Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Demonoid Down For a Week, Serving Malware Laden Ads

Unknown Lamer posted about 2 years ago | from the don't-copy-that-floppy dept.

Piracy 144

hypnosec tipped us to reports that Demonoid is still down after a suffering a massive DDoS last week, and that the domain is now redirecting to a malware-ridden spam site. Notable for surviving a CRIA mandated shutdown, this may be lights out for the torrent tracker: "To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities. ... Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site."

cancel ×

144 comments

Sorry! There are no comments related to the filter you selected.

FIRST POST (-1)

Anonymous Coward | about 2 years ago | (#40856549)

This is a greater accomplishment than anything you will ever do.

the kick in the pants I needed (1)

Skarecrow77 (1714214) | about 2 years ago | (#40856591)

to finally start researching private newsgroup servers.

Re:the kick in the pants I needed (1)

SuricouRaven (1897204) | about 2 years ago | (#40856951)

The NNTP protocol is a real mess for binaries, really. Severe overheads, awkward packing. There is a reason for those PAR2 files - because delivery is too unreliable to use without them. If you're looking for a non-p2p method of file distribution, you'd be better off with some sort of simple file server - HTTP, even old-fashioned FTP (Which will soon have you loathing NAT). You'll soon run into two problems though: It costs a fortune, and any sizeable pirate service with such centralisation will eventually attract the attention of authorities.

I think what you really need is some form of content-addressible shared store. Like Freenet, but less paranoid.

Re:the kick in the pants I needed (0)

Mashiki (184564) | about 2 years ago | (#40857137)

7zip is awkward, and parity files are difficult to use? And here you are posting on /.? Okay there. I'd hate to see what happens if faced with a CLI.

Re:the kick in the pants I needed (1)

asdf7890 (1518587) | more than 2 years ago | (#40866613)

Having to collect the files together, waiting for that last one of the number you need to recreate the original content because for some reason it hasn't made it to your server's feed yet (or it has expired on your server and you need to wait for a repost), not having the content nicely indexed on the tracker we site, and so on, is more hassle than dealing with torrents.

OK, there are sites that do some of that indexing (but they are potentially subject to takedowns and DoS attacks as much as torrent indexes are), and there are clients that automate the getting of all the parts and unpacking them (as long as the original uploaded has prepared them properly), but at very least you need to research which client to use which is more hassle than just keeping using the torrent client you are already familiar with.

Just because something isn't difficult, that doesn't mean doing it isn't more hassle than what you do now.

Oh, and to get a good fast news feed with decent retention periods on binary groups you are going to have to pay. Not much unless you download silly amounts, but more than the nothing most torrent trackers cost to use.

Re:the kick in the pants I needed (3)

JMJimmy (2036122) | about 2 years ago | (#40858157)

What's needed is decentralized p2p indexing so taking down any given site doesn't affect the ability to locate files. How to accomplish this is beyond me but I'm sure it's possible.

Re:the kick in the pants I needed (4, Interesting)

SuricouRaven (1897204) | about 2 years ago | (#40858319)

As I proposed. It can be done - and we know it can be done, because Freenet is exactly that. But Freenet is made for dissidents and activists, and it's anti-tracking measures are accordingly paranoid: Performance is sacrificed in order to make it near-impossible to tell what anyone is either publishing or retrieving. This makes Freenet slow. Really slow.

What you want can be done - it'd have to involve hashes, or better yet hash trees. All it needs is someone with the skill and will to impliment it.

Re:the kick in the pants I needed (0)

Anonymous Coward | about 2 years ago | (#40862825)

Freenet is also a large haven for child porn distribution. Or it was around ten years ago, and I don't see why there would be a change, other than with the advancement of tor internal services.

Re:the kick in the pants I needed (1)

SuricouRaven (1897204) | more than 2 years ago | (#40865911)

There is a sort of unspoken agreement on Freenet regarding that subject. Everyone knows it exists, but speaking of it is taboo.

Re:the kick in the pants I needed (0)

Anonymous Coward | about 2 years ago | (#40861133)

You mean something like this [thepiratebay.se] , maybe?

Re:the kick in the pants I needed (1)

RaceProUK (1137575) | more than 2 years ago | (#40866339)

You mean something like this [thepiratebay.se] , maybe?

And for those with dick ISPs in the UK (and maybe elsewhere), use the Pirate Party UK mirror [pirateparty.org.uk] .

Re:the kick in the pants I needed (0)

Anonymous Coward | about 2 years ago | (#40859353)

I think what you really need is some form of content-addressible shared store. Like Freenet, but less paranoid.

Magnet links are good. What we really need is some kind of decentralized forum where to publish the links. And you know what ? Such a thing exists, it is called Osiris (it's not based on java but pure C++). A software that enables someone to create a web portal and then replicate it on hundreds, thousands of nodes each node being hosted on a personal computer. The bigger the base, the quicker the update phase is. And you cannot censor it since it would mean blocking every single computer user that accesses the net.
The problem is already solved, uncensorable forums and magnet links. But it is a solution that puts the onus on the computer user. That forum server is now your server, one among many. And the health of the platform depends on how many people keep their "server" copy online. More nodes, better uptime and synchronization.

Re:the kick in the pants I needed (1)

SuricouRaven (1897204) | more than 2 years ago | (#40866935)

We've really got two problems to solve: Getting the metadata, and getting the data. They need very different tools.

Getting the metadata is the indexing task - it's been done by websites ever since the appearance of Sharereactor back in ye old days. The challenge isn't to shift lots of data, but to provide a way to filter out the dud files and fakes, and find the links to the files you really want. The Pirate Bay does this.

Getting the actual data is another problem though: You need a way, given a hash*, to locate the corresponding data. Which may be a hundred gig or more, and it's got to be affordable. But trust isn't needed - cryptographic hashing replaces trust.

Both of these need to be resistant to takedown efforts - either through hosting in somewhere resistant to legal action, or decentralisation. One of the ideas I like is simply using existing forums, chat and so on to distribute the links - no need to have specialist pirate hubs, every forum becomes a place to potentially copy-paste linkes to things that may be of interest to the forum members. Plus, google then indexes them all.

*NNTP uses a non-cryptographic identifier, but it fills the same functional role.

use ntp just for the torrent (1)

jago25_98 (566531) | more than 2 years ago | (#40863723)

How's about using NNTP just for distributing the .torrent only :-)

I did a quick search... amazingly I haven't seen anyone doing this?

Re:the kick in the pants I needed (1)

berberine (1001975) | more than 2 years ago | (#40866505)

I haven't had to use a PAR2 file in years. The delivery of binary files are just fine for me. Maybe I'm the exception to the rule, but I just haven't had problems with incomplete files in at least four years. Many of the bigger usenet servers do offer downloads via HTTP as well.

Who was going to sites like Demonoid... (4, Insightful)

BlastfireRS (2205212) | about 2 years ago | (#40856593)

...and not using some form of AdBlock anyway?

Re:Who was going to sites like Demonoid... (1)

Skarecrow77 (1714214) | about 2 years ago | (#40857055)

hell not just adblock, but also noscript, and https everywhere.
my browsing experience can be a pain in the ass, but at least it's relatively safe.

