You Don't Need an Antivirus (Except Microsoft's Built-in on Windows), Says Former Firefox Developer

Former Firefox developer Robert O'Callahan believes that antivirus software is not necessary, AV vendors are of little help, and that you should uninstall your antivirus software immediately. From a blog post: Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.

hyper-v and don't install chrome extensions

[known_coward_69]

i do all my porn and risky surfing on a VM on my main computer that i keep shut off unless i'm using it. and i avoid virtually all chrome extensions unless they are from someone i trust with a real corporate email in the contacts.

Re:hyper-v and don't install chrome extensions

Another benefit of using a virtual machine is just powering it off when you are finished and having it reset to the last snapshot. Every month or so apply patches and move your snapshot forward.

Re:hyper-v and don't install chrome extensions

[CaptnCrud]

I do the same thing, except I have the song ~smooth operator by sade playing in the background when im in "secure" mode.

Re: hyper-v and don't install chrome extensions

I use to make love to Sade back in the day. Ahhh who am I kidding, I'm a virgin nerd.

Re:hyper-v and don't install chrome extensions

[JackieBrown]

Just curious, does MS allow now for you to make a copy of your windows for a virtual machine as long as it's on the same machine or do you need to purchase to licensees for it?

Re:hyper-v and don't install chrome extensions

[ls671]

It has been a while for you, hasn't it? They usually don't give you a Windows CD anymore when you buy a PC/Laptop so I couldn't tell you how to install the Windows version you paid for when buying the computer on anything...

Re:hyper-v and don't install chrome extensions

Microsoft offers several virtual machines for you to test their browser versions. They have IE8 through IE11 and Edge versions. Unsure if you can then tailor them to suit your own needs, i.e. install Chrome or Firefox, or not. https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ However, those VMs expire after 90 days, so I'd imagine you'd have to redownload them ( a lot).

If you bought Windows 7 Pro, you would've gotten XPMode, but that license only let you use it in 7. Trying to use that image in 8 or 10 often came up with errors. If you have an old XP license, you could just install XP into a virtual machine and use that (or really any windows for which you have a license # that you can input). Windows 10 uses hardware and doesn't actually (normally) give you a key to type in.

>In most cases, Windows 10 activates automatically using a digital license and doesn’t require you to enter a product key.
>https://answers.microsoft.com/en-us/insider/wiki/insider_wintp-insider_install/how-to-troubleshoot-product-activation-in-windows/33f31475-93b3-4d1c-812f-4b21fbd807a7

Alternately, grab a live linux cd, and see if you boot into that through your emulator. https://www.linux.com/learn/five-best-linux-live-cds or even a standard Linux install, and maybe then use Wine.

Re:hyper-v and don't install chrome extensions

[Pubstar]

Hyper-V is free on Win8/10 pro.

Re:hyper-v and don't install chrome extensions

But his question was about the license for running a second, third, ... eighty-eighth copy of the operating system, not about the license for the hypervisor.

Re:hyper-v and don't install chrome extensions

So is: VMWare vSphere Hypervisor & Xen Hypervisor ... so not sure of your point.

Re: hyper-v and don't install chrome extensions

Download the ISO

Re:hyper-v and don't install chrome extensions

[dwywit]

Laptops generally come with a "media creator" tool to burn a set of installation discs. Some desktops, too.

Bonus - the toshiba tool creates an activated version of Win 7. That *could* be used to install many VMs, but I wouldn't know about that.

Re:hyper-v and don't install chrome extensions

[Cacadril]

VM's have a different hardware signatures from the host, and the Windows media most likely (or in my case: certainly) won't run. And, if it runs, it won't be "genuine". Maybe the pro edition has a virtualization extension that allows you to run VMs, Those who know, please tell.

Re:hyper-v and don't install chrome extensions

No, you need a license for each VM copy (of the consumer and professional version). At least this is how I understood it by quickly glancing Hyper-V pages a while ago. There is a free operating system which do run on Hyper-V and should support the browsers with the DRM video playback, however..

Re:hyper-v and don't install chrome extensions

[antdude]

Don't some malwares infect hosts from VMs too these days? :(

Re: hyper-v and don't install chrome extensions

It's a licensing question, not an install question. Nothing to install with a snapshot anyway.

You don't know wtf you're talking about and have no business replying.

Re: hyper-v and don't install chrome extensions

[ls671]

You don't know wtf you're talking about and have no business replying.

Screw yourself. I need Windows for test VMs and I ended up buying a win 2012 server corporate license to be able to install on any hardware.

If you try installing with a consumer grade copy of windows, you will find quickly enough that you can't activate it unless you call Microsoft and have a good story to tell.

Re:hyper-v and don't install chrome extensions

[ls671]

This will only work out of the box when re-installing on same hardware. Good luck trying to install on a VM with that.

Re: hyper-v and don't install chrome extensions

[ls671]

Your key won't work on that ISO, wherever you get it from: "This product has already been activated..."

Re:hyper-v and don't install chrome extensions

[dwywit]

Well, the first experiment was to install it on the same laptop, but with an SSD instead of the HDD. It worked. Presumably the substitution of an SSD wasn't enough for the installation to consider it a different machine. I've now got an SSD with an activated copy of Win 7 to slot in as soon as the HDD fails.

Then I installed it as a guest VM (virtualbox) on the same host. That also worked. Didn't need luck, but I only did that to prove it would work.

Re: hyper-v and don't install chrome extensions

Yah. Back when your view was limited to XP or Vista, maybe.

Have a look at this link . You'll find that the state of support for Microsoft's ISO installs, both their OS and App suite/server stuff, have changed for the better since you've last checked. As A. Coward already said, just "download the ISO" already. You do have access to a valid license, don't you? You say that you don't? Oh, really? Really, really? Hmmmm.

Re:hyper-v and don't install chrome extensions

Another benefit of using a virtual machine is just powering it off when you are finished and having it reset to the last snapshot. Every month or so apply patches and move your snapshot forward.

Virtual machines are not a generic solution. Most people on this planet don't know or want to know what a virtual machine is. Also, machine that runs a virtual machine could be a target, not a VM itself.

Re:hyper-v and don't install chrome extensions

[allo]

> Virtual machines are not a generic solution. Most people on this planet don't know or want to know what a virtual machine is. Also, machine that runs a virtual machine could be a target, not a VM itself.
There is no attack vector.

It isn't like your windows actively attracts malware. you need to install it. If your browser is used inside a vm, the host isn't endangerd (modulo vm jailbreak bugs, but which malware really tries this?)

Re: hyper-v and don't install chrome extensions

[ls671]

from your link:

Make sure you have:

1) Your Windows product key (xxxxx-xxxxx-xxxxx-xxxxx-xxxxx). Learn more.
2) An internet connection (internet service provider fees may apply).

There you go! case solved.

You do have access to a valid license, don't you? You say that you don't? Oh, really? Really, really? Hmmmm.

Read my other posts dummy, I am a Microsoft partner and I don't stab my partners in the back nor do I try to steal from them.

Re:hyper-v and don't install chrome extensions

For most people with with an OEM license the answer is no. Corporate licenses and retail licenses can reinstall on a certain number of devices (including virtual) but OEM is locked to the original physical device.

Re: hyper-v and don't install chrome extensions

The simple act of running on a VM shields you from the vast majority of malware. This isn't because VM are somehow intrinsically safe, it's because almost all malware employs the use of "antis" which is a technique used to detect if the machine is physical or virtual. If the machine is virtual will not execute. This technique protects the malware from reverse engineering, which is almost universally performed on virtual machines.

Re: hyper-v and don't install chrome extensions

[allo]

> almost all malware employs the use of "antis" which is a technique used to detect if the machine is physical or virtual
[citatation needed]

some does, but i guess most doesn't. Many, because they don't care or because it can be non-trivial. And then the question is, which vms they can detect? vmware? Okay, i was using kvm, so the vmware and vbox detection is useless ...

I would not trust on malware distrusting my vm for staying malware free.

Re: hyper-v and don't install chrome extensions

[Joce640k]

Your key won't work on that ISO, wherever you get it from: "This product has already been activated..."

Windows "activators" aren't too hard to find and it sounds like you have a perfectly legitimate reason to use one.

Re:hyper-v and don't install chrome extensions

[TechyImmigrant]

It has been a while for you, hasn't it? They usually don't give you a Windows CD anymore when you buy a PC/Laptop so I couldn't tell you how to install the Windows version you paid for when buying the computer on anything...

1) Go to microsoft.com
2) Buy a windows license, keepo note of the license key.
3) Follow the links to the image download. Download the image
4) Follow the links to the Windows Media Creation tool.
5) Burn the image to a USB stick with the media creation tool
6) Install windows on the target computer from the USB stick and use the license key to enable it.
7) Install Steam.

This is what I did at Christmas when provisioning a gaming PC for a grandchild.

Re:hyper-v and don't install chrome extensions

[marcansoft]

You can make a VM look a lot like the host. I don't know if the license allows you to run Windows inside a VM on top of another instance of Windows with one license, but what I actually do is run the natively-installed Windows inside a VM running on my also-natively-installed Linux (so I can boot Windows natively, or boot it inside a VM on Linux) - a single instance of Windows 10, just with or without a hypervisor under it (this should be perfectly legal; I recall actually reading through the EULA and it being ambiguous about this usage). I made sure the VM had the same CPU settings, the same GUID, the same hard disk serial number, and a few other identifiers. Windows isn't complaining and claims it's correctly activated, regardless of whether I boot it on bare metal or on the VM.

This used to be sometimes problematic when I had Windows 7, but Windows 10 hasn't given me any trouble. Perhaps they loosened up the hardware checks.

IN SOVIET RUSSIA

...VIRUS CLEAN ANTIVIRUS

This is obvious even to AV vendors

[The-Ixian]

The writing has been on the wall for a while now. You rarely get "just AV" when you install an AV product these days. You end up with a whole suite of value added applications like password managers, system optimizers, registry cleaners, web site scanners, IPS and content filters, etc.

The reactionary system we have been living in was never very good. Relying on signatures to detect malware is a fundamentally flawed system. As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

Any AV software company has seen this coming for a long time. At least I would hope they have.

Re:This is obvious even to AV vendors

Part of it had to do with running most users with administrative privileges, and Microsoft created this mess by making the systems hard to use if you didn't have administrative privileges.

I know people even today who turn off UAC the first chance they get because they are so annoyed by the prompts.

Re:This is obvious even to AV vendors

The market will fix it for ya

Re:This is obvious even to AV vendors

[ausekilis]

That explains McAffee AV's behavior.

"You can pry this OS from my cold, dead hands!"

Re:This is obvious even to AV vendors

As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

Generally, operating systems and applications have become bloated and less secure. Given enough time, it all turns to shit.

Re: This is obvious even to AV vendors

This is an artifact of backward compatibility. Calling Function() like you did in previous version of Windows results in default object security that make IPC difficult in secure environments, and most developers have never ported to FunctionEx() that allows fine grained control over security--or if they have, they just throw in Everyone:Full Control.

Re:This is obvious even to AV vendors

The reactionary system we have been living in was never very good. Relying on signatures to detect malware is a fundamentally flawed system.

Relying on signatures still catches a lot of malware.

Most AV these days also looks for suspicious activity in programs to deal with new malware that they don't have signatures for. A lot of AV can whitelist specific programs/files then prompt for anything else.

As the operating systems and, more importantly, the applications that run on them become increasingly secure

Seriously dude? In what world do you live in with OSes and applications that are is "increasingly secure'?

I continue to see all sorts of things - more advanced malware, and all sorts of badly written programs that have programming flaws that should have been trivial to prevent 10 years ago - sql injection, not checking for valid input, buffer overruns, etc.

Re:This is obvious even to AV vendors

[chispito]

Relying on signatures to detect malware is a fundamentally flawed system. As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

I 100% agree with you. Unfortunately it is regulated industries that are keeping this crap afloat.

Security != Compliance

Re:This is obvious even to AV vendors

Even more annoying "this task requires elevation", or "permission denied" with no elevation prompt.
Microsoft's major mistake here was to assume that privilege requiring tasks would properly implement the elevation protocol, instead of catching "access denied" type messages as exceptions and handling them as a permission prompt.

Re:This is obvious even to AV vendors

[CaptainDork]

I ran a large shop when UAC first hit, and I immediately disabled it.

As you know, all it does is ask the nagging question, "Are you sure?"

My people were lawyers, paralegals, secretaries and staff.

They were never sure because the goddam thing gave them NOTHING to consider.

They would stop all work and get my permission to proceed, which was a smart move on their part. If things went sideways, ...

Re:This is obvious even to AV vendors

[Nephandus]

>As the operating systems and, more importantly, the applications that run on them become increasingly secure...

What decade and century do you think we're in?

Re:This is obvious even to AV vendors

[unixisc]

Fully agree w/ this. In fact, for all the bellyaching over Windows 10, one thing they did right - put in the ultimate antivirus in Windows Defender, which comes w/ it. No more paying annual subscriptions to Norton, Kaspersky, ES-ET, Malwarebytes, et al

One of the rare good things to come out of this mess

Re:This is obvious even to AV vendors

[Actually,+I+do+RTFA]

Microsoft created this mess by making the systems hard to use if you didn't have administrative privileges.

That's just not true. On their 95/98/ME line, yes. On their NT-based line, that is their more secure/multiuser/real variant of the OS, they've always enabled non-admins to have the features you would expect. Including, for example, installing apps only for their use, or installing apps that wrote to config files in the user accounts. When they released XP, merging the NT/95 lines, they released documentation saying (a) they were willing to allow 95-style programs to continue their bad security practices requiring admin access; (b) that there was a better way to do everything those programs needed admin access for and instructions on how to do it and (c) the next version of Windows would not allow 95's expectation of admin access (see: Vista's UAC). I know, because we ported all our software to their new standards, and while companies like Autodesk/Photoshop had their software break with UAC on Vista, our software didn't miss a beat.

Re:This is obvious even to AV vendors

UAC is nothing but a legalistic blame-shifting mechanism.

Who is more likely to know the answer to "Is the application safe?"--the people who can write an operating system, indeed, -this- operating system, or a random user who knows no more about the application he's trying to run than what's stated on the web site he got it from, much less how any application works in terms of code?

I've been a professional developer for 20 years. Even I am cognizant of my knowledge base and reality enough to know it isn't me who should be clicking "OK", an if-then should be deciding for me, and it would be virtually impossible to code one in the operating system that doesn't know the operating system better than me.

I suppose the passing-the-buck theory is that users won't want to feel stupid, because they don't know what they couldn't possibly know, and will therefore pretend to know and click the button disclaiming Microsoft of everything that might happen.

Re:This is obvious even to AV vendors

[Mike+Sheen]

I always thought UAC was a mechanism to start to make developers follow better security practices in the applications they develop.

For instance, It alerted the user when applications tried to store data/config files in the Program Files or C:\ folder, instead of %APPDATA% and the like. Lots of software back in the day simply stored data by default in C:\xxx or even their installers defaulted to folders other than the program data folder. I think UAC made some developers ask why was their application causing a UAC notice, and if it was something they could fix (like writing data to the appropriate folder) they did.

Re: This is obvious even to AV vendors

Then you're an idiot. They were given the choice, it was to confirm that the user in fact did want to make this change, as opposed to some background program you didn't know that was launched without user intervention. Microsoft explained it pretty clearly.

"associating AV vendors with security"

Do they? Everyone I know associates AV vendors with bloatware/malware. Except for, say, MalwareBytes. There are exceptions, just not many.

Re:"associating AV vendors with security"

[Pubstar]

MalwareBytes and Webroot are the only two AV programs worth a damn the last time I checked.

AV Free for years

Further, any software you install likely creates new security holes in your system. By installing an AV you are likely opening up more holes then you are closing.

There are three main sources of security holes:
1) Holes in the OS that the OS manufacturer needs to close
2) Holes in installed software that the software manufacturer needs to close
3) Holes in the user's general security intelligence.

None of those are solved by adding ANOTHER software suite.

Re:AV Free for years

[tepples]

Holes in the user's general security intelligence.

None of those are solved by adding ANOTHER software suite.

Not even whitelist-based security tools that allow only vetted applications to run? I thought that was the point behind Apple's App Store, game consoles' app stores, and the PC Matic tool for Windows.

Re:AV Free for years

[Dr_Barnowl]

Problem with whitelisting is that it destroys your computer.

It's not a computer any more. It's an appliance.

Which is fine for people you can only trust to run an appliance, but it prevents anyone from programming aka becoming more productive.

It's a nice little racket - it guarantees the IT dept. a job (they were charging £2,000 to vet programs for distribution at my last place), it gives the "real" programmers more work, but it stops users reaching enlightenment and getting the computer to do what it's for - lots of repetitive tasks in an automated manner.

---

Aside from that, whitelisting software has been responsible for some of the more spectacular performance drops I've seen - like taking a process that writes around 30,000 files and increasing it's runtime from 2 minutes to 15 minutes, taking an operation that subject matter authors were doing when they felt like it and making it a tea-break thing, totally wrecking productivity.

Re: AV Free for years

Users reaching enlightenment...now that's funny.

Re: AV Free for years

Why? Enlightenment is a great DE, you should give it a try.

Re:AV Free for years

If the usr has control of the whitelist (as they do with AV the installed on their own computer) that just moves #2 into #3.

The point behind Apple's App store is verifying that the apps come from who they say they do (the various developers by way of Apple) as well as automating and centralizing updates and such.

Basically, if you get your "Bank of America account manager app" from Apple's app store you can be reasonably sure that it actually came from Bank of America (by way of Apple), not somone who moonlights as the Prince of Nigeria. You also know that it will update itself or notify you when updates are available, and can trivially install it on your new mac without fussing with CD keys or other nonsense.

It's not perfect, but would be impersonators need to fool Apple not random users, which addresses #3.

Re:AV Free for years

[thegarbz]

I thought that was the point behind Apple's App Store

Just another trust model. You're giving up control over your system to some curator and trusting them keep you safe.
Of course nothing is perfectly safe

Re:AV Free for years

[Sigma+7]

Problem with whitelisting is that it destroys your computer.

It's not a computer any more. It's an appliance.

Which is fine for people you can only trust to run an appliance, but it prevents anyone from programming aka becoming more productive.

With modern computers, I see no reason why this is an issue.

It is trivial to have a whitelist system that can be disabled for developers that want to program. Google Android does this, and I see no reason why future computers can't be setup this way either.

Re:AV Free for years

Yes, whitelist-based security tools are another security risk. If you know you're using whitelisted programs you're more likely to trust whatever they say or do. No programs are risk free, everything has bugs. There's millions of bugs crawling around on your skin right now. You're your own biggest security risk.

Re:AV Free for years

[tepples]

It is trivial to have a whitelist system that can be disabled for developers that want to program.

But it's not trivial to keep malware developers from social engineering naive end users into turning on developer mode.

Re:AV Free for years

[Sigma+7]

While targeting inept users can always work, this system makes it better for regular users, so that they don't have something forced installed because an ad-network redirected them to a malware page, and better for developers since they can still have the protection of regular users for anything untrusted while still being able to do their own thing.

And even if you manage to prevent inept users from activating developer mode without hindering developers, it still doesn't protect them against other social engineering attacks where they enter their own bank account information onto a phishing website. If anything, it's best to not worry too much about inept users, and simply let regular users be safe from whatever drive-by attack is happening today.

Re: AV Free for years

23333 3

AV is a joke

[n0w0rries]

I started removing AV from clients computers years ago. All it does is slow your PC down. Every time I had to deal with an infection, the PC involved had AV, that was sometimes very hard to remove.

malware removal services should just be a tax on the easily confused.

Re:AV is a joke

[FyRE666]

Exactly. I do the same, if we get a new PC with commercial AV installed (usually some trial) it's the first thing I uninstall to installing improve disk performance by 50-100%. The Windows 10 built-in AV works fine and doesn't make a PC perform like it has a 5400rpm drive from 2001, instead of a modern SSD.

