Eugene Kaspersky: "Our Business Is Saving the World From Computer Villains"

blottsie writes: While the nature of Kaspersky's relationship with the Kremlin remains, at the very least, a matter of contention, his company's influence is anything but hazy. On top of their successful antivirus business, Kaspersky Lab researchers have discovered key details about the now-infamous Stuxnet virus, which was deployed by the U.S. and Israel against Iran's nuclear facilities. Kaspersky analysts later uncovered Flame, which the Washington Post found was another American-Israeli cyberweapon against Iran. All of this is on top of building a highly successful antivirus business. In a new interview with the Daily Dot, Kaspersky elaborates on thoughts about his company, his wealth, and the state of modern cybersecurity.

This would be a first post...

[Anonymous Coward]

If it was not posted from a machine running bloody Kaspersky security tools!

Re:

[drinkypoo]

I remember when AVP came out, it was both the fastest and best NT antivirus around.

Then they made a few "updates" and we started calling it "a v poo" (IT nerds are known for their maturity) because it would choke your system like a punk.

It's sad that they're still not capable of making an antivirus product that doesn't turn your awesomesauce PC into a turd.

Re:

[drinkypoo]

if you had any sense at all for the most part you wouldn't have even needed an antivirus especially back then even though it was the wild west and all...

You're a nutter, you are. AVP was actually catching virii for me, so I know it was valuable. Haven't had a valid detection in years, but I still run antivirus... because now I have multicore and SSD and the penalty is low.

So 20 years from now...

[TWX]

...we'll have Kaspersky bloatware slowing down new computers belonging to average people, much like how we have Norton bloatware doing that?

Re:

[HornWumpus]

What other 'reformed' virus authors do you allow to install software on your PC?

Even if Norton was perfect, they still have decades to go before I'd consider trusting them. I'd install software from 'Cryptolocker LLC' first.

Re:

[HornWumpus]

I was there. Ask any grey beard.

Norton was the worst virus out there. Impossible to get rid of.

Sate business

[sinij]

In Russia, there is no such thing as independent large corporation, there are only nominally privately owned, and formally state owned corporations. While Kaspersky does some good work, they should be treated the same way as NIST is in USA, with a primary mission to protect and advance state interest.

Antivirus business

[jbmartin6]

And do they have a a successful antivirus business?

Re:

[SethJohnson]

Apparently on top of that successful antivirus business, they have done a lot on top of that successful antivirus business.

Re:

[Shoten]

And do they have a a successful antivirus business?

They must, because they're a fairly prominent sponsor of the Ferrari Formula 1 team.

Now, the only question I have about that is whether they know they're sponsoring Ferrari, or if they just know they're sponsoring "the only car that's completely red."

"Kaspersky's relationship with the Kremlin"

[Nutria]

Kaspersky Lab researchers have discovered key details about the now-infamous Stuxnet virus, which was deployed by the U.S. and Israel against Iran's nuclear facilities. Kaspersky analysts later uncovered Flame, which the Washington Post found was another American-Israeli cyberweapon against Iran.

Anyone who thinks that Kaspersky isn't in bed (voluntarily or not) with the Kermlin is delusional.

Re:

[Vokkyt]

Kaspersky probably is in bed in some way with the Kremlin, it has nothing to do with the quotes you listed.

Pretty much everyone figured it was a US/Israeli combo for Stux and Flame, not just Kaspersky.

Re:

[Coren22]

Except no one does more than speculate this, even Kespersky. There is still only speculation as there is no actual evidence of who did it.

Re:

[Vokkyt]

Understood, but it's not Kaspersky that wrote the summary nor that section of the article. That's from the Daily Dot, copy and pasted by the submitter and approved by the editor. The dude shootin' his mouth off over "Kaspersky in bed with the Kremlin" is just being an idiot and confusing evidence and statements.

Re:

[HornWumpus]

There was that retirement party for the Israeli spook general. More or less gave him credit.

