Slashdot Mirror
Android Trojan Found, Spreading From Chinese App Stores
wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices.
"The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."
Posting from my Androi^B^B BUY HERBAL VIAGRA
"When information is power, privacy is freedom" - Jah-Wren Ryel
...no link?
Here's the story on the Lookout Blog.
If it's not Linus, then we might assume it's Rerun or Lucy.
"Common sense will be the death of us all"
proper code signing (and not letting unsigned code run) is important.
An hour later and you're hungry for privacy again.
So beware of downloading things from Chinese websites? That's news?
Um, what if you are Chinese?
ANDROID OS allows for the usage of custom HOSTS files, & that's how you stop this botnet from communicating "back to mama" (it's C&C botnet servers):
DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm )
---
1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it
2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)
3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS
---
DONE! Yes, it's THAT simple... &, it works!
APK
P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. this threat!
(However - I don't think the article noted them, & articles of THAT "nature" are poor imo, not detailed enough - it's nice to say "hey, there's a botnet out there" but to not list its servers too? WTF! Thankfully though, the HOSTS file sources I use to populate my custom HOSTS file update every hour on some of them, & around once a day on most, & once a month for the "worst of them"!)
Other /. articles have helped ME this way before (which is WHY I am sort of "disappointed" in the source article here, per my last paragraph in reply just above now):
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500
apk
The summary suggests that the list probably changed while you were writing that...
No sig today...
Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.
This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.
There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.
The last time "sophisticated" was attached to the word malware, a certain Middle East country had problems with its uranium-enrichment program. So what are the chances of this being the mobile version of the Stuxnet worm?
There are a number of applications—typically games—we have seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.
0 = 1 + e^(Alt something)
I could almost put money this causing a big problem in the mobile community. Originating from a Chinese mobile app store is one thing from some very tailored application is one thing, but if it's repackaged apps out in the wild for popular (a la pirated, full-version) apps, then it's most definitely going to cripple Android-equipped phone users. Let's be honest, if you can get the app for free, who wouldn't install it? Especially half-wit phone users who have enough technical savvy to go look elsewhere for apps or got that latest 1000-app pack off of Usenet/P2P/Torrent from their buddy.
EWWWW!! It was in the back of the machine shop? And it was covered in WD40? EWWWWW!!1!
.
Prisencolinensinainciusol. Ol Rait!
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
Ah cool. I googled it and didn't find any links with a list of apps. Thanks for quoting the text from the link above. I'll check it out in full. Would have been nice to have in the /. story.
Shame that Android is based on Linux then isn't it?..
Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer. At least, not without becoming another iThing that only allows installation of Jobs-approved software.
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
In a hosts file, don't you normally assign 127.0.0.1 (localhost) instead of 0.0.0.0 (default router/every ip)? Or is it different for phones for some reason?
Tequila: It's not just for breakfast anymore!
You're right, it isn't fair to blame Windows for user-supplied malware.
However, that does not mean Windows is any more secure; not all windows malware is user-supplied.
In Xanadu did Kubla Khan
A stately pleasure dome decree
And neither can Windows, yet it is always blamed for someone installing malware on their systems
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
I've checked, and it turns out I'm not Chinese.
http://blog.mylookout.com/2010/12/geinimi_trojan/ -- From the myLookout Blog who made the discovery
Even if fanbois from various camps jump with joy/sorrow with the news, I still think that the open model that Android brought to the mobile world will be much more beneficial for everyone (end users, developers, companies, etc.) in the long run, all things considered. People saying that the Apple model is better than Android's are not realizing this.
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem? Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Sure it can, at least a lot more than it does now. It can sandbox all apps by default, automatically check a malware blacklist and elevate permissions for trojans to ones that are useful to malware only when explicitly told to do so by the user, i.e. he goes in and checks the (allow to send mass e-mails) checkbox for that app.
There is a lot that can be done to more tightly secure Linux distros, applying SELinux style permissions universally is good start. The difference is, for normal home use users don't need these improvements yet because the risks are still so small. Linux does a great job of adapting and improving security as it becomes needed because the developers are the users as well so they are very motivated.
Um, what if you are Chinese?
Sucks to be you.
Tequila: It's not just for breakfast anymore!
