Discussion:
Thousands of home computers infiltrated after hackers infect websites with booby-trapped ads
(too old to reply)
Virus Guy
2011-03-03 16:03:47 UTC
Permalink
As usual - running Win-98 and/or having a comprehensive or up-to-date
HOSTS file is the answer here.

=======================================================

http://www.dailymail.co.uk/sciencetech/article-1362205/Thousands-home-computers-infiltrated-hackers-infect-high-profile-websites-booby-trapped-ads.html

Thousands of home computers infiltrated after hackers infect
high-profile websites with booby-trapped ads

By Graham Smith
Last updated at 7:59 AM on 3rd March 2011

Tens of thousands of people are feared to have had their computers
infected by booby-trapped adverts on websites including the London Stock
Exchange as the full extent of a cyber-attack which began on Sunday
becomes apparent.

The scam, which also involved ads on Autotrader, Vue and six other
websites, began on Sunday after cyber-criminals hacked into an ad firm's
IT system.

Malicious adverts were then released which caused fake virus warnings to
pop-up on computers belonging to those surfing the affected sites.

Bogus warnings: The malicious adverts caused fake security warnings to
appear on the screens of people surfing the affected websites. They were
then asked for payment to remove them.

After telling them that their computer was infected, the bogus
diagnostic screen asked for payment to remove the 'infection'.

It is thought the scam only affected PC users running Safari, Chrome or
Firefox browser.
Dustin
2011-03-03 18:08:44 UTC
Permalink
Post by Virus Guy
As usual - running Win-98 and/or having a comprehensive or
up-to-date HOSTS file is the answer here.
LOL, I'd have to disagree. I can run an NT machine here for months on end
without restarting. Win9x (and ME) have a bug which will cause them to
crash on you after roughly 45 days. Hard to take advantage of the newer
hardware using windows 9x. Hell, you can't even get windows XP loaded on
some of it now.

Playing it safe and not surfing the web without safe guards in place is
the answer.
--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?
FromTheRafters
2011-03-03 19:37:49 UTC
Permalink
Post by Dustin
Post by Virus Guy
As usual - running Win-98 and/or having a comprehensive or
up-to-date HOSTS file is the answer here.
LOL, I'd have to disagree. I can run an NT machine here for months on end
without restarting. Win9x (and ME) have a bug which will cause them to
crash on you after roughly 45 days. Hard to take advantage of the newer
hardware using windows 9x. Hell, you can't even get windows XP loaded on
some of it now.
Playing it safe and not surfing the web without safe guards in place is
the answer.
Just out of idle curiosity, do you use the hosts file for filtering out
known adware/spyware domain names?

Personally, I've never had anything but the default localhost entry in
any of mine.
ASCII
2011-03-03 20:15:57 UTC
Permalink
Post by FromTheRafters
Personally, I've never had anything but the default localhost entry in
any of mine.
That's all there is, or needs to be, on here.
If I want someone else selecting my online destinations,
I'll just go to the library and shoulder surf the public machines.
FromTheRafters
2011-03-03 23:08:46 UTC
Permalink
Post by ASCII
Post by FromTheRafters
Personally, I've never had anything but the default localhost entry in
any of mine.
That's all there is, or needs to be, on here.
If I want someone else selecting my online destinations,
I'll just go to the library and shoulder surf the public machines.
I knew that about you and your system, was curious about Dustin's setup.
My guess is that he does the same.
G. Morgan
2011-03-03 21:03:33 UTC
Permalink
Post by FromTheRafters
Just out of idle curiosity, do you use the hosts file for filtering out
known adware/spyware domain names?
Personally, I've never had anything but the default localhost entry in
any of mine.
You didn't ask me, but lemme tell ya my experience. If you use the MSMVP HOSTS
file, along with Ad-Block+ and Ghostery in FF, you'll rarely see any ads.

