Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Highlights Trouble In Detecting Malware

Soulskill posted more than 3 years ago | from the gotta-check-under-all-the-bits dept.

Google 84

JohnBert writes "Google issued a new study (PDF) on Wednesday detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones. The company's engineers analyzed four years worth of data comprising 8 million websites and 160 million web pages from its Safe Browsing service, which is an API that feeds data into Google's Chrome browser and Firefox and warns users when they hit a website loaded with malware. Google said it displays 3 million warnings of unsafe websites to 400 million users a day."

Sorry! There are no comments related to the filter you selected.

And this is why smart users (0)

Anonymous Coward | more than 3 years ago | (#37142080)

browse in Lynx.

When was the last time you saw malware for it?

Re:And this is why smart users (3, Insightful)

MetalliQaZ (539913) | more than 3 years ago | (#37142124)

About the same time I saw any meaningful web development targeting that tool.

Re:And this is why smart users (2)

elsurexiste (1758620) | more than 3 years ago | (#37142334)

browse in Lynx.

When was the last time you saw malware for it?

When was the last time you saw anything other than text in a BIG font? ;)

Yours sincerely,

A Lynx user.

Re:And this is why smart users (1)

TheRaven64 (641858) | more than 3 years ago | (#37142646)

Last person I met who actually used Lynx for day to day browsing did so on a braille terminal. So, the last time he saw anything was probably quite a long time ago, if ever...

shock! (0)

Anonymous Coward | more than 3 years ago | (#37142178)

hardley normals will go on selling the top dog joke av crapware. All browsers seriously need to be sandboxed HARD. Don't stop there though, the OS has alot to answer to... Next, on to orifice...

*sigh*

-sent from my ipad.

It's stupidly easy to compromise a windows machine (2)

Flipao (903929) | more than 3 years ago | (#37142194)

And that's even before you escalate UAC rights, I find software like Sandboxie works far better to protect my computer than any antivirus out there.

Re:It's stupidly easy to compromise a windows mach (0)

HarrySquatter (1698416) | more than 3 years ago | (#37142376)

Then prove it. The IP of my Windows machine at home is 66.25.165.182. Come on, little script kiddy, show me your stuff.

Re:It's stupidly easy to compromise a windows mach (1)

tukang (1209392) | more than 3 years ago | (#37142500)

Gladly, but first you need to prove that the IP of your home machine is what you say it is.

Re:It's stupidly easy to compromise a windows mach (1)

_0xd0ad (1974778) | more than 3 years ago | (#37142512)

Surprisingly enough it's in one of RoadRunner's residential IP blocks ("Allocations for this OrgID serve Road Runner residential customers out of the Austin, TX and Tampa Bay, FL RDCs").

He should have at least made it interesting, like 209.251.178.99.

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37142734)

Why is that surprising? This just in: someone's home computer will be using an IP within a residential block of their ISP! STOP THE PRESSES!!!

Re:It's stupidly easy to compromise a windows mach (1)

_0xd0ad (1974778) | more than 3 years ago | (#37142958)

The surprising part is that you posted your real IP address. The one I posted is what resolved for fbi.gov (I know, I'm not terribly creative).

Re:It's stupidly easy to compromise a windows mach (1)

shoehornjob (1632387) | more than 3 years ago | (#37145006)

The surprising part is that you posted your real IP address. The one I posted is what resolved for fbi.gov (I know, I'm not terribly creative).

LMAO creative indeed.

Re:It's stupidly easy to compromise a windows mach (1)

liquidweaver (1988660) | more than 3 years ago | (#37142518)

You are missing the point, and are not the OP.

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37142788)

Except that anything I post you will attempt to claim doesn't prove anything and you'll slink away like a chickenshit. You either are going to have to believe me or not. I don't really care.

Re:It's stupidly easy to compromise a windows mach (1)

CrashandDie (1114135) | more than 3 years ago | (#37142890)

I'm fairly sure that a simple web-page or telnet reply saying "This is HarrySquatter (1698416), tukang (1209392) please come in for /. story 1328237" would've been sufficient.

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37142918)

But that doesn't prove anything. Could I not just as easily be at someone else's computer doing that? Once again, nothing I can do or so is going to be something irrefutable so he's either going to have to man up and just prove himself or slink off like a chickenshit. I honestly don't give a flying fuck.

Re:It's stupidly easy to compromise a windows mach (0)

Anonymous Coward | more than 3 years ago | (#37142968)

For someone who doesn't give a flying fuck, you seem to be religiously replying to this thread.

