Stung By File-Encrypting Malware, Researchers Fight Back

itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."

Wich only serves to further

[Wapiti-eater]

The myth that the 'security' industry is at the root of the problem

Re:Wich only serves to further

It isn't called job 'security' for nothing!

Re:Wich only serves to further

[Tmackiller]

I hate that I have the compulsion to do this, but *which(title) && *doesn't or does not (signature).

Re:Wich only serves to further

[Opportunist]

How does that support that the security industry is somehow part of the problem? They found a simple and convenient way to give the ransomware the boot, what's your point?

Re:Wich only serves to further

[gstoddart]

How does that support that the security industry is somehow part of the problem? They found a simple and convenient way to give the ransomware the boot, what's your point?

Because, if you publicize how you caught their error, they can fix it.

So, now the next iteration of this will possibly NOT be fixable.

Someone found a way to fix it, and didn't tell how it was done. Someone else then publicized it ... and when you explain the ways and means, the bad guys can know how you did it.

What they've done is tell the ransomware folks how to 'improve' their malware.

Re:Wich only serves to further

Yeah, it would've been much harder for the attackers to reverse his utility right? Anything that monitors file accesses would've seen what files it was accessing. I don't disagree the AV company made a mistake because they wanted publicity but I don't think what they did was as significant as you might think.

Re:Wich only serves to further

[Calydor]

Symantec did exactly what gets private security researchers into hot water: They publicized an exploit in a program.

Ignoring the fact that the program is malware and the exploit was a means of defeating the malware, WHY is it okay for Symantec to do this?

Re:Wich only serves to further

[Opportunist]

Oh, you mean what Symantec did. Sorry, you lost me there, at first there was talk about the security industry, for some odd reason I didn't associate Symantec with that...

Re:Wich only serves to further

[v1]

WHY is it okay for Symantec to do this?

The more relevant question to ask is "Why DID Symantec do this?" A more interesting question would be "Why did Symantec break the law?" They didn't do that, but the answer to all three is the same.

"because it helps them make money".

In this particular case, the fear of ransomware helps Symantec sell their product. So a researcher doing something to combat ransomware hurts Symantec's business. So they do what they can do, to protect their profits. In this case, it's even legal for them to do it. So it's a no-brainer.

You simply have to expect this sort of behavior from any big business. There's no point in being confused or shocked by it.

A month from now they will be able to make a new press release, "Two months ago security researchers dealt a blow to ransomware, protecting users and devaluating our product. Today, we're pleased to announce the ransomware developers have made the necessary fixes to their code outlined in our recent publication, and once again, Symantec is your only defense against ransomware!"

Re:Wich only serves to further

[Tharkkun]

This is Slashdot. Why aren't people up in arms over the published utilities source code being hidden. You want us to a run a binary off a website to decrypt our files? Sure, let me get right on that.

Re:Wich only serves to further

[fustakrakich]

I'm for full disclosure. Let the user know about the vulnerabilities.

Re:Wich only serves to further

[Lumpy]

But it is easy to keep off your system. http://www.foolishit.com/vb6-p... completely neuters it before it is ever launched, and it also makes changes that blows up 90% of the trojans infection vectors out there.

Re:Wich only serves to further

[mysidia]

Because, if you publicize how you caught their error, they can fix it.

Exactly. They publicized the methods solely for marketing purposes -- so they could write a "ME TO" article, showing how their "researchers" are "On top" of security, and stealing thunder from the developer of the free Decryption software.

Because we're big Symantec, and we can't have third parties scooping us on antimalware techniques.

It also helps their product by making sure the authors of ransomware learn from mistakes, so future ransomware is more robust, AND therefore, users will have greater damage by ransomware in the future, increasing the demand for Symantec's products.

Re:Wich only serves to further

You'd think this would be the case... but the reality is that the malware authors updated their software the day after Symantec published the flaw. They didn't fix the flaw during the time when the "free tool" was available. Looks like a direct correlation to me.

The big thing here is that the authors probably couldn't be bothered to fix it before Symantec broke the news, as they were still getting lots of payments.

