[Scarecrow Man]

Moved to guides section.

I suggest reading this topic over a few days as it may be a bit much information to take in all at once.

[APK]

Seshomaru Samma, on Mar 4 2008, 07:20, said:

This Guide is excellent!
thank you very much

Can it be moved to the "essential guides" section?

Well, it appears you "got your wish"... as 'Scarecrow Man' did as you had requested!



* Pretty Cool, imo @ least, as the post thread starter & all that...

APK

P.S.=> I consider it an honor, & this is about the 5th or 6th forums (of the 20 or so forums this very same thread content appears on, verbatim) this has happened, so it must be "doing the job/working" alright for folks, which IS, what it IS all about (my "New Year's Resolution" was "DO A GOOD DEED" & it appears thusfar, I have & folks dig this post's content, which is GOOD)... I am happy about this, & thanks mods/admins, AND USERS who requested this like Seshomaru Samma above... again, thanks, & get those 90++ scores on CIS Tool folks! apk

[APK]

Gentlemen,

On the last page of this post, I had mentioned Mr. Dancho Danchev (& other sites here earlier which I noted I wanted to post a "thank-you" to, & why (custom HOSTS file construction for added speed & security)).

(BOTH better speed AND better security are VERY possibly obtained (you WILL notice it, guaranteed) by using HOSTS files THAT way)

I am going to "rehash" a bit of last page's point #10 first, as a review.

First, speed (how to gain it via HOSTS files usage):

You get that, simply by acting as your OWN DNS SERVER since you no longer have to call out to your DNS from your ISP/BSP, & even IF their DNS server goes down (or, gets "DNS poisoned" which does happen) you will STILL be able to get to your sites you list in it (bonus)!

Now - some folks like webmasters (& certainly advertisers who serve up adbanners won't) may not like this, in the blocking of adbanners, but, it is a PROVEN way to get more speed online, GUARANTEED, since you won't load adbanners data & be calling out to their servers too, saving TONS of online time used for that PLUS CPU cycles (especially in the case of Javascript driven ones)...

The past year or two alone has shown TONS of adbanners being "hiijacked" or bearing malicious code too... hence, the reason to "BLOCK OUT" adbanners servers... for speed, definitely & universally that much results, BUT, for security too (but, note - not ALL adbanners are "bad")

(HOSTS files are excellent for both speed & security... the one I post here (very old one of mine I put up as an example or starter version folks can try) works, & that shows you how to do the speedup part, inside of itself since I documented the heck out of it with examples for that)

YOU FOLKS MAY WISH TO DOWNLOAD THE OLDER EXAMPLE HOSTS FILE I POSTED @ TECHPOWERUP.COM, as a guide you can look @, & read its interior documentation for, as it will help on both counts... but, since it is older? I am going to show you folks WHERE to get more current protection basically. Hence, why I mention NRI & Mr. Danchev's blog (I use it myself)

(I even wrote the guy today to thank him no less via email)

----

HOWEVER, finally getting back on track now?

FOR SECURITY:

Mr. Danchev also nearly DAILY posts sites (obtained from reputable sources like NRI for example) that are involved with online gangs such as the "RBN"/Russian Business Network & ones like they too).

So - That all said & aside?

I am now going to add some information in my next posts after this one, that SHOULD assist those of you interested in the usage of CUSTOM HOSTS FILES for not only speeding up your internet access, but more for PROTECTING YOURSELVES ONLINE, especially today, since adbanners have been rampantly abused this way & even MICROSOFT GOT SUCKERED BY SUCH AN ATTACK & ISSUED AN APOLOGY FOR IT (it was NOT their fault really)... so, if you downloaded the example file from point #10 on last page? It can be added to easily, with the lists I am going to paste in successive posts after this one, so you can add them to YOUR custom HOSTS file, for both added online speed AND security.

APK

P.S.=> Between such a HOSTS file, & limiting the usage of javascript &/or IFrames in your webbrowsers (Opera IS best @ this, FireFox is next via the NoScript addon) from attacks by sites involved with, OR, "poisoned by", online criminal gangs such as the "RBN" (look them up online in GOOGLE if you are curious, they are WIDELY known, especially the past year or two, for rather "nefarious activities" online))? You will definitely be faster (almost an "HBO Internet" with NO COMMERCIALS) AND SAFER online!