The bonus of the HOSTS file is that pages load much faster when they don't have
to resolve all the ads, the ad-servers all are told to goto localhost (which
results in a 404).
~BD~
2011-03-03 22:25:49 UTC
Permalink
Post by G. Morgan
Post by FromTheRafters
Just out of idle curiosity, do you use the hosts file for filtering out
known adware/spyware domain names?
Personally, I've never had anything but the default localhost entry in
any of mine.
You didn't ask me, but lemme tell ya my experience. If you use the MSMVP HOSTS
file, along with Ad-Block+ and Ghostery in FF, you'll rarely see any ads.
The bonus of the HOSTS file is that pages load much faster when they don't have
to resolve all the ads, the ad-servers all are told to goto localhost (which
results in a 404).
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?

http://www.hosts-file.net/

After all, it's the one used by Malwarebytes!
G. Morgan
2011-03-03 22:47:56 UTC
Permalink
Post by ~BD~
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
After all, it's the one used by Malwarebytes!
I use a program called "Hostsman" that is able to get that one, the MSMVP one,
"Peters Lowe's ads list", etc...

I had hpHOSTS for a while but I think I found it too restrictive. I just d/l'ed
the update and will see how it goes. I just went from about 15k blocked domains
to 133,606.... We'll see.
~BD~
2011-03-03 22:53:14 UTC
Permalink
Post by G. Morgan
Post by ~BD~
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
After all, it's the one used by Malwarebytes!
I use a program called "Hostsman" that is able to get that one, the MSMVP one,
"Peters Lowe's ads list", etc...
I had hpHOSTS for a while but I think I found it too restrictive. I just d/l'ed
the update and will see how it goes. I just went from about 15k blocked domains
to 133,606.... We'll see.
I looked here http://www.abelhadigital.com/hostsman

It says:-

Requirements:-

Windows 98SE, Me, NT4 SP6, 2000, XP, Server 2003, Vista, Server 2008,
Windows 7

No good for my iMac or the Linux users! <rolls eyes> :(
G. Morgan
2011-03-03 23:10:55 UTC
Permalink
Post by ~BD~
I looked here http://www.abelhadigital.com/hostsman
It says:-
Requirements:-
Windows 98SE, Me, NT4 SP6, 2000, XP, Server 2003, Vista, Server 2008,
Windows 7
No good for my iMac or the Linux users! <rolls eyes> :(
Would this help?
http://www.apple.com/downloads/macosx/development_tools/gasmask.html
~BD~
2011-03-04 08:00:23 UTC
Permalink
Post by G. Morgan
Post by ~BD~
I looked here http://www.abelhadigital.com/hostsman
It says:-
Requirements:-
Windows 98SE, Me, NT4 SP6, 2000, XP, Server 2003, Vista, Server 2008,
Windows 7
No good for my iMac or the Linux users!<rolls eyes> :(
Would this help?
http://www.apple.com/downloads/macosx/development_tools/gasmask.html
Thank you!

This is what it shows on my machine:

127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost


I then 'Googled' and found this
http://superuser.com/questions/241642/what-is-the-relevance-of-fe801lo0-localhost-in-etc-hosts

I guess all is just as it should be!

Please tell me if you think otherwise!
--
Dave
FromTheRafters
2011-03-04 23:21:30 UTC
Permalink
Post by ~BD~
Thank you!
YW
Post by ~BD~
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
That is not much of a HOSTS file, in fact the last 3 entries make no sense.
That file is doing nothing.

It sets the alias "localhost" for the loopback and the alias "broadcasthost" for
the broadcast (I can't imagine why). The rest is IPv6 stuuf if I'm not mistaken,
Post by ~BD~
I then 'Googled' and found this
http://superuser.com/questions/241642/what-is-the-relevance-of-fe801lo0-localhost-in-etc-hosts
I guess all is just as it should be!
Here is my HOSTS file. I reverted to MSMVP file only, the other one *was* too
restrictive.

[huge snip of totally ridiculous hosts file]

See Ant's response about the wrong tool for the job.
G. Morgan
2011-03-05 01:20:35 UTC
Permalink
Post by FromTheRafters
See Ant's response about the wrong tool for the job.
I'm not installing a firewall.