Re:

[dbIII]

Wasn't there some Washington idiot bragging about it at the time? Very noisy "speculation".

Re:

[ITRambo]

Kaspersky is in bed with the Kremlin in the sense that Symantec is in bed with the NSA, IMO. It's a company response to friendly pressure from their national governments to expose information that suits their purposes. If it was deeper than that, international companies like Kaspersky would quickly become local firms as customers shop elsewhere.

Re:

[Coren22]

http://politics.slashdot.org/c... [slashdot.org]

WMD did exist, and were found.

As far as Kespersky, they have said there was some evidence of a possible EST in the build of stuxnet. However, this could just as easily be someone in Russia's time getting home from work rather than someone in the US going into work. It also doesn't give any kind of conclusive proof of US involvement in Stuxnet/Flame. Without proof, it is just a theory, therefore shouldn't be put forward as fact.

Re:

[oh_my_080980980]

"WMD did exist, and were found."

WTF are you talking about. There were no WMDs found in Iraq. Period. Rumsfeld kept saying he knew where they were but they could not turn them up. There were as no nuclear program. Period. Iraq did not attempt to buy yellow cake uranium. The tubes that Rice claimed would be used to enrich uranium would not have worked. Period. We invaded Iraq because Bush junior wanted to not because the U.S. was under attack by Iraq. Fuck Off you moron.

Re:

[Coren22]

Nuclear weapons aren't the only kind of WMD. Iraq had chemical and biologic weapons. We knew they were there as they had used them on the Kurds, and the US sold them to Saddam.

Re:

[countSudoku()]

Right. Also Women's Maternity Dresses are WMDs too. Right, Mr. Sees Conspiracy Everywhere? I'll not even straighten you out with the real story because your kind does not take to logic or verifiable info. Like the good gentleman said before; fuck off, moron. Go watch more faux noose and leave the technical chatter to people actually in the industry, fucknut. Your bullshit denial of global climate change and how we never landed on the moon, and that dinosaurs are made up cartoons are not welcome here, dickli

Re:

[Coren22]

Of course, I'm the one who has it wrong right?

http://en.wikipedia.org/wiki/W... [wikipedia.org]

Read the first line.

http://en.wikipedia.org/wiki/I... [wikipedia.org]
specifically
http://en.wikipedia.org/wiki/I... [wikipedia.org]

But of course my kind doesn't rely on facts and figures, I just make things up. You are funny.

Oh, and for technical cred, I currently am a systems engineer working specifically on email systems design. I have the technical cred, do you?

Re:

[donscarletti]

I currently am a systems engineer working specifically on email systems design.

And this makes you an authority about Weapons of Mass Destruction how? Even if you were doing email systems design for DuPont or the military, you'd have no authority to cite.

Also, if you were any good as a "systems engineer" they wouldn't have you working on email, that's a lower rung than even web backends. Whoever was responsible for cooking up Saddam's nasties in the 80s wouldn't even hire guys of your caliber as a floor manager, let alone as an engineer.

Re:

[Coren22]

That was in response to this:

Go watch more faux noose and leave the technical chatter to people actually in the industry, fucknut.

As this isn't a technical conversation, I took it to mean that I don't belong on Slashdot as I am not technical enough to join the conversation.

Also, if you were any good as a "systems engineer" they wouldn't have you working on email, that's a lower rung than even web backends.

So, email, the most vital system to many companies is a low rung system? What do you consider high rung than? Where I work, it is domain, email/storage, etc, but then you must be a programmer who thinks he is hot stuff because he can write code. I design business critical systems, what did you do today?

Re:

[tnk1]

The thing is... he's right. Iraq did have WMDs of the chemical nature. And yes, the US Government sold them to Iraq. That's all 100% factual.

Whether they were still functional or whether any of them were actually there to be found 20 years later is a completely different story.

