Ok, and what if you see perl, mail, telnet, ssh, netcat, ftp, wget, etc in your list? A wanna-be cluey user will google and see they're not malware, but all of these things can be used by malware to do nasty stuff. Disabling any of those from hitting the network will likely affect other tools that do use them legitimately. If the malware isn't directly opening network ports itself, this approach is useless, and in many cases the malware would be better served to use existing tools such as these anyway.
In my workplace, I put intranet in the address bar and hit enter, and although it doesn't find a DNS match on intranet, it knows to look for intranet.[my domain] or whatever (these default search domains are pushed out via DHCP or automatically assumed based on own domain name). Same applies to mail, ftp, proxy, etc, etc.
It's sort of a way to do private addressing for hostnames - if I see an unqualified name, it's always assumed to be in the same domain that I'm in or something fairly local. This can be a very handy shortcut, and is very widely used in private networks. I think it makes a lot of sense, but obviously this wouldn't work if intranet was a valid FQDN in its own right.
I agree you with you for the most part here, and I also could not in good conscience work for someone like the RIAA, however there's a few critical parts to this equation you seem to be overlooking.
A fair percentage of those people have probably worked there since before the RIAA even started all this shit. Would you suggest they should put themsevles (and their families) through everything involved with finding alternate employment / being unemployed (like they have to now anyway, but still..)?
I'm not sure about the U.S., but here in Australia the majority of the population have no idea about the horrible injustice being sought by the RIAA and their ilk - it's just not newsworthy enough outside of places like/.. A lot of people who were seeking employment and landed a job there may have had no clue about the less savory things being done there.
From the inside, I'm sure the RIAA would be feeding its employee's their own breed of propaganda to 'boost morale' and convince them that they're not evil. Most people would take the easy/conforming way and take that at face value.
...just because we here on./ all think the RIAA a corrupt, deceptive, evil corporation, doesn't mean that everyone else sees them that way.
Now Big Oil, Big Tobacco, and certain other industries that have been know for decades of doing 'really, really bad stuff' - those are the ones that should have a hard time trying to fill vacancies, but even then - wave the right amount of $$$ around and most people will happily put aside their morale dilemas and come up with some way to justify it to themselves.
A custom encryption solution? Ok, but what about those of us who aren't Bruce Schneier?
I don't have any affiliation with the software/devs other than being a long-time user and occasional bug-reporter, but KeePass:
A) Is GPL. Haven't been through the source myself, but I find it highly unlikely that a 'government back door' would go unnoticed.
B) huh..?? Don't really follow what you're getting at here.
C) Have KeePass generate a key-file for you, which you then need to use along with the password for two-factor auth. (obviously don't keep the key file with the password DB!). Layer on more levels of encrytion by putting the password store inside a TrueCrypt volume (hidden volume if you want to go with deniability as well), etc, etc.
On top of that, KeePass has some pretty nifty features like auto-type w/ obfuscation that (claims to) break all known keyloggers and clipboard spies, in-memory encryption so your passwords will never show up un-encryted in a page file, and configurable key-transformations to slow dictionay attacks to name a few. I personally trust it more than I trust an encrypted network connection and use it for everything these days. Seriously, check out their security page.
Unfortunately it's for Windows only, although there is a cross-platform port called KeePassX (haven't tried it yet myself).
Some Australian ISP's used to let users elect to have either the painful throttling you describe, or to be charged extra for excess usage. These days most (all?) just do the throttling - most likely to try to get users to upgrade to more expensive plans. I'm currently on 64k thanks to exceeding my allowance for the month, and 'painful' barely describes it. I'd happily pay $10 extra for another few more GB this month, but certainly don't want to lock myself into a higher plan, as most months I won't be using as much.
Also - if you've got 10 machines running the same OS, wouldn't it be worth setting up an internal mirror / patch distribution server so you only need to pull the data down your internet pipe once?
The oldest known physical condom was found in 1640, made of animal intestine. I'd hardly call that high-tech.
I hate to be pedantic, but come on - is it so much to ask just to look at the title of the posting?.... I agree that this invention would not find a place on the list, but more due to the fact that it's not mechanical (considering TFA is by 'Popular Mechanics').