Nice link BTW. I just turned on IPv6 on 2 sites. They officially ran out of
the 4 billion IP addresses last week.
John Mason Jr
2011-03-04 17:18:32 UTC
Permalink
Post by ~BD~
Post by G. Morgan
Post by ~BD~
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
After all, it's the one used by Malwarebytes!
I use a program called "Hostsman" that is able to get that one, the MSMVP one,
"Peters Lowe's ads list", etc...
I had hpHOSTS for a while but I think I found it too restrictive. I
just d/l'ed
the update and will see how it goes. I just went from about 15k
blocked domains
to 133,606.... We'll see.
I looked here http://www.abelhadigital.com/hostsman
It says:-
Requirements:-
Windows 98SE, Me, NT4 SP6, 2000, XP, Server 2003, Vista, Server 2008,
Windows 7
No good for my iMac or the Linux users! <rolls eyes> :(
Why add another program to just manage a couple of text files

wget, sort,uniq will do what you need


John
Bullwinkle
2011-03-04 20:22:53 UTC
Permalink
So what? Why would you want it?


You and your butt buddy say you and Linux
can not get infected.

"~BD~" <~BD~@nomail.afraid.com> wrote in message news:***@bt.com...

Windows 98SE, Me, NT4 SP6, 2000, XP, Server 2003, Vista, Server 2008,
Windows 7

No good for my iMac or the Linux users! <rolls eyes> :(
iGeek
2011-03-08 10:13:52 UTC
Permalink
Post by ~BD~
Post by G. Morgan
Post by ~BD~
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
After all, it's the one used by Malwarebytes!
I use a program called "Hostsman" that is able to get that one, the MSMVP one,
"Peters Lowe's ads list", etc...
I had hpHOSTS for a while but I think I found it too restrictive. I
just d/l'ed
the update and will see how it goes. I just went from about 15k
blocked domains
to 133,606.... We'll see.
I looked here http://www.abelhadigital.com/hostsman
It says:-
Requirements:-
Windows 98SE, Me, NT4 SP6, 2000, XP, Server 2003, Vista, Server 2008,
Windows 7
No good for my iMac or the Linux users! <rolls eyes> :(
Good for linux - if you do a bit of hunting around you will find a
hosts.deny file in /etc. su to root and gedit that file. Open the
original hosts file and copy all it's entries, and paste them into
hosts.deny. Save the hosts.deny file, then close it and exit root.

Should work - worked for me
Also if you don't want to go that route use Adblock Plus on FF or Ghostery.
Dustin
2011-03-04 06:47:21 UTC
Permalink
Post by ~BD~
Post by G. Morgan
Post by FromTheRafters
Just out of idle curiosity, do you use the hosts file for
filtering out known adware/spyware domain names?
Personally, I've never had anything but the default localhost
entry in any of mine.
You didn't ask me, but lemme tell ya my experience. If you use the
MSMVP HOSTS file, along with Ad-Block+ and Ghostery in FF, you'll
rarely see any ads.
The bonus of the HOSTS file is that pages load much faster when
they don't have to resolve all the ads, the ad-servers all are told
to goto localhost (which results in a 404).
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
Pcbutts is lieing to you again.
Malwarebytes IP blocking ranges come from a variety of places.
--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?
s|b
2011-03-04 18:20:39 UTC
Permalink
Post by ~BD~
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
After all, it's the one used by Malwarebytes!
You could also use the one in SpyBot - Search & Destroy...
--
s|b
FromTheRafters
2011-03-04 19:23:02 UTC
Permalink
Post by ~BD~
Tell me, why don't you use *this* site instead of the MS MVP Hosts file?
http://www.hosts-file.net/
After all, it's the one used by Malwarebytes!
You could also use the one in SpyBot - Search& Destroy...
...or you could merge several such.
Virus Guy
2011-03-04 14:32:51 UTC
Permalink
Post by FromTheRafters
Just out of idle curiosity, do you use the hosts file for filtering
out known adware/spyware domain names?
If you use the MSMVP HOSTS file, along with Ad-Block+ and Ghostery
in FF, you'll rarely see any ads.
The bonus of the HOSTS file is that pages load much faster when they
don't have to resolve all the ads, the ad-servers all are told to
goto localhost (which results in a 404).
There has been a somewhat large increase over the past few years in the
number of ad-serving and web-tracking / web-metrics companies offering
services to site and server-farm owners/operators. There are lots of
people spending time imagining new business models that revolve around
how to come up with new ways to leverage the click-behavior of internet
users as they navigate between sites, visit or post to social media
sites, and perform e-commerce transactions. Once they have a new
concept ironed out, they form a startup business, write back-end
software and set up servers to perform the intended service, and pitch
the service to site owners.