Re:AV is a joke

LOL I'd never trust an uninstall. Format is the only option for getting rid of that crap

Re:AV is a joke

[Moheeheeko]

an experienced McAfee user I see.

Re: AV is a joke

Improve disk performance for ransomware to trash your data too! Windows builtin AV will NOT perform SSL/HTTPS inspection.

Re:AV is a joke

> The Windows 10 built-in AV works fine

Every AV works fine as long as you don't get infected.

Re:AV is a joke

[thegarbz]

I don't mind the performance loss. It's the not losing files that I care about.

Kind of like how AV tools lock new files for scanning after creation, except that MS Office apps write to temporary files before renaming at the end, and a lovely little timing based issue then results in the locked files being synchronised causing you to end up with a corrupted set of .TMP files where your documents should be.

AV can go to hell.
Mind you so can Offline Files in Windows, it's equally buggy.

Re: AV is a joke

[Bob+the+Super+Hamste]

Windows builtin AV will NOT perform SSL/HTTPS inspection

That is one of the jobs of my firewall. Along with running a NIPS, doing regular firewall activities, DNS black holing for ads and trackers and being a VPN server. So why run it on my main machine when instead I can run it on a much more secure platform with a much smaller attack surface that then protects all devices I own.

Re: AV is a joke

Layers of defense. Yes, using a Fortigate firewall in conjunction with local AV of say, Bitdefender, will overlap in capability, but hopefully one engine will catch what the other completely missed.

Nothing about AV and security is 100% guaranteed, but it does improve your odds should the end-user slip up and do something stupid with an unknown attachment or URL in an email.

Sorry to contradict former Firefox but ..

[Skydoor.Blue]

I like to have Malwarebytes on my machines.

Re:Sorry to contradict former Firefox but ..

Yes. MB removed some malware that defender failed to spot on my Windows 7 machine a few years ago, well, it spotted it and thought it had removed it, but on every reboot it was back.

This is news?

[Lije+Baley]

Certainly only old people still fall for the aftermarket AV scam? I quit years ago when AVG transitioned to "worse than the disease" status.

Re:This is news?

[dpidcoe]

I've been running AV free since the early 2000s up until MSE came out, and constantly took flak from self declared IT experts whenever I mentioned it (they'd insist that my computer must be an infected cesspool and I was just too dumb to notice). tbh I'm actually surprised the comments here aren't filled with people insisting that aftermarket AV is an absolute necessity and insinuating that the mozillia developer must be in league with some botnet owners.

Re:This is news?

[MightyMartian]

I think most of us have been bit too many times by the bloat that products like Norton AV and McAfee represent. Norton in particular is just a resource hungry monster, and as a good many of the machines in our organization are about seven or eight years old, the idea of putting that kind of CPU cycle ravisher on them fills me with horror. In the end, we upgraded to Windows 10 (a rather mixed experience), and just used the built-in Windows Defender plus a pretty locked down network and good backups so if, somehow, some ransomware gets loose, our actual data loss is fairly low. And that's really the lesson here, AV has never been the entire answer, and relying on it in the absence of good practices and user training has always been a dangerous path.

Re:This is news?

[Bob+the+Super+Hamste]

I think long ago most of us realized that ALL AV products suck. I get asked frequently by others outside of IT world which AV they should run and they are shocked when I tell them just use MS security essentials, or windows defender as they are free, come built in to windows, and while they suck about as much as the other AV products at least it doesn't nag you and eat all available resources.

True

I haven't had a virus ever, I mean ever in 25 years of using a computer. Just don't click pop ups,always use an ad blocker and don't open those "official" emails from Microsoft wanting to update your system or Nigeria wanting to send you 40 million dollars. Only jackasses get viruses nowadays. Don't visit porn sites either. Its not hard, just people are inherently stupid thus getting spyware and viruses needlessly.

Re: True

And you expect my 80 year old grandmother to hover over a link and know that goodstuff.co is not the same as goodstuff.com? Or which domain she needs an exception for in the ad blocker for the news site to actually load?

Re:True

[tepples]

always use an ad blocker

How will this remain practical once more sites follow the lead of WIRED and The Atlantic and start showing paywalls to ad blocker users? If you view one document on each of 20 different sites in a month, would you find it affordable to buy a $4 per month subscription to each of these 20 sites?

Re:True

[NatasRevol]

Also, don't go to any sites with ads as they're a significant virus vector.

But wait, you're here so use an ad blocker.

But wait, some have been paid by ad co's to allow their ads. Including infected ads.

Now keep a list of which ad blockers, AVs, websites, official emails, are good. This week.

Re:True

[pr0fessor]

Sites that require an exception in ad-blocker or a subscription are also sites that are unable to afford to be reckless with the advertisers they allow on their site. It's really about placing the responsibility on the site to make sure they are not serving up malware in ads.

Re:True

And how often do I absolutely -need- that article on WIRED or The Atlantic or Forbes or any of those sites that throw up a hard paywall? I can find the same information elsewhere. Most internet browsing is discretionary. Entertainment. I don't bitch and moan about the sites that can't accept that the ad industry has destroyed our trust and it's too late to go back. I just don't go there anymore.

Re: True

I don't really do much risky stuff on my computer, and I have picked up viruses several times over the course of 20 years. I don't really know how it happened. But it does happen.

Re:True

[mrchaotica]

will get a super old house that is either a small ranch or split-entry

Instead of using an "ad blocker" that tries to be smart, I use uMatrix to block everything except what I specifically choose to whitelist.

Re:True

[johannesg]

Well, either you stop reading those sites, or you wait for adblocking to catch up. This is an arms race, and I am not about to give total control over my computer and my internet connection to an industry that has such a bad track record. A few articles are just not worth the annoyance and risk.

Re:True

always use an ad blocker

How will this remain practical once more sites follow the lead of WIRED and The Atlantic and start showing paywalls to ad blocker users? If you view one document on each of 20 different sites in a month, would you find it affordable to buy a $4 per month subscription to each of these 20 sites?

Use a script blocker instead of an ad blocker, and only whitelist the main news page. This will still prevent the malicious script-based ads from running, but also allow you to access the content of the news site.
The bonus is that it will also protect you from scripts running on sites that haven't been identified as "advertising" by the ad blocker company and added to their global blacklist.

Re: True

I just don't read those pages. If you attempt to dictate to me the terms upon which I can fetch your publically accessible web pages, if you try to impose commercial barriers upon an open system, I become disinclined to trust your work, especially if you are a journalist. Your ideology obviously leads you to attempt to overturn both the nature if the web and its traditions, so why should I trust your content not to be shaped primarily by your ideology and only secondarily by facts and reason? In short, if you put up a paywall or block adblockers, you lose my trust and my readership.

Re:True

[gnick]

Don't visit porn sites either. Its not hard...

Well there's your problem.

Re: True

[tepples]

if you put up a paywall or block adblockers, you lose my trust and my readership.

If the majority of an online publication's readers run an ad blocker, how would you recommend that it keep its servers on and connected to the Internet and a roof over its writers' heads? After ads and subscriptions, what is the third funding model?

Re:True

[tepples]

If you're commenting on a Slashdot story whose featured article is from one of those sites, other Slashdot users are likely to berate you for being uninformed on grounds of not having read the article.

Re:True

You haven't had a virus that you know of. There are so many ways malware can get onto a computer, and it's very possible some aren't detected by any well known antivirus. Just because you have never seen evidence of a virus on your devices, that doesn't mean you never had one.

I'm not advocating for antivirus, most are garbage with what seems like a 40% success rate.

Re:True

Those sites can keep their content to themselves. Very few sites have exclusivity on things that interest me. I like the control-C trick the other AC posted, but I care so little for those paywall sites, I won't even bother with that.

Re: True

Unobtrusive ads and asking nicely for people to turn off the blocker, not blocking them if they dont.

The ads shouldn't make noise, play video, change position on the screen, pop over or under, or track me. Then you can show ads and I wont block you.

Re:True

They can serve up ads in the form of plain images. Ads don't need javascript or flash. Plain images are rarely security risks.

Re: True

No. I expect her to use a Mac, honestly. No, I am not a Mac user, I use Linux. I do have iOS on this tablet. You minimize the risks with a Mac.

Re:True

[allo]

just stop visiting such sites. They do not deserve your visit.

Re:True

[NatasRevol]

I'm sure that scales well to nontechnical people.

I don't trust Microsoft, nor the AV vendors. :|

I don't trust Microsoft, nor the AV vendors. :|

The internet tech seem terrible imo, and nobody seem to do anything other than letting this shit show continue.

As if everybody involved in making money or running a government kept saying: "Fuck privacy and fuck security."

Re:AV signatures

[hackwrench]

The textfiles site has a collection of old CD. One of them has virus signatures that trigger Windows Defender, among others, and some of them are quite harmless.

The average user still needs AV

[entropy01]

I don't use AV, but the average person still needs it. The average person either doesn't know or doesn't care what they are clicking on. As part of a layered defense strategy for the average user, it is still needed. Personally, I don't like AV stealing my CPU cycles. I use other methods, common sense chief amongst them, to prevent infection.

Re:The average user still needs AV

[DarkOx]

The average person does need A/V but the built in stuff that come with Windows is more than adequate. Signatures are really only good if they are nearly to the moment up to date and with the present rate of churn on the internet that model just does not really work. To the degree it does still work Microsoft does as good a job as anyone. Its the heuristic side where there is still some effectiveness but even the high dollar stuff like Cylance falls down more than it succeeds. They claim 99% and maybe that is true if you just grab random malware off the internet and throw it at their stuff. We did some internal testing with more recent exploit code from metasploit and what have become downright common powershell and rundll payloads; if all we did is make the most trivial modifications to them we saw more like a %2 detection rate, other endpoint packages did about the same as well.

Long story short A/V won't protect you from even a broadly targeted (hey I know these guys are using windows 8 because I Trojaned my "stat button" replacement app for windows 8/8.1, now I'll just wait and here and see how my hosts join my botnet) attack using updated tools. It certainly won't help you against an actual targeted attack.

Should everyone leave Windows Defender on, yes its free and MS has done a pretty good job making sure their own AV package does not foul up their own OS. I would NOT recommend any third party A/V solution at this point for individuals or SMBs. There might be some residual value in endpoint packages for larger businesses but there is an equal strong cases for going without and focusing on a systems management solution instead where you simply make sure everything is patched and you have tight control over what gets run. Unfortunately Applocker bypasses are fairly trival now so you do need a third party solution800,000 to take a true white list approach.

Re:The average user still needs AV

In buisness you still need an AV suite because you need central management and reporting.. Which you need because you need to check that box on the audit form.

That's really about it. For compliance reasons. You do a lot of dumb things for compliance reasons, but it's worth it because it covers your ass when shit goes south.

Re:The average user still needs AV

[XparXnoiaX]

The problem is antivirus makes your system less secure. You're giving up control of your system, making it less secure, and not getting much in return. Microsoft Security Essentials is enough.

Re:The average user still needs AV

[0ld_d0g]

Good point, also a lot of the internet based payloads are much easier to block at the router level without installing resource sucking AV products. We use a security appliance that does a decent job of blocking parked domains/botnet C&Cs/spam urls/etc.

Ad Block

[EvilSS]

These days one of the best AV products is a good ad blocker. I can protect myself from sketchy downloads: don't download sketchy software or from sketchy sites. I can't prevent some asshat from exploiting a zero day in a browser through an ad on a mainstream site, except by blocking all ads on all sites.

*Yes, trusted sites can be comprised and it's happened in the past where downloads were infected but the odds that I'll download that software during that window where the infected files are being handed out are about the same as me getting stuck by lightning.

Re:Ad Block

[interkin3tic]

I use addblock, ghostery, and noscript to protect myself from viruses

"YOU'RE KILLING THE INTERNET!"

Yeah, well the internet infected and killed one of my computers, so I'm going to be wearing an internet condom from now on. Besides, you can't tell me no one is viewing ads anymore when my aunt still is using windows XP.

"What websites were you LOOKING at that killed your comptuer?"

Oh the usual ones, porn, porn, yahoo, and more porn.

"You pervert! Use google instead!"

Re:Ad Block

[EvilSS]

Yea I get the need to make revenue but if they won't work to make sure that all of their ads are vetted and clean, I won't stop using adblock. For some reason instead of doing this, they seem to think it's a better idea to just make the ads that people without adblock see more and more intrusive. Or do like Wired and try to get me to pay more for their website without ads than I do for their freaking paper magazine! Logic.

Re:Ad Block

[interkin3tic]

Forbes too seems to be going full on RIAA. "A fraction of people are getting our product for free. SPEND ALL THE MONEY TRYING FRUITLESSLY TO FIGHT THESE RARE PEOPLE!"

I'm sure they have more information than I do, but I suspect they're spending more money and losing more readers doing it than they would theoretically be gaining in the first place.

Re:Ad Block

[johannesg]

"YOU'RE KILLING THE INTERNET!"

The internet was built to withstand a nuclear attack. I'm sure it can survive the loss of ad revenue.

Re:Ad Block

[EvilSS]

Yea that was the last straw for me with Forbes. I actually added them to my personal blocklist addon so they don't show up in google searches anymore, and I try to avoid them where i can elsewhere. They are basically a blogging platform for out of work "journalists"... sorry... freelancers these day with virtually no editorial oversight. The writers just pump out as much crap as they can to maximize their meager revenue. Then they pull that crap with their adblock blocking, and the very day they turn it on they were serving up malware via a malicious ad.

Re:Ad Block

[Fire_Wraith]

Given the nature of Ad Networks, it doesn't really matter what sites you're looking at. You could surf only perfectly reputable sites, and you'd still get pwned if you weren't blocking the ads. It's because they're using third-party distribution networks, and while certainly there are some networks that are shadier than others, I've yet to see anything that convinces me that the crooks can't get malware up on them long enough to do damage.

Re:Ad Block

[ortholattice]

I would be willing to add an AdBlock exception for Forbes if they guaranteed malware-free ads. By guarantee I mean they would compensate me monetarily for my lost time restoring my system, at say $100 per hour. Short of that, no Forbes for me!

Re:Ad Block

[interkin3tic]

Hey now! They have some very insightful articles on... pokemon go...

Re:Ad Block

Oh the usual ones, porn, porn, yahoo, [washingtonpost.com] and more porn.

Run the majority of that inside of a virtual machine. It keeps your main system clean, and, less effort trying to hide your habits from others in the same household. If your VM dies, no big deal.

Re:Ad Block

[Shane_Optima]

I use addblock, ghostery, and noscript to protect myself from viruses

You should try uBlock Origins sometime. Uses the same adblock lists as ABP, allows per-domain rules like noscript and request policy, has a *ton* of other features yet still manages to be snappy, low on RAM usage and very easy to use with one of the best compact pop-up interfaces I've ever seen[1] and an indispensably good "block this element" feature that's much nicer than ABP's ever was. It's also ridiculously easy to toggle between default-deny and default-permit modes, for those times when you're in a rush. There's a lovely trick I quickly discovered wherein you regularly browse in default-deny mode, and whenever you fully set up a site to work properly you go in and redlist (explicit-deny) everything that you didn't needed to whitelist in order to make it work. This takes all of two seconds, but means that if/when you flip over into default-permit mode (or let's say if you're copying the ruleset to a relative's computer, and you know they definitely aren't going to want to mess with this stuff), those sites you've visited and configured will still be fully sanitized with explicit-denies.

Oh yeah, unlike ABP and Ghostery, it's GPL so it's definitely not going to get bought out and fouled up (or rather if it does, a fork will appear.)

The only thing it's sorely lacking is good cookie management. (The related advanced-user extension uMatrix from the same author can deal with cookies, but not in a very fine-grained way as I recall. Self-Destructing Cookies is a good enough option for most people unless you need to manually whitelist specific cookies instead of specific domains.)


1. It will take a few minutes of tinkering with 'advanced mode' turned on, but it's quite intuitive once you understand what's going on: left column global rules, right column local rules (which trump global rules), default behavior (all domains) at the top with domain-specific behavior underneath, three states for each cell (whitelist==green, blacklist==red, whitelist but apply ad filter type rules==gray), lighter red/green/gray cell shading to represent the effects of your default settings if you haven't assigned any explicit manual rule for that domain, and ---s and +++s to give you an idea of the number of requests allowed and blocked. Plus a few separate buttons for overall off/on (site specific), remote font blocking, large media element blocking, etc.

Re:Ad Block

[EvilSS]

We need a law that if you are caught serving up malware or fraudulent ads, both you and the ad network are fined, with the proceeds going to the person or persons who discovered it and reported it first. Not a crazy large fine, but an amount that stings enough that the networks and sites would be forced to better police their ads.

I agree with the summary

[DatbeDank]

Let's be real with ourselves. Nowadays the vectors for attack are easily protected so long as you use a modern browser that sandboxes itself and use an ad blocker you really don't need anything more than the built in AV and firewall tools for windows. I don't even think OSX provides an AV tool.

I haven't paid for antivirus software since 2005 which was coincidentally when I discovered Firefox and Adblocking extension.

I'll stick with the free tools.

Re:I agree with the summary

[iTrawl]

There's one more requirement: Don't download MyFavouritePokemonDesktopPal from many-pokemon.software-site.no-really.latest-software.trust-us.com

Re:I agree with the summary

Let's be real with ourselves. Nowadays the vectors for attack are easily protected so long as you use a modern browser that sandboxes itself and use an ad blocker you really don't need anything more than the built in AV and firewall tools for windows. I don't even think OSX provides an AV tool.

I haven't paid for antivirus software since 2005 which was coincidentally when I discovered Firefox and Adblocking extension.

I'll stick with the free tools.

Apple provides AV as a service on macOS and it appears to work fine given the limited scope of what it actually needs to do on a modern operating system. This article is just a realization that Windows also doesn't need an AV service with the broad scope required in years past.

This is all a good thing.

Re:I agree with the summary

[srmalloy]

It's amusing that the article has an update:

Perhaps it should go without saying --- but you also need to your OS to be up-to-date. If you're on Windows 7 or, God forbid, Windows XP, third party AV software might make you slightly less doomed.

And how much is the check you're getting from Microsoft to shill for them encouraging "upgrades" to Windows 10? Or are you suggesting that Microsoft is deliberately failing to fully update Windows 7 in order to make it look less secure?

Re:I agree with the summary

[roca]

Windows 10 has some systematic security improvements that weren't backported to Windows 7. That sort of thing is often hard to retrofit without breaking stuff.

I spent fifteen years of my life working on Firefox, fighting Microsoft tooth and nail to stop them from taking over the Internet. Nowadays I' work on debugging software that only works on Linux. So no, I've never been Microsoft's shill or anyone else's. But people running up-to-date OSes is in everyone's interests.

Re:I agree with the summary

Can you and your team help make Firefox more secure?

Right now if any of the hundreds of CA certs enabled by default on Firefox is somehow used by an attacker to sign a site's cert (e.g. bank, webemail), Firefox will trust it without giving a warning.

Something like Certificate Patrol but able to cope with more than one cert per site would be good.

The warnings won't work for "normal users" (who wouldn't even notice the lock stuff and get pwned anyway) but they would help for the users who care enough about security to bother learning about how stuff works.

Certificate pinning requires sites to do additional stuff and most won't.

Re:AV signatures

This would be why even Windows Defender has an option to ignore files and directories of your choosing.

Registry cleaner is all you need

I've been telling people for YEARS that AV is obsolete. All you have to do is limit your browsing (stay away from porn/downloads) and you're basically gold so long as you keep windows up to date.

For the last 10 years I've had a laptop that I've used solely for web browsing/anything we based... and a gaming PC that only connects to the internet for games, and that's it.

