New
#1
Testing Microsoft Security Essentials + the Hosts file
More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld BlogsOctober 23, 2009 - 10:23 P.M.
Testing Microsoft Security Essentials and the Hosts file
Computers on the Internet address each other with numbers. What appears as computerworld.com to a human being is 65.221.110.98 to a computer. The system that translates between names and the underlying numbers (really IP addresses) is called DNS and it works very well. Too well, for some bad guys.
Many years ago, before the Internet, the translation between computer names and numbers was done by a file on each computer called the "hosts" file. Needless to say, as the number of computers got large, maintaining a hosts file on every computer became unrealistic. Now, when a computer is called on to reference another computer by name, it first makes a call into the DNS system to retrieve the underlying IP address.
Why the history lesson?
Microsoft never retired the hosts file* and bad guys abuse it.
For example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating. Another tactic is to change the entry for bank websites. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords.