Slashdot Mirror
Apple Developing Tool To Remove Flashback
Trailrunner7 writes, quoting Threatpost: "Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. ... Apple said on Tuesday that it was in the process of developing a tool that would detect and remove Flashback, but the company did not specify when the fix would be available. Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
he would hire elite apple assasins to kill these supposed security researchers to stop the bad news
I'm still having flashbacks to the time I saw the Goatse image. Will it work on that too?
Professor Karmadillo Songs of Science
Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now.
Because they're doing the same thing Microsoft does with its slow-as-molasses patches: testing for side effects, on every major application, on every piece of hardware they can get their hands on.
You do not have a moral or legal right to do absolutely anything you want.
It's not a bug.....it's a feature.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
"Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
Oh! Oh! I know why! It's because Apple products are immune to malware, so this all must be a big hoax!
Unfortunately, security isn't that big of a deal to Apple...yet. With the increase in market penetration the bulls-eye on Macs is getting larger and a lot more tempting; hopefully they realize this before something very serious happens and take steps to bolster their in-house security research (or hell, outsource it).
"Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
Here's a possibility:
In the past, marketing and the Jobs Reality Distortion Field (TM) have prevented the need for an anti-malware team at Apple. Now, Apple has a malware problem and no team ready to deal with malware - essentially caught with ripped pants and no backup pair.
They will have a assemble a team and come up with a comprehensive action plan to fix this, as it has never been done before at Apple. In the corporate world, these things take a lot of time the first time around.
ntr
Duh... They haven't fixed it yet because Macs don't get viruses, worms, and malware, that's a Windows problem... Hadn't you heard?
Who did what now?
They had to wait for Steve to die before they could admit there was a problem.
"Apple is planning to release a software fix that will find and remove the Flashback malware"
Did you mean Apple is planning to release a antivirus?
Here's how to figure out if you have it (from Gizmodo):
1.Run the following command in Terminal: /Applications/Safari.app/Contents/Info LSEnvironment
defaults read
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
If you don't get that error message, well, time to head to F-Secure for your fix. If you're clean so far, you can move on to step eight:
8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
In other words: "does not exist" means you've got a healthy rig. Anything else, just keep following F-Secure's instructions to vanquish the intruder.
Apple already patched the security flaws in Java that Flashback exploits. Yes, they were months behind Microsoft in doing so. http://www.macworld.com/article/1166195/apple_releases_java_security_updates.html
"customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
Customers should be reminded not to blaspheme and that everything is part of the lord Apple's plan.
"Flashback has been around in one form or another for more than six months now."
And Apple's File Quarantine System has found the old versions since shortly after.
is impervious to malware even though they know it's not, lol.
he would hire elite apple assasins to kill these supposed security researchers to stop the bad news
You fools, don't you realize Steve Jobs himself was the elite apple assassin?
Concealed under his black shinobi-shzoku-turtleneck was a lethal array of ninja weapons; many an unlucky Samsung executive or uncooperative tech-journalist has met their end at his hands, dispatched by a Firewire-cable garrot or iShuriken (they're like regular Shuriken, but with patented rounded corners). Gates himself has only survived thanks to the vigilant guard of his hulking 'roid-enhanced genetically engineered gorilla henchman.
He was a shinobi of un-matched caliber, until his fateful battle against Google-fu masters Page and Brin, when he was felled by the Pancreas Death-Strike technique.
For a split seocond there i misread the headline:
Apple Developing Tool To Remove Facebook
Well... hope springs eternal.
Because they are working on the next version of OS X: Honey badger. It don't give a shit.
http://www.youtube.com/watch?v=4r7wHMg5Yjg&feature=player_detailpage
Brought to you by Carl's Junior.
"Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
because they are shit!
Casual web searches don't turn up anything other than exploiting a vulnerability to get onto your machine (bad enough!).
Did anyone successfully command it to do anything?
To a Lisp hacker, XML is S-expressions in drag.
Because they're [...] testing [...] on every piece of hardware they can get their hands on.
Testing on equipment that's more than a year or so old is, unlike Microsoft, decidedly not Apple's modus operandi.
One of Apple's distinguishing characteristics is that they unashamedly drop support for anything they consider outdated ... regardless of its age. Heck, they don't even support (let alone test) Apple's email services on 4-5 year old Mac's that are incapable of running Lion.
no need to waste slashdot's time with this old non-news. take it to the friend bar: http://www.youtube.com/watch?v=q9ZnwvyAk8k
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
buy the "new" ibook, it will be virus free.
when speaking in "yoda" you use correct grammar but swap words around (mostly putting them backwards)
check this out http://www.yodaspeak.co.uk/index.php
Any person using FTFY or editing my postings agrees to a US$50.00 charge
The only flashback I ever got was from the blotter.
