Xtreme PC Central Tech Forums  

Go Back   Xtreme PC Central Tech Forums > Technical Topics > Applications & Operating Systems

Applications & Operating Systems Problems with your Operating System? Got an application that's crashing? Find your answers here.

Reply
 
Thread Tools Display Modes
Old 08-29-2008, 8:49 AM   #61
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
She's done as far as I am concerned (have @ it, your "IRON MAN ARMOR ONLINE")... apk

Well, @ this point?

I think this guide's PRETTY SOLID, because nobody has been able to "add points" to it, from across 27 other forums online (many are "serious geek" oriented sites too)!

(... & the fact that some folks from "THE PLANET" (a large website & hosting provider online) offered to hire me on as a remote security specialist @ this point (pretty cool) for Win2k3 servers they use, as well as what appears to be their personally managed or owned sites also (KTInteractive)).

In any event?

@ People Reading:


This IS your "Iron Man Armor Online"!



So, have @ it ('snap it on') - & enjoy a F A S T E R, & FAR MORE S E C U R E online setup on your Windows NT-based OS' of today (Windows 2000/XP/Server 2003 & yes, even VISTA to a good extent) via applying CIS Tools' suggestions & my own that "layer ontop of it"...



* I am FAIRLY certain it's done - As I can't think of any more points & methods to secure your Windows NT-based rigs, & thus, I close this post off... she's all done as far as I am concerned... this same message will go across ALL others like it that I am still able to edit/add to online, @ some point today in fact.

APK

P.S.=> Sorry for the 'closing note' but, if anyone's interested, this is the "final model" of this guide & its points... enjoy! apk

Last edited by APK; 08-30-2008 at 4:51 PM.
APK is offline   Reply With Quote
Old 08-29-2008, 11:26 AM   #62
ThRoNkA
Registered User
 
ThRoNkA's Avatar
 
Join Date: May 2003
Location: Plano, TX
Posts: 7,148
iTrader: (0)

ThRoNkA's System Info

APK, there is some new patches for the TCP IP subsystem that people need to be aware of. In Vista, there is a new feature called a fall back feature if DHCP fails to get a IP, you can fall back witha manual IP. Now the patch allows you to force, even without admin access, the service to be turned off so it forces the manual IP.

What needs to happen is you need to create this fall back and in the registery, lock the TCP properties so even if the dhcp side is turned off from windows side, the end use still gets a usable IP and the correct scrubbed DNS servers

Thought I might add that in
__________________
iPhone 4 CDMA Verizon
16GB Version
iOS 5.0.1 Jailbroken
RedSn0w 0.9b6b

Motto: Why stick to default when it is yours?
ThRoNkA is offline   Reply With Quote
Old 08-30-2008, 4:28 PM   #63
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
THRONKA: Thanks, & "Number #5 is alive - but, needs INPUT!!!"... apk

Quote:
Originally Posted by ThRoNkA View Post
APK, there is some new patches for the TCP IP subsystem that people need to be aware of. In Vista, there is a new feature called a fall back feature if DHCP fails to get a IP, you can fall back witha manual IP. Now the patch allows you to force, even without admin access, the service to be turned off so it forces the manual IP. What needs to happen is you need to create this fall back and in the registery, lock the TCP properties so even if the dhcp side is turned off from windows side, the end use still gets a usable IP and the correct scrubbed DNS servers

Thought I might add that in
Interesting: &, as usual? Thanks! I say this, because I use Windows Server 2003 SP2 fully hotfix current patched, & sometimes?? Those changes 'carry over' to it, also (such as TcpChimney stuff)... I will have to look into this one, by ALL means, even for my setup.

ON THIS NOTE?

----

ANOTHER 2 CHANGES TO "LOOK OUT FOR" & keep a "heads up" on, in MS' latest/greatest OS versions?

Ms, as of 12/09/2008 MS "Patch Tuesday", has made it IMPOSSIBLE to use 0 as a blocking IP address in a HOSTS file in Vista &/or Windows Server 2008 (where you STILL CAN use 0, vs. 0.0.0.0 or 127.0.0.1 in Windows 2000/XP/Server 2003)...

HOW DAMNED DUMB of MS!

Why?

Well, for example, by MY using 0 as a blocking IP address in a HOSTS file, vs. bad sites? I have a HOSTS file w/ 650,000++ entries in it, that only "weighs" 14++mb in size...

NOW - IF I change that to 0.0.0.0 (so it works again in VISTA/Server 2008)? I get an 18++mb sized file... a 4++mb increase on disk, meaning slower load/reload is seemingly intentionally being promoted by MS.

This? This IS "bloat contribution" by MS, & Stupid... & I will stick by that, until SOMEONE shows me a GOOD solid TECHNICAL reason WHY MS did such a damned DUMB move, period...

ALSO?

Microsoft removed the PORT FILTERING gui interface in networking options in your LOCAL AREA CONNECTION'S "advanced" sections
, which is another MASSIVELY valuable "layered security" feature as well (VISTA, Server 2008, & PROBABLY Windows 7, also)... dumb, & crippling!

(NOW, before anyone says "but, VISTA has a port filtering option in its FIREWALL advanced settings", well YES, it does, but... it operates off a SINGLE point, called "WFP" (Windows Filtering Platform), & thus, has only 1 POINT TO ATTACK TO DISABLE IT (ordinarily, I am ALL for less complexity in things, as usually it's better engineering, but... not in the case of security, & this point specifically)).

Why would I say that? Well... Windows 2000/XP/Server 2003 used a 3 layer method (IPFLTDRV.SYS (port filtering), IPSEC.SYS (IP Security Policies), & IPNAT.SYS (software firewall))... & this was like a phalanx/zone defense type arrangement... whereas the NEW "WFP" method is only a SINGLE unit, & again - only represents a SINGLE point to disable to attack & disable it.

FOR READERS' REFERENCE/VERIFICATION, see these URL's below:

Windows 2000/XP/Server 2003 Packet Passing Reference:

http://technet.microsoft.com/en-us/l.../bb878072.aspx

&

Windows VISTA/Server 2008/Windows 7 "Windows Filtering Platform" outline:

http://www.microsoft.com/whdc/device/network/wfp.mspx

----

( ... &, as per usual, your replies? ALWAYS WELCOME... by any & all means, as to your findings/conclusions etc. et al... I think you're one of the BEST contributors (if not THE best) to this effort, thusfar)



Hey - fact is:

You're supplying JUST what I had asked for from others reading + applying this guide's points, & this is all a body needs - the input, findings, & observations of others!

(As well as addons/improvements/possible caveats - which I may have hit one yesterday in fact (see my next post below) with Windows XP Home on an HP laptop bound to BOTH Verizon & VONAGE routers/networks in fact (in regards to HOSTS file usage, & size of said HOSTS files)).

APK

P.S.=> Truthfully?

This guide was my "New Year's Resolution" for 2008 - to "DO A GOOD DEED"... &, bring this stuff "to the masses" - because they're the ones being 'victimized' out here for years now, & worse the past 2-4 yrs. now, more than ever...

Thus, mainly - It's for those that aren't aware of the fairly simple (but, long) procedure involved is all..., OR, how it's done!

(At least, as easily as possible, especially via CIS Tool Guidance & then my points that go PAST it's advisements)...

However? I'm by NO MEANS, "perfect", & thus?? I put this out so that others can add to it, OR, find 'holes' in the points I put out, so that they too can be corrected/amended, in case I made any mistakes (or any of my points have 'caveats/catch-22's', also)... this is for the good of all as well.

Anyhow - it appears to have done well by others & this is ALL I needed to see/hear: However, I'd like to see it even get better (but, I'm "@ my limits" @ least, & have been adding to it via the points of a few others AND, via some research I've put into it over the time this posts' been up online for others, since Dec. 2007 approximately (hence, this "2nd closing" now))...

Ah, anyways: Thanks for the feedback, IF any on this issue I ran into below (detailed below in my next post), Thronka... apk

Last edited by APK; 04-18-2009 at 12:35 PM. Reason: Adding detail for THRONKA really (as perhaps, he MAY have seen this before on XP Home w/ certain routers)... apk
APK is offline   Reply With Quote
Old 09-03-2008, 11:37 AM   #64
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
THRONKA: Hosts file size problem on XP Home = SOLVED! apk

THRONKA, need input/insight:

PROBLEM WAS SOLVED... editing out bulk of details!

APK

Last edited by APK; 02-21-2009 at 11:45 AM. Reason: NOTING HOSTS PROBLEM (large hosts file size & system lag) SOLVED (via DNS service stoppage)... apk
APK is offline   Reply With Quote
Old 09-04-2008, 8:44 AM   #65
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
SOLVED "MASSIVE HOSTS FILE" system lag cause (DNS Client needs to be stopped is all)

Thronka:

SOLVED THE PROBLEM ("broke the ice, jarvis", lol)

On the "hassle" I noted above (using the 12mb sized HOSTS file I have here, that I use personally, to protect my niece's & another clients' machine that I ran into this "phenomenon" on as well, & BOTH machines run Windows XP Home)?

It's solved...

(E.G. -> I had to cut the DNS CLIENT service is all! This is FINE for 'regular home users' with a single system, afaik, BUT: It's NOT for folks on an "AD"
(active directory) network - KEEP THIS IN MIND FOLKS! (because AD has a HUGE dependency on DNS services, &, I've seen it adversely affect Outlook communicating w/ Exchange Servers is why I note this - fairly important is why, & a widely used application + backoffice server combination!))

... &, anyhow/anyways? She's running fine now...

"HANDLES LIKE A DREAM!" - Tony Stark/Iron Man (again, on his initial 'test flight' of his armor from the film IRON MAN)

I.E.-> No more "lag" on the net loading for her, OR, another client in similar 'pinch'...

(& no more lag overall on their systems, once I cut that service on both machines (when I used that large HOSTS file, I cannot keep the DNS Client service running is all))



* Heh, & IF you've seen the film "IRON MAN"? Well, when Mr. Stark laffs his tail off @ surviving a fall from 85,000 ft. up due to lockup (due to icing of his armor control surfaces)??

Well - Then, You get MY point & feeling, once I figured this one out... whew!


The usage of a custom HOSTS file for adbanner blocking + fav. sites inclusion hardcoding for speed AND more importantly, the usage of one for blocking out bad sites &/or bad adbanners is one of this guide's MOST important that go "above & beyond" CIS Tool's advisements is NOT one I'd like to have to omit is why...

(For both speed + security online? Hey - it just works, & may be one of the MOST effective points for both SPEED & SECURITY online this guide entails/outlines)

APK

P.S.=> All's well, that ends well...

... & I amended POINT #5 in this guide on the forums I am still able to edit it on that is, noting this (if your system lags while applying a relatively LARGE custom HOSTS file, to fix it, cut off the DNS Client service (via services.msc), & all is well once more)... apk

Last edited by APK; 02-27-2009 at 9:30 AM. Reason: Laughing to myself (Bwaaahahaha), just as "Iron Man"/Tony Stark did, upon conquering the 'icing problem' on his initial 'Test Flight of Icarus'... apk
APK is offline   Reply With Quote
Old 02-13-2009, 9:13 AM   #66
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
98.058/100 Score on CIS Tool Security Benchmark... apk

Here is a PRIME example of where most folks that try this test can take the result to, scoring-wise, on the CIS Tool Security Benchmark test:



http://www.xtremepccentral.com/forum...1&d=1235231589

99.058/100



* Not TOO shabby, eh?