The real story of the war is why the war was fought over something that we knew that they had for decades. The fact that we didn't actually find much of anything is hilarious, but actually besides the point. We fought a war over

Re:

[rtb61]

The more polite term is Lead Head, you know just another one of those pseudo Christian conservatives suffering from toxic lead poisoning. Not really their fault, just another one of those mind boggling stupid things humanity has managed to do to itself. No need to be cruel, they are a dying minority, currently still noisy but never the less still passing off into an embarrassing history, not just for who they are but how they were made. So no tin foil hat insulation jokes but actual built in cerebral lead

Kaspersky is not special

[shihonage]

Their program will slow down your computer with all kinds of security theater "features", but like any other antivirus, it will fail to root out most viruses written in the past 8 years once they've been executed and implanted themselves as a rootkit.

Re:

[Opportunist]

Well, duh. When I control your computer, I control what anything running on it can see, including myself.

But you're invited to write the better mousetrap. I'd be delighted to test it.

Re:

[Feral Nerd]

Because ?

I don't remember claiming that *nix systems were immune to malware. That is an figment of your imagination that you invented so that you'd have something to get upset over. Unix systems are, however, vastly less targeted than Windows with the exception of Android (if one can still call it a Linux system) which leads the list of targeted mobile OS'es. Like it or not (and you obviously don't) that makes my life easier. Call it security by obscurity but it is a fact I'm going to be insufferably smug about to

Re:

[techno-vampire]

I don't remember claiming that *nix systems were immune to malware.

Agreed. I run a Linux-only household, except for one Windows laptop that my sister uses because some of the programs she needs for school won't run properly under Wine. I don't run ClamAV or anything like that because I'm not in the habit of downloading random Windows programs and sending them to friends. Right now, almost all of the malware writers are targeting Windows for two reasons. First, that's where most of the potential profi

Re:

[Reziac]

I bought the Hacking Exposed books.... they were enlightening: Linux isn't really 'safer' than Windows; it just has a different set of vulnerable points (fewer of 'em, but penetrating deeper into the system and more likely to persist across versions). If you want true security, run Netware.

The patching system may be the real culprit, tho: It's been pointed out that when a Windows version becomes "unsupported" there's an abrupt cessation of newly-found vulnerabilities. Why? Because the bad guys discover the

but... but... but...

[Gravis Zero]

but i'm a computer supervillain, you insensitive clod!

What's /. opinion on AV?

[Eloking]

Just wondering if I'm the only one around here not using any AV for a long time. AFAIK, you can only get your virus on the internet (unless I'm underestimating USB's key viruses). And with gmail (and other huge mail provider) boosted with virus check procedure, Secured browser like Chrome pimped with Adblock and keeping myself far from the "dark side" of the web, I've never had any problem. Add to this the new lite Microsoft Security Essential (intagrated in Win8) to the lot and I'm surprised those company are still in business.

Or am I naive?

Re:

[Gravis Zero]

Just wondering if I'm the only one around here not using any AV for a long time.

you aren't but if you are using Windows and no AV then you are a fool.

AFAIK, you can only get your virus on the internet (unless I'm underestimating USB's key viruses).

you absolutely are underestimating USB key viruses! stuxnet infected airgapped computers using a USB key.

Chrome pimped with Adblock and keeping myself far from the "dark side" of the web, I've never had any problem

while this helps it won't keep you completely safe.

Add to this the new lite Microsoft Security Essential (intagrated in Win8) to the lot and I'm surprised those company are still in business.

i'm not surprised at all. windows defender only detects ~75% of malware. at any given time, MS is about a year behind the AV curve.

there is a good chance you are infected with some malware.

Re:

[Eloking]

So your opinion is that paid AV is a must for any windows OS? And that Kapersky (or norton) is the only way to be completely protected from viruses?

Re:

[Zaelath]

you aren't but if you are using Windows and no AV then you are a fool.

you absolutely are underestimating USB key viruses! stuxnet infected airgapped computers using a USB key.

'm not surprised at all. windows defender only detects ~75% of malware. at any given time, MS is about a year behind the AV curve.

