Yes I understand it is the same. You are now desperate enough that instead of claiming APK is superior, that you are now happy enough to say that it has the same protection as other software. The very point I was making.
Also, you are now slipping up on some important parts.. You just stated:
Plus, it can't be done - Not every 1/2 ms while my app runs... no way, no how!
but then you argued that DNS is:
Wasteful of CPU cycles due to more parts
I can guarentee that an idle DNS server doesn't waste time checking its database for errors every 500ms. This now puts your software way out of reach of my proposed system (dns server running on localhost) in terms of CPU usage, and as you claimed, electricity usage. Try again.
Please don't turn this into an e-peen competition. My kids are into that sort of thing. I have been writing software for over 35 years, so lets just put that to rest, it's immature.
Indexing vs "favourites at top" has no argument. Indexing was designed to speed up search, linear searching is the base at which indexing is compared to. Sure, for those at the top, its faster, for those at the bottom its slower, you can't predict the browsing habits of your users, so this sorting won't work. Overall, indexing is faster. If you are what you claim, then you know this.
(It does so, every 500ms, & NO programs' or malware-in-general that's NOT a driver powered rootkit's going to get past that, since the timer registered with the OS is as 'fast as it gets' in usermode, period!)
Oh, you opened yourself up for being owned now:)
Any other process capable of writing to the hosts file is running as administrator. Therefore it kills your applications PID, and disables any service. The end.
So read-only file flag and NTFS ACLs. Nothing special then.
BTW I'm loving this discussion, I know you're a troll, and a good one, but its awesome to see how far people will go. Especially when you're also getting your link count up with each post:)
Okay I see you have no citations for those points, just guesswork. I accept this as you conceding the argument in my favor. That is acceptable.
Any operating system tricks to cache data are not exclusive to just a hosts file so any points made there are moot and disregarded.
Besides, the SPEED difference of any of these system would be unmeasurable (unless you have citations? oh you don't don't nevermind that then), its not what I am arguing. An internal DNS system (not affected by any sort of poisoning vulnerability, ie. internal, internal, internal) would be a much better suited solution to your problem because of pervious unresolved points.
Haha, a "favourites at the top" sorted text file beats indexing, what planet are you on.
My understanding was that UPnP was for punching a hole in the firewall/NAT for incoming requests.Joe Average doesn't need this functionality does he?
Outgoing NAT on consumer grade routers is a separate feature from UPnP and isn't required to use your laptop/TV/tablet/phone on the internet.
I think UPnP at the most (ni the average house) is used by the Playstation to host or any other server-less P2P network for connectivity. Solve that problem, and we're gold.
Okay, there is one flaw in hosts file, they can be bypassed.
I will now try with slashdot.org
0.0.0.0 slashdot.org
...
C:\>ping -n 1 slashdot.org Ping request could not find host slashdot.org. Please check the name and try again.
Okay, it blocks it, great.
C:\>ping -n 1 www.slashdot.org Pinging www.slashdot.org [216.34.181.48] with 32 bytes of data: Reply from 216.34.181.48: bytes=32 time=107ms TTL=245
Oops, sorry. I remain unconvinced. I'll stick to an internal DNS server for blocking. Single point of configuration, works on ALL devices on my local network and handles wildcards.
1.) MORE "moving parts" complex in services/daemons, & front-ends to them
Yes more moving parts.
2.) MORE complex in entries necessary (and knowledge for it)
False. Still haven't found case to handle wildcards.
3.) Wasteful of CPU cycles due to more parts
Citation needed.
4.) Wasteful of ELECTRICITY (due to extra moving parts)
Citation needed.
5.) Wasteful of RAM (data is larger, see that DNSBL I put out)
Data used for configuration != Data used in RAM during use.
6.) Wasteful of other forms of I/O too
OS needs to re-read hosts file. DNS servers are much more efficient.
