EasyDoc Malware Adds Tor Backdoor To Macs For Botnet Control

An anonymous reader writes: Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor. The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the system, allowing it to be used as part of a botnet or to spy on the owner. "This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless." The malware, dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and PHP-capable web server on the infected computer, generating a .onion domain that the attacker can use to connect to the Mac and control it. Once installed, the malware grants full access to the file system and can run scripts given to it by its masters.A report on AppleInsider says that malware can also control the FaceTime camera on a victim's computer. But thankfully, Apple's Gatekeeper security prevents the unsigned app from being installed.

Gatekeeper

[tripleevenfall]

Nice to see the security features of an *nix based OS working here. Gatekeeper will prevent most from installing it, and for those who disable security features, you ought to know what you are doing anyway.

And - unwritten in TFA is the fact that there will probably be a fix for this post haste.

Re:Gatekeeper

And - unwritten in TFA is the fact that there will probably be a fix for this post haste.

Nothing to really fix, the user runs the app and gives it root privileges. That's not really a security flaw.

Re:Gatekeeper

[guruevi]

Security has always been a factor in Unix, the freaking thing came out of an era where everybody shared the same resource (the CPU), was connected through terminals and networks and shouldn't be able to see into each other's business. Windows is the only OS still existent that was only geared towards the workstation or the single computer and thus didn't require permission levels, not even locally.

Re:Gatekeeper

[tripleevenfall]

Its more like "Nice to see Apple defaulting to only allowing developers who pay them rent to be able to install applications"

You can install any developer's things onto an OSX machine. You just have to uncheck a checkbox to do it.

Re:Gatekeeper

[tlhIngan]

Its more like "Nice to see Apple defaulting to only allowing developers who pay them rent to be able to install applications"

Well, the default can be overridden on a per-app basis by holding down a key and double-clicking. It will let you force-run the app.

The option to allow unsigned apps to run freely is going away in Sierra apparently - the only way to run unsigned apps is to Ctrl-double-click each app you want to run to add an exception for that app.

And it's less rent, and more developer accountability - Apple has revoked several signing certificates already because they were used to sign malware (the apps then act unsigned, not that the apps are permanently blocked from running).

I believe the main reason the option went away is developers not only set it fully open, but then they themselves got infected with malware because of it, and that's who their signing certificates got stolen - malware authors realize that the least secure machines are developer machines, and those machines are the ones with access to valuable Apple signing certificates.

Re:Gatekeeper

Bingo - really, it's exactly the same on Windows. The problem Windows has is that application installation often requires administrator rights no matter what, (to write to c:\program files); so users get desensitised to the UAC prompts.

If MS had self-contained applications instead (which they're doing with the app store/marketplace) so applications were installed in c:\users\username\applications or something, and this was the norm, we'd see a lot less applications demanding administrator access. But they set the 'inertia' to using c:\program files back in Windows 2000 days and everyone's followed.

When almost all apps demand admin rights to install, you tend to click yes even if it really technically didn't need those rights and could have installed per-user.

Re:Gatekeeper

Speaking of "useful idiots", how much does microsoft pay you to suck their dick? If these certificates were free, as soon as Apple revoked a compromised / malicious one, the author would just create a new one and distribute his payload using that new, free signature and the entire system is bypassed. It's almost like Apple might actually know what they are doing, and you're a uselessly incompetent troll. But sure, keep posting your FUD bullshit. There's a lot of it on Slashdot, and it's become very, very easy to see through these days.

Re:Gatekeeper

[macs4all]

Nice to see the security features of an *nix based OS working here. Gatekeeper will prevent most from installing it, and for those who disable security features, you ought to know what you are doing anyway.

And - unwritten in TFA is the fact that there will probably be a fix for this post haste.

It's also nice that in more recent version of OS X/macOS, Gatekeeper only lets you be completely unprotected for a certain time period, and then reverts back to the middle-level of security. So you can only be stupid for awhile...

Re:Gatekeeper

[macs4all]

Its more like "Nice to see Apple defaulting to only allowing developers who pay them rent to be able to install applications" This has nothing to do with UNIX. (Which had a terrible security model to begin with considering security was not even remotely a factor in the design. Linux ppl have had to constantly work to bypass that shitty design.)

