Microsoft's Security Products Will Block Adware By Default Starting On July 1

An anonymous reader writes "Microsoft [Thursday] announced a change to how it handles adware, a form of malware that pushes unwanted advertisements to the user. As of July 1, the company's security products will immediately stop any adware they detect and notify the user, who can then restore the program if they wish. Currently, when any of Microsoft's security products (including Microsoft Security Essentials and Microsoft Forefront) detects a program as adware, it will alert the user and offer them a recommended action. If the user doesn't do anything, the security product will let the program continue to run until the user makes a decision." If adware is malware, why wait until July?

adware is malware

[ClaraBow]

when it deceives the user into buying shady and often worthless products.

Re:adware is malware

[The123king]

I'd define certain MS products as crapware, not malware. When they charge you $100 extra with the Ultimate editions of windows for a glitzy interface and a few features you could get for free from other vendors, that's crapware, but the underlying core of Windows (and the win32/RT API) certainly isn't.

Re:adware is malware

[mysidia]

No.... when they don't pay the fee to Microsoft. Microsoft wants to control all the advertising on the Start Screen and the Desktop alike.

Of course if you use Microsoft approved advertising methods, and pay Microsoft the relevant fees, you'll get a pass.

Re:adware is malware

[Smauler]

I wonder when microsoft will get around to getting their vendors to stop accepting kickbacks for shitty adware on new systems.

This practice is one of the reasons why I still build my own desktop systems. Getting rid of the junk is a massive hassle, and restoration of the system from partition brings it all back.

Re:adware is malware

[Hypotensive]

adware is malware when the user didn't explicitly want to install it.

Re:adware is malware

[Cyberdyne]

I wonder when microsoft will get around to getting their vendors to stop accepting kickbacks for shitty adware on new systems.
This practice is one of the reasons why I still build my own desktop systems. Getting rid of the junk is a massive hassle, and restoration of the system from partition brings it all back.

I hate the usual crap that gets shovelled on too, but to be fair Microsoft have apparently been pushing against that for a few years now for exactly that reason. Of course, they need to tread carefully there for legal reasons: if they block, say, Dell bundling a limited-time version of Norton Anti-virus, Dell won't be happy (they lose the $5 or whatever kickback) and Symantec will probably lawyer up and come knocking, particularly with Microsoft offering their own AV product now. Remember all the fallout when they killed off Netscape, when they stopped IBM from bundling OS/2 as a dual-boot setup with Windows? We both know this is different, but Microsoft's lawyers are apparently paranoid about crossing that line again.
I'm told they also offer crapware-free machines in their own stores, which makes sense. I just wish they'd make OEMs ship a plain vanilla Windows install disk like they used to, no more "restore" BS - so anyone wanting a clean machine can just re-install.

Re:adware is malware

[lgw]

I know you! You're the guy who bought an adapter to charge his cell phone from the power available from a landline connector, just to rub it in, aren't you?

Re:adware is malware

[lgw]

I wonder when microsoft will get around to getting their vendors to stop accepting kickbacks for shitty adware on new systems.

Arguably, the Nokia acquisition is partly their way of addressing that. Now that MS will also sell hardware, you'll at least have one vendor who doesn't lard up the system with junk.

Re:adware is malware

[cffrost]

I'd define certain MS products as crapware, not malware. When they charge you $100 extra with the Ultimate editions of windows for a glitzy interface and a few features you could get for free from other vendors, that's crapware, but the underlying core of Windows (and the win32/RT API) certainly isn't.

I've never heard of "crapware" before, but charging money for something that has no monetary value (as it's offered for free by another entity) sounds to me like fraud.

I think it's certainly malicious when MS informs NSA about various security holes in their products prior to patching them — it's difficult for me to conceive a better way to undermine customers' trust.

Re:adware is malware

[Babbster]

I've never heard of "crapware" before, but charging money for something that has no monetary value (as it's offered for free by another entity) sounds to me like fraud.

That's complete nonsense; if true, it would mean nearly every piece of commercial software was fraud, from office software to image editing software to antivirus software.

Re:adware is malware

So...are slashvertisements malware too then?

Re:adware is malware

[ozmanjusri]

Of course if you use Microsoft approved advertising methods, and pay Microsoft the relevant fees, you'll get a pass.

That's exactly what's happening.

Windows 8 has a built-in advertising layer. Microsoft's not doing this to help customers, they're just eliminating competitors.

The answer of just how wrong Microsoft is to cram advertisements in its commercial software will differ from person to person, I'm sure. Me, I'm not too bothered, but I can totally relate to anyone who is. From all I can tell, none of the ads are intrusive, and I appreciate that. As for them being in paid software, that doesn't bother me either because of that above fact. However, I am bothered by other aspects.

The biggest mistake here on Microsoft's behalf is that no one is made aware of these ads until they happen to stumble on them. No one is going to expect ads to be loaded in their paid-for OS, so a notification of that at first boot would be appreciated. Further, no one is given the option to disable them (though I'm sure it'd take little more than an editing of the hosts file). Finally, there's also the fact that these ads haven't decreased the price of the OS, else that'd be a point Microsoft would no doubt flaunt.

http://hothardware.com/News/Mi...

Re:adware is malware

[mysidia]

though I'm sure it'd take little more than an editing of the hosts file

Not if you use the Windows Defender that comes with Windows 8: Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only.

Re:adware is malware

What advertising on the Start Screen? Oh you mean the ONE Store app that I can easily unpin?
But what about Desktop advertising?
http://www.extremetech.com/wp-content/uploads/2013/05/windows-8.1-blue-start-button-640x360.jpg
Hmm.. looks just about the same as Windows 7 to me..

Re:adware is malware

More true than you know. The entire aim of Microsoft Windows (thing we are no longer "allowed" to call) Metro interface was to introduce active tiles so that they could put advertising on them.

Re:adware is malware

[AmiMoJo]

Yes, because one common tactic used by malware is to block the sites of anti-virus software and update servers with the hosts file. Damned if they do, damned if they don't.

Re:adware is malware

[AmiMoJo]

Part of the deal for getting cheap OEM copies of Windows is that you don't bundle a generic install disc that could be used on other machines. It has to be tied to the original hardware. Such a disc wouldn't be much use to most users anyway, since it would make restoring the machine to factory difficult. You need to figure out which partition Windows was on, wipe it, re-install, install drivers, install support utilities for all those extra buttons and what-not, re-install anti-virus etc. Believe it or no consumers actually prefer a simple "insert disc and it goes back to factory" set up.

Re:adware is malware

[Luckyo]

You definition is not just idiotic - it's downright insane. Applied to both software and everything else actually.

"Why would I pay for Photoshop when I can have Gimp for free?"
"Why would I pay for a car when I can walk for free?"
"Why would I pay for a soft drink when I can get water for free from the tap?"

Paying often gets you something you wouldn't get from free option. Such as convenience, additional functionality and so on.

Re:adware is malware

Years back, I bought a Sager laptop with XP Pro (I think Windows 7 became an option shortly after). I believe it came with an XP Pro SP3 disc (OEM), and a disc container programs, utilities and drivers. I got to pick and choose. I also got to customize the laptop with various options, like harddrives, screen, RAM, etc. But I probably paid a premium for not having a bundled OEM like others.

Re:adware is malware

[DMUTPeregrine]

Which is why the answer is not a hosts file, but a local (caching) DNS server. It also has the benefit of not slowing down DNS lookups when you get a massive table of blocked destinations.

Re:adware is malware

That's exactly what's happening.

Windows 8 has a built-in advertising layer. Microsoft's not doing this to help customers, they're just eliminating competitors.

Do you actually see no difference between that sort of "fix your pc errors" or the "my crap advertising browser toolbar" and the sort of genuine targeted advertising from platform-integrated networks (iAds, AdMob, MS Ads)?

It's ok to not like Microsoft but to take a move like this and pretend you actually want all that adware just to attempt to take a swipe at MS is ridiculous.

Re:adware is malware

If you believe that, I have a magical castle complete with a horde of dragons right on the beach in Arizona. If they can make $0.01 by screwing us over, you know they will. Does past precedence mean nothing to you?

Re:adware is malware

[Jeruvy]

Your just not thinking this thru enough.  Perhaps your moronic ideals don't work in this context.

-- "Why would I pay for Photoshop when I can have Gimp for free?"

You can get Photoshop for free, either borrow/take or steal a copy from someone.

--"Why would I pay for a car when I can walk for free?"

You can get cars for virtually free by renting one (Less than a cab fare) or just steal one.  Free car.

--"Why would I pay for a soft drink when I can get water for free from the tap?"

This just makes sense though.  You should not buy soft drinks even if you are insane rich.

Why?

[Spad]

Presumably because of a deal struck with one of those weasel-word named "industry associations" like the "Really Helpful Consumer Notification Group" that represent shitty companies that do shitty things and who probably went to Microsoft and said "we need X amount of time to make sure our products meet your new standards so they don't get blocked" for which you can read "we need some time to find a way around your blocking so we can continue being shitty".

Re:Why?

[fustakrakich]

Damn you for reading my mind! That's exactly what's happening. They have to build a list of exceptions, and I'm sure one can get on that list for a "small fee".

Re:Why?

[Bite+The+Pillow]

Or they tried to minimize impact to their business by only inviting lawsuits from antivirus vendors on charges of anticompetitive behavior for bundling MSE. And did not want to take on additional enemies, since virus creators are unlikely to raise a fuss. But now they are taking that extra step, again with minimal business risk.

And, if they announce mse will block adware, it has to be pretty good day one because it will be immediately tested. Announcing plans gives consumers a good feeling, and legit businesses time to turn into an opt in model that gives users something. And time to develop and test the process that gets software blacklisted.

So if your explanation is correct, there was already a private announcement, and a deal. Microsoft made a public announcement that it did not have to make for another several months anyway, and businesses have 6 months to modify their software.

My version gives them the same time period, with no shady deals needed. And it matches normal business practice of announce then deliver. And it shows familiarity with the legally hostile world they have created for themselves, as well as their past behavior in that regard.

But you're right, "conspiracy" makes much more sense, and of course "paid off" makes even more, to address the other reply.

Re:Why?

[lgw]

"we need some time to find a way around your blocking so we can continue being shitty".

