Hosts file protection, what apps do it?

Discussion in 'other software & services' started by axial, Apr 6, 2009.

Thread Status:
Not open for further replies.
  1. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Apropos of the recent DNS outages at register.com and some problem that affected some Wilders user access (links below), this blog by Mike Nash of Online Armor is good non-techie description of how the hosts file works and how malware likes to mangle it for their own benefit:

    http://onlinearmorpersonalfirewall.blogspot.com/2009/03/host-of-problems.html

    So my question: are firewalls the only apps that protect the hosts file? Do HIPS apps? Any others?

    Seems like at the very least one could use some sort of a scheduled app to backup the file every hour or whatever; anybody know of any "hosts guard" little apps?

    It seems like the hosts file functionality is transparently ripe for mayhem.

    Wilders access problem threads:
    Was the forum down?
    Why wasn't I able to connect?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    kaspersky HIPS alerts of anything trying to modify the hosts file.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Arovax does. Cyberhawk and Threatfire do. I used to use Arovax, but it and Sandboxie don't play well together. I use cyberhawk a lot as it is a quiet hips, although not near as robust as threatfire or others. It watches the hosts file, and most importantly, has the much sought after allow/deny feature.

    Sul.
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Spy Sweeper, Spyware Doctor, WinPatrol, MJ Registry Watcher and many more I can't think of at the moment...
     
  5. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Thank you -- it sounds like several types of apps protect the hosts file, it's not just firewalls or just spyware apps.

    And, I guess even more important, am I correct that it's NOT anti-virus apps that do it, at least not directly. An AV might stop a virus that could harm the hosts file, if the AV database already had the virus signature, but not proactively protect the hosts file.

    From reading Mike's blog I was thinking how disruptive a relatively easy-to-do hosts file nastiness could be to diagnose, even for users who were reasonably tech-savvy. I don't mean to dramatize here, but couldn't a jiggered hosts file have some of the same effect as confiker, i.e. that the user could potentially not be able to get security updates and even worse, potentially be re-routed to drive-by infected websites.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    my friend got infected with malware last year. his host file was changed to block all antivirus websites.
    norton couldnt update.
    of course not knowing firstly i went to the symantec website trying to get the removol tool but the website wouldnt load correctly.
    so i got the tool from another site.
    then i remembered about one of my fav tools hosts expert from funkytoad.
    i simply pressed the button "restore ms default hosts file" and it was sorted.

    dont forget that you could do this with any OS if the user has enough rights to.
     
  7. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    axial, I believe the green checkmark is associated with the green Date Last Modified: entry on the top right hand corner of the page.
     
  9. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    It does mean that the checkmarked entry is in use by Abbot and/or Costello, the 2 wise guys responsable of those pages :)
     
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    ruinebabine, actually, the 2 guys are Laurel & Hardy. :D
     
  11. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    :oops: Damn, you're right JRViejo, I always intermix those four together!

    --
    «Je suis né très jeune.»
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Good question. Thanks for asking.
    WindowsDefender, when run as a HIPS, will alert to attempts to alter the Hosts file. A user can then permit or deny. And SpywareBlaster offers a Hosts Safe backup feature.
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.