But it helps Apple that useful idiots like you who have absolutely zero knowledge about kernel design and won't ever have it, continue to suck dick for them.

You don't have to pay Apple "rent" for any such thing, hater.

Apple now will hand out for FREE a Developer Cert. to anyone who Registers. No "rent" required.

Re:Gatekeeper

Yeah, Apple sure knows what they're doing. They're asking you to bend over and lube up. And you love it..

Re:Gatekeeper

You are a know-nothing idiot. Like seriously, you look at the buxted UNIX UGO/RWX model and think its security? The way suid checks were hard coded in the kernel? Security? The reason Linux has had to _constantly_ patch the fucked up UNIX design. Security? haha.. wow. You are fucking stupid bruhhhh. But you are a useful-idiot who keeps parroting nonsense. Things which you have _NO IDEA_ about and never will. You have never even attempted to design an operating system and know absolutely nothing on the topic.

"The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind;
this fact alone guarantees a vast number of holes."

- Dennis M. Richie. (On the Security of UNIX)

But yeah, I'm sure you know better shitstain.

Been there, haven't done that

[rickb928]

I get this download offered a lot when I'm on dodgy file sites. I never trust these anyways, and a moment's research on Google brings up lots of complaints.

But I'm there, on this dodgy site, and I expect they will try to fling poo at my machine. So I have always avoided it.

And having a Windows machine, everything wants to infect it, even Windows Update.

Re:Been there, haven't done that

[DamonHD]

The ads smelt so badly of deception that I just blocked them all (and there were a lot of variants) in my AdSense account to protect my visitors and my sites' reputation.

And I'll keep doing it to any ad that offers clearly deceptive generic 'download now' ads/buttons that are intended to confuse visitors into thinking that they are downloading from the host site.

Rgds

Damon

Re:Been there, haven't done that

[techno-vampire]

What's really funny is running across one of those fake virus scan malwares when you're running Linux and watching it claim to find all sorts of virus infections in folders that not only don't exist on your machine, they can't because the paths are malformed for Linux. And, even if they try to download and execute their payload it doesn't work because the files aren't marked executable by default. Linux isn't perfect, by any means, but at least it's immune to that kind of attack.

Re:Been there, haven't done that

The attack where the user will follow instructions to get the free pirated software? The vast majority of Windows infections are from the people who blindly follow Readme files inside of this kind of thing.

You bet your ass the person will untick any setting they're told to. Saying "oh, but this will stop it" will do nothing. Windows specifically warns you that you could install malicious software when you try to run unsigned software, and people just keep going because it told them to.

Holy cow, you guys are such fanboys... you don't even realize what this software is trying to do.

Re:Been there, haven't done that

[techno-vampire]

Holy cow, you guys are such fanboys... you don't even realize what this software is trying to do.

Yup! It's trying to use social engineering to get around the system's built-in protections. As of now, Linux still has better protections (Even if you let a malware program run it can't get at your system files unless you're stupid enough to run as root) but I'll gladly admit that Windows is much better now than it was ten years ago, even without the third-party protections that Linux doesn't need. And, I'm sure that there are attack vectors against Linux, even holes in things like SELinux or AppArmor. I was just pointing out that this particular way of infecting a machine is nothing more than a moment's entertainment on Linux.

Re:Been there, haven't done that

> As of now, Linux still has better protections

The illusion of security provided by web browsers, and by SELinux, are doing their best to eliminate this protection. "I'm safe, I have this seatbelt in place to keep me from sticking an icepick in my left eye!!!"

Re:Hosts also "stop the drop" of botnet malware

Hello APK. didn't you want to leave this site after you've had a quarrel with whipslash?In fact you claimed to have made your "last post ever" on this site!

Appald Trump will fix this!

This is LUDDITE software disguised as an app! Vote for Appald Trump, and he will deport these LUDDITES to LUDDITE Mexico and MAKE APPS APPY AGAIN!

Apps!

Re:Appald Trump will fix this!

OK, you've convinced me to vote for Trump. Happy now?

Re:Appald Trump will fix this!

