone (because HOSTS overcome weaknesses in DNS, as noted below, on many points):

---

18++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, a

Re:You're welcome to disprove ANY of this gmhowell

I have just one question:

Did your hosts file have adshufffle.com listed in it before you read this story? No? Hmm.

What is needed is to completely disable DNS and use hosts for everything after establishing the correct address for each site you actually visit. Rather than try to block the millions of sites out there, permit only the hundreds or so you actually use.

Re:You're welcome to disprove ANY of this gmhowell

[gmhowell]

I'm not ad hominem attacking you. I'm not trying to refute your points. I don't in any way, shape, or form have any desire to attempt rational discourse with you. I saw an opportunity to troll you and get you out of the woodwork. I saw a way to waste some of your time in a manner that I find amusing. Score: gmhowell 1; apk 0.

BTW, loved you in Family Ties. How is that Parkinson's going for you?

News to you.

[rickb928]

But this is not new or news, unless you've been surfing along in that state of bliss^H^H^H^H^Hoblivion most do.

I visit a few somewhat unsavory sites, mostly celebrity news sites (no, not the celeb pr0n sites, but my protests fall on deaf ears I know) and the occasional programming-on-the-edge blogs, and these will take ads from most anyone. For at least two years I've been sending the admins specific reports of malware-laden ad postings, and until the past 9 months or so all I got was silence or the rare "didn't happen" or "not MY Site, a-h@le" response. Yup, some of them figure I have the time to write up false URLs and make fake screenshots... Sure, and I'm poor cause I'm smart, too.

Since then, all of these sites have gone from ignoring or denying my reports to terse "thanks" or "shouldn't see that any more".

My least terse comments, from a celeb photo site, seem to show that the owner and admin has finally figured out that some of the ad networks they are doing business with are not vetting their customers. In particular, I reported a nasty piece from Doubleclick, and after a week, got confirmation that my report was accurate. Most disappointing was that one ad I reported seemed to be for a Fortune 50 company, but now we know that some of these malware-ads are totally fake, taking the ad copy and source for a legitimate ad and sprinkling it with nasty dust. Both I and the site owners are hoping that these legitimate companies will take note and go after the bad boys.

Neither the site owners nor I actually expect the ad networks to stop this. The money is too good, actually checking the ad code is too laborious, and apparently their virus checkers are worse than mine.

At home, I'm still running all my anti-stuff on all my machines. My wife sometimes asks me what an alarm means, and I point out the warning message. She usually responds "but honey, it's Facebook..." and I assure her the warning is real. Somtimes she says 'But I got this from blablabla site, they aren't dangerous", and I get to tell her it was probably an ad, not the actual site. She gets a little miffed, but hey, it's cute and now it's entertaining for me. Until they get through, then it's re-imaging time.

I'm looking forward to fully virtualized systems and near-instant recovery. Until then, it' an arms race.

But I'm still innocently believing that the major ad networks are unwitting victims here, and that they don't have a few sales types taking money to turn a blind eye and knowingly sell to miscreants. And yes, there is little difference between selling ads for 'V1@5^' and selling ads for botware, but there is a difference. Can we puth them both out of business? Doubt it.

I didn't post that one this time though Kalriath

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34534170

So, you can answer there, Kalriath (as regards point on HOSTS files you do not like from my list of them there) - I didn't post that list that time here in this thread here http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532574 , however, someone did copy one of my older posts on HOSTS from this site, and pasted it in as an AC reply... and the updated model is above - besides: You can tell it's not me, because it lacks the BOLDING for emphasis I typically use in my posts...)

However - There above in the 1st URL I posted which is the updated model of my 18++ points in favor of HOSTS files?

I cover your point on proxies (which NOT everyone uses, and anonymous proxies online for instance? Generally tend to SLOW YOU DOWN, badly, & I cover that much in that URL above as well - as far as internal LAN/WAN proxies too? They also slow you up, just not as badly as external ones such as what I note above, but I cover this in the URL above as well...))!

APK

P.S.=> So, Good luck, you'll need it in disproving the points in my list in favor of HOSTS files... Especially as you've tried that before & failed BADLY, here, on that very same note in the past as you've attempted to "troll me" on HOSTS files usage -> http://it.slashdot.org/comments.pl?sid=1687452&cid=32632240 and here too on your part, again -> http://it.slashdot.org/comments.pl?sid=1687452&cid=32589278 ... apk

Re:I've seen stuff coming from MSN for quite somet

[fast+turtle]

And this is why I use Noscript in Whitelist only mode plus a very nice hosts file that gets updated regularly from the many online versions.

The funny thing is, I started blocking Doubleclick and other advertisers over 10 years ago while still on dial-up since they caused lots of pages to load very slowly. Put em in the hosts files and suddenly many pages loaded very quickly as they weren't waiting on doubleclick/other advertiser and never changed things.

Clicksor

[punjabisingh]

Clicksor is notorious for these malicious ads. I ran a fairly old site that received tons of traffic. I wanted to use a network other than Adsense, so I picked Clicksor. The advertisers were running all sorts of browser hijacking tricks, from java vulnerabilities to annoying javascript windows to auto-load random pages.

Malware will always attack the EASIEST

Malware will always attack the EASIEST target.

Re:I've seen stuff coming from MSN for quite somet

[Archangel+Michael]

THIS is why class action lawsuits against the offending malware serving companies needs to be instituted, starting at the biggest baddest adware serving companies. If DoubleClick serves Malware, it is their responsibility and they need to be sued into oblivion.

Take the profit out of serving ANYTHING to everyone, and start making it cost money, and you'll see the changes you want.