Site or domain owners seem to have no end to an appetite to pay for and
integrate these third-party services into their web content.

By hooking into these services, new vulnerabilities are created for
hackers to infiltrate the servers of these companies and inject
malicious code or monitor valuable transaction data (personal info,
credit-card numbers, etc). For end users, these companies and the
servers they operate are a garbage or a parasitic drain on your
web-surfing experience - and can be much worse if they happen to be
serving you malware because they've been hacked into.

If you browse to any of the popular pseudo-journalistic websites
(gizmodo, cnet/zdnet, arstechnica, engadget, etc) what you don't see are
the behind-the-scenes linkages to these various ad-serving and
web-metrics services. If you had a look at the out-going log of your
broadband modem or router you would see just where or who your browser
is sending data to for any given website you browse to.

As we are seeing more and more often, nullifying the ability of your
browser to make contact with those parasitic servers will do more than
just result in a smoother and faster site-surfing experience - it will
close a vulnerability window that can expose your PC to malware. The
beauty here is that these parasitic servers operate from fixed domains
or IP addresses that rarely change.

Here's an example of some entries in my own hosts file that I've added
manually after observing their existence as a result of my own
web-surfing and file-downloading:

127.0.0.1 2o7.net
127.0.0.1 aa.newsblock.dt07.net
127.0.0.1 ad.amgdgt.com
127.0.0.1 ad4game.com
127.0.0.1 adbureau.net
127.0.0.1 addthis.com
127.0.0.1 addthiscdn.com
127.0.0.1 ad-emea.doubleclick.net
127.0.0.1 ad-g.doubleclick.net
127.0.0.1 adgardener.com
127.0.0.1 ads.ad4game.com
127.0.0.1 ads.crowda.com
127.0.0.1 ads.fulldls.com
127.0.0.1 ads.hulu.com
127.0.0.1 ak1.abmr.net
127.0.0.1 algebra.com
127.0.0.1 allslotscasino.com
127.0.0.1 allyoubet.com
127.0.0.1 amazonaws.com
127.0.0.1 amgdgt.com
127.0.0.1 an.tacoda.net
127.0.0.1 api.facebook.com
127.0.0.1 api.tweetmeme.com
127.0.0.1 api-read.facebook.com
127.0.0.1 as5000.com
127.0.0.1 asterpix.com
127.0.0.1 b.scorecardresearch.com
127.0.0.1 b.scorecardresearch.com
127.0.0.1 beacon.scorecardresearch.com
127.0.0.1 cache-01.gawkerassets.com
127.0.0.1 cache-02.gawkerassets.com
127.0.0.1 cache-03.gawkerassets.com
127.0.0.1 cache-04.gawkerassets.com
127.0.0.1 cdn.krxd.net
127.0.0.1 cgi.gstatic.com
127.0.0.1 chartbeat.net
127.0.0.1 clients1.google.ca
127.0.0.1 cm.g.doubleclick.net
127.0.0.1 com.com
127.0.0.1 com-net.info
127.0.0.1 crowda.com
127.0.0.1 cspix.media6degrees.com
127.0.0.1 digg.com
127.0.0.1 dmgt.grapeshot.co.uk
127.0.0.1 doubleclick.net
127.0.0.1 dt07.net
127.0.0.1 edge.quantserve.com
127.0.0.1 egba.eu
127.0.0.1 eproof.com
127.0.0.1 error.facebook.com
127.0.0.1 facebook.com