Only LUDDITES will vote for Appald Trump in the LUDDITE election

Play Stupid Games, Win Stupid Prizes

[Penguinisto]

"Go ahead - download that iffy software from some random pr0n site advert so you can see your b00bie pictures better... it'll be fine..."

Re:Hosts also "stop the drop" of botnet malware

"souled-out to admen"

Total fail. My 11-year old wouldn't make this ridiculous spelling error.

Gatesleeper

Yeah, gatekeeper prevents it from being installed... Unless the user right-clicks and clicks open in the menu there... Then it's game-on.

Re:Gatesleeper

[macs4all]

Yeah, gatekeeper prevents it from being installed... Unless the user right-clicks and clicks open in the menu there... Then it's game-on.

And if that wan't allowed, the entire innertubes would be ablaze about how the Mac is not allowing software from anywhere but the App Store.

So tell me, how EXACTLY does Apple "win" here?

Re:Gatesleeper

Gatekeeper is not a replacement for a brain.

But Macs don't get PC viruses!

I must be perfectly safe from it, then.

Data outflow flickering light flickering.

[pigsycyberbully]

The data flow light on their router would be constantly flicking meaning dater is leaving their computer and coming in. How could this not be noticed and stopped easily.

Let's take the simplest of home computer users accessing the Internet, and let's suppose that their data flow light flickers all the time regardless
like some cable Internet users lights do ( those having their data flow monitored ).

Surely people put a second Router in line that only flickers when dater is leaving and coming into their computer.
Data cannot leave your computer without you noticing your data outflow flickering light flickering.

I don't believe this story I know lots of people are very stupid on computers but you only have to glance at your data flow light.

Re:Data outflow flickering light flickering.

Yeah, nobody ever leaves their browser open with Twitter, Facebook, or whatever running....

Nobody ever visits websites with persistent ad loading.

Nobody ever has a tab with an online game running.

And I don't know about you, but when I'm not using my computer, of course I'm going to take time to look at my router, and everyone else will do this because they're just as tech-geeky as I am....

Oh, welcome to 2016 from the land of 1985 modems!

Re:Hosts also "stop the drop" of botnet malware

whiplash has no clue how the site works, I doubt he has ever reviewed slashcode. He is completely unaware that users are able to ban other users, which is why most of us never register and post AC so that we cannot be banned by other users who disagree with what we say.

Disclaimer: I am not APK.

Hosts "stop the drop" of botnet malware

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load). Gets data via 10 security sites.

Ads rob bandwidth/speed, security (malvertising), privacy (tracking) + anonymity.

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively. Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Works vs. caps & HTTP PUSH ads w/ firewalls.

Avg. webpage = big as Doom http://www.theregister.co.uk/2... & ads = 40% of the size.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/vi... )

Re:Hosts also "stop the drop" of botnet malware

Err - isn't this story about OS X malware? You are advertising something even more irrelevant than usual!

Re:Hosts also "stop the drop" of botnet malware

Fuck off, had enough of your spamming.

Re:Hosts also "stop the drop" of botnet malware

[Coren22]

Users banning other users? What crack are you on?

I can set someone as foe and make all foes show as -6 moderation, but that only shows for me, not everyone else. You can also be down-modded for trolling or posting off topic and get bad karma which makes it harder to make good posts, but that isn't banning either.

You don't have an account for the same reason APK refuses to use his account; you don't want to be held accountable for what you post.

Re:Hosts also "stop the drop" of botnet malware

[Coren22]

Well, TBH, Macs have hosts files too, and they are just as useless for what APK wants everyone to do.

Re:Hosts "stop the drop" of botnet malware

[Coren22]

Because posting your garbage three times will make people see the light of day?

Grow up APK, your software and solution totally suck, and don't protect half as well as a proper solution of DNS or Ad blocking software.

Re:Hosts "stop the drop" of botnet malware

[Coren22]

Four times now? No wonder Whipslash wants to get rid of you, I guess it is the same as everyone else. Spam is annoying when it comes in through email, where it is simple to just delete, but on Slashdot, you just piss off the audience, you don't even get through to the people you are targeting.

Coren22 = accountable for his blunders

Don't speak for me. I see no benefits in accts & want no tracking by cookie/script chains SLOWNESS you force on yourself!

