Slashdot Mirror
Interviews: Ask Security Expert Mikko Hypponen A Question
Even if you pay only a fraction of your time on security news, you probably already know Mikko Hypponen (Twitter, Wikipedia). He is the Chief Research Officer at F-Secure, a security firm he joined over two decades ago. Hypponen has assisted law enforcement in the United States, Europe and Asia on cybercrime cases, and has also made several appearances on BBC, TED talks, TEDx, DLD, SXSW, Black Hat, DEF CON, and Google Zeitgeist among others. He has also written for CNN, The New York Times, Wired, and BetaNews.
Hypponen has closely watched computers, networks, and security spaces grow over the years. In 2011, Hypponen tracked down the authors of the first PC virus in history -- Brain.A. Whether you want to know about the early days of malware -- when they were mostly created by hobbyists, or get an inside view of the challenges security firms face today, or how exactly does one keep himself or herself safe in the increasingly terrifying world, use the comments section to leave your question.
Editor's note: We will be collecting some of the best questions and sending them to Mikko at 22:00 GMT, Monday.
Hypponen has closely watched computers, networks, and security spaces grow over the years. In 2011, Hypponen tracked down the authors of the first PC virus in history -- Brain.A. Whether you want to know about the early days of malware -- when they were mostly created by hobbyists, or get an inside view of the challenges security firms face today, or how exactly does one keep himself or herself safe in the increasingly terrifying world, use the comments section to leave your question.
Editor's note: We will be collecting some of the best questions and sending them to Mikko at 22:00 GMT, Monday.
Brain.A was the first MS-DOS virus...so it was first IBM PC-compatible virus but not the first "personal computer" virus.
Do you have any suggestions on how to create a successful security awareness program in a tech company? Some like Bruce Schneier prefer the time and money is spent on better security engineering. Any experts or articles or books you can recommend?
Why, in your opinion, isn't there more concern about systemd from the security community?
Here we have a large, immature, ever-changing C code base that's now part of pretty much every installation of any modern Linux distro.
It plays a very significant role on such systems, with it starting and controlling so many other processes.
People have already experienced numerous non-security problems with it, given the huge volume of bug reports and other people begging for help with it.
All of these factors combined make me consider it a security nightmare, especially after what we've seen happen with the OpenSSL "Heartbleed" bug and the bash "Shellshock" incident.
It only takes one such bug in systemd and nearly every recent Linux distribution out there could potentially be affected.
I'm very worried about this happening, which is why I've started moving all of my computers over to FreeBSD.
But why do we so see so little concern about this from the wider security community? Did they not learn any lessons from Heartbleed and Shellshock?
Spyware?
With the recent reports of anti-virus software sometimes actually adding security vulnerabilities to the systems, and the fact that windows ships with its own bundled anti-virus, what advantages do commercial third party anti-virus solutions these days offer?
I'm wondering specifically about the windows desktop, because this is the platform usually targeted by attackers.
"Edward Snowden has warned that no smartphone is safe..." Is he correct? http://www.v3.co.uk/v3-uk/news...
What are the pre-2008 intel and pre-2013 AMD processors that you consider the most secure?
What are the ones with the most vulnerable erratas? In short What are the fastest AND safest one?
https://libreboot.org/faq/#intel
https://libreboot.org/faq/#amd
One of the big security problems of Android is that you are unable to receive any software updates, including security patches, once the hardware manufacturer decides so, and hardware manufacturers have an interest in not providing updates because they cost money to test and deploy, as well as missing updates create an incentive for the customers to buy newer hardware.
This issue affects all places where the hardware vendor also supplies the software, and will become more and more important, as internet connected software gets its way into more and more things around us.
How can this problem be solved?
Are there any groupies in infosec? Cause I know a few women that can't wait to met you...
What's with the double-Ks in your name, man? What does spell check do when you try to type it? Is it some sort of Finnish thing? Because if it is, that's cool. Finns are OK in my book because they love tango.
You are welcome on my lawn.
do you ducktape it?
You don't have to be a security expert to say avoid products like that. Why do you want a Bluetooth toothbrush anyway, it would only be good for market research anyway.
Seeing that I know several people in the security industry with way more experience than you, the supposed "security expert."