Re:Who was going to sites like Demonoid... (0)

Anonymous Coward | about 2 years ago | (#40857085)

Exactly. And people wonder why I am so adament about refusing to use any network or device without adblocking or hosts control available. It's such a substandard or dangerous experience to use anything without adblocking these days. My main reason for rooting my android devices is for the adblocking.

Re:Who was going to sites like Demonoid... (5, Insightful)

s0nicfreak (615390) | about 2 years ago | (#40857123)

People that want sites like Demonoid to survive and therefore support them by viewing ads?

Re:Who was going to sites like Demonoid... (1)

westlake (615356) | about 2 years ago | (#40857391)

People that want sites like Demonoid to survive and therefore support them by viewing ads?

The geek sees an add that helps pay the bills. The judge sees a profit-making web site.

Re:Who was going to sites like Demonoid... (0)

Anonymous Coward | about 2 years ago | (#40857789)

"People that want sites like Demonoid to survive and therefore support them by viewing ads?"

No, we share ad-clicking bots among us.

Re:Who was going to sites like Demonoid... (1)

supersloshy (1273442) | about 2 years ago | (#40859531)

You mean people who don't know that you can get malware from ads like this?

I use an adblocker not because I don't like supporting websites but because there's no way I'm risking the chance of an infection like that.

Re:Who was going to sites like Demonoid... (-1, Flamebait)

Frosty Piss (770223) | about 2 years ago | (#40857711)

Why would someone expose themselve to a warez site anyway? Good way to pick up a desease...

Honestly, Demonoid? Just another warez site with too many pop-ups, banner ads, and sketchy "clean your computer" virus.

Re:Who was going to sites like Demonoid... (4, Funny)

Skarecrow77 (1714214) | about 2 years ago | (#40857999)

I've never gotten a virus from warez.
got one from a porn download once, but that was my own fault. i was about 99% sure that it contained a virus, i opened it anyway to see what my anti-virus would do.

took me about 5 minutes to clean up the mess, and that was that. turned out to be pretty good porn too.

but warez? no, never gotten anything from warez.

Re:Who was going to sites like Demonoid... (1)

gutoandreollo (1816754) | about 2 years ago | (#40861509)

This only tells me you probably need a better antivirus.. :)

Re:Who was going to sites like Demonoid... (1)

shaitand (626655) | more than 2 years ago | (#40864939)

Actually it suggests to me you need a better anti-virus. The freebies generate false positives left and right and every day people think they are being saved from viruses that weren't really in downloads.

Re:Who was going to sites like Demonoid... (1)

MrL0G1C (867445) | about 2 years ago | (#40861515)

I was bored, decided to throw some viruses in a VM and see what it took to root them out without AV. I found several quickly by downloading the newest keygens and cracks off of pirate bay, so it depends on where you get your warez from I guess. noCD cracks often have trojans.

Re:Who was going to sites like Demonoid... (1)

Skarecrow77 (1714214) | about 2 years ago | (#40861773)

I rarely download anything major from piratebay.

one of the nice things about demonoid was that, generally speaking, if a dozen people post comments on a crack or what have you, confirming that they found a virus, the listing gets yanked down. I thusly ran across several things on there that weren't clean, but I never downloaded any of em obviously.

Re:Who was going to sites like Demonoid... (0)

Anonymous Coward | about 2 years ago | (#40861963)

noCD's are a little trickier, but for key-gens, you just run the key-gen in a virtual machine, copy the code by hand, then reset the virtual machine.

Re:Who was going to sites like Demonoid... (1)

bignetbuy (1105123) | about 2 years ago | (#40862005)

How long have you been downloading "warez"? A year? There was a time when the keygens bundled with apps included trojans. When "legit OS" versions were modified to load a trojan AND access an IRC channel where it sat...waiting to be abused. When opening a PDF or CHM would cause the computer to open browser windows to ad-infested sites AND click on those ads so the malware author got paid. Etc...etc...etc...

That you've never encountered a virus or trojan doesn't mean they aren't out there...it just means your experience is rather limited.

Re:Who was going to sites like Demonoid... (1)

shaitand (626655) | more than 2 years ago | (#40864945)

I can't say I've never encountered a virus/trojan/worm in downloads. I've seen all of the above. For every one of them there are dozens of false positives from free anti-virus software.

Re:Who was going to sites like Demonoid... (1)

Skarecrow77 (1714214) | more than 2 years ago | (#40867107)

How long have you been downloading "warez"?

since 1993. How long have you been doing it, because apparenty you're doing it wrong.

I didn't say that no warez was infected, I said I've never been infected. The difference is knowing what you're doing and knowing how to avoid the bad stuff.

Re:Who was going to sites like Demonoid... (1)

alexo (9335) | more than 2 years ago | (#40863827)

I've never gotten a virus from warez.

I don't know where you're getting your warez from, but whenever I tried the "DIY try-before-you-buy" approach, it came with all sorts of malware.
Perhaps there is some place where warez are clean but I'm skeptical.

Re:Who was going to sites like Demonoid... (1)

Inda (580031) | more than 2 years ago | (#40865547)

I going to back you up, as others are dismissing you so readily.

Never, not once in 15 years, have I had a virus inserted into my warez. Never from Usenet, Anon FTP, freesite dumps, IRC, ed2k, BT or anywhere else.

The trick is to stick to scene releases (whatever they are). Search for folder names. Only download RARs. If there's a SFV file, use it.

Once, only once, there was a script inserted in a WMV (yeah, yeah, I know) file. That script failed to download it's payload.

I've had viruses on free CDs attached to magazines, freeware, shareware, and email attachments, but never warez.

Virus scanners sometimes give false positives for keygens, but even that is a rare event. I haven't seen it happen in five years.

For those screaming "ur virus scanner is shit" - some of us upload the binaries to online scanners where they're checked on 30 independent scanners. You can't get more paranoid than that.

Arrrrgh, Jim-lad.

Re:Who was going to sites like Demonoid... (0)

Anonymous Coward | about 2 years ago | (#40858345)

i like Demonoid.ph. I am hoping that they open registrations soon because I want to register.

anyways, I was wondering why Norton DNS gave me a message saying that the it blocked Demonoid.ph.

Re:Who was going to sites like Demonoid... (1)

mister_playboy (1474163) | about 2 years ago | (#40862811)

Registration was open for about 24 hours just before they got DDoSed.

not malware laden (1)

poetmatt (793785) | about 2 years ago | (#40859623)

this is just retarded. They said they incurred a bandwidth cost from the ddos and turned on advertising to deal with it. I imagine the bandwidth cost before and after the DDOS were probably substantially different. I don't know if they were aware of the bad ads regardless.

Resilience (2)

dontbemad (2683011) | about 2 years ago | (#40856655)

IIRC, demonoid has had several outages throughout the years, some lasting weeks at a time. I would be surprised if this lasted much longer, but I would be far more surprised if this really did spell the end of demonoid all together.

fuck all you (-1, Troll)

Anonymous Coward | about 2 years ago | (#40856667)

fuck all you pirate assholes anyway. I hope you get a virus that blows up your hard drive, you anti-business pricks.