Re:Wich only serves to further

[Darinbob]

How about the question "why should they not do this?" The ransomware makers know that there's a recovery tool, so it's a short period of time before they figure out what their flaw is. There's no gain to be benefited by keeping the details secret. Do we want the situation where some security professionals know what the flaw is, the malware authors know what the flaw is, but the general public is kept in the dark?

Security through obscurity does not work. Similarly, keeping security protection details limited to a select few is also a bad idea.

Re:Wich only serves to further

But it is easy to keep off your system. http://www.foolishit.com/vb6-p... [foolishit.com] completely neuters it before it is ever launched, and it also makes changes that blows up 90% of the trojans infection vectors out there.

Windows question for those who use Windows, is there a way to import/export Software Restriction Policies? (This is a Win7 Professional install, so AppLocker doesn't work for me, I've gotta use the older Software Restriction Policies.)

Win7 x64 Pro: Start -> Contro Panel -> Administrative Tools -> Local Security Policy (brings up the LSP console) -> Software Restriction Policies -> Additional Rules.

From there, it's easy enough to add (rightclick/New Path Rule...) rules to block %wherever%/.exe, but this only works for one system.

I can see an "Export List..." to .txt or .csv function when I right-click on "Software Restriction Policies" in the left pane, but there's no import.

I can see an "Export Policy..." and "Import Policy..." by right-clicking at the top-level "Security Settings" in the left pane... (it's above all the subfolders, so it ought to include everything, right?) but when I use it to export a "Security Template (.inf)" file, delete one of my path rules, and then reimport the same SecurityTemplateWTFWindows.inf, the test rule doesn't reappear. WTF? I know the GUI is just a front end for something I could be doing on a command line in a batch file, but I don't know what. The GUI isn't doing what the GUI seems to indicate that I want to do. So what do I have to do to make the damn thing do what I want?

tl;dr: I'm doing something that's probably obviously stupid/wrong to anyone who regularly administers windows. What I want to do is export a set of SRPs (software restriction policies) into a portable file, and then reimport that file onto another machine in order to quickly and easily save/restore a custom local security policy.

Re:Wich only serves to further

The antivirus industry is the front of a criminal activity. They are criminals too. It remains extortion.

Re:Wich only serves to further

[TangoMargarine]

Sounds logical to me ;-)

"Symantec(tm): Hey, at least we're not wanted for murder in Bolivia!"

Re:Wich only serves to further

[TangoMargarine]

Well, if all your files are already compromised...how much worse can it really get?

Re:Wich only serves to further

[mysidia]

The myth that the 'security' industry is at the root of the problem

I would argue: not entirely a myth; while it may be unintentional on the part of players in the security industry (at least ethical ones). Much of security researchers' work can enable and facilitate attackers. Some researchers even SELL exploits, AND attackers may be the buyers.

In many cases... they share too much information with attackers that attackers can use to improve their processes. They also in some cases PROVIDE motive. By giving a media channel for the discussion of the results of their exploits --- this can give publicity to an attack or an attacker, which results in bragging rights or "pride" as a reward for the malicious acts that would otherwise provide negative social connotation to their activities.

Re:Wich only serves to further

[OneAhead]

Am I missing a joke here or are you confusing Bolivia and Belize?

Re:Wich only serves to further

That's a grey area then. If they were still getting a lot of payments because not many people were aware of the "free tool", then after Symantec's announcement people clearly went looking for that tool to fix the problem instead of paying.

Therefore the immediate proximate cause of the hackers upping their software was people using the free recovery tool. The tool could only go "under the hackers radar" when it was limited to a select few lucky user who were in the know.

Re:Wich only serves to further

[TangoMargarine]

Meh; they're both in Asia ;-)

Re:Wich only serves to further

Doesn't you consider fixing that typo in your sig?

Symantec

does not want these problems to be solved, they want to keep selling virus scanning software. Ensuring the encrypting guys fix their mistake works in Symantec's favour.

CAPTCHA: tyrant

Of course Symantec did that...

[Last_Available_Usern]

It's in Symantec's interest that the authors mitigate the weakness in their malware so the threat will permeate through media and people will continue to be terrified into buying copious amounts of security software that in most cases won't even mitigate the risk.

Re:Of course Symantec did that...

[dcollins117]

What I find most interesting about this story is that both the white hats and the black hats share a common goal. It's your money.

