Microsoft Crippling VISTA,2008 and 7

I don't & mainly because of these 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is quite simple also (even easier imo, provided you know what port's involved, & that's what the IANA lists are for, after all).

AND

E.G.-> Once a malware gets inside? One of the FIRST things it does, is disable a software firewall... & with NO OTHER BARRIERS IN THE WAY, such as PORT FILTERING RULES (which because they work @ an unrelated level (drivers-wise), in the IP stack, makes it an actual advantage because it cannot be 'taken out' from a single point of attack (though, perhaps MS is saying a single point of control is the advantage in their method, it still lends itself to being taken down from a single place too by the same token - imo? A "catch-22" situation, quite possibly & MOST likely))?

I.E.-> It weakens the concept of "Layered Security"... especially vs. say, recent attacks on services like the RPC bug in the SERVER service, for example... no more firewall (or other layers like Port Filtering) in the way, once said software firewall is down (since it works on a diff. driver level than Port Filters do)!

P.S.S.=> Mr. Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) & I are currently in progress searching for the reasoning behind the removal of 0 as a valid IP blocking address in a HOSTS file, but even HE was unaware of WHY this was done... but, with any luck? We're going to find out - &, I'll let you all know, here, if the thread isn't dead by then... apk

Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their
descendant, in Windows 7 ??

Use something significantly less retarded than a hosts file for ad blocking. That's not what it's for.

Also, you're a fucking cunt.

I don't & mainly because of these 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.
doesn't parse

Use something significantly less retarded than a hosts file for ad blocking. That's not what it's for.

Ever heard of "layered security"? If not, do... I practice it.

Clue: I have all the firewalling in the world in multiple layers, with a LOT more...

Take a read here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus make it "fun-to-do", via CIS Tool Guidance (& beyond)...:

http://www.tcmagazine.com/forums/index.php?s=af8f8f41f8cdcaf0d7b25cb482b4b7f4&showtopic=2662

----

It works, + I wrote it...

( & is a guide all over the internet about it, rated highly + even earned me some pay for writing it up.)

And, on 15 of the 20 sites it is featured @ online it is an "Essential Guide" Sticky Type post, & the remaining others have it "5/5 stars", most viewed, etc. et al...

Additionally in this art & science??

I have been featured in these publications in this field:

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue

http://journals2.iranscience.net:800/www.win2000mag.com/www.win2000mag.com/Windows/Article/ArticleID/37/37.html

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, but by that point, I had moved onto other areas in this field besides coding only...

----

SO, that all "said & aside"?

Have you done the same I wonder??

If not, & I am guessing probably not???

Well, lol, I wonder who folks here are going to think is RETARDED (as you called me) in this field???

----
BOTTOM-LINE, for my usepatterns on a PC here @ home?

Well - Why should I waste CPU cycles, memory, & other forms of I/O on running a DNS server that can be poisoned, &/or may be susceptible, AND that I clearly plainly do not need here locally, + I don't need AD either (has heavy DNS dependencies)...

(BY the by - & I do use DNS servers, external ones, & best in the business (as far as DNS servers external to my home here), in OpenDNS!)

Most of all why run a local DNS server, when this is for myself here on a workstation system anyhow which is a single standalone system connected to a NAT firewalling LinkSys router?

APK

P.S.=> Name tossing's not really helping your cause much either...

EXPERT CAPSLOCK & BOLD USER

Someone sure likes to use the ampersand a lot.

ENTERPRISE QUALITY THREAD

>>5
your gay

>>5
That's not what layered security means, and you're still a cunt. Fuck off.

>>1
Look at it this way.

On most browsers, you can bring up your browsing history by pressing Control-H. (No, this is not going to become a discussion of werecows.) On Firefox, this brings up a sidebar that shows up on the left side of the window. If you put your mouse over the edge of the sidebar, the cursor will turn into a different kind of arrow. By clicking and dragging it, you can move the edge of the sidebar back and forth. You are, to put it another way, manipulating the border between the normal window and the history window. By moving the mouse, you can increase the portion of the window devoted to either part. In a more extreme view of this situation, you're increasing or decreasing the amount of existence the sidebar has.

Now, let's apply this idea to something more abstract. Look out your window. If you don't live in a highly urbanized area, you should be able to see the horizon. Think of this as the border between the land and the sky. The land and sky are obviously distinguishable thanks to this boundary. Now, if you were to "drag" the sash between the sky and the land, or to manipulate the border between land and sky, you would end up causing the sky to become larger and the land to become smaller, or vice versa. An effect of this might be to cause something that was just on the ground to suddenly be hundreds of feet in the air. Truly a frightening situation to be in. So, look at it this way - manipulating the border between two physical things shifts whatever balance there is in the interaction between those things. Alternatively, by manipulating the border between two things, you can change the manner in which they exist.

Still, this isn't *that* abstract, since it's still dealing with real things in the real world. Many believe that in this world, there are those things that are true, and those that obviously aren't. This divides reality into two extremes: truth and falsehood. But, since we have two extremes, logically one can imagine a boundary between those two extremes - the border between truth and lies. If one were to manipulate this border, suddenly things that were pure fantasy (flying pigs, for the sake of argument) have become reality - or things from reality have ceased to exist. This is how Yukari is said to have invaded the moon - by manipulating the border between truth and lies, as applied to the reflection of the moon on a pond, she was able to make the reflection of the moon into a manifestation of the actual moon, and so send her youkai army onto it. This is what's truly amazing about Yukari's power - the ability to manipulate the border between completely abstract concepts allows her to fundamentally change reality as we know it (at least in terms of two abstract concepts).