Re:fuck all you (5, Funny)

present_arms (848116) | about 2 years ago | (#40856701)

fuck all you pirate assholes anyway. I hope you get a virus that blows up your hard drive, you anti-business pricks.

you forgot to add yours sincerely MPIAA :D

Re:fuck all you (0)

Anonymous Coward | about 2 years ago | (#40856705)

Yep, because when an amateur wants to play around with a professionals tool, they should have no compunctions about paying $3K for the privilege.

Re:fuck all you (2)

Stizark (1962342) | about 2 years ago | (#40857483)

I have a couple friends who... acquired some of the professional imaging and video software. They used to play with it as a hobby. They then went to school, and are now working-- one designing movies, the other games. They even admit that they probably would never have gotten to where they are without that. The schools that they ended up going to asked them to exhibit some of their work.

Re:fuck all you (0)

Anonymous Coward | about 2 years ago | (#40858581)

Same thing here. Except it wasn't software, it was gay porn. When I auditioned for a job, they asked me to exhibit some of my work. Thanks to all the gay porn I illegally downloaded, I was ready for fisting, ass-to-mouth, watersports, etc. So now I'm in the videos you illegally download :)

Re:fuck all you (5, Insightful)

fluffythedestroyer (2586259) | about 2 years ago | (#40856825)

I usually pirate software before I try them. If it's worth it, I will buy it. Same thing with games. Is it worth it to spend 60 for a 8-16 hours game that I will trow away in the garbarge or let it gather dust in my cabinet cause I only played it once ... or is it worth 60$ cause I still play today and the replay value is very strong. With software, is it worth 50$ and more depending on the usage I need from it. lots of software are just overpriced for my needs. That's bad cause I know some software that I would buy the their price is very questionable.

Prove to me..or us here, people of /. that piracy is anti-business. Give me stats, hard numbers to make me shut up. Afaik, piracy helps business in an indirect way like it or not.

Re:fuck all you (0)

Anonymous Coward | about 2 years ago | (#40859791)

Maybe it is high time for the reintroduction of shareware? First episode free, the rest for 9.99 a piece?

Worked well for Id Software back in the day.

Re:fuck all you (0)

Anonymous Coward | about 2 years ago | (#40860461)

I don't know how many games I played where I did the first episode and wanted to play the rest. That scheme made me buy DN2, DN3d, Commander Keen, Descent, Jill of the Jungle, Secret Agent, Raptor: call of the shadows, peganitzu (sp?) and more I have probably forgotten about. I think the reason why is that they were full blown games and you'd play and get all excited that you finally beat it and were attached to the characters and everything and right when you were in the high of victory, they then nailed you with the sales pitch.

Its a much better approach than demos. They usually just throw you in the middle of it and cut off early, rather than being a whole experience themselves.

Don't I know it (warning post contains grumpiness) (0, Offtopic)

RogueyWon (735973) | about 2 years ago | (#40856711)

I've always been forced (by means of parental guilt-trip) to act as tech-support for family, which basically means being the guy who gets roped into decontaminated malware-laden PCs for them, despite the fact I'm in a full time job and earn more than most of them. Yes, the whole "being the guy who knows PCs" thing is really starting to grate as I move further into my 30s, not least because my knowledge is nowhere near as fresh or as deep as it was a decade ago.

Anyway, rant aside, I've been used to dealing with calls about stuff like this maybe 3 or 4 times a year. And now in the last week, I've had two calls from extended family, both relating to infections acquired from the redirected Demonoid. I'm really seething about this - we're talking about people a generation older than I am, with jobs, who are still getting infections from piracy sites. For a decade now, I've been operating on the basis of "Do I need it? If not, do I want it? Can I justify spending money on it? And if not, is there a free-as-in-beer legal alternative available?"

Anyway, I've said I'll "help" with these infections at the weekend. But I'm not going to be spending hours running malware removal kits and trawling through registries. If they have legal Windows reinstall discs, then fine. If not (and I'll bet they don't), they'll be going out to the shops to buy them and then doing format/reinstalls. Backups? Any that they hadn't made pre-infection (and they won't have done any) will, I shall argue, pose too much of a risk of reinfection (which might even be true).

Might encourage them to think twice next time. But probably won't.

Re:Don't I know it (warning post contains grumpine (1)

Loughla (2531696) | about 2 years ago | (#40856805)

For a decade now, I've been operating on the basis of "Do I need it? If not, do I want it? Can I justify spending money on it? And if not, is there a free-as-in-beer legal alternative available?"

The problem is that most people don't make it to this point. They only see that FREE FREE FREE FREE, and then use their morals against giant companies/for privacy/ anti-government, what-have-you, to justify their decision. A little bit of research will prove that for most things there is a legal, free version available. It might not be 100% what you want, but it'll be close, and it'll be great considering it's free.

DISCLAIMER: I do pirate things (games usually, or music) to TRY THEM. IF I like them, I BUY THEM. This is because there is no such thing as a good demo anymore.

Re:Don't I know it (warning post contains grumpine (0)

Anonymous Coward | about 2 years ago | (#40856835)

you talk too damn much

Re:Don't I know it (warning post contains grumpine (1)

Johann Lau (1040920) | about 2 years ago | (#40856859)

And you post posts that say *zero*. Talk more.

Don't do support for family for free (or at all) (1)

John Bokma (834313) | about 2 years ago | (#40856843)

Uhm.... how about charging 50+ USD/hour + miles ?

Re:Don't I know it (warning post contains grumpine (0)

Anonymous Coward | about 2 years ago | (#40856891)

> I've always been forced [...] to act as tech-support for family [...] despite the fact I'm in a full time job and earn more than most of them.

What does your job or how much it pays have to do with whether you should be helping out your family with a topic or task you have more knowledge in than they do?

Re:Don't I know it (warning post contains grumpine (4, Insightful)

RogueyWon (735973) | about 2 years ago | (#40856937)

Because when you're working full-time, have been doing so for a decade and are generally pretty successful, it really rankles to have people who you only see at Christmas and who only pick up the phone when they have a PC problem expecting you to jump to their aid in the way that you did when you were a teenager or student with plenty of free time.

Re:Don't I know it (warning post contains grumpine (1)

war4peace (1628283) | about 2 years ago | (#40858075)

I have developed this method of appearing to be helpful and trying to resolve the thing over the phone but invariably reaching the "I don't know about that" conclusion, and pointing them to a repairshop. After a few such occurrences they stopped bothering me. It also helps that all my relatives live at least 100 miles away and I don't own a car so they don't expect me to travel to fix whatever they broke.

Re:Don't I know it (warning post contains grumpine (-1)

Anonymous Coward | about 2 years ago | (#40857315)

RogueyWon, I know exactly how you feel... Luckily, I very recently stumbled upon the website MyCleanPC.com. After recommending MyCleanPC to all of my friends, now they no longer bother me with tech support because their computer runs clean!

Re:Don't I know it (warning post contains grumpine (2)

hairyfeet (841228) | about 2 years ago | (#40859405)

Let old Hairy show you how to seriously cut the time down on a boot and nuke there friend. First go to WSUS Offline [wsusoffline.net] and have it download the patches and/or service packs for whatever version of Windows it is, you can then put 'em on a thumbdrive or DVD and have them ready to go once the OS is installed. Once the patches are all installed just go to Ninite [ninite.com] on the now clean machine and check the boxes for any third party software you need, AV, flash, media players, codecs, etc.