REVIEW of point #10 "basics" from the last page, on this page now for your reference

A HOSTS file is easy to mend/edit via notepad.exe, & is typically located here:

%windir%\system32\drivers\etc

IF IT IS NOT THERE (& you should check this anyway, because a virus called QHosts redirects it to a bogus one & I am certain other virus/trojans/spywares do as well)? Check it using regedit.exe, by going here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

& being SURE it is where you have yours. I redirect mine intentionally, but that is another issue as to why (I use a Solid State Ramdisk, & load mine from there for added system startup speed, since their access/seek is 1000's of times faster than std. HDD's, even 10-15k rpm ones)

Anyhow - HOSTS file has 1 single "mandatory" (only if you are on or use a LAN/WAN network @ home OR on the job, otherwise you can technically do without it) entry, & that is this:

127.0.0.1 localhost

& that is about ALL Ms gives you (they took it from the BSD UNIX world by the by, this is NOT original by MS... nor, is their Tcp/IP stack, again, taken from BSD (widely accepted as the "best in the business" @ things IP, but, that's purely relative)... we're going to show you all how to use one, & where to get GOOD solid info. daily for securing yourself (more than speeding yourself up using them, which my example one in point #10 on the 1st page has already in it, fully documented for your use in THAT capacity), by blocking out malicious sites...

For those of you that use SPYBOT "search & detroy" for example (excellent antispyware program)? You already KNOW it fortifies you this way... but, it does NOT catch all the bad sites & only updates every so often... Mr. Danchev's site & his sources can help YOU stay ontop of it, even more currently... here goes! apk

This post has been edited by APK: 02 May 2008 - 10:31

[APK]

USING NOTEPAD.EXE

ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory):

# === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
0.0.0.0 rxpharmacy-support.com
0.0.0.0 ns3.cnmsn.com
0.0.0.0 thecanadianmeds.com
0.0.0.0 officialmedicines.com
0.0.0.0 psxshop.com
0.0.0.0 10000xing.cn
0.0.0.0 222360.com
0.0.0.0 adslooks.info
0.0.0.0 bnably.com
0.0.0.0 eqcorn.com
0.0.0.0 familypostcards2008.com
0.0.0.0 freshcards2008.com
0.0.0.0 happy2008toyou.com
0.0.0.0 happysantacards.com
0.0.0.0 hellosanta2008.com
0.0.0.0 hohoho2008.com
0.0.0.0 kqfloat.com
0.0.0.0 ltbrew.com
0.0.0.0 mymetavids.com
0.0.0.0 obebos.cn
0.0.0.0 parentscards.com
0.0.0.0 postcards-2008.com
0.0.0.0 ptowl.com
0.0.0.0 qavoter.com
0.0.0.0 santapcards.com
0.0.0.0 santawishes2008.com
0.0.0.0 siski.cn
0.0.0.0 snbane.com
0.0.0.0 snlilac.com
0.0.0.0 tibeam.com
0.0.0.0 tushove.com
0.0.0.0 wxtaste.com
0.0.0.0 yxbegan.com
0.0.0.0 iframedollars.biz
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 RUSOUVENIRS.COM
0.0.0.0 RBNNETWORK.COM
0.0.0.0 NS1.INFOBOX.ORG
0.0.0.0 NS2.INFOBOX.ORG
0.0.0.0 NS1.RUSOUVENIRS.COM
0.0.0.0 NS2.RUSOUVENIRS.COM
0.0.0.0 NS1.RUSOUVENIRS.NET
0.0.0.0 NS2.RUSOUVENIRS.NET
0.0.0.0 SBTTEL.COM
0.0.0.0 AKIMON.COM
0.0.0.0 AKIMON.NET
0.0.0.0 EEXHOST.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 VALUEDOT.NET
0.0.0.0 ns0.valuedot.net
0.0.0.0 ns1.valuedot.net
0.0.0.0 1000WATT.BIZ
0.0.0.0 2SOVKA.NET
0.0.0.0 AIDEN-GROUP.COM
0.0.0.0 AKIMON.COM
0.0.0.0 ALEKC.NET
0.0.0.0 ANDREY-STUDIO.INFO
0.0.0.0 AUTOKUBAN.INFO
0.0.0.0 AVIATRAVELAGENCY.COM
0.0.0.0 AVTOMOBILEY.NET
0.0.0.0 BAGATITSA.COM
0.0.0.0 BAIKERGROUP.COM
0.0.0.0 BALTICDOORS.COM
0.0.0.0 BALTMONOLIT.COM
0.0.0.0 BRIGADA-EL.COM
0.0.0.0 CARPRIVOZ.COM
0.0.0.0 CHILLERU.COM
0.0.0.0 CVETOVODSTVO.COM
0.0.0.0 E-GOLD-CHANGER.COM
0.0.0.0 ELECTRONOV.NET
0.0.0.0 FASHIONER.BIZ
0.0.0.0 FFFFFF.ORG
0.0.0.0 FIFACUP06.INFO
0.0.0.0 FISHTORG.COM
0.0.0.0 FKGARANT.COM
0.0.0.0 FOTORETUSH.COM
0.0.0.0 FREGATSOFT.COM
0.0.0.0 FROLROMANOFF.COM
0.0.0.0 FULLVER.INFO
0.0.0.0 GAKKEL.COM
0.0.0.0 GARANTSERVICE.ORG
0.0.0.0 GDEDENGI.INFO
0.0.0.0 GLAZKI.NET
0.0.0.0 GOLD-DRAGON.INFO
0.0.0.0 GORODM.COM
0.0.0.0 GRAYZI.NET
0.0.0.0 GRIFFINFLY.COM
0.0.0.0 HEAT-ENERGO.COM
0.0.0.0 HITEMA.NET
0.0.0.0 HYIPREVIEW.INFO
0.0.0.0 HYIPSMAP.COM
0.0.0.0 ILOXX.ORG
0.0.0.0 IMYA.INFO
0.0.0.0 INFODOSKA.COM
0.0.0.0 INTERNETWORLDBOOK.COM
0.0.0.0 KLIMATA.NET
0.0.0.0 KOMOV.NET
0.0.0.0 KOSMETICHKA.NET
0.0.0.0 LIDTRADE.COM
0.0.0.0 LIFE-RU.ORG
0.0.0.0 LPSPB.COM
0.0.0.0 M-OST.NET
0.0.0.0 M-UNLOCK.COM
0.0.0.0 MAMRU.COM
0.0.0.0 MAPSERV.COM
0.0.0.0 MASTERDOKS.COM
0.0.0.0 MIRMED.COM
0.0.0.0 MOOSEMUSE.COM
0.0.0.0 MOREPRODUCT.NET
0.0.0.0 MUSEMOOSE.COM
0.0.0.0 NESTRONICS.COM
0.0.0.0 NESTRONICS.NET
0.0.0.0 NOFUN.INFO
0.0.0.0 OIL-GAS-MINERALS.COM
0.0.0.0 OKOSHKA.NET
0.0.0.0 OPTIMUS.BIZ
0.0.0.0 OTKRITKI.NET
0.0.0.0 OTKRITOK.NET
0.0.0.0 PARALLELSIXTY.COM
0.0.0.0 PASSOMONTANO.COM
0.0.0.0 PETROBALT.NET
0.0.0.0 PHARMACY-MD.COM
0.0.0.0 PISKUNOV.NET
0.0.0.0 POIGRAI.INFO
0.0.0.0 PROETCONTRA.ORG
0.0.0.0 PSOLAO.ORG
0.0.0.0 ROSEL.INFO
0.0.0.0 SBTTEL.COM
0.0.0.0 SECONDAPPROACH.COM
0.0.0.0 SMARTSOFTLINE.COM
0.0.0.0 SMESHNOY.COM
0.0.0.0 SQUAREDREAM.COM
0.0.0.0 STROIINFORM.COM
0.0.0.0 STROYBRIGADA.COM
0.0.0.0 TANK-HOBBY.COM
0.0.0.0 TECHNONORDIC.COM
0.0.0.0 TELEUNITED.NET
0.0.0.0 TEPLOCOM.COM
0.0.0.0 THERMOCAUTERY.COM
0.0.0.0 TIARU.COM
0.0.0.0 TRADEFINANS.COM
0.0.0.0 TRADEFINANS.NET
0.0.0.0 TRAININGS-TRIUMPH.ORG
0.0.0.0 TSAR-SUVENIR.COM
0.0.0.0 UEFACUP08.INFO
0.0.0.0 UMNIKSOFT.COM
0.0.0.0 UNDERCOOLED.NET
0.0.0.0 VALIDBIT.COM
0.0.0.0 VERESC.ORG
0.0.0.0 VOROLAIN.COM
0.0.0.0 WHITENIGHTSHOSTELS.COM
0.0.0.0 WORLDFONDS.NET
0.0.0.0 XRUST.NET
0.0.0.0 YAHOCHU.COM
0.0.0.0 Z-GROUP.INFO
0.0.0.0 ZDRAV.INFO
0.0.0.0 ZHESTOV.NET
0.0.0.0 ZOOSPB.COM
0.0.0.0 goldenpiginvest.com
0.0.0.0 goldenpiginvest.net
0.0.0.0 pharmacy-viagra.net
# === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===