(I.E.-> A NEAR 100% perfect score for a client of mine whose system I secured this week taking it from a 45/100 default score, to this one, DOUBLING its security rating per this test, & THEN some... & , in fact, it probably is a perfect score (I say that, because 4/5 things it scored me down on, I actually DID have right for this client of mine, but yet the test scores me down on them (it makes SOME errors here & there is all)))

APK

P.S.=> Placing this result here for posterities' sake and as an example of how secured a Windows system can be, per this benchmark of security test's gauge thereof... apk

Last edited by APK; 02-21-2009 at 12:29 PM.
APK is offline   Reply With Quote
Old 02-13-2009, 7:01 PM   #67
Centurion
Registered User
 
Join Date: Jul 2002
Location: Canada GMT -4
Posts: 1,226
iTrader: (0)
Thank - you - reading along, C
__________________
From the cold north - Land of Northern Lights -VE9BGY
Centurion is offline   Reply With Quote
Old 02-17-2009, 8:01 AM   #68
ThRoNkA
Registered User
 
ThRoNkA's Avatar
 
Join Date: May 2003
Location: Plano, TX
Posts: 7,148
iTrader: (0)

ThRoNkA's System Info

Quote:
Originally Posted by APK View Post
Here is a PRIME example of where most folks that try this test can take the result to, scoring-wise, on the CIS Tool Security Benchmark test:



99.058/100



* Not TOO shabby, eh?

(I.E.-> A NEAR 100% perfect score for a client of mine whose system I secured this week taking it from a 45/100 default score, to this one, DOUBLING its security rating per this test, & THEN some... & , in fact, it probably is a perfect score (I say that, because 4/5 things it scored me down on, I actually DID have right for this client of mine, but yet the test scores me down on them (it makes SOME errors here & there is all)))

APK

P.S.=> Placing this result here for posterities' sake and as an example of how secured a Windows system can be, per this benchmark of security test's gauge thereof... apk

Its 2009 - still trouble free!
I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.
Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)
__________________
iPhone 4 CDMA Verizon
16GB Version
iOS 5.0.1 Jailbroken
RedSn0w 0.9b6b

Motto: Why stick to default when it is yours?
ThRoNkA is offline   Reply With Quote
Old 02-21-2009, 8:47 AM   #69
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Thronka? Your results?? They ARE what this is ALL about... apk

Quote:
Originally Posted by ThRoNkA View Post
Great stuff!
Thanks, & likewise: So are YOUR results using it...

QUESTION:

Did you obtain a score around THIS level yet on any systems? If not, no biggie, but... it IS, "doable"!

http://www.xtremepccentral.com/forum...1&d=1235231589



(IF you cannot see the photograph of the 99.058/100 score? Please, then refer to the attached image @ the BOTTOM of this post reply of mine here now)

See... I just realized that because of where I initially posted it, others would have to register @ said forums (NewTech) & why I state that!

----

Quote:
Originally Posted by ThRoNkA View Post
APK - I will say it again, the guide is FANTASTIC!
Again - So are your reported results here, NO questions asked...!



----

Quote:
Originally Posted by ThRoNkA View Post
Its 2009 - still trouble free!
Per my subject-line, in this reply? That is EXACTLY what the result should be, & good to see that you & yours + your clients are experiencing such results!

(That is, IF someone can stick to a few rules, which YOU, obviously have... rules, such as watching the use of javascript out here online, on EVERY site there is, because javascript is used in almost EVERY attack there is online for years now & SECUNIA.COM or SECURITYFOCUS.COM can verify that much, for anyone)...

----

EXAMPLE OF WHY TODAY'S ATTACKS, even the WORST one to date in "conficker" lately, won't work vs. this kind of security:

http://news.slashdot.org/article.pl?sid=09/02/20/239229

----

See, there...?

WELL - IF you look @ the CONFICKER worm's mechanics, you see it needs the SERVER service running (patched or not) & also javascript in place in the browser of your choice & javascripting enabled there, too...

What are 2 simple points from this article that stall that? Well, it recommends you:

----

A.) STALL SERVER SERVICE (if you don't need a LAN/WAN to connect to & all you do is hit the internet on a single standalone machine)...

AND

B.) It recommends you stall out indiscriminate usage of javascript also!

----

Between those 2 measures (&, possibly ALSO, a HOSTS file that stops access to this CONFICKER worm's control servers)?

Hey... YOU TELL ME, lol, IF it works, or not...



----

Quote:
Originally Posted by ThRoNkA View Post
I was told last week by a co worker who does active directory administration, and he said I was doing overkill.
I wonder what he says about placing say, normal door locks + chain locks &/or deadbolts onto his home? The idea here, is MUCH the same... layered security, & judging by YOUR results (& those I have seen with friends, family, & clients)??

It works AND?

Thus, you stay ABSOLUTELY current (you don't lose ANY data you've been building/creating either... assuming your backups are NOT absolutely current, that is!)

----

Quote:
Originally Posted by ThRoNkA View Post
I told him yes, but I just eliminated the half life in windows that you usually get. He said good point.
Well, what I personally got sick of years (a decade++ actually) ago? Having to REDO systems due to infestors/infectors like malwares... you can't BUILD on an unstable foundation is why.

This?

It does away with that... you can continue perfecting & refining your personal computer setup/workspace, without having to rebuild (or even reimage) frequently due to a messed up system.

(As well as stopping contributing to "spreading the diseases" out here online that infect PC's... boggles the mind, but, that's humanity @ times!)

----

Quote:
Originally Posted by ThRoNkA View Post
So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled
Right... the VERY idea/benefit that I was extolling above - YOU can keep doing productive work, for whatever it is you do on a PC (anyone, not just yourself & I), w/ out having to rebuild it again (& again, & again, etc.)

----

Quote:
Originally Posted by ThRoNkA View Post
My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.
Good idea:

I.E.-> She probably has told a few pals of this with any luck, & you can go out & do their systems the SAME way, making a few bucks for yourself, AND, giving new customers the same excellent result you've been seeing...

"100% bulletproof & bugfree operation!"

In fact?

That is a decently LARGE PART of how I have put together a NEW SYSTEM in fact (doing such secured Windows setups for clients here also), composed of the parts below thusfar:

----
  • INTEL Core I7 920 CPU
  • ASUS P6T Motherboard
  • EVGA (NVidia) 8800 GT "SuperClocked" O/C edition
  • Dual Western Digital "Velociraptors" in RAID 1 mirror
  • Promise Technology Ex8350 RAID SATA I/II 128mb Caching PCI Express Controller
  • CENATEK "RocketDrive" 2gb Solid-State Ramdisk (for %temp% ops, webpage caching, pagefile.sys location, & apps + OS logs)
----



* "A BAD A$$ MACHINE!"

(Just the "fruits of my labors" via this guide, mostly, while doing this kind of work for others professionally (and, just for the sake of protecting friends/family too, gratis for they)... &, it works!)

----

Quote:
Originally Posted by ThRoNkA View Post
Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)
Hardest part is that LAST one imo, & since you have gotten thru it, it simply demonstrates that YOU? You know what you're doing here, which is GOOD...

That is the hardest one...

Well... that, or doing the IP Security Policies (which thank goodness, AnalogX puts out a VERY decent prototype init. working one for all to use)!

HOWEVER, once you have them down pat & working?

Hey... your results speak for themselves, once more!

APK

P.S.=>
Quote:
Originally Posted by Centurion View Post
Thank - you - reading along, C
Excellent, & I hope YOU also experience the types of results that both Thronka, myself, & many others online are enjoying per the usage of this article's suggestions/tips/tricks/techniques, for a BETTER, FASTER, & SAFER internet experience... apk

Last edited by APK; 03-04-2009 at 8:52 PM.
APK is offline   Reply With Quote
Old 03-10-2009, 7:20 PM   #70
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
THRONKA, take a read...

http://blogs.msdn.com/e7/archive/200...commentmessage

Thronka, take a read there, & if you would?

Offer your thoughts!

(On Windows 7, Windows Server 2008, & VISTA removing both PORT FILTERING &/or the ability to use the faster & more efficient (on disk & init. loads + file parsing of the HOSTS file) 0 as a blocking address in the Windows HOSTS file in those models of Windows NT-based OS (where they still allow it in Windows 2000/XP/Server 2003).

Thanks!

APK

P.S.=> You noted changes above, to the IP stack, & I responded (but you may not have seen SOME of the specifics on HOSTS & port filtering) & this is the chance any Windows user has to offer his thoughts on IMPROVING Windows 7, vs. the debacle of VISTA (too bad, but, this is anyone's chance @ offering their thoughts for a BETTER Windows 7 @ least)... apk
APK is offline   Reply With Quote
Old 05-08-2009, 12:22 AM   #71
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Something from "The Watchmen" that struck a chord

Ozymandias: "But, if We make, resources infinite? Ah... you make war, obsolete! I would hope, the other watchmen understand that - wherever they may be. Thanks for your time..."

Resources here, being how to secure your personal computer, if it runs an Operating System based on the Microsoft Windows NT-based family tree: The most attacked simply because it is the most used.

(The "other watchmen" being people involved in this trade in any capacity dealing with networking whatsoever)...

APK
APK is offline   Reply With Quote
Old 06-07-2009, 3:23 AM   #72
Paragon
Guest
 
Posts: n/a
Quote:
Originally Posted by APK View Post

Ms, as of 12/09/2008 MS "Patch Tuesday", has made it IMPOSSIBLE to use 0 as a blocking IP address in a HOSTS file in Vista &/or Windows Server 2008 (where you STILL CAN use 0, vs. 0.0.0.0 or 127.0.0.1 in Windows 2000/XP/Server 2003)...

HOW DAMNED DUMB of MS!

Why?

Well, for example, by MY using 0 as a blocking IP address in a HOSTS file, vs. bad sites? I have a HOSTS file w/ 650,000++ entries in it, that only "weighs" 14++mb in size...

NOW - IF I change that to 0.0.0.0 (so it works again in VISTA/Server 2008)? I get an 18++mb sized file... a 4++mb increase on disk, meaning slower load/reload is seemingly intentionally being promoted by MS.

This? This IS "bloat contribution" by MS, & Stupid... & I will stick by that, until SOMEONE shows me a GOOD solid TECHNICAL reason WHY MS did such a damned DUMB move, period...
Given your sample file sizes, I'm assuming that your aren't compressing your host file. Your probally thinking that would prevent windows from opening it, not true, you can let windows handle it.

You most likely already know how, but just in case.
-> Right click on the folder containing your host file (usually Windows\System32\drivers\etc)
-> select properties
-> click on the advanced button
-> check the box that says "compressed contents to save space"
-> click the ok button

Of course the disk space usage isn't really the issue, however, even with decompression time a large text file will load much faster after being compressed.