The black hats are saying "Give me your money if you ever want to see your data again." The white hats are saying "Give me your money and we'll try to keep your data safe."

They're both picking your pockets, all you have to do is choose your master.

A weak approach

I'd wager most of the encryption attacks bring their own encryption tools with them. Otherwise your target would be able to just block file encryption altogether and prevent the attack from working.

Re:A weak approach

[mlts]

Another item is that a lot of enterprises have a data recovery agent. That way, if EFS is used, one just cracks open that key, decrypts everything, calls it done.

I'm sure this will be fixed in the next version of the software. Malware is the most well written and meticulously supported software being created in the computer industry these days.

disclosure

[DriveDog]

At first Symantec's actions sounded dismaying, but in the long run using every opportunity to publicize the folly of using that API is probably beneficial. I've spent years trying to dissuade people from using (old) Excel's password "protection" due to the false sense of security. That Win API has the same effect—convinces the masses they're employing secure means when in fact they're not.

Re:disclosure

[Last_Available_Usern]

It must be at least mildly effective if the only legitimate means of unencrypting the data was a copy of the keys that only a set of researchers dedicated to the issue were able to find.

Re:disclosure

[Zmobie]

It half ass works. I mean if you need REAL security, you're right, no way in hell I would trust my files to the built in windows encryption (other than maybe BitLocker drive encrypting, but that is an entirely different mechanism). I do find it funny/interesting/depressing the "security culture" that is now marketed to the general populace. They basically throw buzzwords at them until people believe they know what they're talking about.

Re:disclosure

[marciot]

I've spent years trying to dissuade people from using (old) Excel's password "protection" due to the false sense of security. That Win API has the same effect—convinces the masses they're employing secure means when in fact they're not.

I think recent events have shown that relying on security of any kind leads to a false sense of security (examples: NSA backdoors, OpenSSL bugs, WEP vunerabilities, etc). We'd all be much safer if we simply assumed there was no such thing as security.

Re:disclosure

[mlts]

The ironic thing is that "real" security is pushed to the side. Old fashioned things like gpg, PGP, proper backups [1][2], sandboxing, and other basic items tend to fall into disuse while "lets just stash it in the cloud and take their word for it, as they use 'encryption' and 'firewalls'" seems to be the mode of operation of the day.

For example, I've seen some "cloud encryption" systems that require one to set up an account... and where the actual encryption key is stored can be anyone's guess (the websites on some of those sites sure do not give any details other than logged in == file access, not logged in == no access.) For remote storage, I rather use a secure archiver (PGPZip, BCArchive, even WinRAR on occassion) for file archives and TrueCrypt or similar for disks. I just prefer to pack my own parachute when it comes to encryption.

[1]: People make fun of tape, but even a relatively older tape format like LTO-4 still can provide a lot of use. It would be nice to see a "consumer grade" format that can hold a couple TB native and can handle USB at multiple speeds so shoe-shining is minimized. Maybe even add a SSD as a buffer to further minimize issues with buffer underruns.

[2]: Copying documents to a cloud drive is not a proper backup. One delete command issued by malware, and that data is gone. This also applies to copying data to external hard disks or USB flash media... all it takes is something to run through all devices, run a blkdiscard on the device, and if that doesn't work, a dd if=/dev/zero of=whatever, and everything is gone. Using BD-R/DVD+R/CD-R media is closer to a better backup because if the disk is finalized, barring something on the burner's ROM, malware won't be able to tamper with that media. Proper backups are where media is offline, preferably with media sent to at least one offsite location. However, not many places do this right these days.

Re:disclosure

[Zmobie]

A lot of it seems to be liability for large groups. An IT department can outsource data backups and data security to "the cloud provider" and if something goes bad they only get a bit into trouble for picking the wrong provider. Meanwhile they can just point the finger at their provider and say "not our fault."

Individuals on the other hand just want their damn data, but so few are even educated on IT security at all. I know so many software developers and IT workers even that don't know the first thing about security. Meanwhile my home server I'm implementing drive level encryption on a hardware RAID 5 with physical locks going on the tower (setup isn't done, still have to modify it) with the BIOS completely locked down to where you can't do anything unless you know the BIOS password or the Windows Server Admin password.