And then finally once you have it just the way you like it slap in Comodo Time Machine [softpedia.com] and have it set to make a snapshot on boot. personally depending on how stupid the user is I have CTM take up 10%-20% of the drive, this way next time they do something stupid you can walk them through restoring the system in about 15 minutes. Nice thing is even if they hose the machine so badly it won't boot you can tell them to just hit the Home key on boot and run Time Machine from there. With these little tricks you are talking maybe an hour and a half, maybe six clicks all told, and once set up it'll be damned hard for them to pwn it again. Personally if it were me I'd use Comodo Internet Security for the AV as its not only free it plays nice with time machine, although I've also used Avast and its played nice too.

As for TFA its not like there aren't a bazillion and one warez sites out there, i'm sure if Demonoid goes tits up another will take its place by the end of the week. You'd think they'd learn its like whack a mole with those things but if the *.A.As want to pay some Media Pretender to play whack a site? their money to blow I guess.

Re:Don't I know it (warning post contains grumpine (1)

jakimfett (2629943) | about 2 years ago | (#40861177)

Oh man...this is techie porn, right here. Time machine+win updates+one click installs=awesome.

Re:Don't I know it (warning post contains grumpine (1)

adolf (21054) | more than 2 years ago | (#40865283)

Hairyfeet,

I've been reading your banter for years, and while I generally perceive that you're trying to be helpful, this is the first time that you've helped me.

Thank you for re-introducing me to WSUS Offline (the last time I saw that concept was many years ago and somewhat broken and/or German), and Comodo Time Machine (which I'd not yet found).

These things will make my life, and the lives of my customers, immeasurably easier.

Best regards,

adolf

Re:Don't I know it (warning post contains grumpine (1)

aaaaaaargh! (1150173) | about 2 years ago | (#40859691)

In my personal experience pirate sites are relatively safe even when browsing them from Windows, I've never had any problems with sites like solarmovie.eu, demonoid.ph/demonoid.me or thepiratebay.org. Actually, I've personally had less problems so far with pirated content than with dysfunctional DRM schemes. Perhaps your relatives are a bit too careless or need better anti-virus software? (Porn sites, on the other hand, are full of malware.)

But anyway there is an easy remedy: Install GNU/Linux for them and tell them to use GNU/Linux for downloading all the great pirated content out there. Afterwards they can check their downloads with a nice anti-virus software before using them in any way Windows. Works like a charm, keeps your system 100% malware free.

Rule of Law (-1)

Anonymous Coward | about 2 years ago | (#40856749)

I'm sure that under the Obama administration, there is equal justice for all, and the DDoS matter will be fully investigated and the criminals will be brought to justice; well, unless some people are just more equal than others.

Re:Rule of Law (0)

Anonymous Coward | about 2 years ago | (#40856799)

Why is this an "obama administration" thing? Seems like GWB was just the same. The only difference is the list of who was "more equal" was slightly different.

I remember the good old days when (5, Insightful)

Stirling Newberry (848268) | about 2 years ago | (#40856773)

stopping people from getting information about sex and contraception was supposed to solve some problem or other.

Re:I remember the good old days when (0)

Anonymous Coward | about 2 years ago | (#40858895)

Back then though, trojans were good.

Re:I remember the good old days when (0)

Anonymous Coward | more than 2 years ago | (#40863583)

And it did help solve the problem of ... under-population.

work from home (-1)

Anonymous Coward | about 2 years ago | (#40856815)

as Joseph replied I am amazed that some one can profit $7826 in one month on the computer. did you see this site link makecash16.com

Anyone wonder WHY I do custom HOSTS files? (-1, Offtopic)

Anonymous Coward | about 2 years ago | (#40856945)

I use hosts in the following ways (see my 'p.s.' below, in detail, for your reference) to COMPLIMENT & OVERCOME THOSE PROBLEMS IN DNS & OTHER MECHANISMS LARGELY!

Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful):

---

1.) Blocking out malware/malscripted sites
2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware (currently, I have 1,797,207++ blocked & growing @ roughly 250-5,000 per day added)
3.) Blocking out Bogus DNS servers malware makers use
4.) Blocking out Botnet C&C servers
5.) Blocking out Bogus adbanners that are full of malicious script content
6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)
7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
8.) Added "anonymity" (to an extent, vs. DNS request logs)
9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
10.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)
11.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).
12.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)
13.) Blocking out TRACKERS
14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).
15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.

---

* & FAR more... read on below IF you are interested (for detail).

AND, for those of you that run Microsoft Windows 32 or 64 bit? An automated hosts file creation & mgt. program:

http://securemecca.com/public/APKHostsFileInstaller/2012_06_01/APKHostsFileEngineInstaller32_64bit.exe.zip [securemecca.com]

(You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do))

What's it do for you?

It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++") after it obtains custom hosts file data from 12 of the reputable & reliable sources listed below:

---

1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malware makers (since host-domain names are recyclable by they, & the RBN (Russian Business Network & others)) were doing it like mad with "less than scrupulous", or uncaring, hosting providers)

4.) Better 'anonymity' to an extent vs. DNS request logs (not vs. DPI ("deep packet inspection"))

5.) The ability to circumvent unjust DNSBL (DNS Block Lists) if unjust or inconveniences a user.

6.) Protection vs. online trackers

7.) Better security vs. the DNS system being "dns poisoned/redirected" (a known problem for recursive DNS servers via port 51/53 misdirection)

8.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).

9.) Automatic downloading & Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually) from 15 reliable sources (of 17 I actually use).

10.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns ping to avoid DNS (noted above why)).

11.) Removal scanners (if the users decide to remove hosts entries from imported data they can check if the site is indeed known as bad or not (sometimes 'false positives' happen, or just bad entries, or sites clean themselves up after infestation due to vulnerable coding etc./et al)).

12.) Removal of bloating material in many hosts files like Comments (useless bulk in a hosts file that's "all business")

13.) Removal of bloating material in many hosts files like Trailing comments after records (produces duplicates)

14.) Removal of bloating material in many hosts files like Invalid TLD entries (program checks this in a BETTER method than the API call "PathIsURL")

15.) Removal of bloating material in many hosts files like Trims entries (vs. trailing blanks bloat on record entries)

16.) Removal of bloating material in many hosts files like the conversion of the larger & SLOWER 127.0.0.1 blocking "loopback adapter" address (slower due to larger size bytes wise to parse, & slower if loopback happens) to the smaller/faster to parse & load 0.0.0.0

17.) Uniformity of ALL entries in hosts (as to records inserted & format they use - reducing bloat AND repeated bloating entries).

18.) Filtration-Removal of sites that IF in a hosts file are KNOWN to cause problems on larger portals that use CDN etc.

19.) Custom hosts files protect ALL webbound programs, not just webbrowsers (like AdBlock addons, & it doesn't even block ALL adbanners by default anymore) & it does so @ a more efficient faster level (Ring 0/RPL 0/Kernelmode) acting merely as a filter for the PnP design IP stack, vs. the slower level webbrowser programs & their addons operate in (Ring 3/RPL 3/Usermode), which addons slow them even more by "layering on" parsing & processing that browser addons layer on.