127.0.0.1 feeds.feedburner.com
127.0.0.1 flickr.com
127.0.0.1 fulldls.com
127.0.0.1 gamblingcontrol.org
127.0.0.1 gamblingtherapy.org
127.0.0.1 gawkerassets.com
127.0.0.1 gfxworld.ws
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 googlesyndication.com
127.0.0.1 gotomyprotectedzone.com
127.0.0.1 gra.gi
127.0.0.1 grapeshot.co.uk
127.0.0.1 gravatar.com
127.0.0.1 i.i.com.com
127.0.0.1 idgenterprise.112.2o7.net
127.0.0.1 imageshack.us
127.0.0.1 imgn.dt07.net
127.0.0.1 imrworldwide.com
127.0.0.1 instant.allslotscasino.com
127.0.0.1 jsn.dt07.net
127.0.0.1 jwtapps.com
127.0.0.1 keisu02.eproof.com
127.0.0.1 krxd.net
127.0.0.1 lightningcast.com
127.0.0.1 limestee.net
127.0.0.1 map.media6degrees.com
127.0.0.1 media6degrees.com
127.0.0.1 metrics.reedbusiness.net
127.0.0.1 mgid.com
127.0.0.1 mundofox.com
127.0.0.1 nctracking.com
127.0.0.1 objects.mundofox.com
127.0.0.1 oc.allyoubet.com
127.0.0.1 omaha.adbureau.net
127.0.0.1 onlinesecurescan.com
127.0.0.1 p.ic.tynt.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 partyaccount.com
127.0.0.1 partygaming.com
127.0.0.1 partypartners.com
127.0.0.1 partypoker.com
127.0.0.1 pgmediaserve.com
127.0.0.1 pixel.quantserve.com
127.0.0.1 platinumgmat.com
127.0.0.1 quantserve.com
127.0.0.1 reddit.com
127.0.0.1 reedbusiness.net
127.0.0.1 scorecardresearch.com
127.0.0.1 secure.partyaccount.com
127.0.0.1 server1.as5000.com
127.0.0.1 server2.as5000.com
127.0.0.1 static.addtoany.com
127.0.0.1 static.ak.connect.facebook.com
127.0.0.1 static.ak.fbcdn.net
127.0.0.1 static.travelscream.com
127.0.0.1 statse.webtrendslive.com
127.0.0.1 t0.gstatic.com
127.0.0.1 tacoda.net
127.0.0.1 tcr.tynt.com
127.0.0.1 theshoppingchannel.com
127.0.0.1 tqn.com
127.0.0.1 traffz.com
127.0.0.1 travelscream.com
127.0.0.1 tweetmeme.com
127.0.0.1 twitter.com
127.0.0.1 tynt.com
127.0.0.1 unvisitedplaces.com
127.0.0.1 viperhost.net
127.0.0.1 w.ic.tynt.com
127.0.0.1 webtrendslive.com
127.0.0.1 weeklyprizewinner.com-net.info
127.0.0.1 windows-protectonline.net
127.0.0.1 www.addthis.com
127.0.0.1 www.allyoubet.com
127.0.0.1 www.facebook.com
127.0.0.1 www.gravatar.com
127.0.0.1 www.israbox.com
127.0.0.1 www.miliwoman.com
127.0.0.1 www.partypoker.com
127.0.0.1 www.reddit.com
127.0.0.1 www.traffz.com
127.0.0.1 www.weeklyprizewinner.com-net.info
127.0.0.1 yfum.com
127.0.0.1 youtube-3rd-party.com
127.0.0.1 zulu.tweetmeme.com
Wolf K
2011-03-04 14:48:24 UTC
Permalink
Post by Virus Guy
If you browse to any of the popular pseudo-journalistic websites
(gizmodo, cnet/zdnet, arstechnica, engadget, etc) what you don't see are
the behind-the-scenes linkages to these various ad-serving and
web-metrics services.
You can see all those linked sites if you use NoScript on Firefox. You
start with JavaScript disabled by default, then allow (temporarily or
permanently) the main page of the website. NoScript shows you all the
linked sites, so you can avoid them.