This is common

[Badmovies]

This happens quite often. Usually, the bad guys are quite sneaky as well. They start a campaign running on the ad network that is served the bad guy's ad server. During the normal week, Monday to Friday, the ads behave and do nothing malicious. Come the weekend, when the ad network has limited staff (or for some networks, only on call support), the bad guys change the ad to serve malicious code. If they make it through the weekend without getting caught, they change the ad back to the normal one before Monday morning.

Sometimes the bad guys will impersonate a reputable company, and they can be quite convincing about it.

The only real way to stop this is to make it so that advertisers cannot change active ads without them being reviewed by the advertising firm. That means ads only being served from the ad network's servers (which will not go over well with all advertisers), more staff to ensure ads are reviewed in a timely fashion, and a number of other changes that everyone needs to adapt to.

A software solution to spot and halt bad ads would be ideal. However, it is difficult for most antivirus/antimalware software to scan the ads for malware, because new stuff pops up all the time.

Adblock is blockable/detectable, HOSTS are not

"Let me add one disadvantage of host files vs. AdBlock/NoScript & Co.:
The host file approach is completely unusable on machines where you have no root/admin access. And even on networks where you have root/admin access, but don't own the network and are not the one responsible for networking, you may get into troubles if you try to change host files." - by maxwell demon (590494) on Monday December 13, @03:51AM (#34532614) Journal

Hmmm, that's nothing that logon scripting cannot "cure" for instance, say via a HOSTS file copy + overwrite on the user's local workstation...

Plus, it's a GOOD IDEA to utilize "layered security harden" your "end points" too!

(Such 'endpoints' as user workstations & even departmental servers, not just using the "crunchy on the outside, soft & chewy on the inside" security measures paradigms).

---

"OTOH, Firefox plugins can be installed at the user level, without a need for root/admin access, and since user-installed plugins only affect the single user (i.e. you), they are much more likely to be accepted.." - by maxwell demon (590494) on Monday December 13, @03:51AM (#34532614) Journal

Firefox plugins problems, are just that - it's one of the 1st things my many points list in favor of HOSTS files covers in fact:

FF plugins are FOR FIREFOX ONLY!

Hosts cover ANY WEBBOUND APP, including external email programs like Outlook Express/FULL OUTLOOK from MS Office too... browser addons, like adblock, don't.

What's used in corporate environs HUGELY, for email (& AD access)? FULL Outlook!

Nice part is, they ALL work together, quite nicely (especially for layered security - I never note NOT to use Adblock for example, just don't use it alone).

See, ADBLOCK CAN BE DETECTED FOR:

See here on that note:

HOSTS files are NOT BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked, proving HOSTS files are a better solution for this because they cannot be blocked & detected for, in that manner), to that websites' users' dismay:

----

http://arstechnica.com/business/news...s-you-love.ars

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

I also list a plethora of other things FF addons like AdBlock cannot do in my initial post here, that HOSTS files can, and what points about HOSTS files "Seal security problems" & other DNS problems, in DNS as well (acting as a great supplement to DNS in fact, especially external DNS servers (not ones in your local LAN/WAN for AD for example)).

You seem to be avoiding those, which only says that the points in my HOSTS file list in favor of HOSTS files is pretty solid!

APK

Re:Adblock is blockable/detectable, HOSTS are not

[maxwell+demon]

Hmmm, that's nothing that logon scripting cannot "cure" for instance, say via a HOSTS file copy + overwrite on the user's local workstation...

You seem to assume root/admin access at the local workstation. Sorry, I don't have that at work. Also you assume that every workstation is only used by one person at a time (i.e. no remote login). Sorry, it doesn't work like this here.

FF plugins are FOR FIREFOX ONLY!

Yes. I'm using FF, therefore it's not an issue.

But let me add another thing NoScript does, and the hosts file cannot do (unless you put much work into it which the NoScript developer(s) already did): Surrogate scripts. Some pages will not work properly if e.g. Google Analytics scripts are blocked. Surrogate scripts fix that problem.

And yet another thing RequestPolicy can do, but host files cannot: Block or not block depending on whether it's the main site you visit. For example, you might want to access facebook, but you don't want the facebook buttons to track you. What do you do? With RequestPolicy it's a no-brainer (indeed it's the default): Disallow other sites from accessing facebook. With hosts you only have the choice of blocking facebook completely, or not blocking it at all, unless you keep editing it (and even then, you may have both facebook and a site including facebook buttons open at the same time; no solution with hosts file).

Also, NoScript can save you from XSS attacks targeting your home router. Hosts files cannot (again unless you want to edit it twice every time you want to access the web interface of your router).

http://arstechnica.com/business/news...s-you-love.ars

That URL is broken. Unfortunately that means I cannot see what technique Ars Technica used. However, the obvious ways I see to block content for people who block ads work quite well also if the ads are blocked through hosts files.

Yes, hosts files can be an effective measure against domains which you definitively never want to access, provided that you are in a position where you can edit them. No, hosts files are not the silver bullet.

Spades

[sexconker]

DoubleClick and MSN?
Let's just call it like it is, please.
Google and Microsoft.

Ok try this (I posted it this time)... apk

Whoever posted my older list of points in favor of HOSTS files above here -> http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532574 originally in this thread wasn't myself (note the lack of BOLDING in it? I use bolds, so you KNOW that's not myself, but someone using my older points in favor of HOSTS files).

NOW?

Well - You, like other "naysayer trolls here" are now welcome to disprove and debunk (good luck, many have tried here) MY 20++ points in the current model of my points in favor of HOSTS files, below (which I did predict would occur here in others trolling me on this, as it always does)

I suspect that's the case, on being trolled on this here, because HOSTS files put a MAJOR DENT into malware makers' heinous machinations vs. end users, as well as webmasters & advertisers' profits (so they HATE hosts files) - that makes my naysayer trolls here probably 1 of those types in fact I suspect.