"And we think you're going to love it."
I'm surprised that Dr. Web hasn't come out with a tool for this. (They are pretty damned good at that sort of thing)
Actually, not a specific tool, but...
http://news.drweb.com/show/?i=2354&lng=en&c=14
"Rather than employ special tools provided by other vendors to delete BackDoor.Flashback.39, Doctor Web offers you to make use of the time-tested Dr.Web Light for Mac OS X rated among the top free applications in the Mac App Store. It will easily find and neutralize the Trojan horse and other malicious programs posing threat to your Mac." (quote from article)
I don't imagine this would be that difficult to ferret out on MacOS. It's not a complex morass of liquishit like Windows. Does the botnet trojan even run as root to be able to dig itself in? You don't need root to do normal user things like open network connections to participate in a botnet. I don't think there is any "rootkit" behaviour here.
Have gnu, will travel.
I recently caught Dr. Web in a "false positive" on a ware I wrote recently (rewrote actually, 5th time since late 2003).
They weren't alone though.
There were 5 others (of roughly 67 total from the JOTTI online scanner & the VIRUSTOTAL scanner also, alongside Microsoft Security Essentials too) with them...
("Big names" too, not just small ones, but they rescinded their findings (4/5 have so far, only 1 to go)).
6 Major ones in Symantec/Norton, ClamAV, Arcabit/Arcavir, Comodo, McAfee, & yes, DrWeb.
So far?
---
1.) Arcabit/ArcaVir (found it was a "false positive")
2.) Symantec/Norton (found it was a "false positive")
3.) ClamAV (found it was a "false positive")
4.) COMODO (found it was a "false positive")
5.) McAfee (in process now w/ J. Walter @ McAfee)
6.) DrWeb
Of 68 total antivirus scanners that found my program "ok"!
(ALL found it "ok" in the 64-bit model, but only those above 'flagged it' false postive, & ONLY in the 32-bit model - which I KNEW was wrong, because the code is literally 99.9% the same in both memory bounds compilations, differing only in resource strings that say "32-bit" vs. "64-bit" - this has happened to Nir Sofer of NIRSOFT as well & we discussed that much via email recently (and in the past))
---
Anyhow/anyways:
4/6 of those above so far have "retracted/recanted" their false positives on a program I wrote that another security community organization's hosting (malwarebytes/hpHosts) for me (very cool of them). The others (McAfee & DrWeb) are slow about it (McAfee, & I have a DIRECT CONTACT there name J. Walter)...
As to Dr. Web, since they're out of the Russias? I haven't written them, but in my making "the dominoes fall 1-by-1" above? I am CERTAIN they have messed up also.
---
The program's a hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++") written in both 32-bit & 64-bit Delphi XE2.
1.) Offers massively noticeable increased speed (via blocking adbanners + hardcoding users fav. sites into the hosts file for faster IP address-to-host/domain name resolutions)
2.) "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so
3.) Better 'anonymity' to an extent vs. DNSBL's or DNS request logs, as well as reliability vs. the DNS system being "dns poisoned/redirected" OR "downed" period...)
4.) Faster resolution of IP addresses for host-domain names (via hardcoding users fav. sites into hosts already ip address resolved, locally = MANY TIMES FASTER than calling out to potentially redirected/poisoned or downed DNS servers).
5.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).
5.) Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually)
6.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns ping to avoid DNS (noted above why)).
7.) Removal scanners (if the users decide to remove hosts entries from imported data they can check if the site is indeed known as bad or not (sometimes 'false positives' happen, or just bad entries, or sites clean themselves up after infestation due to vulnerable coding etc./et al).
Their site admin (Mr. Steven Burn, a competent coder in his own right), said it's "excellent" in fact!
(Write him yourselves should anyone doubt any of t
"How is it that Windows can't notice that something new has been installed and executed without the user's instigation?" - by tqk (413719) on Wednesday April 11, @11:49AM (#39644863)
Windows is setup to "just work" and easily for non-techie end users, first of all (which is also, imo @ least, WHY it gets "hit" so much, not just because it's the most used on its platform (which ANDROID illustrates that concept on smartphones, another computing platform, Linux roots or not))...