In terms of speed/performance... the biggest difference I've seen is from using a registry cleaner.

Re:Registry cleaner is all you need

[tepples]

All you have to do is limit your browsing (stay away from porn/downloads)

Is there a reason that erotic videos can't be made safe? And if you have a gaming PC, how do you obtain games other than through downloads?

For the last 10 years I've had a laptop that I've used solely for web browsing/anything we based... and a gaming PC that only connects to the internet for games

Or just abandon the PC platform entirely: do non-gaming on a tablet running a smartphone-derived operating system, possibly with a Bluetooth keyboard, and use a PlayStation 4 for gaming.

Re:Registry cleaner is all you need

Haha I have no idea why erotic videos aren't safe..... and yeah I download most of my games, but that's because I bought and paid for them. They're coming from the vendor. I didn't use the word "download" to mean that I pirate the games.

By 'downloads' I was referring mostly to friends that still torrent a LOT of music/movies, and are always having problems with malware, etc.

Re:Registry cleaner is all you need

[gnick]

By 'downloads' I was referring mostly to friends that still torrent a LOT of music/movies, and are always having problems with malware, etc.

Has there ever been a noticeable attack using corrupted music/movie files? I mean ".mp3," ".avi," etc. - Not ".mp3.exe," or ".avi.zip."

Re:Registry cleaner is all you need

[tepples]

Off hand I can remember an attack on GStreamer's support for Super NES audio. The interpreter for the Sony SPC700 had some serious bounds checking defects, allowing a program running on the emulated SPC700 to manipulate host memory.

Re:Registry cleaner is all you need

stay away from porn/downloads

That's a bit extreme, don't you think? I mean, is there really anything else?

Duh

[Khyber]

AV products actually make you less secure. They act as a MITM, replacing certificates with their own and totally defeating the purpose of TLS/HTTPS.

Re:Duh

[tepples]

Without using a MITM proxy, how else is the operator of a home or organizational network supposed to cache public images, scripts, style sheets, and other resources, so that multiple devices on the network don't have to redundantly download the same resources over a slow and/or capped connection to the Internet?

Re:Duh

By using a regular proxy?

I mean, as long as the public images, scripts, style sheets and other resources are served over HTTP, a regular proxy can cache them.

MSE is licensed only for up to ten PCs

[tepples]

That and organizations with more than ten PCs running Windows 7. The last time I checked, the built-in AV on Windows 7 (Microsoft Security Essentials) was licensed for use only on up to ten PCs in an organization, after which the organization is expected to either A. buy the appropriate Windows Server license and the appropriate Microsoft System Center 2012 Endpoint Protection license, or B. upgrade to Windows 8 or later where MSE was integrated into Windows Defender.

I have had no issues

[KozmoStevnNaut]

With Malwarebytes and BitDefender. I don't go for the big all-in-one "security quites", so the simpler approach works great for me.

Re:I have had no issues

Malwarebytes is an American company with no offices in any other country. This makes it easier for its antivirus software to be compromised by the American government: the product is not open source, and its source code is not available for employees of other countries to examine. It could be an industrial espionage trojan ^W^W^W^W an anti-terrorist tool for all I know.

When selecting such critical pieces of software, I tend to favor multinational companies that have development offices in non-allied countries with respect to mass surveillance (e.g. the combination of USA, China, and Russia is OK, but the combination of USA, UK and Canada is not).

In this respect, Bitdefender is a much better option. From wikipedia: "a Romanian Internet security software company, represented through subsidiaries and partners in over 100 countries."

Re:I have had no issues

P.S. Bitdefender probably also fails this test. I see no software development offices outside Romania.

Re:I have had no issues

Webroot is along a similar low-churn ez-mode with relatively good detections.

Re:I have had no issues

[KozmoStevnNaut]

I only use my Windows installation for games, nothing that actually matters.

Web browsers are viruses

They suck your ram, bombard you with ads and tracking and they try to be an operating system over what used to be a static document viewer.

Re:Web browsers are viruses

[tepples]

What's better: a bunch of applications that you can run inside your web browser, or a bunch of applications that you can't run at all because their developer's computer uses a different operating system from your computer?

APK

[aicrules]

This story needs some APK posts.

Re:APK

[CByrd17]

There is one up above. Browse at -1 for APK viewing!

Re:APK

No, don't summon the APK! Everyone stay quite and maybe he'll not see...TO LATE, EVERYONE RUN!

Re:APK

[aicrules]

Haha he must have started posting as I noticed the lack of it. Glad I wasn't disappointed. I would love to one day know if this is really a person taking that much time to post or if "He" is now just a bot or a combination of bots.

Re:APK

You can summon him but you can't control him.

OTOH, I'm not sure that the 3-4 APK posts I've seen thus far are actually him. It could be someone impersonating him.

Re:APK

[aicrules]

It is odd that his first post was at the same time I posted mine. His replies are all later but directly above this post is the first...creepy

Re:APK

[Bob+the+Super+Hamste]

It can't be that hard to impersonate APK I believe he may have actually been turned into a very small shell script.

Not used an AV in the past decade

[GeekWithAKnife]

I find that SPI firewalls, execution prevention, careful permissions for limited users, NoScript and other tools are far superior to an AV.

Liberal OS policies and platforms are not ideal for anything you;d hate to lose. Often you would not know that something malicious is running.

With multiple layers of security on a system that does not change often you can have fine grain control of anything. An odd internet connection attempt, a never heard of before program attempting to run etc -that reasonable easy to catch.

AV vendors have been packaging (shoving) everything included as soon as they realised AVs are done. Unfortunately the desktop class products are often more trouble than they are worth.

That being said, I still advocate the complete security packages from AV vendors for users that know little being logging into facebook. They are clueless and could not manage a complex system a "security suite" type program is their best bet.

Re:Not used an AV in the past decade

[zifn4b]

I find that SPI firewalls, execution prevention, careful permissions for limited users, NoScript and other tools are far superior to an AV.

You're confusing AV with other types of security software. They all have a purpose for computer security but they all do different things to help with that. They are dealing with different attack vectors.

Re:Not used an AV in the past decade

I doubt most users would be able to afford an SPI firewall but I'm curious as to how you're using it as an AV replacement. When the SPI inspects a packet with a malicious payload, how can it know it is malicious without running the contents through an AV?

Re:Not used an AV in the past decade

[GeekWithAKnife]

NThe confusion here is your understand of what I meant. I find that other tools provide better virus protection to an AV.

While they are not advertised as AV products they simply supplement the need for an AV which is useless for 0day attacks - the other tools are superior.

A traditional AV can do very little for me. It can only scan for existing signatures.

Execution prevention can deal with multiple attack vectors. Even a kernel bug that allows priviledge escalation as an attack vector can still sometimes be stopped with execution prevention...because AV software became useless providers switched to a more encompassing security approach.

Re:Not used an AV in the past decade

[GeekWithAKnife]

That is exactly the point in complexity. It cannot know anything automatically. It needs to be configured correctly and as restrictive as possible. SPI may provide you with the insight you need as opposed to just allowing comms on port 80 from one point to another. The question is, what;s being communicated are there odd packet fragments? are there packets out of sequence? is there encrytpion when it's not expected? -these and much much more can all be clues.

While you system may be infected with a virus that then executes a crypto ransomware program the firewall can at least block comms. In such a situation you have a chance to save your system before everything is encrypted into oblivion.

One tool or program is simply insufficient for proper security.

Of course if you are just surfing websites and playing games this is all very over the top and unnecessary. Just the means to reinstall your system from scratch would be easier, simpler and possible faster. -a VM can be a realistic choice for frequent restorations (but not practical with new games)

I disagree

I started using Avira instead of Microsoft Security Essentials because I found that MSE does not catch all viruses out there. I also occasionally scan the system with herdprotect which uses 68 anti-malware engines to scan for viruses.

http://www.avira.com/
http://www.herdprotect.com/

In real-world tests Avira, Bitdefender and F-secure blocked 99.9% of viruses whereas Microsoft Security Essentials only blocked 97%.

https://chart.av-comparatives.org/chart1.php

Re: I disagree

I started smoking Camels because with their modern filter they deliver the smooth taste I like.

And more doctors prefer Camels over any other brand of cigarette!

Re:I disagree

Those percentages are outrageously high. I've reviewed the official tests out there that claim those numbers, and I call BS on those. One of the major tests doesn't even include the ransomware trojan in the results, probably because traditional antivirus is failing at an alarming rate. I've seen several different antivirus protected computers come through our business with infections. I was dealing with as many as 7 encrypted networks a week at times. We have managed to switch the bulk of our clients to a next gen antivirus after testing it ourselves and being happy with the results. I now deal with 1 or 2 encrypted networks a month, and those are from clients that did not switch to the next gen AV.

Wired...

Just navigate to the page you want on wired.com.
Highlight the text and pictures in your browser, control-C, and paste it into Word before they hit you with the "About those ad blockers..." message.

It takes a second, but you read what you want and piss on their massive load of scripts and ads.
(I run noscript, which they don't like)

MS AV has about 60% the detection rate

of the better commercial products. Kaspersky will typically catch 40% more bugs. All the people going "prevention is the best medicine" are right but you still need AV for when prevention fails. Across an institution with a thousand computers that is just bound to happen. It's only a question of how many times per year. And Kaspersky is dirt cheap. That's what we use where I work and that's what I use at home too.

Re:MS AV has about 60% the detection rate

It has about 60% of the detection rate... say these "better" commercial products. Ever wonder how many of them are false positives and benign bullshit? It's a lot.

iPad, PlayStation, and Jiffy Lube

[tepples]

an appliance [...] prevents anyone from programming aka becoming more productive [and] stops users reaching enlightenment and getting the computer to do what it's for - lots of repetitive tasks in an automated manner.

Which elicits a big "So?" from appliance fans.

The majority of the population do not read Slashdot. I imagine that most either A. use computing devices for entertainment rather than "becoming more productive" or B. prefer to outsource the programming to a specialist rather than "reaching enlightenment" themselves. For evidence of these, look at the popularity of iPod touch, iPhone, iPad, PlayStation 3, Xbox 360, PlayStation 4, and Xbox One. For evidence of preference of delegation to a specialist, look at the popularity of services such as Jiffy Lube rather than doing your own car maintenance.

Re:iPad, PlayStation, and Jiffy Lube

These "appliance people" could at least RTFM. They owe at least that to the rest of humanity.

Re:iPad, PlayStation, and Jiffy Lube

If properly disposing of used filters and oil was less of a pain in the ass, I would do that myself. Instead, I pay someone else while I read a book because I don't want the hassle. They also check other fluids and top stuff off. I've literally watched them do it at one shop that let me hang out. It's worth the money to let them get handle it.

Jesus Christ you fuckwits

This is on par with the anti vaccine people. Please, go get infected morons. We need the stupid people to occupy the malware authors' time so they leave the rest of us alone.

Well...

Firefox is slow and bloated anyway.

Re:Well...

In my experience, Firefox runs faster and more reliably than the other browsers. There are times I have over 200 tabs in my Firefox browser, and it keeps on working well. IE is worthless, Edge is worth even less then IE. Chrome has it's uses, but I hate having more than 15 tabs open in Chrome.

The Long (I/O) Path

Anything that adds delay to I/O requests is "bad" without adequate concurrency. AV just sets a new baseline.

Addons = inferior & inefficient vs. hosts

What hosts do addons can't (or as well):

PROTECT vs.:

1.) bad sites (past ads)
2.) fastflux C&C
3.) dynDNS C&C
4.) DGA C&C
5.) DNS down
6.) poisoned dns
7.) trackers (dnsrequestlogs/ads/transparent ISP proxy)
8.) spam/phish payload
9.) dns blocks
10.) slowdown 2 ways: adblocks & hardcodes

11.) Multiplatform
12.) Ez data edit
13.) Efficiency (cpu/ram/I-O)

14.) UBlock no DNS bennys = poor imitation = "sincerest form of flattery"
15.) NoScript tag parses. Hosts block adservers before it cheaper

APK

P.S.=> AB+ 151mb http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/

UBlock 64MB http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/

(hosts ~6mb)

ClarityRay defeatable

Don't work http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/

SLOWER: http://superuser.com/questions/686041/which-leads-to-faster-browsing-an-ad-blocker-or-an-edited-hosts-file/

Re:Addons = inferior & inefficient vs. hosts

raymorris makes me hard

APK

P.S.=> I need him NOW

Re:Addons = inferior & inefficient vs. hosts

[EvilSS]

Hostfiles are a horseshit way to manage this. If you don't want to use addons then do it at the firewall where you can more easily manage lists you use and you don't have to do it on a machine by machine basis. This is more than possible with consumer gear and third party open firmware.

Re: Addons = inferior & inefficient vs. hosts

I wondered how long it would take you to show up

My solution: Linux+AdBlock+hosts

[gosand]

I run Linux, a browser with ad blocking, and a hosts file with 94.5k entries (for shady sites) that redirect to a dummy IP.

No JS, no article

[tepples]

Use a script blocker instead of an ad blocker, and only whitelist the main news page.

Their answer to NoScript is to make everything past the abstract JavaScript-dependent.

Linux...

Because no matter how tightly you close a window, it still leaks infections like a $5 hooker.

The medium is the message...

My main concerns with AV in general, like with many apps, are the integrity of the delivery channel (initial installation and updates) and the quality of the binary itself.

MS has put tremendous effort into both these areas, so I tend to trust their products, including OSs. Many other app vendors, including AV, have shipped with gaping holes in their products and/or their update mechanisms.

The first rule in security is to minimize the attack surface, which includes the number of vendors and apps you let onto your system. Since MS has removed my ability to control Win10 updates, and wound up doing a pretty good job of creating and managing updates, I decided they get first shot as my primary AV tool.

No regrets, so far.

Hey, Whiplash - Abolish this horrible mod system

If you browse an anything other than -1, you're an asshole.

The mod system is biased against A/Cs, many of which make very intelligent and insightful comments. These comments remain hidden, until the mods hold the opinion that it is suitable for your reading pleasure. The system is abused in order to push agendas.

By browsing at anything other than -1, you're letting other people influence your opinion by allowing them to determine what you should, or shouldn't bother reading.

Learn to think for yourselves.

Go ahead and mod me down now, in an attempt to hide the truth.

Re:Most efficient ad & threat blocker there is

[EvilSS]

This is terrible. If you want to it this way use a firewall that supports block lists. Doing host files is idiotic. It's machine by machine and a PITA to manage.

Linux

[TheOuterLinux]

Linux. Enough said.

It's called...

...don't write a shitty browser like Firefox and you won't have to deal with the crap he's complaining about...

Re:Most threats use hostnames not IP address

[EvilSS]

Bullshit. I can block hosts using any list you can use in APK at my firewall. And when I do it covers my entire network, not just the machines I put them on.

Re:Hey, Whiplash - Abolish this horrible mod syste

[phantomfive]

To some extent I agree.......the -1 posts should be shown in collapsed form, so at least you know they are there.

Re:WRONG & how/why... apk

[EvilSS]

See my post: If you don't want to use addons then do it at the firewall where you can more easily manage lists you use and you don't have to do it on a machine by machine basis.

There are firewall firmware available that can use the same blocklists APK uses, but they cover your entire network. Stop shilling for APK.

Real Purpose of App Stores

[HannethCom]

The app stores are about control and money. None of it to benefit you!
First and foremost almost all app stores are about the company making money off of other people's products. Apple really showed this when they stopped applications from being able to buy things like ebooks. Apple wasn't happy because they were not getting their cut for doing nothing.
Then you have control. Again Apple shows this best with not allowing anyone to compete with their products and not allowing other app stores to function.

You're less efficient programmatically

Again, hostnames = easily moved to another bad hosting provider by malwaremakers/botnet herders changes IP ADDRESS (rendering firewalls useless which is WHY malwaremakers use hostnames more) +& firewalls layer on a filtering driver - hosts = the IP stack itself (more efficient/less moving parts & messagepassing) in tcpip.sys (firewalls aren't).

* You're failing @ every turn, badly!

APK

P.S.=> You really, Really, REALLY need to take some computer science (specifically DDK level coding used in firewalls via filtering drivers) & understand HOW firewalls truly work - it's all in my reply now above & yes, it's LESS EFFICIENT due to "Bolting on 'MoAr'" but I said they compliment one another excellently (along w/ a filtering protective DNS like OpenDNS)... apk

Re:You're less efficient programmatically

[EvilSS]

Not sure what you don't understand, but do these look like IP addresses to you? https://imgur.com/a/44AnF

You can block hosts at the firewall, you are not limited to just IP's. I think it's you that needs to take a refresher in compsci and networking. Your understanding seems to be a few decades out of date.

Re:You're less efficient programmatically

[Bob+the+Super+Hamste]

APK doesn't understand that it is possible to black hole DNS lookups with a non garbage router/firewall. He probably also doesn't understand that on a non garbage firewall you can do a lot more than just have it look at packet headers and do block/allow actions based off of the data in there. I mean who would want to have an NIDS/NIPS running on the edge of their network doing DPI to block malicious content? Why would anyone want to have something inspecting all web traffic to block virus laden content? Who would ever want to have a secure VPN server so that they can access their stuff remotely and also ensure that dodgy WiFi hotspots can't spy on their activities? Finally who wouldn't want all of that in a little box that sits there quietly consuming 8-14W?

Personally I think APK is the reason we have RoHS as he was licking too many boards with lead solder, either that or he needs to give up his hobby of hat making.

Less efficient/more moving parts

Hostnames = easily moved to another bad hosting provider by malware & it changes IP address (rendering firewalls & why malwaremakers use hostnames more) +& firewalls layer on a filtering driver - hosts = the IP stack itself (more efficient/less moving parts & messagepassing) in tcpip.sys (firewalls aren't).

* You're failing @ every turn, badly!

APK

P.S.=> You really, Really, REALLY need to take some computer science (specifically DDK level coding used in firewalls via filtering drivers) & understand HOW firewalls truly work - it's all in my reply now above & yes, it's LESS EFFICIENT due to "Bolting on 'MoAr'" but I said they compliment one another excellently (along w/ a filtering protective DNS like OpenDNS)... apk

Hosts files work better vs. more threats

See my subject: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

(Per my subject - THIS IS WHY vs. FIREWALLS https://it.slashdot.org/comments.pl?sid=10172213&cid=53749719/

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Firefox is slow and bloated.

[Spazmania]

I don't run any antivirus software on my PC. I still have to kill firefox a couple times a day because it's "not responding" for five minutes or more doing some kind of background task across the 3 gigs of ram it's consuming.

You're not wrong about Antivirus software (your reasons are precisely why I don't have any installed) but that's no excuse for Firefox's poor code quality.

Re:Firefox is slow and bloated.

Install an adblocker and a flashblocker, or just remove flash and your firefox will be faster.

Re:Firefox is slow and bloated.

[ChrisMaple]

Under Linux, cpulimit can often break this firefox misbehavior.

Re:Firefox is slow and bloated.

[Spazmania]

When firefox exhibits this misbehavior under Linux, 'top' reports the X server process slammed to 100% instead of Firefox itself.

Re:Firefox is slow and bloated.

[Spazmania]

I never have allowed the flash plugin to be installed in Firefox and I surf with Noscript so javascript only runs on sites where I accept it. My firefox is perfectly fast until it slams into a wall and is 100% unresponsive for several minutes. I don't mean slow. I mean does not respond to user input at all.

3rd party AV is for standby

Every now and then (once every handful of years) I'll get a nasty virus because I download... questionable files at times.

I keep 3rd party AV on hand for these circumstances where I'll boot into safe mode and kill all the nasties.

Malwarebytes and Kaspersky have done good by me.

Well

[kilodelta]

I run software and hardware firewalls, plus AV, Ad and script blocking. Makes my web experience much better.