9.) Hosts are an integrated part of the IP stack itself, running in Ring 0/RPL 0/kernelmode & merely a filter for it (which the IP stack has over 40++ yrs. of optimization & refinement put into it, as well as hardening vs. compromise)
It reads a text file into RAM, it isn't any more secure that any other configuration file. A local dns server has the same vulnerabilities. ie. Edit "HKLM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath" registry entry, hosts file is not longer used. Protection bypassed.
10.) I've seen DNS servers that run in far, Far, FAR SLOWER Ring 3/RPL 3/usermode as well vs. kernelmode & the IP stack as noted in point #9"
Oh, your local text file is read faster than the DNS server 1000s of miles away? Try again with a local one.
Hmm.
a large HOSTS file (over 135 kb) tends to slow down the machine
This doesn't work. I can still access the site.
Please give me a working example of how to quickly and easily block ALL of microsoft.com in a single line.
uPnP is a solution to a non-problem. Whats the point of any firewall if an application can request a hole through it?
There is the capabilities of having ACLs but the majority of routers it is just a tick-box to enable/disable, allowing any device internally to have free reign to accept incoming requests.
Actual line #2: As a spammer, I could setup a wildcard entry "* IN A [ip]" and just use simple PHP to set every image and every advert to use [random].domain.com. Hosts file cannot solve this. There is no argument here, this is FACT.
I'm sorry but you fail to counter any points. Hosts file = inefficient and random subdomains CANNOT be countered by a hosts file.
As a spammer, I could setup a wildcard entry "* IN A " and just use simple PHP to set every image and every advert to use.domain.com. Hosts file cannot solve this. There is no argument here, this is FACT.
Your attempt to counter the localhost DNS server point by saying that the server itself would be compromised is a joke. You demonstrate complete misunderstanding of computer logic. You give a DNSBL listing as an example and it wasn't even mentioned..... You say it could be compromised. It is LOCALHOST. At which point is the DNS server listening on localhost anymore liable to attack than a file in/etc? The file in etc is static, it can be edited, it is a known entity, its flaws are transparent.
You have shown a complete lack of thought in your responses, your aim is to attempt to squash any rebuttle, even if it makes yourself look stupid to your peers (which is everyone else at this point). Therefore this internet discussion is pointless. You are pointless.
1.
Using the hosts file is incredibly inefficient. Just role a DNS server, run it on localhost if you have to, and use that instead.
A hosts file needs 2 entries per domain. ie.
127.0.0.1 example.com
127.0.0.1 www.example.com
It then needs a new entry for every single subdomain.
127.0.0.1 ad100.example.com
127.0.0.1 ad200.example.com
127.0.0.1 ad300.example.com
2.
By setting up your malicious content to use random subdomains, like a4bacd4adef.domain.com renders any host files useless as they can't possibly list every permutation.
The way I understand it PDroid is only available for a select few ROMs, mostly CyanogenMod and other variants. I was looking into it last week but I couldn't find a definitive way of installing it without also installed a 3rd party ROM. I'd prefer to keep the Samsung stock ROM on my i9100.
I ended up using LBE Privacy Guard, although not quite as good, it is doing some of the job I was looking for.
I had never heard of Droidwall, I'm going to look that up now, thanks.
It was also aledged that McKinnon wasn't the only person gaining access to these machines. McKinnon said the computers were like an open book and lots of people were in there. Sure, the damage was done, if you say so, but it may not of all been McKinnon.
And th emajority of the time these forum posts suggest "port forwarding" port 80, 443 etc. when they are clearly outgoing requests and have no business been port forwarded to a client.
Slashdot Mirror
Please respond to the fact hosts file cannot handle wildcards as you claim they do.
Also, you are now slipping up on some important parts..
You just stated:
but then you argued that DNS is:
I can guarentee that an idle DNS server doesn't waste time checking its database for errors every 500ms. This now puts your software way out of reach of my proposed system (dns server running on localhost) in terms of CPU usage, and as you claimed, electricity usage. Try again.