On the other hand, nothing detected Stuxnet until many years after it was distributed, and it's a horrible example of general public USB virus. It's like suggesting people should build fallout shelters because they have any chance at all against a nation state.

On top of that, AV does /nothing/ for 0-day.

How you act and how attractive you are influence your likelihood of attack more than any other factor. If your behaviour is so risky that you need doubleplusgood AV then perhaps you should be doing that kind

Re:

[jader3rd]

As long as the user you run as is a Standard user without admin privileges you're probably fine.

Re:

[bouldin]

Protect vs. DGA botnets + stop communique to C&C servers

Sorry, this is still incorrect. The whole point of a Domain-Generating Algorithm is to evade domain name blocking and takedowns.

By the time you add known DGA domain names to a blocklist, they are already defunct, and the malware has moved on to new domain names.

Re:

[bouldin]

Hosts can block any domain name

Not true, a hosts file is trivial to bypass. Any piece of software can send TCP/UDP 53 traffic to a DNS server and resolve the name itself.

Question #2: Is that what YOU DO WITH YOUR DGA BOTNET, Mr. Expert (who speaks for all botnet masters like himself)?

I don't run botnets, but I do understand what a domain-generating ALGORITHM is. The algorithms are seeded with the current time, so the list of domains is always changing.

Now, if you reverse engineer the algorithm out of the

Re:

[bouldin]

What software is that? You're avoiding a SIMPLE question! If I block a domain name in hosts IS IT BLOCKED (DGA generated or not)??

No.

The python code below resolves example.com by connecting directly to Google's DNS servers. It does not check the hosts file.

import dns.resolver

resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ['8.8.8.8']
ans = resolver.query('example.com', 'A')

Re:

[bouldin]

What software is that? You're avoiding a SIMPLE question! If I block a domain name in hosts IS IT BLOCKED (DGA generated or not)??

No.

The python code below resolves example.com by connecting directly to Google's DNS servers. It does not check the hosts file.

(Answer that question... & again - this question too: IF/WHEN I block a domain OR subdomain in hosts, IS IT BLOCKED?)

The answer is "no," but I just answered that question.

I could write my own code too - mainstream widely used wares... what ones do t

Re:

[bouldin]

I said:

So, you're asking what malware in the wild evades hosts files? None that I know of, but that does not mean your approach is secure.

Then you said:

It seems also that you're vainly & effetely attempting to say "every computer under the sun has a virus/malware that does DNS queries itself"

What part of that makes sense to you?

Re:

[bouldin]

Wait, what did I learn? That you can block IPs with a firewall?

I need to make sure

Re:

[bouldin]

Oh, ok. It's hard to understand your verbal diarrhea.

No, malware that connects directly to an IP isn't designed to evade host files. It's just primitive malware that didn't bother to implement DNS-based resiliency.

And no, if you block a domain in a hosts file, you are not secure from connections to the domain. 4 lines of Python can bypass the host file.

Re:

[bouldin]

So, when someone discovers a zero-day vulnerability, it's just "hypothetical bullshit" because nobody has exploited it "mainstream malware?"

Re:

[bouldin]

Know why no malware needs to do its own DNS lookups?

Because nobody uses hosts files for security. I read somewhere that they can be defeated with 4 lines of unprivileged python.

Re:

[bouldin]

* Same ones I crushed that wannabe raymorris with here http://it.slashdot.org/comment [slashdot.org]... and their DIRECT comments on hosts are shown there, not just their names (as I did here since /. now limits AC post lengths).

Haha, besides the hilarious posts where you pretend to be someone else congratulating yourself, all I see are people who use hosts files to block ads, which is a good use.

Oh wait, one guy null routes suspicious traffic! You do know that null routing does not involve hosts files, right? Why is th

Re:

[bouldin]

Want an except from my email where I got NOD32/ESET to remove a FALSE POSITIVE on my ware they had AND Aryeh Goretsky, their LEAD CODER iirc, ADMITTING HOSTS ARE GOOD FOR SECURITY as yet another layer of it?