20.) Custom hosts files also offer the speedup to favorite sites noted above, & even firewalls + browser addons do NOT offer that...

---

& MORE, in roughly 15 minutes runtime (on an Intel Core I7 920 Quad/4 core cpu @ 2.67ghz) & faster on faster CPU's (e.g. - Intel Core I7 3960 "extreme" 6-7 core CPUs = 7 minute runtime) & slower on slower CPU's (Intel 1.5ghz Celeron single core = 45 minutes).

* The malwarebytes/hpHosts site admin another person/site hosting it (Mr. Steven Burn, a competent coder in his own right), said it's "excellent" in fact and has seen its code too...

(Write him yourselves should anyone doubt any of this -> services@it-mate.co.uk , or see his site @ http://hosts-file.net/?s=Download [hosts-file.net] )

A Mr. Henry Hertz Hobbitt of securemecca.org &/or hostsfile.org can also verify that this program is safe - write him @ -> hhhobbit@securemecca.com

It'll be releasing soon to sites that host 64-bit programs (even though it also has a 32-bit model, line for line the same code except for 32 in place of 64 in its help file & user interface)!

I told myself (since i built it in late 2003 in version 1.0++ & have rebuilt it 5x since in Borland Delphi 3.0/5.0/7.0 32-bit & currently into 64-bit using Delphi XE2) IF things didn't get better on the "malware front", out it would go for the general public to get the above enumerated multiple & versatile benefits custom hosts yield for end users (mainly saving them money on speed + bandwidth they pay for each month as well as added "layered-security"/"defense-in-depth" AND reliability all noted above)

APK

P.S.=> Details of the above synopsis/short summary are as follows below:

21++ ADVANTAGES OF HOSTS FILES (over browser plugins for security, &/or DNS servers):

(Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs)).

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below, & especially vs. the July 12th 2012 "DNSChanger" trojan purge that's coming soon (those folks won't get to sites if infested - I will, due to hardcodes in my hosts file of my fav. 20 sites + using BETTER filtering DNS servers (see list below))...

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows - functions for "reverse DNS lookups"), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/ [theregister.co.uk]

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/ [theregister.co.uk]

---

Google's DoubleClick spreads malicious ads (again):

http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/ [theregister.co.uk]

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/ [theregister.co.uk]

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/2008/12/16/google_sponsored_links/ [theregister.co.uk]

---

DoubleClick caught supplying malware-tainted ads:

http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/ [theregister.co.uk]

---

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users:

http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/ [theregister.co.uk]

---

Real Media attacks real people via RealPlayer:

http://www.theregister.co.uk/2007/10/23/real_media_serves_malware/ [theregister.co.uk]

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/ [theregister.co.uk]

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211 [threatpost.com]

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool [slashdot.org]

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9 [slashdot.org]

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against [securityweek.com]

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

High Severity BIND DNS Vulnerability Advisory Issued:

http://tech.slashdot.org/story/11/02/23/156212/High-Severity-BIND-Vulnerability-Advisory-Issued [slashdot.org]

---

Photobucket's DNS Records Hijacked:

http://blogs.zdnet.com/security/?p=1285 [zdnet.com]

---

Protecting Browsers from DNS Rebinding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Problem Linked To DDoS Attacks Gets Worse:

http://tech.slashdot.org/story/09/11/15/1238210/DNS-Problem-Linked-To-DDoS-Attacks-Gets-Worse [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

---

24++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopba http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, ck, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)

"That is, do the things you would normally do to secure your own machine from malware, intrusive advertising, and vulnerabilities. Use the hosts file to block certain domains from being accessible." - by wickerprints (1094741) on Friday June 22, @12:57AM (#40407865)

"Ad blocking hosts file, I use it as an adult ;-) http://winhelp2002.mvps.org/hosts.htm [mvps.org] " - by RJFerret (1279530) on Friday June 22, @01:15AM (#40407983) Homepage

"There is probably a decent list of domains out there that you can put in your hosts file so that lookups for these fail. I assume you're more concerned about accidental adverts and such, which is a fair concern considering how many sites have em" - by ieatcookies (1490517) on Friday June 22, @01:21AM (#40408005)

"I find mapping hosts to 0.0.0.0 is faster, because it's not a valid IP address, so the DNS subsystem of your OS will ignore it without trying to connect. There are several hostfile collections out there. I merged three of them several years ago just for my own freedom from ads and other junk. I currently have 131572 host names zero'd out." - by Dracos (107777) on Friday June 22, @01:34AM (#40408085)

"I also use linux a lot more now and, beyond a custom hosts file, don't have any active antivirus software beyond what comes with Ubuntu" - by sneakyimp (1161443) on Friday June 22, @04:26PM (#40416169)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* THE HOSTS FILE GROUP 34++ THUSFAR (from +5 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]
HOSTS MOD UP vs. SOPA act: 2012 -> http://yro.slashdot.org/comments.pl?sid=2611414&cid=38639460 [slashdot.org]
HOSTS MOD UP vs. FaceBook b.s.: 2012 -> http://yro.slashdot.org/comments.pl?sid=2614186&cid=38658078 [slashdot.org]
HOSTS MOD UP "how to secure smartphones": 2012 -> http://mobile.slashdot.org/comments.pl?sid=2644205&cid=38860239 [slashdot.org]
HOSTS MOD UP "Free Apps Eat your Battery via ad displays": 2012 -> http://mobile.slashdot.org/comments.pl?sid=2734503&cid=39408607 [slashdot.org]
HOSTS MOD UP "How I only hardcode in 50 of my fav. sites": 2012 -> http://it.slashdot.org/comments.pl?sid=2857487&cid=40034765 [slashdot.org]
APPLYING HOSTS TO DIFF. PLATFORM W/ TCP-IP STACK BASED ON BSD: 2008 -> http://mobile.slashdot.org/comments.pl?sid=1944892&cid=34831038 [slashdot.org]
HOSTS vs. TRACKING ONLINE BY ADVERTISERS & BETTER THAN GHOSTERY: 2012 -> http://yro.slashdot.org/comments.pl?sid=2926641&cid=40383743 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once? GET CACHED! Right into the kernelmode diskcaching subsystem (fast & efficient RAM speed), for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32\drivers\etc on Windows, which marks it "Dirty" & then it gets re-read + reloaded into the local diskcache again). This may cause a SMALL initial load 1 time lag upon reload though, depending on the size of your HOSTS file.

E.) HOSTS files don't protect vs. BGP explo

I supplement custom hosts files w/ better DNS too (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#40856967)

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ [nortondns.com] & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz [norton.com] as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do [norton.com]

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ [scrubit.com] & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq [scrubit.com]

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free [opendns.com]

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html [comodo.com]

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apk/b

Re:I supplement custom hosts files w/ better DNS t (3, Informative)

LodCrappo (705968) | about 2 years ago | (#40857519)

good info and something I'll have to check out, but I'd add that at least OpenDNS is practically malware in itself due to their screwing around with dns records to advertise to you. they even break SMTP by returning MX results for *everything*, which point to them.... a user on your network fat fingers an email address and the message ends up with opendns? I don't think so.

the others might be great tho, will try them.