HOWEVER:
With a couple minutes of work?
It's NOT LIKE IT CAN'T BE MADE SO & with just a few registry edits, and, to behave JUST LIKE MacOS X does when you install things (or something TRIES to install itself for that matter).
I setup myself up that way in fact, & it's VERY easy - but as I said above? Windows does NOT come this way "oem stock outta the box" but it could!
The settings to examine & change are as follows in gpedit.msc &/or regedit.exe:
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin
(Set as PROMPT FOR CREDENTIALS)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorUser
(Set as Automatically deny elevation requests)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableInstallerDetection
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableSecureUIAPaths
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableVirtualization
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
OR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableUIADesktopToggle
(Set DISABL
They now have a automated tool available at http://www.f-secure.com/weblog/archives/00002346.html
Where has everyone been for the past week? Apple released a new version of Java a week ago to fix this problem. If you want to check your own Mac to see if it's infected, you can do so using the Terminal Utility in the Applications Folder by following the instructions here:
http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-mac-os-x/
U forgot to mention it's being unflagged as we speak by them all, & "as-per-usual"? I turned it ALL around & prove the 'experts' wrong, @ EVERY turn!
So far, of the 6 'false positives'? Only 2 remain to do the same, & trust me - they will. They'll have to.
This? It's just "what I do" (& for years, I was brought into meetings in the corporate world to do the same - blow out outside contracting agencies looking to take work from our fulltime staffs, by literally BLOWING THEM AWAY technically... I had bosses who literally brought me in to do so in fact, & I never ONCE failed in it!)
Well, I've just gotta say it, because... it was just "too, Too, TOO EASY - just '2EZ'", lol, as usual, for me!
They're ALL "blowing it" on the executable packer/compressor engine used is why... I've seen it before. Ask Mr. Nir Sofer about it too, he's had it happen a LOT (he does 100's of neat little 'powertoy' type apps) & even Dr. Mark Russinovich of Microsoft/SysInternals/WinTernals fame (psexec & other pstools of his come to mind here, being used/abused by malware makers!)
* Just like making you look like the cowardly little ac trolling 'stooge' that you are, just by using facts (which always "get the best of" trolls, especially those w/ NO BALLS like yourself!)
APK
P.S.=> My point? Well - sometimes, the 'experts' are not as EXPERT as they like to *think* they are is all (just like you, but you? You're FAR from an 'expert' in trolling, & easily dealt with, as most are)... apk
is not. keep crying.
"Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware..."
Perhaps they're still in shock that any of their precious systems could be compromised.
Anyone's FREE to check w/ malwarebytes-hpHOSTS' site admin Mr. Steven Burn (a competent coder in his own right), who literally said it's "excellent" in fact!
Write him yourselves should anyone doubt any of this:
services@it-mate.co.uk
( OR, contact him via his site @ http://hosts-file.net/?s=Download )
He's even seen the majority of the sourcecode (Delphi Object Pascal 32 & 64 bit).
* I've even come up with a way to make it FASTER still, but... that'll wait until I do version 6.0++...
APK
P.S.=> Heh, know what makes me laugh? I feel like Steve Rogers in the GREAT film "Captain America" near its termination, when you hear (outta Ms. Righetti, who looks particularly stunning imo):
"All agents Code 13..."
Replace "agents" with trolls around here though for the "analogous comparison"...
Man, lol, especially since you dorks always appear "outta the woodwork" to troll me by ac replies, in vain...
Additionally, since I have been "out-of-the-loop" doing freeware/shareware since late 2003-early 2004 (by choice, work obligations, travel, & just life-in-general)?
"You've been asleep Cap... for almost 70 years..."
So have I, internet-time vs. "real" time that is (2004-2012), as far as doing wares for folks to use... no more.
I told myself that IF things didn't get "better" on the virus/trojan/spyware/rootkit (malware-in-general) front by 2012?? Out this app would go to the general public!
So, here we are... only a little more to go, & out she goes (64-bit too, there is, afaik, none done that way yet other than mine)...
Yes, HOSTS files are an EFFECTIVE "layered-security"/"defense-in-depth" tool vs. malware, a speed gainer that's HUGELY noticeable in two ways (blocking adbanners + hardcodes of users fav sites into it), good vs. DNS faults (DNSBL & downed or redirected DNS servers) & even for more "anonymity" vs. tracking & more (very versatile/ubiquitous)... and lastly?