Less efficient filtering driver + non-native

See subject: Most used OS Windows firewall doesn't & you're less efficient (layered drivers firewalls use hosts don't need) "Bolting on 'MoAr'" vs. using what you have already.

QUESTION:

Do Linux/MacOS X don't have app level firewalls natively (like zonealarm) or ones that use hostnames like hosts do (minus layering on more drivers inefficiently)?

I know Windows' firewall uses IP addresses & it's MOST used (creates most jobs too that way).

IF SO on *NIX variants?

Nice to see firewall makers have to TRY duplicate what hosts does for you natively already (but you're STILL STUCK USING LAYERED ON DRIVERS creating more moving parts for breakdown & exploit + inefficiency)... yes, INFERIOR INEFFICIENT IMITATION = sincerest form of flattery!

APK

P.S.=> Again - hosts = part of the IP stack & NATIVE to your system (zonealarm app level firewalls, aren't & again, have to 'Bolt on MOAR' creating inefficiency using non-native stuff creating room for exploit/breakdown too)... apk

Re:Less efficient filtering driver + non-native

[EvilSS]

You have no idea what you are talking about. None. It literally works like what your program does, but at the firewall on the edge of my network. The firewall downloads the lists and any DNS request goes against that cache first before forwarding the lookup. There is NOTHING running on the PC, the DNS lookup is just as fast (faster actually since it doesn't have to use the forward DNS servers). Your solution uses MORE system resources since I have to run your app on the PC. Also big hosts files are not resource free when the TCP stack goes to do a lookup. Your solution also does not protect every machine behind the firewall. Mine does. Using the exact same lists. I can manage them from one place and can cover devices your solution cannot (game consoles, TVs, IoT devices, tablets, phones, etc) plus any device that comes on my network. Also APK's GUI looks like a nightmare to deal with.

Finally, my solution is fully open source, where APK appears to be closed source.

Re:Less efficient filtering driver + non-native

[jeff4747]

I always trust people this uninformed about the basics of networking when deciding on how to protect my network.

WRONG step by step how/why

1.) IP addresses are easy to sinkhole stop by ICANN etc.
2.) Most malwaremakers/botnet herders using hostnames vs. IP address
3.) Windows (most used OS) firewall uses IP addresses (fails vs. most malware)
4.) Firewalls use LAYERED FILTERING DRIVERS hosts don't (& are more efficient as part of the IP stack itself)
5.) You're "Bolting on 'MoAr'" vs. using what's natively available in Windows (most used OS) & iirc, MacOS X + Linux too (unless they imitated hosts, sincerest form of flattery using hostnames)
6.) You introduce MORE moving parts complexity, added messagepassing, & more room for breakdown when an OS doesn't already have a firewall that blocks hostnames (I knows windows doesn't, last I knew? *NIX variants didn't natively either)
7.) Hosts = EASILY migrateable by script from domain admin users across all endpoints (not a "SINGLE POINT OF FAILURE" too)

APK

P.S.=> Do MacOS X/Linux NATIVELY have firewalls that block hostnames? Inefficient imitation of hosts if so... apk

AV From a corporate perspective...

As a Corporate PC technician I have learned that it is not infections from random sites that I worry much about (we use Proof Point for Spam and our network ports are locked down almost to the point of insanity) but it’s our user base that keep me up at night. As someone so eloquently put it, if users click on stupid things, they need stupid software to baby sit them. The number of times that I’ve been able to save (and by save I mean not re-image a machine and wipe all of the data) a user’s computer due to having enterprise level AV software installed is pretty high. Think I’ve only had to wipe 3 or 4 computers in the 13 years I’ve been doing this, with a user population of around 300 computers, I’d say that’s pretty good. The stupid stuff I’ve had to install from there systems that would have burned then is upsetting however. I’ve seen users with 8 toolbars, 10 Coupon, all sorts of shareware add-ins to “Make Outlook run faster”. Programs that load untold amounts of malware on their systems. And they wonder why their machines run slow. Most of this –ahem— software gets around the admin controls we have in place that protect windows, and would probably do further damage if it were not for the AV suite installed which has actively blocked many Trojans and other backdoor software from installing. Do we have the best suite? No idea. But I don’t have to wipe that many machines and just uninstall the stupid crap our user base installs. That’s a plus for me. I worked in a mom and pop shop that did not have AV for a short time. I did not have the same success rate I tell you, A person is smart. A user, is an idiot.

You're credible why?

[zifn4b]

And we should trust the developer of a browser whose development team didn't see the problem with their memory model chewing up resources until Firefox ground to halt and took an ivory tower position of something along the lines of "you shouldn't have your browser open that long." I know quite a few people who switched to Chrome over that nonsense, myself included. Why should we trust your recommendations again?

Re:You're credible why?

[Parker+Lewis]

What is the relation between a former developer opinion about anti viruses and one of the products of the organization he worked? You're saying that if you don't agree with the memory model of Firefox, the opinion of the former developer is wrong, which is totally unrelated. Attack the message, not the messenger.

Re:You're credible why?

[CrashNBrn]

Sure, lets switch to a browser whose idea of tab-management is to copy IE.

Re:You're credible why?

So what you're saying is because there were some issues with a program they made, any insights they make about any subject are assumed to be false? Even when they aren't, as in this case?

Do you just shoot right through your front door whenever someone rings your doorbell on the assumption that they're nefarious evildoers also?

Re:You're credible why?

[roca]

> a browser whose development team ... took an ivory tower position of something along the lines of "you shouldn't have your browser open that long."

That never happened. You just made it up.

Re:You're credible why?

Because to me, as a user, it sounds like the developer is blame-shifting like a three-year-old. To me it seems obvious that the Firefox devs don't know what they're doing and that Firefox sucks because the developers are incompetent. I think the dev is just refusing to fix his bugs and performance problems by pretending the AV software is causing it. And I'm saying that as someone who doesn't even use AV.

Depends who "You" is

[Afty0r]

I haven't used Antivirus Software in about 15 years, and I use a PC or similar device for 12+ hours a day. I haven't caused a single infection - the only time a computer of mine was infected was when someone snuck onto my computer to try a practical joke, loaded a porn website to set as my homepage *but did it in Internet Explorer* back in the days of IE6
Of course, I know what to click and what not to click. I know to examine dialogue boxes and have critical thinking skills to evaluate the website I am downloading from, or viewing. My parents, maybe they need Antivirus... but then maybe not, as they get infected approximately annually despite actually having it anyway. So OP is probably right.

Firewalls use layered drivers, hosts don't

See subject: It's inefficiency & 1 firewall is a SINGLE POINT OF FAILURE (hosts aren't migrated to endpoints by domain wide admins).

Hosts do LOCAL RAM ON THE PC ITSELF fastest possible DNS lookup (it's right there cached in RAM).

* Plus, face facts: IF your firewall uses hostnames? It's INEFFICIENT IMITATION (hosts always did, no layered driver inefficiency more moving parts complexity & room for exploit + breakdown).

APK

Re:Firewalls use layered drivers, hosts don't

[EvilSS]

If my firewall fails, then I'm 100% safe because NOTHING is getting out. With your "solution" I have to make sure every machine is running the host files, and has the latest updates. That's massively inefficient. Any one of those can stop updating or fail outright and I have no way to know. My firewall I can just check the logs. Plus now you are using up system RAM on every machine, yet you complained earlier about the RAM that plugins take up? It's fewer moving parts, not more. I have one place to manage it. I also can protect systems that you absolutely cannot. Plus how do I know APK isn't going to inject an exploit or sell out like AdBlock plus did? I've got a closed source app running on all my PC's, with elevated privileges, with your "solution". With mine nothing needs to be installed or run on the endpoint. Your solution is much more open to exploitation than mine is. My firewall can't be easily altered by malware, a host file on a Windows OS can be. It's closed source so I can't inspect the source. Trust failure.

What's an antivirus?

[loufoque]

I've never needed one.
Then again, I run Linux.

Routers = security issues & cost MORE "$"

See my subject: ROUTER SECURITY & INEFFICIENCY EXAMPLES IN ROUTERS GALORE (proof by the 100's in inefficiency + security problems) https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

Do home routers/modems have enough ram to store MILLIONS of hostnames to block? No.

THEY COST MORE MONEY!!!

They eat more power too!

ALSO A SINGLE POINT OF FAILURE (for sure, see link above).

* More inefficiency & waste vs. using what you natively already have...

Keep "moving the goalposts" boys from addons, to DNS, to routers, to firewalls - you can't win on efficiency by bolting on 'MoAr'!

APK

P.S.=> I.E. - Each IS all less efficient "Bolt on 'MoAr'" bs that eats more resources + introduces, in power/cpu/RAM & other forms of I/O vs. using what you have natively in hosts as part of the IP stack itself in FASTER more cpu serviced kernelmode non-layered driver inefficiency of firewalls even (most native ones don't block by hostname but less used in threats ip addresses, rendering them useless)... apk

Re:Routers = security issues & cost MORE "$"

[Bob+the+Super+Hamste]

^^^ See suffering from lead or mercury poisoning ^^^^
Like I said he is too dumb to realize what is possible on non garbage hardware. And by non garbage I mean a little 5"x5"x2" box with a 4 core celeron processor, 8GB ram, and a 120GB SSD which is garbage compared to my desktop but is substantially more powerful than the trash consumer firewalls and routers. In addition to being a firewall it also runs Snort in NIPS mode doing DPI, black holes a bunch of crap as a DNS server, runs a proxy server for all web traffic where it passes the traffic through an AV first, and acts as a VPN server so when I am away my mobile devices connect to it instead of being naked on some questionable WiFi connection. Also by not relying on a single hosts file on one my desktop I can protect even devices that otherwise couldn't be like smart phones and tablets.

Also APK doesn't seem to know much about securing systems because if he did he would understand the defense in depth philosophy. That is layer upon layer of protection to stop threats at as many different levels in as many different ways as possible. Snot will block threats attempting malicious activity that a hosts file can't stop. Just because all the web traffic flows through an AV on the firewall doesn't mean I don't have windows security essentials running on a windows machine doing checking there. Just because I have a firewall device at the edge of my network doesn't mean that I have disabled the OS firewall on machines behind it.

WRONG on ALL counts (especially single point)

See my subject: Hosts = easily migrated to endpoints NOT a single point of fail like other 'solutions' (DNS, routers, firewalls etc.)!

WRONG: admin runs it centrally & script migrates to endpoints!

* I love how you "network menials" "move goalposts"!

Addons -> DNS -> Antivirus -> ROUTERS (full of security issues galore + moving parts complexity & room for exploit breakdown single points of fail)-> Firewalls (layered driver inefficient, most only work on IP lesser used threat nullified by most malware & single point of fail).

* Hosts do MORE natively in FAST kernelmode (vs. slower usemode MOST of those use too) vs. ANY single other solution for less NATIVELY no bolt on 'MoAr' bs.

APK

P.S.=> CLUE: My program LOCKS HOSTS vs. alteration (& refreshes on updates clean) above WFP/SFP windows already has (can't be broken in usermode, I've tried)... apk

Re:WRONG on ALL counts (especially single point)

[EvilSS]

Your program uses more resources than my firewall, and that multiplies with the number of machines that need to be protected. Again, if my firewall fails there is no point because NOTHING is getting out. Although if I wanted I could always load balance the firewalls to provide redundancy. Seems overkill for my house but I could do it without much effort. My solution protects EVERYTHING behind the firewall, yours only works on devices where the host file can be modified and, it only "protects" windows machines. Yours requires a bunch of hoops to protect multiple machines, mine just works. One device or 1000. If I need to add a host name quickly, I just add it and done. No replication to machines required. Takes about 5 seconds. New machines are protected the moment they touch the network, yours requires the admin to do work to protect them. As for speed, the difference between a local hosts lookup and a local network DNS lookup would be meaningless. We are talking maybe a millisecond or two at the most, not seconds or minutes. I also don't know why you keep going on about layer drivers. My firewall is not using a "layer driver" since it's NOT INSTALLED ON THE PC. I don't know how you are not getting that yet. It's a hardware device, the block lists feature is incorporated into the firmware and used EXACTLY like a local host file on a linux box (which is essentially what it is). My firewall is unaffected by processes running on the client PCs (nice that you lock the file, but what stops malware from terminating your process first? Nothing. Also assuming malware would be running in a user vs admin context is foolish. There is NOTHING APK can do that my firewall doesn't already do. In fact APK can't do some things, like protect every device on the network, that my firewall can.

Re:Most efficient fastest ad/threat blocker

Please stop spamming us with your crapware.

Dear Slashdot:
Please add 'APK' to your lameness filter. It is more offensive than the ones you already have. Eh, so you may as well throw in 'Trump' to keep the crybabies out. The war is over.

Downmod hiding why you failed?

1.) IP addresses = easy to sinkhole
2.) It's why malwaremakers use hostnames vs. IP address
3.) Windows (most used) firewall uses IP address (fails vs. most malware)
4.) Firewalls use LAYERED DRIVERS, hosts don't (more efficient as part of the IP stack itself)
5.) You "Bolt on 'MoAr'" vs. what's natively in Windows (most used OS) in hosts & MacOS X/Linux (unless they imitate hosts sincerest form of flattery using hostnames in firewalls).
6.) You introduce MORE moving parts complexity, added messagepassing & more room for breakdown when an OS doesn't already have a firewall blocking hostnames (Windows doesn't & last I knew? *NIX variants didn't natively either) & slower usermode parts!
7.) Hosts = EASILY migrateable by script from domain admin users across all endpoints (not "SINGLE POINT OF FAIL") - run my prog centrally & script migrate (or run it locally on each PC/server).

APK

P.S.=> QUESTION U AVOID: Do MacOS X/Linux NATIVELY have firewalls that block hostnames?

Look, let's be real here

First and foremost, for the people who say they don't need Antivirus and they don't get infected using "common sense", you need to get off of your high horse. Why? It's simple, just because you don't notice any symptoms does NOT mean you don't get infected. I'm strictly talking to Windows users here, and I'm not gonna get into the whole Mac gets no virus BS

Look, no one likes AV if we can help it, no matter how lightweight, it'll take up system resources and can be annoying/intrusive. But we need it, it's a necessary evil, especially for regular users, even if it's not as effective as we'd like.

I will also ask even power users to install it too unless it truly causes great inconveniences or they don't care about data loss. Why? Because how else would you know you got a virus trojan malware etc. unless the symptoms are super obvious and in your face? Are we assuming that all malicious programs will exhibit obvious symptoms and can easily be detected by using "common sense"? At the very least, with AV programs we can be aware of problems as they occur which "common sense" won't.

If I have to use a rough analogy, imagine AV software to be your door lock. Just because a crapton of people can unlock most locks out there, are you going to keep your doors unlocked knowing there's a lot of danger lurking in the neighbourhood? I know I certainly wouldn't.

Lastly, this is based on one FORMER developer from mother of all gods - Mozilla's opinion, let's not shit ourselves here.

If I come off as rude, then so be it. Because the truth is, I'm sick and tired of people not only giving, but taunting with bad advice just because they are ignorant or simply don't give a shit. You people do more harm than good, and you absolutely need to stop doing that.

Re:Look, let's be real here

If Windows didn't leak like a festering pustule you wouldn't need A/V, but it does and Mickysoft hasn't fixed it and never will. That's why smart people switch to Linux.

Re:Most efficient ad & threat blocker there is

Dude, the entire concept of a hosts file came from *nix in the first place. Windows didn't invent it.

Second, doing this on the border firewall is so much easier, and covers all the devices that aren't running Windows (it's no longer the most popular OS by quite a margin). It conserves resources on the endpoint devices and is much, much easier to manage at scale - whether a home LAN or a large enterprise network.

Lastly, if the clients are configured to use a web proxy then the hosts file gets ignored for all HTTP requests forwaded to the proxy as the name lookups are done by the proxy itself, rendering your app pointless.

But with your lack of real-world experience I wouldn't expect you to understand. All this.

Oh and change the name too. 9.0++ SR-5 32/64-bit? Really? What does all that mean anyway? Why not just call it Hosts FIle Engine 9.0.1 or something more sane? As a sysadmin it's a nightmare to keep track of updates when folks use insane versioning names in their products. Just because MS do it, doesn't make it a good idea.

Central firewall IS single point of fail

See subject & QUESTION U AVOID - Do MacOS X/Linux use hostnames in their native firewall? Windows doesn't (most used).

Hosts data output != WINDOWS ONLY (any OS using a std. BSD derived IP stack has hosts) hence domain admin runs my prog centrally & script migrates hosts to pcs NOT my prog on every box(No singlepoint fail or layered driver more moving parts inefficient - vs. hosts it's inefficient & more parts)!

* CLUE: Most folks @ home don't have networks or software central firewalls let alone one using hostnames, most use IP addresses.

(I made my FREE program for users as hosts are on their pc natively not bolt on more inefficiency full of SECURITY HOLES & ineffiencies as other solutions are)

My program LOCKS hosts vs. attack above WFP/SFP (nothing usermode burns it, I tried) + CLEAN refresh from pristine backup on next update too!

Local hosts lookup IS faster (from local ram, no network traversal query/feedback time)!

APK

P.S.=> Answer my question

Re:Central firewall IS single point of fail

[EvilSS]

OK then how does your product block ads on my iPhone? My firewall does this.

Re:Central firewall IS single point of fail

[EvilSS]

Also you do realize this is a dedicated firewall device, right? This isn't some slapped together implementation of iptables. The entire OS is dedicated to being a firewall, including quite a bit of custom code. This isn't some PC you install Linux on and turn on a client firewall. You hounding on about windows and linux "firewalls" you are talking about client firewalls on the OS. THIS IS NOT WHAT I AM TALKING ABOUT. This is a dedicated hardware device running custom open firmware (Tomato Shibby).

Summary omits crucial exception: Microsoft's

[roca]

Original poster here.

My post says "Except Microsoft's", right in the title. I think that's important. I believe that Microsoft's Defender stuff is probably less bad than the other major players and worth having enabled for average users. Unfortunately that's been left out of the Slashdot summary.

Re:Summary omits crucial exception: Microsoft's

[roca]

Oh, and I also mentioned in the post that you'd be better be using a fully up-to-date OS and browser.

Begging?

[tepples]

Unobtrusive ads

I'm told that ads wouldn't be obtrusive if unobtrusive ads brought in enough revenue to continue operations. Advertisers are willing to pay far more for obtrusive ads, and switching from obtrusive ads to unobtrusive ads might cause your favorite site to bring in so little revenue that it has to stop responding to HTTP requests.

and asking nicely for people to turn off the blocker

This sort of "begging" is reported to have anemic results.

The ads shouldn't [...] track me.

The only ads that can be proven not to track viewers are ads hosted by a site itself. And those have a far lower revenue per thousand impressions for two reasons. First, most advertisers don't know that a particular site exists in order to bid up prices for the site's inventory of ad space. Second, those that do know that a site exists prefer to advertise through a network with analytics powerful enough to filter out click fraud.

Burn your own install CD ...

[perpenso]

They usually don't give you a Windows CD anymore when you buy a PC/Laptop so I couldn't tell you how to install the Windows version you paid for when buying the computer on anything...

Microsoft makes iso images available. The vendor probably provided a key some where.

Re:Burn your own install CD ...

[rpstrong]

No need for the vendor; just look for the holographic Windows sticker which includes the product key (as well as version info). MS requires having the sticker on systems sold with Windows. It is often on the back of desktops, or on the bottom of laptops, or in the battery well.

Endpoint protection is more than AV...

[steppin_razor_LA]

AV is just part of the reason that we use SEP. It also allows us to do things like control access to USB devices, lock down which processes can be ran, etc.