Well, sure, but not much time, and consider that products like the Java installer bundle this crap. This change is very broad, and doesn't just affect fly-by-night malware bundlers like Sourceforge.

But that's the deal, surely?

Is that not the deal? You get the program for sort-of-free, the price being that you get adverts displayed.

Or is this not talking about actual adware? The picture on the article shows one of those 'enhance your PC' adverts which are something else entirely.

When I say 'article' I of course mean 'blog entry' with a link to another blog entry which then links to the actual announcement with the information.

Here => http://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx

Re:But that's the deal, surely?

[Joce640k]

Is that not the deal? You get the program for sort-of-free, the price being that you get adverts displayed.

Spoken like somebody who hasn't had to remove "Babel toolbar" from anybody's machine and try to get the machine working normally again...

Re:But that's the deal, surely?

The adware they are talking about is the crap that gets installed without consent and then proceeds to replace ads on web pages with other ads. So that the people who actually paid for an ad on a page get ripped off since the user doesn't ever see that ad. These types of programs also tend to create extra ads on pages as well. In other words - these are bad for legit advertisers, not always for end consumers. (They are probably bad for both, but the reason MS will make this change is to protect legit advertisers).

Re:But that's the deal, surely?

Is that not the deal? You get the program for sort-of-free, the price being that you get adverts displayed.

Spoken like somebody who hasn't had to remove "Babel toolbar" from anybody's machine and try to get the machine working normally again...

Correct. Win98 was just starting to be available when I switched entirely to Linux. Which works fine for me BTW.

It feels good not to have such Windows Problems.

Re:But that's the deal, surely?

Indeed I have not. But "Babel Toolbar" sounds like malware with adverts, not adware.

Re:But that's the deal, surely?

Nothing should have ads in it. Either you charge a price for the software, or you make it free without any catches. I'm happy to pay for software I use, now I use an opensource OS.... but I pay for the install disks every release to support them.

Re:But that's the deal, surely?

[Joce640k]

The adware they are talking about is the crap that gets installed without consent and then proceeds to replace ads on web pages with other ads.

...until their adware server goes down. Then they call me and say "Internet isn't working!!!"

Kill them all. With fire.

Re:But that's the deal, surely?

[awshidahak]

Babel Toolbar isn't the "free program". Babel Toolbar is what gets installed as the price of the free program.

baby steps

[noh8rz10]

MS is walking a fine line as it tries to transition from a company that sees users as the target to be exploited and a company that sees users as the customers. Remember all the crapware like Norton installed on every new PC. MS was cool with this because it enabled the OEMs to them more $$. If they were user focused they would have never allowed it.

Now they're trying to move to an apple model where the user is first. blocking adware is part of this. but turning a big ship takes time, and there are a lot of long-time corporate relationships that need to change, so they are phasing in this new policy to block adware by default.

Now that MS has gotten the "customer is king" memo, there are only two companies that see users as a resource to be exploited for gain, and customers as partners to assist in this exploitation: goog and fb.

Re:baby steps

If they were user focused they would have never allowed it.

Microsoft would never have been allowed to deny OEMs to pre-install whatever they want, any attempts to do this would have been hit so hard with an anti-trust suit.

Re:baby steps

Apple only licenses its software on its own hardware...

Microsoft COULD do that... but then all the vendors would switch to Linux, BSD, or ReactOS.

And Microsoft would implode.

Re:baby steps

[Opportunist]

Erh... both Google and FB treat their customers actually rather well.

You? You mean they don't treat YOU well? No, wait, you're not the customer, you're the product.

Re:baby steps

Linux, BSD, or ReactOS.

Linux is nothing outside of servers and a bastardized version you wouldn't even recognize on a phone.

BSD is dying, Netcraft confirms it.

ReactOS isn't worth the letters it takes to type.

Which vendors would switch?

No vendors would switch. That's which vendors would switch.

Re:baby steps

[Chris+Mattern]

You haven't read the previous posts all the way through. The scenario under discussion is that Microsoft restricts their OS to their own hardware, the way Apple. Which vendors which switch? All of them. Under this scenario, they wouldn't have a choice--MS would no longer be selling to them.

Re:baby steps

Which is exactly my point, yet I got downvoted for some reason. When Apple does it, it's great! When Microsoft does it, they are evil!

Of course, you are on Slashdot ;)

Re:baby steps

[SeaFox]

MS is walking a fine line as it tries to transition from a company that sees users as the target to be exploited and a company that sees users as the customers.

Really? With Microsoft's new focus on social and free-to-use cloud services, I see them as following Facebook and Google and going the other direction.

Re:baby steps

[noh8rz10]

I agree, they make an intuitive platform for customers to use. Adwords and Adsense, eg. Or were you referring to the users of these sites? Users are the product, the commodity to be sold.

Re:baby steps

[noh8rz10]

Depends on the revenue model. If they're using cloud to drive subscriptions a la office365, then users are the customers. If they're using the cloud and social to sell advertising, then users are the product.

Re:baby steps

[c2me2]

Microsoft was not "cool with this". Microsoft is legally prevented from interfering in the software that OEMs (Dell, HP, etc.) install on PCs. The OEMs are responsible for all the crapware, not Microsoft.

Re:baby steps

You know you're on the wrong website when removing all the malicious crap adware and instead filtering ads through a consistent discrete mechanism (that is not on the desktop at all) is seen as an "evil" move. You will get people here that will now pretend they love advertising just because Microsoft is going against it.

Slashdotters are the most easily manipulated people around, how do you get a slashdotter to hate something? Get Microsoft (or Apple or Canonical) to embrace it!

Does that include Bing Bar?

[Glasswire]

One person's adware / malware is another's vital revenue stream.

Re:Does that include Bing Bar?

And don't forget Skype. Oh, for all installations of Skype to suddenly be blocked!

Also advertisements are immoral so I couldn't give a fuck if business owners (I am one, before you cry "pinko commie!") need to find another way to pay for their yachts.

Re:Does that include Bing Bar?

[Deathlizard]

I wouldn't call the Bing Bar (or the Bing desktop for that matter) Adware per say simply because it doesn't attempt to sell anything, but it definitely is bundleware and needs to die in a fire like the rest of the toolbar garbage.

That's going to be the real test for this initiative. Is it going to at least ask you remove the more legitimate toolbars like Ask, Bing Yahoo and Google Toolbars or is it going to ignore them. If it ignores them, Conduit's going to have a field day suing the hell out of MS for blocking their "Non harming" toolbar while ignoring the others. If they do detect them they better make sure Bing Bar is on the list or Google will be screaming "Antitrust" until the cows come home

Re:Does that include Bing Bar?

[Guppy06]

Bing Bar nothing. Windows 8 includes an unavoidable banner ad for the Windows Store.

Re:Does that include Bing Bar?

[fightersfury]

What about the Xbox home screen? You pay a certain amount of money for the system. You pay 50$ a year to ACCESS their online services. Then they shove ads all over that auto-play when you scroll over them.

Seems like it's adware when anyone else is doing it, but if MS does it, it's golden.

Re:Does that include Bing Bar?

[sconeu]

What bugs me about Bing Bar is that I hide it every time it shows up in Windows Update.

Yet the next Patch Tuesday, there it is, just like Groundhog Day.

Re:Does that include Bing Bar?

[Deathlizard]

If I had to make a call there, it would be Ad Supported. Although MS is getting very ad happy with their metro apps as of late. Hell even Solitaire is coming with Ad's now. At least so far they've been static images which i'm ok with more than virus infected flash ads. The same goes with banner ads for Android apps as well.

I define Adware as an application installed by a third party that is not associated directly with the downloaded app in any way and disrupts your experience outside of that particular app. A good example would be bundleware installers that love to install VLC media player for you as well as "Value added apps to enhance your experience" (if you want to see what I mean, Search for VLC media player in Google and Bing and click on one of the ads) or ads in the android notification bar popping up every 5 minutes.

Now this is where it gets dicey. What if the developer Wants you to see ads because its their revenue stream? Fine, but only show the ads when I'm directly using the app. I don't want you making money off me when I'm browsing the web by covering up malware infected website ads with malware infected banners (BTW I use Adblock plus for this reason), or annoy me about how I need to pay you to fix my 23409 registry errors every 5 minutes by about 12 different registry scanners running on my machine at once sucking down CPU time to scan. Or notify me that there's this great game I need to download from Google play every five seconds.

Re:Does that include Bing Bar?

Yeah, I get *so* tired of things wanting to, by default (unless I uncheck it), install the Google/Yahoo/Bing/Whatever toolbar into my browser. Um, no, I'm fine with my browser the way it is, if I wanted your toolbar, thought it was of any use to me, I'd download it myself manually as a separate install.

... or hey, you want that free trial copy of McAfee on your machine, right? Don't forget to uncheck that box if you don't.

... or at one point I remember installing Apple iTunes update had the default of installing Safari with it. I didn't download/install Safari in the first place, so why does the 'updater' want to install it? If I wanted to download it (which I did later), I would have, and then sure, update it - but I don't want your 'updater' to install a package I chose not to have as part of it's 'update'.

Basically, quit making the 'default' on an updater to install crapware (or anything) I don't already have... that's not an 'update' that's a shifty ploy to get more software on my machine.

Re:Does that include Bing Bar?

Does this include things like attempting to install McAfee? (Looks at Java.)

Re:Does that include Bing Bar?

[oji-sama]

Perhaps you should uninstall it as it would remove the need to update it? (I've never seen a Bing Bar update)

Re:Does that include Bing Bar?

[sconeu]

It's not an update. It keeps on asking me if I want to install it.

Re:Does that include Bing Bar?

sounds like you have a problem on your machine. It is never listed for me to update or install as I hide it on all my machines.

Re:Does that include Bing Bar?

[David_W]

Pay attention to the version numbers. Basically (and I'm making up the numbers here), if you tell it to hide v5, the next time it'll offer v4. Hide that, v3. And so on. They go away once you've told it to hide every one of them. And it'll come back whenever they release v6, but if you've hidden all the others, once you hide that it won't show up again until v7. So it takes some effort, but they can be squashed, eventually.

Re:Does that include Bing Bar?

There is a big difference between something that can be easily uninstalled and something you have to make a heroic effort to root out.