Yea, it is probably way over the top for me, but I would rather know that any data I put on there is reasonably secure as opposed to just raising hell with some provider that did god knows what with that data before they lost it.

Re:disclosure

[mlts]

A secure home server only makes sense. If you get a machine with hardware RAID, mirror the OS drive, then use RAID-Z2 [1] or RAID-Z3 for the data. If using Windows, then you get a choice between bit rot resilience with Storage Spaces + ReFS or deduplication with Storage Spaces + NTFS.

[1]: RAID-Z will find bit rot on a zfs scrub, but won't be able to fix it. RAID-Z2, RAID-Z3 and RAID-1... even ditto blocks can both find and fix it.

Not a Myth

[Martin+S.]

The so-called security industry is big part of the problem.

While they continue to peddle their snake oil and sticking plaster solutions that the underlying problem. Microsoft and company will continue to peddle insecure crap ware.

Re:Not a Myth

[Richy_T]

Absolutely. This is an OS design problem.

Re:Not a Myth

So which OS that has a large marketshare has never had a privilege escalation bug? Hint: jail break is a security vulnerability

Re:Not a Myth

[lgw]

Not even a little. Modern malware is largely OS indifferent. Windows XP had security issues, but that's a loooong time ago.

Re:Not a Myth

[TangoMargarine]

Linux? :)

(I'm fairly sure every article that's popped up on /. in the last few years about privilege escalation on Linux has turned out to be "oh, but you had to have already given it permission.")

Oh, I'm sorry...was I supposed to say Mac? Sorry for stealing your thunder.

Re:Not a Myth

[Richy_T]

Good point. My mind was on viruses and trojans for some reason.

Re:Not a Myth

[Richy_T]

Wait, this was malware, not the heartbleed thing. It should never have been run and never had access to the files it was affecting. An OS could be designed to be document-centric rather than application-centric (amongst other design choices) and many of these vulnerabilities just not available to exploit.

Re:Not a Myth

[mysidia]

So which OS that has a large marketshare has never had a privilege escalation bug?

VMware ESXi. (*Privilege escalations within a Windows guest operating system don't count; only, escalations from a lower privileged user, or OS running in the hypervisor, to privileged hypervisor control).

fake website

kinda off topic but I saw some fake law enforcement /FBI popup that asks for a money order on my browser. I couldn't close Google Chrome normally. I ended up using the Windows task manager to terminate the process.

Not sure how the browser loaded the website. I even scaned the PC for viruses and malware.

Re:fake website

[Qzukk]

That's a pretty common ad-delivered site that's been around for a while. It has an "onunload" function that pops up an error message when you try to leave the site. Chrome added a checkbox to disable the message, so they made their error message so long it goes off the bottom of the screen and since its a dialog box, you can't scroll the text to get to the checkbox, you just have to trust it's there after the third or fourth alert: hit tab, space to check the box, tab again, space to hit ok.

Re:fake website

[gstoddart]

It has an "onunload" function that pops up an error message

And this is why I don't allow javascript to run on arbitrary sites.

Because javascript can be used to do way too many annoying things. Like websites which think they can disable my right click (so I can use the back button) because they think I'm going to steal their images.

It's also why Flash doesn't get installed on machines I control.

Re:fake website

[GTRacer]

You fool! You foolish fool!

Now you've really done it! You've gone on and told them we know what their popup UI exploit was! Now they're going to add their OWN buttons above Chrome's and God help you if you try selecting it and entering!

Re:fake website

[Richy_T]

I take special delight in stealing the images of sites like that.

Re:fake website

[omnichad]

While personal preference lets you do what you want, I'm fine with having that control with Javascript. The browser balances out the bad with user control. For pop-up dialogs, there is the checkbox to stop more. For right-click - well - there's always the inspector.

Dialog boxes that are too long need to be modal only to the tab and size limited, with scrolling enabled for long content.

Re:fake website

[Guest316]

And people wonder why I get pissy about sites which don't work without JS/Flash/whatever-gizmo-du-jour.

Re:fake website

This is why I get the shits with every single modern UI toolkit. How can you possibly push a window beyond the screen bounds with too much text unless someone has been exceedingly, intentionally, lazy and stupid?