I agree that the traditional AV portions of the product have questionable utility.

its not that you dont need it

its that if you catch something you will notice

its that the antivirus will not block it, or clean it, wether you noticed it or not

its that if you have something and havent noticed, neither will your antivirus, ior it will "catch" hundreds of false positives that are just the browser cookies or some stupid stuff like that

its also that for something that does nothing, it happens to make your computer slower

so its not that you dont need it, its that you dont WANT IT

COMPUTAH

[JThundley]

Why do I need antivirus on the thing I use to start Steam? We mandate antivirus on our work computers, still hasn't stopped cryptolocker from encrypting stuff on network shares.

Pure bs from you is this (firewall != resolver)

"There is NOTHING APK can do that my firewall doesn't already do" - by EvilSS ( 557649 ) on Friday January 27, 2017 @03:42PM (#53750967)

Firewalls do NOT have resolution capability - hosts do (like DNS but faster, especially vs. remote DNS - no network traversal).

APK

P.S.=> Thought I'd add that in vs. your "false bravado" too, lol... apk

Re:Pure bs from you is this (firewall != resolver)

[EvilSS]

Lol what? Of course firewalls can resolve host names. Why would you think they could not? It's a linux OS running the firewall. Look, it's obvious you wrote APK and that's fine. But it's also obvious that you don't know anything about networking or IT. Stop arguing when you are arguing from a position of ignorance. I showed you a screenshot of the firewall using the same lists that you can use with APK. It works the same, but it doesn't require any configuration on the clients and protects everything behind the firewall. It's a vastly superior way to do it.

Eat your words CHUMP (Evil"BS" f'd up)

"There is NOTHING APK can do that my firewall doesn't already do" - by EvilSS ( 557649 ) on Friday January 27, 2017 @03:42PM (#53750967)

Firewalls do NOT have resolution capability - hosts do (like DNS but faster, especially vs. remote DNS - no network traversal).

* That functions for BOTH speed (local resolution via reverse DNS verified hardcoded favorites where you spend most time online faster than remote DNS especially & local DNS) AND SECURITY (protection vs. Kaminsky redirect poisoning in DNS which 99.999% of ISP DNS are NOT PROOFED AGAINST).

* Hosts also don't add in layered drivers more moving parts inefficiencies (& most firewalls ONLY block IP addresses, not host names & HOSTS DEFINITELY DO (which are used in malware/botnets etc. by FAR more)).

APK

P.S.=> Look before you leap (Evil "BS" didn't) when you're trying to give me guff - I always eat you fools alive with your OWN big mouth stupidities... apk

Windows Administrator

[Bratch]

On Windows not running as an administrator is more important than having AV, especially for users who will click and install anything, like kids, or those who do not know any better.

Where'd I say hosts originate on Windows?

Don't put words in my mouth I never said - Where'd I say hosts originate on Windows fuckbrain? I never did!

Show us WHERE I DID, you lying little FUCK!

By the way shithead: Privoxy works w/ hosts just fine (it's a proxy) but most users don't use proxies fuckbrain network menial!

LASTLY: You stupid little shit: Don't EVER insult me ala "my lack of real world experience" You pitiful motherfucker - minus coders like myself? You undereducated 'network' imbeciles = helpless shitheads who merely USE what guys like me MAKE for "the underducted unskilled likes of menials like you" merely USE fuckhead!

See below - you did more, earlier & better?

APK

P.S.=> I've been doing everything since 1994 PROFESSIONALLY from:

Techie
Network Admin
DBA
Programmer-Analyst
Software Engineer
Architecting both networks + software

MOST LIKELY before you were BORN being featured in trade shows like MS TechEd 2 yrs. in a ROW as a finalist there in its hardest category (SQL Server Performance Enhancement) with code of mine that ended up making the commercialware it was for perform 40% BETTER & bought out NOW SOLD COMMERCIALLY since 1996 successfully since + numerous times in publications to great acclaim - have you, big mouth FUCK that you are? No way... apk

Re:Where'd I say hosts originate on Windows?

So much profanity! And so many assumptions about me. Seems I hit a nerve... XD

Anyway you implied that 'nixes used 'an inefficient imitation of hosts' in another thread above which is a silly statement - that's all I was referring to about the origins on the hosts file.

Your career started in 1994? Cool. You have a couple of years on me admittedly but I was well and truly alive at least. And been in the industry long enough to have extensive experience with most Windows versions since NT4 (and much else in the MS enterprise stack), classic Macs, OS X, many, many Linux flavors, Solaris , VMware, networking, SAN, web dev, various scripting languages, DBs and more than I could ever list here.

And lastly no, I don't use software like yours. It's utterly pointless for me both at home and work. There are simply many better ways of managing DNS filtering.

Hosts = best antivirus - how/why... apk

See my subject: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Malwarebytes' hpHosts hosts & recommends

APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

(Details as to HOW & WHY annihilated EvilSS here https://it.slashdot.org/comments.pl?sid=10172213&cid=53750217/

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ & Steven Burn of Malwarebytes' hpHosts verified its code + hosts & recommends it... apk

Re: Malwarebytes' hpHosts hosts & recommends

Fuck off. You're an idiot.

Re: Malwarebytes' hpHosts hosts & recommends

[allo]

you're new here, aren't you?

Malwarebytes' hpHosts hosts & recommends

APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

(Details as to HOW & WHY annihilated EvilSS here https://it.slashdot.org/comments.pl?sid=10172213&cid=53750217/

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ & Steven Burn of Malwarebytes' hpHosts verified its code + hosts & recommends it... apk

Most efficient fastest ad/threat blocker

See my subject: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

(Details as to HOW & WHY annihilated EvilSS here https://it.slashdot.org/comments.pl?sid=10172213&cid=53750217/

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Cat got your tongue?

So if I get a randsomware virus... Robert O'Callahan will pay the ransom inj bitcoins and give me a copy of firefox for free? Otherwise he only puffed a pink cloud of nonsense as usual.

Better vs. NoScript (block adscript sources)

Hosts files block adservers serving adscripts (Noscript inefficiently parses page tags) before NoScript even BEGINS to operate in SLOWER usermode (clotting up browsers w/ messagepassing, ram, CPU & I/O overheads).

* Best hosts file creator there is, bar-none?

b>APK Hosts File Engine 9.0++ SR-5 32/64-bit https://it.slashdot.org/comments.pl?sid=10172213&cid=53752825/ details in that link!

APK

P.S.=> Enjoy & it's 100% FREE + completely safe (code verified by malwarebytes' folks @ hpHosts who both HOST & RECOMMEND IT in Mr. Steven Burn one of their TOP employees)... apk

I didn't even IMPLY it! You're illiterate & a

See subject: I never said hosts originate on windows. You're illiterate trying to cover your error, you trolling unidentifiable "ne'er-do-well"

What I referred to IF YOU COULD READ idiot, was EvilBS' firewall claims to use hostnames (imitating hosts, as most ALL firewalls use IP (some like zonealarm are application level though, but all use drivers layered on more moving parts (fact) & are not 'native' to OS if they are app level OR hostname using imitating hosts).

LEARN TO READ scumbag.

APK

P.S.=> I see you can't prove you wrote a decent gui software I wrote that malwarebytes' hpHosts both hosts + recommends let alone a commercially sold successful software I did that went to Microsoft TechEd as a finalist with being published many times... apk

Bob the superschmuck shot down easily, lol

See my subject? Stupid suggestion from you on routers FULL of security issues I shot you to pieces on https://it.slashdot.org/comments.pl?sid=10172213&cid=53750621/

* It's not hard to show you're a stupid fool who suggests things most folks can't afford (routers that can contain as much blocking data that hosts can) that are FULL OF SECURITY PROBLEMS!

APK

P.S.=> You're a do nothing zero "ne'er-do-well" with a FAKE NAME online for your FAKE LIFE (& you know it)... apk

OpenSORES = EFast Chrome problems

See my subject: That's TRULY an "OpenSORES" problem & I'll post dozens of /. users that disagree w/ you on my GUI + more in my posts after this (just to annihilate you more, lol)!

* It's not MY fault you can't design a GUI program yourself from scratch as I have that the likes of highly esteemed Malwarebytes hosts & recommends, lol!

(Looks to ME like you're just another MENIAL user techie WANNABE that criticizes others but can't do the job himself - easy to be a critic, not so easy to be the chef like myself - that is, unless YOU built that firewall of yours from SCRATCH/by hand, yourself (or IF you did, did you COPY OTHERS WORK calling it your own like most "opensores" wannabes do, playing smart?)

APK

P.S.=> Lastly on your "FIREWALL DNS LOOKUP? LOL, last I knew of, FIREWALLS DO NOT DO DNS LOOKUP or RESOLUTION (but hosts do) - it truly was a pleasure SHOWING YOU ARE FULL OF SHIT quoted here blowhard https://it.slashdot.org/comments.pl?sid=10172213&cid=53752509/ lol... apk

/.ers disagree w/ you on my GUI program #1/2

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's liked + recommended & hosted by Malwarebytes' hpHosts!

APK

P.S.=> More coming... apk

/.ers disagree w/ you on my GUI program #2/2

I support APK's stand on the hosts file Trax3001BBS

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid JazzLad

No complaints from me, I like APK... Reminds me to use a host file. Also, his stuff is free aaaaaaargh!

APK's monolithic hosts file is looking pretty good Culture20

APK... Awesome to see he's still spreading the good word Molochi

ABP is insufficient as a solid hosts file does everything that APK reminds us about fast turtle

APK isn't wrong cfalcon

APK, I know people give you a lot of shit regarding hosts, but please don't ever stop nasredin

You need APK's hosts file Teun

APK solution STILL relevant Thud457

you're right about hosts files drinkypoo

APK

P.S.=> They're in addition to https://it.slashdot.org/comments.pl?sid=10172213&cid=53753293/ many more earlier + 1,000's worldwide - there's no arguing w/ success (vs. YOUR FAIL https://it.slashdot.org/comments.pl?sid=10172213&cid=53752509/ ... apk

Evil "BS" Mr. +5 it was ez nuking you

See subject & your MAJOR FUCKUP vs. myself here (firewalls don't DO name resolution dummy) https://it.slashdot.org/comments.pl?sid=10172213&cid=53752509/ & thru my other posts (as no MATTER WHAT YOU SAY, firewalls do NOT do as much, see link, & they DO LAYER ON "MoAr" inefficiently in layered filtering drivers - hosts don't - they're part of the IP stack itself + MOST firewalls don't do hostnames - they do IP addresses (which most malware nullifies by using hostnames)).

* :)

R o T f L m A o @ U!

APK

P.S.=> You FuCkEd Up badly in that link "OpenSORES" blowhard, lol... apk

Every developer will tell you the same

[Ilgaz]

They are falling into a misconception that everyone uses their computer like they do. An experienced developer will have common sense, won't use administrator account, will update their OS and won't do crazy things like typing "Watch movies free" to Google and click the very first site appearing.
Most of the developers won't even change their wallpaper.
So, you don't need AV if you can manage a gigantic code like Mozilla but it doesn't mean everyone is the same.
Ms antivirus is a joke regarding detection rates.

Brain 1.0 XOR Antivirus

[allo]

And most people need antivirus, because brain 1.0 is not internet ready, yet.

I hate AV products that provide a "firewall"

I'm a CS student who works at the IT help desk on weekends for grad students. The school I work at uses a captive portal and DNS filtering to maintain a blacklist of disallowed sites (porn, warez, etc.), which causes a lot of students to come to us unable to connect to the internet because whatever dumb firewall they're using takes over DNS resolution and breaks their connection to the portal because it's not what they expected.

Lately I have seen a lot of Kaspersky "Internet Security" with a firewall that is seemingly impossible to disable (the UI option to do so simply does nothing). I am often forced to get people on the network by spoofing their MAC address on my debian netbook and having them register using that.

You're a jealous little "ne'er-do-well" loser!

See my subject: Take your own advice you UNIDENTIFIABLE little coward bitch. It's not my fault you're a jealous waste of life!

* Just another "chattering 'wannabe'" trying to 'play smart' on /. like he might know something about the art & science of computing when the truth is, you're far too unintelligent to be capable of feats I do with ease (& you know it).

APK

P.S.=> LOL, little fucks like YOU make me fucking LAUGH (@ waste of life undereducated unskilled SWINE like you)... apk

For the best host file creator?

APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

STFU "jealous jowie"

See my subject: I'm on topic w/ a better solution that does more for less vs. any other single "so-called 'solution'", you're not & imo, just jealous you wasted your life being an undereducated loser who isn't capable of creating things on his own as I have that are capable of doing all that!

* Above ALL else? I've obviously DESTROYED YOU PUBLICLY here before illustrating you know jack shit about computing so you 'stalk me' & harass me via your "courageous" (lol, not) UNIDENTIFIABLE anonymous posts.

APK

P.S.=> Crapware eh? Well, my ware's hosted & recommended by the likes of malwarebytes' hpHosts - you're welcome to do better (but oh yea, that's right - a STOOGE talker like YOU isn't capable of something like that, are you? Obviously not, lol!)... apk

Re:STFU "jealous jowie"

You're just a lousy fucking spammer. Go away!

Impersonating me loser = WEAK!

See my subject & as far as raymorris the wannabe? OK:

"I don't shoot my mouth off without knowing what I'm talking about" - by raymorris (2726007) on Thursday December 31, 2015 @09:29AM (#51215379)

Raymorris shoots his mouth off f'ing up in 2 security fuckups https://it.slashdot.org/comments.pl?sid=5351503&cid=47379233/ & https://slashdot.org/comments.pl?sid=5351503&cid=47374033/ + raymorris = scriptkiddie https://politics.slashdot.org/comments.pl?sid=8895203&cid=51726265/

&

Tell us how ONLY 'newer script kiddie tools' have stringlength built in (when PASCAL had it for ages - my fav tool) https://slashdot.org/comments.pl?sid=8472509&cid=51114383/ - raymorris = a BLUNDERING WANNABE!

APK

P.S.=> raymorris also likes to talk behind others' backs like the gossiping bitch TROLL he is https://slashdot.org/comments.pl?sid=9880997&cid=53312265/ well, here I am letting HIM TALK in those links, showing his lies & tech FAILS ... apk

Hosts = better antivirus than antivirus

See my subject: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Hosts stop trackers & ads natively

See my subject: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Sorry but if you're a Firefox developer

[PJ6]

you don't get to talk to me about security.

Routers are FULL of security issues

See my subject: Hosts aren't! Prevention = best medicine (& what can't touch you can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

(Details as to WHY my subject line's true by the 100's, partial list only? See https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

UBlock = inferior + inefficient vs. hosts

UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"

Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.

APK

P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons

Hosts ~6mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...

Re: I didn't even IMPLY it! You're illiterate &

Success is subjective, and everybody has a different way of measuring it. I haven't written and published a GUI app, nor do intend to. It's not something I need to consider being successful, when I already have a good source of income, things I need to live and a happy family.

Nor do I care about TechEd, having long diversified myself outside of the Microsoft bubble. Power to you though.

It's fair to say the requirements for your 'successful' app are pretty damn niche - it looks too clunky for the average home user to understand, and those in the know (I.e. the average Slashdot reader) have better means on managing this stuff. Trying to advertise it here via comment spam is therefore a waste of your time, and mindlessly attacking and picking on individuals (most who appear a lot smarter than yourself) in the threads is very counter-productive. I'd recommend refining your content too; structure your sentences properly, use punctuation properly, tone down the profanity. You would appear much more professional and a lot less crazy.

If you want a bigger audience, calm down, lay off sites like this, then go buy some adwords that might hook the wannabe-PC-tech crowd instead. There's plenty of them out there and they would eat this app up.

Uh, no.

[Shane_Optima]

A single global on-off switch for every domain, with no wildcards and no scripting control, can only duplicate a tiny fraction of what uBlock does. Using hosts as a substitute, you will routinely be left with the choice of completely breaking websites or allowing all manner of stuff that you'd rather not allow. Example1: some sites require domain X to work properly and others don't require domain X but still attempt to connect to it. Example2: forbidding scripts but allowing other content. Example3: cosmetic blocking and first party element blocking.

poor imitation is the sincerest form of flattery

Flattery of whom? Mr. John Hosts, inventor of the hosts file? I'm pretty sure hosts was never intended for this type of security usage. I mean, vanilla hosts doesn't even allow wildcards and thus is often useless as any attacker can just bypass it using a rotating subdomain. (Though you can use dsnmasq instead.) Use it under the hood, sure, but it's clearly not sufficient.

Turn in your nerd card and get out.

Turn in your nerd card and get out.

Re:Turn in your nerd card and get out.

[tepples]

Let me rephrase: Not everybody has a nerd card to begin with.

Mixed content

[tepples]

By using a regular proxy?

And watch the hit rate decline over time as it falls back to the CONNECT verb when more and more sites switch to all HTTPS all the time.

I mean, as long as the public images, scripts, style sheets and other resources are served over HTTP

Serving the HTML over HTTPS and public resources over cleartext HTTP causes browsers to refuse to load the resources at all because of rules against mixed content. Serving the HTML as well over cleartext HTTP results in demotion of your site in Google and (as of recent Firefox versions) scary warnings on your login page's password field. Serving only those resources needed for the login page over HTTPS and the rest of the site over cleartext HTTP, as Slashdot did until a few months ago, results in vulnerability to Firesheep, a tool for copying session cookies of others on your network.

Ublock doing LESS using more != better

See my subject: & Ublock uses hosts (now, imitating my ware) but it's not a resolver & thus no DNS security bug protection either.

* Per my post you replied to? Ublock can't even begin to do all the things hosts does (especially @ DNS level)!

APK

P.S.=> On/Off for sites is ALL you need & despite no wildcards? Hosts STIILL eat only a FRACTION of what UBlock does in RAM, cpu usage + messagepassing overheads operating in SLOWER usermode (slowing browsers there up even more)... apk

Re:Ublock doing LESS using more != better

[Shane_Optima]

imitating my ware

Are we talking about /etc/hosts or is this some extension called "hosts" you've written?

On/Off for sites is ALL you need

Which is just nonsense. Ad blocking doesn't work properly on a lot of sites if you do that.

And as I previously alluded to, I have found that gstatic.com is required for some sites to function but not for others. So do you choose to block gstatic.com entirely and break a bunch of sites or are you going to let random sites hit up Google (thus letting them track you directly) and run lord knows what scripts that are there? That is an abysmal choice that you're forced to make, instead of whitelisting gstatic only on specific sites that you need it for.

The rest is just blithering, telling me that a Vespa is more fuel efficient than a Boeing 767. By all means, flush your list of explicit blacklisted domains from uBlock into /etc/hosts every once in a while. No reason you can't. Doesn't replace most uBlock's abilities, nor its quick to use UI.

DNS & hosts do name resolution

See subject: Firewalls block ip addresses (& hostnames ALLEGEDLY in some firewall you noted w/ filter driver overhead in layered filtering drivers).

APK

P.S.=> If your 'firewall' you noted is doing name resolution, it's NOT a firewall... apk

Only NOW you note it's hardware?

See my subject: That's beat & moving goalpost bs. I spoke SOLELY software firewalls entire time (no denying it) & you never noted it's hardware. Deceitful.

Doesn't matter: Firewalls don't do name resolutions themselves. DNS does. Hosts does. Period!

See your HARDWARE you only NOW mention? STILL RUNS SOFTWARE & THE FIREWALL SOFTWARE ON IT DOES NOT DO NAME RESOLUTIONS - period!

APK

P.S.=> Witholding what you were using is bogus & yes, now it's 'moving goalposts' (still doesn't matter - firewalls do NOT do name resolution THEMSELVES. The software in a firewall is for blocking in/out communique NOT name resolution - you can set it to POINT to DNS for it, but DNS is doing it, not the firewall itself)... apk

Cost of hardware, power & filter driver

Hardware costs "$" & power: The hardware runs Linux. firewall ware on it is = in/out communique NOT resolution (period) &again it has driver overheads TOO above the cost of the unit itself AND power to run it.

* Pretty bogus of you moving goalposts!