Re:Does that include Bing Bar?

What about the Xbox home screen? You pay a certain amount of money for the system. You pay 50$ a year to ACCESS their online services. Then they shove ads all over that auto-play when you scroll over them.

Then why do you pay for it?! You don't need and if you hate it so much don't use/pay for it!

Store?

Does that mean it is going to block all the adware crap claiming to be "free" in its 8.x App Store? Thankfully, that should about clear the "shelves"!

About time

[Deathlizard]

It's about time they start doing something about adware. At least put that "Low Threat" section in MSE to good use.

On the other hand, if they detect adware the same way the other AV's do, I wont be out of a day job. The only thing I've found that removes adware is ADWCleaner and the Junkware Removal Tool. The rest either don't detect it all, Detect only the most virulent or damaging forms of it, or detect it and won't remove it.

Re:About time

They don't do anything drastic about it anymore because the lawsuits by the spyware authors. A few years ago I believe the courts determined that these programs where legitimate programs and listing them as spyware or malware was illegal. That's why even Malware Bytes does not have them checked by default, they are listed as PUP(potentially unwanted program). The user needs to check them to remove them. As for the specialty programs like ADWCleaner and Junkware Removal Tool and others, they may be too small for these companies to bother with suing so they can get away with it. It would be nice to see all Antivirus programs actually take a heavy hand to these again. But as long as they are getting through it is making me money.

Re:About time

[bmo]

A few years ago I believe the courts determined that these programs where legitimate programs and listing them as spyware or malware was illegal.

No they didn't.

A lot of spammers and malware authors shout about "free speach" but the only court case where a spammer won was where Spamhaus replied to the lawsuit but didn't show up. Which was later overturned.

--
BMO

Removing competition

Only Metro and the Windows Store can spam you now!

Oh and ofcourse every search you make will include sponsored Bing results.

so it will block ie?

IE is the worst for unwanted advertisements.

So...

About those ads in Skype

Microsoft blocks Slashdot Beta?????

Works for me.

Microsoft's security products?

[rossdee]

Does that include the standard windows firewall?

Would legal service be better?

Would they not get better income for makeing legal programs? Why cheat, mislead, lie to user to install something thats bad for their computer? Or what about bad people that uses exploits to avoid user interaction and force their software on your computer?

Can be too good business installing software that users dont want and get ridoff asap when they find it on their computer?

Walking a line

I think MS has some valid concerns about the legal ramifications of this as they can be accused of anti-competitive behavior for blocking software the user probably clicked on and actually asked to install, even if they were tricked into it.

Re:Walking a line

The user also chose to install/use the MS products. Its fair game IMHO.

Because ...

[jamesl]

If adware is malware, why wait until July?

Because if they just popped it on the unsuspecting world with neither prior notification nor opportunity for users and IT professionals to react and inform, pundits would be caught unaware and unprepared and spend the next weeks complaining. Loudly. Vociferously. Obnoxiously. And users would be more pissed off than they will be in any case.

Re:Because ...

[marcosdumay]

Now, because they announced it beforehand, pundits will spend the next weeks complaining, loudly vociferously, obnoxiously, all the way until MS actually release it. Users will be as pissed of as in the other scenario, because despite the previous communication, they won't bother listening, and won't know about it anyway.

Aimed at FBI screen locking adware

[Antique+Geekmeister]

They're well behind the times. They're apparently aiming at things like this ransomware (http://privacy-pc.com/how-to/fbi-moneypak-virus-computer-locked-by-fbi.html) There are unfortunately a lot of ad tools out there right now that still try to lock your application to their web site. And I recently had to have a long talk with someone at work who browsed a porn site and had a dozen or so pop-ups _under_ his active screen, all showing webcam pornography. When he tried to close the web browser, the pop-unders were displayed, and it forced me to talk to him about keeping his workspace visitor safe.

Re:Aimed at FBI screen locking adware

[mysidia]

When he tried to close the web browser, the pop-unders were displayed, and it forced me to talk to him about keeping his workspace visitor safe.

That's nice.... in many organizations; browser accessing a porn site would have to be reported to HR, and it would generally be grounds for immediate termination.

OH yeah.... even if it did happen to be Adware that caused the porn to be displayed while they were operating it, b/c the user got their computer infected...

Re:Aimed at FBI screen locking adware

[Antique+Geekmeister]

As it happened, he wasn't browsing at work. He was browsing at home, and since some employees are on call and need to respond quickly to service requests, he was off duty but using his work laptop for personal use. When he opened his laptop in the morning, it wasn't even in the active tab of his browser so wasn't apparent. But when he minimized the browser to show something else to a co-worker, oh my.

Separating personal use from workspace resources can be very awkward, especially with companies where "Bring Your Own Device" is supported, or where you're laptop is company purchased.

Conflict of interest

Does that mean that Microsoft will prevent windows users to use Windows 8 ?

Dealing with the problem at the wrong end

[eneville]

Why disable software once it's installed? Shouldn't you at least attempt to stop the program getting installed first? Rather than open the front door and let the crap in, keep the door locked and screen your visitors.

Why wait till july?

[the_Bionic_lemming]

Maybe cause they want to make sure that XP users get punished for not coughing up the cash for a worse OS?

I'm trying Win 7 right now, it's slower on searching, locks up the PC if it hits a damaged file on a PC while searching, and doesn't even have a responsive mouse until it's been moving for ten or fifteen seconds - it's like the driver for the mouse goes into sleep mode after inactivity.

I bought my Dad a PC as a christmas present - He's not very polite on how he describes windows 8.

I want XP back.

Re:Why wait till july?

[Arker]

XP is a very popular and well-liked OS.

If everyone that prefers it would just break out the checkbook and donate to ReactOS, you could have a free clone with no artificial end-of-life. As much demand as there obviously is for this, you would think the project would have received more support.

Re:Why wait till july?

[the_Bionic_lemming]

First I heard of it, Will it be able to play all my games?

Re:Why wait till july?

[Arker]

Yes, but when depends on the requirements of the games.

If they are games that can be coaxed into running on the server version of XP ("Windows Server 2003")  then they should be working in the 1.0 release. Otherwise you would be lating for a later release.

http://www.reactos.org/user-faq

Re:Why wait till july?

Give your Dad Xubuntu. He'll thank you later when he realizes he has no more problems with Malware or Windows Rot (gradual slowing down of Windows). Hook him up with Wine from a PPA and he'll be a happy camper. None of you actually need XP, you are simply addicted and have become afraid to use anything other than Windows. I know, truth stings a bit eh, It stung me at first too.

Re:Why wait till july?

I'm more concerned about my drivers, will react OS support all my devices?

Permablock Camfrog

[Khyber]

Their ads try to install things on your system without your knowledge.

Re:They don't but, I do (easily & how)... apk

Thanks, APK. :) You are a man with character.

Do you have any other networking tips & tricks?

Beware: large hosts files slow down Win 7

Probably mostly Microsoft's fault for not using an O(n) algorithm, but install a large hosts file like MVPS and the system will repeatedly chew the CPU during page loads as the system reprocesses the *unchanged* hosts file. Stupid, but that's how MS made it work.

I eventually uninstalled the hosts file and made my own ad blocking DNS on a VPS instead. Better than a hosts file, faster, and automatically works for every device on my LAN without requiring installation!

skype ads

[feds]

why they don't start removing unwanted advertisements from Skype instead?

partners

[Tom]

If adware is malware, why wait until July?

Because they need to give time to their OEM and other partners as well as their own departments to transition to something that'll bypass this change.

Re:partners

Because they need to give time to their OEM and other partners as well as their own departments to transition to something that'll bypass this change.

It's not like it will actually affect anything. Microsoft Scrutiny Essentials is rated as the very worst security suite and only finds about 61% of malware. [[http://it.slashdot.org/story/13/12/21/0013243/microsoft-security-essentials-misses-39-of-malware]]

Re:That's nice, but I've already been @ it

I wonder if that point you'd actually want to run a local DNS server or something. The HOSTS file is kind of a quick 'n' dirty hack after all.

Re:That's nice, but I've already been @ it

I certainly decided to do that. Hosts files don't scale in terms of administration (installation on devices, updates, etc). My DNS does scale... and it autoupdates the ad server list daily (pulled from multiple sources).

It Just Works.

Would it count as irony if I used APK's hosts file as an input source for my DNS ad blocker server?

They want to start doing their own Adware

A while back, MS said something about a new API to push ads on the user. It sounds like they are getting ready to pull the trigger on that and they want to get rid of other adware or force the adware publishers to pay them to use the new API.

Not all adware is malware

Not all adware is malware, but all malware is malware.

The problem mainly is that some software that is adware, leaks privacy, and software like Microsoft-owned SKYPE is adware.

My app accounts for that too... apk

It's well documented how to stop it (stop usermode slow faulty with large hosts files Windows dns clientside dnscache service) http://winhelp2002.mvps.org/ho...

Per my subject-line: My program accounts for that @ build time...

( & saves the wasted CPU cycles, RAM, & other forms of I/O wasted on the weak faulty usermode SLOW dnscache in Windows.)

Lastly:

DNS IS LOADED WITH FAULTS - huge ones, when set into recursive mode (and you have to do that for updates iirc) vs. the Kaminsky redirect flaw for well over 1/2 a decade now, even though a patch exists (but 99% of ISP's don't implement it - too much hassle in MX setup).

APK

P.S.=> I'll give Linux 1thing - it has NO SUCH FAULTS with hosts... apk

FastFlux, Dynamic DNS botnets & more

WTF? Ever heard of logon scripts OR chron jobs/scheduled tasks from a network wide admin account user?

Apparently not, AND additionally?

They make it EASY to migrate hosts to ALL NETWORK NODES/ENDPOINTS that have a std. BSD ip stack (most all do), like your PC's & Servers on a network!

APK

P.S.=> Apparently, OU ARE NOT AWARE of DNS flaws in security (huge ones) in redirect weakness & exploit ala the Kaminsky flaw (not patched @ 99% of ISP's worldwide due to MX difficulities in setups for them) & also vs."FastFlux &/or Dynamic DNS using botnets (which EXPLOIT THE HELL OUT OF DNS) - so much for your "scaling" - scaling to redirect exploits & botnets is more like it... apk

Re:FastFlux, Dynamic DNS botnets & more

Foolish apk, come back when your "solution" requires zero additional client side installation/configuration and works the same for PC, Mac, Android, iOS, and everything else (as the DNS solution does). Your proposed approach just doesn't work.

Furthermore, you act like you don't need DNS after you install a hosts file. Obviously you still do. Fixing the ad server issue by running a modified config instance of dnsmasq on a private, firewalled server is secure enough.

So, apk, can your fix do all of this with no required user action *and* work on all platforms? No? I didn't think so.

As usual, all they have vs. apk's facts

Are trying to hide his post on hosts with minus mods http://tech.slashdot.org/comme... and the fact he shot down any and all naysayers here http://tech.slashdot.org/comme... as well as here http://tech.slashdot.org/comme... overcoming their weak objections and pointing out flaws in their faulty 'solutions' instead of out debating him. He always wins.

Re:As usual, all they have vs. apk's facts

Are trying to hide his post on hosts with minus mods http://tech.slashdot.org/comme... and the fact he shot down any and all naysayers here http://tech.slashdot.org/comme... as well as here http://tech.slashdot.org/comme... overcoming their weak objections and pointing out flaws in their faulty 'solutions' instead of out debating him. He always wins.

Because there's a bunch of dirt bags here that don't want you using the hosts file to block ads, it interferes with their revenue.

"You ain't seen nothin' yet"... apk

You're welcome, & sure I do & here's clues to some here http://tech.slashdot.org/comme... and here too http://tech.slashdot.org/comme...

HOWEVER - best of all, here http://tech.slashdot.org/comme...

Where it's shown how I completely DUSTED a "3 digit wannabe /. registered 'luser' "genius" (lol, NOT) on hosts today, point by point In getting him to contradict himself ( he needed no app to do hosts he said, but he used one & then, lmao - HE STILL BLEW IT LARGE on data there, generating repeats that bloat hosts) that is pointed out there.

APK

P.S.=> Yes folks - you just KNOW I've just GOTTA say it (as is per my usual "inimitable style", lol):

THIS?

This was all just "too, Too, TOO EASY - just '2ez'" & it always is vs. /. noobie skill level trolls I easily dismante & DESTROY with facts, every single time (& funniest part? All they HAVE is minus mods to vainly & effetely "hide" my posts whose points they are UNABLE TO DEFEAT validly on a technical level -> http://tech.slashdot.org/comme... )

... apk

That's nice but I've been @ it for decades

How? This (what you can't touch, can't hurt you) - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen...

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )

APK

P.S.=> Reposting this since the technical invalids around here (lol) couldn't VALIDLY technically disprove my points on hosts giving uses more speed, security, reliability & anonymity with less moving parts complexity + room for breakdown or WASTE (of cpu cycles, ram, & other forms of I/O wasted on faulty products like Windows' DNS cache OR DNS itself) & downmodded me effetely instead! apk

Re:That's nice but I've been @ it for decades

Man, you're right in your ps. All they had was minus mods http://tech.slashdot.org/comme... and you dusted the dns dorks completely in your replies that shut their crap down easily which showed they don't even know networking on their os platform of choice. Bunch of pussy weasel wannabe computer experts around here can't hold a candle to you apk and they know it. The minus mod says it all when that's the best they've got and nothing more.

Re:They don't but, I do (easily & how)... apk

minus modding apk's post here now and here http://tech.slashdot.org/comme... isn't proving him wrong. It shows he has you all floored technically.

Wrong (hosts are part of the IP stack)

Anything w/ BSD based IP stack has hosts (99% of OS out there) uses hosts, fool.

Where did I state I don't use DNS?

Show us that please - or stop *trying* to VAINLY put words in my mouth I never once stated... piss poor puny troll tactic that.

WHAT I FIND FUNNIEST? you IDIOTS around here keep "piling up" MORE ontop of browsers or the OS, when a custom hosts file SINGLE PART does their jobs with less moving parts.

APK

P.S.=> ONLY place they don't, afaik? ANDROID "kitkat" (shows how much even GOOGLE fears hosts imo - they are, after all, a 34++ billion dollar a year advertiser, & hosts cut THAT to shreds too)... apk

Re:Wrong (hosts are part of the IP stack)

That's nice, apk. It's refreshing to hear you say that hosts files don't work on all platforms (Android kitkat counts as a platform). Taking a list of ad/malware servers and installing these as overrides on a DNS server *does* work on all platforms.

Using this approach requires *zero* client configuration to accomplish everything your hosts file claims to do (simply push the address of the ad-blocking DNS out via your DHCP server on your LAN router). Instantly works for all platforms (not "all except...") and doesn't require the end user to perform any modifications to their machines or devices.

I'm enjoying having ads blocked on all my Kitkat devices (and everything else too), as well as blocking ads for all my guests who connect to my network... and they didn't have to do a thing to get this benefit.

Re:Wrong (hosts are part of the IP stack)

why'd avoid apk's question proving he said he doesn't use hosts here http://tech.slashdot.org/comme... as you stated he's said? Is it since you're a weak troll he's torn a new asshole who has to try to put words in apk's mouth he never said and you have to lie about it obviously since you can't show us he said that ever? Yes.

It's just Microsoft trolling for money

If adware is malware, why wait until July?

We are talking about Microsoft here. It's to give the ad people time to offer up payment to make sure that their particular malware is white-listed.

Total agree

[pettertom]

i am total agree with you in this matter. Mobile Phone Solutions

Tom, your libel broke your leg again

Hahahaha you idiot - "eat your words" punk http://slashdot.org/comments.p...

* Rarely have I SEEN such a no mind that LIES (like above) & I shot down repeatedly there on:

1.) You refusing to debate RequestPolicy's BLATANT inferiority to hosts files (first of all) -> http://slashdot.org/comments.p...

2.) You literally stating you don't need an app to process hosts properly here http://slashdot.org/comments.p...

(LMAO - yet you used uniq & FAILED THAT TOO dumbass, on repeating bloat data you'd still have with it -> http://slashdot.org/comments.p... )

3.) SAYING MY APP is a VIRUS, you piece of shit? Fuck you, & "eat your words", you little lying BITCH -> http://slashdot.org/comments.p...

4.) Then ,b>you BLEW IT AGAIN on data in hosts yet again (you'd have repeats and you do NOT understand hosts data at all from its sources in the security community) -> http://slashdot.org/comments.p...

* You're a TOTAL piece of shit... so much for "3 digit registered 'luser'" status you have here - I show it's not WORTH Shit (espcially lying SHIT like you).

You technically inept noob.

APK

P.S.=> This punk Tom? A real piece of shit... I literally *tried* to warn hm to 'steer clear' of trying me on hosts, but no... the moron "Tom" fried himself...apk

Re:Tom, your libel broke your leg again

Funny Tom stfu disappearing after that post (not). Tom's busy "eating his words". Tom's polite (now that apk humbled him http://slashdot.org/comments.p... after that libel of Tom's for Tom's numerous mistakes). Tom doesn't talk with his mouth full (of his own words he had to eat).

The real question...

[Hamsterdan]

Will it prevent the Bing bar from being installed ?

Re:The real question...

bing bar, google bar etc aren't actually adware. Though there are some toolbars that are. bing and google present ads only as part of search results

DNS = full of security holes... apk

Kaminsky flaw anyone? FastFlux &/or Dynamic DNS using botnets too?? Please... lol! More 'moving parts' complexity & room for BREAKDOWN too?? Come on... YOU EXPOSE YOURSELF TO THOSE ISSUES using dns only, fool - hosts STOP redirecting weakness from DNS (fact).

Kitkat? Only one & ALL OTHER PLATFORMS USE HOSTS FINE afaik &?

That's simply PROOF even GOOGLE fears hosts which chop ads to shreds with less parts & doing MORE by far than browser addons do, & even shoring up DNS defiiencies by the score too!

(& GOOGLE should fear hosts which is indicated CLEARLY by them chopping hosts out of their kitkat phone indicates - after all - they are just another leech advertiser that sells your information, & profits by it, stealing your speed you paid for, as well as exposing you to malicious script in ads - which I have DOZENS of proofs of the past few years of no less)

APK

P.S.=> Again - so it "sinks in" for you, in case you didn't "get it" - migrating hosts across network nodes/endpoints like PC desktops + servers = cake (every heard of logon scipts or scheduled tasks/chronjobs run to copy files to endpoint nodes? Look into it - child's play easy & done ALL the damn time too)... apk

Too bad I destroy those dirtbags easily

With facts - anyone's free to peruse beneath this post http://tech.slashdot.org/comme... to see that much, as I annihliated them point by "so-called 'point'" of theirs, easily, using facts vs. their bullshit.

APK

P.S.=> Dirtbags are afraid... that much, is obvious & I LOVE IT (even others like yourself see it)! apk

hosts files are pointless effort

Too bad for you that mobile devices are more common than PC hardware anymore, and so saying "all other platforms except..." is a big problem for you. Login scripts and network accounts aren't applicable for mobile devices. The DNS solution handles mobile and desktop devices with zero config.

Crazy APK... I basically got a DNS to serve the hosts file for me. The DNS answers authoritatively for domains that it does not have SoA for, and returns the IP addresses I choose to substitute.

There is nothing that you can do in a hosts file that this DNS solution cannot do. It's the exact same effect, except no client configuration & maintenance required (as hosts files need).

Look into it. It's far easier than what you describe as necessary to deploy hosts files.

Hosts = NO effort @ all (DNS = security risk)

Courtesy of "yours truly" & my skills in coding (you don't have) http://start64.com/index.php?o...

Since you avoided my fair question earlier (where you said I don't use DNS, yet I do, in OpenDNS since they @ least filter & use DNSSEC unlike most, AND patched vs. Kaminsky flaw)?

Show us, FIRST, where I said I don't use DNS... ok? You can't, since I do... but?

I overcome DNS weaknesses you don't DARE dispute idiot (kaminsky flaw unpatched on ISP dns servers, like 99% of them, & also "fastflux" + dynDNS using botnets exploiting DNS like mad too...).

How?

Simple - Custom hosts OVERCOME redirect security weaknesses all of those exploiters employ... easily.

Plus?