Re:fake website

[Fr33z0r]

I haven't seen one of those for a while, but the right-click menu comes up on release. On sites that pop up a "right click disabled" messagebox on *click* you can just hold the button down, OK the popup, and then release the right button to trigger the menu.

Of course that doesn't work on sites that disable it silently.

Re:fake website

...and with QuickJava installed, you don't even need to reload the page to do it.

The ONLY thing that is accomplished by disabling the right click with pointless JS is pissing off visitors.

Why the Antivirus Era Is Over

[Martin+S.]

They can't keep up with the known threats

Comparative reviews since February 2009 - February 2014

Out-maneuvered by new threat vectors

Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt

Conventional security software is powerless against sophisticated attacks like Flame, but alternative approaches are only just getting started.

Some of them even get it, Eugene Kaspersky admits :

The contemporary antivirus industry and its problems

Symansuck

[callmetheraven]

Symantec are the dumbest bunch of dumbfucks ever.

Combine that with shit software and the worst customer support in the business and the only conclusion is that Symantec can't die fast enough. Die Symantec, Die.

Not really bad

[mveloso]

One of the probably reasons they store the key on the box is because it's easier than having it on a remote server. A remote server can be taken out, unreachable, and you have the extra added problem of associating the decryption key with a specific box. That's a pain if the box isn't connected to the public network (i.e. it was infected through another vector).

If the key is local it's easier. You can even mail them a USB stick with the decryption application if you wanted to.

Future victims should sue Symantec

[leereyno]

Future victims of this criminal organization should sue Symantec.

Class action lawsuit.

I also think that criminal charges for aiding and abetting would apply as well.

Paging file?

[Dwedit]

Okay, stupid question time...
If someone took a disk image during the time when the virus was in the process of encrypting files, would it be possible to find the key in the paging file?

Re:Paging file?

[phillk6751]

I would also think that Microsoft could come out with a fix to the software that would store that key that's accessible/decrypted by the PC Admin's/User's password via a utility (but not writable by other programs) in order to "recover" files where the key has been lost/'stolen'/etc. This would only work of course IF the hackers were using the local copy of the encryption DLL and not a downloaded/hacked copy (if it would even work that way).

Re:Paging file?

How is this interesting? You could also use a VM and grab an image of the RAM as well. If you had nothing to do for 100 years.

Reading through gigabytes of data without a single point of reference might work on TV, not in the real world.

Bitcoins?

[duke_cheetah2003]

This is excellent evidence to advocate shutting down bitcoin and all it's kin.

The only use of these 'currencies' seems to be criminal activity, and frankly, malware of this nature probably wouldn't even be feasible if it wasn't for bitcoin and it's kin. There'd be no way to anonymously extort money from victims.

Re:Bitcoins?

[egranlund]

malware of this nature probably wouldn't even be feasible if it wasn't for bitcoin and it's kin. There'd be no way to anonymously extort money from victims.

Not the case.

CryptoLocker’s creators also recently shifted their monetization tactics, giving willing users additional time to pay the ransom with bitcoin or MoneyPak.

Strains of this in the past were using MoneyPak (prepaid cash card) to extort money just fine.

http://blog.trendmicro.com/cry...

Re:Bitcoins?

[Guest316]

Ah, blaming the tool again.

Re:Bitcoins?

[mmell]

(PERSONAL ANECDOTE). I have to admit to experiencing a parallel from back in the seventies. I found this really outta sight sandwich joint. It had the best (and the cheapest) steak and mushroom sandwich I've ever had. I was really sad when I found out it was a money-laundering front for organized crime - but only because I found out after the Fed shut it down under the RICO act.

(PERSONAL OPINION). Is cryptocurrency any different? I can make money for free by "mining" for valid cryptostrings (there's my cheap, excellent steak sandwich), but the primary players are guys from the Silk Road, et. al. Sooner or later, a government somewhere will squash cryptocurrency (and seize any value therein) under whatever variation of the RICO act they have. Too bad - I really liked the steak sandwiches there.

Re:Bitcoins?

Same thing happened to my favorite mexican joint in college. Always packed, cheap prices, great food, great service. Too bad they were a drug-front.

Re:Bitcoins?

[mmell]

You're right. Bitcoin is only the gun, not the criminal.