HOWEVER:

Again - it doesn't matter - you actually COMPOUNDED your issue I note in more overheads in layered drivers & MADE IT WORSE (yes, that Linux system uses a filtering driver above the IP stack on that hardware too increasing overheads)

APK

P.S.=> See above - You're arguing from ignorance of HOW the software on that dedicated hardware of yours works pal & that it costs MONEY, POWER, & DRIVER OVERHEADS above hosts which like my program is FREE & so is hosts (free especially on Linux which is the ONLY reason it's used on hardwares like smartphones OR routers etc. - keeps per unit cost down but STILL NOT FREE)... apk

Re: Cost of hardware, power & filter driver

[EvilSS]

Unless you suggest I run without a network firewall then this entire post of yours is moot. I have the device anyway. The added functionality adds zero overhead (unless you are trying to argue hosts in a Linux box adds overhead, which means your software has the same problem ). It hey you keep spamming forums like a lunitic for your probably malware infested closed source crap ware.

Fucking lameness filter (2 part reply, sorry)

See subject: Don't put words in my mouth I never said - You know I run hosts + software firewall, no scripting & OpenDNS (filtering DNS proofed vs. kaminsky redirect, 99.999% of ISP dns aren't) - I also run a NAT stateful inspecting hardware firewall too!

Earlier if you recall, almost first reply I gave you in fact which you can verify, SHOWS I say what I use (minus my stating hardware, I kept it pure software as you know) COMPLIMENT one another & I said it again on what I use above.

APK

P.S.=> Next part #2 coming, see subject (WTF!)... apk

Part #2... apk

From https://it.slashdot.org/comments.pl?sid=10172213&cid=53757521/

I use "layered-security"/"defense-in-depth" using hosts/software firewalls/port filtering/OpenDNS (filters vs. threats & is kaminsky redirect proofed, 99.999% of ISP DNS aren't).

CIS Tool for security for *NIX + Windows took fixes from me

&

Security guides I did 11 yrs ago (started in 1997) got me PAID https://www.google.com/?gws_rd=ssl#q=%22HOW+TO+SECURE+Windows+2000%2FXP%22/ The "Lord works in mysterious ways" & SO DOES "yours truly" (lol, the "LORD OF HOSTS" so to speak).

&

I did them for free for end users (networking pros etc. don't need help, end user does)

P.S..=> No matter HOW you slice it? You ARE using more POWER, adding COST of the hardware device!

(Linux or not keeping it cheaper (which is why it's used, it's not 'superior', it cheaper, on phones/routers) + FILTERING DRIVER overheads which ANY firewall on ANY platform uses above the IP stack, including YOUR HARDWARE running Linux)

You say I spoke from IGNORANCE?

You're ignorant of HOW YOUR DEVICE ACTUALLY WORKS in software it runs (hardware = "software solidified" in proms etc.)

It needs software or its just parts that 'light up' & guys like ME, coders, create it (networkers like you only USE what guys like me make)

Insults after I dust you EvilBS? EAT UR WORDS

See subject: Now you PAYfor it publicly EATING YOUR WORDS on a quote from you calling me ware malware etc. libeling me:

"for your probably malware infested closed source crap ware" - by EvilSS ( 557649 ) on Sunday January 29, 2017 @12:54AM (#53757443)

57++ Antivirus SAY IT'S SAFE https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

It's also codebase verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/viewtopic.php?f=5&t=4290/

+ the highly ESTEEMED folks from Malwarebytes HOST & RECOMMEND my ware - can YOU say the same?

* ... & in case you didn't notice? MANY /.'ers like & use my ware:

https://it.slashdot.org/comments.pl?sid=10172213&cid=53753293/
https://it.slashdot.org/comments.pl?sid=10172213&cid=53753333/

Nope... you're just a NETWORKING MENIAL who doesn't understand HOW his hardware works proof's here https://it.slashdot.org/comments.pl?sid=10172213&cid=53757277/

(I.E./E.G. - Running Linux & firewallware there uses a filtering driver there, more overhead + cost of the hardware & power it uses COMPOUNDS the driver overhead even MORE)

That's you 'networking menials' to a tee - "Bolting on 'MoAr' because you can't create wares yourselves like I can, lol!) only problem is?

I've "been there/done that" in what YOU do long before you did I wager (Atlanta Olympics 1996 for BellSouth setting the Olympics up network-wise for them) & to be a DECENT coder? You have to have been a techie, network admin, DBA & yes, security guru, first.

LASTLY, SO MUCH FOR "OPENSORES" CODE per Google's HUGE mistake https://it.slashdot.org/comments.pl?sid=10172213&cid=53753277/

APK

P.S.=> Calling me names only gave away I dusted your ass boy... you let me see you SWEAT & you should after the BEATING you just took for flapping your cocksucker, lol! apk

Re: Insults after I dust you EvilBS? EAT UR WORDS

[EvilSS]

I sold my first software project in 1986 child. Don't even try to come at me claiming experience. You still use Delphi let me guess you learned Pascal in school and never managed to master any other language. Delphi is horrible and it is why Borland failed. I was writing in MASM before you were out of diapers. I went through my Pascal phase but unlike you I've kept my skull relevant over the years. Considering how you spam under AC accounts I'm going to wager most of those /. "Praises" are you creating fake accounts. Fact is your app is a bandaid. It lacks the ability to protect every device on a network that current open firmware can do for free (it's open firmware it adds zero cost to the firewall boy). Like your skills your solution lost relevance over a decade ago.

DUSTING U MORE network menial (doable & how)

Trying a "loaded question" move goalposts like 'hardware firewall' you kept hidden & then moved goalposts as I spoke software only https://it.slashdot.org/comments.pl?sid=10172213&cid=53757277/

U spent money on hardware, power + driver overheads firewall hardware has HOSTS DON'T + are free like my ware you insulted users here like/use (malwarebytes too) & its Linux firewallware DOESN'T DO RESOLUTION itself (no firewall does by itself) - dns it points @ does!

* YES - It's doable & straight from Apple (my nephew runs iOS nightlies, sharp kid outta RIT 4th yr. & already running that):

SSH socket connect to "God Mode" rooted iPhone (not for consumers) - works like DROID Android Debugging Bridge PULL to import hosts & MacOS X/iOS? Definitely have hosts (BSD derived).

APK

P.S.=> iOS = Intentionally LIMITED like I show U R A LIMITED networking menial libeling me & FAILING here https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/

If not AV then what?

MS AV Products work? Some of you are sniffing some seriously flawed MS propaganda.
Case in point. Consumer product retail parts company. Three stations at the front counter running (ugh!) Windows 7 HP. All up to date.
Two got nailed with ransomware. Nasty little creature. Stations booted up and brought up the 'Pay or Else' screen.
Mad dash to replace the two infected stations. Which wasted my time and was created by a situation where MS's AV FAILED.

I took the infected boat anchors and found the offending program. Never did determine exactly where it came from but then I'd already
spent too much time recovering from a situation that should not have been allowed to occur in the first place.
But then the geek factor kicked in and I wanted to see why this didn't get caught.
Rebuilt both with WIn7HP, and made sure all patches, software and MS security programs (sic) were up to date.
Added a bunch of docs and picts to represent a normal set. Imaged them at that point.
Introduced the ransomware and bam, it nailed the system. Not a peep out of the builtin MS crap.
Re-imaged, then tried Avast Free, Sophos Home, and my own copy of Kaspersky separately on three runs.
All three caught it.
Best served on small businesses and home users. Unless of course you're into extra work and effort.
An ounce of prevention for a performance hit is worth the trade off in face of lost productive time.
Then there is the genreal User's machine, most likely a Grandparent's or such that has a ton of pictures and documents and has never been backed up properly.

How exactly do those of you who recommend against using an AV product recover from that? Just tell the User 'tough sh*t'?

_D.

Talk's cheap - prove it & 'child dusted you' l

2x you failed https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/ & https://it.slashdot.org/comments.pl?sid=10172213&cid=53757907 vs. me a 'child' who's done things beyond a 18++ yr. career in the art & science below, not mere 'talk' like you!

A small PARTIAL ONLY list is what I'll post in my NEXT post ( due to whipslash'd lameness filter length ) & we can "compare notes" after, ok talker/failer?

* I'll give you the opportunity to BACKUP YOUR BS BIGMOUTH... fairly (you need help after the 2 links above, lol)

APK

P.S.=> Cut me down w/ "registered 'luser'" FAKENAME for your FAKE LIES OF A LIFE & success in this field but I don't just talk (after busting you up, lol)... apk

EAT UR WORDS AGAIN blowhard (proof)

Small partial only sample of personal favorites (vs. you're hotair, fairly):

Windows NT Magazine April 1997 "BACK OFFICE PERFORMANCE" pg 61

(For SuperSpeed.com PAID CONTRACT (wrote parts of SuperCache 40% performance boost) & SuperDisk finalist @ MS Tech Ed 2x in a row 2000-2002 HARDEST CATEGORY: SQLServer Performance Enhancement)

APK Hosts File Engine 9.0++ SR-5 32/64-bit is hosted & RECOMMENDED by Mr. Steven Burn of Malwarebytes http://hosts-file.net/?s=Downl...

WINDOWS MAGAZINE 1997 "Top Freeware & Shareware of the Year" issue pg 210 #1 entry

PC-WELT FEB 1998 pg 84

WINDOWS MAGAZINE, WINTER 1998 pg 92 MUST HAVE WARES

PC-WELT FEB 1999 - pg 83

CHIP Magazine 7/99 - pg 100

GERMAN PC BOOK Data Becker "PC Aufrusten und Repairen" 2000

HOT SHAREWARE #46 issue pg. 54 (PC ware mag from Spain) 2001

Paid for article @ PCPitstop in 2008 http://pcpitstop.com/news/winn...

UltraDefrag64 Process Priority Control credited by lead dev -> http://ultradefrag.sourceforge... or here http://sourceforge.net/tracker...

APK

P.S.=> You've done MORE & BETTER blowhard? Prove it...

Re:EAT UR WORDS AGAIN blowhard (proof)

[EvilSS]

Again, all a decade or more in the past. You went stale and you know it. As for me, I was too busy getting paid to do work at the enterprise level to be bothered with shilling myself to magazine articles or contests. 27 years and counting in my career. 18 years and already a has-been. That has to sting.

I noticed you are still avoiding my question: How does your "solution" protect an iphone on the local network? Mine protects it, yours cannot. Ditto for game consoles, smart TVs (preventing phone-home data reporting), or new machines just booted.

It is, but I'm not blowhard 'hotair' I use proof

See my subject: You were better than "EvilBS" after I burnt him 2x trying to "browbeat" me now & illogically ad hominem attacking me so he gets this too https://it.slashdot.org/comments.pl?sid=10172213&cid=53760365/

* FAIRLY GIVING HIM THE OPPORTUNITY TO MAKE GOOD ON HIS HOTAIR BLOWHARD MERE 'words/talk'...

APK

P.S.=> I completely FUCKING DUSTED HIS BLOWHARD ASS TWICE & if you see the post parent to the link above? Know WHY he's reacting to POORLY vs. it via these 2 links where I crushed his WEAK ASS, lol on hardware firewalls overheads (cost of unit, firewalls even in hardware have layered filtering driver overheads, & his moving goalposts to hardware (failed as it has software), & power usage HOSTS have nowhere NEAR those overheads on) https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/ & on his other "moving goalposts" LOADED question on IPhone + hosts migration (like ADB on droids, it IS doable & how) https://it.slashdot.org/comments.pl?sid=10172213&cid=53757907/ apk

EAT YOUR WORDS BLOWHARD #1/3

See subject: Now you PAYfor it publicly EATING YOUR WORDS on a quote from you calling me ware malware etc. libeling me:

"for your probably malware infested closed source crap ware" - by EvilSS ( 557649 ) on Sunday January 29, 2017 @12:54AM (#53757443)

57++ Antivirus SAY IT'S SAFE

https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

It's also codebase verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/viewtopic.php?f=5&t=4290/

+ the highly ESTEEMED folks from Malwarebytes HOST & RECOMMEND my ware - can YOU say the same?

* ... & in case you didn't notice? MANY /.'ers like & use my ware:

https://it.slashdot.org/comments.pl?sid=10172213&cid=53753293/
https://it.slashdot.org/comments.pl?sid=10172213&cid=53753333/

Nope... you're just a NETWORKING MENIAL who doesn't understand HOW his hardware works proof's here https://it.slashdot.org/comments.pl?sid=10172213&cid=53757277/

(I.E./E.G. - Running Linux & firewallware there uses a filtering driver there, more overhead + cost of the hardware & power it uses COMPOUNDS the driver overhead even MORE)

That's you 'networking menials' to a tee - "Bolting on 'MoAr' because you can't create wares yourselves like I can, lol!) only problem is?

I've "been there/done that" in what YOU do long before you did I wager (Atlanta Olympics 1996 for BellSouth setting the Olympics up network-wise for them) & to be a DECENT coder? You have to have been a techie, network admin, DBA & yes, security guru, first.

LASTLY, SO MUCH FOR "OPENSORES" CODE per Google's HUGE mistake https://it.slashdot.org/comments.pl?sid=10172213&cid=53753277/ [slashdot.org]

APK

P.S.=> Calling me names only gave away I dusted your ass boy... you let me see you SWEAT & you should after the BEATING you just took for flapping your cocksucker, lol! apk

EAT YOUR WORDS BLOWHARD Evil'BS' #2/3

Trying a "loaded question" move goalposts like 'hardware firewall' you kept hidden & then moved goalposts as I spoke software only https://it.slashdot.org/comments.pl?sid=10172213&cid=53757277/

U spent money on hardware, power + driver overheads firewall hardware has HOSTS DON'T + are free like my ware you insulted users here like/use (malwarebytes too) & its Linux firewallware DOESN'T DO RESOLUTION itself (no firewall does by itself) - dns it points @ does!

* YES - It's doable & straight from Apple (my nephew runs iOS nightlies, sharp kid outta RIT 4th yr. & already running that):

SSH socket connect to "God Mode" rooted iPhone (not for consumers) - works like DROID Android Debugging Bridge PULL to import hosts & MacOS X/iOS? Definitely have hosts (BSD derived).

APK

P.S.=> iOS = Intentionally LIMITED like I show U R A LIMITED networking menial libeling me & FAILING here https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/

EAT YOUR WORDS BLOWHARD Evil'BS' #3/3

Small partial only sample of personal favorites (vs. your alleged 1986 hotair, fairly):

Windows NT Magazine April 1997 "BACK OFFICE PERFORMANCE" pg 61

(For SuperSpeed.com PAID CONTRACT (wrote parts of SuperCache 40% performance boost) & SuperDisk finalist @ MS Tech Ed 2x in a row 2000-2002 HARDEST CATEGORY: SQLServer Performance Enhancement)

APK Hosts File Engine 9.0++ SR-5 32/64-bit is hosted & RECOMMENDED by Mr. Steven Burn of Malwarebytes http://hosts-file.net/?s=Download/

WINDOWS MAGAZINE 1997 "Top Freeware & Shareware of the Year" issue pg 210 #1 entry

PC-WELT FEB 1998 pg 84

WINDOWS MAGAZINE, WINTER 1998 pg 92 MUST HAVE WARES

PC-WELT FEB 1999 - pg 83

CHIP Magazine 7/99 - pg 100

GERMAN PC BOOK Data Becker "PC Aufrusten und Repairen" 2000

HOT SHAREWARE #46 issue pg. 54 (PC ware mag from Spain) 2001

Paid for article @ PCPitstop in 2008 http://pcpitstop.com/news/winners.asp/

UltraDefrag64 Process Priority Control credited by lead dev -> http://ultradefrag.sourceforge.net/handbook/Credits.html/ or here http://sourceforge.net/tracker/?func=detail&aid=2993462&group_id=199532&atid=969873/

APK

P.S.=> You say you did MORE & BETTER blowhard? Prove it!

So did I stupid & yours = 3 decades ago, lol

"I sold my first software project in 1986 child." - by EvilBS ( 557649 ) on Sunday January 29, 2017 @04:20AM (#53758213)

See subject imbecile & PROVE IT: You're ez to outwi w/ your lies & bullshit you can't back quoted above BLOWHARD... lol!

* What's the matter, bigshot? Can't backup your bullshit?? Nope... just a lot of "TALK" from behind a FAKENAME online in yourself.

APK

P.S.=> You're MAKING me have to say this (as I always DO vs. blowhard windbag FAKE NAME for FAKE LIE LIVES like yours):

THIS? This was "too, Too, TOO EASY - just '2ez'" & it always is vs. windbags that can't back up their cocksuckers like you 3x /https://it.slashdot.org/comments.pl?sid=10172213&cid=53760591 + https://it.slashdot.org/comments.pl?sid=10172213&cid=53760653/ & https://it.slashdot.org/comments.pl?sid=10172213&cid=53760683/ no doubt about it, lol... apk

So did I stupid & yours = 3++ decades ago, lol

"sold my 1st software project in 1986 child." - by EvilBS (557649) on Sunday January 29, 2017 @04:20AM

See subject (career in Fortune 100/500 - 40 enterprise class 1 million++ line systems) & PROVE IT!

You're ez to outwit w/ your lies & bs you can't back quoted above BLOWHARD!

"Run, Forrest - RUN!!!"

I did answer https://it.slashdot.org/comments.pl?sid=10172213&cid=53757907/

Clue: I don't have to work (I do consulting though) - my money works for ME, not wageslave STUPID like you!

Newly booted systems = migrated by script by admins anytime & your single point of FAIL isn't "yours" windbag menial.

APK

P.S.=> Lately for me THIS is doing well (malwarebytes hosts & recommends it, /.'ers like & use it - HOW ABOUT YOU blowhard?) APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

Re:So did I stupid & yours = 3 decades ago, lo

[EvilSS]

Answer my question: How does your "solution" protect an iphone on the local network? Mine protects it, yours cannot. Ditto for game consoles, smart TVs (preventing phone-home data reporting), or new machines just booted.

Re:So did I stupid & yours = 3++ decades ago,

[EvilSS]

Answer my question: How does your "solution" protect an iOS devices on the local network? Mine protects it, yours cannot. Ditto for game consoles, smart TVs (preventing phone-home data reporting), or new machines just booted.

Not only do you spend more money... apk

See subject: On BOTH the hardware & power expended but also on overpriced iOS based devices w/ layered driver overheads but you can't read: I did answer how hosts can be migrated to iOS (but it's not for everyone - it's LIMITED, like you are, lol).

* Newly booted devices was answered too - you must be thinking logonscripts are impossible to use (network admins can set those as well as chronjob or windows scheduled automated ones you know on pc endpoints)

APK

P.S.=> By the way, "YOUR" solution? Isn't YOURS @ all - you didn't create it (I did mine)... apk

Re:Not only do you spend more money... apk

[EvilSS]

Lol how would I use login scripts to push out a host file to non-domain joined PCs? Also, you probably mean startup scripts since logon scripts a) run in user context so would not (unless you are an idiot) have the required rights to modify the hosts file and b) do NOT run at boot, they run at logon.

Also you CANNOT modify the host files on iOS without jailbreaking, so your solution is definitely not the easiest. Your solution is a giant fail, admit it.

And I didn't say I created it, ever. It is the solution I use, therefore it's "my solution".

And, again, it adds zero cost to my network since I ALREADY NEED A FIREWALL ANYWAY. The firmware is third party open source and costs nothing to install. The hardware I already need anyway. Only an idiot would run a network without an edge firewall. Relying on the OS firewall is asking for ownage.

WRONG on all counts & eat your words

See my subject & this link: No denying it /https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785b & it's FAR from a complete list (even though it shows 100's of router security + inefficiency issues).

FACT: Routers etc. cost "$" in the equipment itself & also extra power you spend on them (no questions asked) but their BIGGEST FLAW is they are massively flawed + attacked/exploited!