Custom hosts EVEN GET YOU PAST "slashdot beta" they FORCE on you registered 'lusers' too, which s a redirect as well, and unwanted one (they were doing it to ME too, as an ac, but I beat it with hosts easily) and they do FAR MORE for users in added speed, security, reliability, & even anonymity online (that other browser addons 'competitors' can't even BEGIN to touch, period). Fact.

(Slashdot beta, which many here clearly don't want -> http://tech.slashdot.org/comme... shown in that exchange)

APK

P.S.=> By the way: ANYTIME you feel "up to it"? You're MORE THAN WELCOME to validly technically dispute & DISPROVE my 17 enumerated points on hosts' value to end users of them, shown here http://start64.com/index.php?o... Which I KNOW DAMN WELL you're unable to do (it's imnposisble is why - I cannot be outsmarted by DOLTS that infest this place, lol)... apkItemid=74

Since you avoided my fair question earlier (where you said I don't use DNS, yet I do, in OpenDNS since they @ least filter

Hosts files don't work on all platforms, DNS does.

Great, glad you understand you still need to use DNS. The way you claim hosts files will overcome DNS issues certainly leaves people wondering if you realize that DNS is necessary.

I use DNS too. My DNS blocks ad servers, much like your hosts file does (except hosts files require far more effort). Since we are both using DNS, I simply choose to use one that blocks ad servers. Effectively, I configured the DNS to serve the hosts file.

One more thing my DNS does that your hosts file can't: I can block subdomains by wildcard. For example, it takes a single line of config to block all doubleclick servers that exist or ever will exist. I did the same for all ad networks. Hosts files have to list out each ad server, line by line, always doomed to play catch up.

There is nothing a hosts file can do that a custom DNS cannot. Your comment about redirect flaws is irrelevant, because this DNS is effectively serving the hosts file. No one can redirect a request that never hits their server.

I can block Slashdot beta via my DNS just as trivially as you do with your hosts file (i.e. by overriding the IP returned for the queried host). In fact, my DNS config is generated from various hosts files and adblock lists.

Show us how you can block domain wildcards and make mobile devices use your hosts file with zero config required on the device and maybe people will start listening to you.

DNS = chock full of security holes

Thats hosts overcome vs. FastFlux + DynDNS using botnets & the Kaminsky bug (99% of ISP's aren't patched vs it even 5++ yrs. after a patch is out - YOU take a STUPID risk depending solely on DNS)

Especially when hosts protect you vs. those threats noted above... fact.

Only 1 platform doesn't run hosts: ANDROID "kit kat", all othres out there, afaik, DO! Google = AFRAID of hosts apparently....

(Maybe they SHOULD use hosts on kitkat again - after all, DO look at all the EXPLOITS on ANDROID!)

Man... lol, the "invulnerable Linux" you pack of OPEN SORES liars kept saying that about, along the lines of "Windows != Secure, Linux = Secure" bullshit... well, reap your rewards -- YOU FAILED (& you're being torn up WORSE than Windows EVER was, lol...)

However - all other platforms that use the BSD IP stack run hosts (how many 100's to 1,000's are those?)

APK

P.S.=> ,b>You not only EXPOSE YOURSELF to dns NUMEROUS exploitable flaws (in itself due to recursion, which you HAVE TO USE to update), but also to FastFlux & DynDNS botnets too as well as using more "moving parts complexity" room for breakdown (see above as to THAT in security issues that exploit DNS)... lol! Man... do you KNOW how EASY it is for me to "run r wasting CPU cycles, RAM, & other forms of I/O adding ontop of your browsers (addons) + OS (dns servers OR even the dnsclient faulty with large hosts files usermode SLOW service)...

Still, since I've been waiting on this - Tell us - Where did I EVER SAY I don't use DNS, as you said, hmmm? I never once did... you dorks here, amaze me... no small wonder the USA is going down, when those like the trolls around here compose it... sad! apk

Only 1 can't use hosts (google fears it)

Can't you read? Only 1 doesn't run hosts: ANDROID "kit kat", all others do! Google fears hosts obviously. You on the other hand take security risks depending on dns alone since hosts fix those redirect problems. Of course, being the troll you are, you refuse to acknowledge those facts, and the fact that dns is an insecure piece of shit.

Thanks for noticing (yes, I know)... apk

Anyone's FREE to read my parent post & those beneath it http://tech.slashdot.org/comme... and decide for themselves.

* :)

(I love outwitting the DIMWITTED dolts around here... it's just, & you KNOW I've just GOTTA say it as usual, "too, Too, TOO EASY - just '2ex'" since they're basically undereducated techie DOLTS that haven't learned enough to THINK FOR THEMSELVES... only to rely on "experts" well... I DESTROY EXPERTS of all types, regularly & easily).

APK

P.S.=> "Onwards & UPWARDS".. apk

DNS may have holes, but you still use it.

Apk, you simply fail to understand that there is nothing you can do in hosts that the DNS approach doesn't do equally well or better.

You admit you still use DNS even though you call it a piece of shit. There is nothing your hosts files block that the DNS approach cannot. In the DNS approach there is no recursive query being performed for a blacklisted entry, so there's nothing that can be exploited.

Either the server is blacklisted in the DNS config and there is no recursive query (same effect as hosts), or there is no blacklist entry and the request is made as normal (same as hosts).

Except the DNS approach works on all platforms and can block by wildcard, something apk can't claim for hosts files.

ApK: why do you run from the fact that hosts can't do these things, and the DNS fix is as secure as using "hosts file plus DNS" (as you implicit claim you do when you say you use dns)?

BTW, I never said you didn't use DNS. I said you act like you don't (because you do). Stop trolling by claiming people said things they never said.

You've convinced me

The hosts files approach is obsolete. Sorry for wasting everyone's time.

APK

PS=> I thought it was a good idea for a while. apk

No, I overcome DNS redirect problems

See subject: DNS = weak vs. Kaminsky redirect, FastFlux + DynDNS botnets... what stops THAT?

* See subject-line... & yes, DNS = an insecure piece of shit - everyone KNOWS it, see those items JUST ABOVE as "proof thereof" (that I had to literallly SHORE UP, vs. redirect problems, using hosts...)

Hosts fix ALL that in DNS... as well as saving cpu cycles, RAM, & other forms of I/O totally WASTED on the faulty with large hosts files Windows' dns clientside usermode slow cache service, AND, layering on "more" to use DNS, only to find out you need hosts to stop its redirect from recursion problems... period.

---

NOW - As to THIS crap outta you? Please read:

"BTW, I never said you didn't use DNS." - by Anonymous Coward on Saturday April 05, 2014 @05:33PM (#46672323)

http://tech.slashdot.org/comme...

Now, show me where I stated I don't use DNS, ok?

(& I use a better DNS - not just ANY DNS, but OpenDNS - since they @ least, unlike ISP dns worldwide in the 99% range, did apply the patch to it to fix it, and they use DNSSEC... a shame I had to POINT ALL THAT OUT TO YOU, since I had to note it for you, first.... without that? I don't THINK you knew that @ all!)

Then again, I never ONCE stated I don't use DNS either... prove otherwise.

You can keep using that hunk of crap solely, but you'll just be exposing yourself to redirect issues botnets & kaminsky flaw redirects, without hosts to protect vs. redirect.

APK

P.S.=> A shame ,b>"lil' ole' me" had to THINK all of that for you, & there's NO disproving it either, since it works vs. DNS REDIRECT FLAWS GALORE OF ALL KINDS... & better than weak browser addons layering MORE over slower usermode browsers to boot... whereas by comparison, hosts operate in kernelmode as a filter for the IP stack (a highly optimized & priveleged OS subsystem)

"Impersonating me"? Lmao, please... apk

Is THAT the "best you've got" vs. being blown away by me here http://tech.slashdot.org/comme... ,b>which anyone is free to read the entire exchnge beneath it, to see how POORLY you little unskilled little trolling noob "techies" (@ most/best) did vs myself...

* Please... lol!

APK

P.S.=> Every time you little weasels attempt to "impersonate me", you only show others how WEAK you are, & only make ME look GOOD... & yourselves, by way of comparison? Pretty bad - no wonder the USA is falling apart - especially with trolling weasels running this country, like you...!

... apk

Know HOW I've destroyed them?

When they have to attempt to "impersonate me" -> http://tech.slashdot.org/comme...

* That's ok - Since for nearly 6++ hrs. now. folks have seen me DISMANTLE & DESTROY these weak noobs point by "so-called 'point'" of theirs in this entire exchange http://tech.slashdot.org/comme... anyone is free to read to decide for themselves...

I took them ALL down (ac replies always, they fear me obviously, since I have no DOUBT taken each of those trolls out under their "registered 'luser'" account here before on this OR other tech topics, QUITE easily).

APK

P.S.=> "Onwards & UPWARDS"... apk

LMAO - they're "impersonating me" now... apk

It's EXACTLY how I know I have beaten their "best & brightest" http://tech.slashdot.org/comme... - rather easily too.

Which is NO MAJOR ACCOMPLISHMENT!

(When considering ,b>they're technically WEAK dolts, who are imo & experience over 34++ yrs. in computing, @ best/most, mere network admins or techies... lol, who are HELPLESS without coders like us to create tools for those MENIALS to use - period)...

APK

P.S.=> I actually LOVE when they resort to that puny troll tactic... it only makes ME look GOOD & them, by way of comparison? Like the LIMITED DOLTS they are... apk

They're "impersonating me" now too... apk

How f'ing pitiful can this pack of underducated clucks get http://tech.slashdot.org/comme... for Pete's sake?

* LMAO - how STUPID could they be??

Doing that, they're only ADMITTING I totally dismanted & destroyed them easily, with facts they cannot overcome...

(Really DOES make me laugh...)

APK

P.S.=> Of course, they're not intelligent enough OR educated enough to realize that mistake of theirs, in *trying* vainly to "take me on", especially on hosts... apk

The big boys' conceit is....

[musth]

...that the advertisements that they serve are "wanted".

so it should block skype

a week ago ads started to pop up during a call...

Re:Hear this sound, Tom?

Tom embarassed himself and tried to hide your post with minus mods.

Adware/Malware distinction?