Yes, I would like to see those e-mails.

the guides I put out for securing Windows users espouses "layered-security"/"defense-in-depth" & I was PAID for them no less

What guides? Links, please.

Re:

[bouldin]

* Lastly, see subject? Ah, but OF COURSE you do Spybot S&D ANYONE? http://it.slashdot.org/comment [slashdot.org]...

Show me a link on the Spybot site that says it uses hosts files.

Re:

[bouldin]

Show me a link on the Spybot site that says it uses hosts files.

Change your diet (eating yer words != good nutrition) http://www.bing.com/search?q=%... [bing.com]...

That's not a link to the Spybot site.

Re:

[bouldin]

What guides? Search "HOW TO SECURE Windows 2000/XP" on Google or BING... MOST of them, are mine & got me PAID for them (thus, professional, accepting monies for it) even here http://pcpitstop.com/news/winn [pcpitstop.com]... [pcpitstop.com]

Most of those are yours? I see two were written by Mindy. Is that you?

Want more? I'll cite Mr. Oliver Day of SECURITYFOCUS a division of Norton/Symantec also IF need be...

Yes, please cite Mr. Oliver Day.

Re:

[bouldin]

I don't see Oliver Day of SecurityFocus on there. Weren't you going to cite him?

I do see the text:

Also, in the HELP entry associated with the Hosts File Tool, a sentence begins with: "Spybot-S&D can add a prepared list of web sites known for bad behaviour . . ."

Which indicates it blocks websites, not command and control servers for botnets.

Wait a minute, the spybot site is actually https://www.safer-networking.o... [safer-networking.org], not spybot.info. So, you didn't post a link to the spybot site.

Re:

[bouldin]

Yeah, sorry, I was blinded by all the verbal diarrhea.

That article is more than six years old. Got something more recent? He still says it's meant for blocking websites.

Re:

[bouldin]

Actually, I found a good reference for malware that does perform DNS directly. See page 9 at OpenDNS - DNS Role in Botnets [opendns.com].

They reference malware using custom DNS servers, and also malware tunneling messages through the DNS protocol.

Here's a quote:

At present time, there are few to no effective countermeasures cited by the security community to detect or prevent DNS-based botnet communications. Some larger, security-aware organizations could use techniques such as "split horizon" DNS. This will force inte

Re:

[bouldin]

Did you look at the PDF? The malware speaks DNS protocols directly, bypassing the syscalls that check hosts files. Thats what you asked for earlier.

Re:

[bouldin]

You said:

Can "Almost ALL Ads Blocked" do 16 things hosts do for speed, security, & reliability: 1.) Protect vs. malicious sites/servers (beyond malicious ads) 2.) Protect vs. fastflux botnets + stop communique to C&C servers 3.) Protect vs. dynamic dns botnets + stop communique to C&C servers 4.) Protect vs. DGA botnets + stop communique to C&C servers 5.) Protect vs. downed DNS (adds reliability) 6.) Protect vs. DNS redirect poisoned dns 7.) Protect vs. trackers 8.) Protect vs. spam 9.) Pr

Re:

[bouldin]

Go for it: BarbaraHudson made that mistake & couldn't do it! You can't either...

Uh, do what?

Whoever you referred to is an IMBECILE of the highest order if they don't know that (& I won't look @ a PDF you point to, no way, can't trust what you put out after all your crap I caught you in here consolidated -> http://it.slashdot.org/comment [slashdot.org]... )

The PDF I linked is a whitepaper hosted by OpenDNS. You tried to cite OpenDNS earlier as a supporter of hosts files, but they work at the network level.

Re:

[bouldin]

I've apparently smoked your OpenDNS folks too via application based firewalls [...] Not a 1st for me... I've done in the likes of folks from MS (VP of their Windows Client Performance Division, Dr. Mark Russinovich, & others of that ilk...

