Slashdot Mirror
Android Trojan Found, Spreading From Chinese App Stores
wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices.
"The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."
Posting from my Androi^B^B BUY HERBAL VIAGRA
"When information is power, privacy is freedom" - Jah-Wren Ryel
...no link?
Oh the humanity.
This has to be somebody's fault -- as long as it's not Linus's.
Here's the story on the Lookout Blog.
So beware of downloading things from Chinese websites? That's news? It would be nice if there was a list of what app's this is being packaged with. For those of us actually enjoying the open source aspect of the Android OS, what is this going to tell us? That someone is harvesting data off of your phone? This is nothing new, it describes how half the apps on the Android Market work. This is just telling us that now someone who isn't hiding behind the false curtain of legitimacy is doing it too. Shocking!
proper code signing (and not letting unsigned code run) is important.
An hour later and you're hungry for privacy again.
ANDROID OS allows for the usage of custom HOSTS files, & that's how you stop this botnet from communicating "back to mama" (it's C&C botnet servers):
DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm )
---
1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it
2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)
3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS
---
DONE! Yes, it's THAT simple... &, it works!
APK
P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. this threat!
(However - I don't think the article noted them, & articles of THAT "nature" are poor imo, not detailed enough - it's nice to say "hey, there's a botnet out there" but to not list its servers too? WTF! Thankfully though, the HOSTS file sources I use to populate my custom HOSTS file update every hour on some of them, & around once a day on most, & once a month for the "worst of them"!)
Other /. articles have helped ME this way before (which is WHY I am sort of "disappointed" in the source article here, per my last paragraph in reply just above now):
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500
apk
Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.
This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.
There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.
The last time "sophisticated" was attached to the word malware, a certain Middle East country had problems with its uranium-enrichment program. So what are the chances of this being the mobile version of the Stuxnet worm?
have discovered a sophisticated Trojan targeting Android devices
Apparently the trojan runs entirely in user space, it can't even install another app without getting the user's permission.
The fact that it can send information to another computer is the very definition of a trojan, and sure as hell isn't going to make it a "sophisticated" one.
FROM -> http://blog.mylookout.com/2010/12/geinimi_trojan/
BOTNET SERVERS TO ADD TO YOUR CUSTOM HOSTS FILE FOR ANDROID TO BE IMMUNIZED VS. THIS BOTNET:
---
0.0.0.0 www.widifu.com
0.0.0.0 widifu.com
0.0.0.0 www.udaore.com
0.0.0.0 udaore.com
0.0.0.0 www.frijd.com
0.0.0.0 frijd.com
0.0.0.0 www.islpast.com
0.0.0.0 islpast.com
---
You can thank this fellow, not I -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713892 by AltairDusk (1757788) on Thursday December 30, @02:57PM (#34713892)
Thank him, for my getting those of you interested in protecting yourselves vs. this threat, even on your ANDROID phones, via a CUSTOM HOSTS FILE - because he turned up the sources you need, per my last post here -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
APK
I could almost put money this causing a big problem in the mobile community. Originating from a Chinese mobile app store is one thing from some very tailored application is one thing, but if it's repackaged apps out in the wild for popular (a la pirated, full-version) apps, then it's most definitely going to cripple Android-equipped phone users. Let's be honest, if you can get the app for free, who wouldn't install it? Especially half-wit phone users who have enough technical savvy to go look elsewhere for apps or got that latest 1000-app pack off of Usenet/P2P/Torrent from their buddy.
EWWWW!! It was in the back of the machine shop? And it was covered in WD40? EWWWWW!!1!
.
Prisencolinensinainciusol. Ol Rait!
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
Thanks - specifically for getting me the C&C servers, etc. to block in my HOSTS file on ANDROID (and my PC too) per my earlier posts here on that subject, & how to SECURE YOURSELF vs. this new ANDROID botnet malware etc.:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
&
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34714024
APK
It isn't a virus. It requires user interaction to install, and I'm willing to bet it requires (and seems to be suggested, but not outright stated, in the summary) that the user be engaging in, shall we say, risky behavior? If a user trusts software from such a source, they get what they deserve. A jailbroken iphone isn't any better. It is their hardware, they should be able to do what they want. Though I suppose if their phone starts messing with the network other people use, the telco is perfectly within their duty to deal with it.
But you have to remember that Android is only "Linux" for purposes of market share statistics and whenever some good happens. Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Shame that Android is based on Linux then isn't it?..
Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer. At least, not without becoming another iThing that only allows installation of Jobs-approved software.
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer.
And neither can Windows, yet it is always blamed for someone installing malware on their systems yet when people install Linux malware all these excuses are made about how it's the fault of the user not the system.
You're right, it isn't fair to blame Windows for user-supplied malware.
However, that does not mean Windows is any more secure; not all windows malware is user-supplied.
In Xanadu did Kubla Khan
A stately pleasure dome decree
And neither can Windows, yet it is always blamed for someone installing malware on their systems
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
http://blog.mylookout.com/2010/12/geinimi_trojan/ -- From the myLookout Blog who made the discovery
The Ubuntu Software Center, Android Market, (Mac) App Store, Steam, and Desura are the only legitimate places to get software that I know of. If you go outside of those sources, you're looking at problems. This isn't an Android trojan. This is a pirate trojan.
Even if fanbois from various camps jump with joy/sorrow with the news, I still think that the open model that Android brought to the mobile world will be much more beneficial for everyone (end users, developers, companies, etc.) in the long run, all things considered. People saying that the Apple model is better than Android's are not realizing this.
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem? Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Sure it can, at least a lot more than it does now. It can sandbox all apps by default, automatically check a malware blacklist and elevate permissions for trojans to ones that are useful to malware only when explicitly told to do so by the user, i.e. he goes in and checks the (allow to send mass e-mails) checkbox for that app.
There is a lot that can be done to more tightly secure Linux distros, applying SELinux style permissions universally is good start. The difference is, for normal home use users don't need these improvements yet because the risks are still so small. Linux does a great job of adapting and improving security as it becomes needed because the developers are the users as well so they are very motivated.
So is anti-virus/anti-malware worth installing on an Android phone? Because, yeah, I don't like installing apps that ask for permissions, but it seems like almost every app asks for "Full Internet Access," at least. I can't always tell the good ones from the bad. Would a free anti-malware app help or is it just a waste of time?
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
I don't know and I certainly doubt you do either. But considering how much anecdotal evidence there is to show that people are in large numbers willingly clicking on malware in emails and installing malware from pops to websites, it's not nearly as small as you try to make it out.
which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc),
Sure if you ignore things like DEP, ASLR, etc. Oh and before you try to claim that Linux is so superior in security lets listen to the words of the big winner of Pwn2Own 2009 Charlie Miller:
Q: In Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?
A: No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. The organizers don’t choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.
Oh and let's not forget this good story based on other statements made by him: Charlie Miller: Windows 7 + IE 8 or Chrome provides safest computing experience.
I'm sure he's just a Microsoft shill, though, right?
Well there's a big difference between the 2. The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt", that is a user problem not a security hole. The security holes that are newsworthy are "Joe sixpack was browsing CNN.com and a banner add was able to jump from his browser and take over his system" or "Joe Sixpack was reading a PDF file and his system was taken over" Same as on the android, in this case "Joe sixpack chose to use an unknown provider to download an app, then didn't question why a calculator/screensaver/word processor/game wanted permission to get to his contacts, phone numbers GPS data and internet access etc..., then a week later got a prompt asking to install another program with similarly ludicrious requests". The darn phone tells you point blank exactly what the program can access, it dosn't even have the ability to sneak in more then it tells you it can. If you want to call that a security flaw, then complain to your telephone company that if someone calls you and asks for your credit card number, they might be able to get it if you tell it to them.
Oh and many Linux distros do not come with either SELinux installed or even enabled by default so to try to act like that is common or even remotely universal is a lie.
The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt",
That's funny because there are still constantly stories about people doing exactly that from files in their emails that install worms, trojans, viruses on their computer. Hell, I know someone from a local State Farm branch in Houston that had their entire office infected that way. To claim that this isn't a general case of malware infection is to be completely dishonest.
I hate to sound all "conspiracy theory", but who would create such an virus to control the device?
Chinese government? Apple? Surely they would have the most to gain.
The ... Android Market ... only legitimate places to get software that I know of.
So then what is your excuse for this?
Never said it wasn't a malware infection, it just isn't an operating system flaw that anyone can fairly bash microsoft for. Now in the case of a company in this case, for clicking allow to administrative privilages, that is a flaw of their IT staff for letting non-technical users have administrative rights. I never said that wasn't a general infection, I said it wasn't a windows security hole, short downgrading all systems to an ipad-esque system (which even that has holes in it as anyone who is going to go out of their way to download from an untrusted source would probably be just as willing to follow instructions to jailbreak)
I think you missed mark's point... the fix for this won't be easily deployed for anybody except slashdotters.
Belief? Hope? Preference?The Existential Vortex
yes you can, quite easily, they just didn't do it to make the device easier to use. Simply mount the home directory without the ability to execute and the user can only execute things installed by root.