APK

P.S.=> 20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com
http://www.shadowserver.org/

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).

2 examples thereof in the past I have used, & not

Ad Hominem attacks by trolls = invalid

Ad hominem attacks aren't valid in logical debate, & in attacking myself, rather than the points in my P.S. below?? You're guilty of violating that logical tenet!

"Picking on people on the internet is fun and all, but in cases where mental handicaps are clearly involved you should be more understanding. It's pretty clear that APK is likely quite autistic..." - by Anonymous Coward on Monday December 13, @04:45AM (#34532710)

Well, on THAT note?

You're also welcome to prove to us all that you have a PHD in Psychiatry to your name/credit, as well as a license to practice it professionally on YOUR part, and your years to decades of professional hands-on experience in that field (as well as a professional environs administered examination of myself by you, since you make your "sidewalk surgeon quack" snap prognosis' as you have here, lmao!)

Fact is, this: When I have you reduced to attempting ad hominem attacks &/or nametossing or ssaying I have "mental issues" as you have? That's when I KNOW I have done a great job @ putting you "trolling naysayers" into your place (in the garbage).

APK

P.S.=> Instead of that useless/effete method of trolling using Ad Hominem attacks directed MY way here by yourself?

Try disprove & debunk all of the points in favor of HOSTS files here instead (good luck, many trolls have tried, & failed (a few are even posting here in this very exchange, like Kalriath ( & I showed his failures in the past on that here too in replies to he, lol, no less - to "refresh his memory" on that account)):

20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com
http://www.shadowserver.org/

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

Just in case anyone was still wondering

[Opportunist]

why ads are bad.

Re:Adblock is not that great a protection on its o

But all it takes is one unscrupulous person on the inside, and bam, you're out of luck if there's some mondo compromise exploit to your system.

Adblock is a door, it's not security inside.

Besides, the ad companies and the servers you visit have an incentive to get you to see the ads. If you don't see them, they lose money. So they're going to find ways to deal with the problem should it become prevalent. Right now it's not enough of a problem for them to deal with but at some point the balance may tip.

Re:Adblock is not that great a protection on its o

[Abcd1234]

Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit?

They can, of course.

But a compromised website is just one site. A compromised ad network means thousands, possibly millions of compromised sites.

It's all about risk management. And the risk associated with a compromised ad network is far greater than the risk associated with a single compromised site.

We're dying down here!

[Thud457]

No PayPal is evil because they stole aid for victims of hurricane Katrina contributed by Something Awful members.

adshuffle.com's in my HOSTS & YOU SKIMMED!

"Did your hosts file have adshufffle.com listed in it before you read this story? No?" - by Anonymous Coward on Monday December 13, @12:53PM (#34536048)

Actually, YES, it does... so much for that.

---

"What is needed is to completely disable DNS and use hosts for everything after establishing the correct address for each site you actually visit.?" - by Anonymous Coward on Monday December 13, @12:53PM (#34536048)

Nothing: Your systems' IP stack, by default (in Windows @ least, & I am pretty sure the same holds true for *NIX variants also) LOOKS TO THE HOSTS FILE, FIRST (after local DNS client cache OR diskcache caching of HOSTS),then it refers to other sources like DNS servers, etc....

See here:

http://support.microsoft.com/kb/172218

---

"Rather than try to block the millions of sites out there, permit only the hundreds or so you actually use." - by Anonymous Coward on Monday December 13, @12:53PM (#34536048)

Uhm, I do BOTH!

Fact is, my initial replies here notes it in the list of points I wrote down (up to 20 now in fact in the latest posts)...

I.E.-> That I use BOTH blacklisting of known bad sites/servers (for obvious reasons - I can't get 'burned' by what I cannot touch), & whitelisting of my favorite websites (for more speed, anonymity to a degree vs. DNS request logs & more).

(It appears you "skimmed over" that fact that I list using BOTH 'whitelisting' for more speed (vs. roundtrip inquiry time saved to DNS servers & their problems) & security/anonymity also (vs. DNS request logs)).

APK

P.S.=> The reason I block adbanners (both KNOWN BAD ONES, & even "good ones" (no such thing imo, as they slow you down at the VERY LEAST)):

This article today we're replying to, and these from the past:

HACKERS USE ADBANNERS ON MAJOR SITES TO HIJACK YOUR SYSTEM: -> http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

THE NEXT AD YOU CLICK MAY BE A VIRUS: -> http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

NY TIMES INFECTED WITH MALWARE ADBANNER: -> http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

MICROSOFT HIT BY MALWARES IN ADBANNERS: -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218

apk

Verifying adshufffle.com I used this source

http://hosts-file.net/default.asp?s=adshufffle.com

It's (adshufffle.com) marked as bogus & in the HpHosts blocklist there @ HPHOSTS (see for yourself)...

Yes - it's a KNOWN bad one @ this point & that's 1 of a few sources I use for "verifies" of what does go into my HOSTS file!

So, yes - I have it listed in my custom HOSTS file as a blacklisted domain/host.

APK

P.S.=> I also store adshuFFle.com (2 f's, not 3 like the above one you noted) in my HOSTS file as well, as I noted in my other reply to you, as it serves adbanners, & per this article & this list?

This article today we're replying to, and these from the past:

HACKERS USE ADBANNERS ON MAJOR SITES TO HIJACK YOUR SYSTEM: -> http://www.wired.com/techbiz/media/news/2007/11/doubleclick

THE NEXT AD YOU CLICK MAY BE A VIRUS: -> http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

NY TIMES INFECTED WITH MALWARE ADBANNER: -> http://news.slashdot.org/article.pl?sid=09/09/13/2346229

MICROSOFT HIT BY MALWARES IN ADBANNERS: -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218

I don't trust them, any of them, & they slow me down + track me too? NO thanks! apk

Re:Arstechnica blocks AdBlock URL fixed inside + m

[maxwell+demon]

Where'd I ever state that?