Sumatra PDF viewer is even smaller & lighter than Foxit. It's an absolute barebones PDF viewer... Plus it's GPL licensed. I tried it for a while, but I've since gone back to Foxit, as I need a few of the 'extra' features (like 'find text')
That's exactly what i was thinking...... Why should you pay more $$ to run the s/w on an old quad-pIII 450, compared to a dual-p4 (single core)3200. That just doesn't make sense to me.
If they want to charge based on how much you can squeeze out of the s/w, then by no means is the no. of CPU's or the no. of cores the best measure. The only fair way to do this would be to benchmark each system before deciding what to charge for the s/w.
All of this, to me, seems completely ridiculus. Even if they did use a fair and accurate way to measure how much you can get out of the s/w on a given system, it would effectively be encouraging companies to use older/slower hardware.
Why not encourage those who use your software to get as much out of it as possible? The only time i believe that something like this would be justified would be in cluster-type environments, eg. pricing should be per node, regardless of what each node has "under the hood".
seriously, put the flamethrower down, chill. Next time, read the question before blasting away in a mad frenzy. The poor guy was just asking an inoccent QUESTION, not making an ill-informed statement as you seem to think. Go back, read it again..... think for 5/8th of a second...... don't ever do it again.
yeah, but the difference is that the 20 killed by said car bomb, or the poor headless american, are far separated from the average viewers world (physically & mentally), but the IE BHO exploit is much more likely to directly affect that viewers life in a more immediate and measurable way. More likely they will take note and patch/update virus scanner/whatever to elimate or at least reduce the vunerability. eventually it will be standard for every home/office user to keep an eye on these issues, and check their security as often as they check their email, especialy those who have had bad experiences due to these issues..................well maybe not, but we can hope at least.
sorry, just realised that i didn't answer your question at all. well, i have no idea about definitivesolutions.com, never heard of them before, but i do use and trust hijackthis.
HijackThis!
- lets you see & delete all BHO's, browser hijacks, host file entries, etc. Some caution is required tho, as it does NOT differentiate between the good & the bad, it's up to you to decide what to kill & what to keep. (Lamers can submit the list it generates to some forum to be told what is good or bad, but i've never used this service myself.) This prog is quick & clean, but again, can be dangerous if used carelessly.
I know that UltraVNC (Win32) can do single windows, This can be extremly handy over slow WAN links.
I would imagine that one of the many flavours of VNC available for *nix can do this too.
fake email not even needed with...
Mailinator -
make up an address @mailinator.com. An account gets dynamically generated when mail arrives, then deleted a few hours later. works a treat, only problem is a lot of websites are now blacklisting it.
economists and industry analysts believe that the losses in productivity, lost revenue from disabled systems, and the human cost to patch systems and restore those that became nonfunctional are substantial--somewhere between
$320 million and $500 million or more.
Slashdot Mirror
I think someone's just seen Avatar for the first time....
Ok, and what if you see perl, mail, telnet, ssh, netcat, ftp, wget, etc in your list? A wanna-be cluey user will google and see they're not malware, but all of these things can be used by malware to do nasty stuff. Disabling any of those from hitting the network will likely affect other tools that do use them legitimately. If the malware isn't directly opening network ports itself, this approach is useless, and in many cases the malware would be better served to use existing tools such as these anyway.
One reason: DNS suffix search.
In my workplace, I put intranet in the address bar and hit enter, and although it doesn't find a DNS match on intranet, it knows to look for intranet.[my domain] or whatever (these default search domains are pushed out via DHCP or automatically assumed based on own domain name). Same applies to mail, ftp, proxy, etc, etc.
It's sort of a way to do private addressing for hostnames - if I see an unqualified name, it's always assumed to be in the same domain that I'm in or something fairly local. This can be a very handy shortcut, and is very widely used in private networks. I think it makes a lot of sense, but obviously this wouldn't work if intranet was a valid FQDN in its own right.
A custom encryption solution? Ok, but what about those of us who aren't Bruce Schneier?
I don't have any affiliation with the software/devs other than being a long-time user and occasional bug-reporter, but KeePass:
A) Is GPL. Haven't been through the source myself, but I find it highly unlikely that a 'government back door' would go unnoticed.
B) huh..?? Don't really follow what you're getting at here.
C) Have KeePass generate a key-file for you, which you then need to use along with the password for two-factor auth. (obviously don't keep the key file with the password DB!). Layer on more levels of encrytion by putting the password store inside a TrueCrypt volume (hidden volume if you want to go with deniability as well), etc, etc.