[tbg58]

My own definition of malware is "Any piece of software on your computer which is under the control of someone other than the computer owner." Under this definition adware would be considered malware.

Antivirus vendors of course refer to several classes of malware, including rootkits, trojans, viruses, worms (all of which classifications derive from the method the malware uses for propagation and activation). The actions of malware are various as well - botnets, rootkits, keyloggers, phishing redirectors, crypto-extortion, fake AV are a few. Adware including browser hijackers, unwanted toolbars and other unwanted BHOs seem to be the category at which the new Microsoft targeting is aimed. These sorts of programs are called PUPs (potentially unwanted programs) by the AV vendors, though under my definition they would be classed as malware.

Microsoft have made a further distinction in adware as "any program which brings up ads in ANOTHER PROGRAM." These are what would be blocked. and this is not unhelpful, however one should remember that Microsoft's malware protection has been decertified by most antivirus ratings consortia, so how good the MS product will be is anyone's guess.

Re:Hear this sound, Tom?

YOU sayin you didn't need an app to process hosts data here http://slashdot.org/comments.p... and yet you used one (uniq)

Just gonna weigh in here. Those two facts don't contradict each other; he said you didn't need an app to edit hosts, not that you could use one if you wanted. And he's right, you can use a program or manually edit the file.

Tom's a libelous punk

Who had to "eat his words" and ran http://yro.slashdot.org/commen...

Re:Tom's a libelous punk

OK, the problem I have is that every "gotcha" post you're making links to another set of "gotcha" posts, which links to another set of "gotcha" posts, and I have no idea how far I'm going to need to go to find out how exactly you "got" him. Why don't you, in one comment, explain in straightforward fashion 1) what claims you say Tom made, and 2) why he was wrong. No random links to other comments or software downloads, no statements about him apparently backing down, just the precise facts of what he was wrong about, and why. If you're right, you'll get a lot more support this way than with a bunch of nested posts full of insinuations and random bold comments.

Looking at the conversation as far as I could follow it, it looks like he said 2 main things that are relevant:

1) HOSTS can be updated manually or with tools. (He has suggested at least one tool. I think you consider this a "gotcha", but as I said above, this is *not* contradictory.)
2) HOSTS for ad-blocking and similar purposes is only useful if it's kept up to date.

Do you feel he is wrong about these?

Also, I will say that it doesn't look like he ran so much as said his piece and left. Conversations sometimes end.

Re:Hear this sound, Tom?

Tom still would have the repeats apk noted and shot tom down on.

Re:Hear this sound, Tom?

Tom said no app needed for hosts till he saw datasizes & used one (burning himself right then and there) and he would have repeats even with that tool. He failed.

Okay, I will even show you how to do it

APK, perhaps you will understand if you see some config of what "hosts on DNS" looks like. This is for dnsmasq, but a similar approach also works for BIND.

# INDIVIDUAL HOST ENTRIES:

address=/007-gateway.com/127.0.0.1
address=/adserver.00web.com/127.0.0.1
address=/0llii0g6.com/127.0.0.1
address=/0stats.com/127.0.0.1
address=/0tracker.com/127.0.0.1

#...10,000 similar entries follow

Any request that comes into this instance of dnsmasq for, say, 007-gateway.com (or any subdomain, such as d4f332.007-gateway.com) will NOT result in a recursive DNS request. The response is generated INTERNALLY by dnsmasq based on this config. dnsmasq will return 127.0.0.1 as the authoritative A record for these lookups.

This is exactly the same effect as a hosts file. If there is an blacklist entry in a host file, then the lookup does not result in a request to a "real" DNS server. In the case of this dnsmasq instance if there is a blacklist entry then there will be NO recursive request generated. So, to be clear: this dnsmasq is being deliberately configured to act as SoA for domains it doesn't own. This is how the override works.

Obviously, any whitelist IP entries in the config would work just as well (nothing for the Kaminsky flaw to exploit that a local hosts file could protect against any better, again because the local dnsmasq config takes precedence).

And, of course, this works for all platforms, blocks subdomains via wildcard (something hosts files can't do), and requires no client configuration at all.

DNS = known security faulty system

1.) DNS = chock full of security holes (kaminsky flaw redirect & vs. Fastflux & Dynnamc DNS exploiting botnets as well as rogue DNS servers they use too)...

2.) You're also "layering on" MORE (stupidly) creating more room for breakdown, wasting CPU cycles, RAM, & other forms of I/O as well as electricity setting up your own DNS server.

3.) Kaminsky flaw remains unpatched (even though a patch exists) for coming up on a decade now no less @ the ISP level (99% of them are unpatched & thus, redirect poisoned easily, due to MX setup being difficult with the patch in place).

By way of comparison:

* Hosts aren't "extra moving parts" with TONS OF SECURITY ISSUES (like DNS).

Hosts = a NATIVE PART OF THE IP STACK ITSELF!

&

Hosts actually CURE redirect problems in DNS for more reliability & security online... period, & doing so with less moving parts complexity + room for breakdown (as well as wasting cpu cycles, RAM, & other forms of I/O + electricity, needlessly).

APK

P.S.=> Now, why on EARTH would I go thru setting up the complexity of yet another program (stupid reasoning, just like usermode SLOW browsers are) with more room for complexity + breakdown & inefficiency, when something I already HAVE does the job,& even CURES THE FAULTY CRAP YOU USE and its problems? apk

Re:DNS = known security faulty system

This is better than hosts files on individual devices because it does these things hosts files cannot:

1. It works on all platforms
2. It blocks subdomains / wildcards
3. It requires zero client configuration

Also, it is exactly as secure as using a hosts file, so given the advantages this approach is obviously superior.

Tom = multiple /. sockpuppet acct using scum

And libeler: How'd "eating your words" taste? See here http://slashdot.org/comments.p... were they flavorful (lol) seasoned with "the bitter taste of SELF-defeat" + YOUR FOOT IN YOUR MOUTH you bigmouth libelous Open SORES bullshitter?

As to the rest of my subject, let's let TOM speak shall we:

"I'm having great conversations on this site with one of my alias accounts" - by Tom (822) on Monday April 07, 2014 @02:29PM (#46686259) Homepage

FROM -> http://slashdot.org/comments.p...

Tom = multiple /. sockpuppet using scum

Let's let TOM speak shall we:

"I'm having great conversations on this site with one of my alias accounts" - by Tom (822) on Monday April 07, 2014 @02:29PM (#46686259) Homepage

FROM -> http://slashdot.org/comments.p...

APK

P.S.=> And libeler: How'd "eating your words" taste? See here http://slashdot.org/comments.p... were they flavorful (lol) seasoned with "the bitter taste of SELF-defeat" + YOUR FOOT IN YOUR MOUTH you bigmouth libelous Open SORES bullshitter?

... apk

Re:Tom = multiple /. sockpuppet using scum

[AAWood]

...Yeah, no, I'm not Tom. If I was, I probably wouldn't be asking you to tell everyone why I'm wrong, would I?

So. Plain answers. No random links. Go.

Re:Tom = multiple /. sockpuppet using scum

[AAWood]

Aaand, that wasn't meant to be none-AC, but whatever, I suppose it clears up the issue!

Re:Tom = multiple /. sockpuppet using scum

Says it all, and Tom himself did the saying quoted here http://tech.slashdot.org/comme...

Re:Tom = multiple /. sockpuppet using scum

[AAWood]

Well, just for fun; answers, no links.

Can you run a DNS on Android Kitkat directly?

Answer that & prove it. Load a dns server program on it. Otherwise you're wrong (& even though you are since you're wasting CPU cycles, RAM, + other forms of I/O as well as electrical power ON A KNOWN SECURITY ISSUE RIDDLED WRECK).

APK

P.S.=> You want to run software with HUGE known issues in security on it (like DNS has)? That's up to you - I shored up those fualts in DNS using hosts & yes, it works (no questions asked)... apk

Yes you can, but that would be silly.

You don't run the DNS server on the KitKat device.

No, instead you make *one* "DNS w/ hosts override" for your entire LAN. Since the lightweight dnsmasq DNS server daemon is included in DD-WRT firmware, you could even load the "host override" config on the dnsmasq instance on your WiFi router. This would not waste any appreciable amount of additional electricity.

So, this would be
1. you install the hosts override in the router's dnsmasq.conf, and then
2. you set the dnsmasq forwarding for all non-override hostnames/subdomains to route to OpenDNS

This instantly solves all the problems for every device connected to your LAN. Does exactly the same thing as "hosts file plus OpenDNS", except it works for all platforms, can block subdomains/wildcards, and requires zero client device configuration.

You could do everything your hosts file does (and more, thanks to subdomain/wildcard blocking capability) if you just modify the syntax of your host file to be dnsmasq.conf format and then install it in the dnsmasq config. dnsmasq even allows you to override the OpenDNS nxdomain hijacking.

It IS silly to run DNS on a phone

Also silly to run it on a PC too as DNS = full of security issues & more moving parts + room for breakdown due to complexity.

* No thanks...

(I can do the same things you can, with less, & FAR MORE TOO - like fixing up the redirect problems your DNS servers have, by using hosts to do so, no less...)

APK

P.S.=> I simply use hosts to do the following items:

1.) Place my (now) TOP 50 favorite sites @ the top of it (regaining what I'd lose with a large hosts file in indexing by turning off the faulty with large hosts files usermode SLOW dnscache service, saving it's CPU cycles, RAM, & other forms of I/O it uses wasted on it - bonus, & going to FAR FASTER kernelmode services in the TCP/IP stack + local kernelmode diskcache subsystem to make up for it, caching hosts in RAM, unaltered) - but NOT "every site online"

2.) Blocking out (currently) 2.4++ million known bad sites/servers - hosts/domains that serve up exploits, malscript, &/or botnets

3.) Blocking Rogue DNS servers

I don't hardcode "ALL/EVERY SITE ONLINE THERE IS" though!

That, again, I use OpenDNS for!

(AND, rarely, since I spend 95%++ of my time @ my fav. sites hardcoded @ the top of hosts (most of those are news aggregators like THIS site - saves me time hopping around, OR looking to OpenDNS even... & I get the same as the sources articles post, & then some, via user comments on news aggregator sites...)