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37143026)

You misunderstand. I don't give a flying fuck if tukang does or doesn't believe me or does or doesn't attack my computer because my point is that if the original poster wants to prove his laughable statement that he has my information to do so. Most likely he won't because he's wrong and is most likely a chickenshit the same as tukang.

Re:It's stupidly easy to compromise a windows mach (0)

Anonymous Coward | more than 3 years ago | (#37143466)

You are making yourself look like a complete jackass. Just, FYI.

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37144020)

Oh noes! My entire life is going to fall apart because an AC on slashdot has called me a jackass. Oh wait, I already know I'm a jackass and don't really care.

Re:It's stupidly easy to compromise a windows mach (1)

_0xd0ad (1974778) | more than 3 years ago | (#37143006)

Could I not just as easily be at someone else's computer doing that?

What would that accomplish? So somebody else's Windows computer could be hacked.

Anyway, your Slashdot user ID number is stored in plain readable text in the cookies.sqlite file, which would be the most obvious way to determine if you'd got into the right computer. If you wanted to, I mean...

Granted, that same cookie could probably be used to access your Slashdot account, but I'm confident he'd never do that...

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37143052)

My point is that any evidence I can give can easily be faked. Nothing I can do or say is 100% irrefutable evidence. Hell I could be posting from my friend's computer that is running Slackware instead of Windows and we could be doing nothing but laughing at tukang. He's never going to know if that's true or not despite what I can say to the contrary.

Re:It's stupidly easy to compromise a windows mach (1)

_0xd0ad (1974778) | more than 3 years ago | (#37143098)

No doubt. But the overall point was that Windows is "stupidly easy" to compromise, and if that's true it presumably wouldn't be that hard to determine that the computer at that IP wasn't even running Windows. Anyway, I still think you should have posted the IP address for the FBI or CIA or some other spook agency on the outside chance that he'd really try to break in.

Re:It's stupidly easy to compromise a windows mach (1)

HarrySquatter (1698416) | more than 3 years ago | (#37144092)

I'm not afraid of little script kiddy boy. If someone wants to try their hand, they are more than welcome.

Re:It's stupidly easy to compromise a windows mach (0)

Anonymous Coward | more than 3 years ago | (#37149886)

If you say so, but all I'm saying is, it's lulz enough if script kiddie boy tries hacking the FBI and gets caught.

Re:It's stupidly easy to compromise a windows mach (0)

Anonymous Coward | more than 3 years ago | (#37143068)

My IP address is 127.0.0.1. Come get some.

Re:It's stupidly easy to compromise a windows mach (1)

Suferick (2438038) | more than 3 years ago | (#37143740)

It can't be. That's my IP address

Re:It's stupidly easy to compromise a windows mach (0)

Anonymous Coward | more than 3 years ago | (#37143870)

Come on, people. UF FTW. [userfriendly.org]

Captcha: "toying"

Re:It's stupidly easy to compromise a windows mach (1)

Thud457 (234763) | more than 3 years ago | (#37145574)

hey, that's the combination to my luggage!

Re:It's stupidly easy to compromise a windows mach (1)

cvtan (752695) | more than 3 years ago | (#37149102)

Wrong! It's 12345.

Re:It's stupidly easy to compromise a windows mach (1)

liquidweaver (1988660) | more than 3 years ago | (#37142392)

Oh yeah? Stupid easy - ok. Compromise my machine then. Windows 7 64 bit, I've been lazy about patching it, haven't done so for about a month. My IP address is 24.107.113.55, and I've set my pc as the DMZ for all inbound traffic. I'll be at work for about 8 hours, I'll leave it running. Good luck.

Re:It's stupidly easy to compromise a windows mach (1)

Anonymous Coward | more than 3 years ago | (#37142730)

I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!

Re:It's stupidly easy to compromise a windows mach (1)

PNutts (199112) | more than 3 years ago | (#37142876)

I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!

And to teach him a lesson I downloaded Glitter.

Re:It's stupidly easy to compromise a windows mach (1)

ElKry (1544795) | more than 3 years ago | (#37144776)

And to teach him a lesson I downloaded Glitter.

Totally disproportionate actions like this are the reason hackers are classified as terrorists.

Re:It's stupidly easy to compromise a windows mach (1)

cc1984_ (1096355) | more than 3 years ago | (#37144252)

I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!

I can't tell whether this is a joke or not. THE GP's IP is not responding to ping and nmap reports the host is down (I know that these don't mean anything on its own, but deep down, I so wish parent isn't joking!)

Re:It's stupidly easy to compromise a windows mach (1)

liquidweaver (1988660) | more than 3 years ago | (#37146708)

Don't worry, I'm ok. I do use the Windows fw, which blocks ICMP.