Reading comprehension: failed.
Or, to use your style: Reading comprehension: FAILED!

I wrote: "You seem to assume ..." not "You wrote ..."

I never assumed you did: I noted the use of LOGIN SCRIPTS, & network admins control those

Which means that if you are no network admin (which was the scenario I was talking about), you cannot change it. Case closed.

If any of the users on these multiple user workstations you noted above use Outlook Express OR Full OUTLOOK from MS Office (or even other 3rd party email programs), OR Internet Explorer (which IS there by default on Windows for example)?

No Windows here :-) Anyway, I'm just a normal user here, so I can't change the hosts file anyway. Which is just what I originally said: If you are no admin, you cannot change the hosts file, period. So you have to decide:

Either, you continue to claim that I'm wrong. In that case, you should find a place where I'm wrong.

Or you admit that I wasn't wrong. Which is probably the simplest. :-)

Or you continue to argue about straw men which I was never talking about.

(My guess is that they used some type of javascript + "webbug" type of tracking, but, that's ONLY a guess on my part!)

That's my guess, too (I had hoped for some information about it on the page). However the methods I could think of don't depend on why the content wasn't loaded, but only on that it wasn't loaded. Therefore it wouldn't matter if the content wasn't there because of a hosts file, because of an ad-filtering proxy, or because of Adblock.

(Did you "skim over" that? Apparently so!)

Indeed.

Nuff said on that much, as it was what I wanted to hear you say - THAT HOSTS FILES ARE USEFUL & VALID WAYS OF DOING PROTECTION

No need to shout. I never denied that. I just pointed out that it's not always possible, and that it also has limitations (actually originally I even only pointed out the first; for reasons I don't actually understand that caused you to reply with lots of bold and SHOUTING, and a "solution" which doesn't work exactly in the case I was talking about: no admin rights).

Re:Adblock is not that great a protection on its o

[WuphonsReach]

Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.

It's called limiting your exposure.

Scenario A: Default install, runs every scrap of Flash / JavaScript / Java / Shockwave that it runs across as you browse the web. This might number in the hundreds of sites, or thousands over the course of a month. Only *one* of those sites has to serve up malicious script in order for your PC to be infected.

Scenario B: NoScript/FlashBlock or AdBlock with a whitelist of only 100 sites. You're still pulling in content from hundreds or thousands of sites each moonth, but unless the attacker infects one of the sites in your whitelist, nothing bad happens. So it's still possible to be infected, but you've cut your risk factor by 1-3 orders of magnitude.

Which is generally limited enough that you're not going to see many (if any) infections. Whitelisting works.

No adblocker until now

[slapout]

This weekend I got one of those false alerts from a fake anti-virus program. I'm guessing I got it from one of these ads. I've never run an adblocker before, but I will now if ads going to start infecting me with stuff.

I say the same thing about AdBlock

[KingAlanI]

Noticed that security-software scans became rather less necessary once I discovered the wonders of AdBlockPlus.
I think I started using it for reduction of garden-variety annoyance, but talk about a side benefit!

Re:I've seen stuff coming from MSN for quite somet

[thoromyr]

I monitor the university network where I work and preach FF/AdBlockPlus to anyone who'll listen and even those who won't. The summary implies that the advertising is done through sleight of domain name to confuse the ad network, but that is certainly not always the case. Over the last 12 months we've had an escalating number of systems compromised due to "malicious ads" and it just keeps getting worse.

Antivirus tries to enumerate badness and is doomed to failure. The bad guys pack and modify their products constantly to avoid detection (there is enough money in it to be worth the effort). Heuristics have been promised by AV vendors for the last 20 years (from discussions back on the virus-l mailing list) with no noticeable improvement.

In order of decreasing importance:
  - web browser with adblocker that prevents the advertisements from being fetched
  - keep system and third party software (java, adobe, flash) patched
  - don't login to windows as a user with admin privileges
  - run antivirus

and, if you can manage it, run FF with NoScript in addition to AdBlockPlus. It takes discipline to avoid just temporarily allowing domains which is generally not worth it for users, but for those that NoScript is a good solution then AdBlockPlus is a good backup for when you *do* allow a domain that got their content spiked.

Debit card rules

[KingAlanI]

As far as I understand the relevant US banking rule (is it a new regulation?), you don't get overdraft protection unless you specifically opt into it. The couple accounts I've opened recently (Chase and Citizens), the bankers seemed to explain this clearly, and I was also under the clear impression that, not enabling overdraft protection, the card would be denied.

Shit hasn't *actually* hit the fan [yet? :(], but eh...

Furthermore, some accounts/cards could offer more protection than the legal minimum.

Re:I didn't post that one this time though Kalriat

[Kalriath]

Don't you have anything better to do than follow me around posting bollocks? I wasn't even replying to you (and because of the lack of bold, I already knew that wasn't you ;))

PayPal fees versus CC fees

[KingAlanI]

I wonder if it costs the merchants much more (if any?) to take PayPal instead of the card directly. (I generally fund PayPal payments with one of my cards - in large part for my small handful of cashback)

If the retailer offers the choice of PayPal or using the card directly, I generally just use the card directly.

You overlook logon scripts & UAC + more

"The host file approach is completely unusable on machines where you have no root/admin access" - by maxwell demon (590494) on Monday December 13, @03:51AM (#34532614) Journal

Network admins can implement this easily via logon scripts, I covered this with you in your other posts here already (stay in 1 spot) -> http://tech.slashdot.org/comments.pl?sid=1907528&cid=34537992

That's where you also literally ADMIT you were wrong on 2 points right off the bat in addition to this very one!