That is because the Linux security yack-yack is based mostly ON dishonesty. The truth is that story after story comes out about how some server was hacked, or android gets a trojan, or what have you and the whole issue is downplayed. Android isn't REALLY Linux, or server X got hacked because it was using something older (but Linux is inherently secure... so goes the arguement). Lets be honest though. Why does Linux offer stuff like APPArmor if it is so bleeding secure? Because someone, at sometime got pwned, and realized they needed better security and made it happen. Get over trying to point fingers at Windows every time some security problem crops up and then sticking your fingers in your ears and go NO NO NO every time some Linux security problem crops up. Start being fair, and maybe Linux will stop being regarded as the OS of loons and your average Joe Blow might wanna give it a spin. Oh, and Android is either Linux, or it isn't, and that goes for stories good OR bad. So which is it?
Good post. Another thing the OP is wrong about is that Windows does do sandboxing, and it does it by default. IE runs in a sandbox, so does office (to what extent, I'm not sure though), chrome does, and so does the new Adobe Reader X.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
Android is not Windows. App stores / package stores are much less susceptible to malware than each application having its own download/install/update mechanism. Beside that, Android apps play in a sandbox, and if you want to break out of that, you will have to inform the user. Of course, if you install apps using unsigned code from an unverifiable location and ignore all the permissions you have to grant...
This "well crafted" and "sophisticated" thing is attached to pirated games? Who's to say the game companies themselves didn't build and plant these to discourage pirated game use?
If you want news from today, you have to come back tomorrow.
"Ok, that's dynamite, Dino. Huh... HOSTS file. Yeah... just edit that on all you *nix devices and you're golden." - by catmistake (814204) on Thursday December 30, @03:49PM (#34714438) Journal
It works, & on a VERY simple principal: If you can't go into the malware kitchen? You CAN'T BE BURNED!
It's THAT simple!
(That's WHY "blacklists", actually work!)
APK
P.S.=>
"Or you could run your own DNS... far less mucking about with adjusting HOSTS files like some square throwback admin from 1974." - by catmistake (814204) on Thursday December 30, @03:49PM (#34714438) Journal
QUESTION: How do you run a DNS server on ANDROID?
Why on earth would you WANT TO?
To burn up more diskspace, CPU cycles, NVRAM memory & more on something You DO NOT NEED TO BE RUNNING ON A PHONE (or PC even)??
Why, when a HOSTS file is superior to DNS &/or Adblock on MANY levels... would you like a list of them??
"mucking about" with a HOSTS file is as simple as the 3 step procedure I noted, & currently updated ones from reputable sites? Easy, here is a TRUCKLOAD of them:
REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)
apk
Sure if you ignore things like DEP, ASLR, etc.
And they all do because they don't know what they are or that they even exist. All they really have is "It's UNIX!" a system with ideology in the 60s whose only security concern is not allowing one user to overwrite another's files in an academic setting. I'll give AT&T credit for hardening it somewhat for commercial use, but it was still assumed that a human operator would actively handle security concerns, an obsolete viewpoint clearly alive with the Slashdot crowd.
Oh and many Linux distros do not come with either SELinux installed or even enabled by default so to try to act like that is common or even remotely universal is a lie.
The reason is that it is absurdly obtuse and unworkable. Just type in "fedora d" into Google and the third autocomplete will be "fedora disable selinux". SELinux was designed for security pros protecting classified information. It's like trying to market an armored vehicle, along with certifications in guns and self-defense, to someone who just wants to make sure their car door doesn't casually open on its own on the way to the grocery store.
See my subject-line:
It might present a way for you to do it for others, either "gratis" or for "the Holy Dollar" (note my usage of $ above? Lol!)
APK
P.S.=> Making an honest buck, especially for helping others? NOTHING wrong w/ that! apk
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
IMHO a strong case could be made that any non geek buying an Android product is by definition a 'stupid user' as there a better user experience out there for the same price that they would have selected if they were smart.
Guaranteed, per my subject-line, & that's all! It works on the SIMPLEST PRINCIPAL OF ALL & no added "moving parts" needed (like addons for browsers etc.):
A custom HOSTS file keeps you safe, especially vs. KNOWN THREATS like this one is, now, & via this VERY simple principal:
"If you can't go into the malware kitchen? You CAN'T BE BURNED!"
---
HERE IS AN INTERESTING THING ABOUT THIS TOO:
The funniest part is, even IF you somehow loaded this malware onto an ANDROID (say, intentionally putting it there via ADB even, via its PULL command)?
The malware couldn't "talk back" to mama - it's C&C servers!
I.E.-> IF / WHEN you block the list of C&C servers, you can't touch them... & neither can the malware!
(It can only do what YOU can do, as the user, typically that is - unless this thing has ROOT impersonation abilities that is, & rootkits (some only thank goodness) do sometimes, & those are easy enough to stop also (stop their drivers loading, OR, redo the boot sector)).
No, not ALL rootkits can be stopped that way, but 2 outta 3 major types, can!
APK
P.S.=> LASTLY: Linux &/or ANDROID OS? Man, it's NOT just for communist nations, you know! apk
Where's The Fucking Article?
What The Fuck,Aye?
Speaking on behalf of everyone here, you are an idiot.
Tequila: It's not just for breakfast anymore!
FTFA under "How it works":
* Download and prompt the user to install an app
* Prompt the user to uninstall an app
Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?
FTFA under "How to stay safe":
* Only download applications from trusted sources
* Always check the permissions an app requests
I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed. The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d. Big surprise.
boycott slashdot February 10th - 17th check out: altSlashdot.org
"You need a new grammar file." - by Arivia (783328) on Thursday December 30, @04:32PM (#34714908)
You need to answer that question in my subject-line, first... & then, these too:
---
1.) Do you have a PHD in English to your name/credit?
2.) Do you have years-to-decades of PROFESSIONAL EDUCATION EXPERIENCE to back up your b.s.??
---
(Somehow, I do NOT think you do, on either account!)
Additionally/lastly: You're blatantly, OFF TOPIC! There is no such forums here or topics about "english grammar critique"
APK
P.S.=> NOW - IF on the "off chance" you DO have a PHD to your name, in English? Tough cookies - it's not worth the paper it's printed on, especially! After all, you'd be the one with "the problem", especially IF you cannot gather the meaning of my words from within the context of the framework in which they're used - but, there's ALWAYS "hooked on phonics", "4u", lol... apk
But be careful you are advocating for personal responsibility there are some on slashdot who would think you elitist for spouting such things :)
"Side note: if the malware authors want a way around this, they can do one of a number of things: Query a specific nameserver (e.g., 8.8.8.8) instead of relying on the OS to resolve. Will be slower, but will bypass the hosts file. Just embed the destination IP address (obvious con: harder to move once caught/dismantled). - by Tanktalus (794810) on Thursday December 30, @04:49PM (#34715068) Journal
Correct: Malware makers generally DON'T use "hardcoded IP's" in their malware, because of what YOU said (easy to shut down, etc.), but also because they "RECYCLE" those domain names!
(E.G.-> the RBN, thought LONG "defunct"? Heh, they just did this recently mind you, & everyone, including myself, thought "the Russian Business Network" was dead!)
Well - Their domain names are now in use, again! (more than a year later!)
Malware makers paid for those domains is why, most likely - & malware makers? THEY ARE "ALL ABOUT THE BENJAMINS" they can steal from you!
Now... couple that with what YOU said?
It's NOT PRACTICAL for them to do, to just dump domains they already paid for, & to use IP addies...
APK
P.S.=> "onwards & upwards"... good points, good post, & there are mine in summation for you vs. your points/in addition to, your points! apk
So then what is your excuse for this?
Fair point. Although it should be noted, on further digging, I don't think anyone actually uncovered any malicious behavior for these apps. The banks were rightfully concerned as they didn't produce the apps and they couldn't verify that they weren't malicious. Considering the nature of the service involved, it's judicious to assume that they were. But for all we know, they could have been simply charging $.99 to people who didn't know how to set a bookmark.
I am not downloading ANY apps from CHina. You have to be an idiot to grab them.
I prefer the "u" in honour as it seems to be missing these days.
Please don't presume to speak for everyone. Sure, we all think he's an idiot, but I would like to personally tell him that he's an idiot. /etc/hosts guy, you are an idiot.
Linux is less targed than Windows against remote attacks, it can't protect against stupid users.
I fixed that for ya.
I can feel the FUD storm building...
[signature]
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
I don't know and I certainly doubt you do either. But considering how much anecdotal evidence there is to show that people are in large numbers willingly clicking on malware in emails and installing malware from pops to websites, it's not nearly as small as you try to make it out.
Not exactly a clear answer, but it looks like drive-by attacks are far higher up the threat list than attacks requiring user interaction.
http://news.softpedia.com/news/Drive-By-Download-Attacks-Were-the-Biggest-Online-Threat-Last-Month-170525.shtml
**cough** This would never **cough** happen **cough** **cough** on an iPhone **cough**
Parent is known troll APK, also known as KingsJester or the HOSTS file troll, which spams several sites trying to show off his supposed programming skillz by writing badly designed VB6 "apps" and loves to spam threads with his rantings on 16MB HOSTS files, which after repeated requests to show how a 16Mb static HOSTS file can scale against a threat of over 1.3 MILLION infected sites with more than 200,000 being added or removed PER DAY has refused to show proof and instead throws insults.
So anyone who listens to APK, Kingsjerker, or whatever he wishes to call himself this week, and thinks a HOSTS file will do anything but stop static ad servers, really needs to do the math. Not to mention on any machine before Vista it will seriously slow down the machine as it is read line by line per access, and frankly isn't much better on Vista/Win 7. About the most inefficient way to block a static site as one can get IMHO, and anyone actually pushing it as an effective solution to the ever revolving malware out there frankly needs their head examined. But then again we know trolls aren't the brightest creatures, now don't we?