Have you looked into Capability based Security Operating Systems such as Genode? (Genode.org) They seem to offer a way for users to decide what to trust, instead of being forced to blindly trust everything every app does.
What do you think about this approach to security?
So you've answered your own question: the bluetooth toothbrush will be doing market research, so in return, the toothbrush will be free. Just like Facebook is free, in return for market research (etc).
Now you might think, who wants a toothbrush for free, they only cost like $1? But obviously a bluetooth enable toothbrush won't just be an inert hunk of plastic - it will be an electric toothbrush. In the shops here, you can get a basic electric toothbrush for $20. Having one of those for free in return for market research starts being a realistic value proposition.
Similarly, if the high-end electric toothbrushes simply start including bluetooth connectivity without a chance to buy a model without it or disable it (and no commensurate decrease in price), there are many people who simply wouldn't care and would carry on buying that product regardless.
Fart
Fag
Fat
Feminist
Fedora
lots of things come into my mind when I think of "F" that would suit.
Nope. It was only recently (about a year ago) that I started to keep a formal list of prominent people in the security sector and, until five minutes ago, he was not there. It was the mosh pit of DNS and SSL security that finally drove me to it. To be honest, it was also the somewhat volatile Thomas H. Ptacek who drove me to it. Here's Colin Percival's rather decisive rebuttal to an ill-considered post by Ptacek.
My Very Important Knob
Interestingly, Ptacek's original post, "Colin's Very Important Knob" is nowhere to be found on the internet. Since then, I've seen them engaging in pleasant, but opinionated exchanges. Normally, you can get a quick sense of who hates whom, but with security it's more like the way certain animals share a kill: with cheeks shredded and bleeding. No hard feelings. They might even be brothers.
Hmm. The eyeball economy is strong in this one.
Would your children's pc qualify as "battle hardened" or "ready-for-the-white-house" secure or just plain "bulletproof"?
Or you say "just don't buy anything online"
As it happens, I read the following article by Poul-Henning Kamp just the other day and had mixed feelings.
HTTP/2.0 — The IETF is Phoning It In (January 2016)
Mikko, what's your take on HTTP/2.0 in light of PHK's declared position?
—
For context, here are the two points that raised my own eyebrows.
First, PHK implies that HTTP/2.0 could have done something substantial to address the cookie problem.
Second, PHK implies that encryption is enough of a burden in certain circumstances to make exceptions to the privacy by default revolution. My own gut instinct is that SSL is already cheap enough to simply write off across the board as the cost of doing business, almost always.
Isn't it a rather crappy security profile to leave your "innocent" activities in clear text and only encrypt what is conventionally considered "sensitive"?
I did read a valid complaint the other day, where people writing servers trying to maintain 100,000 persistent SSL connections (average connection time measured in hours) become hot and bothered about the 20 kB per connection memory cost, enough to throw away a Go implementation (heavier in memory overhead) and go back to Ruby.
What say you about the technical/political HTTP/2 tango?
What is your opinion on the Hillary Clinton email scandal, specifically with respect to the security of her personal server and Guccifer's claims re hacking the server.
You forgot an important one:
fsystemd
Hi Mikko, in my day job I am a security evangelist, carrying out developer education and design reviews. For 8 years previous to that I helped companies use static analysis to detect and eliminate security vulnerabilities at the implementation layer. I am becoming convinced that, with the poor state of software today and extreme complexity, there is simply no way the good guys can win. Defenders have to get it right, every single time while the bad guys only need to be right once, to establish an APT and destroy your company. If the bad guys were parasites I would say this would all simmer down to a balancing point where the parasites existed off a slow background noise of constant attacks, but never enough to kill civilization completely. But with a lack of collusion, attackers are more likely to race to the bottom and to not pay attention to the health of their host. So basically my prediction is: crime will eventually kill technology; it will become unusable. Do you have a more hopeful outcome for us?
See subject: I'll ask you as well sir - Do you feel hosts files are a valuable line of defense vs. today's threat landscape?
(Especially vs. malvertising &/or botnet C&C servers + maliciously coded sites AND as a speed gainer using hardcoded favorites & vs. DNS poisoning or being downed + ads bloating site pages w/ 40% more for ads that poison us)
I've automated the creation of them from 10 reputable security sites (& Malwarebytes' Steven Burn hosts & RECOMMENDS this program after having audited it's source for safety) for the above purposes & more via-> APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...