So is anti-virus/anti-malware worth installing on an Android phone? Because, yeah, I don't like installing apps that ask for permissions, but it seems like almost every app asks for "Full Internet Access," at least. I can't always tell the good ones from the bad. Would a free anti-malware app help or is it just a waste of time?
Well there's a big difference between the 2. The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt", that is a user problem not a security hole. The security holes that are newsworthy are "Joe sixpack was browsing CNN.com and a banner add was able to jump from his browser and take over his system" or "Joe Sixpack was reading a PDF file and his system was taken over" Same as on the android, in this case "Joe sixpack chose to use an unknown provider to download an app, then didn't question why a calculator/screensaver/word processor/game wanted permission to get to his contacts, phone numbers GPS data and internet access etc..., then a week later got a prompt asking to install another program with similarly ludicrious requests". The darn phone tells you point blank exactly what the program can access, it dosn't even have the ability to sneak in more then it tells you it can. If you want to call that a security flaw, then complain to your telephone company that if someone calls you and asks for your credit card number, they might be able to get it if you tell it to them.
Oh and many Linux distros do not come with either SELinux installed or even enabled by default so to try to act like that is common or even remotely universal is a lie.
No, I am Michael Kristopeit!
The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt",
That's funny because there are still constantly stories about people doing exactly that from files in their emails that install worms, trojans, viruses on their computer. Hell, I know someone from a local State Farm branch in Houston that had their entire office infected that way. To claim that this isn't a general case of malware infection is to be completely dishonest.
This is the only possible explanation.
The ... Android Market ... only legitimate places to get software that I know of.
So then what is your excuse for this?
Never said it wasn't a malware infection, it just isn't an operating system flaw that anyone can fairly bash microsoft for. Now in the case of a company in this case, for clicking allow to administrative privilages, that is a flaw of their IT staff for letting non-technical users have administrative rights. I never said that wasn't a general infection, I said it wasn't a windows security hole, short downgrading all systems to an ipad-esque system (which even that has holes in it as anyone who is going to go out of their way to download from an untrusted source would probably be just as willing to follow instructions to jailbreak)
I think you missed mark's point... the fix for this won't be easily deployed for anybody except slashdotters.
Belief? Hope? Preference?The Existential Vortex
That is because the Linux security yack-yack is based mostly ON dishonesty. The truth is that story after story comes out about how some server was hacked, or android gets a trojan, or what have you and the whole issue is downplayed. Android isn't REALLY Linux, or server X got hacked because it was using something older (but Linux is inherently secure... so goes the arguement). Lets be honest though. Why does Linux offer stuff like APPArmor if it is so bleeding secure? Because someone, at sometime got pwned, and realized they needed better security and made it happen. Get over trying to point fingers at Windows every time some security problem crops up and then sticking your fingers in your ears and go NO NO NO every time some Linux security problem crops up. Start being fair, and maybe Linux will stop being regarded as the OS of loons and your average Joe Blow might wanna give it a spin. Oh, and Android is either Linux, or it isn't, and that goes for stories good OR bad. So which is it?
Good post. Another thing the OP is wrong about is that Windows does do sandboxing, and it does it by default. IE runs in a sandbox, so does office (to what extent, I'm not sure though), chrome does, and so does the new Adobe Reader X.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
Android is not Windows. App stores / package stores are much less susceptible to malware than each application having its own download/install/update mechanism. Beside that, Android apps play in a sandbox, and if you want to break out of that, you will have to inform the user. Of course, if you install apps using unsigned code from an unverifiable location and ignore all the permissions you have to grant...
This "well crafted" and "sophisticated" thing is attached to pirated games? Who's to say the game companies themselves didn't build and plant these to discourage pirated game use?
If you want news from today, you have to come back tomorrow.
Sure if you ignore things like DEP, ASLR, etc.
And they all do because they don't know what they are or that they even exist. All they really have is "It's UNIX!" a system with ideology in the 60s whose only security concern is not allowing one user to overwrite another's files in an academic setting. I'll give AT&T credit for hardening it somewhat for commercial use, but it was still assumed that a human operator would actively handle security concerns, an obsolete viewpoint clearly alive with the Slashdot crowd.