Yeah, I'm sure you schooled a PhD in an argument, and understand security better than OpenDNS.

facepalm

Re:

[bouldin]

Haha, real DNS servers don't check /etc/hosts.

Also, looked like that VP told you "Slashdot anonymous posts are most definitely not the proper channels."

Re:

[bouldin]

Deny what?

Re:

[bouldin]

I don't see any discussion at that link, just more verbal diarrhea. Where is Russinovich?

Re:

[bouldin]

So, you want me to track down a Microsoft executive to debate you anonymously in a Slashdot forum? No.

Re:

[bouldin]

Thanks for the Windows IT Pro link - it's hilarious! That will make for some great shitter reading later.

I don't actually see a debate with Russinovich, though. He wrote an article, and you left comments. I don't think he's aware you exist.

Your apps aren't being used. It's difficult to even find a current download for your garbage while a professional like Dr. Russinovich has a website of his own: http://www.sysinternals.com/ [sysinternals.com]

Oh, you think you schooled the guy who started sysinternals.com? Bahahahhahaa

Re:

[bouldin]

Wow, sounds like you're pretty sore at how successful Russinovich is.

Re:

[bouldin]

What's your business?

Re:

[bouldin]

Ha, yeah right. If you did, you would have already bragged about it.

Re:

[bouldin]

Are you really in your 50s?

Re:

[bouldin]

I'm actually MORE like "The LORD of Hosts" https://answers.yahoo.com/ques [yahoo.com]... [yahoo.com] with rank after rank of protective power I can summon @ a word: Hosts!

I guess you aren't protected from 4 lines of Python, though, huh?

import dns.resolver

resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ['8.8.8.8']
ans = resolver.query('example.com', 'A')

Re:

[bouldin]

I guess you aren't protected from 4 lines of Python, though, huh?

import dns.resolver

resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ['8.8.8.8']
ans = resolver.query('example.com', 'A')

They stop it cold . They'd 1st be able to cut it off running @ all, & secondly, tunneled or not, I'd imagine it travels over IP (TCP or UDP) anyway, or by port, & could easily be stalled... so could communique w/ its rogue DNS + C&C's...

You seem confused. So are you saying the hosts fil

Re:

[bouldin]

If the windows app firewall is so effective, how are there huge botnets of windows malware?

Re:

[bouldin]

Cool! I hadn't heard of an Android botnet. Is that why the windows firewall doesn't block botnet c&c traffic?

Re:

[bouldin]

Windows Firewall can block by IP (TCP/UDP), port, vs. *any* threat really w/ hosts combined with it!

Yeah! That's how they blocked the Ramnit botnet! [microsoft.com] OH wait, once that malware is installed it "will disable a series of Windows security features (Windows Defender, Windows Firewall, User Account Control), Windows Update, and remove the ability to install other antivirus software." Windows firewall FTW!

You've spent HOURS 'scouring the net', days actually, looking for *ANYTHING* you can stooge, to make that "

Re:

[bouldin]

Patches & security hardening...apk

I KNEW YOU'D TRY THAT CRAP... looking for "edge cases"!

(... & how did that get in IN THE FIRST PLACE? You didn't mention that a USER HAS TO GET IT FIRST, stupid... things in my security guide using "layered-security"/"defense-in-depth" cuts off those avenues!)

So.. now you're saying you can block botnets if you use hosts + windows firewall + patches + security hardening + don't run executables + don't plug in USB drives [wikia.com]? Hosts FTW! U R rock solid security!

Re:

[bouldin]

YOU PROVIDED THE PEFECT EXAMPLE with your doubtless STOLEN Python code example - UAC + WFP + Windows Firewall cuts those off, detecting them, BEFORE THEY CAN DO DAMAGE, stupid!