It doesn't fix the bug, but at least your better off then where you started.
  Reply With Quote
Old 06-07-2009, 10:47 PM   #73
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
I use NTFS compression, & place my HOSTS file on an SSD

Quote:
Originally Posted by Paragon View Post
Given your sample file sizes, I'm assuming that your aren't compressing your host file. Your probally thinking that would prevent windows from opening it, not true, you can let windows handle it.

You most likely already know how, but just in case.
-> Right click on the folder containing your host file (usually Windows\System32\drivers\etc)
-> select properties
-> click on the advanced button
-> check the box that says "compressed contents to save space"
-> click the ok button

Of course the disk space usage isn't really the issue, however, even with decompression time a large text file will load much faster after being compressed.
It is on a compressed partition here, & NOT ON JUST ANY "ORDINARY DISKDRIVE", but, instead, on a CENATEK "RocketDrive" SSD (solid-state drive, true one, based on PCI-133 SDRAM (not slower on writes & less long-lasting FLASH ram as many are today))...

In fact, 4 posts or so above?

I noted this SSD drive I use in my latest systems' specs, & this? This is only PART of how I use it to offload my main C: drive (programs & OS mostly only there)...

I also not only offload HOSTS files from it, but, I also utilize it for:

----

PARTITION #1, 1gb

1.) pagefile.sys placement

PARTITION #2, 1gb

2.) Webbrowser (Opera, FireFox, & IE) caching location
3.) %temp% & %tmp% ops placement (environment alteration)
4.) SandBoxie placement (a webbrowser sandboxing tool, goes VERY slow on std. HDD's, & much faster on this SSD, by far)
5.) Print Spooler location
6.) Windows' EventLogs
7.) DrWatson Logging
8.) Windows' Firewall logs
9.) Windows Management WMI logging
10.) HOSTS file placement
11.) %comspec$ placement (cmd.exe location, environment alteration)

----

& more...

Doing the file movements noted above effectively speeds up my main C: programs & OS bearing disk by:

----

A.) Unburdening it from these tasks from my main C: programs & OS bearing disk

B.) By reducing fragmentation of files (longer term performance benefit here in that much) caused by those files being on your MAIN C: drive (or, wherever you place your OS &/or Program files).

----

So, as far as my HOSTS file location? I moved it from its std. location!

(Though I leave a copy there in the std. location as well/also, an exact one, in %WinDir%\system32\drivers\etc & keep the one that is actually used located now in a folder on my SSD)

That's done via changing this parameter in the TCP/IP stack in the registry:

----

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters

& altering the "DataBasePath" string value variable there, to a location/folder/directory on my SSD instead!

----

(SSD's, especially the type I have owned & used since late 2002, are world's faster than mechanical HDD's on access/seek times by far, & faster loadtime because it is compressed by NTFS compression also)

Plus, the type I use also excels @ write speeds, whereas the ONLY thing that helps current FLASH RAM based SSD's on that note might by delayed write-caching (what I do not like about FLASH is the performance degradation that occurs, even w/ wear-levelling tech being used in them nowadays)...

Also, as far as how I have used them @ work? I have been fortunate to have worked with Oracle &/or SQLServer + IBM DB/2 systems for database work while utilizing SSD's, & places like techreport.com have noted the gains this way also:

http://techreport.com/articles.x/9312/7

(AND? They're PHENOMENALLY HUGE gains no less, take a read there, be surprised, quite possibly!)

In fact, I first predicted, in theory alone, & later actually saw the SAME types of gains as the folks @ techreport.com did, albeit, nearly a decade beforehand...

That was @ Microsoft TechEd 2000 + 2001 when I did contract work for SuperSpeed.com
(producers of SuperDisk, a mirroring back to HDD software ramdrive) noting to them the applications of ramdrives &/or SSD's in DB related work, which is HOW they applied it in fact to do well @ TechEd...

(This was while I increased the efficiency of their SuperCache 1/II programs (a superior diskcache that works @ the diskdriver block device level, rather than the filesystem level as Windows native diskcache does) by up to 40% on a paid contract to do so).

It was a finalist both years there, in the hardest category: SQLServer Performance enhancement...

SSD's? They work... especially great in "industrial environs" for DB work!

=====

Quote:
Originally Posted by Paragon View Post
It doesn't fix the bug, but at least your better off then where you started.
The "bug" I noted to Microsoft above?

It doesn't affect Windows 2000/XP/Server 2003 users... only VISTA, Windows Server 2008, & the upcoming Windows 7!

Windows Server 2003 user here, by the by!

(MS. after 12/09/2009 patch tuesday, has made it impossible to use the smaller & faster 0 based blocking IP address in a HOSTS file on VISTA/Windows Server 2008 + Windows 7, & now you can only use the larger + slower 0.0.0.0 (6 characters larger per line vs. 0 mind you) or worse yet, the std. loopback adapter address of 127.0.0.1 (which is 8 characters larger per line in the hosts file vs. the 0 blocking IP))...

Inefficient & bloating + SLOWER TO READ/LOAD because of greater size... & again - I'll stick to that, unless someone can prove to me a good reason why it was done, otherwise!

I say this, because to me? That move makes no sense to me WHY they have done this to HOSTS files, & I have YET to get a solid technical logical answer from anyone, including MS, on this in fact...

APK

P.S.=> When you get a "large" HOSTS file (purely relative term, but anything over 4mb iirc is the mark where the local DNS client service "messes up")? You need to kill your DNS client service, & then, it will work fast again...

Something to keep in mind!

(Local diskcaches then "make up the difference" once the file is read in, almost making the need for a local DNS cache obsolete really)...

HOSTS files work for security this is certain, but, also for greater speed (by blocking adbanners & the like, if you wish, which yields gigantic speed boosts online (Top that off w/ limiting javascript usage to sites you only really need to keep it on to use them? You get more speed, AND SECURITY, still (because a good 99% of the attacks today? Come from email programs & webbrowsers via javascript, & anyone can see SECUNIA.COM data on that much to verify my statement here in that regards)))... apk

Last edited by APK; 06-08-2009 at 10:39 AM.
APK is offline   Reply With Quote
Old 10-27-2009, 9:11 PM   #74
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
To Windows VISTA, Server 2008, & Windows 7 users, READ PLEASE!

To anyone using VISTA, Windows Server 2008, or the new "Windows 7" (which rocks, especially in 64-bit form)? Don't use the point I noted as this in its first sentence:

6.) USE Tons of security & speed oriented registry hacks

Not unless you ABSOLUTELY KNOW what you're doing.

(See, the older registry .reg file 'hacks' won't work that worked FINE on Windows 2000/XP/Server 2003, albeit (not all of them @ least) with VISTA, Server 2008, or the new Windows 7. So, "Steer Clear" of those on the newer MS' OS!)

Thanks!

APK

P.S.=> On that "note"? I like Windows 7, very much (again, especially in its 64-bit build), & it amazes me how F A S T it is, even with its large number of services resident + running, by default - &, when you "trim them down" even more? You get THAT MUCH FASTER! The services are now also secured better, by using "lesser privelege" user SID entities "built-in" types vs. LOCAL SYSTEM, such as NETWORK SERVICE or LOCAL SERVICE which I go into HOW TO DO IT on Windows 2000/XP/Server 2003 here (Server 2003 has much of it, as does XP, after MS did service packs + hotfixes, & Windows 2000 lacks a few "built in" entities, but you can "mock up" a lesser priveleged one easily enough to do that there also - this has put Windows on level with the likes of the BSD based MacOS X in that respect, which is GOOD!

Now, IF only MS would fix up HOSTS files being unable to use the FAR MORE EFFICIENT & FASTER "0 ip address" (pings resolve it back to 0.0.0.0 though on Windows 2000 (after service packs though, MS put it in there around SP#1-4 somewhere, so it was seen as a GOOD THING by them, because the original OEM version did not allow that, & only allowed as good as using 0.0.0.0 in a HOSTS file (which IS better than 127.0.0.1 by 2 bytes per line) but, using 0 beats them both, by large margins (making for a faster load up into RAM (be that the local DNS cache (disable that on larger HOSTS files), or, the local diskcache kernel mode subsystem)?

Windows 7 would be THAT MUCH BETTER, for both security and speed!

Well, in this case, ONLY for those that have the good sense to use a HOSTS file for added speed & security!

(FOR SPEED? BLOCK ADBANNERS (they too have been found to have malware in them for years now), & "hardcode" in your fav sites IP Address-to-DomainName/HOSTName? Well, doing that, you avoid calling out to potentially downed or compromised DNS servers (see Dan Kaminsky online for the latter, the Domain Name System has problems, even the "allegedly invulnerable" DJBDNS was found to have holes in it for security this year in fact))!

Thus, saving you between 30-x ms queries to those remote DNS servers (which CAN be logged no less as well), & instead using the speed of MEMORY/RAM (many, Many, MANY orders of magnitude faster) once the HOST file is loaded (which still occurs faster, because it would be using diskspeeds of today, which are 3-10 or more orders of magnitude faster than calling out to remote DNS servers). HOSTS use no CPU cycles, vs. DNS programs + they are EASILY EDITED vs. even other filters like IPTables in Linux (easier in notepad imo & ANYONE can do it, we all have text editors is why on ANY OS), & cost you NOTHING (many good sources for good ones too, like -> http://en.wikipedia.org/wiki/Hosts_file for starters, or SpyBot "Search & Destroy" for updates to it that block out KNOWN bad malscripted sites, or bad servers used to control "botnets" too! I could go on & on on MORE of the benefits of HOSTS, but that'll do, for now (I hope MS fixes this removal of 0, as a blocking "ip" in HOSTS in Windows 7 @ least, because it is more efficient & faster).

What worries me some though even more on SECURITY though?

This, on Windows VISTA, Server 2008, & Windows 7's Firewall:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."


That was a DIRECT QUOTE from said URL I just posted from rootkit.com ... & it 'worries me' some. I have confronted MS tech people & mgt. on this, to no avail... I don't know WHY they won't answer either - I am only asking WHY the thing with HOSTS was done, no answers, & pointed out to them what ROOTKIT.COM said above, many times (on MSDN, @ INTEL, @ /. with a user there named "Fordecker" who is a senior MS development mgr. for Windows no less, & also on the "Engineering Windows 7" blog by S. Sinofsky, a "Big Man" @ MS on Windows no less)... apk
APK is offline   Reply With Quote
Old 11-01-2009, 3:52 PM   #75
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Worried about Conficker infestation? Check yourself (How to)

Worried about being 1 of the 7++ million PC's infected/infested by the "CONFICKER" worm, per this article today @ /. (SLASHDOT)?

----

After 1 Year, Conficker Infects 7M Computers:

http://it.slashdot.org/article.pl?sid=09/10/30/223238

----

Ok then, so you are apparently concerned, if you have read this far already!

Well, then here is a way to test yourself to see if you are infected/infested. Click on the URL below, & just literally see for yourself, here:

----

http://www.confickerworkinggroup.org...feyechart.html

----

(And, good luck, hope you're not infested/infected (I wasn't thank goodness!)).