Re:I supplement custom hosts files w/ better DNS t (0)

Anonymous Coward | about 2 years ago | (#40862807)

When working on a network on the job, I tend to go with whatever a network admin has "in house" for the EXACT reasons you noted in fact: Messing up mail - specifically Active Directory related stuff regarding Outlook (full outlook that is, the part of Office)!

I had "issues" with that myself, @ work, due to AD dependencies on DNS, & perhaps I ought to note that in that reply you just replied to (my initial one on DNS servers) next time I use it!

Plus, as to YOUR point? Well... It's been one of mine before too (but I overlooked it here)!

E.G. -> I've noted it online before -> http://www.pcreview.co.uk/forums/secure-windows-2000-xp-server-2003-and-even-vista-make-fun-do-t3511888p2.html [pcreview.co.uk]

Look for this quote on that page as my proof to you of this much -> "DO NOT USE THIS WITH A HOME or BUSINESS LAN THAT HAS ActiveDirectory going (because, for example - it will mess up things like FULL Outlook binding to EXCHANGE SERVER for instance, because of INTERNAL DNS SERVER dependencies AD has (ActiveDirectory is HEAVILY dependent on DNS resolutions is why)"

* Thus, I'll have to amend the post you replied to fro that... thanks!

(I have it saved in a "cut & paste" reply on things "malware", DNS related, SO, I'll have to add in this about MAIL MX records + Active Directory related stuff I noted above... )

APK

P.S.=> Thanks for that much... LOL, man!

I am sure you've been here, but... it gets to the point you forget SO much after learning so much, you can overlook stuff (sort of like the saying "I've forgotten more than most folks will ever learn", etc./et al)...

... apk

Unjustified downmod, eh? Disprove my points! (-1, Offtopic)

Anonymous Coward | about 2 years ago | (#40857225)

See subject-line: Your bogus downmod can't disprove my points in the list about custom hosts files, OR the one below it regarding filtered DNS servers (they screen out most all types of malicious content to supplement local control by hosts files, browser options like Opera has for Javascript, NoScript, IE TPL's, & even browser addons like AdBlock).

* I challenge ANY of the cowardly trolls that downmodded my post to disprove points in my initial post I am replying to that prove the points in it outright wrong/incorrect...

APK

P.S.=> Of course, THAT is never going to happen, as the trolls around here have tried for ages & have never managed it in oh, roughly 5++ yrs. I've been posting that material... & thus? Well, you KNOW I've just GOTTA SAY IT, as-is-per-my-usual "inimitable style":

This? This was just "too, Too, TOO EASY - just '2EZ'", and I am utterly confident in the material I posted - which only makes me laugh @ the troll worms that downmoderated the material in my 1st post (they're probably malware makers, disgruntled advertisers &/or webmasters losing revenues by blocked ads (quit eating up my CPU time, bandwidth, electricity, and more I pay for ontop of the subject of this article then - malware in ads!))...

... apk thus? Well, you KNOW I've just GOTTA SAY IT, as-is-per-my-usual "inimitable style":

This? This was just

More bogus downmods of my posts, eh? (0)

Anonymous Coward | more than 2 years ago | (#40863047)

Obvious the ac troll here's doing it -> http://yro.slashdot.org/comments.pl?sid=3022017&cid=40858749 [slashdot.org] & then "trolling" me by ac posts (via one of his std. "timecube" b.s posts)... that much is obvious!

I also KNOW how it's done & how/why:

---

1.) Downmoderate me via a registered /. user account (probably 1 of many) ala this quote from Open Source big name Bruce Perens:

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal

SOURCE -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192 [slashdot.org]

2.) Logout to preserve your registered 'luser' cookie state

3.) Troll me by AC posts (that, or use multiple registered accounts here to do so)

---

I would NOT doubt you use both methods (trolls use such puny tricks, HBGary & the Chinese Water Army are 2 groups that have been caught doing so, as well as "PR FIRMS" doing the same... pitiful, and transparent!)

All I can say to that troll is disprove my points on hosts files in my intial post here -> http://yro.slashdot.org/comments.pl?sid=3022017&cid=40856945 [slashdot.org]

* Good luck - you'll NEED it (as many trolls like yourself have tried it, and failed, over the years here MANY times & have yet to prove a single point of mine in it incorrect!)

APK

P.S.=> My guess as to this troll's motivations? He's 1 of 3 kinds of people:

---

1.) An advertiser (since hosts are the BEST THING GOING for blocking out adbanners, mainly for efficiency & easy end user control)

2.) A webmaster losing revenues due to folks blocking adbanners (quit using ones that put infestations on our systems & sucking our bandwidth + electricity and CPU cycles WE PAY FOR as end users)

3.) A malware maker/botnet herder (because hosts are excellent in THAT capacity as well, by blocking out hosts-domains that are KNOWN to serve up malicious content)

... apk

Re:More bogus downmods of my posts, eh? (0)

Anonymous Coward | more than 2 years ago | (#40866179)

So long nummynuts, sorry to have to kick your nuts up into your head verbally speaking. but I don't like academy bigot homo's and wife beating child moslesting, scumbag, KKK member, Arian Nation neo natzi snot eating skin head perverts like you... know what I mean nummynuts? I ain't got no respect for you, lilly livered jellified bowl of slime.

Re:Anyone wonder WHY I do custom HOSTS files? (0)

Anonymous Coward | about 2 years ago | (#40858607)

I use hosts in the following ways (see my 'p.s.' below, in detail, for your reference) to COMPLIMENT & OVERCOME THOSE PROBLEMS IN DNS & OTHER MECHANISMS LARGELY!

Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful):

---

1.) Blocking out malware/malscripted sites
2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware (currently, I have 1,797,207++ blocked & growing @ roughly 250-5,000 per day added)
3.) Blocking out Bogus DNS servers malware makers use
4.) Blocking out Botnet C&C servers
5.) Blocking out Bogus adbanners that are full of malicious script content
6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)
7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
8.) Added "anonymity" (to an extent, vs. DNS request logs)
9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
10.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)
11.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).
12.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)
13.) Blocking out TRACKERS
14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).
15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.

---

* & FAR more... read on below IF you are interested (for detail).

AND, for those of you that run Microsoft Windows 32 or 64 bit? An automated hosts file creation & mgt. program:

http://securemecca.com/public/APKHostsFileInstaller/2012_06_01/APKHostsFileEngineInstaller32_64bit.exe.zip [securemecca.com]

(You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do))

What's it do for you?

It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++") after it obtains custom hosts file data from 12 of the reputable & reliable sources listed below:

---

1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malware makers (since host-domain names are recyclable by they, & the RBN (Russian Business Network & others)) were doing it like mad with "less than scrupulous", or uncaring, hosting providers)

4.) Better 'anonymity' to an extent vs. DNS request logs (not vs. DPI ("deep packet inspection"))

5.) The ability to circumvent unjust DNSBL (DNS Block Lists) if unjust or inconveniences a user.

6.) Protection vs. online trackers

7.) Better security vs. the DNS system being "dns poisoned/redirected" (a known problem for recursive DNS servers via port 51/53 misdirection)

8.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).