I use OpenDNS since it is patched vs. the Kaminsky redirection flaw, & uses DNSSEC between it & upstream updaters in DNS it uses in recursive mode - & 99% of ISP's out there do NOT have DNS patched vs. the kaminsky flaw, even when a patch has been around for 5-7++ yrs. or so now, mind you).

And, there you go...

... apk

That's why you don't run DNS on the phone

I have stated multiple times that there's only a need for a single "hosts override DNS" server in use for an entire LAN (rather than one DNS per device). I pointed out you can install this dnsmasq configuration in on a WiFi router (a device that is running 24/7 anyway), and that will suffice for everything on the LAN.

So, no, you don't install it on individual PCs or phones (though I guess you could if that really floats your boat).

Rather, you can take your curated hosts file, load it on dnsmasq (with appropriate syntax changes), and it would accomplish the same effect as having the hosts file on your machine.

To reiterate:
1. you setup the hosts override dnsmasq DNS on your WiFi router (or whatever)
2. you set the router to be the DNS for your LAN (handing out this config via DHCP)
3. all DNS host resolution goes through this dnsmasq DNS that applies the host-file type overrides first. Anything listed as hardcoded is treated by dnsmasq just like a hosts file entry. Anything else is forwarded on to OpenDNS for resolution (just like in your PC hosts file plus OpenDNS).

You can even make your hosts file more compact by banning via subdomain/wildcard. I created my hosts list by pulling from a variety of hosts sources and unifying them. When a domain has too many blocked subdomains, my script just "promotes" the ban to include all subdomains (take that, doubleclick).

Anyway, this works for my Kit Kat devices (and everything else I have), and protects all my guests instantly when they connect to my network, all at once.

At least you agree on that much

"So, no, you don't install it on individual PCs or phones" - by Anonymous Coward on Thursday April 10, 2014 @02:26AM (#46711441)

I wouldn't for the simple reason it's security issue riddled (easy redirect) & WHAT STOPS THAT? Hosts... it shores up redirect weaknesses in DNS (that both FastFlux &/or Dynamic DNS using botnets use, as well as Kaminsky redirect poisoning flaw exploiters too).

APK

P.S.=> I make hosts more compact via my program http://start64.com/index.php?o... which removes duplicated entries & also converts the LARGER & SLOWER to parse + load 127.0.0.1 blocking address to the SMALLER & FASTER to parse + load 0.0.0.0 (which not only works INTERNALLY for programmatic access of hosts data, but, also for creating a smaller file to load in its entirety) - fact.

In fact, I used to be able to do even MORE of that, doing 0 (smaller & faster by FAR vs. 0.0.0.0 even), but VISTA 12/09/2008 patch Tuesday onwards took out the ability to use it (VISTA, 7, Server 2008)...

To THAT end?

Well - I confronted MS' then head of the "Windows Client Performance Division" on it (posted as Foredecker here):

Even HE was forced to concede I am correct on it -> http://slashdot.org/comments.p... back as far as 2008... nothing was changed. I couldn't BELIEVE it (since it's performance-oriented & that WAS his division)...

Funniest part is?

Windows 2000 SP#2 put 0 in place (vs. 0.0.0.0 or 127.0.0.1, which it is FAR SMALLER & FASTER than BOTH)...

So, someone saw the value of it AFTER Windows 2000 was created & put it there...

However/Oddly: Windows 2000/XP/Server 2003 CAN STILL USE IT (go figure)... apk

We agree on a lot, actually.

We agree that the "hosts override on a DNS server" approach works for all platforms, whereas hosts files do not work in all cases.
We agree that running this DNS server on a WiFi router that is up 24/7 (and is already running dnsmasq daemon anyway) doesn't cause any appreciable increase in electricity usage.
We agree that the "hosts configuration override on a DNS server" approach can accomplish everything that the hosts file on an individual machine does.

The primary remaining point of contention is what is considered the simpler/more reliable solution: configuring a single DNS daemon for an entire LAN with a hosts updater, or running a hosts file installer/updater on each individual client that supports hosts files (and finding an alternative solution for all those clients that do not support hosts).

Hosts fix DNS redirection issues easily... apk

WHICH IS HOW/WHY HOSTS CAN SHORE UP DNS' FAULTS IN REDIRECTS - per my subject-line above.

(That, mind you = DNS BIGGEST PROBLEM, along with being abused by FastFlux &/or Dynamic DNS using botnets + DNS AMPLIFICATION ATTACKS...)

It's a faulty system, & BEG TO DIFFER: Using ANY program uses CPU cycles, RAM, & other forms of I/O (dns included) - you're wasting it, since it's KNOWN faulty & insecure, & doing what hosts can do easily (for less).

Lastly:

Hosts on a local system WILL override DNS not only remotely, as I do it, but also for a LOCAL dns server!

(Since it's part of the IP stack, & DNS has to obey THAT, too... like any outbound communications system WOULD operating beneath IP)

APK

P.S.=> You're mistaken IF you think I agreed with you on power consumption, CPU cycles consumption, RAM consumption + other forms of I/O WASTED on a known faulty insecure system in DNS (which you would be subject to due to having to use recursion in order to update it)... apk

DNS w/ override fixes redirects for ALL platforms

Per my subject line, above, you see that this solution fixes the problem for all platforms. And, in fact, a single DNS daemon configured on a WiFi router will do this for ALL devices on the network, regardless of platform (something you can't claim for hosts files), and requires ZERO client configuration (something you can't claim for hosts files).

As you claim: "...doing what hosts can do for less."

If you want to make that claim, you are going to have to prove that the hosts file installation + updater installed on EVERY multi-hundred watt computer on your local network saves power/money vs the DNS daemon on a SINGLE, solid state WiFi router that pulls less than 15 watts max (and which is already running the DNS daemon anyway). You will need actual, documented power draw statistics for the each machine using hosts vs. DNS lookups, and will need to do this for all platforms (well, all platforms that support hosts files, because not all of them do, you know).

The DNS daemon configured as I have described is no less secure than a system using your hosts files. The override "hosts" style configuration of the DNS daemon happens before any forwarding/recursion. So, anything you haven't included in the hosts file overrides will result in a DNS lookup, using your approach. Using my approach, anything you haven't included in the hosts file overrides will result in a lookup forwarded to OpenDNS (which you also say you use).

Same net effect, just as secure (well, the DNS override approach is MORE secure than a hosts file because it can block based on wildcard, something that a hosts file will never be able to do).

Oh, and in case you missed it, my approach works for all platforms whereas the hosts file on individual clients approach that you advocate does not..

Hosts FIX dns security issues... apk

Hosts also work on ANY platform bearing a std. BSD derived IP stack, and DNS has to OBEY hosts then too (which is how & WHY hosts can fix dns redirect problems that FastFlux &/or Dynamic DNS botnets abuse DNS on to NO end - which botnets exploit, LIKE MAD!)

Then, there's also DNS Amplification attacks, where DNS is abused further as well.

So, no thanks to setting up a DNS here!

DNS servers would waste electricity, CPU cycles, RAM, & other forms of I/O where a single file (hosts) can do the job in combination with external DNS servers!

(One like OpenDNS, which IS patched vs. the DNS Kaminsky redirect security flaw, AND uses DNSSEC between itself & its upstream servers it updatres from (ICANN iirc)).

APK

P.S.=> I don't believe in adding MORE COMPLEXITY (which leads to more room for potential breakdown & in DNS' case, MORE than potential with all of its security flaws BOLDED ABOVE - which hosts, fix)... apk

You don't need an updater everywhere on a WAN

You don't need the updater as a program. Use logon scripts or chronjobs/scheduled tasks to do it from a CENTRAL network located server run on a network-wide admin user basis to update workstation nodes, "automagically" with the absolute current version of hosts - voila, a snap.

On that centrally located server? Admins can run this & distribute the result, easily, as shown above, network wide... periodically + easily.

(& as usual, using existing OS tools, just as I do with the "updater" as you called it, I created -> http://start64.com/index.php?o... )

My program does the nigh impossible job (due to timeframes with larger datasets over time acculated) & makes it faster + more efficient, on ALL levels (programmatically & Operating System privelege levels + ring of access superior speed, yielding superior added speed, security, reliability, & even anonymity for end users of the result - a custom hosts file).

APK

P.S.=> "Pats self on shoulder" - there is NO questions asked, that "IROC FIGHTCLUB" (since i'm FAIRLY sure I said all that before earlier to you, but you "overlooked it" (perhaps, 'conveniently' I suspect))... apk

Links = where Tom said & did what I put here

Tom's MULTIPLE FAILS vs. me he downmodded here earlier where I spanked his ASS repeatedly:

---

1.) Tom refused to debate RequestPolicy's BLATANT inferiority to hosts files (first of all) -> http://slashdot.org/comments.p...

2.) Tom literally stating he don't need an app to process hosts properly here http://slashdot.org/comments.p...

(LMAO - yet Tom used uniq & FAILED THAT TOO dumbass, on repeating bloat data you'd still have with it -> http://slashdot.org/comments.p... )

3.) Tom SAID MY APP is a VIRUS & has to "eat his words" -> http://slashdot.org/comments.p...

4.) Then Tom BLEW IT YET AGAIN on data in hosts yet again (Tom'd have repeats and Tom doesn't understand hosts data at all from its sources in the security community) -> http://slashdot.org/comments.p...

---

* Happy now?

Plus, Tom tried to "hide it" here earlier by downmodding it too?

Please - Tom "PROJECTS" He KNOWS HE FUCKED UP LARGE -> http://slashdot.org/comments.p...

APK

P.S.=> Answer me a question Tom: How'd "eating your words" taste? See here http://slashdot.org/comments.p... were they flavorful (lol) seasoned with "the bitter taste of SELF-defeat" + YOUR FOOT IN YOUR MOUTH you bigmouth libelous Open SORES bullshitter?

I was even NICE & literally *tried* to warn hm to 'steer clear' of trying me on hosts here http://yro.slashdot.org/commen... , but no...

The moron "Tom" fried himself - serves him right and ME even moreso - since I can easily DISMANTLE & DESTROY any naysayer trolls on hosts, with facts they cannot dispute or disprove, technically validly...

... apk

Local DNS is superior to hosts files

You believe in using hosts files. You believe in using DNS, as you have repeatedly stated. You have run from offering proof of your claims that your hosts files NON-solution would save electricity, CPU cycles, etc vs a local DNS daemon on a WiFi router.