* Thanks for your time...
APK
P.S.=> Mr. Goretsky agreed they are a valid working supplemental tool for good defense already (& if you require proof of it, I can point you to where he did so in both email to me + in a discussion here) ... apk
... while they're using untested and not standardized (hell, not even Version 1) protocols? Example, Discord using WebRTC and claiming it's secure.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
We (as a society) put different emphasis on security and privacy at different times. What do you think we should optimize for and where do you think is the optimum? How do you see the capabilities of our civilization evolving over the next 100-200 years? As a budding PhD student, should I take security as a primary focus? What would be your best advice?
Hello Col. Hypponen,
I have three questions for you:
1. Do you think it is still possible to secure embedded systems (aka the Internet of Things), or is that an impossibility now, practically speaking?
2. If there was one thing you could every average computer user to do to improve their security, what would it be?
3. If you were a person of interest in the murder of your neighbor in a tiny Central American country, what would your strategy be for clearing your name?
Thank you for taking the time to read this. I look forward to your answers.
Regards,
Aryeh Goretsky
Dexter is a good dog.
Your cloud storage service was advertised as "your data will never leave Finland". Then you sold it to a company with known ties to the NSA.
How can you explain that? I can't even that amount of hypocrisy.
Why do you want a Bluetooth toothbrush anyway,
I like my teeth white rather than blue, thanks.
Escher was the first MC and Giger invented the HR department.
I have a Samsung tablet running Android. I don't trust this device with any personal information, because Google or Samsung may track my usage and sell it to third parties.
What is the best way to make payments from that device? For example, since I use the tablet mainly for studying, I sometimes want to buy an e-book. Since I don't want to add any personal information, I cannot use my credit card nor my PayPal account to make payments. I would also like to avoid dealing with cryptocurrency at the moment if there is an alternative.
Payments do not have to be untraceable. But they have to be quite hard to trace so that only law enforcement can do it, if there is a need to (because let's say something illegal was bought online). Basically the payments have to be just hard enough to trace so that mass data collection methods fail to do so.
P.S. I've asked my bank to issue a credit card with a pseudonym and imaginary house address (because the goods will be delivered electronically, I would not need an actual address anyway). The bank refused, even though I explained exactly why I wanted this. I also tried to explain to the bank that in case law enforcement wanted to find out who the owner of that credit card was, the bank would be in a position to tell them, because they would have this card associated with my real account anyway. They still refused to issue such a card. I guess there is a law that prevents them from doing this, but not 100% sure.
Since moving to Linux about 8 years ago, there's been one thing I have missed, which i still feel is a regression: The ability to use 3rd party purchased programs to control what local processes may access the network. No operating system makes this default, but in Linux-Land, it seems guys like me get actively ridiculed for suggesting "blocking a port" != "blocking an app", which is a bit annoying. There are some promising projects like SELinux, but to date, they are not able to bring this capability into user space in any meaningful or intuitive way that I've been able to find.
Reason I ask: I respect the technological challenge this problem poses, but it still just seems like low hanging fruit to by default say: Programs don't get resources unless a user with elevated rights decides to permit this. It's not like it has never been done before. To imagine the potential benefit: Crypto ransom-ware could be de-fanged if one could decide to only whitelist processes they trusted. If malwareX found its way onto your system, but couldn't by default access corporate network file shares then damage would be hugely negated. While we're at it, let's take away default local disk access outside of highly constrained limits.
Yes. It is a continuation of the cat and mouse game, but currently it seems like the good guys working on desktop OS's aren't putting up much of a fight. My Linux smart phone has better permission controls than my Linux laptop for crying out loud...
The question:
Why do you think the computing industry is so trusting of developers and the corporations that feed them, that they by default always give processes unfettered and unquestioned access to the internet? Are the foxes watching the chickens? Do you foresee any improvements coming in our lifetime?
Or are we doomed? Shall we just roll over and trust our new programmer overlords without question?
Dear Mr. Hypponen,
As a security expert, what would you consider to be the real risks from Intel ME (& AMD equivalent) technologies for the average business? Is there a particular mitigation strategy you would recommend?