Please don't turn this into an e-peen competition. My kids are into that sort of thing. I have been writing software for over 35 years, so lets just put that to rest, it's immature.
Indexing vs "favourites at top" has no argument. Indexing was designed to speed up search, linear searching is the base at which indexing is compared to. Sure, for those at the top, its faster, for those at the bottom its slower, you can't predict the browsing habits of your users, so this sorting won't work. Overall, indexing is faster. If you are what you claim, then you know this.
Oh, you opened yourself up for being owned now :)
Any other process capable of writing to the hosts file is running as administrator. Therefore it kills your applications PID, and disables any service. The end.
So read-only file flag and NTFS ACLs. Nothing special then.
BTW I'm loving this discussion, I know you're a troll, and a good one, but its awesome to see how far people will go. Especially when you're also getting your link count up with each post :)
Okay I see you have no citations for those points, just guesswork. I accept this as you conceding the argument in my favor. That is acceptable.
Any operating system tricks to cache data are not exclusive to just a hosts file so any points made there are moot and disregarded.
Besides, the SPEED difference of any of these system would be unmeasurable (unless you have citations? oh you don't don't nevermind that then), its not what I am arguing. An internal DNS system (not affected by any sort of poisoning vulnerability, ie. internal, internal, internal) would be a much better suited solution to your problem because of pervious unresolved points.
Haha, a "favourites at the top" sorted text file beats indexing, what planet are you on.
My understanding was that UPnP was for punching a hole in the firewall/NAT for incoming requests.Joe Average doesn't need this functionality does he?
Outgoing NAT on consumer grade routers is a separate feature from UPnP and isn't required to use your laptop/TV/tablet/phone on the internet.
I think UPnP at the most (ni the average house) is used by the Playstation to host or any other server-less P2P network for connectivity. Solve that problem, and we're gold.
I will now try with slashdot.org
Okay, it blocks it, great.
Oops, sorry. I remain unconvinced. I'll stick to an internal DNS server for blocking. Single point of configuration, works on ALL devices on my local network and handles wildcards.
Yes more moving parts.
False. Still haven't found case to handle wildcards.
Citation needed.
Citation needed.
Data used for configuration != Data used in RAM during use.
OS needs to re-read hosts file. DNS servers are much more efficient.
It reads a text file into RAM, it isn't any more secure that any other configuration file. A local dns server has the same vulnerabilities. ie. Edit "HKLM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath" registry entry, hosts file is not longer used. Protection bypassed.
Oh, your local text file is read faster than the DNS server 1000s of miles away? Try again with a local one.
Hmm.
- mvps.org
This doesn't work. I can still access the site.
Please give me a working example of how to quickly and easily block ALL of microsoft.com in a single line.
DNS on localhost isn't compromisable. You are the very example of FUD. http://en.wikipedia.org/wiki/Fud
This!
uPnP is a solution to a non-problem. Whats the point of any firewall if an application can request a hole through it?
There is the capabilities of having ACLs but the majority of routers it is just a tick-box to enable/disable, allowing any device internally to have free reign to accept incoming requests.
hosts file at %windir%/system32/drivers/etc/hosts
b026324c6904b2a9cb4b88d6d61c81d1.adverts.example.com 127.0.0.1
26ab0db90d72e28ad0ba1e22ee510510.adverts.example.com 127.0.0.1
6d7fce9fee471194aa8b5b6e47267f03.adverts.example.com 127.0.0.1
48a24b70a0b376535542b996af517398.adverts.example.com 127.0.0.1
1dcca23355272056f04fe8bf20edfce0.adverts.example.com 127.0.0.1
9ae0ea9e3c9c6e1b9b6252c8395efdc1.adverts.example.com 127.0.0.1
84bc3da1b3e33a18e8d5e1bdd7a18d7a.adverts.example.com 127.0.0.1
c30f7472766d25af1dc80b3ffc9a58c7.adverts.example.com 127.0.0.1
7c5aba41f53293b712fd86d08ed5b36e.adverts.example.com 127.0.0.1
31d30eea8d0968d6458e0ad0027c9f80.adverts.example.com 127.0.0.1
166d77ac1b46a1ec38aa35ab7e628ab5.adverts.example.com 127.0.0.1
2737b49252e2a4c0fe4c342e92b13285.adverts.example.com 127.0.0.1
aa6ed9e0f26a6eba784aae8267df1951.adverts.example.com 127.0.0.1
367764329430db34be92fd14a7a770ee.adverts.example.com 127.0.0.1
8c9eb686bf3eb5bd83d9373eadf6504b.adverts.example.com 127.0.0.1
[...forever...]
