Hierarchical virus control
Feb. 11th, 2004 04:31 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thepeopleseasonToday, K, a former co-worker of mine messaged me out of the blue:
And nothing happened.
You see, I'm running Linux at work, and those wonderfully magic things that happen when most people go to random web addresses don't always happen to me.
Which in this case would be a good thing.
See, later on, K would send me the following message:
It occured to me that there would be a very nice and easy way of getting rid of said Internet jackasses. If you've ever installed Kazaa Lite, you might know that one of the things installed along with the program is a new Windows hosts file.
Most of the time, the internet has its own way of resolving internet addresses (it's called DNS). If your computer doesn't know what www.joewebsite.com is, it asks another computer if it knows, which can ask another, and so on sort of like that shampoo commercial, but in a more organized and hierarchical fashion. The hosts file, however, is like a personal address book of internet IP addresses--ones which might not agree with what that big hierarchical system might provide.
Your average user will never care to use or even see what's going on in the hosts file. The reason Kazaa Lite installs a new one is the kind folk who make the application have harvested a bunch of the addresses of the more annoying netizens--advertisers, popup purveyors, those kind of guys--and have pointed their addresses at your own.
How does this help? Well, unlike the U.S. Postal Service, the web works on a request basis. You tell your computer "give me google," and it finds google and downloads it. Advertisers sneak their messages in with the messages that you download, essentially piggybacking on things that you request--"hey, computer, while you're getting website A, go to website B and download other crap."
So the hosts file that Kazaa Lite installs has set most of the common "website Bs" around the world to your own address (127.0.0.1), which, if you're the average user, isn't running web server software and doesn't have advertisements. Your web browser tries to find the ad image or the pop up code, and when it fails, it just stops trying. It's like a little workaround for the popup ad problem, at least for that one ad on your computer.
How does this relate to an Instant Messenger virus?
The host file can pretty much eliminate a given offender from the internet for a single computer. Imagine, if you will, taking the domain name of a known virus purveyor (say, www.buddylinks.net), and entering it into the big hierarchical system as 127.0.0.1 or some other innocuous address. That replacement address would effectively blacklist the offending site for all the computers that trusted the DNS service of that portion of the hierarchy.
Granted, I'm neither a system administrator nor an expert in DNS, but given the proliferation of Internet assholes, I'm liking this idea more and more...
check this out... [some URL that I've edited out but had "osama capture" in the filename]The last time I had heard from K was probably about two years ago, after I was laid of from Cox, so in my curiosity, I went ahead and clicked on the link and got a nondescript page.
And nothing happened.
You see, I'm running Linux at work, and those wonderfully magic things that happen when most people go to random web addresses don't always happen to me.
Which in this case would be a good thing.
See, later on, K would send me the following message:
if you get a link from me, don't click on it. it's some kind of virusGiven my natural programmer's curiosity, I went to the site with my text-based browser and found the following line:
<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="<some-junk>" CODEBASE="http:// [a buddylinks.net web address] /ShellInstaller.cab#Version=1,0,0,001">It occured to me that there would be a very nice and easy way of getting rid of said Internet jackasses. If you've ever installed Kazaa Lite, you might know that one of the things installed along with the program is a new Windows hosts file.
Most of the time, the internet has its own way of resolving internet addresses (it's called DNS). If your computer doesn't know what www.joewebsite.com is, it asks another computer if it knows, which can ask another, and so on sort of like that shampoo commercial, but in a more organized and hierarchical fashion. The hosts file, however, is like a personal address book of internet IP addresses--ones which might not agree with what that big hierarchical system might provide.
Your average user will never care to use or even see what's going on in the hosts file. The reason Kazaa Lite installs a new one is the kind folk who make the application have harvested a bunch of the addresses of the more annoying netizens--advertisers, popup purveyors, those kind of guys--and have pointed their addresses at your own.
How does this help? Well, unlike the U.S. Postal Service, the web works on a request basis. You tell your computer "give me google," and it finds google and downloads it. Advertisers sneak their messages in with the messages that you download, essentially piggybacking on things that you request--"hey, computer, while you're getting website A, go to website B and download other crap."
So the hosts file that Kazaa Lite installs has set most of the common "website Bs" around the world to your own address (127.0.0.1), which, if you're the average user, isn't running web server software and doesn't have advertisements. Your web browser tries to find the ad image or the pop up code, and when it fails, it just stops trying. It's like a little workaround for the popup ad problem, at least for that one ad on your computer.
How does this relate to an Instant Messenger virus?
The host file can pretty much eliminate a given offender from the internet for a single computer. Imagine, if you will, taking the domain name of a known virus purveyor (say, www.buddylinks.net), and entering it into the big hierarchical system as 127.0.0.1 or some other innocuous address. That replacement address would effectively blacklist the offending site for all the computers that trusted the DNS service of that portion of the hierarchy.
Granted, I'm neither a system administrator nor an expert in DNS, but given the proliferation of Internet assholes, I'm liking this idea more and more...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2004-02-11 09:42 pm (UTC)Sadly most internet users do not have up to date anti-virus definitions, up to date or any firewall SW or up to date anti-ad sw.
I've been lucky as most of my recent time have been Administrating systems with Lotus Notes e-mail instead of MS-Exchange, many viruses are ineffective since only targeted for Outlook/Outlook Express (But then again most people will also use their Outlook/Outlook Express for personal e-mail). Although my Lotus Notes users would be succeptable to your example due to them still using IE and such.
Re:
Date: 2004-02-12 02:09 pm (UTC)Yeah, but it'd be lovely to see Administrators gang up on a given site and say, "Sorry, you're a bad netizen, you'll hereby get no more traffic from us." AOL (despite their eternal September userbase) would have an enormous amount of power in this regard.
umm...actually maybe that's a bad idea....:{
Re:
Date: 2004-02-12 03:11 pm (UTC)