APK

P.S.=> ... & it truly is, as EASY as it gets (it's called the "conficker eye chart", & IF you can see all 6 pictures, then you are NOT infected, but if you cannot? It means it is quite possible you have been infected by this machination known as "conficker")... apk
APK is offline   Reply With Quote
Old 11-01-2009, 9:28 PM   #76
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
IF you show up as "conficker infested"? Here are cures

NOW, if you cannot reach that site (which has happened to folks today per this exchange I had on another forums -> http://amazingtechs.com/index.php?sh...st=30&start=30 )

It only means that the testing site has been "/.'d" (too many requests by users to that server, it happens, almost like a DOS/DDOS really, every website server has limits, which yes, can be RAISED by most site admins in fact, in the board engine's config files (usually)).

Still, if you show up "infested" Guys, there are cures, such as this list:

http://www.google.com/search?hl=en&s...=Google+Search



* Hope you're not, & hope if you are, you can remove it via said lists of removal tools is all!

APK

P.S.=> Onwards & upwards... apk
APK is offline   Reply With Quote
Old 11-02-2009, 10:28 AM   #77
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
IF you cannot reach the site to check vs. CONFICKER? Check these areas

I HAD A GOOD QUESTION FROM A USER TODAY, & HERE WAS MY ANSWER, IN CASE YOU CANNOT REACH THIS SITE TO CHECK YOURSELF (as it may be blocked by a malware, or even yourself, via various means, instead of just being flooded by users requesting on it, effectively "slashdotting" (almost DOS/DDOS'ing) said site to check yourself vs. CONFICKER)

So... he we go as to the possibles!

FROM -> http://www.hftonline.com/forum/showthread....6049#post116049

--------------------

Quote:
Originally Posted by kulich View Post
I did try, and failed to even generate a 404 ... so I'm happy that it wasn't something at my end.

P
HOPEFULLY, it isn't, because there IS A POSSIBILITY that the site to check yourself I noted? IS BLOCKED, & blocked in your HOSTS file (make sure this is ALWAYS "READ ONLY" (write protected) attributes applied) OR via bad browser addons, or in browser filtering lists (internal to individual browsers)...

So, check it for that site being in there/those, blocked as follows (a few possibles):

I strongly DOUBT you did any of these, yourself, but... one never knows, so, here goes:

=====

POSSIBLE #1 - That the site to check yourself, is actually BLOCKED in YOUR HOSTS FILE

That file typically found under %Windir%\System32\drivers\etc, or if you moved it, check the registry for the value here ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\Tcpip\Parameters & check the DataBasePath value

(That STRING VALUE SZ stores your HOSTS file location, TRUE ONE your system will be using & you CAN move it if you like... but, so can malwares):

0 www.confickerworkinggroup.org
0.0.0.0 www.confickerworkinggroup.org
127.0.0.1 www.confickerworkinggroup.org

(ANY OF THOSE WILL BLOCK OUT SITES, GOOD SITES, or KNOWN BAD ONES, so, check your HOSTS file, first! Conficker MIGHT ACTUALLY TRY TO PULL THIS LITTLE TRICK, mind you!)

=====

POSSIBLE #2 - bad "hardcode" of a site address (which a malware might do, or, it just 'went stale' & the website found a NEW "hosting provider" & their IP addy changed - & YES: Sites DO, do this, simply because they found better prices on hosting their sites for example, OR better services, but, they usually let you know when they do)

See if you, yourself, "hardcoded it as a favorite" (which you CAN DO, to speed up access to your fav sites by avoiding the 30-x ms traveltime for resolution of domainnames/hostnames to IP addresses with remote or local DNS servers)?

Your "hardcode for speed" (as well as reliability IF a dns server you use goes down OR is poisoned (see Dan Kaminsky on this online in regards to this)), well... it can 'go stale' or change (because the website found a new hosting provider for instance, because they're cheaper or better etc. et al as noted above earlier)...

(I.E.-> You CAN "mess this up", esepcially over time, with the wrong IP address (yours may vary on what you get as a return IP address from your DNS server too, than my example here is, be aware of that too)):

----

A.) E.G.-> RIGHT IP ADDRESS EQUATION FOR HARDCODE (for me, not same for you possibly - remove any hardcodes, if any in your HOSTS file, reload it (edit & save it in Windows XP/2000/Server 2003/VISTA/Server 2008/Windows 7 since they have a "dynamic PNP" loaded IP Stack) or reboot (you MUST in Windows 2000 - IP stack FULLY LOADED prior to bootup is why ONLY, not only when users request on it like in later Windows' versions)):

149.20.20.82 www.confickerworkinggroup.org

B.) E.G.-> WRONG IP ADDRESS EQUATION (something CONFICKER Might actually do in fact, IF you are "hit" by it/victim to it OR if the site you hardcoded changed hosting providers etc.):

10.1.1.1 www.confickerworkinggroup.org

(10.x.x.x, & iirc, 172.x.x.x ESPECIALLY WILL NOT GO "OUTBOUND" TO THE INTERNET, & ARE MUCH LIKE 192.168.x.x is... only for internal networks/LANS & DHCP on the last one, the others are for static internal addresses!)


HOW TO GET THE RIGHT IP ADDRESS FOR YOU, FROM YOUR DNS SERVERS YOU USE? PING THE SITE FROM A DOS CMD.EXE WINDOW PROMPT/TTY CONSOLE!

E.G.->

C:\> ping www.confickerworinggroup.org

BUT, only after you remove it from a HOSTS file & save it to reload it (or reboot after edit + save, on Windows 2000 & below). That command WILL return the correct IP address, once it is not found in your HOSTS file (IF it is @ all that is).

----

(These (POSSIBLE #1, & POSSIBLE #2A & #2B)? THEY are the ONLY 'downsides' of using a HOSTS file, it CAN be "used against you too", by malwares... so, be aware of this little tidbit too!)

=====

POSSIBLE #3 - in BROWSER INTERNAL BLOCKLISTS THEMSELVES (this too can be "misused" by malwares against you, OR, it can help you too (spybot s&d populates these along with HOSTS for example, for "the good"):

NOW, if it is NOT blocked there/THOSE above?

1.) Check your IE "restricted sites" list (IE 7-8 have easy facilities for this, in "INTERNET OPTIONS" or MSCONFIG (iirc on the latter here), & IE6 you have to search the registry for here -> HKCU,"Software\ Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

2.) Opera has its FILTER.INI &/or URLFILTER.INI which can do the same (block sites, ONLY @ THE BROWSER (opera) level though, not globally like HOSTS do or can)

3.) FireFox/Mozilla variants also have "internal to FF/Mozilla only" blocked lists-restricted sites as well.

Any of these also can "go stale" due to sites changing hosting providers, OR, due to a malware 'bushwhacking' them...

4.) AND, CHECK YOUR IE "browser addons" (possibly even FF ones too) that are malwares possibly, because THEY CAN "intercept" calls to GOOD SECURITY SITES TOO, so check your addons for bogus ones in your webbrowsers too!

5.) ONCE ALL OF THAT IS CHECKED (hosts, browser addons, & browser block lists/restricted zones)?

CLEAR YOUR LOCAL WEBBROWSER CACHE, RELOAD YOUR HOSTS
(if you use it & editing it + saving it will do that on Windows XP/Server 2003/VISTA/Server 2008/Windows 7 or, a reboot after edit will on Windows 2000), & try the site again, once ALL OF THOSE AREAS "CHECK 'ALL CLEAR'"...

====

SO - be aware of ALL of the above, & their mechanics involved. Malware makers are, & so should you be, as a "security conscious" user of Windows systems @ least! With that all above? You SHOULD be, on this account.

Good luck!

APK

P.S.=> Odds are though, they've been "SLASHDOTTED" by too many users requesting on them, because /. is such a HEAVILY travelled/used website... especially if "NONE OF THE ABOVE", holds true... apk
APK is offline   Reply With Quote
Old 11-03-2009, 4:46 AM   #78
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
IF you cannot download CIS Tool or, if it is no longer free to individuals? Try these

A possible point noted by another user @ another forums, for those interested in securing their Windows NT-based OS PC:

FROM -> http://www.pcreview.co.uk/forums/showthrea...41#post13641341

----

Quote:Originally Posted by Srivas
Btw. CIS tool is not a freeware, is there any other program to benchmark your level of security?

----

It used to be free, I guess it's not now (I am taking this gent @ his word, I have not tested this by going to the download site in years, but still)... as alternates, you may use/can try:

====

1.) BELARC ADVISOR (free, & works VERY well) -> http://www.belarc.com/free_download.html

or

----

2.) "SCW" (security configuration wizard) which is an addon for Windows Server 2003, possibly VISTA, & for sure Windows 7 (you add it in CONTROL PANEL, Add-remove WINDOWS components).

OR

----

3.) Microsoft ALSO OFFERS "Microsoft Baseline Security ADVISOR" ->

For Windows 2000/XP/Server 2003 (32 & 64-bit downloads are there):

http://www.microsoft.com/downloads/details...;displaylang=en

For Windows 7 & Server 2008 R2 (32 &64-bit downloads are there):

http://www.microsoft.com/downloads/details...;displaylang=en

====


... but, iirc, the latter in #3 depends on various services running!

(I am no longer EXACTLY sure which services those are anymore, but iirc, they are one that use NTLM networking based or AD services based (e.g.-> lanman/netbios type sharing being working & Client for MS networks active in your network connection, + File & printer sharing AND server service + workstation service active & POSSIBLY the NetBIOS over TCP/IP helper service as well - but, don't "quote me" on this, I just know it will not run IF you trimmed off various services...))

APK

P.S.=> ALSO, IN THIS THREAD? Well - I believe I noted SCW, but only for Windows Server 2003 earlier in this post (I did) but it exists for Windows 7 now, standard, apparently (I installed it on Windows 7 64 bit pro so it does exist for it too)...

So, there are some "alternate options/tools" to use for better security online (and speed too, especially from SCW)... apk

Last edited by APK; 11-03-2009 at 5:25 AM. Reason: Adding in download links for "MBSA" for all versions of Windows NT-based OS'... apk
APK is offline   Reply With Quote
Old 11-09-2009, 2:29 PM   #79
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
The "dim beginnings" of how to help secure Windows7... apk

OK, for those of you that have "moved on" to VISTA (or Windows Server 2008 & Windows 7), as I have recently, in my now using Windows 7 64-bit here?