For examples of his trolling simply watch this thread or any I post to, as he has been following me for weeks spamming since I pointed out he doesn't have basic math on his side.
ACs don't waste your time replying, your posts are never seen by me.
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
Keep in mind that there HAS been Linux viruses ("virii" if you really want to annoy some folks) but they have a rather limited life span. The question is why. And does Android do anything to interfere with that? I suspect due to the nature of how Android and Android devices are handled (closer to the Windows environment than Linux), Android is a much more interesting target.
Awhile back I was looking at cheap Android devices for something that would play movies for long trips. There are many cheap (sub-$200) Android tablets out there that (probably for licensing reasons) do not have access to the Android marketplace. The literature says "you can download thousands of apps from other sources".
I'm thinking the great majority of the devices pwned by this virus will be of this cheap variety.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
DON'T download apps from the "Andloid Malket". It's a fake.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Android could protect itself from nearly all stupid users if it's developers wanted that. Simply require all binary code to be cryptographically signed by someone reputable (like google, or verisign, or whoever), and give those who sign the apps the ability to revoke their signatures.
It has been working great for websites ever since SSL came out, and has worked pretty well so far with iOS, why not do the same thing everywhere?
If apps had to be signed, then it would be impossible to re-package a popular and reputable app with malware attached to it. And if signatures can be revoked, anything that does slip through can be dealt with quickly.
"None of that is necessary. Why even post this crap?" - by icebike (68054) on Thursday December 30, @03:30PM (#34714242)
What I posted in my init. post here http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 ?
It just works, & on a VERY SIMPLE PRINCIPAL:
"If you can't go into the malware kitchen? You CAN'T BE BURNED!"
SO that all "said & aside"?
Well - If you can't be lured to the list of domains/hosts to block which I obtained & posted here earlier that this botnet uses:
---
0.0.0.0 www.widifu.com
0.0.0.0 widifu.com
0.0.0.0 www.udaore.com
0.0.0.0 udaore.com
0.0.0.0 www.frijd.com
0.0.0.0 frijd.com
0.0.0.0 www.islpast.com
0.0.0.0 islpast.com
---
Well - Not only can you NOT get those malwares, but the malware, EVEN IF YOU HAD IT SOMEHOW (like loading it manually via ADB as I noted you can do for a HOSTS file on ANDROID OS)? It's not going to be able to "get orders from MAMA" either, because those C&C servers are now BLOCKED FROM ACCESS!
To you, to the malware, etc.! Even root/superusers/administrators would be blocked thus!
(That is, unless the malware has impersonation abilities, & can run as "superuser/root/administrator" to ALTER THE HOSTS FILE, & no mention of that has occurred here yet (& rootkits which use that tech? Easy enough to deal with too (fbr master boot record, or torch their drivers)).
APK
P.S.=> It's an added safety measure is all, & one that's sure to work... apk
I'm not sure you can give an Android app permission to write to other application files, which a virus would need in order to spread. Then again, most Windows worms a couple of years back seemed to rely on user stupidity, and I don't think Android differs too much in that regard. An app that can read your address book and send SMS can also spam your contacts with "Hello friend, I just doanlowded this new Android game from http://spam-r-us.cn/andoird.apk and its great, thank you!" or similar, and at least some users would follow that kind of link.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
Err, so we rip on UAC for a few years then pretend it doesn't exist when it's convenient?
This made CNET news in China on 2010-12-03: http://www.cnetnews.com.cn/2010/1203/1956595.shtml
NetQin says they first identified it on 2010-11-26: http://virus.netqin.com/android/BIT.GeiNiMi.A/
These are likely related to reports of backdoors in games for the Andoid platform as far back as 2010-10-27 (http://bbs.gfan.com/android-280850-1-1.html).
On one page of the Gfan site (http://bbs.gfan.com/android-283253-1-1.html), it's claimed that this is a trojan (or "implant") developed by an unscrupulous outfit in the Caohejing Development Zone, Shanghai. The Gfan user points a link to the website at geinimi.com, and there is an IIS webserver there, but it looks like all content has been deleted.
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34714714
Call me names, & mod me down ALL YOU LIKE - doesn't change a THING!
(I see you're also trying to mod down my init. post too - but it's fluctuating @ +3 or +4 around 10x now, no biggie - it's going to make "front page" here probably is my guess w/ those ratings!)
No matter WHAT You do? You can see, that others are reading & learning by it, to protect themselves & their friends/family/customers, etc./et al!
(Which is, of course, the IMPORTANT part here!)
At this point, I'll say it again:
I now TRULY DO suspect you & the others calling me names here are malware makers by this point...
How terribly WEAK & EFFETE of you, in useless retaliation... lol!
I mean, hey: IF all you have is impotent mod downs (especially when others remod me up again), & name tossing, which is all I have seen vs. my point in favor of HOSTS files?
Please - adhominem attacks? NOT VALID IN LOGICAL DEBATE, period!
APK
P.S.=> Tell the other AC posting with you, telling me to "F-off" etc., to consider decaf next time, lol, he needs it... apk
Lookout never claimed to have discovered the trojan ("trojan" because it pretends to be something else). The code package's name is GeiNiMi, translated as "to give you rice" or "to give you a meter" (or metre, as in measurement). In this context, perhaps meaning "make money for you" or simply "to gain".
This made CNET news in China on 2010-12-03 (http://www.cnetnews.com.cn/2010/1203/1956595.shtml) after it was publicized by NetQin, a mobile device security company in China. The relation, if any, to Lookout Mobile Security is uncertain.
NetQin says they first identified it on 2010-11-26 (http://virus.netqin.com/android/BIT.GeiNiMi.A/).
These are likely related to reports of backdoors in games for the Andoid platform at least as far back as 2010-10-27 (http://bbs.gfan.com/android-280850-1-1.html).
On one page of the Gfan site (http://bbs.gfan.com/android-283253-1-1.html), it's claimed that this is a trojan (or "implant") developed by an unscrupulous outfit in the Caohejing Development Zone, Shanghai. The Gfan user points a link to the website at geinimi.com, and there is an IIS webserver there, but it looks like all content has been deleted.
If you really expect to fool anyone with that a=.999 silliness you're going to have to do much better than adding .009 on line 2.
"which after repeated requests to show how a 16Mb static HOSTS file can scale against a threat of over 1.3 MILLION infected sites [softpedia.com] with more than 200,000 being added or removed PER DAY has refused to show proof and instead throws insults." - by hairyfeet (841228) on Thursday December 30, @05:50PM (#34715872)
Don't YOU recall, this: hairyfeet ->
http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
Which was MODDED UP no less, & shot you down, in SECONDS, too easily! It's also where you RAN AWAY, too, once your "so-called point" was easily shot down?
LMAO... TOO Easy!
---
1.) Now - I have over 920,000 KNOWN malicious sites blocked out (more from this article too no less) in my HOSTS file.
Many get cleaned up too, & get removed from that 1.3 million # you quote
(See my lists from hpHOSTS I cited here for example, they post removal lists & update, EVERY HOUR - Thus, I am, literally, up to the minute on these things)!
---
2.) Also: Your "faith" in math? Since you went to "ITT TECH" (bottom-of-the-barrell U),b>?? Try explain to me why MATH FAILS HERE:,/b> .999 = 1 (true or false) False, you KNOW it, but... read on:
Let a = .999 .999
10a = 9.999 (this is 10x.999)
10a - a = 9.999 -
9a = 9
a=1
Explain that, "ITT TECH MAN"... a was .999 at the START OF THIS - how come it comes out as 1 then?
See, that's what your "ITT TECH" degree gave you - - EGG ON YOUR FACE HERE!
(Yea - I was going to do that where you RAN from, in the 1st URL I posted above, but... this is as good a time as any! No wonder you RAN from that first URL - you KNEW I'd "smoke you", due to better education & experience on MY END!)
---
I think even an "ITT TECH MAN", lol, like you can manage it, right?? Tell us why MATH isn't right there... ok???
Good luck!
---
"Not to mention on any machine before Vista it will seriously slow down the machine broadbandreports.com] as it is read line by line per access, and frankly isn't much better on Vista/Win 7" - by hairyfeet (841228) on Thursday December 30, @05:50PM (#34715872)
Did they turn off the local DNS client cache? No?? That's why... In fact that point's covered here, for Windows users:
http://www.mvps.org/winhelp2002/hosts.htm
Right off the bat! Of course, even a 2nd rate tech knows that, but... NOT YOU! LMAO!
(Too bad you didn't know about it, & it makes you VERY easy to "dispatch" as usual, ITT Tech boy, lol!)
APK
P.S.=> Arstechnica also had their forums members have the police called on them for harassing me, threatening my LIFE, & posting defamatory material on me that wasn't true also & also for impersonating me...!
(So much for your POOR attempt at 'discrediting me', you fool... they impersonated me numerous times on their own forums/sites & arstech too!)
(Mainly/Specifically, Jeremy Reimer & Jay Little of Arstech had their websites removed from their hosting providers for it in fact - ask CrystalTech.com, their former hosting provider about that much... lol!).
Hairyfeet - You had better get a better education than ITT Tech if you want to try "take me on" hairyfeet... you always lose, everytime, because you're just a low end product! apk
My fear is that the other shoe will drop -- to "fix" the problem, each carrier will have its own app store and lock their devices to it.
Why is this bad?