All cryptocurrency holders must immediately give their government a full accounting of all cryptocurrency transactions; any unreported transactions may reasonably be considered evidence of criminal wrongdoing (especially since such transactions are required by law to be declared, at least to the IRS in the United States - if you want to cheat, fine. Don't cheat the tax man; Al Capone can tell you all about that one).

Since cryptocurrency use is (of necessity) an organized activity, using a cryptocurrency without notifying the US Government of your total holdings on an annual basis handily constitutes a RICO worthy response. Enjoy your ill-gotten booty while you can!

Re:Bitcoins?

[TangoMargarine]

Yeah, good luck with convincing the people who use a currency specifically because it's not controllable by the government to report said use to said government.

Re:Bitcoins?

[mmell]

Precisely my point.

Re:Bitcoins?

[duke_cheetah2003]

When the tool appears to have no legitimate usages, yeah I'm gunna say this tool is inherently bad, I could even go as far as to say the tool encourages illegal behavior.

Sort of like Napster of the late 90's. It simply had no other use than to STEAL music. Bitcoin has no other use than to hide financial transaction data. I simply don't buy we need a currency that's not attached to one of the many governments in the world. What advantages do bitcoins offer over US Dollars? Besides the fact they're hard to track (Because wallet id's are anonymous, unlike bank accounts involving US Dollars.) Well one advantage is this malware right here. You can't set up a way to receive EFT's without being traceable.. unless you do it with bitcoin. Another advantage of bitcoins is tax evasion. Where are the legitimate uses for this???

I'm pretty anti-government but I also I don't like criminals committing crimes and I see this tool and see how bitcoin operates in the wild and I'm sorry, I'm not seeing a heck of a lot of legitimate usage. I do keep hearing about crimes involving bitcoins. Clue?

Re:Bitcoins?

[duke_cheetah2003]

Oh one other thing, if you're going to reply with legitimate uses, please also add in why it is better to use a bitcoin instead of US Dollar in your legitimate use. Legitimacy should also have advantage over it's predecessor, otherwise, there's no point in the legitimate use. You wouldn't use one sharp knife over another just because it looks different. It's just as sharp.

Re:Bitcoins?

[Guest316]

I'm not, because it's not my job to do your thinking for you.

I have no personal interest in cryptocurrencies outside of academic curiosity. But I am able to admit that my range of speculation isn't all-encompassing, which is where we appear to differ. You feel justified in basing your decisions on the premise that if you can't imagine something, it doesn't exist.

I see a lot of criticism of Symantec here.

[mmell]

I keep seeing people essentially criticizing Symantec for releasing the details of this exploit. I'm sure the obsecurity model has worked quite well for all of you, hasn't it?

Security through obscurity is a long-debunked myth. You people need to get over it - hiding an exploit only guarantees its continued effectiveness (obsecurity works both ways, protecting the exploit as well as the exploited). Exposing an exploit causes people to work to close the exploit and put it out of business. There's a short-term loss as every script-kiddie takes advantage of their newly discovered toy, but a greater long-term advantage in securing systems against said exploit.

To be sure, secrecy can be used to add to security - but the secret should be what you've done to close the holes, not the fact that those holes exist.

Re:I see a lot of criticism of Symantec here.

Vote parent up, for the love of God. Too many people here are saying "shh! don't tell anyone that the key is under the mat!" as if that's going to make them safer. Security problems need to be fixed. I would have thought slashdotters would know better. Now go read your schneier.org and say 12 Hail Mary's.

Re:I see a lot of criticism of Symantec here.

Hoops. That's schneier.com ...

Pay 'Em

In Bitcoins! :D

Mod the parent up, please.

[mmell]

Somebody (I assume with a personal agenda or an ax to grind) has downmodded a reasonably intelligent post.

I don't get any malware: Why?

Simple: What I can't touch, can't hurt me - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen...

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )

APK

P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

** "Less is more" = GOOD engineering!

*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

You're kidding right?

Linux has had a fuck-tonne of privilege escalation bugs.

Re:You're kidding right?

[HiThere]

OpenBSD?

Re:You're kidding right?

[TangoMargarine]

has turned out to be "oh, but you had to have already given it permission."

Citations please.

because...

...credit card fraud and theft of internet banking credentials simply does not exist...

Great summary

[uvajed_ekil]

Now I finally know what API means.