(For around 2++ weeks now or so, in using Windows 7 here, & doing well thusfar, @ least)

WELL - here is what I have done so far to help secure Windows 7 more:

BACKGROUND: Since this guide was originally intended for folks with a SINGLE SYSTEM online (or many via a router, but NOT "networked together" via Active Directory (or, otherwise) for File/Folder & Print Sharing for example/for instance), this too is intended for that SAME kind of "audience", albeit, in regards to Windows 7 (again - I use the 64-bit model of Windows 7 here, but this ought to be fine for 32-bit users as well)

====

Start up SERVICES.MSC (You will need this for turning on/off various services is why)

1.) Turn off the SERVER service (this also aids in making you less vulnerable to the CONFICKER bug out there too, because this service "publishes" shares on your system) - in turn in making you more secure, this also lessens another service that you DO NOT NEED TO BE RUNNING, period, when you are a "standalone single machine @ home connected to the Internet" - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically

... I also run this .cmd "batch file" on Windows 7 @ my startup (via a shortcut that loads it & runs it minimized):

echo off
NET SHARE C$ /DELETE
NET SHARE B$ /DELETE
NET SHARE D$ /DELETE
NET SHARE E$ /DELETE
NET SHARE F$ /DELETE
NET SHARE G$ /DELETE
C:
NET SHARE ADMIN$ /DELETE
NET SHARE IPC$ /DELETE
NET SHARE DFS$ /DELETE
NET SHARE COMCFG$ /DELETE
NET USE * /DELETE :REM last line is to force complete read of HOSTS file into RAM, that domainname/hostname is the last line in it... apk
ping zzzz.hostindianet.com

That removes shares (just in case, overkill yes, but still, just being safe) & FORCES my system to load my HOSTS file in its entirety too (into my local diskcache kernel mode subsystem's arrays/buffers/structures, because that is the last entry in it & pinging it SHOULD force my system to look into that HOSTS file of mine (more on THAT below, lots more) & since it is the LAST ENTRY, it will read the entire file into RAM @ that point, to do so, effectively caching my HOSTS file, right then & there) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically

----

2.) Turn off the TCP/IP over NetBIOS service (this is not needed by a person who does not have a home LAN either, or needs to share his files/folders/disks out to others remote to the system in question also, much like SERVER service above) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically

----

3.) I have also been able to turn off the WORKSTATION service as well on Windows 7, albeit, ONLY AFTER I BOOTUP & LOGON in test so far, not sure if you can DISABLE it & still logon, so... keep that in mind!

(This service deals in SMB (server message block iirc) networking)

Turning it off, like any service you don't really need, results in YOUR saving more CPU cycles, RAM, & other forms of I/O also, + even electric power really... as you're not running a program & using power, just like ANY of the above or below recommendations for turning off programs of most anykind really do (albeit, this isn't as much of a "security gain" as the top 2 above are imo) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically.

----

4.) I have also turned off (set disabled) the SSDP Discovery Service (don't need it here is why)

----

5.) I have also turned off (set disabled) the Function Discovery Provider Host Service (don't need it here is why) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically (well, in this case, POSSIBLY only).

----

6.) I have also turned off (set disabled) the Net.Tcp Port Sharing Service (don't need it here is why & this MIGHT be somewhat of a 'security risk' too, imo @ least, in leaving it "on" & running 24x7) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically (well, in this case, POSSIBLY only).

----

7.) I have also turned off (set disabled) the SSDP Service (don't need it here is why & it "ties in" with UPnP below (read that one))

----

8.) I have also turned off (set disabled) the UPnP Service (don't need it here is why & UPnP has been KNOWN to have vulnerabilities over time, in OS & in routers even, which IS noted in this guide as to how/when/where/why/what can be 'dangerous' about it...)

----

9.) I have also turned off (set disabled) the WinHTTP Web Proxy Auto-Discovery Service (don't need it here is why) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically (well, in this case, POSSIBLY only).

----

* THAT'S THE END OF SERVICES TRIMMINGS (more on that & a GOOD SOLID CURRENT GUIDE FOR THAT? It's in my "P.S." below... for even more speed & possible security gains you get by turning off services you do NOT need possibly, running in the background when you really do NOT need them to be, soaking up CPU cycles, memory, & other types of I/O your programs you actually USE, could use, instead! Just common-sense, imo...)

ANYHOW - onto the LOCAL AREA NETWORK CONNECTION"

10.) Turn off Client for Microsoft Networking, QoS, + File & Print Sharing in your LOCAL NETWORK CONNECTION (avoiding the potential for shared disk/file/folder access even more, & do this ONLY IF YOU DO NOT HAVE TO CONNECT TO A LAN/WAN (local or remote) for disk/folder/file sharing only, or if you are NOT part of a HOME or WORK LAN/WAN)... & really, any others, other than TCP/IP (this you need for online access).

While you are there, in your LOCAL AREA CONNECTION?

Well - Additionally, You can DISABLE TCP over NETBIOS as well in the LOCAL AREA CONNECTIONS' properties for Tcp/IP, & the ADVANCED button, then click on the WINS tab & check "DISABLE NetBIOS over TCP/IP"
... &, there are a few more too, read on:

Extra protocols &/or services that Windows 7 has, such as "Link Layer Topology Discovery Mapper I/O Driver" &/or "Link Layer Discovery Responder" can also be "cranked off" & apparently to NO DETRIMENT EITHER (I have been running for weeks now without it & I am here posting, aren't I? If that doesn't say or prove it for me, not much will I guess... lol!)

I also add in OpenDNS' servers there in the DNS tab (advanced Tcp/IP properties) & their IP addresses are:

208.67.220.220
208.67.200.200

(They are a FASTER DNS system, & respond to fixes + patching faster than any other did when Mr. Dan Kaminsky found the holes & security vulnerabilities he did last yr. in the Domain Name System (DNS)).

LASTLY (though this is more of a "speedup" than a securing tip)? Try this:

Create/paste this into notepad.exe & save it with a .cmd extension (32/64-bit batchfile really, just ends in .cmd rather than .bat, as 16-bit command.com driven ones did in DOS & Windows too)

@echo off
echo Setting TCP/IP flags...
echo -----------------------
echo This only succeeds when run as an administrator,
echo when run as a user it only shows the current settings.
echo.
pause
echo.
netsh int tcp set global rss=enabled
netsh int tcp set global chimney=automatic
netsh int tcp set global netdma=enabled
netsh int tcp set global dca=enabled
netsh int tcp set global autotuninglevel=normal
netsh int tcp set global congestionprovider=ctcp
netsh int tcp set global ecncapability=enabled
netsh int tcp set global timestamps=disabled
pause
cls
echo Current settings:
echo -----------------
netsh int tcp show global
pause

Then, lastly, run it... (create a shortcut to it, & use the ADVANCED button in the shortcut to "RUN AS ADMINISTRATOR"). This is supposed to speed up & help your IPStack perform better/faster, in Windows 7. I just tried it today, seems to work ok (no detrimental effects so far @ least that is).

Anyhow: "Onwards & Upwards!"

----

11.) IF you use a "largish" custom HOSTS file? TURN OFF THE DNS CLIENT SERVICE (which is just like the ones in Windows 2000/XP/Server 2003, which this guide covered MOSTLY as to how to secure those)... - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically, especially on an "AD Network" on a LAN/WAN (Active Directory is HEAVILY dependent on DNS is why).

* NOW, if you do not do this (turn off the DNS cache local client service), & you use a larger HOSTS file? You will LAG, & badly... amazingly badly in fact!

(I have written MS on this, only to have it "fall on deaf ears" really, so this IS the 'workaround' for that, rather unfortunately, because I believe it can be fixed for larger HOSTS files too, by altering how much can go into the C/C++ structure for records that DNS uses, based on reference BSD designs @ least (I don't have MS' sourcecode so... well, I can only guess on their designs, though they, like most others, tended to use the BSD model to start from @ least for TCP/IP)).

----

12.) USE A CUSTOM HOSTS FILE (for BOTH added SPEED, but more importantly FOR BETTER SECURITY ONLINE):

Custom HOSTS files can literally double your speed online via blocking adbanners (good & bad ones) + having the option to "hardcode in" your favorite websites IP Addresses into a HOSTS file next to its HOSTNAME/DOMAINNAME, avoiding having to call out to remote DNS servers (many of which have been found exploitable, even the allegedly "invulnerable djbdns system", by Mr. Dan Kaminsky & others in case you are interested in specifics here on this note), saving a GOOD 30-N ms roundtrip traveltime per call to remote DNS server to resolve a URL to an IP address...

BUT, their best benefit? Even better than "double your normal internet surfing speed online" (it will get faster, read here in fact):

----

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

----

So reiterating this: Even BETTER THAN THE SPEED GAINS HOSTS FILES PROVIDE, ARE the SECURITY GAINS!

I.E./E.G.-> I have a pal named Jack, a PI by trade & license/degree, who used to get (no joke) 200++ viruses a week... NOT ANYMORE! He is CONVINCED, as am I, that a good current HOSTS file that blocks out known BAD SERVERS is the key here... as well as his saying literally "my intenet goes TWICE AS FAST with a HOSTS file"...

(FOR GOOD RELIABLE/REPUTABLE HOSTS FILES? There are many good ones!)

Try here ->


http://en.wikipedia.org/wiki/Hosts_file

& you can use sites like Mr. Dancho Danchev's security blog to update them even more for securiity (i.e. - for the latest in listings of botnet "Command & Control Servers" or bad sites with malware on them in general, here -> http://ddanchev.blogspot.com/ )

OR

Just use "Spybot 'Search & Destroy'" instead, as it updates your HOSTS vs. known bad websites (& your webbrowser of choice's private block lists, such as IE "Restricted Zones" here -> HKCU,"Software\ Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 or via Internet Options in CONTROL PANEL, & others like Opera maintain private .ini files (URLFILTER.INI &/or FILTER.INI) for the same general purpose))

E.G.-> Over the past 10 yrs. or so now, those sites have helped me build upt a custom HOSTS file version that has over 660,000++ entries in it, of KNOWN BAD SERVERS OF ALL KINDS...

Mine COMBINES mvps.org's & the one I built up myself since 1997, alongside all those @ the wikipedia site for HOSTS files above, that is completely free of duplicate entries (via a program I wrote & posted of here, "APK Hosts File Grinder 4.0++") & uses the SMALLEST + FASTEST POSSIBLE INTERNAL FORMAT for them on Windows 2000/XP/Server 2003 (0 blocking "ip address", e.g.-> 0 www.knownbadmalwaresite.com ) OR for Windows VISTA/Server 2008/Windows 7 (using 0.0.0.0 which though larger than 0, is the only thing that still works on those most modern versions of Windows)

(ODD THAT, that diff. in blocking IP address used, but the dual layer IPv4/IPv6 tcpip driver in VISTA onwards must have facilitated this, but it too, up until 12/09/2008 could ALSO USE THE SMALLER & FASTER 0 BLOCKING "IP ADDRESS", but after that "Patch Tuesday", even VISTA no longer could... so, I am not sure of WHY MS has pulled this though I have confronted them numerous times on it, repeatedly, & I noted it above also).

I mean, hey - Windows VISTA/Server 2008/& Windows 7?? They're ALL/EACHl based off Windows Server 2003 code, which still can use 0 though oddly, making for smaller & faster HOSTS files - so why doesn't MS allow this now?? Boggles my mind, but worse, is the fact they have evaded answering me on it several times (on their own forums, & on ones like SLASHDOT too + more).