Two reasons. First, developers will have to grease palms in order for their app to be usable by all. Second, carriers will want exclusivity agreements, so Goatse Tower Defense only appears on one cellular carrier, but no other. This will be used as a way to peddle phones, similar to how game titles are used to sell consoles (if you want Halo, you buy an XBox for example.)
Math review for hairyfeet (the "ITT Tech Grad",
literally):
---
Let a = .999
(now, multiple a/.999 by 10)
10a = 9.999 (this is 10x.999)
---
10a - a = 9.999 - .999 (subt. away a from both sides of the equation)
9a = 9 (this is what's left & algebra takes you the rest of the way)
a=1 (answer, which is NOT a = .999)
---
Explain that, "ITT TECH MAN"... a was .999 at the START OF THIS - how come it comes out as 1 then?
HAIRYFEET - have you even TAKEN & PASSED algebra, hairyfeet?
Apparently not!
What with your:
---
1.) Running away from rebuttal reply here & the other URL I posted http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834 where you got SMOKED (& my post was modded up, because it KNOCKED YOUR LEGS OUT totally).
2.) Your now posting as AC calling me names, etc.
3.) Your "down-modding" my posts via other accounts you have here (as is your usual!)
---
So much for "math" being "the end all/be all", because from education on MY end. I know better!
As far as DISCRETE MATH, which I took & passed, & it's "above" Calc I/II imo @ least (It's just shy of "number theory" stuff really/bordering on it)?
It showed me otherwise!
(As far as placing "ABSOLUTE FAITH" in math as you have, & which I shot you down on above)
Not only in you failing to explain the above away, but that you also didn't realize that many of those 1.3 million bad sites get REMOVED, & they DO clean up, & that you also ran from this too!
Considering I have literally 920,000++ known bad sites blocked out in my HOSTS file, from reputable sources?
That's ABOUT RIGHT, vs. your 1.3 million figure you quoted on known bad sites!
Too easy! Hairyfeet - face it, you're a LOWLY TECH at best/most... you trying to "take me on"? Like an ant assaulting a MASTODON!
(E.G.-> In Discrete Math, I learned that a LOT of what we operate on?? PURE APPROXIMATIONS, but not exact... just like asymptotes sort of! Real "Johnny Chan" math stuff!)
Well - that's what your "ITT TECH" degree gave you - - EGG ON YOUR FACE HERE, hairyfeet!
APK
P.S.=> Now, all you have is your "wounded pride"/"geek angst", AC replies calling me names & attempting to "discredit me" etc., but it doesn't WORK vs. this:
http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
and this:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34717188
Where I have soundly beaten the HELL out of you, on this very topic, before (hosts files)... apk
"Sorry saying that malware writers "generally" don't use IP addresses, does not mean you can trust that they never will as a form of security." - by cmdr_tofu (826352) on Thursday December 30, @08:45PM (#34717580)
That's SIMPLE enough too:
Do you know how to use a router's block lists?
Most have them, even HOME units (like my LinkSys BEFSX41 even), have those...
They work by IP address...
(OR, alternately, you can do PORT FILTERING or a rule, via Windows Firewall even, disallowing access by IP Addresses you set (inbound OR outbound, easily)).
AND? "There you are!"
---
ADB does not give you a rootshell. It's not a secret. The dev tools are easily available from http://developer.android.com./ [developer.android.com] If you get a shell with adb on a non rooted device, I think you will have a tough time writing to /etc/hosts" - by cmdr_tofu (826352) on Thursday December 30, @08:45PM (#34717580)
That's what SU (BSD etc.) or SUDO is for, on *NIX variants!
After all... if you need to? Raise your rights that way... simple!
(iirc, I may have had to do that, but I am FAIRLY SURE I did not have to, just by using the "mount" command, with READ+WRITE access to said mountpoint on ANDROID)
I was able to PUSH/PULL the new HOSTS file into the system mountpoint (on ANDROID OS, easily!)
---
"Clicking a url, is not the same as installing an application, unless there are some serious software vulnerabilities I don't know about." - by cmdr_tofu (826352) on Thursday December 30, @08:45PM (#34717580)
Heh, it CAN be, via scripts... & there ARE some "serious software vulnerabilities" on browsers like IE for example (too bad, but it's NOTORIOUS for them)... see SECUNIA.COM on that note!
Most of the OS' are fairly "solid" vs. remote exploits last time I looked, but what's attacked the MOST nowadays? Apps!
(Browsers & EMAIL programs, the most, in fact. You use HTML + scripting turned on, even in EMAIL? You can "sink your ship" & not even KNOW it!)
---
"If that is the case, I'd rather use a more secure web browser that doesn't allow installing .apk's without my control than rewrite my /etc/hosts file, as an attempt to cripple malware." - by cmdr_tofu (826352) on Thursday December 30, @08:45PM (#34717580)
That's an OPTION (Right now, Opera, FF, & Chrome have 0% unpatched vulnerabilities per SECUNIA, & I checked last week but... DO check there again!)
However - What I wrote above? Will, for sure, block access to the C&C + distribution servers this malware uses...
That's all!
---
"I think icebike said it best above where he said, just don't install malware-ridden Android apps from dodgy warez sites. Use the Android Market." - by cmdr_tofu (826352) on Thursday December 30, @08:45PM (#34717580)
That's a "way" I suppose, but to be sure? You can do what I wrote... it works!
How do I know??
LITERALLY - 15++ yrs. of NO MALWARE HERE, whatsoever...
Here is another "/.'er" who sees the same, for 5++ yrs. now too, as another testimonial to the layered security efficacy of HOSTS Files, for he (not I) also:
---
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
---
For me? Yes, it's due to HOSTS usage, and this guide I wrote in combination ->
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&g
" Why do you post nonsense as Anonymous Coward and sign as APK?" - by cmdr_tofu (826352) on Thursday December 30, @09:04PM (#34717736)
First - I don't need, or care for, "karma points" for 1 thing... useless to me really!
Secondly?
See subject line above, & you being a "registered LUSER" here (don't take offense to that, lol, it's just a joke)?
Man - You're SO easily tracked for trolling, because of your POSTS history, that it's NOT funny!
(I mean, don't you think I have "enemies" online? I have them, unfortunately)...
It's MOSTLY due to their "geek angst" @ being unable to handle when I shoot them down, the "classic" here today, in this VERY exchange in fact, was hairyfeet:
---
THE DESTRUCTION OF HAIRYFEET USING MATH & LOGIC:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34716224
---
(That one's HILARIOUS & even points to another one where I easily "shot him down" on HOSTS files too... easily - knocked his legs RIGHT OUT FROM UNDER HIM IN FACT!)
Also, look at how my init. post here went from +4, to +3, to +2, to +4, to +3 ratings here!
That tell you anything?
Plus?
Well - to be BLUNT about it??
I have YET to see any of my downmodders or naysayers disprove any of my points here in fact!
Yes, & I've had PLENTY of practice "blowing them away" just like you saw in that last URL above w/ hairyfeet!
(clone52431/53421 is another, & one who uses multiple registered accounts to harass others here with, & to "support himself" with - pitiful!)
I know that much about a few "trolls" here, who have even LITERALLY stated to me, something along these lines:
"I hope you get a registered account here apk, so we can mod your posts to OBLIVION"
That explain things to you, on that account?
---
"Yeah because as we know malware authors are unsophisticated and easy to predict. They would never do anything like incrementing a number in a hostname www255.frigd.com www256.frigd.com." - by cmdr_tofu (826352) on Thursday December 30, @09:04PM (#34717736)
So what? I get hosts files updates, hourly, especially from hpHosts... these are the sources I use:
REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)
APK
P.S.=> They update? Or, IF/WHEN I find an article like this one that gives me the data for blocking KNOWN bad sites/servers/hosts-domain names?? I am set, & current...
This is the "piece d'resistance" (sp?) though, it's NOT my words, even though I get the SAME RESULTS, but instead, another /.'er telling you guys the same:
---
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
---
Nuff said... & I didn't even SAY it... apk
"APK might be a known troll, but you can't totally discount a lot of what he says." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
Yes, thank you (APK bows to "your wisdom", lol!)
---
"That's the most frustrating thing about him. He's actually right." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
Aha - "the truth comes out" yet again, lol!
Again though - thanks!
(AND, yes - it IS difficult to take on truth & facts... this is EXACTLY how I trash these trolls, everytime!)
Most of them? Heh - Dude, they're literally "too, Too, TOO EASY" to get the best of...
hairyfeet especially, see here:
---
http://mobile.slashdot.org/comments.pl?
sid=1930156&cid=34716224
---
That's where I destroyed hairyfeets adhominem attack on me, & his "wannabe math & logic" easily, with actual MATH & LOGIC, plus his OWN facts he quoted... (too easily!)
---
"I've been in the industry a long time. A long time." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
So have I, & to decent acclaim, such as this only PARTIAL LIST OF MY FAVORITES, thereof:
---
Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61
(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).
WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)
PC-WELT FEB 1998 - page 84, again, my work is featured there
WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there
PC-WELT FEB 1999 - page 83, again, my work is featured there
CHIP Magazine 7/99 - page 100, my work is there
GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it
HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!
Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...
Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3
Lastly, lately (this year)?
It's also been myself helping out the folks at the UltraDefrag64 project (a 64-bit defragger for Windows), in showing them code for how to do Process Priority Control @ the GUI usermode/ring 3/rpl 3 level in their program (good one too), & being credited for it by their lead dev & his team... see here -> http://ultradefrag.sourceforge.net/handbook/Credits.html
---
For all your "years in this industry", have you done the same, I wonder?