Instead of acting like you are, why not help us all find out why 0 has been removed as a valid blocking IP address in HOSTS files for VISTA, Windows Server 2008, & Windows 7 (most likely as well on the latter), because 0 (Zero) is more efficient than 0.0.0.0 or 127.0.0.1 by far in terms of load/unload speed from file, AND, consumes less RAM upon loading into the local DNS cache...

Your a loser... face it! You could die today, the world wouldn't even know... lol!

Why do I say that?

Well, show me some whitepapers corporations & websites took from you that did things of benefit!

(Thing is? I know you can't... no way, no how... so I think you know what I think of YOU already! I wouldn't be this harsh, but telling me to Fuck off merits this... enjoy it, swallow it down pal! lol...)

Like my shareware too... it makes newspapers, books, magazines, etc. and folks seem to like it and the reviewers do as well!

What have you got, you FUCKING LOSER! nothing...

* Sorry folks, this guy is the type of person (swearing at me right off) that I have to flatten with his own tactics... neanderthalic & primitive!
apk

This thread is comedy goldmine.

I like this one better than FV.

Please pay no mind to this Anonymous fellow, he is a well-known troll, unscientific and ultimately destructive.

I do not happen to have written on this specific topic, because I have risen above such implementation details, but I think you are confusing many issues, which would become immediately clearer through satori. Satori is not a software package, but a state of mind that you can achieve by reading our book, SICP. Have you read it today?

xoxo, GJS Jay Sussman

>>1
Because 0 isn't an IP address and hosts files aren't meant to store thousands of entries. That's a DNS server job.

>>16
There's your answer. Happy now?

http://www.google.com/search?q=apk4776239%40hotmail.com

oh wow

HWBT?

I'd say one of the most irritating things about Vista was that they removed the Up button in explorer and the location drop-down menu in Save As dialogs now shows URLs now (seriously, WTF?)

>>19
Possibly Yes.

>>20
So install LispOS.

APK Cookie Killing Engine 98++ 9.9
Program that fools websites into thinking you accepted a cookie and gets you into many sites that force cookies upon you tracking you and your preferences and earlier whereabouts. Uses Stamina 32 Assembler DLL calls for added speed and efficiency as well as Win32 API and highly optimized inline Borland Delphi 3.0 code.

OMG OPTIMIZED

Inline code?!?

highly optimized inline Borland Delphi 3.0 code.
I lol'd hard.

>>16
Actually, it is. Just using a different notation.

>>26
NO IT ISNT OR ID BE ABLE TO PING 127.1 ... OH WAIT

>>16

Wrong.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Peter Rogers>ping 0

Pinging 0.0.0.0 with 32 bytes of data:

Destination specified is invalid.
Destination specified is invalid.
Destination specified is invalid.
Destination specified is invalid.

Ping statistics for 0.0.0.0:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Peter Rogers>

>>28
Your a faggot, Peter Rogers.

>>28
lol Peter Rogers

>>28
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

K:\Documents and Settings\admin>ping 0
Ping request could not find host 0. Please check the name and try again.

K:\Documents and Settings\admin>

What.

>>31
Use a real OS!

% ping 0
PING 0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.018 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.022 ms
^C
--- 0 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.018/0.020/0.022/0.005 ms

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

λ:\Users\Abelson>ping 0

Pinging 0.0.0.0 with 32 bytes of data:
PING: transmit failed, error code 1214.
PING: transmit failed, error code 1214.
PING: transmit failed, error code 1214.
PING: transmit failed, error code 1214.

Ping statistics for 0.0.0.0:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

λ:\Users\Abelson>

Note also:

λ:\Users\Abelson>ping 2132345345

Pinging 127.25.2.1 with 32 bytes of data:
Reply from 127.25.2.1: bytes=32 time<1ms TTL=128
Reply from 127.25.2.1: bytes=32 time<1ms TTL=128
Reply from 127.25.2.1: bytes=32 time<1ms TTL=128
Reply from 127.25.2.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.25.2.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

When Mr. Lightman opens the front door to let Jennifer in, he has a pipe in his mouth. But in the very next shot when they're both inside, Mr. Lightman is holding the pipe in his left hand.

>>22
So install LispOS.
Which LispOS, like Windows, only gets around a 46/100 score on CIS Tool as well, mind you, by default in its outta the box default setup!

(I.E.-> Do you REALLY think even a LispOS is "secure as possible" outta-the-tox/oem stock?)

WELL- IF SO? Then, see the 1st post of this thread... (it shows you QUITE otherwise)

CIS Tool is a MULTIPLATFORM gauge of security, based on "industry best practices", & yes, those practices DO work... I just layer on MORE you can use, to both speed yourself up online, but more importantly, secure yourself more, too (above those industry std. practices no less).

&, it ALL works.

Good effort though, especially in regards to your reply regarding LispOS, but I do not think you are being facetious (wise guy here, either)...

POINT-BLANK:

You skimmed my man, & failed to notice that even LispOS (not that it IS any more secure than Windows is, outta the box period) doesn't do too well outta the box/stock, in its default setup - because again: There are photos of scores from LispOS as well, in the 1st post I did here!

APK

P.S.=> Either you skimmed (excusable, believe me, I am NOT above it myself @ times)... or, you don't know as much about LispOS as you'd like to think... apk

>>36
WHBTAwesomely

>>36
Your use of capitalisation is terrible. Please consult your nearest elementary school teacher for advice.

>>36
The CIS Tools don't take into account the fact that the cudders form into a defensive anti-hacker matrix in case of threat.

This guy surely has some form of mental illness. I lol'd, hard.