9.) Automatic downloading & Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually) from 15 reliable sources (of 17 I actually use).

10.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns ping to avoid DNS (noted above why)).

11.) Removal scanners (if the users decide to remove hosts entries from imported data they can check if the site is indeed known as bad or not (sometimes 'false positives' happen, or just bad entries, or sites clean themselves up after infestation due to vulnerable coding etc./et al)).

12.) Removal of bloating material in many hosts files like Comments (useless bulk in a hosts file that's "all business")

13.) Removal of bloating material in many hosts files like Trailing comments after records (produces duplicates)

14.) Removal of bloating material in many hosts files like Invalid TLD entries (program checks this in a BETTER method than the API call "PathIsURL")

15.) Removal of bloating material in many hosts files like Trims entries (vs. trailing blanks bloat on record entries)

16.) Removal of bloating material in many hosts files like the conversion of the larger & SLOWER 127.0.0.1 blocking "loopback adapter" address (slower due to larger size bytes wise to parse, & slower if loopback happens) to the smaller/faster to parse & load 0.0.0.0

17.) Uniformity of ALL entries in hosts (as to records inserted & format they use - reducing bloat AND repeated bloating entries).

18.) Filtration-Removal of sites that IF in a hosts file are KNOWN to cause problems on larger portals that use CDN etc.

19.) Custom hosts files protect ALL webbound programs, not just webbrowsers (like AdBlock addons, & it doesn't even block ALL adbanners by default anymore) & it does so @ a more efficient faster level (Ring 0/RPL 0/Kernelmode) acting merely as a filter for the PnP design IP stack, vs. the slower level webbrowser programs & their addons operate in (Ring 3/RPL 3/Usermode), which addons slow them even more by "layering on" parsing & processing that browser addons layer on.

20.) Custom hosts files also offer the speedup to favorite sites noted above, & even firewalls + browser addons do NOT offer that...

---

& MORE, in roughly 15 minutes runtime (on an Intel Core I7 920 Quad/4 core cpu @ 2.67ghz) & faster on faster CPU's (e.g. - Intel Core I7 3960 "extreme" 6-7 core CPUs = 7 minute runtime) & slower on slower CPU's (Intel 1.5ghz Celeron single core = 45 minutes).

* The malwarebytes/hpHosts site admin another person/site hosting it (Mr. Steven Burn, a competent coder in his own right), said it's "excellent" in fact and has seen its code too...

(Write him yourselves should anyone doubt any of this -> services@it-mate.co.uk , or see his site @ http://hosts-file.net/?s=Download [hosts-file.net] )

A Mr. Henry Hertz Hobbitt of securemecca.org &/or hostsfile.org can also verify that this program is safe - write him @ -> hhhobbit@securemecca.com

It'll be releasing soon to sites that host 64-bit programs (even though it also has a 32-bit model, line for line the same code except for 32 in place of 64 in its help file & user interface)!

I told myself (since i built it in late 2003 in version 1.0++ & have rebuilt it 5x since in Borland Delphi 3.0/5.0/7.0 32-bit & currently into 64-bit using Delphi XE2) IF things didn't get better on the "malware front", out it would go for the general public to get the above enumerated multiple & versatile benefits custom hosts yield for end users (mainly saving them money on speed + bandwidth they pay for each month as well as added "layered-security"/"defense-in-depth" AND reliability all noted above)

APK

P.S.=> Details of the above synopsis/short summary are as follows below:

21++ ADVANTAGES OF HOSTS FILES (over browser plugins for security, &/or DNS servers):

(Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs)).

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below, & especially vs. the July 12th 2012 "DNSChanger" trojan purge that's coming soon (those folks won't get to sites if infested - I will, due to hardcodes in my hosts file of my fav. 20 sites + using BETTER filtering DNS servers (see list below))...

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows - functions for "reverse DNS lookups"), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/ [theregister.co.uk]

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/ [theregister.co.uk]

---

Google's DoubleClick spreads malicious ads (again):

http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/ [theregister.co.uk]

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/ [theregister.co.uk]

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/2008/12/16/google_sponsored_links/ [theregister.co.uk]

---

DoubleClick caught supplying malware-tainted ads:

http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/ [theregister.co.uk]

---

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users:

http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/ [theregister.co.uk]

---

Real Media attacks real people via RealPlayer:

http://www.theregister.co.uk/2007/10/23/real_media_serves_malware/ [theregister.co.uk]

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/ [theregister.co.uk]

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211 [threatpost.com]

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool [slashdot.org]

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9 [slashdot.org]

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against [securityweek.com]

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

High Severity BIND DNS Vulnerability Advisory Issued:

http://tech.slashdot.org/story/11/02/23/156212/High-Severity-BIND-Vulnerability-Advisory-Issued [slashdot.org]

---

Photobucket's DNS Records Hijacked:

http://blogs.zdnet.com/security/?p=1285 [zdnet.com]

---

Protecting Browsers from DNS Rebinding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Problem Linked To DDoS Attacks Gets Worse:

http://tech.slashdot.org/story/09/11/15/1238210/DNS-Problem-Linked-To-DDoS-Attacks-Gets-Worse [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

---

24++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopba http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, ck, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)

"That is, do the things you would normally do to secure your own machine from malware, intrusive advertising, and vulnerabilities. Use the hosts file to block certain domains from being accessible." - by wickerprints (1094741) on Friday June 22, @12:57AM (#40407865)

"Ad blocking hosts file, I use it as an adult ;-) http://winhelp2002.mvps.org/hosts.htm [mvps.org] " - by RJFerret (1279530) on Friday June 22, @01:15AM (#40407983) Homepage

"There is probably a decent list of domains out there that you can put in your hosts file so that lookups for these fail. I assume you're more concerned about accidental adverts and such, which is a fair concern considering how many sites have em" - by ieatcookies (1490517) on Friday June 22, @01:21AM (#40408005)

"I find mapping hosts to 0.0.0.0 is faster, because it's not a valid IP address, so the DNS subsystem of your OS will ignore it without trying to connect. There are several hostfile collections out there. I merged three of them several years ago just for my own freedom from ads and other junk. I currently have 131572 host names zero'd out." - by Dracos (107777) on Friday June 22, @01:34AM (#40408085)

"I also use linux a lot more now and, beyond a custom hosts file, don't have any active antivirus software beyond what comes with Ubuntu" - by sneakyimp (1161443) on Friday June 22, @04:26PM (#40416169)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* THE HOSTS FILE GROUP 34++ THUSFAR (from +5 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]
HOSTS MOD UP vs. SOPA act: 2012 -> http://yro.slashdot.org/comments.pl?sid=2611414&cid=38639460 [slashdot.org]
HOSTS MOD UP vs. FaceBook b.s.: 2012 -> http://yro.slashdot.org/comments.pl?sid=2614186&cid=38658078 [slashdot.org]
HOSTS MOD UP "how to secure smartphones": 2012 -> http://mobile.slashdot.org/comments.pl?sid=2644205&cid=38860239 [slashdot.org]
HOSTS MOD UP "Free Apps Eat your Battery via ad displays": 2012 -> http://mobile.slashdot.org/comments.pl?sid=2734503&cid=39408607 [slashdot.org]
HOSTS MOD UP "How I only hardcode in 50 of my fav. sites": 2012 -> http://it.slashdot.org/comments.pl?sid=2857487&cid=40034765 [slashdot.org]
APPLYING HOSTS TO DIFF. PLATFORM W/ TCP-IP STACK BASED ON BSD: 2008 -> http://mobile.slashdot.org/comments.pl?sid=1944892&cid=34831038 [slashdot.org]
HOSTS vs. TRACKING ONLINE BY ADVERTISERS & BETTER THAN GHOSTERY: 2012 -> http://yro.slashdot.org/comments.pl?sid=2926641&cid=40383743 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once? GET CACHED! Right into the kernelmode diskcaching subsystem (fast & efficient RAM speed), for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32

Re:Anyone wonder WHY I do custom HOSTS files? (0)

Anonymous Coward | about 2 years ago | (#40858749)

Nature's Harmonic Simultaneous 4-Day Time Cube is ABOVE GOD!! Are you educated stupid??