---
"People like APK are assholes, to be sure." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
Well, now you KNOW WHY I asked you the question I did above... answer it now, since you called me an "a-hole"... ok? Thanks!
---
"But just because someone is an asshole doesn't mean they don't have something to say worth hearing, and you just have to get over it. You need to be better than they are by not letting i
I shouldn't reply to the troll, but...
10 x .999 = 9.990
Therefore: .999 .999
a =
10a = 9.990
10a - a = 9.990 -
9a = 8.991
a=.999
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
You can't "hide the truth" or facts from my init. & subsequent posts starting here boys -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 on downwards in this thread... period!
(PLUS? Well - See what others say, below... lmao!)
APK
P.S.=> Trolls, lol, trying to "kill an idea" (foolhardy) that works? Please... lmao!
Especially when others here said this:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34718190
PERTINENT QUOTE/EXCERPT:
---
"APK might be a known troll, but you can't totally discount a lot of what he says. That's the most frustrating thing about him. He's actually right." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
---
(I'm no troll, I only attack when attacked FIRST... then, I destroy, w/ facts, & logic!)
Facts, are facts, boys... get used to it!
I.E. - YOU HAVE BEEN, PWNED, hard... by yours truly, everytime... & not all the downmods in the WORLD or name calling adhominem attacks are helping you now, are they?
Nope... just "too, Too, TOO EASY"... apk
You can't "hide the truth" or facts from my init. & subsequent posts starting here boys -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 on downwards in this thread... period!
(PLUS? Well - See what others say, below... lmao!)
APK
P.S.=> Trolls, lol, trying to "kill an idea" (foolhardy) that works? Please... lmao!
Especially when others here said this:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34718190
PERTINENT QUOTE/EXCERPT:
---
"APK might be a known troll, but you can't totally discount a lot of what he says. That's the most frustrating thing about him. He's actually right." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
---
(I'm no troll, I only attack when attacked FIRST... then, I destroy, w/ facts, & logic!)
Facts, are facts, boys... get used to it!
I.E. - YOU HAVE BEEN, PWNED, hard... by yours truly, everytime... & not all the downmods in the WORLD or name calling adhominem attacks are helping you now, are they?
Nope! Man - just "too, Too, TOO EASY"... apk
take your time.
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34717870
"And this protects you from basically nothing except some advertising." - by Anonymous Coward on Thursday December 30, @09:05PM (#34717748)
Really? Ok, see this quote from another /.'er, not myself (though I have had 15++ yrs. of NO MALWARE HERE, myself - he's on 5, since he started using HOSTS files):
---
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
That's in regards to HOSTS files, & successes others here have, in using them, ALBEIT for security alone!
(HOSTS can also give you more speed, IF you know how (hardcoded IP's of fav sites, blocking banners, etc.))
---
So, so much for your useless AC effete reply...!
---
I said this to cmdr tofu here already, but here goes, again:
"A 'well written' trojan would always bypass this and do direct dns-resolution against one or more DNS servers or just connect to specific ip-numbers... Or maybe just join one of the larger IRC network and take commands from some channel there...." - by Anonymous Coward on Thursday December 30, @09:05PM (#34717748)
Hell, don't you KNOW about routers & their block lists or firewall rules?
You can BLOCK IP ADDRESSES IN THEM, easily (they make up for where hosts files do NOT work, on IP Addresses).
Plus, from what I read on it, thusfar? It has no "rootkit technology" or impersonation abilities... yet, & big deal IF it did?
You can "blow out" 2/3 types of rootkits using:
RecoveryConsole, fixmbr
(or in RC, delete their active files (they're not in use there, & it's a READ ONLY environs too))
OR THE SAME, even via another OS installation, like Linux (which reads NTFS/FAT/FAT32, & more).
RC also has ENABLE/DISABLE, & DISABLE? Can "shut down" any rootkits' drivers, easily too!
ProcessExplorer makes it simple to "zap" many malwares too, if you don't LIKE RC...
(There's other methods as well, but, that'll do, for now...)
APK
P.S.=> Look, I understand - from your "POV" on how you feel & why you're trying to "Troll me"!
Either you are a:
---
1.) Malware maker
2.) Advertiser
3.) GREEDY webmaster
4.) Or just stupid in general (see above, you couldn't even FIGURE THAT OUT!)
---
And, you don't want to lose YOUR GOD: ILL GOTTEN GREEDY PROFIT! Believe me, I understand... lol!
Not my problem... especially when folks here are literally saying this, about me:
Too easy... apk
Logic, reason, or mercy... they interpret it, as weakness!
(I.E.-> Don't 'cater to them' or try to 'placate them', believe me, I know... I have had them bothering me here, for YEARS (same results as always though, lol, always/everytime)).
They will, in the end, invariably resort to these "last resorts of trolls" as you saw:
1.) Ad hominem attacks
2.) Spelling & grammar/writing style critiques (off topic though it is, there is NO "english section" of the forums here after all)
3.) Off topic crap in general
---
Yes, they've been "pushed around" MOST of their lives, as "geeks/dorks/nerds" & this is their STRONGHOLD they feel (obviously, they're NOT so "strong", per this foaming @ the mouth reaction you doubtless saw), & they just cannot "handle" having their asses handed to them - simple!:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34715900
(That one's a LULU, lol... see what I quoted, you'll understand!)
LOL, all I could say was to THAT!
APK
P.S.=> Just a piece of advice, & you've been pretty cool through most of this, so, sorry for "confronting you" that way... I just felt you were "attacking me" calling me "asshole" & what-not! apk
Didn't even click on the link and I can tell you that is not a trojan. A phishing app, but definitely not a trojan.
Either way:
1) It is not on the Android Market now.
2) You are always trusting the developers of any app that you install, just like you do for any program or person. (i.e. http://hackingexpose.blogspot.com/2010/11/report-banking-apps-for-android-iphone.html )
Some legitimate apps phone home without notifying the user; Skype was even caught harvesting machine info (invading privacy) at one point. If you enter ANY info into ANY app, that app can do whatever it damn well pleases with that info -- just like if you handed your bank info to some guy on the street saying he's trustworthy. This is why there's these slew of articles now saying mobile phone apps (any platform) is "stealing" your info (except for Android, which broadcasts what info that app has access to)
Without source, it's 100x hard to verify your information is safe on ANY platform. Wasn't there an i-platform app a few months ago that recorded info unencrypted to the phone? I hope to god those phones which had that app wasn't jailbroken, or it didn't record to a publically accessible spot.
This isn't the first time someone raise their hands and yelled virus / trojan / infostealer. Remember those wallpaper infostealers a while back? Google looked into that and there was no malicious, along with those wallpapers that everyone said was malicious:
http://blogs.computerworld.com/16666/google_android_wallpaper_apps
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
For starters, not trying to execute stuff that comes in from questionable routes like USB drives, CD and DVD ROMs, embedded in various files like jpegs, PDFs and so on.
But you knew that because you're clearly not stupid.
"10 x .999 = 9.990" - by BronsCon (927697) on Thursday December 30, @09:57PM (#34718208) Journal
THAT? That was just to "mess hairyfeet up", because I KNOW he doesn't have ANY "higher math" to his name from ITT Tech... but, it does work here oddly!
I ran it thru Windows Calculator! However, I should have said .999 REPEATING (I am fairly sure it works, but don't quote me on it)
STILL: That wouldn't REALLY matter here though!
Why?
Well, because hairyfeet's 1.3 million malwares? Is JUST ABOUT RIGHT, considering I block out 920,000 KNOWN ONES, as we speak, in my HOSTS file!
E.G. - Sites like hpHOSTS ( hosts-file.net/?s=Download ) update, HOURLY no less, & have removal lists too (some sites DO clean up is why, or just drop)...
So, that said?
I am JUST RIGHT, probably DAMN CLOSE TOO, with the number I block currently, & even PER HAIRYFEET'S POINTS in quoted estimated (note, estimated, no one is really sure how many bad sites there are) numbers of malware sites out there.
Yes... though hairyfeet says it does not 'scale'? It does, just fine... & because of the sources I use?? I am CURRENT vs. known threats, just like this one! apk
Ironically enough I’m pretty sure that’s impossible when it comes to APK (Alexander Peter “Petey” Kowalski, well-known internet troll and writer of software considered by many to be malware - by Anonymous Coward on Thursday December 30, @05:36PM (#34715700)
That came from Computer Associates (CA), real reputable THEY are (NOT):
http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102
That's MY post, which was rated +5 no less, & it tells the truth of it, unlike you, troll!
---
CA's disreputable!
See their "ethics" in accounting practices which they got busted for:
PERTINENT QUOTE/EXCERPT:
"Customers know Computer Associates - and, these days, for all the wrong reasons. Just as the company was beginning to shed its reputation as a home for legacy software products that carried an inflated price tag, it was rocked by a series of accounting scandals. An on-going FBI fraud inquiry and investigations by the US Department of Justice and the Securities and Exchange Commission have left it reeling, with a power vacuum at the top as over a dozen senior executives have left or been sacked. The allegations centre on internal accounting and sales activities in the years around the turn of the century, and involve the movement of revenues between quarters and product areas, and consequently, the mis-statement of financial results."
FROM -> http://www.information-age.com/articles/290656/the-information-age-interview.thtml
---
TOO EASY! Just TOO easy... truth is like that, & so are facts, vs. your trolling b.s., everytime!
