Results 1 to 3 of 3

Thread: MSE & HOSTS file ... a security problem !?

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Exclamation MSE & HOSTS file ... a security problem !?

    hi !

    "By default, the hosts file is used before DNS, a poor design decision by Microsoft. Protecting the hosts file from modification is thus a standard practice for antispyware software.

    What brings this up, is a recent comment by security expert Steve Gibson on his Security Now podcast. Gibson is the rare techie that actually uses the hosts file for its original intent. One day when he couldn't reference some computers by name, he tracked down the problem to Microsoft's new Security Essentials (MSE).

    It turned out that when he installed Security Essentials, it replaced his hosts file. MSE gave him a new empty file after making a backup of the original. This may be a good decision, but it wasn't externalized, Gibson had to figure it out on his own. "

    the full story: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs

    VERY interesting reading...

    the article points to a very good advice: "DO NOT RUN AS ADMIN !"
    you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to,
    fx. when installing new software or doing system maintenance !

    btw, i just checked my HOSTS-file, and found an "empty" (default) file !
    it seems i had completely forgotten to update it, after i reinstalled Windows 7 a few days ago...
    but itīs no big problem, i got other security-software running, A2 checks every site,
    actually it even checks the links on the pages i visit !
    thatīs because iīm using Firefox 3.5 which has DNS-prefetching.

    however, after updating the HOSTS-file MSE gave me a warning,
    if i remember correctly it was something like: "....unrecognized file, submit to Microsoft for analysis ?", which is a bit weird...
    anyway, MSE reacted to the modified HOSTS-file !
    but when i modified it a second time, just to check the warning message again, it didnīt react !?

    tip #1:
    i read somewhere: "change the attributes of the HOSTS-file and make it "read-only", to help preventing unauthorized changes."
    a good idea, might help.



    tip #2:
    Winpatrol, a *FREE* software recommended by security experts, monitors any changes made on your system, and will give you a warning if your HOSTS-file its modified.

    BillP Studios - WinPatrol 2010

    tip #3:
    you can get a HOSTS-file that blocks dangerous & annoying (advertising) websites here:
    http://www.mvps.org/winhelp2002/hosts.htm
    Last edited by hackerman1; 25th October 2009 at 16:58.

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,559

    Default

    Its time Microsoft retired the Hosts file and found an alternative!

  3. #3
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    update:
    i changed UAC to max.
    i then tried to modify the HOSTS-file, UAC immediately reacted and asked for "ADMIN-permissions" !
    i then tried to rename the HOSTS-file, which gave the same result.

    this once again shows why it is so important to have UAC on !

    so actually itīs no big deal if MSE doesnīt react to changes to the HOSTS-file, since UAC does...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22