On top of that, KeePass has some pretty nifty features like auto-type w/ obfuscation that (claims to) break all known keyloggers and clipboard spies, in-memory encryption so your passwords will never show up un-encryted in a page file, and configurable key-transformations to slow dictionay attacks to name a few. I personally trust it more than I trust an encrypted network connection and use it for everything these days. Seriously, check out their security page.
Unfortunately it's for Windows only, although there is a cross-platform port called KeePassX (haven't tried it yet myself).
Here is a nice little short story on the matter. It does my head in to think about this sort of thing.
My billing cycle begins on the 5th of the month, not the 1st... hence a few more days until I'm back to full speed ;)
Some Australian ISP's used to let users elect to have either the painful throttling you describe, or to be charged extra for excess usage. These days most (all?) just do the throttling - most likely to try to get users to upgrade to more expensive plans. I'm currently on 64k thanks to exceeding my allowance for the month, and 'painful' barely describes it. I'd happily pay $10 extra for another few more GB this month, but certainly don't want to lock myself into a higher plan, as most months I won't be using as much.
Also - if you've got 10 machines running the same OS, wouldn't it be worth setting up an internal mirror / patch distribution server so you only need to pull the data down your internet pipe once?
oblig. The Great British Venn Diagram
Sumatra PDF viewer is even smaller & lighter than Foxit. It's an absolute barebones PDF viewer... Plus it's GPL licensed. I tried it for a while, but I've since gone back to Foxit, as I need a few of the 'extra' features (like 'find text')
oh...... wait.
I'm stupid. Nevermind.
but... the work around is so easy, that it's barely worth even trying to protect the images. It's called 'Print Screen'.
...........yes.
:P
The first thing that ppl worry about after a building collapse is finding their mobile phones
(come on, i know MY mobile is more important to me that human life!!)
That's exactly what i was thinking......
Why should you pay more $$ to run the s/w on an old quad-pIII 450, compared to a dual-p4 (single core)3200. That just doesn't make sense to me.
If they want to charge based on how much you can squeeze out of the s/w, then by no means is the no. of CPU's or the no. of cores the best measure. The only fair way to do this would be to benchmark each system before deciding what to charge for the s/w.
All of this, to me, seems completely ridiculus. Even if they did use a fair and accurate way to measure how much you can get out of the s/w on a given system, it would effectively be encouraging companies to use older/slower hardware.
Why not encourage those who use your software to get as much out of it as possible? The only time i believe that something like this would be justified would be in cluster-type environments, eg. pricing should be per node, regardless of what each node has "under the hood".
seriously, put the flamethrower down, chill.
Next time, read the question before blasting away in a mad frenzy. The poor guy was just asking an inoccent QUESTION, not making an ill-informed statement as you seem to think. Go back, read it again..... think for 5/8th of a second......
don't ever do it again.
Ooh... I want an invite.... have been waiting for ages. Pleeeease can you send one to OneSeven@Earthling.net ?
yeah, but the difference is that the 20 killed by said car bomb, or the poor headless american, are far separated from the average viewers world (physically & mentally), but the IE BHO exploit is much more likely to directly affect that viewers life in a more immediate and measurable way. More likely they will take note and patch/update virus scanner/whatever to elimate or at least reduce the vunerability. eventually it will be standard for every home/office user to keep an eye on these issues, and check their security as often as they check their email, especialy those who have had bad experiences due to these issues. .................well maybe not, but we can hope at least.
sorry, just realised that i didn't answer your question at all. well, i have no idea about definitivesolutions.com, never heard of them before, but i do use and trust hijackthis.
HijackThis! - lets you see & delete all BHO's, browser hijacks, host file entries, etc. Some caution is required tho, as it does NOT differentiate between the good & the bad, it's up to you to decide what to kill & what to keep. (Lamers can submit the list it generates to some forum to be told what is good or bad, but i've never used this service myself.) This prog is quick & clean, but again, can be dangerous if used carelessly.
I know that UltraVNC (Win32) can do single windows, This can be extremly handy over slow WAN links. I would imagine that one of the many flavours of VNC available for *nix can do this too.
fake email not even needed with ...
Mailinator -
make up an address @mailinator.com. An account gets dynamically generated when mail arrives, then deleted a few hours later. works a treat, only problem is a lot of websites are now blacklisting it.