Jump to content

Anti-Malware Suggestions


 Share

Recommended Posts

After having said,

 

"...at least in some cases the issue may exist..."

 

you go on to say,

 

"...Jaclaz has not actually stated directly nor indirectly that there will be (or that there will not be) performance degradation..."

 

Oh, hey, just stop with the nitpicky bul*****.  If you want to have a meaningful conversation, talk about something other than what who said when and whether your comments on the subject were or were not an opinion.  It's tiring, and all the posts are right out there for everyone to read.

 

-Noel

Link to comment
Share on other sites


  • Tarun has said it's a misuse of the hosts file.  I disagree.  The intent of that file is to redirect certain names to particular addresses.  That's EXACTLY what's being done.  I say that redirecting parasite web site names to an address that can't possibly respond is an excellent use of the capability the operating system is providing.

 

Oh, and by the way, this isn't just about web browsing.  If www.frickingparasite.com is blocked via hosts, then attempted connections by name from within malware (e.g., to send your skimmed password home) will be blocked as well.

 

-Noel

  • Upvote 1
Link to comment
Share on other sites

Well, maybe it is a language issue :unsure: "in some cases it may exist" here is different from "it exists" (or "it does not exist") and from "it will exist" (or "it will not exist") everywhere or in most cases or in any given case.

 

 

 

It's tiring, and all the posts are right out there for everyone to read.

 

Sure :), but it may happen that someone mis-reads something written ;) (it may happen to everyone):

 

 

By the way, I misread the advice on the MVPS site.  I read it before as saying "there is no need to change the DNS Client service".  I see now that it says otherwise.

 

jaclaz

Link to comment
Share on other sites

I take it, then, that you have no interest in discussing the actual subject at hand, nor contributing test results.

 

The invitation is open to anyone.

 

-Noel

Link to comment
Share on other sites

My hosts file is 7.132.667 bytes long and my computer is feeling fine. I keep old (expired) entries on purpose, you never know whether they'll resurect, and I doubt any useful site will come from that domain. I cumulatively add entries from MVPS and any other source I can find, convert to lower case, delete all comments, all illegal characters, sort, and delete duplicates.

Everything works fine with the addition of one little tool that wasn't mentioned, and I think is essential for use of the hosts file, which is a webserver for serving dummy images and/or scripts. Otherwise, the browser just waits until the requests expire. One such tiny webserver is eDexter, there are others.

About the DNS Cache, I've seen slowdowns of DNS Cache service around XP SP2 time (or before) and ever since I turn it off on every computer I own or am asked to 'optimize' for the following reasons:

- DNS requests/responses are small enough and fast enough, so IMO there is no need for them to be cached. If a computer (or rather Internet connection) needs to have its DNS queries cached, it has much much bigger problems than that.

- Same can be said for the argument of unnecessary taking up memory and potentially (in theory) causing crashes and slowdowns - longer code path.

- I like to always keep it fresh (reflecting the current situation, not the situation of the time when it was cached), i.e. some website might have gone down or up in the meantime.

GL

Edited by GrofLuigi
Link to comment
Share on other sites

Thanks for your response, GrofLuigi.

 

I'm not sure what's different about our systems, but on mine attempts to access 0.0.0.0 are aborted immediately.  There's no timing out.  At one time I had Subversion Server running on this system, so I thought maybe that was causing the immediate kill of such requests, but that's gone now and I'm certainly not seeing anything that could be called a timeout.

 

ZeroAborts.png

 

Thing is, not only is having a big blacklist hosts file like this without practical downside on a modern system, this is such a good way to block parasite web sites (not to mention ads) that it's worth working through however many arguments people make against it.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

It depends on the browser, I still mostly use Opera Presto, most other (modern?) browsers do not wait. I'm not sure if Opera still does, but there is no harm if blank images get served. I think it also helps with the geometry (layout) of the page, not to have the symbol of broken image(s).

I am still not sure if it serves javascripts (empty text files?), there are several versions and documentation is slim.

Edited by GrofLuigi
Link to comment
Share on other sites

Tarun, if you're unwilling to debate using a hosts file in the thread I've started on the subject, then I suggest it is inappropriate to counter my suggestions here with language intended to discredit them. 