They run in "Ring 0/RPL 0/KernelMode" (pnp design on Windows &/or MacOS X, not sure about Linux but, most likely the same too odds are & if not, it ought to be) which because they are only a filter for the IP stack itself in that layer of operations vs. usermode/Ring 3/RPL 0?
Hey, my last "Capt. America" analogy?
Capt.America/Steve Rogers: "What's it made out of?"
Howard Stark: "Vibranium - it's as STRONG AS STEEL & a 1/3rd the weight"
It just works - more efficiently than other methods & even complimenting them (such as for software firewalls vs. IP addressed attacks, the one FAR less used, because unlike host-domain names? Once they're 'blackballed', they're gone... not always the case with bogus host-domain names, they recycle/reuse them w/ diff. & often less reputable or cautious hosting providers)!
(And, for all of the above, complimenting things like browser addon like AdBlock + DNS servers (even filtering good ones vs. malware))...
...apk
"ha. i'm not very impressed with companies that lie on their press releases.
http://www.malwarebytes.org/press_center/malwarebytes-industry-momentum-intensifies
Malwarebytes recently completed the acquisition of hpHosts, a popular and trusted blacklist of malicious websites, ad servers and tracking servers. The acquisition ensures that Malwarebytes protects against the newest malevolent internet protocol (IP) addresses" - by Anonymous Coward on Thursday April 12, @03:48PM (#39663701)
KEYWORD - the bolded part (malwarebytes, not hpHOSTS)... you fail, imo @ least, but... that's not good enough!
Either somebody made a mistake (marketers/press reps) obviously, OR, they meant the wares malwarebytes puts out, NOT hpHOSTS' data!
(Twisting words to YOUR interpretation's fairly clever, I'll give you that, but it's EASILY seen thru... in fact, didn't YOU try that on ME recently too, only to have me blow you away with far earlier statements to the effect I know that hosts files will NOT block IP addresses?)
---
"you cannot protect against malevolent ip addresses with a hosts file. a hosts file can only block host names, not ip addresses. you need a firewall to block ip addresses." - by Anonymous Coward on Thursday April 12, @03:48PM (#39663701)
Yes - that's a "fact of life" on hosts not blocking ip addresses but being able to block host-domain names for added security online (in addition to FAR greater & noticeable speed gains + more).
---
"so - lying? not impressive." - by Anonymous Coward on Thursday April 12, @03:48PM (#39663701)
It's a shame I suspect you're just playing "word games" but I'll write Mr. Burn on it, & see what he says... maybe he'll even post here, who knows?
So yes - I am fully aware of what you've said on that account.. in fact, I'll write him now (since we've been regularly corresponding) but, I do *think* you "misinterpreted that" & intentionally, troll... lol!
APK
P.S.=> In fact? He might even appear here to "clear up" your attempt @ "twisting words", lol, but... we'll see on that note, soon enough... apk
"twisting the words"?
they clearly said that hpHosts (the acquisition) ensures that Malwarebytes protects against "the newest" malevolent ip addresses. i'm not twisting their words at all. that's what they explicitly said. a hosts file can't do that.
You DO know that malwarebytes has a product of their own don't you - I've never used it myself, but it MAY handle IP based attacks (vs. hosts which we BOTH know doesn't do that)?
Still - That aside though??
Yes - I do think it was some "press agent's" screwup (they're not technical is why) & it's no "first' by any means/stretch-of-the-imagination...
Still, I'm off to notify them of that, so that others can't attempt to 'screw them' like you are now by bogus wormish means, lol, as you're "wont to do" (especially vs. myself & your ac stalking posts).
APK
P.S.=> Thanks for the 'heads up' on this note, because shortly? You'll be ALL OUTTA 'aces' IN THIS GAME OF POKER... lol!
Yes, being positive here - This is going to be fun, & a bit of a challenge @ least, for once, vs. you the "ac troller/stalker/harasser" as I call you... apk
MY original words quoted next below need a SLIGHT bit of correction:
"They run in "Ring 0/RPL 0/KernelMode" (pnp design on Windows &/or MacOS X, not sure about Linux but, most likely the same too odds are & if not, it ought to be) which because they are only a filter for the IP stack itself in that layer of operations vs. usermode/Ring 3/RPL 0?" - by Anonymous Coward on Thursday April 12, @03:34PM (#39663413)
The bolded "0" should be a 3...
(NOT that you'd 'catch that' - you're not technically proficient enough imo, but judging by your attempts @ crapping on malwarebytes that way as you have noted below in my p.s. section? Well - one never knows & you might, and I won't let you do that to me as you have tried to they...)