(Depending on them ALONE = dead up STUPID!)

* LMAO - again, that's you "networking menials" (that can't program their OWN solutions because you're limited) to a tee - always "Bolting on 'MoAr'" stupidly when it really doesn't NEED doing!

"APK doesn't seem to know much about securing systems because if he did he would understand the defense in depth philosophy" - by Bob the Super Hamste ( 1152367 ) on Monday January 30, 2017 @08:44AM (#53765191)

WRONG! I don't understand "layered-security"/"defense-in-depth"? I wrote guides on it that even GOT ME PAID https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/

EAT YOUR WORDS boy!

APK

P.S.=> You can use your off-topic illogical ad hominem attacks on me all day, attempting to attack ME - but you can't deny my point in my subject-line... apk

Re:WRONG on all counts & eat your words

[Bob+the+Super+Hamste]

See my subject & this link: No denying it /https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785b [slashdot.org] & it's FAR from a complete list (even though it shows 100's of router security + inefficiency issues).

Your argument is so old and tired I get a /. 404 error, seriously I do. That said anyone who is using the factory provided firmware on a consumer router/firewall is dumb. OpenWRT or DDWRT are much better choices that offer better security and better options. Or if you prefer go and drop pfSense on some "powerful" but inexpensive hardware. As you will have a device like these between your computer and the internet I don't see how an argument about cost is an issue as you have your modem connected to the internet (DSL or Cable) and then either a router or firewall that your other gear sits behind. Depending on what hardware you have and layout your setup behind the router or firewall will vary greatly. * LMAO - again, that's you "networking menials" (that can't program their OWN solutions because you're limited) to a tee

Not a millennial (I assume that it what you meant) by a long shot I do actually program and have through my employer contributed to a number of open source projects. You may have heard of a few of them.

WRONG! I don't understand "layered-security"/"defense-in-depth"? I wrote guides on it that even GOT ME PAID https://www.google.com/search?... [google.com]

Guess what I have contributed to guides on securing systems and am paid by my employer to do so when new versions and updates are sought. The difference is that what I have contributed to are respected and well known.

Also it looks like you are a bit to copy/paste happy as I see you are getting frustrated and double posting (see above and below). You really should look into getting treatment for your ails as something does appear to be wrong.

WRONG on all counts & eat your words

See my subject & this link: No denying it https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785b/ & it's FAR from a complete list (even though it shows 100's of router security + inefficiency issues).

FACT: Routers etc. cost "$" in the equipment itself & also extra power you spend on them (no questions asked) but their BIGGEST FLAW is they are massively flawed + attacked/exploited!

Depending on routers/firewalls ALONE = dead up STUPID!

* LMAO - again, that's you "networking menials" (that can't program their OWN solutions because you're limited) to a tee - always "Bolting on 'MoAr'" stupidly when it really doesn't NEED doing!

"APK doesn't seem to know much about securing systems because if he did he would understand the defense in depth philosophy" - by Bob the Super Hamste ( 1152367 ) on Monday January 30, 2017 @08:44AM (#53765191)

WRONG - been doing it for DECADES! I wrote guides on it that even GOT ME PAID https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/

EAT YOUR WORDS boy!

(If you could READ you'd also see I do use a NAT stateful packet inspecting firewall router here too in my replies to EvilBS)

APK

P.S.=> You can use your off-topic illogical ad hominem attacks on me all day, attempting to attack ME - but you can't deny my point in my subject-line... apk

/.ers disagree w/ you (again, I use proof)

See my subject & https://it.slashdot.org/comments.pl?sid=10172213&cid=53753293/ + https://it.slashdot.org/comments.pl?sid=10172213&cid=53753333/ & as far as GUI apps? They're what people REALLY use (or did you just make your post from Lynx?).

APK

P.S.=> I'm not 'advertising' anything - I merely state facts on how/when/where/why hosts work as both a valid effective security measure as well as valid effective performance speed gaining measure (anonymity to a degree as well as reliability enchancing too) - nobody can validly dispute that so you AC TRUE UNIDENTIFIABLE COWARDS take shots @ me w/ bs & lies since you can't attack my message & then I shoot you down w/ verifiable, undeniable concrete facts from reputable sources (so in the end? Your bs attacking me 1st starting trouble helps me & yes, only 4 types attack me. Advertisers, webmasters, inferior competitors & malware makers/botnet herders)... apk

Letting /.ers speak for me #1/2... apk

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's liked + recommended & hosted by Malwarebytes' hpHosts!

Hosts in fast kernelmode = superior vs. crippled/security issue riddled methods (slow usermode) w/ what you natively have (vs illogically bolting on more doing less using more).

APK

P.S.=> More coming... apk

Letting /.ers speak for me #2/2... apk

I support APK's stand on the hosts file by Trax3001BBS

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid by JazzLad

No complaints from me, I like APK... Reminds me to use a host file. Also, his stuff is free by aaaaaaargh!

APK's monolithic hosts file is looking pretty good by Culture20

APK... Awesome to see he's still spreading the good word by Molochi

ABP is insufficient as a solid hosts file does everything that APK reminds us about by fast turtle

APK isn't wrong by cfalcon

APK, I know people give you a lot of shit regarding hosts, but please don't ever stop by nasredin

You need APK's hosts file by Teun

APK solution STILL relevant by Thud457

you're right about hosts files by drinkypoo

APK

P.S.=> They're in addition to https://it.slashdot.org/comments.pl?sid=10172213&cid=53773635/ many more earlier + 1,000's worldwide - there's no arguing w/ success... apk

Dear "jealous jowie" (lmao)

Hahahahaha you're just "jealous jowie" the off topic "ne'er-do-well" troll and you know it https://it.slashdot.org/comments.pl?sid=10172213&cid=53754339/

APK

P.S.=> I'm laughing @ you, "jealous jowie" - bigtime... apk

"Rinse, lather & repeat" + EAT YOUR WORDS

See my subject & you're wrong - it's ALL there chump https://it.slashdot.org/comments.pl?sid=10172213&cid=53768675/ & where ARE your programs we can see/use that are GUI that others like?

Nowhere I can see!

E.G. - Such as I've posted from our own /. peers in this exchange a few times now

&

That the highly esteemed likes of Malwarebytes' hosts & recommends as they do MY work?

So, where are YOUR examples like that??

They're not...

Heck, I can also show you this too (show us you've done MORE, earlier & BETTER than this too) https://it.slashdot.org/comments.pl?sid=10172213&cid=53760365/ ... & yes, I did that on the side while working in the Fortune 100/500 too ontop of it, simultaneously

You've done MORE, earlier & better YOURSELF? No, I see Open"SORES".

LOL, let me show you about "OpenSORES" plagiarism problems in Google Chrome Efast (look it up)... any FOOL can do software janitor work on OTHERS' work (like you do). It's quite ANOTHER feat to do it yourself as I have (& yes, that link shows open source I helped out in UltraDefrag too).

NO WONDER YOU USE A FAKE NAME ONLINE FOR YOUR FAKE LIFE, lol... I don't "hide" that way like YOU do, cartoon character!

APK

P.S.=> The HIGHLY esteemed CIS Tool I used in my guides for users ALSO took fixes from me (I was correct on them is why, 2x)... apk

Question "OpenSORES" plagiarist

See my subject software janitor (who didn't write those yourself where I have): What's the cost of the router & does it consume more power? Yes.

But, let's see YOU just ANSWER THAT.

APK

P.S.=> In the end, it doesn't matter between my last post & the fact DEPENDING ON ROUTERS ALONE IS A FOOL'S GAME due to security issues galore https://it.slashdot.org/comments.pl?sid=10172213&cid=53774943/ & as far as Malwarebytes + CIS Tool BOTH either featuring AND RECOMMENDING my work (not yours) & accepting fixes from me respectively (both highly esteemed)? YOU ARE FULL OF SHIT & easy to shoot down for your fucking lies whimp... apk

Re:Question "OpenSORES" plagiarist

[Bob+the+Super+Hamste]

See my subject software janitor (who didn't write those yourself where I have): What's the cost of the router & does it consume more power? Yes.

Man you really are a special kind of stupid. People haven't been connecting their computer directly to their cable/DSL modems in ages and in all cases will have a router or firewall device between their machines and the internet. So it doesn't matter there as you would have to purchase one any way and it would also consume power so it is a moot point. Also assuming that one isn't completely as mentally deficient, as you seem to be, even on garbage hardware you can avoid the security issues of vendor provided firmware by getting a device that you can drop OpenWRT or DD-WRT on.

Sorry back in the late 90s I wasn't writing a cheesy host file engine or another defrag utility for toy operating systems but was writing control and driver code to run robotic semiconductor test equipment over a HP-IB interface. Even now at a different job I don't work on toy windows machines so I don't need a kid GUI and the people who use the software I write want it to work without having to fiddle with it and change setting from one machine to another. They expect 99.999% up time, they expect it to work, they expect mathematically provable correctness. But what would I know working 12 years in the ICS world securing these systems and pushing management to get their shit together and working with and talking with auditors and regulators to stay ahead of where things are going and also influence where they should go. If you try to pillory me over the current state of ICS security I will be quick to point out that all of the issues you hear about are caused by management not following thing that I would have recommended and I would assume their security people recommended similar solutions that never got implemented. The Target breach, while not an ICS, is a fascinating one as there were so may places where the attack should have been stopped but wasn't. It is one of my favorites given that widely used existing standard technology would have stopped in in so many places but because of poor decisions the attackers had their way with the system. Unfortunately your dumb little hosts file would have gladly let it through and not stopped anything. Also your dumb little hosts file wouldn't have stopped Stuxnet and also would be unable to stop the attacks I have seen from state actors. At best it stops malvertising on a single device that is open enough to allow you to modify the local hosts file but on anything else it does nothing.

Keep moving goalposts, I shoot you down

From almostALLAdsBlock https://it.slashdot.org/comments.pl?sid=10172213&cid=53748633/ (doesn't work bribed not to & doesn't do as much as hosts + EATS MORE) https://it.slashdot.org/comments.pl?sid=10172213&cid=53748731/

Software firewalls then moving goalposts deceitfully to hardware avoiding my question on std. MacOS X & Linux using hostsnames in their firewalls (lol).

To ROUTERS costing money for unit + more POWER https://it.slashdot.org/comments.pl?sid=10172213&cid=53757907/

Hardware routers use firewallware that has LAYERED FILTERING DRIVER OVERHEAD & CAN'T DO NAME RESOLUTION ITSELF dns does. Hosts do too, faster & safely locally)

&

For what? THIS (FAR from complete list of router security & inefficiency issues) https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

Now non-networked? /.ers use my ware & DISAGREE w/ you by dozens, lol!

APK

P.S.=> I never said you don't need jailbreak Android/iOS - don't put words in my mouth... apk

Re:Keep moving goalposts, I shoot you down

[EvilSS]

I NEVER talked about software firewalls. EVER. You assumed, and it made an ass out of you. The screenshot I showed you was from a HARDWARE firewall, not some useless client software firewall. You are the one lying.

You said that you can load hosts files on iOS: " I did answer how hosts can be migrated to iOS". The ONLY way to do that is to jailbreak. Period.

That list is cute, but it applies to stock firmwares. As I've said about 1000 times now, I don't use stock firmware, I use open firmware.

No one cares about your /. endorsements. NO ONE. The fact is at the enterprise level (and anyone who's smart enough to do it at home) no one uses hostfiles to do anything if they can do it centrally. It's amateurish and anyone who knows what they are doing will laugh you out of the room for suggesting it.

As for your DNS comment, no shit. Guess what most modern, dedicated hardware firewall do? They run DNS so they can control domain resolution. On a larger scale dedicated web filters, which are exponentially more advanced that your pitiful host files, can block not only based on host name but also using deep packet inspection and these certainly do perform hostname lookups and they can do so with no perceptible impact to the user's speed. You, again, show that your knowledge is at least a decade or more out of date. So keep peddling your out of date software, written with an out of date language, buy a guy with out of date skills, to people who don't know how to do things correctly.

/.ers disagree, eat your words #1/2

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's also recommended & hosted by Malwarebytes' hpHosts!

APK

P.S.=>

"Your solution is a giant fail" - EvilSS (557649) on Tuesday January 31, 2017

See above (more coming)... apk

/.ers disagree, eat your words #2/2

I support APK's stand on the hosts file by Trax3001BBS

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid by JazzLad

No complaints from me, I like APK... Reminds me to use a host file. Also, his stuff is free by aaaaaaargh!

APK's monolithic hosts file is looking pretty good by Culture20

APK... Awesome to see he's still spreading the good word by Molochi

ABP is insufficient as a solid hosts file does everything that APK reminds us about by fast turtle

APK isn't wrong by cfalcon

APK, I know people give you a lot of shit regarding hosts, but please don't ever stop by nasredin

You need APK's hosts file by Teun

APK solution STILL relevant by Thud457

you're right about hosts files by drinkypoo

APK

P.S.=> In addition to https://it.slashdot.org/comments.pl?sid=10172213&cid=53775597 earlier

"Your solution is a giant fail" - EvilSS (557649)

See subject & our peers quoted... apk

U made an ass of yourself libeling me, lol

See subject & EAT YOUR libelous WORDS https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/

Hardware routers = SECURITY ISSUES GALORE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

Most folks can't protect overpriced iOS (like a hardware firewall home users dont have RAM enough to store millions of hostnames on too) stuff (dumb again wasting "$" vs. droid).

(Depending on hardware alone = stupid)

Then you moved goalposts from "AlmostALLAdsBlocked" (bribed not to work fully by default) as hosts do FAR more for FAR less natively in faster kernelmode (vs. slower usermode).

So what you have to jailbreak? I never said you didn't have to moron!

* You care about my being endorsed by BOTH our /. peers & Malwarebytes (things you will NEVER ever manage yourself)... lol!

APK

P.S.=> U ARGUE FROM IGNORANCE on how a 'firewall' hardware works - clue: Firewallware DOESN'T DO NAME RESOLUTION (neither do addons) - dns & HOSTS, do... apk

Re:U made an ass of yourself libeling me, lol

[EvilSS]

Hardware routers with those stock firmware have issues, that does not mean all hardware routers have issues. That's basic logic, something a programmer should understand. I AM NOT USING ANY FIRMWARE ON THOSE LISTS. And the firmware I am using is open sourced and fully vetted.

Most folks CAN protect iOS, by buying a firewall (that they already need), installing the proper open firmware, and configuring it (literally a checkbox). Done. And yes, apparently they can store those hostnames. Also, if it requires that much RAM, what does that say for your solution, putting them in PC RAM on EVERY PC? You said yourself it caches them to RAM

If you think depending on hardware over software is stupid you are an amature. Dedicated hardware trumps software every time. Maybe I was wrong, maybe your skills are even farther out of date than I though.

You are the one that moved the goalposts to using host files, not me. I said use ad block (not ABP btw, you don't even know the difference). Then you threw in hostfiles, and I put out blocking at the firewall. You moved the goalposts first.

You said you could protect iOS with a host file. I quoted your very words. To do that requires a jailbreak. There is no way to modify the host files otherwise, not even with the enterprise management tools.

I do not care, actually. A few random users and the "it doesn't look like malware" from a guy at Malware bytes is not very meaningful.

As for firewalls not being able to block host names, I guess you should call up Forcepoint, Palo Alto, Fortinet, Check Point, Juniper, Cisco, Dell, and the others and let them know that their firewalls really can't block hostnames. And go talk to all the open source firmware devs that also added the feature, or support it via scripts, that they, too, are not really doing exactly what they say they are.

Yes you did talk software fool, how?

See my subject: In your ARGUING from IGNORANCE how your Linux router really works - Hardware firewallware = filtering layered driver overhead & use software to work. Firewallware also != DNS name resolution (hosts & dns do that). Rest of what I wrote totals you, with ease https://it.slashdot.org/comments.pl?sid=10172213&cid=53776309/

* You FAIL "Bolting on 'MoAr'" in hardware that costs "$" to buy + power to run it & all the above & using "AlmostALLAdsBlocked" too!

APK

P.S.=> You said there's NOTHING you can't do hosts can? BS! No firewallware does dns resolution itself but hosts do MORE vs. what they do for less (from 1 SINGLE PART natively in fast kernelmode)... apk

Re:Yes you did talk software fool, how?

[EvilSS]

Name one thing a host file can do that I can't do blocking the EXACT SAME list of FQDNs at the firewall cannot. NAME ONE.

You take BIG chances (adblock especially)

See my subject: AlmostALLAdsBlocked NOT blocking all ads by default & w/ router security issues - no questions asked.

You forget - I do use a NAT stateful packet inspecting firewall (can't protect MILLIONS of entries for blocking hosts do on hostnames (most used by malware makers)).

* I can post Aryeh Goretsky of ESET/NOD32, Steve Gibson, Oliver Day of SYMANTEC, O'Reilly, Brock Wilders (security pro) & others ontop of Mr. Burn from Malwarebytes stating hosts = good layered security too?

APK

P.S.=> ME "moving goalposts"? I point out what hosts do software/hardware firewalls can't do (std. 'oem' MacOS X + Linux software ones block IP like Windows right? You never answered - still layered driver overheads too)

Hardware ones use software (firewall != resolver minus DNS + do have filtering layered drivers overhead, hosts don't)

&

Most certainly what AlmostALLAdsBlocked can't vs. hosts (using more too by far)... apk

Re:You take BIG chances (adblock especially)

[EvilSS]

I'm still waiting for something that a host file can do that a firewall cannot. Fact is, there isn't anything and you can not answer. You keep going on and on about how a firewall can't handle millions of entries, yet they can. They do. I'm not sure how much RAM you think firewalls have these days, but it's probably more than is in most PCs. Hell even my home router can handle them. Don't believe me? Take a look: https://imgur.com/a/EFVRn Those lists look familiar? They should, I took them from your own INI file. All those loaded, and still over 87% RAM free. Must be magic. Or, you know, the people the wrote the firmware has some idea of what they were doing. And just like with your host files, if any client on my network does a lookup for any of the domains on those lists, they will get back 0.0.0.0. All while making no changes to the client devices. I don't need to worry about pushing out host files, don't need to worry about allowing an executable to run with elevation, don't need to worry about malware tampering with the hostfile entries. Every single device behind that firewall is protected, including those where the host file can't be accessed such as smart phones, tablets, gaming consoles, TV's, and IP cameras. And no, there are no backdoors in the firmware. It's not the stock crap from the manufacturer. It's also fully open source so I can (and have) verify this for myself.

And that's just what is possible with a home device. Enterprise level I can block no only hostnames, but specific URLs, use deep packet inspection to stop malware that is being served by hosts not on your list (you know it's easy to REGISTER a domain name as well, right?), rewrite web traffic to remove potential scripting threats and report them for review by the admins, and even use machine learning to detect aberrant traffic patterns and stop them, providing protection from unknown exploits. Like to see a host file do any of that.

But lets go back and look at plugins. You know all that memory you complained about them using? Your solution, by your own admission, does the same thing. Only you hide it by offloading it to the OS, which has to cache your giant hosts files in RAM. So while your app may not use as much, you are being deceitful by not counting the RAM used by the OS to cache the host files. Also your solution can't block page elements. A browser plugin can block ads sourced by the same CDN as the site they are on, your host files cannot without also breaking the website itself. They can not only block ads from outside CDNs, they can remove the formatting around them, cleaning up the presented webpage in addition to blocking the ads. Hrm. Seems I found something else host scan't do huh?

Eat ur words again: I use one (see my guide)

See subject: Shouldn't shoot your cocksucker off - It's above to EvilSS & in my security guide on using NAT stateful packet inspecting firewall here (with many other things including hosts).