APK
P.S.=> CA also listed a freeware of mine as a "malware" which was written to help out a fellow forums person I knew at NTCompatible years ago, because he had an OLD version of Apache server on Windows which would not run as a tooltray icon while minimized & it was not implemented as a service he told me (that was so it was not visible onscreen and ran "in the background transparently" which most webservers now, do).
So, in good faith/being a "good neighbor", I wrote it up for he (it's NOT commandline argv/argc parameterizeable either, so it's NOT scriptable) in GUI form (only 2-3 lines of code & works via C/C++ type invisible "spawn" type parameterizations).
Next thing I know? It's out online being classed as a "malware" (1 of around 40 freeware apps I've done over time that did VERY well & were featured in respected publications in good reviews in reputable & respected publications like "Windows IT Pro" Magazine (it was Windows NT Mag back then in the 1990's - early 21st century) & others of like ilk).
Apps that can be used "both ways" get 'victimized' this way (which is like PING via "ping of death", or tools from NIRSOFT (good stuff) &/or SysInternals even (yes, even Dr. Mark Russinovich has had this happen to he (e.g. pstools) as it has myself & Nir Sofer of NIRSOFT) have tools that can be used "for the good" or "the bad", depending on WHO is using them & what they're up to (like a gun, guns don't murder people - other people do).
So, then I took CA's 21 point removal test & passed EVERY SINGLE QUESTION without fail no less, & they would not remove it (but, they had to put it down to "Zero Threat Levels")... I did that on the advice of an attorney (John Lowe of Hiscock & Barclay).
Afterwards when I told the attorney these results, he told me "Yes, you have a WINNING CASE for libel/defamation of character" etc. "and it's worth approx. $150,000 U.S. Dollars", so I said "Well, let's do it then on a 33.3% of the take for you as payment" (keeps attorneys 'motivated' doing it that way, plus, it's no init. money down for retainers etc./et al).
Then, he replied "I can't do this case!" I was like "WHY?!?" & he said "Because larger companies have fleets of attorneys that will 'drag it out' for over a decade and by the time you collect, which you would? The overall COST of
the STUPIDEST one in existence... how/why? Well, in addition to my other reply to you here:
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34718682
This "seals the deal" on you, troll:
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
(It is THE most viewed online security guide for Windows, bar none, in fact, over 750,000 views worldwide last time I looked in 2008 in fact & shows up "TOPS" on searching it - when Markus Janson's model (a copy of one I did even before it at NTCompatible.com, but not a bad on on his end mind you) used to on the SAME search!)
On 15 forums its on currently, it's been:
---
1.) 5/5 star rated
2.) Most viewed
3.) Sticky/Pinned Thread
4.) An "Essential Guide"
---
& even won me $100 for writing it, @ PCPitStop.com no less -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ SEE JANUARY 2008...
Nuff said...
APK
P.S.=> So, IF I am a "malware maker" like you are libelling me as now? Why the HELL would I put out a very comprehensive post on securing Windows, or even my init. post here on HOW TO STOP THIS MALWARE EASILY? apk
E.G.-> Even Microsoft's OWN mgt. had to concede that to me, here (foredecker, Senior VP of the "Windows Client Performance Division"):
http://slashdot.org/comments.pl?sid=1467692&cid=30384918
"SIZE MATTERS"!
Reading that link, I noticed something interesting. By analyzing that post and a timeline of others, and comparing the results to your current posts, your steady descent into the depths of paranoid schizophrenic behaviour becomes really apparent. The contrast is really stark in posts separated only by a year. Please, listen a professional opinion and get help. Don't wait until you reach a breaking point and have to be institutionalized.
is cmdr tofu your alternate registered username here at slashdot that you troll others here with? It does look that way.
Hell just count his ranting posts on this single thread. you are looking at about 3 dozen, each getting more and more crazy, all because I pointed out he is a known troll and his math doesn't work.
Look at that huge amount of math he put that has NOTHING to do with anything and makes NO sense as supposed "proof" of his delusions. What ".99" (Is that a "magic number"? A number of protection? Who the fuck knows) has to do with fuck all is anybody's guess. It still doesn't explain how 1.3 million websites, 18,000 NEW pieces of malware released on average a week PLUS 180,000 new websites infected PER DAY is supposed to be stopped by a static file.
Anybody with the slightest bit of logic will see it simply CAN NOT work. It is frankly as bugshit crazy as perpetual motion. Even if he typed at a rate of one IP address per second, and had a PERFECT list of constantly updated malware IP address handed to him (which of course is again impossible, as it isn't like malware writers hand out their infected IP lists like press releases) he would still be BEHIND by 100,000+ websites PER DAY. And that is giving him 24 hour days with no sleep and perfect typing of an IP address per second.
But that is the thing with those that suffer delusions, no matter how much you point out they can't fly they still want to jump off the building. Like you I hope he seeks professional help, but most likely judging by just the ranting he has posted in the past few weeks he'll probably be found wandering the streets muttering about how MSFT is watching him, and how all the execs at every security firm owe him millions for his "brilliant idea". Kinda sad really.
ACs don't waste your time replying, your posts are never seen by me.
You know, I shouldn't respond to crazy people, but it really does illustrate my point beautifully. What did I say? What were my words? That you could not produce a SINGLE SHRED of actual mathematical proof that your magical woobie would scale, and that instead you would copypasta and troll bomb the entire thread.
And what did you do? You posted some complete rambling bullshit about 0.99 (Is that your "magical number of protection" Petey?) which had exactly fuck all to do with your magical HOPES file, because you just can't do it can you Petey? You see, it is simple. Math doesn't fall for anecdotes, math doesn't pick sides, and no matter how many times you try to change the subject you STILL cannot show us how 18,000+ pieces of malware released per week + 1.3 million currently infected websites + 180,000+ websites added PER DAY to that list, with another 20,000-35,000 taken off that list PER DAY, can all be stopped by a static text file.
You can't do it, changing the subject won't change the fact you can't do it, and no matter how hard you trollbomb or wish upon a star printing your magical .99 protection symbol, nothing you can do or say can change the fact that after repeated requests you still can't show your work and do the math showing that a static file can magically scale to those kinds of numbers. So give it up Petey, you can't do it. Admit you're a failure, accept it, and move on. Otherwise you can prove us all wrong by putting your supposed "genius" where your mouth is and show us the REAL figures and not your crazy VB6 math.
ACs don't waste your time replying, your posts are never seen by me.
First:
Answer the question above, ok?
I hate to tell you this, but, you can "quote figures" that are inapproximate estimates, all you like, because nobody REALLY KNOWS how truly many "bad sites" are really out there now - nobody has an "Exact Number" because it's a MOVING TARGET!
One I *TRY* to "keep up on" as best I can in fact... Especially on HOSTS files!
YOU? You also have to "consider your sources" too... see below. Later on that though...
See - each day, I add between 20-20,000 new ones (yes the range is THAT wide), but... I also have to PULL them too, & sometimes? That gets "up there" too!
(Problem is, again - NO ONE KNOWS HOW MANY BAD SITES THERE ARE OUT THERE, not really, period)
It's like keeping up with Comp. Sci. - it's always changing/growing, you can never, "know it all"... so, your #'s, or anyone elses??
PURE "GUESTIMOLOGY" (lol, there's a word!)
So - You can post late as you have here, to try to "bury it" so I won't see your reply... lol, no dice to that!
Now: Hairyfeet's 1.3 million malwares sites out there per his citation from SOFTPEDIA:
http://news.softpedia.com/news/Number-of-Infected-Websites-Almost-Doubled-During-the-Second-Quarter-156591.shtml
(Which is, perhaps, NOT the "greatest/most accurate-in-the-know" site on security mind you? LOL: Where my wares are oddly, still put up for download no less, bonus, as I just checked)?
They are correct on 1 thing: I have noted it here also before - it's GROWING FASTER than it did years ago!
I know that much from my hosts file population (running now, as we speak in fact).
My numbers are RIGHT, considering I block out 920,000 KNOWN ONES, as we speak, in my HOSTS file!
I constantly update it (probably 2-3 times a day or more)... doing it now, as I write this in fact!
Why? To stay accurate, & CURRENT vs. threats online, via a HOSTS file:
E.G. - Sites like hpHOSTS ( hosts-file.net/?s=Download ) update, HOURLY no less, & have removal lists too!
(As some sites DO clean up is why, or just drop)...
So, that said?
I am JUST RIGHT, probably DAMN CLOSE TOO, with the number I block currently, & even PER HAIRYFEET'S POINTS in quoted estimated (note, estimated, no one is really sure how many bad sites there are) numbers of malware sites out there.
You can stop your trolling hairyfeet, because this puts you away, with ease (not even my OWN words, & I can produce more like it, easily enough, just ask):
---
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
---
Nuff said, as the saying goes - & I didn't even SAY it!
APK
P.S.=> Yes... though hairyfeet says it does not 'scale' (I'd like to know WHAT HE MEANS, SPECIFICALLY, BY THAT TERM HERE TOO)?
It does, as far as I am concerned (plus, others too, see quoted testimonial above on that very note) just fine... & because of the sources I use?? I am CURRENT vs. known threats, just like this one!
my explanation would be -ignorant user-
Seriously, folks, installing a 3rd party app, about which you know only what the blurb in the market says, & trusting it with your bank account info??? That is unwise.
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34719276
LMAO - I didnt say run the DNS on Android haha! Just run it SOMEWHERE. If you have a single *nix machine, mucking with the hosts file is fine. After you get a few machines, it gets old... fast.
