Main Area and Open Discussion > General Software Discussion
Windows XP Myths
app103:
It's a good list, for the most part, but I think he's a bit clueless when it comes to blocking malware with a hosts file.
Special AntiSpyware Hosts Files attempt to associate a known safe, numeric address with the names of sites you want to block. When the user or any process on the PC then tries to access a blocked site, it is instead directed to the safe location. This works as long as the site's numeric IP address never changes. But IP addresses do change and they're supposed to be able to. The Web operates via "dynamic" naming, where a human friendly name (www.google.com) is actually an alias for the real address, which is numeric. The numeric address can and will change from time to time as a site or server is moved or reconfigured.
-Hosts File
--- End quote ---
You are supposed to use the localhost IP of 127.0.0.1 as the safe location. I have never known that to change when some other site changes their IP. It doesn't point google.com to Google's IP. It points BadMalwareSite.com to your own pc, where you are not likely to pick up a malware infection from.
The Hosts entry will permanently point them to a dead location!
--- End quote ---
That's the whole point to it! That's how it works!
People with out-of-date addresses hardwired into their Hosts File will no longer be able to connect to any site whose numeric address has changed.
--- End quote ---
How can localhost be out-of-date? It doesn't change. And how can pointing the domain name of a bad site to yourself block a good site with a different domain name that wouldn't be in your hosts file to begin with?
It's almost impossible to update a Hosts file frequently enough to guard against all threats and even if you did, you'd probably also run into problems in accidentally blocking good sites that happened to move to new numeric addresses.
--- End quote ---
He is only partially right there...you can't add entries fast enough to block all malware, nor can you ever know all of the possible ones you should block.
But since you are only redirecting the bad ones to yourself, the good ones are not affected by an IP change....they were never in your hosts file to begin with.
When cleaning Malware/Spyware from a PC, it is much easier to check a clean Hosts File then one filled with thousands of lines of addresses.
--- End quote ---
How hard is it to open the Hosts file in Word (or a small free proggie like my AlphaSort) and alphabetize the lines?
All the malware entries will be the lines beginning with a different IP than 127.0.0.1 ...and they will either rise to the top, listed after the #comment lines, or drop to the bottom, when you alphabetize the whole list.
Notes - There is a much better solution for bad site blocking using SpywareBlaster which more intelligently use's Internet Explorer's built-in Zone Security settings and the registry.
--- End quote ---
That only works for IE and IE based browsers, which even though they are the ones that end up being the cause/victim of spyware most of the time, it is theoretically possible to get an infection while using Firefox, Opera, or something else....and sooner or later you will start hearing of it happening.
ActiveX isn't the only way malware gets onto a PC through a browser...Java & Flash are also exploitable paths to your PC.
Using a hosts file to block the same domains that would be entered into your registry by SpywareBlaster will accomplish the same thing that software does...only it will protect all users of any browser or any software on that pc. The domains will be unreachable with anything you could possibly run...not just IE.
And the InformationWeek article he references has nothing to do with using the hosts file for prevention of malware. It was referring to using the hosts file for speeding up your connection by including the IP's of sites you visit often.
There is one thing I have to say about a hosts file he didn't mention...and his SpywareBlaster solution would also fail miserably too. And that is in the case of scripts that reference an IP directly and not use a domain name at all.
You can't redirect an IP to yourself with a hosts file...only a domain name and be redirected.
And if you start adding IP's to your security zones, you will eventually end up in a similar hell to one he was warning you about, where websites you want to use end up not working right because their IP's may have changed to ones you added. And finding the IP in your registry that is the cause of a problem is tougher than you could imagine when you have a whole bunch in there. You would have to remove them all and add them back 1 at a time till you discovered the one that breaks the good site.
In a case such as this, I would add IP's to my firewall if I wanted to block them. And if a good site is somehow blocked, it would be easy to figure out which IP to remove from your list by checking the firewall log and see what was just blocked when trying to access the good site...that's the one that needs to be removed.
so in summary...
the hosts file is used for blocking domains you want no contact with, ever
firewall to block ip's you want no contact with, ever
and zones for sites & ip's you want contact with, but you want them to be broken.
Rover:
Myth - "The Windows Platform has more Security Vulnerabilities than the Linux/Unix Platform"
Reality - "Between January 2005 and December 2005 there were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities" - Source
-http://mywebpages.comcast.net/SupportCD/XPMyths.html
--- End quote ---
I hate when people quote stats like this. (The author, not here on DC.)
2 points:
1 those are unix AND Linux OS vulnerabiliities. So I claim that Windows and Mac have more than OS/2. What the hell does that mean?
2 what that hell does Unix/Linux vulnerabilities mean? All of the software that runs on *nix included? Just the kernel? What?
That's like saying IE has less vulnerabilities that FF. On what OS?!!! FF supports several. IE only 1. Is that any kind of real comparison?
99% of all stats are made up on the fly....
Sorry for the rant. :-\
mukestar:
Myth - "The Windows Platform has more Security Vulnerabilities than the Linux/Unix Platform"
Reality - "Between January 2005 and December 2005 there were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities" - Source
-http://mywebpages.comcast.net/SupportCD/XPMyths.html
--- End quote ---
I hate when people quote stats like this. (The author, not here on DC.)
2 points:
1 those are unix AND Linux OS vulnerabiliities. So I claim that Windows and Mac have more than OS/2. What the hell does that mean?
2 what that hell does Unix/Linux vulnerabilities mean? All of the software that runs on *nix included? Just the kernel? What?
That's like saying IE has less vulnerabilities that FF. On what OS?!!! FF supports several. IE only 1. Is that any kind of real comparison?
99% of all stats are made up on the fly....
Sorry for the rant. :-\
-Rover (July 16, 2006, 12:35 PM)
--- End quote ---
Here Here , its a very ambiguous statement (System V, BSD, Solaris,HP-UX, AIX, Mac OS.10 .Linux ........)
I think also the key missing in that that myth is "exploit", a vunerability needs to be expoited, i.e Windows may have had less vunerabilities compared to every other Nix varient under the sun, but there a damn site easier to exploit.
But hey im an MS user, i like to be kept on my toes. ;D
zridling:
[tangent]: mukestar, great avatar dude!
app103:
I think also the key missing in that that myth is "exploit", a vunerability needs to be expoited, i.e Windows may have had less vunerabilities compared to every other Nix varient under the sun, but there a damn site easier to exploit.
But hey im an MS user, i like to be kept on my toes. ;D
-mukestar (July 16, 2006, 08:17 PM)
--- End quote ---
The more popular an operating system is, the more that the exploiters will want to exploit it.
Windows is the most popular, so most of the efforts to find & exploit vulnerabilities is focused on it. Linux is less popular so not as much effort is put into exploiting it.
If you want to be even 'safer', then get yourself an OS that hardly anybody uses. The exploiters won't bother with it because it's not worth the trouble...too rare to be much fun.
Amiga OS4 could have a million+ vulnerabilities, but since hardly anybody uses it, they haven't been discovered, nor exploited.
Creating a web page that will do some nasty thing to a visitor isn't very practical if you are targeting something that may never see that page, like Amiga OS4. You could wait years before someone running OS4 with Ibrowse shows up (if ever).
It's more likely you will catch more and do the most damage if you target IE on Windows, which is the most popular combination.
That's why Windows isn't as 'safe' as Linux...and why running Amiga OS4 is 'safer' than both.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version