As regards UAC, you can do HOSTS files copy/overwrites if you want, but clicking "OK" if you need admin rights to do so on workstations, manually!

(With Linux? Pretty much same! You do a sudo dolphin @ any Linux tty term (I use KDE as my example here) & put in your passwords with the correct rights, & you can do it easily... I do it everyday on KUbuntu 10.10 w/ KDE 4.5x))

APK

P.S.=> That is also where you admitted defeat on 2 points because of skimming on your part, as well as lack of rights (which I cover again here):

You were also wrong saying I never said to use NoScript with HOSTS (In fact, I state the reverse), so quit reading in "BiZzArO WoRld EnGLiSh" already, & where you admitted to not knowing about logon script usages... apk

No bollocks, you admit it wasn't me posting

"Don't you have anything better to do than follow me around posting bollocks?" - by Kalriath (849904) on Monday December 13, @03:47PM (#34538740)

What bollocks? You ADMIT it I am correct in my merely saying to yourself, OR anyone else reading, that I didn't post the +1 Interesting post on HOSTS files wasn't me

(Even though my "impersonator" here was modded up for MY WORDS no less, in favor of HOSTS files - "bonus", yea! lol...).

---

"I wasn't even replying to you (and because of the lack of bold, I already knew that wasn't you?" - by Kalriath (849904) on Monday December 13, @03:47PM (#34538740)

Well, as you can see? Doesn't matter, even IF someone else impersonated me (which they did & you know it, as do I)...

My impersonator using my words? Hey - They still were MODDED UP as +1 INTERESTING...

APK

P.S.=> Albeit, using MY words to get that +1 INTERESTING RATING, & in favor of HOSTS files no less, & a way older model of my "Lord of HOSTS" list than the current one (which now boasts 20++ points in favor of HOSTS files vs. adblock &/or DNS servers alone)... apk

Re:No bollocks, you admit it wasn't me posting

[gmhowell]

How do we know it wasn't you? You don't have an account (a situation you have frequently defended) so one AC is as good as another. If it matters so much, login.

Kalriath & MS have to admit "APK IS RIGHT"?

Kalriath didn't like the beating he took @ my hands regarding HOSTS files before on /. here, as he regularly as you can see, trolls my posts on HOSTS files!

Well, from the past? Here's where I got Kalriath to run away from disproving the numerous points I listed in favor of HOSTS files, and where I got Kalriath to ADMIT THE SAME AS MICROSOFT'S OWN MGT. HAD TO VS. MYSELF ON THE SAME POINTS of MINE on HOSTS FILES!

(Microsoft's own senior mgt. of their "Windows Client Performance Division" in FOREDECKER to admit the same -> That using a smaller file (by using smaller blocking addresses in HOSTS files) will result in BETTER HOSTS FILE PERFORMANCE):

Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32694426 [slashdot.org]

and

Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32632240

APK

P.S.=> That's what this reaction is REALLY about, since he's now caught in the fact Kalriath likes to "troll" my posts on HOSTS files & he had to admit, along with Microsoft's OWN PEOPLE, that I was correct as well vs. his trolling before this post on HOSTS even... apk

Re:I've seen stuff coming from MSN for quite somet

[mlts]

The ideal solution is probably a network appliance using transparent proxying and multiple levels of blacklisting with multiple levels of ad-blocking:

The first level is a whitelist, as a number of websites use third party ad spewers to handle CAPTCHAs.
The second would be an IP level blacklist with an immediate drop of packets, so a connection doesn't hang, but returns unreachable.
The third level would be a database of URLs to remove.
The fourth would be updatable heuristics -- zapping potentially malicious/malformed files in transit, be it .swf files, Java executables, HTML, CSS, or whatever.
The fifth would be heuristics related to the Web site visited. If a user is browsing a mainstream site, it should not be asking for connections to dodgy sites in Elbonia unless the user was clicking on an explicit link.

Of course, none of this is bulletproof, but stopping the ads before they hit the machine will go much farther than the current technique of AV which is intercepting IO calls and scans (neither do nothing against this generation of malware.)

Re:Arstechnica blocks AdBlock URL fixed inside + m

[gmhowell]

...for reasons I don't actually understand that caused you to reply with lots of bold and SHOUTING, and a "solution" which doesn't work exactly in the case I was talking about: no admin rights).

Yeah, there's that Tourette's thing I was talking about...

You also want to block out these domains too

"Did your hosts file have adshufffle.com listed in it before you read this story? No? Hmm" - by Anonymous Coward on Monday December 13, @12:53PM (#34536048)

Again, yes, that one was already in my HOSTS file, & per my subject-line above? Even more were, but some were not, & I often use /. OR The Register as sources for even MORE, & I keep more current that way in my HOSTS file... ontop of my reputable & reliable sources I already use, listed in my posts on HOSTS here.

You'll want to add these to yours also vs. this threat in maliciously scripted adbanners that even MICROSOFT has been hit by (2nd time I know of for MS, 1st was here -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm ):

SOURCE: http://blog.armorize.com/2010/12/hdd-plus-malware-spread-through.html

0.0.0.0 acerdse.com
0.0.0.0 blindry.com
0.0.0.0 careepi.com
0.0.0.0 colemuns.com
0.0.0.0 ssmmbb.com
0.0.0.0 feudari.com

Those weren't in my HOSTS file yet, prior to you asking...

---

acerdse.com
blindry.com
searchjewel.org
thjlnqbtgdw.com
pbcplifpgdw.com
rads.msn.com
adshufffle.com (adshuffle.com too, per my other post to you here)

Those were in my HOSTS file already prior to you asking...

APK

P.S.=> There you are... between this post, & my other 2 in reply to you here http://tech.slashdot.org/comments.pl?sid=1907528&cid=34536654 and here also http://tech.slashdot.org/comments.pl?sid=1907528&cid=34536868 ?

