I need a lock

Discussion in 'other software & services' started by bellgamin, Dec 24, 2009.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Is there a cheap, simple program whereby I can password-protect my HOSTS file, but that file will still be usable by my browsers?
     
  2. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    The only thing I can think of is to change the host file attribute to read-only and activate and elevate UAC if you have Windows 7. This will prevent others from changing your hosts file because your OS is password protected. Other than that, I wouldn't know what would work.

    SourMilk out
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Thanks, but (for various reasons) I really need a separate program for locking files.
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Hi bellgamin,
    Not exactly what you've asked for, but... SpywareBlaster can encrypt and create a backup of your HOSTS file.
    That work for ya?
     

    Attached Files:

  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Thanks, but I don't think that would work. If HOSTS were encrypted, then my browsers couldn't use it. I need HOSTS to remain usable -- while at the same time being password-protected from being written to..
     
  6. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    it keeps ur host file working, it just creates an encrypted copy of it so that if the one ur using ever gets corrupted or w/e it can be replaced by ur backup.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Simplest solution is to grant or deny rights via the OS. If you run as admin, you are in trouble. If you run as less than admin, it is easy. But even as admin, you could set the rights so that even admins cannot modify it. You can script this so that you could have a 'toggle' effect, where you run script A to set rights to read only for everyone, and script B to set rights to modify to admins only. There are probably other methods as well using built in methods. At least, that is my opinion.

    Sul.
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    If you are running on x32, another possibility would be to use Sandboxie. Under Sandbox Settings you could add the hosts file to the Read-Only Access list to prevent it from being modified by programs running in the sandbox (e.g. browsers).
     
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    It would be interesting to see if this is even possible. I don't see how it could be...
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Online Armor can slso be used to protect host files.

    Maybe if you said why you want to do this it would be easier to suggest a solution.

    Pete
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmmm... I wonder why you think some one is after ur hosts file only!!! If it,s malware, then malware is not supposed to attack hosts file only.

    If the file is locked, how browser can access it. Only an advanced HIPS with file read interception can do it but to be frank, it,s not worth the effort IMO. What you want to achieve? What,s the goal? Only the we can think of other solution.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I use HOSTS to block certain websites. I do not want other users to be able to edit HOSTS so as to unblock those sites.

    Things that work but I don't want to do them (for sundry reasons) . . .

    1) I do not want to use LUA {please do not lecture me on this :p }

    2) I do not want to use OpenDNS to block those sites (REASON: From Hawaii, at present, OpenDNS is slower than other DNS options, according to DNS Benchmark)

    As to the excellent suggestion to use Online Armor (OA) -- My HIPS is Malware Defender (MD) rather than OA. MD can be password protected. It can also be set to Deny any attempts to write to HOSTS -- IF AND ONLY IF I can figure out how to write a rule to that effect (duhhh). In other words -- Rule suggestions would be very much appreciated.

    Mele Kalikimaka to all of you from Hawaii-nei. :thumb:
     
  13. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Please open command prompt and type this in:
    Code:
    cacls c:\windows\system32\drivers\etc\hosts
    This should return the rights of the default Users, Power Users, Admins and System. You should see only Admins and System have Full rights, all other have Read rights. If this is the case, you are set.

    Now create two batch files, I called them:

    Host_lock.bat
    Code:
    cacls c:\windows\system32\drivers\etc\hosts /e /p administrators:r
    and

    Host_unlock
    Code:
    cacls c:\windows\system32\drivers\etc\hosts /e /p administrators:f
    And there you have it, a batch file to lock the file, and one to unlock it. This should take care of the most basic threats. Perhaps a more advanced threat might examine permissions and use cacls to undo this. Maybe cacls should be listed in SRP as denied normally.

    Simple and free, my favorite kind.

    Sul.
     
  14. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
  15. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Last edited: Dec 25, 2009
  16. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    You can set Malware Defender to allow access to the HOSTS file only to apps of your choice. I believe svchost.exe is the only program that needs access. Browsers don't access it directly (unless you have dnscache turned off, maybe... not sure) If you log access with MD, you can find out what else is accessing the file.
     
  17. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    any other simple and freeware solutions to locking of host files?
     
  18. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    Happy that a solution has been found !
     
    Last edited: Jan 17, 2010
  19. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    Yes, when there's a will, there's a way !
     
    Last edited: Jan 17, 2010
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yep. That's the method I chose.

    Thanks!
     
Loading...
Thread Status:
Not open for further replies.