Re:It's stupidly easy to compromise a windows mach (0)

Anonymous Coward | more than 3 years ago | (#37146124)

I'm thinking of environment variables, hope that counts..

Re:It's stupidly easy to compromise a windows mach (2)

oakgrove (845019) | more than 3 years ago | (#37143510)

I just hacked in and checked your browser history. Good God, man! Don't you know just thinking about that shit is illegal in all but like 3 countries??

Re:It's stupidly easy to compromise a windows mach (1)

JonySuede (1908576) | more than 3 years ago | (#37144968)

Experience (do not install any softwares without making a diff of you registry before and after) and sensible software configuration (like no script in wmv, no script in pdf,..., no script in any kind of document except a web page with everything from the adds servers around the world blacklisted) works even better but is it less convenient.

Sandboxie's NICE, this is better... apk (0)

Anonymous Coward | more than 3 years ago | (#37206028)

Simply because "I can't get burned IF I never go into the 'malware-in-general kitchen'" period (& yes, even sandboxing's been KNOWN to have been broken thru in the past by malwares (think chroot JAILS as an example thereof)):

So, what's better here (& even better if added in with sandboxie + other "layered-security"/"defense-in-depth" methods in my p.s.s. section below)? THIS IS:

My custom HOSTS file currently protects me vs. 1,571,476+++ (& growing every 15 minutes) KNOWN bad sites/servers/hosts-domains that are KNOWN to be either maliciously scripted, or serving up malware-in-general, plus spamming/phishing sources as well as botnet C&C servers.

HOW/WHY/WHEN/WHERE? Read on!

(Do use 0.0.0.0 on most OS, but Windows 2000/XP/Server 2003 can use a smaller one, in plain 0 as a blocking "IP Address" even (thus, smaller HOSTS files result, & their entries are parsed FASTER that way, line by line, w/ no "loopback operation" occurring @ all, due to "blackhole routing", & NO "ABE warning" problems, noted here -> http://hackademix.net/2009/07/01/abe-warnings-everywhere-omg/ [hackademix.net] either))

20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added "layered"/"defense-in-depth" security:

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

2.) Adblock blocks ads in only 1-2 browser family, but not all (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can.

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code. With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked, proving HOSTS files are a better solution for this because they cannot be blocked & detected for, in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Photobucket's DNS records hijacked by Turkish hacking group:

http://www.zdnet.com/blog/security/title/1285 [zdnet.com]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

---

SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] [mvps.org]" - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"put in your /etc/hosts:" - by Anonymous Coward on Friday December 03, @09:17AM (#34429688)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECUNIA.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* POSTS ABOUT HOSTS FILES I DID on "/." THAT HAVE DONE WELL BY OTHERS & WERE RATED HIGHLY, 16++ THUSFAR (from +3 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

HOSTS MOD UP -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
HOSTS MOD UP -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP with facebook known bad sites blocked -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST) http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once GET CACHED, for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32\drivers\etc on Windows, which marks it "Dirty" & then it gets re-read + reloaded into the local diskcache again). This may cause a SMALL lag upon reload though, depending on the size of your HOSTS file.

E.) HOSTS files don't protect vs. BGP exploits - Sorry, once it's out of your hands/machine + past any interior network + routers you have, the packets you send are out there into the ISP/BSP's hands - they're "the Agents" holding all the keys to the doorways at that point (hosts are just a forcefield-filter (for lack of a better description) armor on what can come in mostly, & a bit of what can go out too (per point #20 above on "locking in malware")). Hosts work as a "I can't get burned if I can't go into the kitchen" protection, for you: Not your ISP/BSP. It doesn't extend to them

F.) HOSTS files don't protect vs. IP addressed adbanners (rare) &/or IP address utilizing malwares (rare too, most used domain/host names because they're "RECYCLABLE/REUSEABLE"), so here, you must couple HOSTS files w/ firewall rules tables (either in software firewalls OR router firewall rules table lists)... apk

P.S.S. => Still, I like the fact you noted "sandboxie" - I use it, & note that much w/ proof in the URL below as well for years now (Yes - I run it also, from a TRUE SSD (not FLASH RAM based) in a Gigabyte IRAM, alongside my browsers (except IE9) from also, to "make up for" the lag sandboxie introduces, which it does)!

Sandboxie even provides browsers like Opera even a 'sandbox' feature via its driver-based architecture in sandboxie!

