Olympus-OM
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: [OM] OT: Interesting Firefox Problem

from Chris Trask
Subject: Re: [OM] OT: Interesting Firefox Problem
From: Chris Trask <christrask@xxxxxxxxxxxxx>
Date: Wed, 1 May 2019 07:45:16 -0700 (GMT-07:00) 
     I'm actually doing quite well by way of using Windows Firewall.  On WinXP 
I was using PeerBlock, which is a bit easier to use.  My concern now is with 
these ipv4/6 addresses that have recently appeared.

>
>I agree with David - the hosts file on windows only manages DNS lookups and 
>can often be used by a malware infection to redirect your DNS lookups, will 
>not stop direct IP address connects, and as David says, would have to be 
>huge to be of any affect, which windows is not really set up to handle well. 
>In fact could probably be giving you all sorts other problems with your 
>>browsers that would be hard to figure out. localhost is all you need there. 
>I real firewall blocks IP addresses not hostnames. Another solution is to 
>use uBlock origin, ghostery, noscript, privacy badger ... which will do the 
>hosts blocking for you, and if you do use these, some sites are not going 
>to work well.
>


Chris

When the going gets weird, the weird turn pro 
     - Hunter S. Thompson


-----Original Message-----
>From: Wayne Shumaker <om3ti@xxxxxxxx>
>Sent: May 1, 2019 6:34 AM
>To: Olympus Camera Discussion <olympus@xxxxxxxxxxxxxxxxx>
>Subject: Re: [OM] OT: Interesting Firefox Problem

>I have a separate firewall and periodically download bad IP addresses into an 
>ipset on Linux. ipsets are designed to be efficient IP lookup. Mostly I use 
>the lists from abuse.ch malware trackers and dshield.com. That is also good to 
>prevent out-going connections in the case I have been infected to prevent 
>further malware payload download. I would give it overall a 60% advantage to 
>preventing malware. It is only a piece, and only for malware that has known IP 
>addresses. But blocking IP addresses only works 100% if you block the entire 
>internet.
>
>Chris, I don't get your obsession with deliberately doing things very 
>insecurely and then complain when that causes problems? If you are going to 
>connect to some public wifi that has a high probability of being compromised, 
>and don't use a VPN, use IE, don't have patched OS, and then expect to get 
>around problems with some hosts entries file, IMO, is magical thinking.
>
>Why not just run linux in a VM if you are not going to use a VPN, or TOR, or 
>get Tails and boot from a USB stick?
>
>Now if you are a malware researcher, I would say you have good honey pot.
>
>WayneS
>
>At 5/1/2019 05:19 AM, David wrote:
>>On Tue, Apr 30, 2019 at 08:16:56AM -0700, Chris Trask wrote:
>>> If you're not familiar with that, the hosts file is your first and foremost 
>>> firewall when using a Microsoft OS.
>>
>>Definitely NOT a "firewall" :) 
>>
>>Great if it's working for controlling your unwanted bandwidth-wasting
>>adverts/webtrackers in your particularly unique set of circumstances,
>>Chris, but I'd definitely not recommend reliance upon it for prevention
>>of malware infection.
>>
>>Note that surreptitious modification of the hosts file is the way quite
>>a number of different malware variants work.  It is pretty common for
>>applications to run their own internal DNS forwarders and completely
>>ignore the hosts file for exactly this reason.
>>
>>The hosts file is a local domain name query override. Basically the only
>>thing that should be in there is "localhost"  127.0.0.1 (and ::1 if you
>>have an ipv6 stack) and maybe, just maybe, the local machine name.
>>
>>It CAN be used to override DNS lookups for undesirable destination names
>>for many applications, but unless the file can be made system-immutable
>>- which I'm not sure is even possible in windows, it can be overwritten
>>or appended to by anything with administrator privileges in an instant.
>>This  includes just about any bit of random javascript unwittingly run
>>by a normal windows user running a browser or an e-mail client,
>>rendering it useless while the user thinks they are protected. Further,
>>if it's a big file (which it will be, if used in this manner), it can't
>>be easily inspected for external  modifications. If I HAD to do
>>something like this, I'd keep a separate file, make changes to that, and
>>copy it over the main file.
>>
>>davidt
>>
>>
>>
>>
>>
>>
>>-- 
>>_________________________________________________________________
>>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>>Themed Olympus Photo Exhibition: http://www.tope.nl/
>-- 
>_________________________________________________________________
>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>Themed Olympus Photo Exhibition: http://www.tope.nl/
>
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [OM] OT: Interesting Firefox Problem, Chris Trask
Next by Date:  [OM] IMG: Grosbeak Profile, Jim Nichols
Previous by Thread:  Re: [OM] OT: Interesting Firefox Problem, Chris Trask
Next by Thread:  Re: [OM] OT: Interesting Firefox Problem, Philippe
Indexes:  [Date] [Thread] [Top] [All Lists]
Sponsored by Tako
Impressum | Datenschutz