----

PRACTICAL e.g. in the case of mine?

a.) Using 0 gets me a 14mb sized HOSTS file, same line entries as the ones below, just using 0 as "blocking IP address" (vs. 0.0.0.0 or 127.0.0.1 which ARE larger & thus, slower to read)...

Whereas, by way of comparison:

b.) Using 0.0.0.0 on Windows 7 is up to 18++mb in size...

c.) However, & WORST OF ALL for both speed & efficiency? 127.0.0.1, the default blocking address used, ends you up with a 22++mb sized HOSTS file!

So, as you can see? I save 30% or so using 0 vs. 0.0.0.0 (have to use THIS latter one though, on VISTA/WinSrv2k8/Windows 7 though, what a shame) in filesize & thus loadspeed of my HOSTS file, AND approximately ALMOST 50% in size vs. using 127.0.0.1 - to any "naysayers" on this account, I can only say:

"Argue with the numbers", & GOOD LUCK (you'll need it, more like a miracle really).

----

(This turning away of being able to use 0 in a HOSTS in VISTA onwards (again, wasn't always this way in VISTA mind you) is "bloated", because 0 &/or 0.0.0.0 do the same valuable blocking, & are smaller + faster to load because of the size diff.... so, "do the math" yourself, & realize also that smaller files load & parse faster (line by line, in a WHILE loop, with each line terminating in a CR+LF (carriage return + linefeed/enter keypress), & eventually when the "EOF" (end-of-file trailer record-marker) is hit signalling the end of the file & thus the read loop in the File Open/Read-Write/Flush-Close I-O cycle)...

Funniest part of all, is this: Windows 2000 didn't have 0 as a legit blocking IP address in its ORIGINAL DISTRO on CD from MS: They added it LATER... & kept it all the way into VISTA, until 12/09/2008 MS "patch tuesday"... why change it now, especially when it does a GOOD THING for a great thing (hosts files)? And, ping'ing a 0 blocked site from your HOSTS file, on Windows 2000/XP/Server 2003 gets back a 0.0.0.0, a legit IP address (proving this is indeed, LEGIT TO USE, period... so, why did MS remove it, if it makes a HOSTS file smaller & faster?)

----

13.) Look @ your TCP/IP rules "INBOUND" tables in the "ADVANCED FIREWALL CONNECTIONS" section of your Windows Firewall (Run this command for a quick link to it -> %windir%\system32\WF.msc )

There?

Well, I have personally successfully turned off /BLOCKED an ENTIRE ARRAY OF DEFAULT ALLOWABLE PROTOCOLS I JUST PERSONALLY DO NOT NEED & I am again, here posting, just fine (after reboots & all mind you).

(ALSO - this section here? WELL - This may vary by what you yourself need to do though, so bear that in mind)...

PERSONALLY - I only left the "Core Networking" sections/lines as ALLOWED IN (& I am certain I can block out a couple of those too, but this is all what I have done "so far", successfully, only... more will come in the future I am sure on this one from myself, or others too).

----

14.) A good run of secpol.msc (using its Account Policies &/or Local Policies Left-Hand Side tree items/folders).

(& on secpol.msc, I applied "AnalogX's IP Security Policy", in the IP Security Policies section also (which I mention in this guide here earlier, & in AnalogX, & WHERE TO GET IT, with directions to install it (cake-easy) & it works great still, too!)

PLUS I added myself as an ADMINISTRATOR user to nearly EVERY category in "User Rights Assignment"! I removed AND DENIED out the following users/groups in my DENY sections (the toughest ones really) in the secpol SECURITY OPTIONS section:

DIALUP
TERMINAL SERVER USER/GROUP (I don't use OR allow this here, you may)
GUEST
ANONYMOUS LOGON (especially this one)
Remote Desktop Users (I don't use OR allow that here either)
REMOTE INTERACTIVE LOGON
IIS Users (I don't host a website here is why on this note)

(STEER CLEAR OF THE DCOM RELATED SETTINGS GUYS - I DID THAT & CAUSED MYSELF A LOT OF "PAIN" (not really - Windows7 recovery bootup from install DVD or System Repair CD let me restore from a Restore Point perfectly once, & a System Image once, & those are the only other times I redid or had to redo this system on Windows 7, which happened the first day, while I was learning more (during tuning tests like these, or checking which boards/cards still worked for me here on Windows 7)... I'd try to help YOU avoid that, though it was not bad!

I do this, this way, here... simply because I have run for the past 15++ yrs. now that way (beyond "STD. ADMINISTRATOR" or "SYSTEM" level rights even)... I do so, successfully!

& despite the 'common belief' it's 'dangerous to do'? Well... I do that, & have not gotten infested/infected since, oh, around 1996-1997 that I know of @ least, but then I know to avoid using the "main malware delivery tools" in IFRAMES + JAVASCRIPT mostly, online, & also what sites I use that have proven reputable too (which some of you may or MAY NOT wish to elect to do on the elevated ADMIN/SYSTEM-LIKE rights assigned to yourself... &, epsecially if you believe in & espouse the UAC "least privelege principal", because its theory is SOUND, but it's not always that way in practice (per folks still getting infested in VISTA, & of course, the antivirus-antispyware test I note here in THIS POST, too))

E.G.-> There, in the I gave myself every right possible under the sun almost (those who believe in the principal of "least privelege is safer" disregard this, & it's so UAC keeps "protecting you" (though it's not that great vs today's threats, it did stop 3/10 of the ones thrown @ it here -> http://tech.slashdot.org/article.pl?.../11/08/0233248 , it's still NO "Cure" for a user that does not give a hoot & just downloads + opens/runs any email attachment or binary executable from online that he finds, either)

----

15.) GET MICROSOFT SECURITY ESSENTIALS (especially if you do not have a Windows 7 compliant/compatible antispyware + antivirus program)... it has been rated + reviewed VERY WELL online in antivirus/antispyware competitions-contests/ratings, & I have been using it and it is fair FAST @ scanning files/folders plus, it is VERY LIGHT & operates QUITE "transparently" too... not much lag, IF any, is perceptiable from it & it updates, daily too AND IS 100% FREE and WORKS!

----

16.) Do the "FileSystem" & "Registry Hives" ACL security tip I noted here, adding yourself + SYSTEM (& any user groups YOU are part of, & removing other users that do NOT need to be there right out)... it works for security too.

----

17.) Doing the above, on Windows? Between ALL THAT ABOVE should "do the job" & between that + running a tool like Microsoft Baseline Security Analyzer 2.1.1 (there are 32 &/or 64 bit models out there now mind you too + I posted the download links to them above here earlier a couple posts up from this one)!

====

Doing ALL that to a Windows 7 System that is a "stand-alone" single system hooked to the internet only (not a LAN/WAN or home network)? You SHOULD be "OK"/Fine, for now @ least, on a secured Windows 7 setup...

(NICE PART IS, imo thusfar @ least? Well, that is that it really SEEMS you do not have to do NEARLY ANYWHERE AS MUCH as what you had to do for Windows 2000/XP/Server 2003 though really, for security)

... Especially since MS has really, REALLY done a GOOD JOB of securing services for instance, so you don't really have to do that step anymore as I outlined in this guide early on, for securing services & for Windows 2000/XP/Server 2003 for the "utmost in security" even @ the services level, like MacOS X has for example... especially since MS has even helped THOSE older models of Windows do better there, via service packs + hotfixes for them altering the "logon SID entity indentifier" services use (LOCAL SYSTEM, vs. LOCAL SERVICE or the least priveleged in NETWORK SERVICE).

ANYHOW/ANYWAYS: Well - That's my "Top 17", so far @ least, for Windows 7, for now... IF I find more?

I'll put them up for your reference (and do pay attention to points in this guide too, as more than a few STILL APPLY to Windows VISTA, Windows Server 2008, & yes, Windows 7 still too)...

APK

P.S.=> NOW - For even MORE "speed-enhancing" services tunings (the above are for SECURITY mostly, but also help you gain speed by plain jane just not running them (pretty common-sense nowadays, & generally accepted as OK, even since the days when I authored what is probably the FIRST publicly noted guide for "Speedup & Securing Windows NT-based OS'" over @ NTCompatible.com as their "Article #1", which Neowin noted back in 2001 when they finally "got wind of it", here -> http://www.neowin.net/news/main/01/1...-security-text & they rated it very well also))?

Well, you may wish to check out "BLACK VIPER'S GUIDE", here:

http://www.blackviper.com/Windows_7/servicecfg.htm

It's GOOD, & VERY CURRENT + ACCURATE (& flexible)!

Amazes me, that ENTIRE SITES 'sprang up' out of the guide I did ages ago & based on the SAME PREMISE as my original guide was @ NTCompatible.com (circa 1997-2002) for NTCompatible.com as their "Article #1"....

... & I am glad because spreading good information around that makes the world a better place it is just fine by me @ least... (& Black Viper's is particularly OUTSTANDING in this regards, & he "kept up on it", keeping his website running & chock full of CURRENT INFORMATION on this topic, on more current OS (I stopped doing those around the time Windows VISTA came out is why, because it has a LARGELY "self-tuning IP stack" (when I did tunings for TCP/IP networking) & by that point, I had moved onto other areas (programming MOSTLY, vs. networking/tech stuff))... apk

Last edited by APK; 11-09-2009 at 2:57 PM. Reason: Correcting a couple spelling errors (etc./et al)... apk
APK is offline   Reply With Quote
Old 11-14-2009, 7:15 AM   #80
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
In regards to the SINGLE "bug" that has surfaced on Windows 7... apk

Per this security notification from SECUNIA.COM:

http://secunia.com/advisories/37347/

Microsoft Windows SMB Response Denial of Service Vulnerability

PERTINENT QUOTE/EXCERPT:

----

"Description:

Laurent Gaffié has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing SMB packets received from an SMB server.

This can be exploited to hang an affected system by tricking a user into connecting to a malicious SMB server via e.g. a specially crafted web site opened in Internet Explorer.

The vulnerability is confirmed on a fully patched Microsoft Windows 7 and reported in Microsoft Windows Server 2008 R2."

AND:

'Solution:

Block outbound connections to untrusted SMB servers via a firewall."

----

So, that evidence as "said & aside"? Well...

THIS OUGHT TO SERVE, "in the meantime @ least" (until a patch from MS is issued next "Microsoft Patch Tuesday" I suppose) to "FIX" that problem:

(If it works, it's by pure luck & I posted it above as more of a "speed boost" by not running a service you do NOT really need (as a 'standalone single system logged into the internet only' but not attached to a home or work LAN/WAN), but the WORKSTATION service does function to provide SMB services, & cutting it off SHOULD technically "do the job here" to protect one's self vs. this "bug/possible exploit"....

So, quoting myself from above:

Quote:
Originally Posted by APK View Post
OK, for those of you that have "moved on" to VISTA (or Windows Server 2008 & Windows 7), as I have recently, in my now using Windows 7 64-bit here?

====

Start up SERVICES.MSC (You will need this for turning on/off various services is why)

3.) I have also been able to turn off the WORKSTATION service as well on Windows 7, albeit, ONLY AFTER I BOOTUP & LOGON in test so far, not sure if you can DISABLE it & still logon, so... keep that in mind!

