HOSTS file and Prevx issue

Discussion in 'Prevx Releases' started by m00nbl00d, Jan 9, 2011.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'll try to explain the best way possible...

    So, I've been playing with a hosts file... lots and lots of entries... and optimized for performance.

    Normally, a hosts file has entries like:

    127.0.0.1 domain
    127.0.0.1 domain2
    etc

    But, it's also possible to have it like, and this is just a personal taste:

    0.0.0.0 domain1 domain 2 (up to 9 entries)
    etc

    OK...

    The situation with Prevx is the following:

    I got an alert for Prevx saying:

    This entry -prevx.com (It has no -. It was placed by me to prevent clicking) was added by me in the hosts file.
    But, AFAIK, -prevx.com is not www.prevx.com o_O Prevx also seems to agree, because when I enter -prevx.com I get an alert from Prevx preventing access to that page.

    Two things:

    * Prevx complains about this entry -prevx.com, and then states it is dangerous to enter it o_O

    * Prevx should be able to work with hosts file in the format mentioned. :)
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Very interesting :) I was unaware of the hosts file supporting that format. However, if there is any mention of Prevx or a number of other vendors in the hosts file, Prevx will indeed warn if the resolution of the website is being changed. prevx.com and www.prevx.com do resolve to the same place normally but when it sees any mention of Prevx as being redirected, it considers it a malicious change as malware could do precisely that to block access to Prevx.

    It is worthwhile extending our hostfile parsing to include multiple domains but I think the cautious nature of prevx.com parsing is correct to prevent tampering.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yeah... It's possible.

    Regarding -prevx.com, I think I didn't give much time for things to return to "normality", when entering -prevx.com, hence 0.0.0.0 was still the IP at the moment, which is why Prevx went crazy at that moment, preventing access to that domain.

    There's also one other situation I forgot to mention, which I consider to be a bug o_O, perhaps.
    When Prevx prevents access to xyz domain it asks if the user wants to close the browser, ignore or one other option which I don't recall which one was. If I choose Close, it closes the browser. OK. I choose Ignore, it doesn't close the browser. OK as well. But, then it prevents access to other domains. It's needed to close the browser.

    Could you try to reproduce it? It may be do to the fact I use Chromium, which is not "officially" supported. So, it would be better to kill the doubts. lol
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    When Prevx blocks access to a domain, it prevents any browser from reaching the internet until the user either allows it through or blocks it further (to prevent infections from entering). This could indeed cause the problems you're experiencing, however, we've rewritten this logic in Prevx 4 which makes it much more logical and won't affect other open pages :)

    So, there is light at the end of the tunnel :) In the meantime, blocking websites is relatively infrequent so we don't plan on back-porting the changes to Prevx 3.
     
Thread Status:
Not open for further replies.