Oh and many Linux distros do not come with either SELinux installed or even enabled by default so to try to act like that is common or even remotely universal is a lie.
The reason is that it is absurdly obtuse and unworkable. Just type in "fedora d" into Google and the third autocomplete will be "fedora disable selinux". SELinux was designed for security pros protecting classified information. It's like trying to market an armored vehicle, along with certifications in guns and self-defense, to someone who just wants to make sure their car door doesn't casually open on its own on the way to the grocery store.
You need a new grammar file.
The role of the writer is not to say what we can all say, but what we are unable to say. -Anais Nin
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
IMHO a strong case could be made that any non geek buying an Android product is by definition a 'stupid user' as there a better user experience out there for the same price that they would have selected if they were smart.
You're funny.
An important change for education.
Where's The Fucking Article?
What The Fuck,Aye?
Speaking on behalf of everyone here, you are an idiot.
Tequila: It's not just for breakfast anymore!
FTFA under "How it works":
* Download and prompt the user to install an app
* Prompt the user to uninstall an app
Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?
FTFA under "How to stay safe":
* Only download applications from trusted sources
* Always check the permissions an app requests
I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed. The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d. Big surprise.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Side note: if the malware authors want a way around this, they can do one of a number of things:
At least, that's off the top of my head.
It's always best, no matter the OS, to only install software from reputable sources. Admittedly, that's easier said than done as a general rule. In the case of a warez site, not so hard.
But be careful you are advocating for personal responsibility there are some on slashdot who would think you elitist for spouting such things :)
Use the Party's official applications only? Isn't that the only way not to be killed as a dissident anyway?
"This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
my name is michael kristopeit.
You killed my father.
Prepare to die.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
still get their apps from trusted sites? I haven't heard anything about china blocking the andoid marketplace, and I am sure that the chinese have more experience knowing what chinese sites are safe and not.
Fucking President versus Aliens sounds like the best game ever. Brilliant move on the malware author's part to hide his warez in such a kick ass sounding game. If this was 1988 and I was down at the local arcade, and saw a game called President versus Aliens I would have put all my quarters into it by now.
So then what is your excuse for this?
Fair point. Although it should be noted, on further digging, I don't think anyone actually uncovered any malicious behavior for these apps. The banks were rightfully concerned as they didn't produce the apps and they couldn't verify that they weren't malicious. Considering the nature of the service involved, it's judicious to assume that they were. But for all we know, they could have been simply charging $.99 to people who didn't know how to set a bookmark.
I am not downloading ANY apps from CHina. You have to be an idiot to grab them.
I prefer the "u" in honour as it seems to be missing these days.
Then your gov. already has your money and knows everything about you already.
I prefer the "u" in honour as it seems to be missing these days.
I can feel the FUD storm building...
[signature]
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
I don't know and I certainly doubt you do either. But considering how much anecdotal evidence there is to show that people are in large numbers willingly clicking on malware in emails and installing malware from pops to websites, it's not nearly as small as you try to make it out.
Not exactly a clear answer, but it looks like drive-by attacks are far higher up the threat list than attacks requiring user interaction.
http://news.softpedia.com/news/Drive-By-Download-Attacks-Were-the-Biggest-Online-Threat-Last-Month-170525.shtml
**cough** This would never **cough** happen **cough** **cough** on an iPhone **cough**
Parent is known troll APK, also known as KingsJester or the HOSTS file troll, which spams several sites trying to show off his supposed programming skillz by writing badly designed VB6 "apps" and loves to spam threads with his rantings on 16MB HOSTS files, which after repeated requests to show how a 16Mb static HOSTS file can scale against a threat of over 1.3 MILLION infected sites with more than 200,000 being added or removed PER DAY has refused to show proof and instead throws insults.
So anyone who listens to APK, Kingsjerker, or whatever he wishes to call himself this week, and thinks a HOSTS file will do anything but stop static ad servers, really needs to do the math. Not to mention on any machine before Vista it will seriously slow down the machine as it is read line by line per access, and frankly isn't much better on Vista/Win 7. About the most inefficient way to block a static site as one can get IMHO, and anyone actually pushing it as an effective solution to the ever revolving malware out there frankly needs their head examined. But then again we know trolls aren't the brightest creatures, now don't we?