APK
P.S.=> What was it again that Richelieu said? Oh yes:
"If you give me six lines written by the most honest man, I will find something in them to hang him". â"Cardinal Richelieu
Pretty much what "AC stalker/harasser troll" (one of my "many fans" here, lol) is TRYING to do because some press person screwed up on hpHOSTS acquisition press release - I just notified them via contacts as well as Mr. Burn himself per my statements I would -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39663701
(This is why NOBODY who isn't "technical enough" should write ANYTHING about computing... we all make mistakes, but that's a fairly big one I have to admit (not my mistake though, but still, one worth letting folks KNOW they messed up on just out of a sense of "civic duty" to those DOING the right thing out there online or in life))... apk
Please - You stalking me by ac posts, downmods by your reg'd 'luser' account here too (of nearly all of my posts for months now) with NO valid technical justification behind them is pitiful...
Especially downmodding my post parent to this one's VERY weak!
Thus, I must ask you a question:
What is your FAVORITE COLOR? TRANSPARENT??
Because YOU are VERY EASY to "see thru"...
(LOL!)
Are you also upset that I am having your "nitpick" corrected that someone obviously not that technically proficient in computing made - which press reps have been guilty of before, since they're NOT technical? Must be...
* LOL, hence the "effete downmod retaliation" of my init. post here & without question, done by the means noted above - we've ALL seen that "puny trick" before, lol!
APK
P.S.=> I have just finished corresponding with Mr. Chris Williams ( & Mr. Steven Burn of hpHosts also) to have them correct the error in the press release for hpHosts acquisition by malwarebytes.org, so your nitpick?? NOW, or soon to be, "moot" - you are stooping to "new lows" in your weak attempts @ 'attacking me' here on /., in attacking those around me, but in the end? You only made them STRONGER... thank you I suppose, is all I can say on their behalf now...
... apk
That's what u get for trying 2 "troll me" - they overlook diskcaches - here was my reply correcting them, and later THEIR faulty response my reply corrects:
---
"A mistake's been made here on hosts files above: Both gents above overlooked the local kernelmode diskcaching subsystem caching the hosts file, because like any file that is referenced and subsequently re-referenced, it will get cached that way, even if one were to turn off their local DNS clientside cache in Windows!
(Which one has to with larger hosts files since it is built on a faulty premise in a non-flexible structure - this is a design problem in Windows itself, Linux for example has no such issue (it is 1 thing I will give Linux in fact, over Windows))
Thus, the local kernelmode diskcaching subsystem will take over caching hosts file data for faster "in memory" lookups of its record entries, just like the DNS clientside cache does.
This is basic stuff fellas, you overlooked it.
Sincerely,
Alexander Peter Kowalski
apk"
---
Their replies and faults were the following quotes from both gents:
---
"As you've pointed out, it causes a major slowdown with DNS lookups (it linearly parses the text file on DNS cache miss). That's because the hosts file was never intended to be used as a blacklist."
---
* Which is a gigantically fundamental error considering the point I brought to light above... & to partially use the words of the erroneous fellow above?
"That's why techies were never meant to be system programmers"
(Oh, they're good @ memorizing some facts, & using manuals to do rote jobs, but when it comes to actual understanding of the inner "guts" of an OS? You can see their "clear fail" above...)
APK
P.S.=> So much for the "experts" at the url you posted... they're not very expert -> http://security.stackexchange.com/questions/9795/any-additional-security-with-large-blacklisting-hosts-file and so much for your pitiful attempt @ trolling me... apk
First of all - You've made VERY FUNDAMENTAL "rookie" mistake's here on hosts files above!
Both gents pdubs & logicalscope above overlooked this:
The local kernelmode diskcaching subsystem caching the hosts file!
Since, like any file that is referenced and subsequently re-referenced, it will get cached that way, even if one were to turn off their local DNS clientside cache in Windows - there IS another method, but why use it? The DNS clientside cache won't handle larger hosts files, and wastes CPU cycles, memory, & other forms of I/O as well since the local kernelmode diskcaching subsystem can assume duties caching it!
(Windows DNS clientside cache service is built on a faulty premise in a non-flexible structure & with large hosts files, it will "lag" you, so turn it off IF you use a larger hsots file - this is a design problem in Windows itself, Linux for example has no such issue (it is 1 thing I will give Linux in fact, over Windows))
Thus, the local kernelmode diskcaching subsystem will take over caching hosts file data for fast "in memory" lookups of its record entries, just like the DNS clientside cache does, but without the "lag" you would get with a large hosts file due to faults in the DNS clientside cache service's design (static structure).