The Admin and the Engineer
Dear Troll, maths fails here because apparently you live in some weird parallel universe with different sets of physical laws and rules. In our universe however,
10x.999 = 9.99
9.99 is NOT 9.999
Maybe you should indeed get some basic education.
Why are you avoiding that question hairyfeet? Because it shows that your "math" is poor, & only mere approximations is why.
So keep tossing your names, ITT Tech student: That's all you've got is your adhominem attacks.
APK
P.S.=> Arstechnica? Heh: Ask Jeremy Reimer &/or Jay Little if the police were summoned when they too were "frustrated" into looking stupid, like yourself here, and they:
1.) Made threats my life (Jay Little, whom CrystalTech.com removed his website for it)
2.) Impersonated me (Jeremy Reimer on HIS own forums, & also at arstechnica - parts of his website were removed)
3.) Email harassed me (Jeremy Reimer, & his ISP Shaw.ca put him on a tracking ticket & he ceased it)
4.) Stalked me online (Jay Little did this & got himself banned @ NTCompatible.com for it)
and more? Why?? Because I:
1.) Asked them if ANY of them ever did anything that was well-noted in publications (as I have many times) in the art & science of computing (an ENTIRE FORUMS of them, not a single one had - I thought it was funny, because they like to "play computer expert" like Jeremy Reimer especially, & yet, not a single one of them then even had a CSC degree, or even CIS degree... not even MCSE certs)
2.) Made them look foolish @ Windows IT Pro, where Jay Little & Jeremy Reimer stalked me to (after I asked via email that Reimer remove a post on his forums that said it was I, when it was not (Reimer later had to PUBLICLY ADMIT it wasn't me, once his ISP got ahold of him alongside his website hosting provider). Jay Little said he was, verbatim, an "expert on Exchange (MS)", & when I showed evidence from Microsoft on how memory optimization programs could un-halt stalled Exchange servers? Jay Little ran & started stalking me, site to site & making death threats from his own personal websites that I should be put to death, & more etc.
So, there you are, as to your "arstechnica link"... they're bigger dorks than the trolls around here, and everyone knows it - they're often called "the underachievers of the internet" by others... small wonder that! They haven't achieved squat, to this day... apk
See subject line above. I posted here first, & then the trolls like hairyfeet show up? Give me a break.
APK
P.S.=> Now, if you didn't care, then why post your stupid reply troll? apk
First: Answer the question above in my subject-line, ok?
I hate to tell you this, but, you can "quote figures" that are inapproximate estimates, all you like, because nobody REALLY KNOWS how truly many "bad sites" are really out there now - nobody has an "Exact Number" because it's a MOVING TARGET!
One I *TRY* to "keep up on" as best I can in fact... Especially on HOSTS files!
YOU? You also have to "consider your sources" too... see below. Later on that though...
See - each day, I add between 20-20,000 new ones (yes the range is THAT wide), but... I also have to PULL them too, & sometimes? That gets "up there" too!
(Problem is, again - NO ONE KNOWS HOW MANY BAD SITES THERE ARE OUT THERE, not really, period)
It's like keeping up with Comp. Sci. - it's always changing/growing, you can never, "know it all"... so, your #'s, or anyone elses??
PURE "GUESTIMOLOGY" (lol, there's a word!)
So - You can post late as you have here, to try to "bury it" so I won't see your reply... lol, no dice to that!
Now: Hairyfeet's 1.3 million malwares sites out there per his citation from SOFTPEDIA:
http://news.softpedia.com/news/Number-of-Infected-Websites-Almost-Doubled-During-the-Second-Quarter-156591.shtml
(Which is, perhaps, NOT the "greatest/most accurate-in-the-know" site on security mind you? LOL: Where my wares are oddly, still put up for download no less, bonus, as I just checked)?
They are correct on 1 thing: I have noted it here also before - it's GROWING FASTER than it did years ago!
I know that much from my hosts file population (running now, as we speak in fact).
My numbers are RIGHT, considering I block out 920,000 KNOWN ONES, as we speak, in my HOSTS file!
I constantly update it (probably 2-3 times a day or more)... doing it now, as I write this in fact!
Why? To stay accurate, & CURRENT vs. threats online, via a HOSTS file:
E.G. - Sites like hpHOSTS ( hosts-file.net/?s=Download ) update, HOURLY no less, & have removal lists too!
(As some sites DO clean up is why, or just drop)...
So, that said?
I am JUST RIGHT, probably DAMN CLOSE TOO, with the number I block currently, & even PER HAIRYFEET'S POINTS in quoted estimated (note, estimated, no one is really sure how many bad sites there are) numbers of malware sites out there.
ALSO: You can stop your trolling & stalking of myself here, hairyfeet, because this puts you away, with ease, everytimne (not even my OWN words, & I can produce more like it, easily enough, just ask):
---
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
---
There you go!
APK
P.S.=> Nuff said, as the saying goes - & I didn't even SAY it... others here using HOSTS files did, quoted verbatim... apk
If the windows calculator tells you that 10 x .999 = 9.999, I think you'd better learn to use the calculator first.
You couldn't tell him the exact number of sites that are bad online because you don't know, and nobody really does. Still let's use your estimate from SOFTPEDIA of 1.3 million bad sites known. If he is covered for 920,000 of them, and you're not, who is better protected against them, yourself or he? If anyone got "bitch slapped" it was you dimwit. You couldn't make it into a better school than IIT Tech, lol, so you ended up at "bottom of the barrel U" there where a moron like you clearly belongs. There is also of course this testimonial he supplied that puts you in your place easily:
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
If so, import/merging of HOSTS files, even across an enterprise wide setup, can be done easily, via logon scripts (just a single example of how easily done this is, & *NIX + Windows can take advantage of it).
APK
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34715744
See subject line, & per hairyfeets own quoted guesstimated numbers (because nobody really knows how many bad sites there are, it's a moving target is why - constantly changing) of 1.3 million KNOWN bad sites?
I am just about right... with over 920,000++ known bad sites blocked off, populated daily from a list of reputable sources I put up here earlier, for up-to-date HOSTS file data.
Considering I have to also REMOVE sites too, which I do? Then, my number is probably as close as a person can get (because I use my own list of known bad sites or adbanners blocked off, plus, the lists of 8 other hosts file producers too - making mine, the MOST comprehensive there is quite possibly).
Get it?
APK
P.S.=> If all you off topic trolls have is trying to "harass me", go for it... you can't stop me from showing others the benefits of HOSTS files (and the ONLY PEOPLE I can see "ranting against" the combined speed &/or security benefits hosts files can give you, are malware makers, advertisers, webmasters, & possibly even TECHS like hairyfeet here... he makes his living off the misfortunes of others, clearing malware from their systems... if THAT gets "cut off", then how is he, or others like he, going to make money that way?)
Any fool can figure out WHY some of you rail against hosts files usage... especially considering this:
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
Is what myself, that person, & others whose testimonials I can produce in seconds here for you if you wish, are seeing the same (no malware etc., due in large part, to hosts files usage)... apk
See subject line above, moron. You're a low level, low grade stooge of a troll, and everyone knows it.
Since he is protected against 920,000 or more known bad sites, by using a hosts file to block out known bad sites, who is more protected against them: Himself, or you with none of them blocked off? It seems that others are doing what apk notes and are doing well because of it:
***
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
***
Explain that away, hairyfeet, and answer my question above. It also seems he uses a program to do his import, deduplicate, and merge of many hosts files into a single one saving him time. You said he types the entries in? He's a programmer hairyfeet. He is able to automate things by creating his own systems to do it for him, unlike yourself, a lowly ITT Tech student and tech. In the end, when all you have is your ranting and raving hairyfeet, and his having the right amount of blocked sites from all the known hosts files in the world that are reputable and regularly updated (because you not only have to add sites hairyfeet, some clean up or drop and you have to remove them to reduce the hosts file size too) per what you quoted yourself of 1.3 million known bad sites out there (which is of course, only a guesstimation really as no one knows how many bad sites out there there truly is) protecting him in his hosts file, and you have none of them blocked, who is better protected vs. malware exploitations? Hairyfeet, your ranting and raving makes you look foolish above all else. You're trying to take on somebody that knows a lot more than you do about computing, and we know you went to ITT Tech, the lamest school in existence for computer knowledge and you're losing badly, based on your guesstimations and trying to say someone is crazy, especially without a formal examination of them, or a license in your name showing you are indeed, a psychoanalyst. You're the one acting like a lunatic here, not anyone else.
See subject line, & per hairyfeets own quoted guesstimated numbers (because nobody really knows how many bad sites there are, it's a moving target is why - constantly changing) of 1.3 million KNOWN bad sites?
Well:
I am just about right here!
I.E.-> With myself in possession of the creation of my hosts file, with over 920,000++ known bad sites blocked off, populated daily from a list of reputable sources I put up here earlier, for up-to-date HOSTS file data.
NOW: You have to consider that I have to also REMOVE sites too, which I do?
So - Then, the number of sites blocked in my hosts file, 920,000++, is probably as close as a person can get to being "absolutely accurate" as to the # of bad sites out there to "block out" as is possible!
(Simply because I use my own list of known bad sites or adbanners blocked off, plus, the lists of 8 other hosts file producers too - making mine, the MOST comprehensive there is quite possibly).
APK
P.S.=> Get it? That IS, after all, the important part AND actual thing that needed examining here...
