Testing Microsoft Security Essentials + the Hosts file

Night Hawk

Night Hawk

caught multibooting
Guru
Gold Member
VIP
Local time
11:59 AM
Messages
8,373
Location
New England
October 23, 2009 - 10:23 P.M.

Testing Microsoft Security Essentials and the Hosts file

Computers on the Internet address each other with numbers. What appears as computerworld.com to a human being is 65.221.110.98 to a computer. The system that translates between names and the underlying numbers (really IP addresses) is called DNS and it works very well. Too well, for some bad guys.

Many years ago, before the Internet, the translation between computer names and numbers was done by a file on each computer called the "hosts" file. Needless to say, as the number of computers got large, maintaining a hosts file on every computer became unrealistic. Now, when a computer is called on to reference another computer by name, it first makes a call into the DNS system to retrieve the underlying IP address.

Why the history lesson?

Microsoft never retired the hosts file* and bad guys abuse it.
For example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating. Another tactic is to change the entry for bank websites. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords.
Click to expand...

More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs
 

My Computers

System One System Two

  • Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.
  • Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
Very good find
 

My Computer

Computer Manufacturer/Model Number
tw33k
OS
Windows 7 Ultimate (x64) SP1
CPU
Intel 3770k 4.6GHz
Motherboard
ASUS Maximus V Formula
Memory
8GB (2x 4GB) Crucial Ballistix
Graphics Card(s)
Sapphire 7950 (1060/1600)
Sound Card
On Board Realtek HD Audio
Monitor(s) Displays
27" Acer B273HU (via HDMI)
Screen Resolution
2048 x 1152
Hard Drives
Crucial M4 128GB
2TB WD Black
1TB Samsung F3 SATA
1TB WD Elite External
2TB WD USB 3.0
PSU
Corsair AX750 Gold
Case
Corsair Obsidian 800DW
Cooling
Corsair H100 (2x AP-121/2x UK-3000 push/pull)
Keyboard
Microsoft Wireless 5000
Mouse
Microsoft Wireless 5000
Internet Speed
5mb/s
Other Info
Logitech z-2300 2.1 speakers
Lamptron FC-5 v2
Thanks for the information, I did know a little about the hosts file, but I did not know how some abusers prevented a windows user from updating virus software.

Have a nice day!

zx81
 

My Computer

Computer Manufacturer/Model Number
Dell Inpspiron 1720
OS
Windows 7 Home Premium x64
CPU
Intel 1720 Core 2 Duo 2.00GHz,800,2M
Memory
4GB 667MHz DDR2 SDRAM (2x2048)
Graphics Card(s)
NVIDIA Geforce Go 8600M GT 256MB DDR2
Sound Card
SigmaTel
Monitor(s) Displays
17.0" Widescreen WXGA+ (1440x900) TFT with TrueLife
Screen Resolution
1440x900
Hard Drives
2x160GB 5400RPM Serial ATA
Mouse
Logitech
hi !

THANKS Night Hawk !

the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
 

My Computer

Computer Manufacturer/Model Number
Dell
OS
W7-Enterprise + WS-2008 (Converted to Workstation)
CPU
P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard
Intel 850E
Memory
2GB
Graphics Card(s)
NVIDIA QUADRO2 PRO 64MB
Sound Card
Yes
Monitor(s) Displays
Dell 1702FP
Screen Resolution
1280x1024
Hard Drives
Yes
PSU
Yes
Case
Yes
Cooling
Yes
Keyboard
Yes
Mouse
Yes, and i also have Cats...
Internet Speed
University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info
W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
hackerman1 said:
hi !

THANKS Night Hawk !

the article points to a very good advice: "DO NOT RUN AS ADMIN !"
you should use a normal "USER-account" and only use your "ADMIN-account" when you really have to, fx. when installing new software or doing system maintenance.
Click to expand...

