Testing Microsoft Security Essentials + the Hosts file

Page 1 of 2 12 LastLast

  1. Night Hawk
    Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       New #1

    Testing Microsoft Security Essentials + the Hosts file


    October 23, 2009 - 10:23 P.M.

    Testing Microsoft Security Essentials and the Hosts file

    Computers on the Internet address each other with numbers. What appears as computerworld.com to a human being is 65.221.110.98 to a computer. The system that translates between names and the underlying numbers (really IP addresses) is called DNS and it works very well. Too well, for some bad guys.

    Many years ago, before the Internet, the translation between computer names and numbers was done by a file on each computer called the "hosts" file. Needless to say, as the number of computers got large, maintaining a hosts file on every computer became unrealistic. Now, when a computer is called on to reference another computer by name, it first makes a call into the DNS system to retrieve the underlying IP address.

    Why the history lesson?

    Microsoft never retired the hosts file* and bad guys abuse it.
    For example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating. Another tactic is to change the entry for bank websites. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords.
    More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs
      My Computers
    Quote Quote

  3. tw33k
    Posts : 3,028
    Windows 7 Ultimate (x64) SP1
       New #2

    Very good find
      My Computer
    Quote Quote

  4. zx81
    Posts : 285
    Windows 7 Home Premium x64
       New #3

    Thanks for the information, I did know a little about the hosts file, but I did not know how some abusers prevented a windows user from updating virus software.

    Have a nice day!

    zx81
      My Computer
    Quote Quote

  6. hackerman1
    Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       New #4

    hi !

    THANKS Night Hawk !

    the article points to a very good advice: "DO NOT RUN AS ADMIN !"
    you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
      My Computer
    Quote Quote

  7. Tews
    Posts : 11,840
    64-bit Windows 8.1 Pro
       New #5

    hackerman1 said:
    hi !

    THANKS Night Hawk !

    the article points to a very good advice: "DO NOT RUN AS ADMIN !"
    you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
    +1 Sound advive!!
      My Computer
    Quote Quote

  8. logicearth
    Posts : 5,642
    Windows 10 Pro (x64)
       New #6

    Microsoft never retired the hosts file* and bad guys abuse it.
    Ooooooooh so I imagined the hosts file in Linux/Mac OS/Unix did I?
    http://en.wikipedia.org/wiki/Hosts_file

    By default, the hosts file is used before DNS, a poor design decision by Microsoft.
    Okay....makes me question the knowledge of the writer...Microsoft did not design the hosts file. It has always been used BEFORE DNS. And it is in fact helpful to have it come before a DNS request.
    Last edited by logicearth; 25 Oct 2009 at 11:29.
      My Computer
    Quote Quote

  10. hackerman1
    Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       New #7

    hi !

    thanks again Night Hawk, i just checked my HOSTS-file, and found an "empty" (default) file !

    it seems i had completely forgotten to update it, after i reinstalled W7 a few days ago...

    but itīs no big problem, i got other security-software running,
    A2 checks every site, actually it even checks the links on the pages i visit,
    thatīs because iīm using Firefox 3.5 which has DNS-prefetching.

    however, after updating the HOSTS-file MSE did gave me a warning,
    if i remember correctly it was something like: "unrecognized file, submit to Microsoft for analysis ?", which is a bit weird...

    anyway, MSE reacted to the modified HOSTS-file !

    but when i modified it a second time, just to check the warning message again, it didnīt react !?

    Winpatrol is a very nice *FREE* program, recommended by experts,
    it will give you a warning if your HOSTS-file its modified.

    BillP Studios - WinPatrol 2010

      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #8

    Hopefully with the ongoing testing of MSE, this will be fixed.

    When I see an infected machine ... one that has an obviously messed up Hosts file... I have the OP download Hosts File Manager HostsXpert v4.3
    This restores Microsoft's Hosts file. Flushing DNS comes next.

    You may also want to read more about the Hosts file here: http://www.mvps.org/winhelp2002/hosts.htm
      My Computer
    Quote Quote

  12. echrada
    Posts : 1,402
    Windows 7 Ultimate x64
       New #9

    Thanks Jacee.
      My Computer
    Quote Quote

  13. hackerman1
    Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       New #10

    hi !

    update:
    i changed UAC to max.
    i then tried to modify the HOSTS-file, UAC immediately reacted and asked for "ADMIN-permissions" !
    i then tried to rename the HOSTS-file, which gave the same result.

    this once again shows why it is so important to have UAC on !

    so actually itīs no big deal if MSE doesnīt react to changes to the HOSTS-file, since UAC does...
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Which is better? I have AVG 9 til 2018, full version, but I'm considering MSE. Which is better? Which do you use?
Is the above enough security or should I be going for an anti-virus program as well?
Just got this in email this morning asking if I wanted to keep participating in the Ongoing Beta Program for Microsoft Security Essentials: MSE 1.0.1611 (RTM) MSE 1.0.1676 (Beta)
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 Đ Designer Media Ltd
All times are GMT -5. The time now is 11:45.
Find Us