* This is basic stuff fellas, you overlooked it.
---
Secondly:
2 items you have overlooked for speed that hosts files give you pdubs & logicalscope:
A.) You can also additionally "speed up" accesss to your favorite websites by "hardcoding in" your favorites into hosts files like so (examples):
100.1.2.3 yourfavsite1.com
101.4.5.6 yourfavsite2.com
--
Which not only speeds up access to them for the reasons noted above, but, also "proofs you" vs. DNS poisoned-redirected remote DNS servers, OR "downed" DNS servers (an added security AND RELIABILITY feature).
This can also be used to bypass DNS request logs (for better "anonymity" to an extent, but doesn't fool Deep Packet Inspections) & DNSBL's (dns block lists IF necessary).
This technique is a "white-list" of your favorite sites in essence!
It also allows for FASTER host-domain name lookups by FAR!
(In fact, many orders of magnitude so, since disk access (7-10ms nowadays) is faster than roundtrip calls & callbacks in the API to a remote DNS server (30-to 100's of ms) - & speed of parsing is NO DIFFERENT in the diskcache than it would be in the faulty Windows DNS clientside cache service... it's a memory based parse either way).
---
B.) HOSTS files can be also used to blockout adbanners to gain more easily NOTICEABLE SPEED online, as well as security also (since adbanners have borne malicious script in them MANY times the past few years, if you would like a partial list of that? Ask)
There's no question that adbanners slow down websurfing massively.
Hosts can do away with that lag, AND add security as well + more.
By the way - your suggestion on AdBlock?
AdBlock "ain't what it used to be" by default & does NOT block all ads:
http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option
These are 2 other "fundamentals" you've overlooked in the capabilities of a hosts file pdubs & logicalscope.
---
There is also the words of Mr. Oliver Day of SecurityFocus (a division of Symantec) from the article of his on HOSTS files!
It supports my points as well on how hosts files can speed one up and secure one additionally via "layered security"/"defense in depth" via known bad hosts-domains:
A RETURN TO THE KILLFILE:
http://www.securityfocus.com/columnists/491
Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):
---
"The host file on my day-to-day laptop is now over 16,000 lines long. Acce
I read your profile per my subject above: I think you're FULL OF it, & this proves it below...
You state You've been a software engineer for 16 yrs.? 1 yr. less professionally than I in fact!
(30++ yrs. total time though here since 1982 coding computers from midrange/mainframes into Client Server designs currently/professionally)
That said?
How could you BLATANTLY OVERLOOK these points on HOSTS files I used vs. your "experts" @ the link you posted?
(Especially since I can justify them via how device drivers work vs. usermode apps AND basic CSC-101 file access/parsing)?
To wit "point-by-point" as is my usual style backed by facts AND EXACTLY WHAT I USED vs. the fools in your link you posted (some 'experts', lol - not! More like noobs or techies trying to play "smart"):
---
First of all - You've made VERY FUNDAMENTAL "rookie" mistake's here on hosts files above! I welcome ANYONE to dispute these points on benefits hosts files give the end user of them in:
1.) Diskcaching taking over for "in memory speed of access" for larger hosts files vs. the faulty DNS clientside cache service in Windows
2.) How hosts files can aid security via "layered-security"/"defense-in-depth"
3.) How hosts files can lessen tracking & aid "anonymity" to an extent (DNS request logs)
4.) How hosts files can circumvent DNSBL's
5.) How hosts files aid speed
6.) Added reliability hosts files can give you vs. DOWNED dns servers
7.) Added security vs. DNS poisoned redirected DNS servers (a huge RECURRING problem the past few years done via port 51/53 iirc & "bum rushing" DNS servers set into recursive mode)
8.) The fact that HOSTS can do several things noted above for anonymity, & reliability AdBlock especially + even software firewalls cannot
9.) LASTLY & POSSIBLY MOST IMPORTANTLY FOR EFFICIENCY VS. OTHER SOLUTIONS SUGGESTED HERE BY PDUBS:
The fact hosts files are merely a kernelmode/ring 0/rpl 0 FILTER for the IP stack (far faster operations than occurs in usermode/Ring 3/RPL 3 programs like AdBlock)...
A fact of life in coding gentleman, & ONE YOU'D KNOW if you'd have programmed device drivers, vs usermode apps.