You're off topic (0)

Anonymous Coward | more than 2 years ago | (#40863093)

Best you have's an illogical off topic ad hominem attack? U FAIL, off topic troll.

Re:You're off topic (0)

Anonymous Coward | more than 2 years ago | (#40866109)

Hey wart dick academy slime sucker, you talkin to nummynuts again you homo wife beating Hamas Jihad dinkhead sodomist baby sitter. Go talk Relativity with your snot eating boyfriends and keep the fuck away from real men like me.

i started missing demonoid when chris marker died (3, Insightful)

Anonymous Coward | about 2 years ago | (#40856981)

i went to download some of his more obscure movies (and they're all pretty obscure) and without demonoid i had to pause for a second and think where will i get them? especially since only a few have been released on DVD. well i still found them but it really remind me what a wonderful culture resource demonoid was. i mean any obscure movie from anywhere in the world was probably on there, likewise for music. although i'm still looking for a copy of communist Polish camp classic Hydrozagadka with english subs. wasn't even on demonoid! at least not with subs..

Re:i started missing demonoid when chris marker di (1)

Larryish (1215510) | about 2 years ago | (#40857365)

i miss BTJunkie.

BTJunkie had EVERY FUCKING THING!!!112

Dammit.

Re:i started missing demonoid when chris marker di (1)

war4peace (1628283) | about 2 years ago | (#40858179)

This.
My movie/music tastes are pretty strange at times, and I am genuinely trying to buy some obscure movies or albums. Problem is, they can't be found anywhere any more. Some have been released by Iron Curtain state owned companies (communist era stuff from Czechoslovakia, Poland, Romania, URSS), some were released by now-bankrupt companies, etc. Digital copies are the only chance, and now with less and less large torrent sites around, the chances of actually watching that obscure movie or listening to that obscure album are slimmer. That's too bad, because people will be more and more limited to mainstream crap that sucks most of the time.

Semi-private trackers suck (0)

Anonymous Coward | about 2 years ago | (#40857045)

And nothing of value was lost

Re:Semi-private trackers suck (0)

Anonymous Coward | about 2 years ago | (#40857683)

nah, fully private trackers suck. they don't have as much as demonoid. mainly because private trackers only let certain people upload. sure, this may help "quality control" it also vastly reduces the amount of shit. every private tracker has the same boring ass scene releases that every other private tracker has.

demonoid.me points to 127.0.0.1 (2, Informative)

RockoW (883785) | about 2 years ago | (#40857117)

For me demonoid.me points to localhost so if you're being redirected to a malaware website your system is compromised.

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40857625)

For me demonoid.me points to localhost so if you're being redirected to a malaware website your system is compromised.

And I'll bet that Google.com is your home page.

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40857801)

For me demonoid.me points to localhost so if you're being redirected to a malaware website your system is compromised.

And I'll bet that Google.com is your home page.

What? Why do you say that?

demonoid.me points to localhost for me too.

PING demonoid.me (127.0.0.1) 56(84) bytes of data.

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40859817)

Stay in bed. It's safer.

Re:demonoid.me points to 127.0.0.1 (1)

Anonymous Coward | about 2 years ago | (#40857659)

Either that or you are serving the malware yourself :3

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40857893)

I'd say more than likely you have spybot or some other anti-malware application installed that blocks bad sites via your HOSTS file... If so, it redirects all malware sites to 127.0.0.1... If you have updated since it started serving malware ( and if they have added it to their blacklist ), that would be the reason.

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40857875)

Probably a recent update to the zone info. The old address just hasn't expired out of everyone's cache.

dnstools.com resolved demonoid.me to 199.59.241.250
A quick dig against the zone's primary name server returns 127.0.0.1

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40857971)

if you go to demonoid in a browser and hit refresh enough times you will get the ads. it seems to be some kind of round robin where one responder is compromised...also you realize hosts can respond differently to pings and http requests so you can ping it and not have that happen until you make an http request? this is what i get on a brand new linux install...


me@myhost:~$ wget demonoid.me
--2012-08-02 13:06:59-- http://demonoid.me/
Resolving demonoid.me (demonoid.me)... 127.0.0.1
Connecting to demonoid.me (demonoid.me)|127.0.0.1|:80... failed: Connection refused.
me@myhost:~$ wget demonoid.me
--2012-08-02 13:07:03-- http://demonoid.me/
Resolving demonoid.me (demonoid.me)... 199.59.241.250
Connecting to demonoid.me (demonoid.me)|199.59.241.250|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1233 (1.2K) [text/html]
Saving to: `index.html'

Re:demonoid.me points to 127.0.0.1 (1)

shentino (1139071) | about 2 years ago | (#40858091)

Or demonoid's dns got compromised.

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | about 2 years ago | (#40859959)

They may even have changed it themselves to give themselves breathing room to inspect the server.

Re:demonoid.me points to 127.0.0.1 (0)

Anonymous Coward | more than 2 years ago | (#40864295)

God, and here I was, confused about why demonoid.me had been replaced with a massive ad-free free porn site... it all makes sense now.

So like... (1)

Westwood0720 (2688917) | about 2 years ago | (#40857807)

...where am I to torrent stuff now? /sadpanda

Re:So like... (0)

Anonymous Coward | about 2 years ago | (#40858865)

bitgamer
undergroundgamer
passthepopcorn
rutracker

Update (5, Informative)

twocows (1216842) | about 2 years ago | (#40857881)

According to the article in TFA, which has been updated, the ads were put in place deliberately by the site admin to recoup some of his costs. Presumably, he didn't know they were full of malware.

Re:Update (1)

Anonymous Coward | about 2 years ago | (#40860085)

"I'm shocked, shocked to find that the people who buy ads on my site dedicated to illegal activity would be involved in some sort of illegal activity", said the admin. "I thought these were all fine, upstanding companies."

Good info... (1)

redizhot (2692045) | about 2 years ago | (#40858175)

Was wondering what was happening.

The real question... (0)

Anonymous Coward | about 2 years ago | (#40862251)

Who is ddos'ing these guys and why? Cant this be found out? If its somebody associated with mp/riaa multi million dollar lawsuit and criminal charges should be filed.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?