Are there programs out there that can prevent Hosts from being over-written?

Hosts file protection seems to be sort of downplayed lately. What made me notice is that when my internet searches seemed particularly slow and fruitless I thought I would look at the Hosts file to see if it was intact. It was, but looking at the date on it made me realize that the thing really doesn't get updated anymore.

How common is it for Hosts to get overwritten? How much protection does read-only provide? Is there a program that can protect it from deletion better...or at least warn you when it had been changed?

Hosts is one brick in the security wall, so I'd like it to be solid.



- HandsOff

 

Hi HandsOff,

First of all you have to update the HOSTS yourself from one or more of those available. Do a search on here for them.

Secondly if you have, SpyBot, ZA, or WinPatrol, then these all have an option to write protect the HOSTS file.

You would have to undo the write protection whilst you update the HOSTS of course. Just don't forget to enable it again afterwards.


StevieO

 

hostsman can lock your hosts file too. it can do alot more as well, it's very easy to use - run it and click on the big lock and it will lock the file. click on open hosts file in notepad etc. etc.
http://hostsman.abelhadigital.com/

http://pwp.netcabo.pt/0413933601/abelhadigital/pics/hostsman201.jpg

 

Hi Stevieo-

I do use Spybot and do have that option checked. Only - I'm still not sure what that does. Is that the same level of protection that you have when you just right click the program and check "read only" or is it different. and I am skeptical that you have to uncheck that if spybots is updating the hosts file, otherwise would it not warn you that you should uncheck it for updates? I leave mine checked all the time.

as you can see from my hosts file below, spybot at least used to provide some hosts file entries. They used to update it too. Maybe not anymore.


----------------------------------------
127.0.0.1 .topx.cc
127.0.0.1 /topx.cc
127.0.0.1 www dot sidefind dot com
127.0.0.1 thenewsearch dot com

# End of entries inserted by Spybot - Search & Destroy
----------------------------------------

Here's something I just found out. The immunization does not include the hosts file. I just deleted all my host entries and immunize said I still had all products protected. If you go to tools / hosts you can view the host file, and in this case notice the obvious change, however, you'd never notice a few lines more or less.

Iceni, I will check that website...but...again is this just automating the relatively weak protection of read-only? By the way, I can guarntee the spybot setting doesn't prevent you from editing the file yourself, cause I do that sometimes and get no interference at all. And also, if it gets changed, shouldn't something warn us? Thanks for the tip, though, it may be just the ticket!

I have to admit I have several hosts files, and related products, but as far as i can tell they just allow you to do the same editing that you can do by directly editing the file.

BTW - hopefully you both use the hosts safe in spyware blaster / tools to store an encrypted copy for when you do get your working hosts file deleted...assuming you figure out that it changed...

 

You don't need third party software to protect your Hosts file on Win2K and WinXP systems, just set NTFS permissions on this file so that only the Administrator can write to it with all other users being restricted to Read access only.

This will provide protection as long as you use a non-Admin account for normal usage. If you do use Admin (or an account with Admin privileges) all the time, then all bets are off and you are throwing away a lot of Windows' own security mechanisms.

 

If you only have four !!! entries in SpyBot then something is definately wrong somewhere. There should be hundreds of entries at least.

You also need to ADD to SpyBot Hosts in the tools options.

You say you have several HOSTS files ? I presume you mean you have downloaded these ? I think maybe you havn't merged them together and placed them in the correct place in your computer !

If you install the Program iceni60 has suggested, this will allow you to merge all your HOSTS into one file, and save them correctly in the right place.

This is far superior and quicker and more effecient than trying manually.

Yes thanks i do know about the hosts safe in spyware blaster which i also have.


StevieO

 

to lock it with spybot - in advanced mode goto Tools>IE Tweaks>Lock hosts file...

as it says it makes it read only. hostsman chages the attribute of the file to - RHSA
you can see attributes at the link.

http://www.dmares.com/maresware/html/modify.htm

 

Hi Stevieo, and thanks for the response -

Yes, I do have more than four entries, I was just ommitting them for the sake of brevity. I wanted to establish that spybot had placed entries their, and yet, though I continue to be current on my updates, why was the file not changing? Well, I guess I must be blind, I did not realize that you had to update the host file in the tools...even after specifically looking! Now it all makes sense!

...but for the record you do not have to uncheck the read only protection in order to update the hosts file...at least not with my administrator priveledges. would this be different for a restricted user?

as to my reference to manually editing the registry, I mean when I stumble onto some crummy site I will sometimes add it to my hosts. I dont mean that I try to merge long lists one item at a time, although that would say a lot for my determination to overcome these vermin. And yes, I mean I have many long lists gathered from all over the internet, while only one is actively THE hosts file. The reason most of them are on the bench is that a lot of purveyers of these list can be a tad bit overzealous. I don't want malware, but I can put up with a little nudity, and the occasional off-color joke.

Hello Iceni - Well as long as it has RHSA protection, then I guess I will go with it.

Hi Para - I've been meaning to ask you something for some time now. Just what, exactly, is RHSA protection? As to the admin versus limited accounts, I'm not saying that I would not be more secure if I set up a restricted password for mayself and used it much of the time. In the past I gave it a try, but I have to say, I did not take to it very well. Oh, I used a bit at first, but allot of the things I need and like to do require priveledges. On top of that, I am constantly amazed by the sheer volume of junk the windows demands I maintain, even though I don't want or use them. And it's complicated! I'm only one user and already I see all users, username, admin, current user, default user, shared files, common files, my documents, your documents...As usual, with the microsoft shell game security measures, I would not really know what other people could do, but I sure would know what I could not do. It defies logic. It wastes time.

On the other hand, if you got knowledge and patience to make it work, more power to you!

Incidentally, I've mentioned having to uncheck new.net, ect., in two or three posts now, with, well, a hidden agenda. I have been wondering and waiting to see if someone would say, "What? I never knew that...". As usual, I am the last person to find out!


- HandsOff

 

Iceni -

Just started using the program and it really is a good one. Good documentation too. Cudos!


- HandsOff