Hairyfeet's use of some "arbitrary & ambiguous constantly moving figure"? Poor tactic... nobody really KNOWS how many bad sites there are out there, at ANY GIVEN TIME
I only try to "keep up", as best I can, & the results?
Ok - I'll let OTHERS "Speak for me", here:
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
apk
Hi trollie! Sorry to rip off some classic Dan Akroyd but you know it is usually considered good form to at least make a sock puppet, posting AC to plug your own AC posts? Kinda sad. And for the 400th time Correlation != Causation. I can build an XP Sp2 machine with NO patches, NO AV, and change the desktop to a LOLCat. Now if I only use this machine to check my email and go to my bank I will NEVER get a bug, but I don't think it was my magical LOLCat protecting it, do you?
The simple fact is this: no matter how many times trollie says "1+1 = 3" the math simply proves you wrong and THAT is why all you can do is throw insults. You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. Now for his HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if he had twenty fingers and subscribed to every security list on the planet his HOPES file will ALWAYS BE OUT OF DATE and behind the curve. Always.
Now if you have a mathematical proof that shows how a static .txt file dropped into system 32 can magically scale dynamically? Lets see it. Otherwise it is NOTHING more a magical LOLCat pic backed up by anecdotes. That is the nice thing about math, it doesn't lie or believe in anecdotes. And if there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.
So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!
ACs don't waste your time replying, your posts are never seen by me.
" I also personally consider it a public service to point people to solutions [superantispyware.com] that actually [comodo.com] work [malwarebytes.org]" - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)
Yea, they work alright (about as well as you say HOSTS files do) - NOT: Nothing alone is 100% effective:
---
MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:
http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/
http://www.securityfocus.com/infocus/1839
http://it.slashdot.org/it/08/11/07/1545238.shtml
---
(Want more?)
There is NO WAY THEY CAN KEEP UP WITH NEW MALWARES BEING MADE either... and you say they "work"? See above!
(They're "better than nothing", & I use them myself, for added LAYERED SECURITY - but, I don't put my entire FAITH ON THEM, as you appear to do!)
---
"You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)
So would "your solutions", see above, on the SAME NOTE!
(Which aren't really "yours" - you only use the tools of others like a trained chimpanzee, except that I am kept "up-to-date", by the minute, by these reputable sources for HOSTS file data!)
AND, AGAIN? I don't only "just use hosts" - I use this for my "layered security" setup:
---
HOW TO SECURE WINDOWS 2000/XP/SERVER 2003 & even VISTA, + make it "fun to do" using CIS TOOL:
www.bing.com/search?q="HOW+TO+SECURE+Windows+2000%2FXP"&go=&form=QBRE
---
It works, and practices the current trend of "layered security", which HOSTS are a part of!
In fact, that guide of MINE?
On 15 forums it's featured on since 2008, w/ over 750,000 views on how to secure a modern Windows setup (making it the MOST viewed in fact, & I stopped checking counts in 2008 + 1 forum it was on went down & lost 1 example of it having over 100,000 views) & has been made a:
---
1.) Sticky/Pinned Thread
2.) Essential Guide
3.) 5/5 star rated
4.) Most Viewed in forums sections its in
Wherever it is featured! Have YOU done the same? No.
---
It even got me PAID for it, @ PCPitstop -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/
See Jan. 2008 (completely unexpected, but in January 2008 it won me a $100 prize there for its content)... That's the "total gamut" of "layered security" I use in addition to the HOSTS file (though I consider IT my "arc reactor core" of that security guide).
etc./et al...
---
"That is the nice thing about math, it doesn't lie or believe in anecdotes." - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)
RIGHT - then, it's a pity that you rely on your 1.3 million ESTIMATED # of "bad sites" out there as you did from SOFTPEDIA.COM -> http://news.softpedia.com/news/Number-of-Infected-Websites-Almost-Doubled-During-the-Second-Quarter-156591.shtml BECAUSE NOBODY KNOWS THE EXACT TRUE # OF MALWARE SITES OUT THERE, period!
---
"Now for his HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if he had twenty fingers and subscribed to every secu
"But you mislead... it's complicated... it's far more complex keeping track of many systems in an enterprise THAN A SINGLE DNS SERVER that you control" - by catmistake (814204) on Friday December 31, @01:24PM (#34723184)
B.S. - it's as "complicated" (NOT) as writing up a batchfile for a logon script & executing HOSTS files updates using the copy command, in essence/basically, for each user on your network... "real complicated" (not).
APK
P.S.=> You're the one attempting to "mislead" others here, because I have been administrating networks professionally since 1994, & use of logon scripts for HOSTS files updates? A snap... even easier is using a tool like hostsman featured @ mvps.org -> http://www.mvps.org/winhelp2002/hosts.htm which does an "automagic update" from reliable/reputable sources for hosts file data, such as mvps.org is, & so does Spybot "Search & Destroy" as well, & that tool is HIGHLY regarded as very good stuff, worldwide... apk
"And this protects you from basically nothing except some advertising." - by Anonymous Coward on Thursday December 30, @09:05PM (#34717748)
You're WRONG... see below:
---
HACKERS USE ADBANNERS ON MAJOR SITES TO HIJACK YOUR SYSTEM: -> http://www.wired.com/techbiz/media/news/2007/11/doubleclick
THE NEXT AD YOU CLICK MAY BE A VIRUS: -> http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus
NY TIMES INFECTED WITH MALWARE ADBANNER: -> http://news.slashdot.org/article.pl?sid=09/09/13/2346229
MICROSOFT HIT BY MALWARES IN ADBANNERS: -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm
2 MAJOR AD NETWORKS FOUND SERVING MALWARE: -> http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware
ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml
ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss
---
By blocking out adbanners, not only do you get more SPEED, but... also more SECURITY, against malwares that have been shown to exist in some adbanners maliciously embedded & obfuscated code in javascript.
Additionally, by my populating my hosts file, nearly hourly, from reputable sites for that vs. KNOWN BAD SITES/SERVERS?
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)
I can't get burned, if I can't go into the KNOWN BAD SITES' "malware kitchen"...
(Very simple, & it works!)
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
APK
P.S.=> Ah, I just gotta say it, as per my usual: "too, Too, TOO EASY", just '2EZ'... apk
"Name just one of your many employers that actually exists." - by Anonymous Coward on Wednesday January 05, @08:49AM (#34764278)
Ok - Lockheed Martin, for one (I contracted with them for a yr.), Goulds Pumps (contracted with them for almost 2 yrs.)...AXA Financial did a short contract with them a couple yrs. back in fact...
There's some, want more? Each are, iirc, "Fortune 100/500" by the by.
You can also write Mr. Eric Dickman, CEO of SuperSpeed.com (then EEC Systems) & ask him if I was paid to improve the performance of their SuperCache I/II line of products for Windows NT-based OS (which should be simple for you to check - Eric's a good man, & was a pleasure to work with (tell him I said "hi")).
---
"You lie" - by Anonymous Coward on Wednesday January 05, @08:49AM (#34764278)
No, I don't. See above, or any of my posts here...
---
"you leave tracks" - by Anonymous Coward on Wednesday January 05, @08:49AM (#34764278)
Yea, tire tracks, all over YOU & the likes of you, whenever I "call you out" & RUN YOU DOWN with facts, troll - I do that, because it's SO EASY (the use of facts, especially documented ones, does trolls like you RIGHT in, everytime)...
---
"you get called out." - by Anonymous Coward on Wednesday January 05, @08:49AM (#34764278)
AND I WIN EVERYTIME I STEP ONTO THIS PLACES' FORUMS VS. OFF TOPIC TROLLS LIKE YOURSELF!
APK
"You're way is perfectly valid... " - by catmistake (814204) on Sunday January 09, @03:43AM (#34812866)
Thank you, however again: I always knew it was.
---
BIND vs. what the Chinese are doing to DNS lately? See here:
http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
---
SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:
http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/
(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)
---
DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):
http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/
---
Moxie Marlinspike's found others (0 hack) as well...
---
DNS provider decked by DDoS dastards:
http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/
---
Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)
http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218
---
DDoS Attacks Via DNS Recursion:
http://it.slashdot.org/it/06/03/16/1658209.shtml
---
DNS ROOT SERVERS ATTACKED:
http://it.slashdot.org/it/07/02/06/2238225.shtml
---
TimeWarner DNS Hijacking:
http://tech.slashdot.org/article.pl?sid=07/07/23/2140208
---
DNS Re-Binding Attacks:
http://crypto.stanford.edu/dns/
---
DNS Server Survey Reveals Mixed Security Picture:
http://it.slashdot.org/it/07/11/21/0315239.shtml
---
Photobucket's DNS records hijacked by Turkish hacking group:
http://www.zdnet.com/blog/security/title/1285
---
Halvar figured out super-secret DNS vulnerability:
http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520
---
BIND Still Susceptible To DNS Cache Poisoning:
http://tech.slashdot.org/tech/08/08/09/123222.shtml
---
Couple that list with DNSBL &/or DNS Request logs?
"configuring a single DNS is far less complicated than making sure 1000 computers have a the correct HOSTS file." - by catmistake (814204) on Sunday January 09, @03:43AM (#34812866)
Well, The REAL PROBLEM(s) HERE? DNS itself.
To wit:
NOW? Now, You may "get my point", on how HOSTS files are an EXCELLENT supplement to DNS servers (especially those set in recursive mode)... & I don't rely on HOSTS files alone.
See - I use