(Opera's STILL my fav. webbrowser, even though it lacks a 64-bit build + sandboxing like Chromium has... this is due to its "by site" prefs, which you can use to GLOBALLY disable the "main harbingers of doom" in javascript, iframes, & even JAVA @ times for ALL SITES, & then only activate it on sites you need those features for (think e-commerce related OR database related ones).

Using that feature of Opera? Well - "I can't get burned if I don't go into the kitchen this way, just like HOSTS files do for you in combination with firewall rules tables & DNSBL filtering DNS servers vs. malware-in-general like Norton DNS, OpenDNS, & ScrubIT DNS do. I believe in "layered-security"/"defense-in-depth", because it WORKS (I haven't been infected-infested since 1996 in fact, because of it, & neither do others that use this guide for that I wrote -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com] )...

... apk

Antivirus "protection" racket (1)

MetalliQaZ (539913) | more than 3 years ago | (#37142230)

Yet another story hinting at the huge lie that is perpetrated on the world in the form of antivirus "protection". Like I've always said, these tools do more to undermine my PC than malware ever has. A good "secure-by-default" installation and a decent understanding of responsible Internet use is all you need. Instead, most people deal with significantly slower performance, and borderline criminal subscription tactics. Protection from new and future threats has always been and will always be a fantasy.

Layne's Law: What's "good secure by default"? (1)

tepples (727027) | more than 3 years ago | (#37142290)

A good "secure-by-default" installation

One fundamental problem in home computer security is that vendors disagree on how to define [c2.com] "good 'secure-by-default' installation". For example, does it involve establishing a policy of trusting a third party to determine whether each program is safe and enforcing this policy with no way for the end user to override it? Apple (iOS), Microsoft (Xbox 360 and Windows Phone 7), Nintendo, and Sony seem to think so.

Re:Layne's Law: What's "good secure by default"? (1)

MetalliQaZ (539913) | more than 3 years ago | (#37142420)

That's a good point. I guess all I meant by secure-by-default is an installation that separates system tasks and user tasks. So, users don't have access to change the OS, and they play wildly in their own sandbox. I know that malware can often just skirt those protections and root the system using vulns. That's why I added responsible Internet use. Despite running without any protection at all, I never get the infections that the rest of my family does.

Re:Layne's Law: What's "good secure by default"? (1)

tepples (727027) | more than 3 years ago | (#37142600)

So you define "secure-by-default" as what I perceive to be the default scenario in Ubuntu, Mac OS X, and Windows Vista/7: only a user with administrative privileges can make system-wide changes, and such users are prompted to elevate before making system-wide changes. Thank you for getting that out of the way, although some people are likely to reply about the data in their user account being ultimately more precious than the operating system. The next problem is coming up with a practical way to instill "a decent understanding of responsible Internet use" in the public, especially people new to the Internet or children who share a PC with a parent.

Re:Layne's Law: What's "good secure by default"? (1)

Anonymous Coward | more than 3 years ago | (#37142708)

> So, users don't have access to change the OS, and they play wildly in their own sandbox

That is nothing more than a dogma. For single user, personal machines I could care less about the OS being safe. What I care more about are my personal files. I hope that after 20 years or so of using a PC, i've got some value in my personal files. THAT's what i don't want compromised - THAT's what needs to be safe. Not the OS that I can download and re-install in under an hour.

I do realize that if the OS is compromised, so are my files. But just protecting the OS doesn't help me. If I get a malware that uses my privileges and wipes my files out and doesn't even bother attempting root access is just as bad as something that does gain root access.

I guess my point is that, sure the OS has to be secure to not allow root access. But stopping there is hardly going to protect my most important files.

On a server, sure. If the malware manages to wipe out a user but can't get access to other users because it can't get root - there's value there.

Re:Layne's Law: What's "good secure by default"? (0)

Anonymous Coward | more than 3 years ago | (#37143242)

And THAT is what backups are for.

Re:Antivirus "protection" racket (1)

sakdoctor (1087155) | more than 3 years ago | (#37142336)

I support the Antivirus industry, and anything else which causes insane demand for RAM/CPUs in normal users.
Then I can keep my machines at the price sweet spot, and still have awesome specs.

Re:Antivirus "protection" racket (2, Insightful)

Anonymous Coward | more than 3 years ago | (#37142632)

Yet another story hinting at the huge lie that is perpetrated on the world in the form of antivirus "protection". Like I've always said, these tools do more to undermine my PC than malware ever has. A good "secure-by-default" installation and a decent understanding of responsible Internet use is all you need. Instead, most people deal with significantly slower performance, and borderline criminal subscription tactics. Protection from new and future threats has always been and will always be a fantasy.