* I just do NOT depend on them alone (which again, YOU STUPIDLY SHOT OFF YOUR COCKSUCKER ON & HAD TO EAT YOUR WORDS on too, lol https://it.slashdot.org/comments.pl?sid=10172213&cid=53768675/)

APK

P.S.=> What I did in the 90's I demonstrated & it's MORE THAN YOU CAN by far, proveably OR easily so - so try "cut me down" all you like? It's facts YOU especially can't prove OR prove you did more of... apk

Re:Eat ur words again: I use one (see my guide)

[Bob+the+Super+Hamste]

So it is a moot point on the cost and power consumption of the device on the edge of your network. So now why don't you go back to reliving your glory days of the 90s in you mind and realize that what you are peddling isn't worth the cost of electricity to transmit the bits. Writing a tool to either audit or implement a CIS benchmark isn't hard (I've written several myself they take about a day if I am slacking off), a script that consolidates various hosts files from several sources into one isn't hard (I wrote one for my firewall in a couple of hours that does more than just produce a hosts file), writing a defrag utility isn't that hard even if it is a tedious task. Now go away because none of your accomplishments impress me or anyone else as you brag about doing things that are little more than a college assignment. Add in your incoherent rants and and what I assume you believe to be witty, but it actually puerile, commentary and it was fun but I am board now as I have had better conversations with my parrots.

I use these 50 already, lol

See subject: Hardcoded favorite 50 hostnames @ TOP of hosts BLOCKING DNS redirect flaws! They're where I spend most time online (every does this, even w/ TV channels).

(Fastest load & parse to ram from file & faster Open/Read/Close cycle too programmatically)

They BLOCK kaminsky flaw redirect security issues DNS have which also speed you up resolving from local ram in kernelmode (in my case no usermode @ all using the diskcaching subsystem to cache hosts):

* :)

APK

P.S.=> Not just 1, but 50 - Enough for you? BLOCKING threats @ DNS level blocking redirect poisoning (Each is verified by my program daily) & also speeding you up as noted above (lightening DNS load too - bonus)... apk

I did already (50 of 'em, lol)... apk

See subject: Hardcoded favorite 50 hostnames @ TOP of hosts BLOCKING DNS redirect flaws! They're where I spend most time online (every does this, even w/ TV channels).

(Fastest load & parse to ram from file & faster Open/Read/Close cycle too programmatically)

They BLOCK kaminsky flaw redirect security issues DNS have which also speed you up resolving from local ram in kernelmode (in my case no usermode @ all using the diskcaching subsystem to cache hosts):

* :)

See here https://it.slashdot.org/comments.pl?sid=10172213&cid=53777631/ you'll NEVER get the best of me w/ inefficient "Bolt on 'MoAr' in AlmostALLAdsBlocked (doesn't work by default) or routers for overhead galore in power, cost of router, & layered driver inefficiency hosts doesn't have.

APK

P.S.=> Not just 1, but 50 - Enough for you? BLOCKING threats @ DNS level blocking redirect poisoning (Each is verified by my program daily) & also speeding you up as noted above (lightening DNS load too - bonus)... apk

Ugh! 3rd time now I did "eager beaver"

See subject on what std. MacOS X, Linux & Windows firewallware OR your tomatoware doesn't do https://it.slashdot.org/comments.pl?sid=10172213&cid=53777839/ in bypassing DNS via hardcoded favs sites resolution! It blocks Kaminsky DNS redirect flaw poisonings & locally resolve in kernelmode FAR faster using hosts natively

But FASTER by far vs. remote dns & also local DNS on a LAN/WAN - no network traversal & NO filtering driver overhead layer + no power cost routers have OR security issues (or cost of physical router too).

My home router can't block 4 million entries my hosts has & your ROUTER eats RAM too from MY program data? Imitation = sincerest form of flattery.

APK

P.S.=> You run risks like MAD in routers security flaws & do incur power + unit cost of router & filtering driver overheads too. Your plugins eat more & don't WORK (almostalladsblocked by default LETS ADS IN fool!) - I posted reputable data on it you can't deny... apk

Flattery & thievery? (Made me LAUGH @ u)

"your probably malware infested closed source crap ware" - EvilSS

Funny YOU used my ware IF its malware as you said (blew you away on that here) https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/ :

"I took them from your own INI file" - EvilSS

Typical "OpenSORES" thievery stealing my data/using my ware & your set's smaller by far! That's only current data (~5-17mb iirc)!

"NOTHING APK can do my firewall doesn't" EvilSS

WRONG: Hosts do DNS resolves speeding you up via hardcoded favorites (firewallware CAN'T DO IT) which protect you vs. kaminsky redirect poisoning & ALSO DNSChangers (in routers + OS IP stack)!

I bypass cdn & go DIRECT to site via hardcodes! Hosts block any adserver source (except site itself).

APK

P.S.=> Minus filtering driver overhead firewallware & no extra costs (hardware/increased power cost).... apk

Re:Flattery & thievery? (Made me LAUGH @ u)

[EvilSS]

I didn't use your software, I extracted the archive and looked at the INI file. I'm not installing something I can't trust on my machine. You don't even bother with basic security like distributing hashes on the download site so I can know that someone else didn't tamper with it. No thought to security.

You keep talking about speed, so prove it. Show numbers for hosts vs local DNS (not internet based DNS). Put up or shut up.

Also you are the one stealing data, unless you claim to be the one who owns those lists? Not that lists of facts can be copyrighted anyway, but by your own definition you are the thief for stealing their block lists for your product. I'm just showing that my firewall can handle the same lists your software uses.

Also that bit about bypassing CDNs and going direct to site via hardcodes is bullshit. If the site assets are served off of the same CDN as their ads, there is nothing you can do. THEY ARE THE SAME SERVERS. Do you even know how the internet works?

LMAO - huge IGNORANT fuckup, again... apk

"All those loaded, and still over 87% RAM free" by EvilSS

See subject: I have 4,139,400++ blocked entries of known bad sites - You HAVE maybe (as it varies daily on new data intake) 670,000 tops.

~7 times less.

Only ~16% of what I have here (built up since 1997).

You've eaten up 23% already thief (flattering you use my stuff though, lol).

Guess what?

That # grows daily too (removals = far smaller on stale ones)

* YOU CAN'T DO AS MANY IN YOUR ROUTER AS I CAN IN HOSTS W/OUT EXHAUSTING YOUR RAM!

What has enough maybe?

CISCO grade enterprise class routers (maybe). Check the cost of those, new (since you brought up 'new routers') you LOSE! Again.

APK

P.S.=> & your firewall can't do 50 hardcodes (can be as large as you want/morr) for speed resolving locally faster vs. DNS, especially remote dns & even LAN dns (no network traversal) & security blocking DNSchangers in both routers + OS IP stack settings + DNS redirect poisons of DNS server)... apk

Re:LMAO - huge IGNORANT fuckup, again... apk

[EvilSS]

You assume (you should really stop doing that) that 23% is from the lists. RAM actually didn't increase at all by adding those additional lists. ZERO. You fail. Again. Also you keep bringing up DNS redirect poisons, but those don't apply to either of our situations, since my router isn't vulnerable and the lookups go against the local block list FIRST, before checking external DNS. But I wouldn't expect someone with your obvious lack of knowledge to realize that, so consider that lesson free. See, you learned something today!

LOL: WRONG w/ proof... apk

You really are a TOTAL bungler like "EvilBS" & here is why https://it.slashdot.org/comments.pl?sid=10172213&cid=53779741/

Fool... you do eat more power, can't block DNSChangers/redirectors (routers & OS IP stack side), can't do hardcoded favorites speed + security, & CO$T MORE (period) + a typical router can store as much as hosts do vs. threats to block them shown above (you LOSE, fool) minus spending on a COSTLY router with enough RAM to do so.

* Unlike your bs words you had to eat (me not using layered security stupid when I do)? I use a router but I do NOT depend on them solely (or AlmostALLAdsBlocked bs).

APK

P.S.=> You really made me laugh - lots of "talk" on "what you've done" with NO PROOF (like your bullshitter kind always is) where I provide a FRACTION of what I could that did great in the past AND currently (you've got zero, except hot fucking air blowhard with a FAKE NAME for your FAKE LIE of a life OpenSORES plagiarist janitor)... apk

5 areas hosts have it over your firewall

The data grows & I assumed it (13% data, 10% OS): 100%-87% free = 13% left (do the math) BUT the data grows 5-10k records a DAY the past 2-3 yrs. now (I know, I gather it) you'd run dry soon!

(Try run an OS with only that much free & less all the time, see what happens, lol...)

* Coming back HOW many DAYS later, if not into a week++ thinking I wouldn't see this, for the "last word"?

APK

P.S.=> DNS protections DO matter here: You said I couldn't find even 1 thing hosts can do your hardware firewall can't & I FOUND SEVERAL in abilities & downsides in cost inefficiencies too!

1.) DNS stuff hosts does BY ITSELF (speed & security vs. DNS security issues (tons))
2.) No filtering driver laden more moving parts firewalls have hosts don't!
3.) The FACT you eat more POWER (higher bills too)
4.) You have cost of router hardware too
5.) No firewallware does dns stuff itself (your hardware firewall DOES use firewall software, no questions asked))... apk

My ware's proven clean & adblock doesn't work

See subject: What you use in adblock doesn't do the 1 job it had & lets ads in + my ware's = safe https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/ & you had to EAT YOUR WORDS after you libeled me that way!

* There's also 5 points in favor of hosts I pointed out in my other reply that put you away too (after you said "there's nothing I can't do w/ my router hosts can" = PURE BS proven here too https://it.slashdot.org/comments.pl?sid=10172213&cid=53799705/ )

Well, I do KNOW that I get /.'s images RIGHT off /.'s server so so much for your bs on CDNs. I bypass them where I need to easily via hosts hardcodes.

APK

P.S.=> You had the NERVE to call me "no knowledge"? LMAO - the day you can show us YOU can create a BETTER program yourself (& not steal MY data sources too as you did, lol)? Then talk but you really SHOULDN'T TALK with your MOUTH FULL as you EAT YOUR WORDS as shown in that 1st link above & change your diet (it's NOT good nutrition, lol)... apk

EAT UR WORDS again EvilBS on code security

"You don't even bother with basic security" by EvilSS

See my subject: You need to see about how FAR I went over basic security in my code (it's virus proof) https://slashdot.org/comments.pl?sid=10168471&cid=53779911/, literally!

I.E.-> There's NO WAY it will run if a virus attaches to its tail trying to alter jump tables! It won't run if it detects change by 1 byte even!

Even raymorris (he's a coder w/ a Linux patch, not that I think it's big shit but he does have proof unlike you) was impressed by it (& he gives me shit all the time admitting he trolls me).

(& yes, my code's PROVEN SAFE by tons of sources (some of whom I even proved OUTRIGHT wrong in 10 of them) https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/ w/ 1 of the BEST in malwarebytes folks both HOSTING & RECOMMENDING IT - you can show you have done that? NO!)

APK

P.S.=> You're ARGUING from ignorance again, lol & again you have to EAT YOUR WORDS... apk

Re:EAT UR WORDS again EvilBS on code security

[EvilSS]

Virus proof huh? You should put out a challenge for that. I'd LOVE to see those results.

You ARGUE from IGNORANCE, again, lol

"router lookups go against the local block list FIRST before checking external DNS" - by EvilBS

Hosts don't JUST do blocking of say malware + botnet C&C, they also do hardcodes where you spend MOST TIME ONLINE are faster than remote OR even local DNS (no network traversal - local RAM speed) & resolved hosts hardcodes avoid DNS redirect security issues & DNSChangers in routers + OS IP stack settings too FOR SECURITY (also lightening DNS loads as a bonus)

READ: I avoid DNS ~96% of the time (Secured vs. redirect poisoning OpenDNS filtering does rest) & its SECURITY ISSUES for my fav hardcoded sites in hosts where I spend literally 95++% of my time online!

APK

P.S.=> Your firewall CAN'T DO DNS resolves itself in its software & has layered filter driver overhead hosts don't need + cost of router & power bills raised & hosts don't NEED DNS for resolution either... apk

Proof ur firewall's SLOWER 2 ways

"router lookups go against the local block list 1st before checking external DNS" EvilBS

I place favs (resolved from local RAM, no network traversal lag) @ TOP of hosts cached in RAM! Immediate fast as possible!

(& pure kernelmode diskcache-> IPStack w/out broken w/ large hosts slow usermode dnscache service, saving CPU/RAM & other I/O wasted on it)

U don't do hardcode resolution (secures u vs. DNS security issues (redirects & DNSChangers)) - Ur hardware firewall via layered filter driver hosts don't lag in can't DO it & u LOOK THRU THE ENTIRE BLOCKLIST 1st LAGGING U on resolution!

APK

P.S.=>

"You keep talking about speed, so prove it" EvilSS

Speed diff's above. I do remote DNS lookup sub 4% of time (per router & software firewall logs)! Other ~96% is @ hardcoded favs (also lighten DNS loads) - rest (sub 4%) = OpenDNS (patched vs. redirect & filters threats)

Re:Proof ur firewall's SLOWER 2 ways

[EvilSS]

I said post numbers to prove your assertion. So, post some numbers boy! Or shut it. If you can't PROVE you are faster then you are just talking shit.

Don't need 'em EvilBS: Common-sense proves it

Local system RAM resolution in pure kernelmode IS faster vs. 1st going thru a HUGE blocklist then a remote network traversal after stupidly!

* Then, less "moving parts" links in the chain of operations involved does the rest (less complexity IS faster/less steps & shorter faster ones on MY end... by far!).

APK

P.S.=> An idiot would realize that - you're worse apparently! apk

Re:Don't need 'em EvilBS: Common-sense proves it

[EvilSS]

I don't doubt it's faster, what I do doubt is that the delta is enough that it would make any sort of difference. So what is the delta?

Never said it's unbreakable (I said opposite)

Just that it makes my code what Sgt. TechCom DN38416 said "Microprocessor controlled: Fully armored, VERY tough" & it is - especially when compressed too (like ASRL, it makes it MUCH tougher on cracker/hackers/disassembler + viruses to infect & alter).

Now backup YOUR utter bs quoted below (cuz it IS that minus backing bloward):

"I sold my first software project in 1986 child" by EvilBS

Well, what was it & WHERE is it? By comparison I can show FAR more & actually back it up easily blowhard https://it.slashdot.org/comments.pl?sid=10172213&cid=53760365/

APK

P.S.=> You FAIL simple challenges I put to you FAKE NAME online for your FAKE life, lol... apk

Re:Never said it's unbreakable (I said opposite)

[EvilSS]

I sold my first piece of software to a financial services company. It was a program designed to parse and reformat text files for printing. It was a custom program based on an earlier freeware program I wrote to do custom printout of text files (allowing multiple copies, inserting custom control codes at the end of each copy, page sorting options, etc). That was simply called Copier. It was distributed around BBSs at the time. Maintained it up into 1993 IIRC.

All of my work since then is purely commercial and targeted at industry verticals, as well as providing security consulting services to find and fix issues in in-house applications. If you are asking for stuff you may have heard of, I doubt it. I don't write consumer software. I don't think I've written anything in the past 15 years that has sold for less than $25K.

As for your app, please feel free to put out public challenge for how "Virus Proof" your software is. I dare you.

Thanks for YOUR admission of defeat

"NOTHING APK can do my firewall doesn't" EvilBS

See my subject & vs. facts you can't dare deny of hosts superiority https://it.slashdot.org/comments.pl?sid=10172213&cid=53803453/ vs. your router firewall (which has numerous other inferiorities I point out here https://it.slashdot.org/comments.pl?sid=10172213&cid=53799705/ )

"for your probably malware infested closed source crap ware" - by EvilBS ( 557649 ) on Sunday January 29, 2017 @12:54AM (#53757443)

vs. https://it.slashdot.org/comments.pl?sid=10172213&cid=53757739/ EAT YOUR WORDS libelous blowhard!

"sold my 1st software project in 1986 child." - by EvilBS (557649) on Sunday January 29, 2017 @04:20AM

vs. https://it.slashdot.org/comments.pl?sid=10172213&cid=53820509/ where is it? It's not.

"Also that bit about bypassing CDNs and going direct to site via hardcodes is bullshit. If the site assets are served off of the same CDN as their ads there is nothing you can do. THEY ARE THE SAME SERVERS. Do you even know how the internet works?" by EvilSS

WRONG: I get images DIRECT from /. servers vs. tracking CDN bs!

APK

P.S.=> Change ur diet - u're dying of malnutrition (eatin ur words)

Re:Thanks for YOUR admission of defeat

[EvilSS]

I don't doubt it's faster, what I do doubt is that the delta is enough that it would make any sort of difference. So what is the lookup time delta?

You can't figure out where you're slower?

See my subject: 1st internal LAN/WAN hop to a rotuer on network (central point of fail to take down hosts aren't).

Then thru a blocklist (slows you) for resolutions (firewallware you DO use w/ layered driver overheads can't, hosts/DNS do (& in hardware that raises cost buying the unit + higher power bills).

THEN SLOWUP MORE going for resolution to a remote server + awaiting roundtrip resolution!

(All overheads hosts do NOT have operating in faster kernelmode single part of IP stack from LOCAL SYSTEM RAM w/ favorites @ TOP of hosts for FASTEST possible resolution that proofs you vs. DNS issues like Kaminsky flaw redirect poisonings (99.999% of ISP != patched vs. it) & DNSChangers in router settings (router are LOADED w/ security flaws I only posted a FRACTION of by the 100's) or OS IP stack settings)

APK

P.S.=> It's slower no MATTER what & it varies (network congestion, DNS load (that hosts lighten too no less))... apk

Re:You can't figure out where you're slower?

[EvilSS]

So what is the lookup time delta in ms?

Prove it - I want proof not mere words

See my subject (you demand of me, I gave it): Prove you wrote what you allegedly state! Anyone can talk (it's all you do).

APK

P.S.=> My work's (what anyone can see UNLIKE YOU, lol) as virus proof as it gets (it won't run if it changes detecting it even by 1 byte, telling you to reinstall it from a fresh copy (finding that in 320 total routines & stalling it (altering jne asm instructions) would take a TAILORED specific to my program virus to do (or a dedicated hacker/cracker/disassembler) + a LONG time in doing it & NO virus is byte in size attaching to an executable @ tail end for altering jump tables)... apk

Re:Prove it - I want proof not mere words

[EvilSS]

No, you haven't posted any proof. Proof = numbers. You say it's faster, I say it's doesn't make enough difference to matter. If you don't even know how much faster it is, then it's obvious you haven't really put much effort into it.

It's always SLOWER vs. hosts & varies

See my subject: Can't you READ? I already stated it, specifically WHY you are slower (& inferior) here https://it.slashdot.org/comments.pl?sid=10172213&cid=53828857/ & you don't deny it!

* You FAIL...

APK

P.S.=> Just like you FAIL here too, blowhard-> https://it.slashdot.org/comments.pl?sid=10172213&cid=53834743/ anyone can TALK, talker (very few of us are DEMONSTRATABLE successful doers like myself https://it.slashdot.org/comments.pl?sid=10172213&cid=53760365/ & that's only a small partial only FRACTION of what I can put out in full summation... apk

You're the BEST proof (you agree w/ me)

See my subject: You yourself don't deny hosts are faster than your router firewall @ resolution here https://it.slashdot.org/comments.pl?sid=10172213&cid=53828395/

* That's all the proof I need in my "changing hearts & minds" via your agreement on it!

The logic of it is simple common-sense:

Less complexity & less steps (fewer & FASTER on my end using hosts for domainname resolution from LOCAL SYSTEM RAM via hardcoded favorites which also protects vs. DNS down, DNS redirect poisoning & DNSChanger malware too) shown here https://it.slashdot.org/comments.pl?sid=10172213&cid=53828857/

Every bit of speed gain helps.

APK

P.S.=> Prove you wrote what you say you allegedly did - I did SOME of what I did easily... apk