By average business I mean a company that engages in financial transactions with its vendors and customers. I'm also assuming that at least some of these companies have trade secrets they want to protect from their competitors.
Many thanks for taking the time to answer our questions.
Kind regards,
A
who wrote skulls for s60? dont you think it is a little suspicious that fsecure empliyees were given all the code pieces to write it mere months before fsecure having a product to protect against it and it seemingly surfacing only at public gatherings that fsecure had a booth at?
What a big long praise of achievements. Can you guarantee he is not a CIA asset?
Ask Ed Snowden if you want real talk. He surely doesn't cooperate with spooks.
dupe of https://yro.slashdot.org/comments.pl?sid=9260359&cid=52344807 ?
No. The other poster is asking which one of the non-ME CPUs is the fastest and most secure.
I'm asking what are the risks and how to mitigate them, given that the post-2008 Intel CPUs (and post-2013 AMD CPUs) are in use. Not a lot of people will want to start digging for 8-year old systems to replace their current ones.
- A
Do you think there should be more practical laws protecting people's privacy?
For example, I believe it should be mandatory for the manufacturers of any electronic devices that possess a microphone (primarily smart phones, tablets, laptops, and smart TVs) to provide physical analog controls to switch them (the microphones) off when desired, without having to power off the device itself. Moreover, the cables leading to the microphone and the switches that cut off the power to them should be easy to inspect by any (non-technical) consumer.
This would prevent let's say my Samsung smart TV from 'accidentally' recording every conversation I have in my living room, and sending it to third parties for analysis. It will also prevent malicious actors from eavesdropping, even if they manage to break into the device and install spyware.
Maybe the analog switches could also work for disabling the camera, wifi and bluetooth.
What do you think is the best way to bring about such changes in law?
Thanks,
Dex
BBC, TED talks, TEDx, DLD, SXSW, Black Hat, DEF CON
Don't you think this BS is just way too much alphabet soup?
And how does alphabet soup compare to, say, chicken noodle or French onion?
My Motorola is stuck on Android 2.2.2 The assholes at Motorola won't allow an update of any kind. Android 2.2.2 is insecure, buggy, freezes up, hangs up calls, and is a complete piece of shit. My airline software won't install on it. And many many apps just won't work on it. My wife has a new Motorola that's not much better.
I'm getting a new phone - Samsung. Motorola's name is mud to me now. And if it's good, my wife will be getting a Samsung too.
I think you're getting updates because it's a Nexus phone - too pricey for me - and Google allows it.
You're right, I'm so ashamed. Let me try again:
Mikko Hypponen (if that is your real name), it seems like the internet has never been less secure. Can you explain how and why security experts have failed so miserably?
You are welcome on my lawn.
Here is something often conflated: A device may be secure because a user can't get any access to it, but it may be easily compromised from remote. How would one make a device that the user can easily flash, and do what they please with, even flashing a custom OS or firmware, while still making it resistant from remote, and perhaps local attacks? The closest I've seen is Android, which when rooted loses none of its security (other than a user hitting "allow this app to run as root") by accident. Other ecosystems, like iOS, have their entire security model destroyed by jailbreaking.
How should the tech world address challenges arising from nations that are hesitant to extradite their nationals for transnational crimes (such as Russia) becoming a haven for cybercrime operations, and also do you think I'm pretty, blink once for yes, twice for no. :)
Didn't I see this yesterday?
Mikko,
I recently left a security company I was at for some time because I could not keep up the charade. Customers spent wads of money on security software that could be kicked down and literally broken beyond repair by any black hat with a middling amount of skill.
I'm seeing two factor authentication combined with secure passwords and a password manager being used more and more as it seems to be a losing game to run an expensive entire security suite only to be hacked by some zero day Joe security coder #3478 couldn't foresee.
Two factor is somewhat sufficient for now, but we're already seeing attacks against that system. What do you think the future will require for being able to run code and trust that it does exactly what you think it does?
My question is fairly simple and to the point: Do you have favorite "That one who got away" story? By that I mean some piece of malware you could almost track down the creator of, figure out how it worked or automate discovery of it, but not quite?
Do you feel security on IoT devices will ever get close to effective, or will the advent of the IoT become a security nightmare?
