I need a lock

Is there a cheap, simple program whereby I can password-protect my HOSTS file, but that file will still be usable by my browsers?

 

The only thing I can think of is to change the host file attribute to read-only and activate and elevate UAC if you have Windows 7. This will prevent others from changing your hosts file because your OS is password protected. Other than that, I wouldn't know what would work.

SourMilk out

 

Thanks, but (for various reasons) I really need a separate program for locking files.

 

Hi bellgamin,
Not exactly what you've asked for, but... SpywareBlaster can encrypt and create a backup of your HOSTS file.
That work for ya?

 

Thanks, but I don't think that would work. If HOSTS were encrypted, then my browsers couldn't use it. I need HOSTS to remain usable -- while at the same time being password-protected from being written to..

 

it keeps ur host file working, it just creates an encrypted copy of it so that if the one ur using ever gets corrupted or w/e it can be replaced by ur backup.

 

Simplest solution is to grant or deny rights via the OS. If you run as admin, you are in trouble. If you run as less than admin, it is easy. But even as admin, you could set the rights so that even admins cannot modify it. You can script this so that you could have a 'toggle' effect, where you run script A to set rights to read only for everyone, and script B to set rights to modify to admins only. There are probably other methods as well using built in methods. At least, that is my opinion.

Sul.

 

If you are running on x32, another possibility would be to use Sandboxie. Under Sandbox Settings you could add the hosts file to the Read-Only Access list to prevent it from being modified by programs running in the sandbox (e.g. browsers).

 

It would be interesting to see if this is even possible. I don't see how it could be...

 

Hmmm... I wonder why you think some one is after ur hosts file only!!! If it,s malware, then malware is not supposed to attack hosts file only.

If the file is locked, how browser can access it. Only an advanced HIPS with file read interception can do it but to be frank, it,s not worth the effort IMO. What you want to achieve? What,s the goal? Only the we can think of other solution.

 

I use HOSTS to block certain websites. I do not want other users to be able to edit HOSTS so as to unblock those sites.

Things that work but I don't want to do them (for sundry reasons) . . .

1) I do not want to use LUA {please do not lecture me on this }

2) I do not want to use OpenDNS to block those sites (REASON: From Hawaii, at present, OpenDNS is slower than other DNS options, according to DNS Benchmark)

As to the excellent suggestion to use Online Armor (OA) -- My HIPS is Malware Defender (MD) rather than OA. MD can be password protected. It can also be set to Deny any attempts to write to HOSTS -- IF AND ONLY IF I can figure out how to write a rule to that effect (duhhh). In other words -- Rule suggestions would be very much appreciated.

Mele Kalikimaka to all of you from Hawaii-nei.

 

Please open command prompt and type this in:

Code:

cacls c:\windows\system32\drivers\etc\hosts

This should return the rights of the default Users, Power Users, Admins and System. You should see only Admins and System have Full rights, all other have Read rights. If this is the case, you are set.

Now create two batch files, I called them:

Host_lock.bat

Code:

cacls c:\windows\system32\drivers\etc\hosts /e /p administrators:r

and

Host_unlock

Code:

cacls c:\windows\system32\drivers\etc\hosts /e /p administrators:f

And there you have it, a batch file to lock the file, and one to unlock it. This should take care of the most basic threats. Perhaps a more advanced threat might examine permissions and use cacls to undo this. Maybe cacls should be listed in SRP as denied normally.

Simple and free, my favorite kind.

Sul.

 

A couple of good HOSTS utilities are HostsXpert and HOSTS File Manager.

http://www.funkytoad.com/index.php?option=com_content&view=article&id=13&Itemid=31

http://majorgeeks.com/HOSTS_File_Manager_d5731.html

 

Sully: I had never used Cacls. Pretty cool! I normally surf as a Limited user @ home but this is very useful for Admins users elsewhere.

A Cacls syntax reference... http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cacls.mspx?mfr=true
And one more... http://ss64.com/nt/cacls.html

 

You can set Malware Defender to allow access to the HOSTS file only to apps of your choice. I believe svchost.exe is the only program that needs access. Browsers don't access it directly (unless you have dnscache turned off, maybe... not sure) If you log access with MD, you can find out what else is accessing the file.

 

any other simple and freeware solutions to locking of host files?

 

Happy that a solution has been found !

 

Yes, when there's a will, there's a way !

 

Yep. That's the method I chose.

Thanks!