For examples of his trolling simply watch this thread or any I post to, as he has been following me for weeks spamming since I pointed out he doesn't have basic math on his side.
ACs don't waste your time replying, your posts are never seen by me.
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
Keep in mind that there HAS been Linux viruses ("virii" if you really want to annoy some folks) but they have a rather limited life span. The question is why. And does Android do anything to interfere with that? I suspect due to the nature of how Android and Android devices are handled (closer to the Windows environment than Linux), Android is a much more interesting target.
Awhile back I was looking at cheap Android devices for something that would play movies for long trips. There are many cheap (sub-$200) Android tablets out there that (probably for licensing reasons) do not have access to the Android marketplace. The literature says "you can download thousands of apps from other sources".
I'm thinking the great majority of the devices pwned by this virus will be of this cheap variety.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
DON'T download apps from the "Andloid Malket". It's a fake.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
No, I am Michael Kristopeit!
No, I am spartacus.
Local music(to upstate NY). http://gnarfel.com/ radio.
Android could protect itself from nearly all stupid users if it's developers wanted that. Simply require all binary code to be cryptographically signed by someone reputable (like google, or verisign, or whoever), and give those who sign the apps the ability to revoke their signatures.
It has been working great for websites ever since SSL came out, and has worked pretty well so far with iOS, why not do the same thing everywhere?
If apps had to be signed, then it would be impossible to re-package a popular and reputable app with malware attached to it. And if signatures can be revoked, anything that does slip through can be dealt with quickly.
I'm not sure you can give an Android app permission to write to other application files, which a virus would need in order to spread. Then again, most Windows worms a couple of years back seemed to rely on user stupidity, and I don't think Android differs too much in that regard. An app that can read your address book and send SMS can also spam your contacts with "Hello friend, I just doanlowded this new Android game from http://spam-r-us.cn/andoird.apk and its great, thank you!" or similar, and at least some users would follow that kind of link.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
Err, so we rip on UAC for a few years then pretend it doesn't exist when it's convenient?
My fear is that the other shoe will drop -- to "fix" the problem, each carrier will have its own app store and lock their devices to it.
Why is this bad?
Two reasons. First, developers will have to grease palms in order for their app to be usable by all. Second, carriers will want exclusivity agreements, so Goatse Tower Defense only appears on one cellular carrier, but no other. This will be used as a way to peddle phones, similar to how game titles are used to sell consoles (if you want Halo, you buy an XBox for example.)
Yeah because as we know malware authors are unsophisticated and easy to predict. They would never do anything like incrementing a number in a hostname www255.frigd.com www256.frigd.com. Why do you post nonsense as Anonymous Coward and sign as APK?
I shouldn't reply to the troll, but...
10 x .999 = 9.990
Therefore: .999 .999
a =
10a = 9.990
10a - a = 9.990 -
9a = 8.991
a=.999
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
take your time.
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
For starters, not trying to execute stuff that comes in from questionable routes like USB drives, CD and DVD ROMs, embedded in various files like jpegs, PDFs and so on.
But you knew that because you're clearly not stupid.
Hell just count his ranting posts on this single thread. you are looking at about 3 dozen, each getting more and more crazy, all because I pointed out he is a known troll and his math doesn't work.
Look at that huge amount of math he put that has NOTHING to do with anything and makes NO sense as supposed "proof" of his delusions. What ".99" (Is that a "magic number"? A number of protection? Who the fuck knows) has to do with fuck all is anybody's guess. It still doesn't explain how 1.3 million websites, 18,000 NEW pieces of malware released on average a week PLUS 180,000 new websites infected PER DAY is supposed to be stopped by a static file.
Anybody with the slightest bit of logic will see it simply CAN NOT work. It is frankly as bugshit crazy as perpetual motion. Even if he typed at a rate of one IP address per second, and had a PERFECT list of constantly updated malware IP address handed to him (which of course is again impossible, as it isn't like malware writers hand out their infected IP lists like press releases) he would still be BEHIND by 100,000+ websites PER DAY. And that is giving him 24 hour days with no sleep and perfect typing of an IP address per second.