However, the tracking software writers have come up with a few tricks to
reduce the value of NoScript:
a) linking the tracking site to the main page in such a way that you
can't navigate from it without allowing at least one of those additional
sites;
b) hiding the linked sites until you allow the main page.

Ad blockers don't work as well as they used to, either.

IMO, vendors that insist on your watching ads you don't want, or
cluttering their pages with 3rd party ads, etc, should not be rewarded
by buying from them. Make up a boiler-plate complaint and explanation of
why you'll look for another vendor, and mail it to them. Then go buy
somewhere else. Maybe even a real shop downtown or at the mall. They
still exist, you know. ;-)

FWIW, I don't mind ads on the "free" on-line edition of a newspaper, but
if I subscribe, I don't want any ads. Ad-free would be the incentive to
get me to subscribe. Gee, what a concept: buying nothing but news from a
newspaper! You could of course _ask_ the paper to offer you ads for
products you're looking for - when you are ready to buy, that is. The
paper could charge quite a bit more for _requested_ ads, eh?

IOW, give me control over what you offer on your website, and I'll
reward you. Shove unwanted stuff at me, and I'll avoid you.

Wolf K.
Virus Guy
2011-03-04 15:14:56 UTC
Permalink
You start with JavaScript disabled by default, then allow
(temporarily or permanently) the main page of the website.
I tried noscript several years ago and found it to be a pain in the ass,
so I stopped using it.

I think having a hosts file is a much more elegant, seamless, and
efficient way to disable unwanted web-content.

Now something I have been trying recently is "yesscript" - to remedy a
problem I'm seeing more and more often - websites that temporarily
freeze on me because of an unresponsive script.
IMO, vendors that insist on your watching ads you don't want, or
cluttering their pages with 3rd party ads, etc, should not be
rewarded by buying from them.
I simply neuter a website's ability to profit or gain from my viewership
by denying it the proper or intended operation of hooking into the
servers that are blocked by my hosts file. I think I'm sending it a
much more effective message by doing that vs not visiting that site or
vendor in the first place.
IOW, give me control over what you offer on your website, and
I'll reward you. Shove unwanted stuff at me, and I'll avoid you.
Using a hosts file gives you the control you seek in a very ergonomic
and elegant way.

Google could be put out of business tommorrow if everyone added a few
select entries in their hosts file - assuming their
internet-access-device of choice allows them the ability to have a hosts
file (or equivalent). I would think that iDevices (iPod/Pad/Phone) do
not.
FromTheRafters
2011-03-04 19:20:31 UTC
Permalink
Virus Guy wrote:

[...]
Post by Virus Guy
I simply neuter a website's ability to profit or gain from my viewership
by denying it the proper or intended operation of hooking into the
servers that are blocked by my hosts file. I think I'm sending it a
much more effective message by doing that vs not visiting that site or
vendor in the first place.
Sure, you hit them right in the wallet, but how is there a message
there? How could they know that you are blocking off-site content and
for what reason you did so?

[...]
G. Morgan
2011-03-04 20:04:16 UTC
Permalink
Post by Wolf K
However, the tracking software writers have come up with a few tricks to
a) linking the tracking site to the main page in such a way that you
can't navigate from it without allowing at least one of those additional
sites;
b) hiding the linked sites until you allow the main page.
I also use Ghostery for FF, it turns off trackers like Google Analytics.
Ant
2011-03-04 15:42:06 UTC
Permalink
Post by Virus Guy
Here's an example of some entries in my own hosts file that I've added
manually after observing their existence as a result of my own
127.0.0.1 ad-emea.doubleclick.net
127.0.0.1 ad-g.doubleclick.net
127.0.0.1 cm.g.doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 googleads.g.doubleclick.net
Which just goes to show that using the hosts file for this purpose is
an inefficient way of doing it. There's loads of doubleclick servers,
not to mention TLDs, so it's far better to have software (firewall,
filter) between your browser and the net where you can use wildcard
entries like: *.doubleclick.* for domains you want to deny.
G. Morgan
2011-03-04 20:08:58 UTC
Permalink
Post by Ant
Which just goes to show that using the hosts file for this purpose is
an inefficient way of doing it. There's loads of doubleclick servers,
not to mention TLDs, so it's far better to have software (firewall,
filter) between your browser and the net where you can use wildcard
entries like: *.doubleclick.* for domains you want to deny.
Yeah, but there are people working full time to nail down *every* ad-server. If
one slips thru, it's easy enough to add it to HOSTS.