Also - You can (AND SHOULD) verify your HOSTS file location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe
& going here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

& checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc

(Unless you KNOW that YOU move it, as I do!)

I move mine INTENTIONALLY to another disk here that is less used & faster on seeks!

That is just so it init.'s faster since the HDD is not contending with other programs loading etc.
or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example).

----

FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage):

I.P. address block for Russian Business Network:

81.95.144.0/20 #SBL43489
(81.95.144.0 - 81.95.159.255)

And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon:

85.255.112.0/20 #SBL36702
(85.255.112.0 - 85.255.127.255)

69.50.160.0/19
(69.50.160.0 - 69.50.191.255)

194.146.204.0/22 #SBL51152
(194.146.204.0 - 194.146.207.255)

Lastly/Optionally - You should block all IPs starting with these if you do not care about Russia and China:

193.
194.
195.
213.
217.
62.64.
62.76.

(AND, A few major Internet providers that provide services to RBN including)

Tiscali.uk
SBT Telecom
Aki Mon Telecom
Nevacon LTD
Frame Cash
76service
Noc4Hosts

APK

This post has been edited by APK: 02 May 2008 - 10:35

[APK]

So you all know WHY I put up info. on the "RBN" (Russian Business Network) in my last post above?

Well, I strongly suspect "they're @ it again" & here is why:

Cyber-attack launched from 10,000 web pages:

http://itnews.com.au/News/71994,cyberattac...-web-pages.aspx

"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."

(AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)...

APK

P.S.=> I posted this on other sites that are "severely security-oriented", & I did a little "guesswork" & turned up correct... it WAS the "RBN", @ it again... hence, just reposting it here as verification from a reputable source! apk

[APK]

"New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source:

SECOND MASS HACK EXPOSED:

http://www.itnews.com.au/News/72214,second...ck-exposed.aspx

AND, the source I used for this list:

http://ddanchev.blog...ame-attack.html

And, the salient portion that notes that my suspicion was correct:

"if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"

So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:

START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
0.0.0.0 do-t-h-e.com
0.0.0.0 rx-pharmacy.cn
0.0.0.0 m5b.info
0.0.0.0 hotpornotube08.com
0.0.0.0 hot-pornotube-2008.com
0.0.0.0 hot-pornotube08.com
0.0.0.0 adult-tubecodec2008.com
0.0.0.0 adulttubecodec2008.com
0.0.0.0 hot-tubecodec20.com
0.0.0.0 media-tubecodec2008.com
0.0.0.0 porn-tubecodec20.com
0.0.0.0 scanner.spyshredderscanner.com
0.0.0.0 xpantivirus2008.com
0.0.0.0 xpantivirus.com
0.0.0.0 bestsexworld.info
0.0.0.0 requestedlinks.com
END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:

FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:

do-t-h-e.com (69.50.167.166)
rx-pharmacy.cn (82.103.140.65)
m5b.info (124.217.253.6)
hotpornotube08.com (206.51.229.67)
hot-pornotube-2008.com (206.51.229.67)
hot-pornotube08.com (206.51.229.67)
adult-tubecodec2008.com (195.93.218.43)
adulttubecodec2008.com (195.93.218.43)
hot-tubecodec20.com (195.93.218.43)
media-tubecodec2008.com (195.93.218.43)
porn-tubecodec20.com (195.93.218.43)
scanner.spyshredderscanner.com (77.91.229.106)
xpantivirus2008.com (69.50.173.10)
xpantivirus.com (72.36.198.2)
bestsexworld.info (72.232.224.154)
requestedlinks.com (216.255.185.82)

Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):

89.149.243.201
89.149.243.202
72.232.39.252
195.225.178.21



* Enjoy, stay safe, & keep surfing!

APK

[APK]

The "RBN"'s still @ it (per earlier in this guide/last page)

&

Gaining more servers to attack folks with online!

(Per my earlier posts on how to add to a HOSTS file & their IP addresses above - this gent is whom I got this info. from & he's a fairly noted security researcher + ontop of them & their activities online it seems, use him for a resource, excellent so far (proved me right in my guess above too, albeit far later than I guessed it was they, lol (pretty obvious if you follow security trends & news though to be honest)):

http://ddanchev.blogspot.com/



He has more servers there (updated list is why) vs. my own above... if you're into your online security? Refer to it & add his lists to your HOSTS file too (or, email me for mine to save time if you wish, many have).

APK

P.S.=> Hence, why I mentioned this gent & HIS sources earlier: They are accurate as all get out, & work to secure you... thank goodness for folks like he, & his sources too! apk

[APK]

Scarecrow Man, on May 1 2008, 17:14, said:

Moved to guides section.

I suggest reading this topic over a few days as it may be a bit much information to take in all at once.

Thanks Scarecrow Man, for making it an "ESSENTIAL GUIDE" here on your forums!

... It seems you have "pored over this material" & liked it, so, I guess that gives it the "official OK nod" here, which is GOOD to see (see my reply earlier to the gent who requested it be made a guide here, etc.m 2-4 posts up from THIS one)...

"IT JUST WORKS"

* Enjoy, & surf FASTER + SAFER online people!

APK

P.S.=> At your forums here, I did omit posting the added HOSTS stuff, & my apologies (I took a LOT of slack from SOME forums (filled with some seriously sanctimonious people, some banned me, or tried to tell me how to write (minus a PhD in English no less on their parts, nor were they professional writers), etc. & they really upset me since I am trying to help others no less in this post)

Some of their critiques? Well - they stated it was "too complex" etc. (& I CANNOT HELP THAT, but CIS Tool helps make it easier/simpler by far, PLUS, actually makes it "FUN" to do in a way, like any benchmarking can be)...

My further posts ontop of that only serve to cover areas (CIS TOOL DOES NOT) - not if you take this 1 line @ a time, & lookup terms you don't know or understand on say, GOOGLE or ALTAVISTA (or, just ask myself or others here, if I am not around to field questions & such on this guide's points)... pretty simple!

So, on some of the 25 or so sites this same material is on, I did omit it... because of such complaints!

However - not on other forums (most were/are heavily security oriented/"super-geeks" type sites is why), & folks there took to the concept of HOSTS files usage easier/faster!

BUT - When I began putting the info. in my previous 2-3 posts to this one, about HOSTS files usage & such, & on "regular users/folks" type forums?

I was PLEASANTLY SURPRISED to see that "ordinary users/folks" took to it like DUCKS TO WATER too... good to see, so, enjoy this added supplementary info. on HOSTS files, & Mr. Dancho Danchev's blog site too (great daily updated nearly info. in this regards in fact)... apk

This post has been edited by APK: 02 May 2008 - 10:57

[Scarecrow Man]

There's no place like 127.0.0.1.