DNS amplification (and other) attacks aren't feasible for a "hosts overrides on DNS" dnsmasq daemon running on a WiFi router... the DNS is only accessible from within the LAN.

I believe in having a solution that works for all platforms. Hosts files do not work for all platforms. I install the hosts overrides on a single DNS that protects all the devices on my LAN REGARDLESS OF PLATFORM. This solution also blocks subdomains/wildcards (something hosts files will never be able to do).

Your hosts file approach is ineffectual for platforms that do not use hosts files and thus leaves them vulnerable. This is unacceptable.

Notice you RAN (lol) from a mistake of yours

Funny that, eh? http://tech.slashdot.org/comme...

* :)

APK

P.S.=> You? Fail...

... apk

Notice you RAN from a mistake of yours... apk

"Funny THAT, eh?" (not) -> http://tech.slashdot.org/comme...

* :)

APK

P.S.=> You FAIL... & I had to CORRECT you on that no less!

... apk

Hosts - Less complexity & room for breakdown

Taking you apart, point by point, beyond your mistake you avoid now http://tech.slashdot.org/comme... (showing your LACK of networking knowledge):

"You believe in using hosts files. You believe in using DNS, as you have repeatedly stated." - by Anonymous Coward on Sunday April 13, 2014 @11:26AM (#46739991)

External DNSSEC utilizing & PATCHED (vs. Kaminsky redirect flaw, which 99.999% of ISP's out there are NOT patched vs. it).

Hosts secure vs.:

1.) Kaminsky's flaw
2.) FastFlux &/or DynDNS using botnets too

Via hosts favorite sites hardcodes!

(Hardcodes which are FASTER to resolve than external DNS for favorites you hardcode @ the TOP of hosts to offset indexing loss, IF your hosts file is large - local queries are faster than remote ones, no questions asked)

Why?

Well - hosts are the 1st thing queries, NOT DNS which DNS also has to OBEY HOSTS since it is part of the IP stack & 1st resolver - not DNS on a local system...).

---

"You have run from offering proof of your claims that your hosts files NON-solution would save electricity, CPU cycles, etc vs a local DNS daemon on a WiFi router. - by Anonymous Coward on Sunday April 13, 2014 @11:26AM (#46739991)

Plus, well... Let's see: routers get ABUSED all the time, their 'encryption' gets cracked all the time, & their code gets infected by malcious people online...

NOT SAFE @ ALL!

Also - You're using MORE PARTS (weak ones), that alone guarantees MORE POWER CONSUMPTION as well as complexity/room for breakdown or exploitation, no questions asked...

APK

P.S.=> Going to continue this in yet another post (slashdot sets limits on quotes I can use)... apk

Further dismantling your "points" easily... apk

"DNS amplification (and other) attacks aren't feasible for a "hosts overrides on DNS" dnsmasq daemon running on a WiFi router... the DNS is only accessible from within the LAN." - by Anonymous Coward on Sunday April 13, 2014 @11:26AM (#46739991)

Then you made my point in my other posts above: You're WASTING CPU cycles, RAM, & other forms of I/O on yet ANOTHER program running adding complexity + room for breakdown & exploit... & needlessly, locally... ,b>Thanks for making my point!

---

"I believe in having a solution that works for all platforms. Hosts files do not work for all platforms - by Anonymous Coward on Sunday April 13, 2014 @11:26AM (#46739991)

Hosts work on ANY platform which bears a std. BSD derived IP stack (99.999% of them) & you even SAID it's stupid to run a DNS server on a smartphone (the only 1 that can't do hosts, since GOOGLE SHOWS THEY FEAR HOSTS & thus, me, obviously, since they're an advertiser) -> http://tech.slashdot.org/comme...

---

"Your hosts file approach is ineffectual for platforms that do not use hosts files and thus leaves them vulnerable. This is unacceptable. - by Anonymous Coward on Sunday April 13, 2014 @11:26AM (#46739991)

More acceptable than running "more moving parts room for breakdown due to complexity" DNS & all of its faults noted above... for sure, & faster too (since it's 1st resolver queried over ANY & ALL others, locally - fact).

APK

P.S.=> Above ALL else here though (since you've already hugely blundered here showing us you don't know what you're talking about in networking -> http://tech.slashdot.org/comme...

?

Since you said hosts are ineffectual, you're MORE THAN WELCOME to disprove 17 enumerated points listed where my program's downloadable then (good luck - you'll NEED it, more like a miracle) -> http://start64.com/index.php?o...

... apk

Hosts files waste electricity & CPU cycles

Hosts files waste electricity & CPU cycles compared to running a DNS server with hosts overrides on a WiFi router. I offer as much proof of this claim as APK offers of his claim regarding hosts files being more efficient than a DNS running locally on an embedded device on the LAN.

APK, it is an incontrovertible fact that your hosts files are completely ineffectual on platforms where they cannot be used. A DNS running on the WiFi router and protecting the whole LAN offers superior security (because it works for ALL platforms, unlike APK's hosts file "solution" AND can DNS can block via wildcard and subdomain, unlike APK's hosts file "solution").

APK, are you dense? Per you: "you even SAID it's stupid to run a DNS server on a smartphone" Yes. Yes, I did: I said you load the DNS w/ override config on a WiFi router and it protects all devices that connect to the LAN. Do you even own a smartphone or tablet? Are you aware that they usually use WiFi for local connectivity? Do I have to literally connect the dots for you, or can you reason at a 1st grade level?

Your claim that routers are somehow unsafe is laughable when you compare the number of exploits that exist for computers. Or are you claiming that exploits don't exist for computers and/or that any computer exploit would be unable to remove your hosts file? Your central hosts file deployment server proposal WILL NOT WORK for smartphones or tablets and represents WASTED CPU cycles, electricity, as well as added levels of complexity vs. a simple DNS daemon configuration.

You claim your hosts file "solution" is superior without offering any suggestions for platforms that do not support hosts. My approach fixes all of these.

So sorry to have completely destroyed your position and to have proved you fail at basic reasoning AND how you lack basic understanding of network topology.

You can go cry in your cheerios now.

You're dense noob (logon scripts, chronjobs)

Programs like DNS use CPU cycles, RAM, & other forms of I/O hosts don't. Period. They're added parts which alone shows more complexity and room for breakdown... & they're CERTAINLY chock full of security problems when set into recursive mode for updates (and 99.999% of ISP DNS servers aren't patched vs. the Kaminsky redirection bug, & FastFlux + Dynamic DNS servers tear up DNS all day long too... then, there's also DNS Amplification attacks).

"Hosts files waste electricity & CPU cycles compared to running a DNS server with hosts overrides on a WiFi router." - by Anonymous Coward on Sunday April 13, 2014 @07:34PM (#46743115)

ROUTERS GET ABUSED AND BROKEN INTO ALL THE TIME... lol, you're asking for trouble relying on that!

(WiFi? Sucks... slower and shittier than hardwired connections too, by far!)

WPA2 even gets broken!

"Your claim that routers are somehow unsafe is laughable when you compare the number of exploits that exist for computers." - by Anonymous Coward on Sunday April 13, 2014 @07:34PM (#46743115)

By the way? ROUTERS ARE JUST COMPUTERS TOO, fool... lol

APK

P.S.=>

"APK, are you dense?" - by Anonymous Coward on Sunday April 13, 2014 @07:34PM (#46743115)

LMAO - NOT AS "DENSE" AS YOU WITH YOUR UTTER NOOB SCREWUP HERE (where you didn't even realize how to use commonly used networking tools on any OS out there pretty much) -> http://tech.slashdot.org/comme... (that's where I had to correct you on that, AND, I am the person that told you about KitKat too - which YOU obviously are unaware of as well)... apk

"router security" (lol, not)... apk

WPA2 gets cracked http://www.sciencedaily.com/re...

Routers exploited worldwide http://www.bing.com/search?q=r...

* :)

(So, want to "tell us another one" on "how secure routers are"?)

After all - I dusted you on DNS, so you shifted to routers now? Bad move - see above!

APK

P.S.=> Between THESE proofs of the falsehood in your claims, and YOUR UTTER "NOOB" LEVEL SCREWUP ON HOW TO UPDATE HOSTS ACROSS NETWORKS YOU DIDN'T KNOW ABOUT HERE -> http://tech.slashdot.org/comme...

?

You aren't showing yourself to be either SKILLED, COMPETENT, or an AUTHORITY of any sort ... lol! You did it. to yourself...

... apk

More nonsense from APK

APK, you are using logical fallacies (attacking routers as being insecure while touting your solution that is deployed on PCs which are exploited far more often), and deliberately avoiding the fact that your hosts files cannot protect all platforms, unlike a hosts override with DNS.

APK says, "Programs like DNS use CPU cycles, RAM, & other forms of I/O hosts don't."

Give us another laugh, APK. DNS on a solid-state router uses less power than your hosts file deployment on a bunch of high power draw computers. I'm sorry you can't understand basic electrical physics and that you lack reasoning ability.

It seems that you have to resort to logical fallacies because your proposed "solution" of using hosts files is LESS secure than DNS with overrides (because it does not work for all platforms, cannot block by wildcard/subdomain, and is deployed on the platform that is most frequently exploited in the world). Because you know you cannot debate the superiority of the DNS-based solution, you have to resort to your silly antics.

APK, you are the one displaying pathetic incompetence. Go back to your tear-sogged cheerios before you embarrass yourself further in public.

Call me all the names you like, but...

It's no fallacy to show routers being abused with valid links.
You went from DNS (& failed) to routers now.

I put up links to router problems, including WPA2 being cracked. You fail.

APK

P.S.=> It's funny seeing you go from DNS & failing, to routers, and failing yet more... apk

Your NOOB incomptence was hilarious... apk

http://tech.slashdot.org/comme...

* :)

Shifting from DNS, to routers now? They BOTH are security issue riddled WRECKS... & my other posts prove it. Hosts shore up DNS issues in redirects though, no questions asked.

APK

P.S.=> Noob CHUMP - accept 1 thing: I have you outthought, outsmarted, outgunning, & just plain OUTED (as well as outclassed) easily... lol!

... apk