I think the opposite, it's a very efficient way of doing it. There are no DNS
lookups for the ad's while you're waiting on content to load from the actual
site. I've seen major sites hang because the page was waiting on one ad-server
to reply.
Ant
2011-03-05 00:10:16 UTC
Permalink
Post by G. Morgan
Post by Ant
Which just goes to show that using the hosts file for this purpose is
an inefficient way of doing it. There's loads of doubleclick servers,
not to mention TLDs, so it's far better to have software (firewall,
filter) between your browser and the net where you can use wildcard
entries like: *.doubleclick.* for domains you want to deny.
Yeah, but there are people working full time to nail down *every* ad-server.
If one slips thru, it's easy enough to add it to HOSTS.
Even easier to add it to a filter if accessible from a tray icon.
Post by G. Morgan
I think the opposite, it's a very efficient way of doing it.
The hosts file, at least in Windows, doesn't handle a huge number of
entries efficiently as has been pointed out by someone else. I fail to
see how disabling the DNS client service improves this because at some
point hosts has to be loaded into memory and parsed if it's to be used
at all.
Post by G. Morgan
There are no DNS lookups for the ad's while you're waiting on content
to load from the actual site.
There are no lookups with decent filtering software, either. When it
sees the blocked domain name it won't pass on the http "GET /" request
and will return whatever you've configured it to do. In my case, it
shows a small "blocked" message where any visible content would be.
Virus Guy
2011-03-05 00:34:05 UTC
Permalink
Post by Ant
The hosts file, at least in Windows, doesn't handle a huge number of
entries efficiently as has been pointed out by someone else.
The funny (or sad) thing about that is - yes, I think it's true.

For XP that is.

It's been reported that Win-98 is somehow able to handle huge HOSTS file
without any similar performance problems.
G. Morgan
2011-03-05 01:13:22 UTC
Permalink
Post by Ant
Post by G. Morgan
Yeah, but there are people working full time to nail down *every* ad-server.
If one slips thru, it's easy enough to add it to HOSTS.
Even easier to add it to a filter if accessible from a tray icon.
Sure, if you are already running a s/w firewall. I don't like s/w firewalls,
and I've tried plenty. The Windows default firewall is good for me.
Post by Ant
Post by G. Morgan
I think the opposite, it's a very efficient way of doing it.
The hosts file, at least in Windows, doesn't handle a huge number of
entries efficiently as has been pointed out by someone else. I fail to
see how disabling the DNS client service improves this because at some
point hosts has to be loaded into memory and parsed if it's to be used
at all.
Mine is 512k, the largest object in memory now is Firefox (498k). It does not
take up memory space.
Post by Ant
Post by G. Morgan
There are no DNS lookups for the ad's while you're waiting on content
to load from the actual site.
There are no lookups with decent filtering software, either. When it
sees the blocked domain name it won't pass on the http "GET /" request
and will return whatever you've configured it to do. In my case, it
shows a small "blocked" message where any visible content would be.
And then you have the overhead of a S/W firewall, further slowing things down.
Ant
2011-03-05 13:49:44 UTC
Permalink
Post by G. Morgan
Post by Ant
Even easier to add it to a filter if accessible from a tray icon.
Sure, if you are already running a s/w firewall. I don't like s/w firewalls,
and I've tried plenty. The Windows default firewall is good for me.
I don't use a firewall.
Post by G. Morgan
Post by Ant
The hosts file, at least in Windows, doesn't handle a huge number of
entries efficiently as has been pointed out by someone else. I fail to
see how disabling the DNS client service improves this because at some
point hosts has to be loaded into memory and parsed if it's to be used
at all.
Mine is 512k, the largest object in memory now is Firefox (498k). It does not
take up memory space.
Space or not, it still has to be processed/searched. Because some
domains have many hosts it's inefficient compared to using the domain
name only.