dns server on localhost
$ORIGIN example.com
* IN A 127.0.0.1
Didn't realise "plain old text" reformatted tags.
Actual line #2:
As a spammer, I could setup a wildcard entry "* IN A [ip]" and just use simple PHP to set every image and every advert to use [random].domain.com. Hosts file cannot solve this. There is no argument here, this is FACT.
I'm sorry but you fail to counter any points. Hosts file = inefficient and random subdomains CANNOT be countered by a hosts file.
As a spammer, I could setup a wildcard entry "* IN A " and just use simple PHP to set every image and every advert to use .domain.com. Hosts file cannot solve this. There is no argument here, this is FACT.
Your attempt to counter the localhost DNS server point by saying that the server itself would be compromised is a joke. You demonstrate complete misunderstanding of computer logic. You give a DNSBL listing as an example and it wasn't even mentioned..... You say it could be compromised. It is LOCALHOST. At which point is the DNS server listening on localhost anymore liable to attack than a file in /etc? The file in etc is static, it can be edited, it is a known entity, its flaws are transparent.
You have shown a complete lack of thought in your responses, your aim is to attempt to squash any rebuttle, even if it makes yourself look stupid to your peers (which is everyone else at this point). Therefore this internet discussion is pointless. You are pointless.
This fails in 2 ways ...
1.
Using the hosts file is incredibly inefficient. Just role a DNS server, run it on localhost if you have to, and use that instead.
A hosts file needs 2 entries per domain. ie.
127.0.0.1 example.com
127.0.0.1 www.example.com
It then needs a new entry for every single subdomain.
127.0.0.1 ad100.example.com
127.0.0.1 ad200.example.com
127.0.0.1 ad300.example.com
2.
By setting up your malicious content to use random subdomains, like a4bacd4adef.domain.com renders any host files useless as they can't possibly list every permutation.
Someone take the bold tag away from this guy, it hurts.
Of course, all ad networks should be blocked because of download sites ... ?
The sites which are being supported by ads should just block free.fr users.
s/you/I/ig
I too had the overscan problem on an ATi card when using HDMI.
However I found in the Catalyst Control Center options to adjust the scan and have it perfect. Went from being a problem to not a problem.
Droidwall is just the firewall part. Good in itself, but is there a way of putting PDroid on the Samsung ROM?
The way I understand it PDroid is only available for a select few ROMs, mostly CyanogenMod and other variants. I was looking into it last week but I couldn't find a definitive way of installing it without also installed a 3rd party ROM. I'd prefer to keep the Samsung stock ROM on my i9100.
I ended up using LBE Privacy Guard, although not quite as good, it is doing some of the job I was looking for.
I had never heard of Droidwall, I'm going to look that up now, thanks.
It was also aledged that McKinnon wasn't the only person gaining access to these machines. McKinnon said the computers were like an open book and lots of people were in there. Sure, the damage was done, if you say so, but it may not of all been McKinnon.
And th emajority of the time these forum posts suggest "port forwarding" port 80, 443 etc. when they are clearly outgoing requests and have no business been port forwarded to a client.
14 characters is strong on a normal scale. A 128 character password is either going to be stored on a USB disk is isn't a password but a passphrase.
Newsflash: Specs can change.