APK

P.S.=> See subject & this (no denying it):

won't demonstrate security of his product by exposing the source - by Coren22 (1625475)

57 antiviruses show different https://www.virustotal.com/en/...

MalwareBytes' employee hosts & recommends it -> http://hosts-file.net/?s=Downl...

secretary at MalwareBytes took a look at his source code and said it looked all good - by Coren22

My code's verified by Mr. S. Burn of Malwarebytes

"I've seen the code and yes it is safe." FROM http://forum.hosts-file.net/vi...

NO secretary!

I don't give it away to be misused like GOOGLE CHROME http://it.slashdot.org/story/1... ... apk

Coren22, as usual, "EAT YOUR WORDS"

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

APK

P.S.=> Want more? Ask & "ye SHALL receive" by the dozens - see subject, lol... apk

Re:Coren22, as usual, "EAT YOUR WORDS"

[Coren22]

How exactly does that in any way refute what I said?

No one wants to be advertised to, you try to make a living from blocking people advertising to others...by advertising. You are pissing off people who don't want to see advertising, to try to get them to pay money for your product that blocks advertising. How about a product that will block your advertising, I'd pay for that!

You are not winning people over to your side by spamming Slashdot, you just piss people off, and make them remark on your possible mental illness.

Re:Coren22, as usual, "EAT YOUR WORDS"

APK's on topic. You're not. Quit trolling and grow up please.

Re:Coren22, as usual, "EAT YOUR WORDS"

[Coren22]

So, APK (you...), advertising a software product for Windows hosts file manipulation, in response to a piece of malware that your hosts file wouldn't be able to stop, that is only for MacOS. Yeah, totally on topic, congratulations on your off topic masterpiece!
 

Re:Coren22, as usual, "EAT YOUR WORDS"

Get on topic. Apk's on topic offering a free solution. You don't. Output from his program works as hosts work on bsd based ip stacks. Based on your off topic ravings directed apk's way it seems you can't stand he's clearly better than you are and you know it unable to stand it on your end. If you're as good as he is then build a native MacOS solution like he has or is that beyond your limited abilities? Obviously it is. All you do is blather on forums from what I see. You create nothing. That makes you utterly useless.

Re:Coren22, as usual, "EAT YOUR WORDS"

[Coren22]

Get on topic, APK, you are so far off topic it isn't even funny. Keep railing away at me, I have all day.

So, since output of your software will work on a Mac, how does a Mac owner use your software? Running your software just to get a hosts file which will slowdown the computer's network access by a considerable amount...again, the worst solution ever, that won't block anything about this malware.

APK, trying to claim I am offtopic when I am responding directly to what you posted makes you looks like a pot. I am only a black kettle if you are a black pot. As you seem to think a WINDOWS only solution, that generates a hosts file that WOULDN'T stop this malware, is on topic, why are you telling me to stay on topic (which I am entirely)?

Oh, and as far as native MacOS, use Safari to download the hosts files from the internet, use cat [files] | sort | unique > hosts. Wow, that is a HARD solution. I guess that makes me the Ultimate Programmer and Security expert just like you APK!

Re:Coren22, as usual, "EAT YOUR WORDS"

Hosts are faster than adblock you mentioned. Apk's shown us that from superuser.com tests many times in his posts. His program also directs you to avoid slowdowns using hosts in Windows while saving cpu cycles, ram, and other io. Hosts work on Macs. What is it about all of this you don't get Coren22? He's also written the software that does more than just what your script kiddie crap does. You haven't and you obviously can't. Get a job Coren22. Get a job. You obviously don't have one sitting around on Slashdot trolling others off topic as you have here in most of your posts on this page.

Re:Coren22, as usual, "EAT YOUR WORDS"

[Coren22]

Wow, it looks like I touched a nerve, does diddums need to have a cry?

I'm sorry that you are such an incompetent programmer that I can write out what your program does in 10 seconds. It must burn you up that you can't actually program worth a damn, so have to hide your source code.

Re:Coren22, as usual, "EAT YOUR WORDS"

So what job in computing is it you allegedly have Coren22. Come on now, citation (as you're so fond of saying to others you troll): Prove it. Nothing to say now suddenly on that note? No citation or proof??

