My current methodology for malware prevention

[jftuga]

LLXX,

You should take a look at http://www.opendns.org for your DNS servers.

-John

[CoffeeFiend]

No need to run another program just to block ads when all you need is a static file that *always* works, and is basically nearly infalliable... I just use Proxomitron to rewrite webpages further (e.g. remove all content coming from */ads/* or */banners/*). Both together are more effective.

No hosts file will always work for everything. Even my hosts file over 1mb was FAR from blocking it all. It's NOWHERE near infallible, I'd say you're quite lucky if you get 50% blocking with that alone (unless your hosts file is several megs). A proxy or ad blocker made specifically for that purpose can use lists which can be dynamically updated, and use patterns and regular expressions (blocks based on IP/host name are useless for the most part, the ads VERY often come from the same domain/IP as the content and can't be blocked), thus also requiring less entries for the same job. Personally I have privoxy which can block things, but adblock is more than enough (hardly any ads ever making it thru even once). Also, using a hosts file has side effects in many cases. Most of them use 127.0.0.1, but using that will result in hitting your own web server (and getting countless 404s - not just in your browser but also your server logs) pointlessly, and using something like 0.0.0.0 instead (another kludge that causes problems with various proxies, etc). And since it doesn't remove the tags from the html either, you get the missing image placeholders everywhere, unless you use something like eDexter (another kludge and process running for no reason just to make it bearable to solve a problem in a wrong way). No option to whitelist pages, quickly disable/re-enable in a couple mouse clicks or such things using hosts file either.

Thinking too narrow there. I really don't care what it was designed for, only what it can be used for.

It's still a kludge regardless.

And as for disabling the DNS client, yeah, you're likely saving a whole MB of RAM (like it really makes a difference, and once you start using things like eDexter and such, you're likely using more), but then again you're forcing many roud-trips to a DNS server, and that really does take more time (many thousands more queries taking far more time - it adds up). That's like removing your car's turbo because it's just dead weight. Sure, your car might be a tiny bit lighter, but you're lacking the boost too. It's not there for no reason, just using up memory.

[LLXX]

LLXX,

You should take a look at http://www.opendns.org for your DNS servers.

-John

See http://www.msfn.org/board/index.php?showtopic=85094

And crahak, you seem to have completely missed the point. I use *both* Proxomitron and a HOSTS file for blocking purposes. It's just faster to have HOSTS block the connection from ever occurring in the first place than to have Proxomitron handle all HTTP traffic.

And since it doesn't remove the tags from the html either, you get the missing image placeholders everywhere

I like that, it shows that the blocking is working

[#rootworm]

i keep the DNS service disabled, and can't even notice a difference if i start it up.

any web browser i use caches DNS on it's own anyways...and i'm not typically going to be using any other protocol for repeatedly accessing the same site (and if i do, i'll patiently wait thru the fraction of a second look up time)

re: jftuga

thanks for the opendns link, trying it right now and it's pretty nice.

and ****, just checked out a couple of the 4.2.2.x servers and they are slow as hell. you must have a crappy ISP if those are better for you LLXX! my sbc DNS is consistently around 60-250ms, those 4 series range from 300-550ms for me.

Edited November 6, 2006 by #rootworm

[LLXX]

and ****, just checked out a couple of the 4.2.2.x servers and they are slow as hell. you must have a crappy ISP if those are better for you LLXX! my sbc DNS is consistently around 60-250ms, those 4 series range from 300-550ms for me.

It depends where you are, since if you're farther away you'll get higher latencies.

Pinging 4.2.2.1 with 32 bytes of data:

Reply from 4.2.2.1: bytes=32 time=52ms TTL=248

Reply from 4.2.2.1: bytes=32 time=25ms TTL=248

Reply from 4.2.2.1: bytes=32 time=58ms TTL=248

Reply from 4.2.2.1: bytes=32 time=49ms TTL=248

Ping statistics for 4.2.2.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 58ms, Average = 46ms

--------------------------------------------------------

Pinging 4.2.2.2 with 32 bytes of data:

Reply from 4.2.2.2: bytes=32 time=28ms TTL=248

Reply from 4.2.2.2: bytes=32 time=50ms TTL=248

Reply from 4.2.2.2: bytes=32 time=55ms TTL=248

Reply from 4.2.2.2: bytes=32 time=48ms TTL=248

Ping statistics for 4.2.2.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 55ms, Average = 45ms

--------------------------------------------------------

Pinging 4.2.2.3 with 32 bytes of data:

Reply from 4.2.2.3: bytes=32 time=47ms TTL=248

Reply from 4.2.2.3: bytes=32 time=26ms TTL=248

Reply from 4.2.2.3: bytes=32 time=27ms TTL=248

Reply from 4.2.2.3: bytes=32 time=62ms TTL=248

Ping statistics for 4.2.2.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 62ms, Average = 40ms

--------------------------------------------------------

Pinging 4.2.2.4 with 32 bytes of data:

Reply from 4.2.2.4: bytes=32 time=51ms TTL=248

Reply from 4.2.2.4: bytes=32 time=47ms TTL=248

Reply from 4.2.2.4: bytes=32 time=51ms TTL=248

Reply from 4.2.2.4: bytes=32 time=52ms TTL=248

Ping statistics for 4.2.2.4:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 52ms, Average = 50ms

[WBHoenig]

My method works the best as i havent had any malware or virus's in a few years now.

Use Brain.

Use Opera.

Amen, although I substitute Firefox for Opera. They're both top notch browsers, though.

And might I add:

Use Linux.