Not all antivirus is created equal, MSE is very lightweight on resources, and it is free - so no 'criminal subscription tactics". And it do offer additional protection. For me it has several times flagged and cleaned malware, sometimes from quite surprising sources. You can have as safe user practices you want, but that won't completely avoid accidental exposure - malware have been found even on brand new USB memory sticks in unopened shrink wrap.

It is of course not 100% protection, but that isn't really an argument against at least having some additional protection at all (even a condom isn't 100% protection, that doesn't mean it is a useless product).

Re:Antivirus "protection" racket (2)

ka9dgx (72702) | more than 3 years ago | (#37143290)

Instead of secure by default, you have run by default in all 3 major environments... Linux, Windows, OSx

Time is running out for this insane approach to doing things... the various band-aids are now in play are rapidly losing their efficacy, and none address the basic issue: code can no longer be trusted.

Fortunately. a few brave souls have ventured into this area with projects oriented at fixing the situation properly.

In the Linux area, seccomp-nurse [chdir.org] is a sandboxing framework based on SECCOMP. It is designed to run applications in a kind of jail (enforced by the kernel). It does not use ptrace() at all.

In the Windows area, Polaris [hp.com] (Principal Of Least Authority for Real Internet Security) is a package for Windows XP that demonstrates that we can do better at dealing with viruses than has been done so far. Polaris allows users to configure most applications so that they launch with only the rights they need to do the job the user wants done. This simple step, enforcing the Principle of Least Authority (POLA), gives so much protection from viruses that there is no need to pop up security dialog boxes or ask users to accept digital certificates. Further, there is little danger in launching email attachments, using macros in documents, or allowing scripting while browsing the web. Polaris demonstrates that we can build systems that are more secure, more functional, and easier to use.

Reliance on JS (3, Insightful)

mfh (56) | more than 3 years ago | (#37142316)

Javascript really is the source of the most recent problems because it can allow entry into systems and activation of malware remotely. This is why ActiveX is also bad. Developers rush into this kind of technology thinking of the payoff but not the cost.

Really though, JS is totally unnecessary so I run noscript and I don't visit sites that have a zillion JS calls to different sites. I probably could turn antivirus off and still be okay.

Re:Reliance on JS (1, Insightful)

HarrySquatter (1698416) | more than 3 years ago | (#37142330)

and I don't visit sites that have a zillion JS calls to different sites.

Posting on Slashdot about not going to JavaScript heavy sites. *head asplodes*

Re:Reliance on JS (0)

Anonymous Coward | more than 3 years ago | (#37142886)

Posting on Slashdot about not going to JavaScript heavy sites. *head asplodes*

Classic mode still works. Mostly. Last week, they broke moderation in classic mode: the "Moderate" button doesn't work until Javashit is enabled and the page reloaded.

Dear Slashdot: Haven't you heard of regression testing? Or is that not Agile(tm) enough for y'all?

"I can relate. I can't relate!" (1)

wreakyhavoc (1045750) | more than 3 years ago | (#37149858)

You killed my brother.

I mean, my computer.

Re:Reliance on JS (1)

Darkness404 (1287218) | more than 3 years ago | (#37142498)

JavaScript makes sense because for a lot of sites, it is either JavaScript... or Flash for most interactive content. And yes, I know that HTML 5 will be the cure-all for JavaScript/Flash but it isn't out yet and JavaScript is the best we've got

Re:Reliance on JS (2)

mfh (56) | more than 3 years ago | (#37142946)

http://csszengarden.com/ [csszengarden.com]

Look at these templates. Not one of these uses Javascript and they are amazing. They are functional.

They don't have the same level of backend code pushing that you see with JS topheavy sites, but they also don't have a lot of the annoying "features".

Google for example has a semi-new feature that when you press scroll down the JS captures your keypress and pushes your focus to the next search result. This is horrible and I don't see a way to disable it. When I press downarrow I want to scroll down a little bit. So here is a UI decision Google made for me.

Why the hell would we let a website decide how our UI experience is going to work? Shouldn't we be making those decisions ourselves and relying on our own methods for this kind of interaction so that we get what we want?

The best browser money can buy will have the following features (it doesn't exist yet):

- Keeps the web simple
- Converts video media like flash and html5 on the fly to its own standard without any lag or adverse effects
- Reinterprets every website as content, ads, forms, UI, and organizes these into preset methods developed by the user
- Conforms to standards set by the user, and fully controlled by the user

Re:Reliance on JS (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#37142996)

But those are all static pages. Of course if you are doing nothing but displaying static content it makes sense to not use JS. Slashdot used to be perfectly fine long before they made it so JS heavy as well. Apparently, though, it was way more fun to create a laggy AJAXy experience over fixing the bugs in the older discussion system.