(This service deals in SMB (server message block iirc) networking)

Turning it off, like any service you don't really need, results in YOUR saving more CPU cycles, RAM, & other forms of I/O also, + even electric power really...

As you're not running a program & using power, just like ANY of the above or below recommendations for turning off programs of most anykind really do (albeit, this isn't as much of a "security gain" as the top 2 above are imo) - do NOT do this if you are part of a LAN/WAN though, you need it in those environs typically.
I guess, now, in this case, vs. this "bug?" Well, it IS a security patch too, & not just a "speed booster"... per the bolding I just did above, where I said it's really only a 'speed boost'.

So give this a go, alongside the firewall rules table vs. outbound SMB connections, for now @ least until MS patches it, for securing AND SPEEDING UP, a Windows 7 system!

(Once more -I did WORKSTATION SERVICE stalling, albeit, only for speed, but I wager, again, by luck, it should work vs. this bug also, just because of what WORKSTATION service provides (i.e.- SMB services)).

APK

P.S.=> Some work in IE may be needed also, but, this is all I have, for now, vs. this exploit possibility thusfar, so 'turn off' WORKSTATION SERVICE (once you have logged on that is, because I am NOT 110% sure you can & still logon to your Windows 7 systems is all) & do a firewall rule for outbound SMB connectivity...

(Albeit @ this point, I am NOT sure if you can do that AND still LOGON to Windows, so only turn it off in services.msc once you have logged yourself in, & DO PAY ATTENTION TO CREATING A FIREWALL RULE FOR OUTBOUND SMB BASED CONNECTIONS, BLOCKING THEM FROM GOING "OUTBOUND" FROM YOUR SYSTEMS TOO)... apk

Last edited by APK; 11-14-2009 at 7:28 AM. Reason: Correcting a single spelling error... apk
APK is offline   Reply With Quote
Old 11-15-2009, 4:20 PM   #81
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Good news on SETTING WORKSTATION SERVICE TO MANUAL & why (vs. SMB bug in Win7)

Good news on setting WORKSTATION SERVICE to manual, in SERVICE.MSC, vs. this new flaw in Windows VISTA/Server 2008/VISTA:

Quote:
(Albeit @ this point, I am NOT sure if you can do that AND still LOGON to Windows, so only turn it off in services.msc once you have logged yourself in, & DO PAY ATTENTION TO CREATING A FIREWALL RULE FOR OUTBOUND SMB BASED CONNECTIONS, BLOCKING THEM FROM GOING "OUTBOUND" FROM YOUR SYSTEMS TOO)... apk
Well, good news:

Upon testing this here, & on Windows 7? You CAN still logon to your system, even IF WORKSTATION SERVICE is set to "MANUAL" startup type in SERVICES.MSC (this also holds true all the way down to Windows 2000 SP #4, as I had my pal Jack the PI test it for me upon my request, & he too can logon to his Windows 2000 rig no problems, with WORKSTATION effectively disabled (via MANUAL, not DISABLED setting, for startup type on said service)).

Thus, again, since WORKSTATION SERVICE provides & manages SMB (server message block iirc, as to this acronym's expansion) services, & the single flaw in Windows 7 &/or Windows Server 2008 are exploited thus by a flaw in SMB? This SHOULD "take care of that too", lickety-split, no "SHEET"...

APK

P.S.=> Well, now that that's been "said & aside"? 'Onwards & UPWARDS!"... OH - & again: This is for machines that are "standalone systems" hooked to the internet via a DSL or Cable router (or even dialup), or thru a home Router/modem, that are NOT "ACTIVE DIRECTORY" or otherwise (SMB/NetBIOS/LanMan networking or NetBEUI even (or otherwise)) system: You will need to keep WORKSTATION service up & running in those environs, especially for shared disk/folder/file access in LAN/WAN environs... apk

Last edited by APK; 11-15-2009 at 4:24 PM.
APK is offline   Reply With Quote
Old 11-18-2009, 3:09 PM   #82
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
A point I got today, 1 overlooked by myself oddly (you'll see why), so credit is due

Another great point by another user from another forums today, for Windows 7 folks (VISTA too, & of course, Windows Server 2008), from a fellow named "AlphaAlien" here -> http://www.hardwaregeeks.com/board/s...440#post410440

(LOL! Oddly, it's one I overlooked from my OWN GUIDE here, that I applied to Windows 2000/XP/Server 2003, but had "overlooked" in my tips about Windows 7 just above, specifically... &, it IS a good idea, + one I ended up "expanding on" so, I have to thank AlphaAlien for "getting the ball rolling" in my brain here, lol, once more so I could suggest his point (one I suggested here again, no less, for the OLDER MS' OS of Windows NT-based ancestry) & expand on it even more... probably wouldn't have done it w/out he, so, credit goes, where credit is due imo).

This is a good point too, so... here goes:

Open up gpedit.msc (you can do this from the "Windows Start button" (is it STILL called that now, in Windows 7/VISTA etc. I wonder?) & the RUN or search command). In it, follow its left-hand side pane's tree items down THIS path:

Computer Configuration
Administrative Templates
Network
Network Connections
Windows Firewall
Domain Profile (only use this one IF you are not part of a LAN/WAN or connect to them, & you don't need to do some of what is suggested to turn off there - & you can though, if you don't need to do the stuff we're going to 'crank off' here, especially if you are a single system home user)
Local Profile (this one users with a single system @ home that's not part of a home LAN should do)

NOW, once there? Use the RIGHT-HAND SIDE PANE items of (now quoting our exchange from the URL above, saves me time, & I have programming assignments in JAVA to do so, excuse the use of this DIRECT quote from the URL above):

Prevents administrative remote management services.


Looks good to me, especially for most folks (which, face it, most folks don't have home "LAN/WAN" setups (mainly people who are way, Way, WAY "into computing" do imo & experience)).

Since they're mainly single system users, & @ home (which I found professionally on a job in 2006 that they're the most "abused" typically as well by malware etc. et al) - they're the folks I put this out for mostly, if they want to take the initiative & time to do it is all. They need it the most, from what I've seen, so... here 'tis.

As long as you don't perform remote administration tasks? You should probably turn the ability for "remote administration" off as AlphaAlien points out.

I'd have to add this point of AlphaAlien's now though: This same idea/technique/tip/trick can also be done for the DOMAIN and LOCAL profiles there too, and, it also points out a couple others to remove, possibly too (such as UPnP, Remote File & Printer Access, Remote Desktop, setting them as DISABLED there, & possibly to even ICMP also (ping basically))

The PING & UDP ones may affect other wares though, so, test @ your leisure on those 2.

(Sounds like a good move, as imo @ least, it really supplements cutting off:

A.) Server (allows shares) + Workstation (provides SMB services, in services.msc (& an outbound BLOCK rule in the firewall vs. TCP/UDP for PORTS 139 & 445 (this one mainly, will stall this newly surfaced "bug" noted above in Windows 7 & Server 2008))
B.) Terminal Services/Remote Desktops
C.) Cutting out Client for MS Networks + File & Print Sharing in your local area network connection (clients & protocols sections) & also NetBIOS over TCP/IP in the WINS section of the local area connection too.
D.) Disabling TCP/IP over NetBIOS in services.msc as well
E.) "Stalling out share$", via a batch or .cmd file (possibly even a powershell script as well) & I mean, any shares: Even default ones like in the batch above
F.) Setting secured ACL's on the filesystem + registry as well via explorer.exe OR cacls possibly, & regedit.exe

(Then, your firewall can do the rest, as far as "inbound intrusion attempts" - I don't think there's much other than that to "get ahold of", & even a nullsession attempt ought to be stalled between this, & the secpol.msc work (plus HOSTS & AnalogX's IP Security Policy as well)))

Thanks for the solid point AlphaAlien: It got my "wheels rolling" on a couple of others in gpedit.msc (which I did suggest for Windows 2000/XP/Server 2003 already earlier in this guide), but, I overlooked here, so I added on the rest.

APK

P.S.=> Oh, AlphaAlien: I am going to credit you with this & put your points out, in your name of course, in regards to this setting in Group Policy Editor on the other 20 or so forums I can still edit this post on as well, hope you don't mind (it's a good solid point, & I do credit others where/when/how/why credit is due they, for solid points) - I am not sure if linking to your photo will work or not (depending on where YOU store it that is), so I may have to "expand" the tree items in gpedit.msc manually in text, so... in any event, there you are... apk
APK is offline   Reply With Quote
Old 11-28-2009, 1:38 PM   #83
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
New IE6/IE7 bug + workaround/fix... apk

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution:

http://support.microsoft.com/kb/977981

The new bug in IE6 & IE7 can be patched above (allowing IE6/7 to "opt-in" to DEP (data execution prevention)) using the "FIX IT" button noted there (which applies a database of apps to support DEP apparently, inclusive of IE variants).

The original article explaining the nature of the attack is here:

http://www.microsoft.com/technet/sec...ry/977981.mspx

As well as it listing what Operating System versions are affected adversely thus, there.

APK

P.S. => This is the 2nd URL's list of affected IE versions, & on which Windows NT-based OS variants also:

PERTINENT EXCERPT:

Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

At this time, we are aware of no attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

• Internet Explorer 8 is not affected.
• Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
• By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

General Information
Overview

Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the Mitigating Factors, Workarounds, and Suggested Actions sections of this security advisory.

Advisory Status: The issue is currently under investigation.

Recommendation: Review the suggested actions and configure as appropriate.References Identification

CVE Reference
CVE-2009-3672

Microsoft Knowledge Base Article
977981

----

This advisory discusses the following software.Affected Software

Windows XP Service Pack 2

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista Service Pack 1 and Service Pack 2

Windows Vista x64 Edition

Windows Vista x64 Edition Service Pack 1 and Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1 and Windows Vista Service Pack 2, and Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Non-Affected Software:

Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4

Internet Explorer 8 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 8 for Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, and Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8 in Windows 7 for 32-bit Systems

Internet Explorer 8 in Windows 7 for x64-based Systems

Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems

Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

----

... apk

Last edited by APK; 11-28-2009 at 1:49 PM.
APK is offline   Reply With Quote
Old 01-23-2010, 1:35 PM   #84
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
NEW serious BUG in IE 5-8, but, with PATCHES now vs. it

I picked up on some information that you guys MAY wish to know about (especially IF you use Internet Explorer (all models/versions)):

GET THE PATCH FOR IE 5.01 - IE 8.0 (on ALL Windows versions of NT-based origins (2000/XP/Server 2003/Server 2008/VISTA/Windows 7)) FOLKS!

It was issued "Out-Of-Band" (meaning MS didn't wait for "Patch Tuesday" to roll around again (2nd Tuesday of every month)).

(&, you can do that via "Windows Update" of course, but that takes MORE TIME for that to "take" typically, than nabbing it directly, here would do for you, since you can install it yourselves, directly & immediately):

http://www.microsoft.com/technet/sec.../ms10-jan.mspx




This isn't a joke people & it's NOT THE SAME BUG IN MY LAST POST ABOUT IE EITHER!