Uh, no, the malware disables all that. When a PC has been infected, the malware will disable a series of Windows security features (Windows Defender, Windows Firewall, User Account Control), Windows Update, and remove the ability to install other antivirus software. [microsoft.com]

Re:

[bouldin]

So.. now you're saying you can block botnets if you use hosts + windows firewall + patches + security hardening + don't run executables + scan USB drives + your "security guide & program" (whatever that means)?

Hosts FTW! U R rock solid security!

Re:

[bouldin]

What security guide?

Re:

[bouldin]

Sorry, the link must be buried under verbal diarrhea. Where is it?

Re:

[bouldin]

There aren't any links to security guides in that post - just links to more slashdot comments. Are you embarrassed of your shitty "security guide?"

Re:

[bouldin]

The guide from over 7 years ago for win2000?

Link is broken. Why did they take it down?

Re:

[bouldin]

So you don't actually have a security guide?

it's amateur hour

[bouldin]

Yeah, he's a total amateur! He thinks you can block botnet traffic with hosts files! I even showed him some Python that bypasses hosts, but he got really confused.

Re:

[bouldin]

My layered security guide stops that & you saw it http://it.slashdot.org/comment [slashdot.org]...

I saw the PCpitstop page earlier, but all the guide links were dead then, too.

It's on multiple sites as stated searching "How to Secure Windows 2000/XP" as you yourself already know liar from your post there in that link above, lol!

Then it shouldn't be hard for you to find a link to your own paper.

Hosts don't stop botnets? Ok - they block access to their C&C servers easily also like Zeus -> https://zeustracker.ab [abuse.ch]

Re:

[bouldin]

Newsflash: if you got paid $100 once, as a prize, you are not a professional.

You still don't understand malware or botnets. The domain changes more often than you would get updates, so your list is always out of date.

As I showed you with the Python code, it's trivial to bypass hosts files.

As I showed you with a previous link, malware (e.g. Ramnit) can disable the firewall and change DNS settings, anyway.

Re:

[bouldin]

See subject: A proof there I have been

Uh, what? Parse error

Clue: You won't even SAY WHERE YOU WORK yet YOU CLAIM you are a "security engineer"??? LMAO - No, don't think so.

Ha, I don't want you harassing me at work, idiot.

I don't? My ware UPDATES DAILY dimwit (every 12 hours automatically) & more if you do it manually often as you like (every hour if you want, defeating even DGA's stupid) & blocking them, ala:

You can run your update as often as you like, but malware reverse engineers are not providi

Re:

[bouldin]

You still have not responded to this:

You can run your update as often as you like, but malware reverse engineers are not providing you an up-to-the-minute list of all DGA domains. Even if they did, you wouldn't get the domains until the malware had already connected up for its C&C of the hour. Hosts files are a bad strategy for modern botnets because techniques like DGA were designed to defeat static blocklists.

Perhaps because you are an amateur, and don't understand malware, security, botnets, or anyth

Re:

[bouldin]

Bouldin omits apk's 21 yr career in security != dumb selective quoting. Apk's been there and done that at levels I now suspect you can't touch. Are you even over 21? You'd have to be at least that and more to be a pro with 21 yrs to your credit in security as apk has. Are you really a security pro? Prove it. That's all I want to see now. How old are you? I doubt you've been a security pro at all much less one that has a 21 yr career as apk has on levels in coding and networking.

First off, we know this is yo

Re:

[bouldin]

You still have not responded to this:

You can run your update as often as you like, but malware reverse engineers are not providing you an up-to-the-minute list of all DGA domains. Even if they did, you wouldn't get the domains until the malware had already connected up for its C&C of the hour. Hosts files are a bad strategy for modern botnets because techniques like DGA were designed to defeat static blocklists.

And you keep insisting you have a multi-decade security background, but all you have to show

Re:

[bouldin]

You still have not responded to this:

You can run your update as often as you like, but malware reverse engineers are not providing you an up-to-the-minute list of all DGA domains. Even if they did, you wouldn't get the domains until the malware had already connected up for its C&C of the hour. Hosts files are a bad strategy for modern botnets because techniques like DGA were designed to defeat static blocklists.