Re:Reliance on JS (1)

mfh (56) | more than 3 years ago | (#37146406)

I still wish Slashdot had not done the changes in the UI they did. The problem I'm finding with Slashdot is when I click of text or double click it, it collapses instead of selects text. That's a huge change from the way things are supposed to work.

Re:Reliance on JS (1)

oakgrove (845019) | more than 3 years ago | (#37143400)

Google for example has a semi-new feature that when you press scroll down the JS captures your keypress and pushes your focus to the next search result. This is horrible and I don't see a way to disable it.

Go into your Google settings and turn off "Instant" and the arrow keys will return to normal functionality. Why instant and the scroll thing are related, I don't know.

Re:Reliance on JS (1)

garyebickford (222422) | more than 3 years ago | (#37145708)

I was thinking about this a few days ago. I don't know much about HTML5, but if it has similar capabilities as JS and Flash, how am I going to have the equivalent of NoScript and AdBlock? I _hope_ someone is working on suitable countermeasures.

Re:Reliance on JS (1)

mfh (56) | more than 3 years ago | (#37146446)

Someone will work on countermeasures and then we'll feel secure. The next logical step is when someone works on counter-countermeasures to bypass the countermeasures. This chains on and on.

The closer people get to working together the farther apart we get in this closed system without pure moderation.

Global download queue? (1)

scorp1us (235526) | more than 3 years ago | (#37142368)

Why not have the browser have some kind of globally coordinated download queue that queues the download until someone can scan it. If it's (by URL) already been scanned, then let it download, then verify the MD5 sum of the downloaded vs scanned content. If it matches, then all is good. If not delete it. I don't define "scanned" because it could be a virus scan, or an automated install to a virtual machine, which reports back any opened ports or initiated connections for further review.

This would be a pain for developers and IT, so have a way to disable it, but for most people telling them "we don't know if this download is safe" "We'll download it when we know more" would go a long way to stopping malware. And it has the peripheral effect of slowing up malware people too.

Re:Global download queue? (0)

Anonymous Coward | more than 3 years ago | (#37144130)

Because "scanning" a file doesn't catch unknown malware. In fact, it usually doesn't do anything except enumerate your file system, open each file, and then read the beginning of each file for known virus entry points. It's fairly useless security theater.

Is this relevant on all computers? (1)

kurt555gs (309278) | more than 3 years ago | (#37142378)

What malware should I be worried about on my Samsung Chromebook?

Re:Is this relevant on all computers? (3, Funny)

TheRaven64 (641858) | more than 3 years ago | (#37142802)

What malware should I be worried about on my Samsung Chromebook

ChromeOS.

Re:Is this relevant on all computers? (1)

shoehornjob (1632387) | more than 3 years ago | (#37146382)

If your Samsung chromebook is anything like my Samsung tv....RUN. Such an epic POS.

Re:Is this relevant on all computers? (1)

kurt555gs (309278) | more than 3 years ago | (#37146488)

Actually, I like my Samsung Chromebook. Open, use, close. It just works. (Oops, maybe I can't say that.)

Maths (1)

ifrag (984323) | more than 3 years ago | (#37142382)

FTFS

displays 3 million warnings of unsafe websites to 400 million users a day

I didn't RTFA, but doesn't that look like it doesn't add up? 400 million users are displayed 3 million warnings? I guess it means 400M users are warned from 3M identified sites?

Re:Maths (1)

danish94 (2427678) | more than 3 years ago | (#37142540)

400 million is roughly the sum of users in chrome+firefox.

Nice to not be so vulnerable then . . . (1)

Anonymous Coward | more than 3 years ago | (#37142384)

For years, I have had machines on the net that never used any antivirus. And so far, no virus on them either. Nice to have a system that is designed not to be vulnerable. (There is the occational software security error, but they usually get fixed before anyone have time to exploit them.)

If you care about security, don't bother with windows - or any system that need third-party security add-ons to work reliably. Windows has a series of design errors, in addition to the occational programming errors. Running everything with admin privileges, automatically running code embedded in email and documents, automatically running code off the web (activex) and so on. And who knows what new sillinesses they have, now that these things are slowly getting fixed.

Re:Nice to not be so vulnerable then . . . (1)

HarrySquatter (1698416) | more than 3 years ago | (#37142436)

Running everything with admin privileges

Are you still running Windows 98 or a pre SP version of XP?

automatically running code embedded in email and documents,

Which can be made to work in Linux as well.

automatically running code off the web (activex) and so on.