Your questions SHOULD be answered, thoroughly... with reputable sources & tools you can use also! apk

No Thanks (Reg'd user=easily tracked) & how? O

See my subject line above, & even Kalriath KNOWS that the 1st post wasn't me, see here:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34539426

He knows my posting style, & he OUGHT TO:

I got Kalriath to admit (in my replies to he, in the 2 urls I posted above in fact) what FOREDECKER, Microsoft senior mgt. for MS' "Windows Client Performance Division" had to, here -> http://slashdot.org/comments.pl?sid=1467692&cid=30384918

(First sentence there says it all for me, he admis to my MAIN point to he in fact, right there, verbatim!)

That was on my points that Windows could be doing the HOSTS file better & more efficiently!

(They USED TO, circa Windows 2000 SP#2 onwards up to VISTA in MS "Patch Tuesday" 12/08/2009 - as that is when they removed the ability to use 0 as a blocking IP address (vs. the larger & slower 127.0.0.1, worst one, & even 0.0.0.0), but Windows 2000 SP #2, XP, Server 2003 still can: ODD!)

Not - it's a design mistake on MS' part, & one they used to do better!

(& I warned them on another from rootkit.com (about kernel hooking being easier to do on the new IP Stack VISTA/Windows Server 2008/Windows 7 have)

APK

P.S.=> That was in addition to pointing that out to them also ontop of HOSTS files issues I found & was correct on, and having them admit I was right as rain!

That point?

Either read the URL with Foredecker

http://slashdot.org/comments.pl?sid=1467692&cid=30384918

(or those 2 url's about Kalriath in posts I made to he)

Both men HAD to admit my points noted above!

Realize that "Less is more" with good engineering many times - Smaller IS better, & it is, with HOSTS files blocking addresses, period, on any hosts file of any size... apk

Adhominem attack off topic replies? Please...

"Yeah, there's that Tourette's thing I was talking about..." - by gmhowell (26755) on Monday December 13, @06:47PM (#34541036) Homepage Journal

Well, I could say you're both bunglers (as are any of my "naysayers" trolling me here), as you cannot solidly disprove ANY of the 20++ points I put out in favor of HOSTS files...

APK

P.S.=> See? Anyone can toss a name, but thing is?? Can you back up your b.s.??? Apparently not, not a single one of you here has vs. the points I put up in favor of HOSTS files (over AdBlock or DNS servers alone) here in its most current form ->

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

As per usual? These are the results as usual:

You trolls LOSE vs. facts, while facts make me come out on top of you trolls, easily, everytime!... Just too, Too, TOO EASY (too ez)... apk

Re:Adhominem attack off topic replies? Please...

[gmhowell]

We trolls win every single time we get you to post.

gmhowell admits to trolling 2x now? Yes!

"I'm not ad hominem attacking you. I'm not trying to refute your points. I don't in any way, shape, or form have any desire to attempt rational discourse with you." - by gmhowell (26755) on Monday December 13, @06:56PM (#34541134) Homepage Journal

You don't possess the intelligence or skill in the computer sciences to do so, and you KNOW it, as do we all here reading "based on your FINE off topic trolling responses" all thru this thread.

---

"I saw an opportunity to troll you and get you out of the woodwork.." - by gmhowell (26755) on Monday December 13, @06:56PM (#34541134) Homepage Journal

Oh, so did I in yourself NOW THAT YOU ADMIT TROLLING ME. I knew "you & yours" couldn't effectively disprove the points in my current HOSTS files benefits list here:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

---

"I saw a way to waste some of your time in a manner that I find amusing." - by gmhowell (26755) on Monday December 13, @06:56PM (#34541134) Homepage Journal

Aha, "the truth comes out" yet again: For the 2nd time now, gmhowell admits to trying to "troll me" here.

Buddy, you couldn't "waste my time" on your BEST day... in fact? As I write this, my HOSTS file processing program is adding another 800 or so known bad sites to my HOSTS file!

---

"Score: gmhowell 1; apk 0." - by gmhowell (26755) on Monday December 13, @06:56PM (#34541134) Homepage Journal

Ahem: The score is More like 20 to ZERO (you being zero), because my 20 points in favor of HOSTS files are still SOLID AS A ROCK as to the gains in speed, security, & yes, even anonymity over adblock &/or DNS servers, and how HOSTS files can make up for BOTH of their bugs &/or deficiencies too!

Again - I didn't see you disprove any of those points here:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

APK

P.S.=>

"BTW, loved you in Family Ties. How is that Parkinson's going for you?.." - by gmhowell (26755) on Monday December 13, @06:56PM (#34541134) Homepage Journal

Wrong "APK", but he's great... apk

Re:gmhowell admits to trolling 2x now? Yes!

[gmhowell]

I never denied trolling you. And the only person I troll under the AC banner is tomhudson.

Re:No Thanks (Reg'd user=easily tracked) & how

[Kalriath]

apk, the bollocks is this whole tirade on how you were supposedly right... 6 months ago. And I'm still uncertain how it is that you think my agreement that large files read slower than small files is some sort of amazing admission of defeat.

Really. I'd agree with twitter if he posted that, and god knows I almost never agree with him.

Let it go already.

Oh, and by the way... just stuck an entry in my hosts file on Windows 7, and Server 2008 (not R2 - so it's the same IP stack as Vista):

0 www.google.com

Wanna take a guess what happens?

You admit to defeat again, good! apk

"apk, the bollocks is this whole tirade on how you were supposedly right... 6 months ago. And I'm still uncertain how it is that you think my agreement that large files read slower than small files is some sort of amazing admission of defeat" - by Kalriath (849904) on Monday December 13, @08:04PM (#34541814)

6 months ago, or 6 yrs. ago, would it matter? You've had to admit I was right... 2x time, this being that 2nd time!