+1 Sound advive!! :thumbsup:
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
LENOVO K450 @3.0GHZ
OS
64-bit Windows 8.1 Pro
CPU
Core(TM) i5 CPU 4330 Haswell @ 3.20GHz
Motherboard
LENOVO
Memory
12.00 GB
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Intel HD integtrated
Monitor(s) Displays
HP 25' ISP Monitor
Screen Resolution
1900/1020
Hard Drives
(1) ST1000DM003-1CH162 (2) Generic STORAGE DEVICE USB Device (3) Generic STORAGE DEVICE USB Device
Internet Speed
100mb down/10mb up
Microsoft never retired the hosts file* and bad guys abuse it.
Click to expand...
Ooooooooh so I imagined the hosts file in Linux/Mac OS/Unix did I? :sarc:
http://en.wikipedia.org/wiki/Hosts_file

By default, the hosts file is used before DNS, a poor design decision by Microsoft.
Click to expand...
Okay....makes me question the knowledge of the writer...Microsoft did not design the hosts file. It has always been used BEFORE DNS. And it is in fact helpful to have it come before a DNS request.
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
hi !

thanks again Night Hawk, i just checked my HOSTS-file, and found an "empty" (default) file !

it seems i had completely forgotten to update it, after i reinstalled W7 a few days ago...

but it´s no big problem, i got other security-software running,
A2 checks every site, actually it even checks the links on the pages i visit,
that´s because i´m using Firefox 3.5 which has DNS-prefetching.

however, after updating the HOSTS-file MSE did gave me a warning,
if i remember correctly it was something like: "unrecognized file, submit to Microsoft for analysis ?", which is a bit weird...

anyway, MSE reacted to the modified HOSTS-file !

but when i modified it a second time, just to check the warning message again, it didn´t react !?

Winpatrol is a very nice *FREE* program, recommended by experts,
it will give you a warning if your HOSTS-file its modified.

BillP Studios - WinPatrol 2010

http://www.winpatrol.com/
 

My Computer

Computer Manufacturer/Model Number
Dell
OS
W7-Enterprise + WS-2008 (Converted to Workstation)
CPU
P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard
Intel 850E
Memory
2GB
Graphics Card(s)
NVIDIA QUADRO2 PRO 64MB
Sound Card
Yes
Monitor(s) Displays
Dell 1702FP
Screen Resolution
1280x1024
Hard Drives
Yes
PSU
Yes
Case
Yes
Cooling
Yes
Keyboard
Yes
Mouse
Yes, and i also have Cats...
Internet Speed
University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info
W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
Hopefully with the ongoing testing of MSE, this will be fixed. :geek:

When I see an infected machine ... one that has an obviously messed up Hosts file... I have the OP download Hosts File Manager HostsXpert v4.3
This restores Microsoft's Hosts file. Flushing DNS comes next.

You may also want to read more about the Hosts file here: http://www.mvps.org/winhelp2002/hosts.htm
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Thanks Jacee.
 

My Computer

Computer Manufacturer/Model Number
Self build
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II x4
Motherboard
Gigabyte 880
Memory
8GB
Graphics Card(s)
NVIDIA GeForce HD
Sound Card
Realtek HD Audio
Screen Resolution
1920 x 1080
Hard Drives
2 x 1TB
PSU
Thermalake 550w
Case
XCase
Internet Speed
8MB
hi !

update:
i changed UAC to max.
i then tried to modify the HOSTS-file, UAC immediately reacted and asked for "ADMIN-permissions" !
i then tried to rename the HOSTS-file, which gave the same result.

this once again shows why it is so important to have UAC on !

so actually it´s no big deal if MSE doesn´t react to changes to the HOSTS-file, since UAC does...
 

My Computer

Computer Manufacturer/Model Number
Dell
OS
W7-Enterprise + WS-2008 (Converted to Workstation)
CPU
P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard
Intel 850E
Memory
2GB
Graphics Card(s)
NVIDIA QUADRO2 PRO 64MB
Sound Card
Yes
Monitor(s) Displays
Dell 1702FP
Screen Resolution
1280x1024
Hard Drives
Yes
PSU
Yes
Case
Yes
Cooling
Yes
Keyboard
Yes
Mouse
Yes, and i also have Cats...
Internet Speed
University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info
W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
I've been running each install of the betas then RCs with the UAC off and haven't run into any problems with the hosts file. Most of this of course has been addressed in the 64bit 7. And probably one reason for not being vulnerable here.
 

My Computers

System One System Two

  • Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.
  • Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
You must log in or register to reply here.
Back
Top