 

If you can't back up your claims with real information then your claims cannot be justified.  I have provided both the theory and the measurements that say the hosts file is both effective and does not cause undue overhead.

 

In this particular case, I further assert that the advice I gave in the original post of the thread I linked above quite likely would have prevented Browncoat's infection.  And, further, if such infection was introduced by his running a download despite recommendations to test in an isolated environment, the hosts file would serve to block subsequent attempts to send sensitive information to those servers.

 

-Noel

Link to comment
Share on other sites

Tarun, if you're unwilling to debate using a hosts file in the thread I've started on the subject, then I suggest it is inappropriate to counter my suggestions here with language intended to discredit them.

Your post moved back here instead of from where it was posted:

http://www.msfn.org/board/topic/173882-anyone-here-heard-of-zeroredirect1com/

No need to follow people around the site. :)

In the case of that thread, posting "should have done this or that" doesn't help his current situation. Tarun is correct that the hosts file does not prevent infections, although it can hinder said infection from working properly... IF the url it is attempting to use is already marked.

As a general rule, using the hosts file is not recommended because of the reasons he outlined. You have to understand that you (nor I) can compare performance of properly set up system (maybe that is in our dreams :w00t: ) against what an average computer may be. The same goes for a fresh install into a VM. The average computer is underpowered and hobbled by all the junk the user have installed over time. The average user cares not for actual performance and uptimes, and even the "power user" to this day insists on doing fresh installs once something goes awry.

 

I consider any sort of malware prevention, system or network protection ideas to be a YMMV issue and there is no right or wrong... except not having a network connection. ;)

Link to comment
Share on other sites

So true!

:yes:

I use other browsers for specific thing. IE is used for Microsoft related websites only... Chrome is used primarily for Google related sites like Youtube.

That is generally the doctrine I follow, IE for sevenforums/tenforums Chrome, when I want to post on YT.

However, Opera Portable only has four [grocery flyers] tabs open and is really slow to load but I don't always up date to the latest when I have time to read the newspapers that come on Thursday of every week. FF is my main viewer, Java disabled unless a site really needs it, then disable and do scans.

classic shell and some manual reg changes do trigger false-positive within stupid MBAM

and not as hijack but as trojan - lulz

For that you gotta remember what actions you did and give the appropriate exemptions, right?

  • Upvote 1
Link to comment
Share on other sites

The bul***** sometimes gets deep around here.

 

  • IE has the best security model of all of the browsers - you just have to reconfigure it from its default permissive behavior.
      
  • A good hosts file is a valuable cog in an overall security strategy and does not cause any performance problems.
     
  • There is no technological substitute for thinking before acting.

 

These are simple truths no matter what the self-proclaimed experts around here may say.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

  • IE has the best security model of all of the browsers - you just have to reconfigure it from its default permissive behavior.

 

Ah well, that is an interesting piece of news.

 

An image is worth a thousand words, a loooong image should be worth some more.

 

jaclaz

post-25215-0-21632100-1432042270_thumb.p

  • Upvote 2
Link to comment
Share on other sites

Your diagrams don't seem applicable to me.

 

  • How many people do you think reconfigure IE to lock it down as it can be for secure browsing? 
     
  • How many understand that when Microsoft puts up the message "Do you want to reconfigure to recommended settings?" that they may actually be OPENING IT UP to more vulnerability? 
     
  • How many do you think practice good security practices as an overall strategy? 
     
  • Do YOU allow IE to run ActiveX from the Internet Zone?   If so, why?

 

Why do some folks here delight in taking things out of context?

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

The bul***** sometimes gets deep around here.

 

  • IE has the best security model of all of the browsers - you just have to reconfigure it from its default permissive behavior.

      

 

but not for you, if you disable UAC and so disable the sandbox of IE.

  • Upvote 1
Link to comment
Share on other sites

Security can still be decent with UAC disabled.  As long as it doesn't run ActiveX the need for a sandbox is greatly reduced.

 

One of the prime reasons its security model is very good is that it's quite configurable.

 

I'll wager my system, with me at the helm practicing the security measures I outlined at the start of this thread, is providing both a more secure and better performing computing environment than most.

 

By the way, the word "security" is almost too broad a subject to discuss in one broad swath.  Secure from what?  There's unsaid context in each statement.  Secure from ads that install malware is just one aspect.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...