LMAO - So, admitting you had to admit my points on HOSTS files that even senior mgt. from MICROSOFT had to admit I was right on, is "victory" in your eyes?

Get your eyes examined then...

You & Foredecker (MS' senior mgr. for "Windows Client Performance Division" @ MS) said just what you did, first sentence here:

http://slashdot.org/comments.pl?sid=1467692&cid=30384918

That first sentence of admission on his part? That truly WAS my MAIN point (& he conceded I am correct on it, as you did before, & you do now, yet AGAIN!)

(LMAO - Some "victory" on your part (not, far from it!)).

APK

P.S.=>

"Oh, and by the way... just stuck an entry in my hosts file on Windows 7, and Server 2008 (not R2 - so it's the same IP stack as Vista): 0 www.google.com Wanna take a guess what happens?" - by Kalriath (849904) on Monday December 13, @08:04PM (#34541814)

It probably will not work to block it validly, because last time I checked on Windows 7? 0 as a blocking IP address would NOT work...

Afaik? MS has not fixed this yet, afaik @ least - UNLESS YOU SHOW US DIFFERENT NOW that is!

(I'd appreciate knowing it works, because it's smaller & faster + more efficient than what I use now in 0.0.0.0 (yes, that's better than 127.0.0.1, but still not as good as 0 was (& still is, on Windows 2000 SP#2 & beyond, XP, or Windows Server 2003))... apk

Re:You admit to defeat again, good! apk

Fun Fact: I'm a NIGGER

apk

Re:You admit to defeat again, good! apk

[gmhowell]

Looks like genuine apk, if a bit terse.

To the Untrusted list!

[ZeroEpoch]

This post reminded me to add doubleclick.net to my untrusted list in NoScript. How convenient that slashdot.org uses them.

Re:U admit defeat on 2 points & skim+misinterp

[maxwell+demon]

You admit you skimmed over a point on hosts files and the possibility of using them via login/logon scripts...

No. I admitted skimming over your mention of using NoScript in addition to host files. And since I assume you know what you wrote (and even if you have such severe Alzheimer disease that you don't, you could have looked up where the sentence I quoted was in your post), I can only assume that your "misunderstanding" is malicious. Therefore EOD.

You're off-topic & trolling as per usual

"Looks like genuine apk, if a bit terse." - by gmhowell (26755) on Tuesday December 14, @01:52AM (#34543602) Homepage

Trolling & off topic as per usual, we have gmhowell - don't you have anything better to do?

APK

P.S.=> The racial slur post you're replying to? Give me a break, ok?? It's bad enough you trolls don't know enough about the topic @ hand here, but, seeing you all stoop low enough to try to call me names is 1 thing, I expect that from the likes of trolls (ad hominem attacks), but racial slurs??? Sorry, that's where you trolls really make yourselves look poorly... apk

Re:You're off-topic & trolling as per usual

[gmhowell]

I could probably be doing something else, but pulling your strings and getting a reply amuses me.

Grow up you off-topic troll

"Fun Fact: I'm a NIGGER

apk" - by Anonymous Coward on Monday December 13, @08:43PM (#34542114)

See my subject-line above.

APK

P.S.=> Off-topic trolls, they're ALL the same: Once you get them doing their "std. last gasp" of ad hominem attacks, you know you've done a good job (patting myself on the back)... apk

Re:Grow up you off-topic troll

[gmhowell]

Why would I want to disprove anything?

Grow up you off-topic troll

We trolls win every single time we get you to post." - by gmhowell (26755) on Tuesday December 14, @01:53AM (#34543608) Homepage Journal

Doesn't look that way to me: You have to go off-topic, toss names & use other forms of ad hominem attack, rather than disproving any points or facts I brought in my posts for you to do so against.

APK

P.S.=> People like you though? You're a waste of life... apk

gmhowell: Grow up, you off-topic troll.

I never denied trolling you. And the only person I troll under the AC banner is tomhudson." - by gmhowell (26755) on Tuesday December 14, @01:55AM (#34543612) Homepage Journal

Grow up.

APK

Re:gmhowell: Grow up, you off-topic troll.

[gmhowell]

I never denied trolling you. And the only person I troll under the AC banner is tomhudson." - by gmhowell (26755) on Tuesday December 14, @01:55AM (#34543612) Homepage Journal

Grow up.

APK

Kiss, kiss.

The Solution?

[Celestialwolf]

Adblock Plus. Should be a built-in Firefox add-on by default IMO.

You couldn't disprove my list of HOSTS file points

"No. I admitted skimming over your mention of using NoScript in addition to host files." - by maxwell demon (590494) on Tuesday December 14, @04:11AM (#34544086) Journal

You blew it, too bad for you. I also still see that you cannot dispute or disprove any of the points in my list of points in favor of HOSTS files -> http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

(That's all ANYONE here needs to see, period...)

---

"And since I assume you know what you wrote (and even if you have such severe Alzheimer disease that you don't, you could have looked up where the sentence I quoted was in your post), I can only assume that your "misunderstanding" is malicious. Therefore EOD." - by maxwell demon (590494) on Tuesday December 14, @04:11AM (#34544086) Journal

Is that "ad hominem attack" the best you've got? Apparently so...

Too bad my list of points on HOSTS files in the URL above still "stands strong" vs. trollers like yourself, gmhowell (who admitted trolling me here no less, literally) and Kalriath (who also admitted to trolling me here also).

APK

P.S.=> If the best you have are ad hominem attacks & such?

Well, that only tells myself (& others reading here as well) that I did a GREAT JOB, especially when it came to putting you all in your places as trolls... apk

APK

You act like a woman

See subject-line: The way YOU act? It sounds like you're a woman... that's the line of thinking women have!