We play the game with the bravery of being out of range
What would you like to see in a computer 'health' class? After cleaning up several of my son's friend's computers from rampant spyware/malware/etc, it's clear that kids are given computers without any real training or discipline in how to protect themselves.
With all the sharing done on social media today, including lists and 'here's how to generate your porn/potter/star trek/etc name based on street address/birthday/etc', what alternate security questions should (if any) a website use to verify identity?
"Though it may take a thousand years, we shall be FREE."
Defenders have to get it right, every single time while the bad guys only need to be right once
That is the typical predator/prey asymmetry.
The lion has to only win the chase every now and then. The antelope has to win the chase every time.
What are your thoughts on the computer security industry's current trend of staffing computer security professionals who look at industry best practices and security products to run down a checklist of actions? I often point out that many (approximately *all* that I've met) computer security professionals are big on password policy, anti-virus, patching, and the like, and *never* sit down to develop operational risk and threat models. In essence: what's going on in the industry with security as simple compliance (executing a prefabricated list of tactics) versus security as an organizational strategy (studying the field and selecting what tactics to apply, and where and how)?
Support my political activism on Patreon.
Considering the amount of data gathered about people's online activities and the utter unremovability of information from the internet, would you recommend an average person to simply stay the hell out of social media and never join in the first place?
Can adblock+ do 16 things hosts do 4 speed, security & reliability:
1.) Protect vs. malicious sites (past ads)
2.) Protect vs. fastflux botnet C&C servers
3.) Protect vs. dynamic dns botnet C&C servers
4.) Protect vs. DGA botnet C&C servers
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O us
* ANSWER ="NO" on ab+ or @ ALL
APK
P.S.=> Ab+ does less vs. hosts less efficiently (a 128-151mb memory hog http://cdn.ghacks.net/wp-conte...) - ClarityRay defeats it Ab+'s bribed not to work by default http://www.businessinsider.com... AdBlock's SLOWER: http://superuser.com/questions...
See subject: What 'bugs' are in my code? It's been audited by a respected security pro from malwarebytes who also hosts & recommends it + proven safe by 57++ antivirus programs https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
APK
P.S.=> MANY /.'ers also disagree w/ you & I'll post THEIR thoughts on hosts files next just to shut a trolling lying bullshitter no balls WORM like you right up easily, lol... apk
What are the must have extensions to protect one's privacy and minimize tracking in order to avoid being useful heap of data?
Or are there any extensions that feed bullshit data to the sites and services that track you?
I support APK's stand on the hosts file by Trax3001BBS
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works by bmo
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa
APK
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid by JazzLad
No complaints from me, I like APK's spam. Reminds me to use a host file. Also, his stuff is free by aaaaaaargh!
I'm a fan of apk. Yes he trolls, but he only trolls where it's contextually appropriate. I respect that by Noah Haders
APK was right! Is it time for us to point Sourceforge to a non-address in our hosts files by wonkey_monkey
APK's monolithic hosts file is looking pretty good by Culture20
APK... Awesome to see he's still spreading the good word by Molochi
dammit MS, you proved APK right about something by lgw
ABP is insufficient as a solid hosts file does everything that APK reminds us about by fast turtle
APK isn't wrong by cfalcon
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop by nasredin
You need APK's hosts file by Teun
APK solution STILL relevant by Thud457
you're right about hosts files by drinkypoo
APK
What is your thoughts on companies that do public demonstrations of how to execute AV bypass? Are these companies providing a service to the public by doing webcasts that give a high level overview and show an AV bypass working on the latest version of a companies AV?
-- Slashdot, making the Left look conservative since 1997.
AlmostALLAdsBlocked's buggy! Doesn't DO its job fully by default anymore as it sold out to advertisers! Adblock's inefficient as hell vs. hosts & SLOWER than hosts w/ adblock in slower usermode increasing browser resource use in memory/cpu/ram far over what hosts uses in faster kernelmode + messagepassing overheads slowing browsers.
Why has the security industry never came out and unequivocally stated that locking owners out of their devices, regardless of what that device is, is a security risk? Malware is broadly defined as any software that makes a device act outside of what is allowed by the owner of the device. Whether that is locking an owner out of their own device or limiting where they can use it or making it surreptitiously communicate with people/companies not explicitly allowed by the owner of the device. By all definitions most modern software is now malware. It needs to stop and consumers need backing and education on this.