[APK]

Scarecrow Man, on May 2 2008, 10:02, said:

There's no place like 127.0.0.1.

Aha! I see you're a "fan" of HOSTS file usage too... good man!

(& I have referenced that one from mvps.org too before (anywhere that's proven fairly reliable I will use where I can pull in information to make this file stronger, is cool by me)).

However - on 127.0.0.1? Well - I have to be sort of a "dork" here, about that: 0.0.0.0 is actually BETTER, for a couple reasons! Take a read, you will probably see/understand my reasoning (pure mathematics really & logical):



* First of all, it makes for a F A S T E R read of the HOSTS file up off disk (especially if your HOSTS file has TONS of entries as mine does current "weighing in" @ nearly 55,000++ entries) - think about it!

(It IMMEDIATELY has 2 characters less on the 1st octet (127 vs 0) & multiplied by TONS of lines for this? Makes a HUGE read & load speed diff... same functionality, via a more efficient structure (2 for the price of 1, quite literally))

** Secondly, this also lends to less disk AND MEMORY occupancy (once it's loaded into your local DNS cache in RAM etc. et al).

(Just some "food for thought"...)

APK

P.S.=> Plus, if memory serves me correctly? 127.0.0.1 actually takes SOME processing power from you, fielding requests & rejecting/filtering them to the localhosts entry, but 0.0.0.0 actually does not afaik, & acts SORT OF like doing copy filename.ext > NUL (sending it straight more-or-less, to the trashcan/null port, w/ less processing power consumed by the network stack)... However, this last part I am NOT totally sure on, but I'd wager it's straight up...

HOWEVER/NO QUESTIONS ASKED? The first part I noted (on 0 being smaller than 127 for the 1st octet) IS UNDENIABLY better for RAM consumptions, diskspace usage, & init. loadspeed! apk

This post has been edited by APK: 02 May 2008 - 16:09

[APK]

A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog... how/why?

http://mtc.sri.com/



* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!

APK

P.S.=> I tried to edit in some reference detail into the posts (#4) about HOSTS Files usage (citing a registry hack that you MAY need to perform (or not) - I will omit it, as I have never seen XP affected by THIS one, but I have seen reports of it on Windows Server 2003)...

HOWEVER - I also tried (#5) on PORTS FILTERINGS but, I can no longer edit those... so I will put that here:

(IANA port #'s references & also IANA IP port references too, to make it easier on those that are not "Tcp/IP experts" (lol, who is, you know)

These URL's will be helpful as well, bigtime (for understanding (e.g. - knowing which IP ports you need to leave open & why (or, why not) for POINT #5 on PORTS FILTERING):[/b]

IANA PROTOCOL NUMBERS LIST:

http://www.isi.edu/i...rotocol-numbers

IANA PORTS LIST (well-known, registered, & dynamic/private ports):

http://www.isi.edu/i...ts/port-numbers

Anyhow...enjoy! apk

This post has been edited by APK: 18 May 2008 - 03:47

[Mike567]

Opera, you can disable flash/java globally then right click on the site click edit site preferences and enable flash and java that way.

[APK]

Mike567, on Jun 4 2008, 13:11, said:

Opera, you can disable flash/java globally then right click on the site click edit site preferences and enable flash and java that way.

Already "present & accounted for", Mike!

Search what's between the dashed lines below, in post #2 of this thread on the FIRST page:

-----

"If you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?

Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/Javascript globally...

(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).

Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!

I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.

Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.

Either way? It works, & I STRONGLY recommend this. I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)"

-----



* It works for Java/Javascript... not for FLASH though, afaik.

APK

[Mike567]

You need to disable the plugins, where flash is located.

[APK]

Mike567, on Jun 12 2008, 11:28, said:

You need to disable the plugins, where flash is located.

Aha! So, THAT is what you meant... I thought you only meant Java/Javascript etc. (which are a danger, especially in combination with IFrames)!



* Point taken & noted, I'll put that into this one & all others across the wire, crediting YOU with that, on that account! I can't edit that in, here, though... this forums has me set as unable to edit this "guide" after a certain period, in each of its posts, or I would have done so, immediately in fact.

