Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Testing Microsoft Security Essentials + the Hosts file

25 Oct 2009   #1
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
Testing Microsoft Security Essentials + the Hosts file

Quote:
October 23, 2009 - 10:23 P.M.

Testing Microsoft Security Essentials and the Hosts file

Computers on the Internet address each other with numbers. What appears as computerworld.com to a human being is 65.221.110.98 to a computer. The system that translates between names and the underlying numbers (really IP addresses) is called DNS and it works very well. Too well, for some bad guys.

Many years ago, before the Internet, the translation between computer names and numbers was done by a file on each computer called the "hosts" file. Needless to say, as the number of computers got large, maintaining a hosts file on every computer became unrealistic. Now, when a computer is called on to reference another computer by name, it first makes a call into the DNS system to retrieve the underlying IP address.

Why the history lesson?

Microsoft never retired the hosts file* and bad guys abuse it.
For example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating. Another tactic is to change the entry for bank websites. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords.
More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs


My System SpecsSystem Spec
25 Oct 2009   #2
tw33k

Windows 7 Ultimate (x64) SP1
 
 

Very good find
My System SpecsSystem Spec
25 Oct 2009   #3
zx81

Windows 7 Home Premium x64
 
 

Thanks for the information, I did know a little about the hosts file, but I did not know how some abusers prevented a windows user from updating virus software.

Have a nice day!

zx81
My System SpecsSystem Spec
25 Oct 2009   #4
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

THANKS Night Hawk !

the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
My System SpecsSystem Spec
25 Oct 2009   #5
Tews

64-bit Windows 8.1 Pro
 
 

Quote   Quote: Originally Posted by hackerman1 View Post
hi !

THANKS Night Hawk !

the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
+1 Sound advive!!
My System SpecsSystem Spec
25 Oct 2009   #6
logicearth

Windows 8.1 Pro (x64)
 
 

Quote:
Microsoft never retired the hosts file* and bad guys abuse it.
Ooooooooh so I imagined the hosts file in Linux/Mac OS/Unix did I?
http://en.wikipedia.org/wiki/Hosts_file

Quote:
By default, the hosts file is used before DNS, a poor design decision by Microsoft.
Okay....makes me question the knowledge of the writer...Microsoft did not design the hosts file. It has always been used BEFORE DNS. And it is in fact helpful to have it come before a DNS request.
My System SpecsSystem Spec
25 Oct 2009   #7
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

thanks again Night Hawk, i just checked my HOSTS-file, and found an "empty" (default) file !

it seems i had completely forgotten to update it, after i reinstalled W7 a few days ago...

but itīs no big problem, i got other security-software running,
A2 checks every site, actually it even checks the links on the pages i visit,
thatīs because iīm using Firefox 3.5 which has DNS-prefetching.

however, after updating the HOSTS-file MSE did gave me a warning,
if i remember correctly it was something like: "unrecognized file, submit to Microsoft for analysis ?", which is a bit weird...

anyway, MSE reacted to the modified HOSTS-file !

but when i modified it a second time, just to check the warning message again, it didnīt react !?

Winpatrol is a very nice *FREE* program, recommended by experts,
it will give you a warning if your HOSTS-file its modified.

BillP Studios - WinPatrol 2010

My System SpecsSystem Spec
25 Oct 2009   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Hopefully with the ongoing testing of MSE, this will be fixed.

When I see an infected machine ... one that has an obviously messed up Hosts file... I have the OP download Hosts File Manager HostsXpert v4.3
This restores Microsoft's Hosts file. Flushing DNS comes next.

You may also want to read more about the Hosts file here: http://www.mvps.org/***********/hosts.htm
My System SpecsSystem Spec
25 Oct 2009   #9
echrada

Windows 7 Ultimate x64
 
 

Thanks Jacee.
My System SpecsSystem Spec
25 Oct 2009   #10
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

update:
i changed UAC to max.
i then tried to modify the HOSTS-file, UAC immediately reacted and asked for "ADMIN-permissions" !
i then tried to rename the HOSTS-file, which gave the same result.

this once again shows why it is so important to have UAC on !

so actually itīs no big deal if MSE doesnīt react to changes to the HOSTS-file, since UAC does...
My System SpecsSystem Spec
Reply

 Testing Microsoft Security Essentials + the Hosts file




Thread Tools





Similar help and support threads
Thread Forum
error messages with windows defender, hosts file & microsoft essential
Hi, I can't open my hosts file. i want to block websites. when i right click on the hosts file to run as administrator i get . I cant open windows defender. When i click on it i get error message i can't install microsoft essentials. this just happened recently when i had a virus or malware...
System Security
AVG 9 Internet Security v Microsoft Security Essentials
Which is better? I have AVG 9 til 2018, full version, but I'm considering MSE. Which is better? Which do you use?
System Security
Security Essentials 2011 / 2010 - Rogue Microsoft Security Essentials
Security Essentials 2011 / 2010 - Rogue Microsoft Security Essentials Has Many Faces - Softpedia
Security News
Is Microsoft Security Essentials and Windows Firewall enough Security?
Is the above enough security or should I be going for an anti-virus program as well?
System Security
Free Microsoft Security Tool Kills Microsoft Security Essentials Alert
Free Microsoft Security Tool Kills Microsoft Security Essentials Alert Rogue - Softpedia
Security News
Microsoft Security Essentials Ongoing Beta Testing
Just got this in email this morning asking if I wanted to keep participating in the Ongoing Beta Program for Microsoft Security Essentials: MSE 1.0.1611 (RTM) MSE 1.0.1676 (Beta)
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Đ Designer Media Ltd

All times are GMT -5. The time now is 15:55.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App