Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Testing Microsoft Security Essentials + the Hosts file


25 Oct 2009   #1

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
Testing Microsoft Security Essentials + the Hosts file

Quote:
October 23, 2009 - 10:23 P.M.

Testing Microsoft Security Essentials and the Hosts file

Computers on the Internet address each other with numbers. What appears as computerworld.com to a human being is 65.221.110.98 to a computer. The system that translates between names and the underlying numbers (really IP addresses) is called DNS and it works very well. Too well, for some bad guys.

Many years ago, before the Internet, the translation between computer names and numbers was done by a file on each computer called the "hosts" file. Needless to say, as the number of computers got large, maintaining a hosts file on every computer became unrealistic. Now, when a computer is called on to reference another computer by name, it first makes a call into the DNS system to retrieve the underlying IP address.

Why the history lesson?

Microsoft never retired the hosts file* and bad guys abuse it.
For example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating. Another tactic is to change the entry for bank websites. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords.
More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs

My System SpecsSystem Spec
.

25 Oct 2009   #2

Windows 7 Ultimate (x64) SP1
 
 

Very good find
My System SpecsSystem Spec
25 Oct 2009   #3

Windows 7 Home Premium x64
 
 

Thanks for the information, I did know a little about the hosts file, but I did not know how some abusers prevented a windows user from updating virus software.

Have a nice day!

zx81
My System SpecsSystem Spec
.


25 Oct 2009   #4

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

THANKS Night Hawk !

the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
My System SpecsSystem Spec
25 Oct 2009   #5

64-bit Windows 8.1 Pro
 
 

Quote   Quote: Originally Posted by hackerman1 View Post
hi !

THANKS Night Hawk !

the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
+1 Sound advive!!
My System SpecsSystem Spec
25 Oct 2009   #6

Windows 8.1 Pro (x64)
 
 

Quote:
Microsoft never retired the hosts file* and bad guys abuse it.
Ooooooooh so I imagined the hosts file in Linux/Mac OS/Unix did I?
http://en.wikipedia.org/wiki/Hosts_file

Quote:
By default, the hosts file is used before DNS, a poor design decision by Microsoft.
Okay....makes me question the knowledge of the writer...Microsoft did not design the hosts file. It has always been used BEFORE DNS. And it is in fact helpful to have it come before a DNS request.
My System SpecsSystem Spec
25 Oct 2009   #7

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

thanks again Night Hawk, i just checked my HOSTS-file, and found an "empty" (default) file !

it seems i had completely forgotten to update it, after i reinstalled Windows 7 a few days ago...

but itīs no big problem, i got other security-software running,
A2 checks every site, actually it even checks the links on the pages i visit,
thatīs because iīm using Firefox 3.5 which has DNS-prefetching.

however, after updating the HOSTS-file MSE did gave me a warning,
if i remember correctly it was something like: "unrecognized file, submit to Microsoft for analysis ?", which is a bit weird...

anyway, MSE reacted to the modified HOSTS-file !

but when i modified it a second time, just to check the warning message again, it didnīt react !?

Winpatrol is a very nice *FREE* program, recommended by experts,
it will give you a warning if your HOSTS-file its modified.

BillP Studios - WinPatrol 2010

My System SpecsSystem Spec
25 Oct 2009   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Hopefully with the ongoing testing of MSE, this will be fixed.

When I see an infected machine ... one that has an obviously messed up Hosts file... I have the OP download Hosts File Manager HostsXpert v4.3
This restores Microsoft's Hosts file. Flushing DNS comes next.

You may also want to read more about the Hosts file here: http://www.mvps.org/***********/hosts.htm
My System SpecsSystem Spec
25 Oct 2009   #9

Windows 7 Ultimate x64
 
 

Thanks Jacee.
My System SpecsSystem Spec
25 Oct 2009   #10

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

update:
i changed UAC to max.
i then tried to modify the HOSTS-file, UAC immediately reacted and asked for "ADMIN-permissions" !
i then tried to rename the HOSTS-file, which gave the same result.

this once again shows why it is so important to have UAC on !

so actually itīs no big deal if MSE doesnīt react to changes to the HOSTS-file, since UAC does...
My System SpecsSystem Spec
Reply

 Testing Microsoft Security Essentials + the Hosts file




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Đ Designer Media Ltd

All times are GMT -5. The time now is 06:21 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33