Re:Coren22, as usual, "EAT YOUR WORDS"

Coren22 no that's not your own work in code. It's using others' programs in non-gui junk nobody wants that only does part of what apk's work does. So if you can write up a gui standalone executable, not a script kiddie use of others' programs which only does part of what apk's work does, to do the same then why don't you do a better one? Clearly you can't. Limitations of being a script kiddie on your end and you only describe a small part of what apk's program does too.

Re:Coren22, as usual, "EAT YOUR WORDS"

[Coren22]

I wrote it, therefore it is my code.

See, the thing is, I have never claimed to be an epic programmer, yet you have, without proving yourself even once.

You know you fail when trying to prove yourself as an expert, because you aren't. You are a wanna-be with no credentials trying to act all big and tough and demand other's credentials without ever giving your own.

I have written something in 10 seconds that does everything your crapware does. I have proven my ability, but you still haven't proven yourself anything more than a blowhard.

Have fun in your incompetence, I am not giving you my credentials until you provide your own.

Re:Coren22, as usual, "EAT YOUR WORDS"

Scripting *NIX tools isn't writing the code for their internal workings. Apk's work actually is HIS code doing the work and it does a lot more than what you claim which is only a tiny part of his hosts program. Repeat so facts get to you: You didn't write code at all. You scripted others tools. There's a difference.I can say I wrote Oracle's DB engine too you know when I use SQL on them I suppose from your twisted way of thinking!

Re:Hosts "stop the drop" of botnet malware

Coren22 you want apk gone since he made you out a fool publicly for your mistakes https://apple.slashdot.org/com...

Whipslash is a webmaster who fears apk's hosts program blocking monies he makes on Google ads.

It's obvious!

Plenty of people like apk and his work. I've seen quotes of them stating it https://apple.slashdot.org/com... and it's also obvious you like making yourself out a butthurt fool who's sore he can't do things like apk has in computing after he also made you out a complete imbecile in the first link above too. Give up already! Do you like looking stupid?

Coren22 7 Real Security/Web Pros disagree

Aryeh Goretsky NOD32/ESET hosts = good security http://it.slashdot.org/comment...
Steven Burn of Malwarebytes does (hosting & recommending my ware no less - something YOU can never ever manage, lol).
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/c...
Brocke Wilders of WILDERS' SECURITY does http://www.wilderssecurity.com...
Steve Gibson https://www.grc.com/sn/sn-045....
OReilly for security http://oreilly.com/pub/a/windo...
OReilly for speed http://www.oreillynet.com/pub/...

APK

P.S.=> "EAT YOUR WORDS" (again) just like here today too https://apple.slashdot.org/com... hmmm?... apk

Re:Hosts "stop the drop" of botnet malware

Coren22 haven't you had enough of apk making you look stupid 3 times from 7 security pros https://apple.slashdot.org/com... , slashdot users https://apple.slashdot.org/com... and your rather stupid mistakes against apk too https://apple.slashdot.org/com... ? It's one thing to be jealous that apk actually creates things that are useful and good but it's another to be a frustrated loon like you're turning into.

Re:Hosts "stop the drop" of botnet malware

[Coren22]

Except, APK, you have in no way made a fool of me. You have instead repeatedly displayed your unfathomable ignorance of technology, and human interaction.

Whipslash is the face of Slashdot, he doesn't fear your hosts file software in any way, he fears losing users because you drive them off with your spam, which is far worse than any ad they run on this site. The ads on this site are quite tasteful, and targeted well at the audience. If you don't like them, block them. They used to have a "turn off advertising" checkbox for people who contribute well to Slashdot's discussions, however that stopped working properly under Dice as far as I have heard. Whipslash I believe said he wanted to fix that checkbox, but I could be misremembering that conversation.

You however, there is no way to block. You spam the hell out of so many discussions because you think you are helping things. You also for some reason believe you are being persecuted against, even though the down modding is because you are spewing garbage, not because people dislike you.