So, please... See here:

Widespread attacks exploit newly patched IE bug:

http://www.itworld.com/security/9367...patched-ie-bug

It's seriously being exploited, & that's only what they KNOW about.

APK

P.S.=> AND, "there ya are" - Enjoy!... So, after all? It's YOUR MONEY & TIME folks! (that's all)... apk
APK is offline   Reply With Quote
Old 01-23-2010, 3:51 PM   #85
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
IF you had trouble finding the download link for the IE 5-8 fix? See below

IF you are having trouble FINDING the link to the download for this IE 5-8 patch, for most ALL Windows NT-based OS' by Microsoft?

Try this:

MS10-002 Cumulative Security Update for Internet Explorer (978207)

Look for THAT on the page...

(There you go, per FloppyBootStomp, a moderator @ this website -> http://www.pcreview.co.uk/forums/thread-3511888-7.php where this security guide is also hosted, who had noted it was a bit difficult to find there, per the IE security vulnerability I noted above in my last post...)

APK

P.S.=> Well, to save you time? The DIRECT linkage is here -> http://www.microsoft.com/technet/sec.../ms10-002.mspx so, "have @ it" folks, & enjoy... apk
APK is offline   Reply With Quote
Old 01-28-2010, 4:42 AM   #86
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Newly discovered security vulnerability in ALL 32-bit Windows NT-based OS'

A security vulnerability exists in, and has existed in since 1992-1993, the emulation subsystems for DOS &/or Win16 applications under 32-bit versions of Windows NT-based OS:

Microsoft Security Advisory (979682)

Vulnerability in Windows Kernel Could Allow Elevation of Privilege:


http://www.microsoft.com/technet/sec...ry/979682.mspx

----

THE "FIX":

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems

(via removing support for said subsystems by blanking out the files they point to.)

These excerpts will help you identify each component used:

The NTVDM:

16 bit DOS and older 16 bit windows applications are supported by the NT virtual DOS machine (NTVDM) which runs in the Client/Server Runtime (CSR) subsystem. Since each copy of the NTVDM is given its own thread of execution, if it fails, it will not affect the operating system or other programs.

The following components support the NTVDM:

NTVDM.EXE - Starts the NTVDM and emulated the DOS environment.

NTIO.SYS - Emulates the DOS IO.SYS system file.

NTDOS.SYS - Emulates the DOS.SYS file.

Virtual Device Driver (VDD) - Used to allow DOS to interface with system devices on various ports such as the mouse, keyboard, serial ports, parallel ports, and video devices. This component is required since DOS expects to access hardware devices directly, but cannot do so when running on Windows NT.

VDMREDIR.DLL - Redirects file system input/output requests to the Win32 subsystem.

AUTOEXEC.NT - Replacement for AUTOEXEC.BAT.

CONFIG.NT - Replacement for CONFIG.SYS.

NT always loads a PIF for MS-DOS based applications. You can create a PIF to define requirements of the DOS application such as memory needs. In Windows NT 4.0, the PIF settings can be accessed by right clicking on the DOS executable file and selecting properties. On RISC based systems, an instruction execution unit (IEU) works with the NTDVM to emulate I383 Intel processor instruction sets.

----

What this "fix" (hopefully only needed temporarily) does, is remove the subsystem for DOS/Win16 applications.

It is the ONLY "work-around" I am aware of for this until it is fixed, IF ever, and it is very similar to a recommendation that others "tear out" the POSIX subsystem for the same potential reasons: Security vulnerabilities issues.

(The only people that need to be concerned here, are those running 32-bit versions of Windows NT-based OS (NT 3.x, NT 3.5x, NT 4.0, Windows 2000/XP/Server 2003/VISTA/Server 2008/7), because 64-bit versions of Windows OS do not have a 16-bit subsystem emulator present in them)

APK

P.S.=> Many, if not MOST, people today can do without these entries, UNLESS they have legacy applications from DOS or 16-bit Windows applications they need for "mission critical" purposes... those folks will have to leave these in place until a fix is created by Microsoft (the same can go for those who don't need this as well, but you "take your chances" until MS fixes this)... apk

Last edited by APK; 01-28-2010 at 5:07 AM. Reason: Pulling the Win16 "WOW" emulation subsystem data (unnecessary I think)
APK is offline   Reply With Quote
Old 01-28-2010, 5:58 AM   #87
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Easier/Faster/Simpler method of fixing what I note above

To help users automate this fix for the security issue in the NTVDM DOS 16-bit emulation subsystem present in 32-bit Windows NT-based OS (all of them & since 1992-1993 no less) that was noted in my last post above, You can do this far faster/easier/simpler, by using something Microsoft themselves devised to make it easier & simpler than registry editing, see the URL below:

http://support.microsoft.com/kb/979682

(It's easier/faster/simpler than wholesale disabling via renames or deletions of the files the NTVDM DOS 16-bit emulation subsystems components as shown above OR via registry edits, & thus, you can use what's in that URL above instead (and enable it again easily enough when a fix arrives IF you choose to do so as well)).

APK
APK is offline   Reply With Quote
Old 03-29-2010, 4:04 PM   #88
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
If a website prompts you to press the "f1" key? Don't!

IF A WEBSITE PROMPTS YOU TO PRESS THE "F1" KEY? DON'T!

Here is why:

http://secunia.com/advisories/38727/

Secunia Advisory SA38727

Microsoft Windows "MsgBox()" HLP File Execution VulnerabilitySecunia Advisory SA38727
Track and eliminate the complete Vulnerability threat lifecycle

Release Date 2010-03-01

Criticality level Moderately critical

Impact System access

Where From remote

Solution Status Unpatched

Operating System(s):

Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description

Maurycy Prodeus (my fellow "polish person") has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the VBScript "MsgBox()" function allowing the execution of arbitrary HLP files. This can be exploited to execute an HLP file from e.g. an SMB share by tricking a user into pressing F1 when viewing a specially crafted website.

Successful exploitation allows execution of arbitrary commands via HLP macros.

The vulnerability is confirmed with Internet Explorer 7 on a fully patched Windows XP SP3, and additionally reported in Windows 2000 and Windows Server 2003.

Solution

Avoid pressing F1 on untrusted websites. Disable Active Scripting support.

APK

P.S.=> I was a "wee bit" slow on posting this one, but, here tis (around 28 days later than I ordinarily would, sorry about that, "busy boy" here is all)... apk
APK is offline   Reply With Quote
Old 03-31-2010, 6:37 AM   #89
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Out-of-Band emergency IE updates issued by MS

MS Issues Emergency IE Security Update:

http://www.microsoft.com/technet/sec.../ms10-018.mspx

----

Microsoft has issued an emergency patch for 10 IE security holes. 'The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. Software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.

----



* This one closes a LOT of "security holes" in Internet Explorer, through ALL of Microsoft's 32 & 64 bit Windows NT-based Operating Systems of "modern variety"...

APK

P.S.=> Well, "have @ it folks", & that's "hot off the presses"... enjoy! apk
APK is offline   Reply With Quote
Old 04-07-2010, 9:11 AM   #90
APK
Member
 
Join Date: Dec 2007
Location: In a discrete point in the Space-Time Continuum
Posts: 90
iTrader: (0)
Custom HOSTS file population list updated

For those of you who are aware of the advantage of using a custom HOSTS file, for both noticeable added speed, AND NOTICEABLE ADDED SECURITY ONLINE (this latter being via the SIMPLE PRINCIPLE of "You can't get burned, if you can't go into the 'malscripted site kitchen'")?

I have just edited my post point #5 here with the list below (of reputable & updated sites that keep lists of KNOWN BAD SITES &/or SERVERS, or entire HOSTS files too) so you can integrate their entries into YOUR CUSTOM HOSTS FILE (as I have been doing for years now, with approximately 814,000 entries of known bad sites &/or servers in it):

RESULTS USERS WHO HAVE USED MY HOSTS FILE ARE SEEING? OK - THIS TESTIMONIAL SHOULD SERVE THE PURPOSE AS A "NUFF SAID":

----

http://forums.theplanet.com/index.ph...st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK."

- Kings Joker, user of my guide @ THE PLANET

----

So, as you can see?

Someone who used to get HUNDREDS of malware infestations a month, by stumbling into bad malscripted websites or those that serve up malware executable downloads, etc./et al, is now FAR BETTER PROTECTED by the version of my HOSTS file I use, & NO LONGER SEES THAT LEVEL OF INFESTATION, no less!

(He gets it each day from me, via email, because I keep up on it everyday via the lists below (And, via a program I wrote to integrate the entries, alphabetize them (helps with DNS client cache loads, or B-Tree populations in diskcache), & lastly, to "normalize it" via duplicated entries removal (so file is smaller & faster to load/read too))

It just works!

Additionally, it works SO WELL, that Kings Joker above runs Windows 2000, no service packs, no hotfixes, no antivirus, no antispyware programs (he just installed them recently to check his infestations levels in fact, but for 1/2 a year++ or more, he did not to test this, acting as my "Lab Rat #1 in fact)... And, his results? NO SPYWARE/MALWARE/TROJANS/VIRUSES/WORMS (NO malware-in-general):

For direct reply on his findings & results? Write he here -> walbergerj@yahoo.com

He can "fill you in" on the rest, as to his results &/or findings (which basically state that all you need, is to run a protective custom HOSTS file that's kept current, & be judicious about your usage of javascript (both points are covered in this article/guide, extensively, AND THEY WORK!)

----

ADVANTAGES OF HOSTS FILES OVER BROWSER ADDONS ALONE, & EVEN DNS SERVERS:

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them, while HOSTS files only really consume "CPU cycles" during their loads (a programming data storage construct, which is an analog to a PASCAL record). Then, the IP stack uses the DNS client C/C++ structure, or possibly an object (not sure anymore, I'd have to see the BSD reference code again to be sure) to do the rest (that, or the local diskcache, because if you have a LARGE hosts file, you have to turn off the DNS Client Cache service, or your system will lag badly (I have notified Microsoft of this occurrence in fact, directly))!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

6.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers, as they are NOT code, & because of what's next too

8.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.

9.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE - NOt just a single webbrowser type (e.g. FireFox/Mozilla & its addons exemplify this, such as ADBLOCK)

10.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own, & this? This stops that cold, too! Bonus...

(Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock, &/or NoScript (especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security")

APK

P.S.=> To keep "ontop of the latest known malicious sites" online? See these sites (1 I mentioned here already, this is the rest of the list I use, & others too):

START OF WEBSITES & SOURCES + TOOLS I USED TO POPULATE THIS LIST + MY ORIGINAL LIST OF BLOCKED ADBANNERS SERVERS

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home
http://www.malwareurl.com/listing-ur......urls=off&rp

Between they, & SpyBot "Search & Destroy"? You have most of, if not ALL of what a "body needs" for these purposes. if you know of others? Please list them, & thanks! apk

Last edited by APK; 04-07-2010 at 9:33 AM.
APK is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 8:20 AM.


Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright © 2001-20013 by Xtreme PC Central.com All rights reserved.