How is Firefox using only 498K? Task Manager's memory usage (working
set) for mine is around 20,000K. Even a new instance of Notepad uses
over 1000K.
Post by G. Morgan
Post by Ant
There are no lookups with decent filtering software, either. When it
sees the blocked domain name it won't pass on the http "GET /" request
and will return whatever you've configured it to do. In my case, it
shows a small "blocked" message where any visible content would be.
And then you have the overhead of a S/W firewall, further slowing things down.
Which you have anyway if using the built-in Windows one. In any case,
I don't have a firewall installed, Windows or otherwise. What I'm
using is a small simple program that filters outgoing browser requests
and incoming cookies only. The overhead is negligible.
G. Morgan
2011-03-04 20:01:49 UTC
Permalink
Post by Virus Guy
As we are seeing more and more often, nullifying the ability of your
browser to make contact with those parasitic servers will do more than
just result in a smoother and faster site-surfing experience - it will
close a vulnerability window that can expose your PC to malware. The
beauty here is that these parasitic servers operate from fixed domains
or IP addresses that rarely change.
Yup, just last week an ad-server was hacked. If affected millions in Germany I
believe.
s|b
2011-03-04 18:19:21 UTC
Permalink
Post by G. Morgan
You didn't ask me, but lemme tell ya my experience. If you use the MSMVP HOSTS
file, along with Ad-Block+ and Ghostery in FF, you'll rarely see any ads.
I don't use Ghostery (it changed ownership to one "BetterAdvertising"),
but I do use Fx with NoScript, AdBlock Plus (+ Element Hiding Helper)
Post by G. Morgan
The bonus of the HOSTS file is that pages load much faster when they don't have
to resolve all the ads, the ad-servers all are told to goto localhost (which
results in a 404).
I also use the MVPS HOSTS-file that is found on
<http://www.mvps.org/winhelp2002/hosts.htm>
but there's a warning.

| Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine.
|
| To resolve this issue (manually) open the "Services Editor"
|
| * Start | Run (type) "services.msc" (no quotes)
| * Scroll down to "DNS Client", Right-click and select: Properties - click Stop
| * Click the drop-down arrow for "Startup type"
| * Select: Manual (recommended) or Disabled click Apply/Ok and restart. [more info]

I neglected to do this once (on a Win2k Pro SP4 system) and it resulted
in constant CPU peaks up to 100%. Certainly *not* faster (but solved
once the DNS Client was stopped).
--
s|b
G. Morgan
2011-03-04 20:48:17 UTC
Permalink
Post by s|b
I neglected to do this once (on a Win2k Pro SP4 system) and it resulted
in constant CPU peaks up to 100%. Certainly *not* faster (but solved
once the DNS Client was stopped).
That's what's nice about it's batch file installer, it turns it off for ya!
Bullwinkle
2011-03-06 11:34:10 UTC
Permalink
Hi Stooge.

Where is your boss, bd?


"G. Morgan" <***@gawab.com> wrote in message news:***@4ax.com...
"
Dustin
2011-03-04 06:45:49 UTC
Permalink
Post by FromTheRafters
Post by Dustin
Post by Virus Guy
As usual - running Win-98 and/or having a comprehensive or
up-to-date HOSTS file is the answer here.
LOL, I'd have to disagree. I can run an NT machine here for months
on end without restarting. Win9x (and ME) have a bug which will
cause them to crash on you after roughly 45 days. Hard to take
advantage of the newer hardware using windows 9x. Hell, you can't
even get windows XP loaded on some of it now.
Playing it safe and not surfing the web without safe guards in
place is the answer.
Just out of idle curiosity, do you use the hosts file for filtering
out known adware/spyware domain names?
No.
Post by FromTheRafters
Personally, I've never had anything but the default localhost entry
in any of mine.
Same here.
--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?
Loading...