---
* Once more, I read your profile, and your claim of being a 'software engineer' isn't 'cutting it' vs. the above... & like your experts in the link below you posted? I welcome debate on the above - I'll take GREAT PLEASURE in 'ripping you in 1/2' for trolling me in fact!
So, either you're NOT MUCH OF A "software engineer" your profile claims & I DOUBT after the above?
OR
You need to actually get a degree in CSC - based on the above, because any 101 CSC class and file access methods + datastructures classes would have educated you on (as well as device driver programming)!
EXACTLY how I 'dusted' the "wannabe experts" in the link you posted here:
http://security.stackexchange.com/questions/9795/any-additional-security-with-large-blacklisting-hosts-file
?
No, I don't think so on your end... as to your CLAIM of being a "software engineer" and for 16 yrs... no way.
APK
P.S.=> In fact, after what I posted there? Again:
I challenge you to disprove its points "Mr. Bullshitter", because if you don't KNOW those points?
NO WAY You are A SOFTWARE ENGINEER... period (or you never had any classical CSC education training or you're just stupid - take your pick!)... apk
All u got's vs. facts is 'bogus downmod' in effete retaliation? U fail.
APK
About Time.
Your profanity only shows how weak you really are. Can't get over it, can u? Bit "obsessed" are u?? Quit stalking me, nutjob... ok???
Seems you just CAN'T STAND that I have literally PROVEN a truckload of 'security experts' wrong by showing their scanning engines as erroneous, can you????
(Additionally - "Big names in the game" or not, they made mistakes... period! This isn't a "1st" for me in this life, I've beaten cities in lawsuits, and when I was an athlete I scored on the then decade long running champion in the sport of Lacrosse, in Syracuse U proving I could "run with the best in the nation" (I ought to have, I grew up & played with or against MOST of their squad)).
Back on track here though:
Hey, & I am not the only guy that's had this happen to them either!
---
1.) Dr. Mark Russinovich of Microsoft has (largely with his pstools being abused by malware makers)
2.) Nir Sofer of Nirsoft also has with "false positives"
---
They're 2 well-known others who actually produce useful tools for others to use whom I have corresponded with in the past, and in the latter, is also upset over it as I was!
* Yup... nothing like "winning" (as Charlie Sheen would put it - crazy as Mr. Sheen could be, and funnier than hell while doing it? The man had a point - WIN! It's far better than losing)... and, as you can see above??
(It's "nothing new" to me. Quite commonplace actually, & especially vs. trolls like YOU! After all - YOU make it (lol, I gotta say it) just "too, Too, TOO EASY - just '2EZ'" to do & especially to you the cowardly stalk/troll/harass by ac posts fool, lol!)
In the end, your profanity laden trolling "Cardinal Richelieu" and stalking me plus returning to posts DAYS LATER only shows I am doing that to YOU, not just my antivirus naysayers... I love it!
APK
P.S.=> However - I learned something though when it happened to me years ago with CA - go right @ 'em, & beat 'em @ their own game, by proving them wrong. Nobody else will do it for you... you have to do it, yourself, and be right... and of course????? Win!
... apk However - I learned something though when it happened to me years ago with CA - go right @ 'em,
See here -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 you missed that, didn't you, "Cardinal Richelieu"... lol!
* Yes... you're "profanity-laden reation" (lol) says it all for me, along with you trying to "hide you missed" in your already PROVEN 'nitpick troll' game... lol!
(Bit "rattled in your game" are you, troll? No questions asked, you are... you're "slipping"!)
* Face facts: You've just proven to anyone reading that you're just NOT technically proficient enough to have caught that to 'try troll me' on it as you tried earlier, lol, trying to attack me indirectly via others' failures, not mine...
(U FAIL and best of all, in "your game" (nitpick trolling)).
Too bad I caught it first & issued my own correction of myself, eh? You lose/"U FAIL" as per your usual, but then again? That's nothing "new 4U", now is it, especially vs. myself...
APK
P.S.=> Yea, I just GOTTA say it, as-per-my-usual-style vs. ac stalking/harassing/trolling by ac as you always TRY & FAIL IN vs. myself:
This? This was just "too, Too, TOO EASY - just '2EZ'", and fact is, you make it so for me... thanks!
On the downmod though?
Please...