But that is the thing with those that suffer delusions, no matter how much you point out they can't fly they still want to jump off the building. Like you I hope he seeks professional help, but most likely judging by just the ranting he has posted in the past few weeks he'll probably be found wandering the streets muttering about how MSFT is watching him, and how all the execs at every security firm owe him millions for his "brilliant idea". Kinda sad really.
ACs don't waste your time replying, your posts are never seen by me.
You know, I shouldn't respond to crazy people, but it really does illustrate my point beautifully. What did I say? What were my words? That you could not produce a SINGLE SHRED of actual mathematical proof that your magical woobie would scale, and that instead you would copypasta and troll bomb the entire thread.
And what did you do? You posted some complete rambling bullshit about 0.99 (Is that your "magical number of protection" Petey?) which had exactly fuck all to do with your magical HOPES file, because you just can't do it can you Petey? You see, it is simple. Math doesn't fall for anecdotes, math doesn't pick sides, and no matter how many times you try to change the subject you STILL cannot show us how 18,000+ pieces of malware released per week + 1.3 million currently infected websites + 180,000+ websites added PER DAY to that list, with another 20,000-35,000 taken off that list PER DAY, can all be stopped by a static text file.
You can't do it, changing the subject won't change the fact you can't do it, and no matter how hard you trollbomb or wish upon a star printing your magical .99 protection symbol, nothing you can do or say can change the fact that after repeated requests you still can't show your work and do the math showing that a static file can magically scale to those kinds of numbers. So give it up Petey, you can't do it. Admit you're a failure, accept it, and move on. Otherwise you can prove us all wrong by putting your supposed "genius" where your mouth is and show us the REAL figures and not your crazy VB6 math.
ACs don't waste your time replying, your posts are never seen by me.
And this coming from poor wittle APK, also know as "the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "prrof" is anecdotes, often by your own sock puppets like Kingsjester?
If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.
So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!
ACs don't waste your time replying, your posts are never seen by me.
LMAO - I didnt say run the DNS on Android haha! Just run it SOMEWHERE. If you have a single *nix machine, mucking with the hosts file is fine. After you get a few machines, it gets old... fast.
The Admin and the Engineer
Nobody cares man. Please go away.
If the windows calculator tells you that 10 x .999 = 9.999, I think you'd better learn to use the calculator first.
I can do that too. But you mislead... it's complicated... it's far more complex keeping track of many systems in an enterprise THAN A SINGLE DNS SERVER that you control. But you go ahead... party like it's 1974.
The Admin and the Engineer
Hi trollie! Sorry to rip off some classic Dan Akroyd but you know it is usually considered good form to at least make a sock puppet, posting AC to plug your own AC posts? Kinda sad. And for the 400th time Correlation != Causation. I can build an XP Sp2 machine with NO patches, NO AV, and change the desktop to a LOLCat. Now if I only use this machine to check my email and go to my bank I will NEVER get a bug, but I don't think it was my magical LOLCat protecting it, do you?
The simple fact is this: no matter how many times trollie says "1+1 = 3" the math simply proves you wrong and THAT is why all you can do is throw insults. You have 190,000 to 340,000 infected websites at this very moment and that list will change by the thousands per minute as sites are cleaned, new sites are infected, new vulnerabilities found, etc. Now for his HOPES file to actually be a REAL protection and not just a woobie? It will have to dynamically scale and keep up with that ever changing list of infections. Now even if he had twenty fingers and subscribed to every security list on the planet his HOPES file will ALWAYS BE OUT OF DATE and behind the curve. Always.
Now if you have a mathematical proof that shows how a static .txt file dropped into system 32 can magically scale dynamically? Lets see it. Otherwise it is NOTHING more a magical LOLCat pic backed up by anecdotes. That is the nice thing about math, it doesn't lie or believe in anecdotes. And if there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.
So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!
ACs don't waste your time replying, your posts are never seen by me.
Much better!!
FYI just so you know, that ac was a troll... I think you prolly picked up on that. Anyhoo, sticking to my guns here... configuring a single DNS is far less complicated than making sure 1000 computers have a the correct HOSTS file. You're way is perfectly valid... and when dealing with a handful of machines, I defer often to that method. But you're not thinking clearly if you believe wrangling 1000 HOSTS files (by whatever method you believe is as easy as breathing) is superior to one single DNS.
The Admin and the Engineer