You don't automatically run ActiveX code. IE will always flag you and ask if you want to run it unless you've set your security settings to the bare minimum. Which would be dumb to do.

Re:Nice to not be so vulnerable then . . . (0)

Anonymous Coward | more than 3 years ago | (#37144484)

Running everything with admin privileges

Are you still running Windows 98 or a pre SP version of XP?

I STILL run across software that checks for write privileges to the windows system directory and refuse to run if it doesn't have it. Those are the ones I skip over, but moronic developers like that still exist, and in large numbers.

A good place to vent (3, Insightful)

AlienIntelligence (1184493) | more than 3 years ago | (#37142412)

1and1 has been a host for me for some time.

Then I got flagged by Google as having malware and I was like... wtf... I don't even actively use
those sites. So, I FTP'd in and downloaded some files, there was an injection of code in all of
my index.htm(l) and default.htm(l) files.

Now, I've had 1and1, since they came to the US. I had a plan back then that had all the goodies,
ssh access to my shell for my sites, so it was easy to administer.

Well, "because of new policies" my old service I had was changed to another... like the cell
companies moving you around on new plans. My new plan, has no ssh access.

What's worse, 1and1, refused to give me shell access so I could take care of all of those
malware files.

Let me repeat... A HOSTING PROVIDER REFUSED TO GIVE ME ACCESS TO MY OWN SITE
TO CORRECT A MALWARE ISSUE!

Nice huh?

So, like I said, since I don't really use those sites, I just deleted them all via FTP and told
1and1 to go fuck themselves. I put up what I needed that was important (after cleaning) on
an EC2 "free" instance.

-AI

Re:A good place to vent (0)

Anonymous Coward | more than 3 years ago | (#37143422)

Not to defend 1and1 (they have really horrible support), but isn't it a little unfair to blame them for you having bad policies that allow malware to be injected into all of your files? I mean really if it was a bad password, using ftp instead of sftp or a sql injection doesn't matter, the security is really on you! The reason many cheap hosts either don't allow or don't advertise ssh access is it tends to be more dangerous than it is helpful for Joe-website-maker that got a pirated copy of frontpage 2000 and now thinks he is a web designer. Most users want to ftp up some html and images and call it a day. If you need ssh you will be smart enough to ask or will be willing to pay for it. 1and1 will give you access to ssh - even on the cheapest linux plan available in the U.S., you just have to ask them to switch you from "linux home shared" to "dual hosting" which is the same price and can be migrated automatically by a sales rep (don't bother with tech support they will probably just delete all your files by accident). So nice rant, but no sympathy here, except maybe for google.

Re:A good place to vent (1)

AlienIntelligence (1184493) | more than 3 years ago | (#37162740)

Not to defend 1and1 (they have really horrible support), but isn't it a little unfair to blame them for you having bad policies that allow malware to be injected into all of your files?
{snip}
  So nice rant, but no sympathy here, except maybe for google.

I appreciate your reply... and I'm not looking for sympathy, just vent.

And, I had something completely different written here a minute ago, thinking
I may have said something, at all... that sounded like I was blaming 1and1
for anything other than sitting on their collective asses and not giving me
access (not asking them to do it for me, just access) to my site, for 24 hours
via ssh to clean up. You know, one simple command that says, delete index.htm*
&& default.htm*, Instead of taking a half hour to go into each branch via ftp and
delete each file.

But then I reread my post and I didn't even come close to insinuating that they
were to blame for the malware infestation.

So, I probably should highlight a few things, some I said, some I didn't.

- Faithful customer since "the beginning"
- Not really using the hosting, mostly sitting idle, thus didn't want to change plans
- Couldn't change plans because I'm grandfathered in, on a lower priced plan 'than the cheapest linux plan available'
- I run a non-profit and 'trivial changes in pricing' aren't so trivial
- My 50% fault on the security... [I really should still have ssh since I was an original customer and that was what I had in the beginning]
- No capitulation from support to allow 24hr ssh access to 'take care of things'

Which brings me to the main point:
- I wanted to solve a malware issue and my provider would not lift a finger to help

that's all I'm really trying to point out here.

-AI

Funnily enough (1)

Dexter Herbivore (1322345) | more than 3 years ago | (#37142428)

Strangely enough, I just got my first ever warning from the safe browsing service about 10 minutes ago. Visiting a website that I go to regularly... I'm glad they caught that one site getting compromised at least as I place very little confidence in AV software nowadays.