APK

P.S.=>

"I could probably be doing something else, but pulling your strings and getting a reply amuses me." - by gmhowell (26755) on Tuesday December 14, @06:41PM (#34554476) Homepage Journal

Yes, you could (IF you had the knowledge on computing that's necessary, & it's plain that you don't): You could be saying "what's wrong" w/ my list of 20++ points in favor of HOSTS files here:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

However: It's been SO WELL THOUGHT OUT, that entire flocks of "trolls" like yourself have been reduced to what YOU are doing now: Off-topic stupidity instead... which only means I did a HELL OF A JOB on that list, because the "likes of you" & those BETTER @ COMPUTING THAN YOU, "can't touch this"... apk

R U A homosexual or something? NOT interested here

"Kiss, kiss." - by gmhowell (26755) on Tuesday December 14, @06:55PM (#34554644) Homepage Journal

Look - if you are a homosexual? New NEWS: I'm not, so "f-off"... & you act like a woman (I said that to you in reply to your off-topic trolling here -> http://tech.slashdot.org/comments.pl?sid=1907528&cid=34557024 )

APK

P.S.=> IF you had the knowledge on computing that's necessary, (& it's plain that you don't)?

You could be saying "what's wrong" w/ my list of 20++ points in favor of HOSTS files here:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

However: It's been SO WELL THOUGHT OUT, that entire flocks of "trolls" like yourself have been reduced to what YOU are doing now: Off-topic stupidity instead...

(Which only means I did a HELL OF A JOB on that list, because the "likes of you" & those BETTER @ COMPUTING THAN YOU, "can't touch this")... apk

You don't possess the skills or intelligence

See subject-line: You on your BEST DAY "can't touch this" list of 20++ points in favor of HOSTS files ->

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412 and we ALL know it.

It's been SO WELL THOUGHT OUT, that entire flocks of "trolls" like yourself have failed in trying to, and that's good enough for me: It means I did one HELL OF A GOOD JOB on that list in favor of HOSTS files (vs. Adblock or DNS servers alone)...

APK

P.S.=> Additionally/lastly: Grow up, you off-topic pitiful little troll... you act like a woman! apk

You lack the intelligence & skills to, period

"Why would I want to disprove anything?" - by gmhowell (26755) on Tuesday December 14, @06:42PM (#34554490) Homepage Journal

Correction: On your end? LOL, it's TRULY more like "I am too dull brained to do so" on YOUR part... lmao!

After all: You could be saying "what's wrong" w/ my list of 20++ points in favor of HOSTS files here:

http://tech.slashdot.org/comments.pl?sid=1907528&cid=34535412

HOWEVER - "StRaNgELy EnOuGh" though? You "steer clear" of even TRYING to do that... why is that??

(Not! We all KNOW why - you're not technically competent enough in the computer sciences to do so, period! Your "off-topic trolling" & acting like a woman instead of a man on your part shows us all that much, clearly!)

APK

P.S.=> However: My list of 20++ points in favor of HOSTS files usage above has been SO WELL THOUGHT OUT, that entire flocks of "trolls" like yourself have been reduced to what YOU are doing now: Off-topic stupidity instead...

(Which only means I did a HELL OF A JOB on that list, because the "likes of you" & those BETTER @ COMPUTING THAN YOU, "can't touch this")... apk

irreversibly locked

[DrYak]

the problem I see with iPads is that all users are locked in the garden. That includes the people who only know enough to turn device on and click on the browser, but also locks out the few people who really need access to all capabilities to make crative use of the device.

i pretty much prefer Palm approach to webos (and probably other manufacturers and platform combinations) : out of the box, it's a "pop and mom" compatible walled garden. But an advanced user can type in a command (a command is still required to avoid clueless users doing it by accident but it's well documented), and switch the device into developper mode and do whatever pleases them, like for example installing an alternative application repository.

that's also the model used by linnux distributions which either let you use the default doctored repository or let you instal a 3rd party one. (but they don't child-proof it like webos)

Did you turn off the DNS client cache in Windows?

"YMMV: Spybot hostsfiles and this mvps.org list twice affected my protégées' Windows stability until restored to empty files." - by vlueboy (1799360) on Monday December 13, @05:17PM (#34540036)

Did you turn off the local DNS client caching service as is noted at mvps.org here:

http://www.mvps.org/winhelp2002/hosts.htm

PERTINENT QUOTE/EXCERPT:

---

"Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine.

To resolve this issue (manually) open the "Services Editor"

Start | Run (type) "services.msc" (no quotes)

Scroll down to "DNS Client", Right-click and select: Properties - click Stop

Click the drop-down arrow for "Startup type"

Select: Manual (recommended) or Disabled click
Apply/Ok and restart.

When set to Manual you can see that the above "Service" is not needed (after a little browsing - when set to Manual) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column. There are several Utilities that can reset the DNS Client for you ..."

---

?

With relatively "largish" HOSTS files, you will have to do that.

Smallish HOSTS files (and mvps.org has one, the "optimized model", which imo, is LESS EFFECTIVE, but doesn't need you to turn off the DNS client cache service, shitty though it is) don't need that being done!

(The problem is that the DNS cache client local service in Windows is a "Fixed Size" structure/buffer is why it happens - Linux has NO SUCH PROBLEMS this way, mind you - it's 1 thing I will give LINUX over Windows in fact (some "FYI"))

APK

HOSTS Files.

[thejynxed]

The tool who keeps going on and on about HOSTS files is turning himself into a bad Slashdot-centric meme.

A) HOSTS files are vulnerable to being overwritten.
B) HOSTS files are vulnerable to being overwritten.
C) Only complete idiots rely on just a HOSTS file.