 |
Windows 7: Testing Microsoft Security Essentials + the Hosts file
|
25 Oct 2009
|
#1 | |
Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case New England |
Testing Microsoft Security Essentials + the Hosts file
Quote: October 23, 2009 - 10:23 P.M.
Testing Microsoft Security Essentials and the Hosts file
Computers on the Internet address each other with numbers. What appears as computerworld.com to a human being is 65.221.110.98 to a computer. The system that translates between names and the underlying numbers (really IP addresses) is called DNS and it works very well. Too well, for some bad guys.
Many years ago, before the Internet, the translation between computer names and numbers was done by a file on each computer called the "hosts" file. Needless to say, as the number of computers got large, maintaining a hosts file on every computer became unrealistic. Now, when a computer is called on to reference another computer by name, it first makes a call into the DNS system to retrieve the underlying IP address.
Why the history lesson?
Microsoft never retired the hosts file* and bad guys abuse it.
For example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating. Another tactic is to change the entry for bank websites. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords. More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs | My System Specs |
| OS Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case
CPU AMD Phenom II X4 975 Deneb 3.6ghz - 965 on new mini tower
Motherboard Gigabyte GA-790XTA-UD4
Memory Kingston Hyper X DDR3 1600 1.5v 16gb - Mushkin on 2nd build
Graphics Card MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
Sound Card Creative Labs X-Fi XtremeGamer - Realtek onooard 2nd case
Monitor(s) Displays 2 x Acer P191W 19" widesscreen - HP 20" widescreen mini towe
Screen Resolution 1440x900 native - 1600x1024 on 7 Pro x64 build
Keyboard Microsoft Recusa Razor - MS Comfort 3000 on second build
Mouse MS Trackball Explorer - A4TECH dual scroll wheel trackball
PSU Corsair 750TX - primary / Corsair CX600 - second
Case Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
Cooling Zalman CNPS9900A
Hard Drives Primary Ultimate x64 build-
WD Black Edition 1tb Sata 6.0 = 2
WD Black Edition 1tb Sata 3.0 = 2 (OS drives)
WD 1tb Green Power sata = 2 1 external
usb flash drives = 18
Second 7 Pro x64 mini tower-
WD Caviar SE 500gb sata II single drive presen
Internet Speed 30mbps upgrade - primary hard wired - mini tower usb WiFi
|
25 Oct 2009
|
#2 | |
Windows 7 Ultimate (x64) SP1 |
| | My System Specs | | System Manufacturer/Model Number tw33k
OS Windows 7 Ultimate (x64) SP1
CPU Intel 3770k 4.6GHz
Motherboard ASUS Maximus V Formula
Memory 8GB (2x 4GB) Crucial Ballistix
Graphics Card Sapphire 7950 (1060/1600)
Sound Card On Board Realtek HD Audio
Monitor(s) Displays 27" Acer B273HU (via HDMI)
Screen Resolution 2048 x 1152
Keyboard Microsoft Wireless 5000
Mouse Microsoft Wireless 5000
PSU Corsair AX750 Gold
Case Corsair Obsidian 800DW
Cooling Corsair H100 (2x AP-121/2x UK-3000 push/pull)
Hard Drives Crucial M4 128GB
2TB WD Black
1TB Samsung F3 SATA
1TB WD Elite External
2TB WD USB 3.0
Internet Speed 5mb/s
Other Info Logitech z-2300 2.1 speakers
Lamptron FC-5 v2
|
25 Oct 2009
|
#3 | |
Windows 7 Home Premium x64 Utrecht |
Thanks for the information, I did know a little about the hosts file, but I did not know how some abusers prevented a windows user from updating virus software.
Have a nice day!
zx81 | | My System Specs | | System Manufacturer/Model Number Dell Inpspiron 1720
OS Windows 7 Home Premium x64
CPU Intel 1720 Core 2 Duo 2.00GHz,800,2M
Memory 4GB 667MHz DDR2 SDRAM (2x2048)
Graphics Card NVIDIA Geforce Go 8600M GT 256MB DDR2
Sound Card SigmaTel
Monitor(s) Displays 17.0" Widescreen WXGA+ (1440x900) TFT with TrueLife
Screen Resolution 1440x900
Mouse Logitech
Hard Drives 2x160GB 5400RPM Serial ATA
|
25 Oct 2009
|
#4 | |
W7-Enterprise + WS-2008 (Converted to Workstation) |
hi !
THANKS Night Hawk !
the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance. | | My System Specs | | System Manufacturer/Model Number Dell
OS W7-Enterprise + WS-2008 (Converted to Workstation)
CPU P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard Intel 850E
Memory 2GB
Graphics Card NVIDIA QUADRO2 PRO 64MB
Sound Card Yes
Monitor(s) Displays Dell 1702FP
Screen Resolution 1280x1024
Keyboard Yes
Mouse Yes, and i also have Cats...
PSU Yes
Case Yes
Cooling Yes
Hard Drives Yes
Internet Speed University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
|
25 Oct 2009
|
#5 | |
Windows 7 Ultimate The Southern Hinterlands |
Quote: Originally Posted by hackerman1  hi !
THANKS Night Hawk !
the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance. +1 Sound advive!!  | | My System Specs | | System Manufacturer/Model Number ASUSTeK Computer INC. CM5675
OS Windows 7 Ultimate
CPU Core(TM) i5 CPU 650 @ 3.20GHz
Motherboard ASUSTeK Computer INC. CM5675
Memory 6.00 GB
Graphics Card Intel(R) HD Graphics
Sound Card Intel HD integtrated
Monitor(s) Displays Samsung 24'
Screen Resolution 1900/1020
Hard Drives (1) INTEL SSD SA2M120G2GC ATA Device (2) ST31000528AS ATA Device
Internet Speed 30mb
|
25 Oct 2009
|
#6 | |
|
Quote: Microsoft never retired the hosts file* and bad guys abuse it. Ooooooooh so I imagined the hosts file in Linux/Mac OS/Unix did I?  http://en.wikipedia.org/wiki/Hosts_file Quote: By default, the hosts file is used before DNS, a poor design decision by Microsoft. Okay....makes me question the knowledge of the writer...Microsoft did not design the hosts file. It has always been used BEFORE DNS. And it is in fact helpful to have it come before a DNS request.