Am I the only one thinking it's in response to ... (1)

_0xd0ad (1974778) | more than 3 years ago | (#37142450)

http://tech.slashdot.org/story/11/08/16/200209/IE-9-Beats-Other-Browsers-at-Blocking-Malicious-Content [slashdot.org]

Google: "But it's hard!"

That said, I'm not particularly thrilled with a browser feature that tells you where not to go on the internet. I'd rather be able to go there and not get infected by browser exploits. Drive-by downloads I'm not worried about. Embedded PDFs I'm not worried about. (I uninstalled the Adobe plugin. Any PDFs are downloaded rather than opened.) That pretty much just leaves the browser, Flash, and Java. And even Java should warn me before starting an applet.

what people need to do while surfing the WWW (1)

FudRucker (866063) | more than 3 years ago | (#37142464)

1. use a more secure OS (meaning anything other than MS-Windows) a Linux distro or one of the flavors of BSD

2. keep two webbrowsers = one with plugins and goodies for websites you know are known safe like slashdot, youtube, & etc... but never use that fancy browser with the plugins for general purpose webbrowsing

3. for general purpose webbrowsing and looking in to unknown websites use a locked down and secured webbrowser that does not even have any plugins and with javascript disabled, .. and if any of those unknown websites wants you to download something or run a plugin within the browser DO NOT LET IT...

i know this is just elementary & incomplete but it is a good start...

That's not what the web works like (1)

tulcod (1056476) | more than 3 years ago | (#37142556)

That's not what the web works like. The people endangered by malware are your neighbors (particularly your male neighbor because he's watching porn all day, and we all know women don't watch porn). Your neighbors are people who hardly know what "Browser" means, have once heard about this "Microsoft Linux" thing and will buy a new PC when their current one gets slow. This is the majority of the society, and you can't fix it by adding more instructions and manuals to every piece of software.

Re:what people need to do while surfing the WWW (1)

danish94 (2427678) | more than 3 years ago | (#37142686)

Or you could just use chrome with click-to-play (go to about:flags and enable it) and the do not allow javascript setting and put trusted sites in exceptions list. Or you could use NoScripts for more control but i would rather not install any add-on's either. Or you could use the incognito mode as your general browsing browser due to all plugins and extensions are disabled and all your info is deleted so no chance of malicious site getting the info. I see absolutely no reason to have 2 browsers.

Re:what people need to do while surfing the WWW (0)

Anonymous Coward | more than 3 years ago | (#37144452)

OSX is less secure oob than windows. Shill.

minuS 5, Trol7) (-1)

Anonymous Coward | more than 3 years ago | (#37142468)

culture of 4buse Goals. It's when

One word (two?) (0)

Anonymous Coward | more than 3 years ago | (#37142970)

NoScript.

Seriously, how is any script going to hit your computer if you have them completely disabled? Oh, wait, three words: Windows Metafile vulnerability.

Google now detects malware on their own sites (1)

Animats (122034) | more than 3 years ago | (#37144594)

Google used to have a problem with malware and phishing sites being hosted on their own Google Sites. Once they plugged that hole, the malware moved to Google Spreadsheets. Because you can put HTML in Google's spreadsheets, it can be used as a free hosting service. Google hadn't anticipated this, and their abuse operation couldn't handle it.

Google seems to have plugged the spreadsheet hole now. I noticed recently that Google has disappeared from our major domains being exploited by active phishing scams. [sitetruth.com] There were pages hosted by Google which were in Google's own "this site may harm your computer" blacklist. So their hostile-site detection wasn't coupled to their abuse department. That was kind of embarrassing, but until we publicized it, it didn't get fixed.

Basic truth - run a free hosting service, a free "forms" service, a free "poll" service, or a free URL direction service, and you will end up hosting phishing sites and related annoyances. If you run a free service, you must have an automatic check against the major phishing blacklists, or you will be pwned. This week's big sites being abused by phishers are "piczo.com" (social networking for teenage girls), "webs.com" and "moonfruit.com" (free hosting), and "t35.com" (which, the last time we contacted them, has one poor abuse guy trying to deal with a daily tide of phishing pages by hand).

Those sites are used by the bottom-feeders of the malware/phishing world. The big guys buy hosting with stolen credit card numbers, use botnets, and contract with "bullet-proof hosting services. [americaint.com]

There is progress. "Open redirectors" [webappsec.org] are more or less gone from major sites. Over the last three years, MSN, Yahoo, eBay, and Facebook have all had open redirectors. Publicity and nagging put a stop to that. Slowly, too slowly, IE6 is dying out.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?