Coren22 makes a fool of himself again

"Macs have hosts files too & they are just as useless for what APK wants" - by Coren22 ( 1625475 ) on Friday July 08, 2016 @03:40PM (#52473587)

7 security & web pros disagree w/ your offtopic bullshit:

Aryeh Goretsky NOD32/ESET hosts = good security http://it.slashdot.org/comment...
Steven Burn of Malwarebytes does (hosting & recommending my ware no less - something YOU can never ever manage, lol).
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/c...
Brocke Wilders of WILDERS' SECURITY does http://www.wilderssecurity.com...
Steve Gibson https://www.grc.com/sn/sn-045....
OReilly for security http://oreilly.com/pub/a/windo...
OReilly for speed http://www.oreillynet.com/pub/...

APK

P.S.=> "EAT YOUR WORDS" (again) just like here too https://apple.slashdot.org/com... ... apk

Coren22, same way this refutes you

"Macs have hosts files too & they are just as useless for what APK wants" - by Coren22 ( 1625475 ) on Friday July 08, 2016 @03:40PM (#52473587)

Coren22 7 security & web pros disagree w/ your offtopic bs (just as our /. peers did per my last post):

Aryeh Goretsky NOD32/ESET hosts = good security http://it.slashdot.org/comment...
Steven Burn of Malwarebytes does (hosting & recommending my ware no less - something YOU can never ever manage, lol).
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/c...
Brocke Wilders of WILDERS' SECURITY does http://www.wilderssecurity.com...
Steve Gibson https://www.grc.com/sn/sn-045....
OReilly for security http://oreilly.com/pub/a/windo...
OReilly for speed http://www.oreillynet.com/pub/...

APK

P.S.=> "EAT YOUR WORDS" (again) just like here vs. your offtopic ASSBURGER mental defective brain bs here too https://apple.slashdot.org/com... ... apk

Re:Coren22, same way this refutes you

[Coren22]

Again, you haven't refuted anything I said, just provided more evidence of your lack of reading abilities.

Coren22 refutes himself (lol)

"Macs have hosts files too & they are just as useless for what APK wants" - by Coren22 ( 1625475 ) on Friday July 08, 2016 @03:40PM (#52473587)

Coren22 7 security & web pros disagree w/ your offtopic bs (just as our /. peers did too in the link in my ps below too):

Aryeh Goretsky NOD32/ESET hosts = good security http://it.slashdot.org/comment...
Steven Burn of Malwarebytes does (hosting & recommending my ware no less - something YOU can never ever manage, lol).
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/c...
Brocke Wilders of WILDERS' SECURITY does http://www.wilderssecurity.com...
Steve Gibson https://www.grc.com/sn/sn-045....
OReilly for security http://oreilly.com/pub/a/windo...
OReilly for speed http://www.oreillynet.com/pub/...

APK

P.S.=> "EAT YOUR WORDS" (again) just like here vs. your offtopic ASSBURGER mental defective brain bs here too WHERE OUR /. PEERS AGREE w/ ME, not you Coren22, lol-> https://apple.slashdot.org/com... ... apk

Re:Hosts also "stop the drop" of botnet malware

APK's on topic offering a potential solution. You're off topic not offering one. Get on topic please.

Coren22, talk credentials after this

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Being paid for an article that made me money over @ PCPitstop in 2008 http://pcpitstop.com/news/winn... for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com...

It's also been myself helping out the folks at the UltraDefrag64 project (a 64-bit defragger for Windows), in showing them code for how to do Process Priority Control @ the GUI usermode/ring 3/rpl 3 level in their program (good one too), & being credited for it by their lead dev & his team... see here -> http://ultradefrag.sourceforge... or here http://sourceforge.net/tracker...

Which ended up fixing a "bug" for them later, here -> http://sourceforge.net/p/ultra... via its implementation (only partial - if they want low priority background defrags, it's part of the trick to getting it too, not just high priority ops...)

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only.

APK

P.S.=> Programs like my APK Hosts File Engine does the rest (hosted AND RECOMMENDED by the best antimalware's people no less)

Along w/ a professional trackrecord & resume from 1994 in computing - & THAT is only a TINY FRACTION of what I could put out above as to "credentials" - which is MORE THAN YOU EVER WILL (& we haven't seen any actual code from you THAT YOU WROTE COMPLETELY YOURSELF either LET ALONE WHAT YOU ARE ASKED FOR (proof you work in computing) FIRST which you EVADE TO NO END, lol)... apk