No, I have repeatedly: My layered security guide addresses it which you can easily read sin

Re:

[bouldin]

So, then, you are admitting the hosts file is not effective at blocking botnet c&c channels. Take that out of your list of extravagant claims of the benefits of hosts files.

How many times is a dumbshit like YOU going to *try* pull that on me, menial? Are there hostnames here that are still online?? Yes, ZEUS botnet (as a SINGLE example) https://zeustracker.abuse.ch/m [abuse.ch]...

If your approach only blocks 5-10% of domain names, then it is NOT effective for security. This might fly in your shareware consumer w

Re:

[bouldin]

Now you see why I've referred to you as a parade of delusion. You're a total fuckup imagining ways that someone you know nothing about has failed.

Your amateurish security guide sucked, you don't know anything about security, and you're a windows luser. You write shitty freeware in Pascal, and you have no job. You've been caught in lie after lie, and frankly, everybody you have ever known hates you.

Re:

[bouldin]

Do you seriously think anybody believes this isn't you? Or are you really that fucked up in the head that you have multiple personalities?

Re:

[bouldin]

Ha, you can keep reposting that list, but none of those are failures on my part, and half of it doesn't even involve me in any way.

You, on the other hand are a total failure and liar. You claimed you quit Sunbelt, but actually you were fired. You claim to be independently wealthy, but you have a $100,000 house that your mom gave you.

You've been banned from dozens of sites (in other words, dozens of failures), and each time try ridiculous arguments that everyone on the site shuts down (so let's just call t

Re:

[bouldin]

Everyone believes you said this quoted:

"Because nobody uses hosts files for security" - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

Haha, yeah, nobody in enterprise does use hosts files for security. That's some consumer-grade shareware shit.

Spybot doesn't even seem to think it's a good feature, because you haven't been able to link anywhere other than that forum where they even admit having the feature.

Anyone can use it + see they do & MANY use that program stupid!

You can keep yo

Re:

[bouldin]

You don't understand security or computing, Kowalrus. [wordpress.com]

Re:

[bouldin]

Hey nice copy-paste. So why did you lie about being independently wealthy? Why didn't you just say your mom gave you your house?

Re:

[bouldin]

Hey, what do you know? Even malwarebytes thinks your program is just a file manager:

APK Hosts File Engine - Small program for managing the HOSTS file

So your one claim to fame IS a file manager written in Pascal. For which nobody pays you.

Re:

[bouldin]

APK In a Nutshell (A Life of Failure)
1. Got a mediocre degree in IT. No computer science degree.
2. Fired from Sunbelt in 2000. Never found full-time employment again, much less as a software engineer.
3. Mom gave him a house. He lied about it, and claimed to be independently wealthy.
4. 2000 - Banned from Arstechnica. Rejoined under another name (lied) to argue for himself. Everyone there hated him.
5. 2003 - Tried to argue with Russinovich in forums of Russinovich's blog. Other forum posters schooled hi

Re:

[bouldin]

Enough to buy a house from Dad (not ma)

Funny, the tax assessor said she sold it to you in 2010 for $1. So I guess you were actually just living at mom's house until 2010, when she gave it to you.

UNIX & VMS here.

Just cause you said it doesn't make it true. Your internet history shows otherwise - a windows luser.

Re:

[bouldin]

Ever bought real estate? It's possible to do that for tax purposes from relative & 1 time gift stuff etc.- et al. IS that what was PAID though? You must wonder (houses worth 100k + land around it worth more too I paid for but helped Dad). Taxes, taxes, taxes & capital GAINS are key.

You really are condescending. That's (part of) why nobody likes you.

The $1 sales price means the house was a gift. If you actually handed over more money than that (doubtful), then you committed fraud.

I knew you were st

In the age where we see Putin as the face of Russi

[azav]

It's nice to see positive news like this coming out of Russia.

Really nice.