(I'll have you know - you've done BETTER in regards to critique of this post, than 99% of those out there, inclusive of the likes of Ms MVP's &/or security forums gurus (even KNOWN security experts in fact))

Thanks, & GOOD job man! Only 2-3 others have found "weaknesses" (3 minor ones iirc) in this guide, across 20 forums in total, & some even "SECURITY ORIENTED", specifically. This is a credit to your observance, & know-how... & thank you! You've only made this guide that much better, & STRONGER, for it.

APK

P.S.=> IF you wish? I can use your real name if you like... or, I will just note you as "Mike567 from Windows Forum"... up to you, either way, credit goes, where credit IS due... & thanks! I'll wait until you respond, & then, make those edits on this guide (it's the same one, better than here in fact, because I cannot edit here - across 15 other forums online, where I CAN EDIT its content)... apk

This post has been edited by APK: 12 June 2008 - 21:47

[APK]

Mike? I credited you across 12-15 forums where I can STILL EDIT THIS POST, inserting this snippet between the dashed lines below, into "point #13" (not numbered in this guide, but point is there as it IS right after point #12 (I can't on them all, but on most of the ones I cannot? I added this (giving credit, where credit is due))):

----

DISABLE INDISCIMINATE USE OF ADOBE FLASH:

From Mike567 (giving credit, where credit's due):

http://forums.window...s...33716&st=20

Mike567, on Jun 12 2008, 11:28, said:

You need to disable the plugins, where flash is located.

&, he's right... I "overlooked/omitted" that much!

Why is this important?? Well, take a peek here (very recent, 05/28/2008, as of the date of this posting):

Adobe Flash Zero-Day Attack Underway:

http://it.slashdot.o...0...47&from=rss

----



* Giving credit, where credit is due is all... &, I appreciate it (your help here)

APK

This post has been edited by APK: 16 June 2008 - 17:25

[Mike567]

Thanks.

Just wondering why you post it across 15 forums?

Are you planning on putting a signature link in when your post has been forgotten or what, brilliant for SEO considering your content isn't all that bad for keywords, but if you look at the google cache of this sites you will find they hide the signature links. (well used to)

[APK]

Mike567, on Jun 19 2008, 11:53, said:

Thanks.

Oh, you're VERY welcome, & I was only giving credit, where it was righttully due, you!

Plus, imo @ least?

Well - you literally did a BETTER JOB of scrutinizing my points, than even the "security pro" wannabe's out there (& yes, I challenged MANY of them across their forums to find weakness' in this guide's points... only 1 did from a security forums, & I credited he here, as I did yourself... but, 'ordinary joes' (computer users & yes, some having good expertise such as AlexStarFire &/or Thronka whom I credited)...

This point 'dovetails' into your next one, in fact...

Mike567, on Jun 19 2008, 11:53, said:

Just wondering why you post it across 15 forums?

Because, believe-it-or-not, I have had people either:

1.) Lock the thread (when I challenged the "spelling & grammar nazis" out there to find actual problems in this post's steps, instead of their MERE OPINIONS of "what good writing style is")

Fact is, that "critique/opinion" of "good writing style" simply does NOT help secure someone further, period...

(& not a single one of those said 'writing critics' possessed a PhD in English when asked to produce it either... for all we all knew as readers, to be blunt about it? They were folks with "ADD" or DYSLEXIA... & certainly NOT experts in English (most of them were people who haven't even been alive as long as I have been speaking & writing this language, no less - yet, telling me "how to write"... lol, give us a break!)

--------
&/or
--------

2.) Folks removed it on some sites, because imo? They felt threatened by its points somehow...