Digital is, by definition, imperfect. Analog is the way to go.
Do you enjoy being a security expert more than driving a racing car?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
A recent post from David Dill from Stanford University stated that "Online Voting Is a Danger to Democracy"[1]. Given that viruses and security breaches seem to be on the rise lately, do you see e-voting being established in our lifetime? [1]: https://engineering.stanford.e...
Does the fact that Intel ME / AMT can not be disabled scream NSA and National Security Letter as loudly to you as it does to me?
The default ubuntu installation has a guest user without password. This feature can be turned off but I noticed that every once in a while the configuration changes (move from /etc/lightdm to /usr/share/lightdm without removing /etc/lightdm for example) so that if you don't pay attention the guest user is back. In my opinion the guest user removes one barrier for an attacker and is a bad idea.
Given that Microsoft has made avoiding the upgrade to Windows 10 more and more difficult:
Given the existence of Security Letters and NSA:
What percentage chance do you think exists for Microsoft Windows to be used as another mass surveillance technique (as opposed to limited surveillance) within a time frame of the next 5 years?
If you personally believe that Windows 10 telemetry can be turned completely off, so that Microsoft cannot collect any information about what the user does on that PC, then how can it be done?
In building a secure home network that of course interfaces to the internet. ...) and software?
What is the "best" system server PC hardware (given security issues e.g. with Huawei, Lenovo, Cisco, Intel ME,
This is mainly about securing internal data storage and protecting Linux and WIndows clients.
Would you buy a car that required you to install third-party door and ignition locks before letting it out of your garage?
Would you buy an OS that required you to install third-party security software before connecting it to the internet?
...would you most like to answer?
Requiem for the American Dream
If there a list of DNS names and IP addresses that can be blocked (e.g. in an external firewall server) to disable WIndows telemetry, what is it?
Thanks!
Huge efforts and money are spent protecting the edges of the network - whether it be firewalls and other router configurations, OS level configurations, and other filtering tools (such as virus detection and scanning, and log and packet inspection and analysis tools). There are also plenty of security companies willing to sell you a magical black box that will solve all of your security problems.
The opposite seems to be the case when it comes to spending time and money on the security of applications used by internal and external customers - either through retrofitting existing applications, or when building new applications. Companies don't want to spend money to retrofit sunk capital, and I don't see security firms talking about or creating tools and common standards for building new secure applications.
Given this dichotomy, do you think that is a correct characterization of the problem space, and do you think we are spending our time and money in the right places as a result?
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
See subject: Kindly answer that for me - it does the job for me & works as a search engine result in this case after all...
1.) Is it since BING's a Microsoft product/system?
Funny thing about that is, iirc, /. SERVES ADS FOR MS - bitch @ them too then, ok? Stop coming here then, ok??
2.) I also absolutely KNOW some of you are webmasters that make advertising monies from Google, Bing's competitor!
(JustAnotherOldGuy's one FOR SURE whom I have 'busted' in that FACT about him along w/ his 'championing' the inferior inefficient redundant crippled by default doesn't do its job anymore "AlmostALLAdsBlocked" as a proof/case-in-point thereof example - THAT shitbrain could care less that if his users get 'hit' w/ a malicious ad it lets thru vs. blocking it by default & YES GOOGLE'S HAD IT HAPPEN BEFORE TOO, "he still profits" @ others' misfortune nevertheless - what a douche)!
Now, if THAT's the REAL grounds for your statement? It's pretty poor & greed oriented... petty in fact, man.
E.G.-> I've caught fools like JustAnotherOldDOUCHE in that capacity as well as advertisers (AndyMadigan, Raymorris, & others) or those that are in their employ OR that of their "affliliates" giving me guff over hosts files when I cut them to shreds on it (superior vs. competition on almost EVERY grounds imagineable or real) - so in the end? It wouldn't surprise me w/ you too...
Neither #1 or #2 above are nothing new or a "1st" for me here is all either!
APK
P.S.=> Now, IF neither's not the case w/ you & I don't feel #2 is in YOUR case @ least?? Do you work for them or something??? It's obvious you're leading to them even when you don't say it so, please - enlighten me here... apk