Odds are STRONG that it's just tomhudson = Barbara, not barbie doing it again via his/her multiple registered accounts shown here -> http://slashdot.org/comments.pl?sid=2787367&cid=39697575
Proof of that? Ok - I'll let Ole' "tom/barbara" prove it for me via his/her own words:
"Wait until he starts on another kick, then reply to him as an AC. It's the new meme." - by tomhudson (43916) on Sunday May 09 2010, @08:29PM (#32150544) Journal
Which is also a violation of /. forums rules (inciting stalking of others in collusion with "others" IF NOT THE LAW ITSELF AS WELL...
(Yet MORE "alternate registered 'luser' trolling accounts of tom/barbara's no doubt, lol))
Which "tom/barbara, not barbie" did to me for MONTHS here & failed in (especially on technical issues, despite her/his constant attempt to appear to be expert in that area)...
... apk
To try "hide" your "FAIL"? Please, lol -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39722103
To try "hide" your utter "FAIL"? Please, lol -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39722103
Trying to hide something are we, trolls?? Too bad: I won't allow it! My posting beneath my post hauls it RIGHT back into view... lol, for everyone (no hiding the truth by bogus moddowns).
* Man... this is one for the bookmarks/favorites...
APK
P.S.=> Better luck next time, worms... apk
See subject & the post parent to this one: All the moddowns in the WORLD can't hide it when I drag it back into view via this reply, trolls...
* Weak - totally weak: Makes me laugh in fact...
APK
P.S.=> Yup, another one for the bookmarks/favorites folder titled "bogus moddowns by trolls", lol... unbelievable, that's how many in this thread? 10++ by now?? Yes, they are "dedicated"... effete & cowardly, but dedicated!
... apk
See subject-line, & this entire exchange: Funny how trolls moddown truths &/or facts they cannot dispute, + keep doing it when they're completely outmatched/overmatched... like I said above?
* UNBELIEVABLE... & hilarious!
APK
P.S.=> When all you have is a moddown vs. truths or facts, U FAILED trolls - plain & simple!
... apk
Trolls like U always resort 2 bogus mod downs in effete retaliation.
Defeated trolls resort 2 that 2 "hide" their defeats every time. See post parent 2 this one that exposes that very thing.
Another troll blown away by apk mods down 2 try hide it http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615
Proof of a troll blown away by apk using mods down 2 try hide it http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615
Troll blown away by apk mods down 2 try hide it herehttp://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 as well as the post parent to this one too.
A Troll gets blown away by apk mods down posts 2 hide it http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 including the post parent to this reply making it 15 in total so far. Talk about obvious.
Troll gets blown away by apk mods down 2 try hide it http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 as well as 16 others in this thread. LOL!
So, "Read 'em & WEEP" -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39661811
APK
So, "Read 'em & WEEP" -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39661811
APK
P.S.=> All the downmods in the WORLD can't hide it, so keep blowing your mod points... apk
Trying 2 hide the post parent to this reply, trolls? I won't allow it.
Trying to hide my posts, trolls, by downmodding them -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow it, no way.. lol, keep blowing those mod points!
Trying 2 hide my posts trolls, by downmods od 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow it, no way.. lol, keep blowing those mod points!
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow thatt, no way.. lol, keep blowing those mod points trolls!
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow that, no way.. lol, keep blowing those mod points trolls - I'll just drag them back into view, and you'll exhaust all your mod points. Can't do that to the next person, now can you, if that happens... lol!
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow that, no way.. lol, keep blowing those mod points trolls - I'll just drag them back into view, and you'll exhaust all your mod points. Can't do that to the next person, now can you, if that happens... lol!
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow that, no way.. lol, keep blowing those mod points trolls - I'll just drag them back into view, and you'll exhaust all your mod points. Can't do that to the next person, now can you, if that happens? Nope... lol!
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow that, no way.. lol, keep blowing those mod points trolls! Me? Well - I'll just drag them back into view, and you'll exhaust all your mod points. Can't do that to the next person, now can you, if that happens? Nope... lol!
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow that, no way.. lol, keep blowing those mod points trolls! Me? Well - I'll just drag them back into view, and you'll exhaust all your mod points. Can't do that to the next person, now can you, if that happens? Nope... lol! http://apple.slashdot.org/comments.pl?sid=2779659
Trying 2 hide my posts by downmoddin 'em -> http://apple.slashdot.org/comments.pl?sid=2779659&cid=39666615 ? I won't allow it, no way.. lol, keep blowing those mod points troll!
Me? Well - I'll just drag them back into view, and you'll exhaust all your mod points.
Can't do that to the next person, now can you, if that happens? Nope... lol!