E.G. #1-> The "security gurus" no less, such as @ Securityforums.com (who had nearly 10,000 views of it on their forums & no one complained about it, escept 1 guy I quote in this guide (an admin there, whom I told "you want your email review of this out of it? Find a weakness in it, simple" because he AND I both were in that email exchange, & I can use it, wherever I like @ this point because of that mutual correspondence... his name is Don Parker, & that made me lose ALL RESPECT (whatever I had for him that is, @ that point) in his outright getting my post removed @ said forums)

E.G.#2-> Folks who are javascript programmers for instance, DEFINTELY were threatened by suggestions to "turn off javascript on ALL sites globally in your browser, & ONLY LEAVE IT ON FOR SITES THAT DEMAND IT FOR FULL FUNCTION"

E.G. #3 -> Webmasters who don't like losing revenue due to adbanners being blocked

E.G. #4 -> & of course, inevitably, those who are 'hacker/cracker' types too...

--------

* Pretty lame, especially #2, E.G. #1 especially, but... all fact/true too...

Mike567, on Jun 19 2008, 11:53, said:

Are you planning on putting a signature link in when your post has been forgotten or what, brilliant for SEO considering your content isn't all that bad for keywords, but if you look at the google cache of this sites you will find they hide the signature links. (well used to)

I put this out, MAINLY, for "typical/normal" end-users, so they too can realize 1 thing:

SECURING A COMPUTER, ESPECIALLY A WINDOWS NT-BASED ONE (or, even Linux) via CIS TOOL GUIDANCE? IS NOT "ROCKET SCIENCE"!!!

(... & simply is a 1-2 hr. investment of your time downloading & installing it, running it, & then shoring up any weaknesses it finds (most of the answers are online on GOOGLE no less, making it easy/simple to do, with directions as to what tools to use etc. et al, also)).

For those that are not, OR, where the test 'errs' @ times (& it does, on both Linux &/or Windows for instance)? That's where I help folks thru the questions they have...

APK

This post has been edited by APK: 19 June 2008 - 18:25

[Mike567]

Cant say I've really read all your posts but are you missing the most important one?
Running in limited user account, instead of administrator priviledges.

I've come across so many home users having admin priviledges,this is why distros like ubuntu are so popular as by default you cannot use root as a account unless you are in recovery mode.

Heres a cool method of sandboxing programs as well.
http://darksat.x47.n....php?topic=53.0

[APK]

Mike567, on Jun 19 2008, 14:32, said:

Cant say I've really read all your posts but are you missing the most important one? Running in limited user account, instead of administrator priviledges.

There's only 1 REASON I didn't post that (@ least NOT DIRECTLY, because in a way, if you read below? I did already, as regards browsers @ least)

... why?

Well - I have been literally running as ADMINISTRATOR here (renamed of course, but, nbtstat can show anyone THAT if you left NetBIOS/LanManager stuff up & running, & I DO NOT) for years to DECADE++ now, not a single infection... not a one, NOR have I been otherwise compromised.

I guess what I am trying to say is this: Yes, if you like? Running as a less priveleged user, can help (I note that in the browser section, as regards "Browser Isolation" techniques, using tools such as SandBoxie &/or "Drop My Rights" by MS, or even using RunAs or PsExec to do so - so, in a way, I did NOT "omit that")...

Mike567, on Jun 19 2008, 14:32, said:

I've come across so many home users having admin priviledges,this is why distros like ubuntu are so popular as by default you cannot use root as a account unless you are in recovery mode.

You also get "limited" by it, & can stop apps from running, period... a trade off, & imo? Unnecessary, once users are "educated & enlightened", which is/was my goal in this post here (& others like it across many forums online since late last year 2007, as my "new year's resolution" to "do a good deed" & that being to 'turn on folks to security' more-or-less).

Mike567, on Jun 19 2008, 14:32, said:

Heres a cool method of sandboxing programs as well.
http://darksat.x47.n....php?topic=53.0

I'll take a peek @ it, but I am hoping its not RunAs or PsExec, or SandBoxie, or "DropMyRights" (by MS) is all...

APK

P.S.=> That is a "rehash" of a technique I was "modded up for" @ SLASHDOT no less, here, years ago (although, that thread apparently occurred before my post @ /. did - proof "great minds think alike" is all, lol):

http://it.slashdot.o...mp;cid=19310513

... I put that into the post in this thread about "WebBrowser isolation techniques" a page or two back in fact... you must have 'skimmed over it' & that's ok - it happens! apk

This post has been edited by APK: 19 June 2008 - 21:12