Last edited by logicearth; 25 Oct 2009 at 11:29 AM..
| | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Alienware Aurora ALX R4
OS Windows 7 x64 (SP1)
CPU Intel Core i7-3930K (3.2GHz, Turbo 4GHz)
Motherboard Alienware Aurora-R4 x79
Memory 4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card Nvidia Geforce GTX 690 (Stock)
Sound Card RealTek Integrated Audio
Monitor(s) Displays Dell UltraSharp U3011
Screen Resolution 2560x1600
PSU 875W Some Dell PSU <.<
Hard Drives Samsung P830 256 GB, WD Raptor 150GB, 2x 1TB HDDs
Other Info Dell Inspiron Mini 10v (Intel Atom N270 1.6 GHz; 1GB; Windows 7 Ultimate)
|
25 Oct 2009
|
#7 | |
W7-Enterprise + WS-2008 (Converted to Workstation) |
hi !
thanks again Night Hawk, i just checked my HOSTS-file, and found an "empty" (default) file !
it seems i had completely forgotten to update it, after i reinstalled Windows 7 a few days ago...
but itīs no big problem, i got other security-software running,
A2 checks every site, actually it even checks the links on the pages i visit,
thatīs because iīm using Firefox 3.5 which has DNS-prefetching.
however, after updating the HOSTS-file MSE did gave me a warning,
if i remember correctly it was something like: "unrecognized file, submit to Microsoft for analysis ?", which is a bit weird...
anyway, MSE reacted to the modified HOSTS-file !
but when i modified it a second time, just to check the warning message again, it didnīt react !?
Winpatrol is a very nice *FREE* program, recommended by experts,
it will give you a warning if your HOSTS-file its modified. BillP Studios - WinPatrol 2010 | | My System Specs | | System Manufacturer/Model Number Dell
OS W7-Enterprise + WS-2008 (Converted to Workstation)
CPU P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard Intel 850E
Memory 2GB
Graphics Card NVIDIA QUADRO2 PRO 64MB
Sound Card Yes
Monitor(s) Displays Dell 1702FP
Screen Resolution 1280x1024
Keyboard Yes
Mouse Yes, and i also have Cats...
PSU Yes
Case Yes
Cooling Yes
Hard Drives Yes
Internet Speed University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
|
25 Oct 2009
|
#8 | |
Windows 7 Ultimate 32bit SP1 |
Hopefully with the ongoing testing of MSE, this will be fixed. 
When I see an infected machine ... one that has an obviously messed up Hosts file... I have the OP download Hosts File Manager HostsXpert v4.3
This restores Microsoft's Hosts file. Flushing DNS comes next.
You may also want to read more about the Hosts file here: http://www.mvps.org/***********/hosts.htm | | My System Specs | | System Manufacturer/Model Number Bruce ... somewhere in his 40's
OS Windows 7 Ultimate 32bit SP1
CPU Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard INTEL/D975XBX2
Memory 4 GB
Graphics Card ATI Radeon HD 2600 Pro
Monitor(s) Displays Samsung SyncMaster 914v
Screen Resolution 1280 x 1024
Keyboard Standard PS/2 Keyboard
Mouse Microsoft PS/2 Mouse
PSU Rocketfish 700 W
Case G.Skill Gigabyte Chassis
Hard Drives 2/500GB each ... ST3500630AS ATA Device.
One is not connected
Internet Speed DSL
Antivirus Avira Internet Security
Browser IE 9
Other Info ATI HDMI Audio
|
25 Oct 2009
|
#9 | |
Windows 7 Ultimate x64 Scotland |
| | My System Specs | | System Manufacturer/Model Number Self build
OS Windows 7 Ultimate x64
CPU AMD Phenom II x4
Motherboard Gigabyte 880
Memory 8GB
Graphics Card NVIDIA GeForce HD
Sound Card Realtek HD Audio
Screen Resolution 1920 x 1080
PSU Thermalake 550w
Case XCase
Hard Drives 2 x 1TB
Internet Speed 8MB
|
25 Oct 2009
|
#10 | |
W7-Enterprise + WS-2008 (Converted to Workstation) |
hi !
update:
i changed UAC to max.
i then tried to modify the HOSTS-file, UAC immediately reacted and asked for "ADMIN-permissions" !
i then tried to rename the HOSTS-file, which gave the same result.
this once again shows why it is so important to have UAC on !
so actually itīs no big deal if MSE doesnīt react to changes to the HOSTS-file, since UAC does... | | My System Specs | | System Manufacturer/Model Number Dell
OS W7-Enterprise + WS-2008 (Converted to Workstation)
CPU P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard Intel 850E
Memory 2GB
Graphics Card NVIDIA QUADRO2 PRO 64MB
Sound Card Yes
Monitor(s) Displays Dell 1702FP
Screen Resolution 1280x1024
Keyboard Yes
Mouse Yes, and i also have Cats...
PSU Yes
Case Yes
Cooling Yes
Hard Drives Yes
Internet Speed University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
Testing Microsoft Security Essentials + the Hosts file problems? All times are GMT -5. The time now is 03:10 PM. |  |
Is Microsoft Security Essentials and Windows Firewall enough Security? 
