removed by prevx in hosts file

Discussion in 'Prevx Releases' started by kasperking, Oct 17, 2010.

Thread Status:
Not open for further replies.
  1. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    hmmmm.......i use hosts file to block ads......prevx flagged a site....asked to fix o_O ..the browser was shut down and a pop up came hosts have been cleared/cleaned or whatever ...then my hosts file look like this o_O
     

    Attached Files:

  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is done when Prevx detects a website you're visiting is being redirected by the hosts file. There isn't a great way around this at the moment other than just clicking 'Allow' on the website - the goal of this feature is to specifically block exactly what you're doing (from a malicious program, of course) but if users legitimately redirect websites, it can indeed have "false positives" like this.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Why don't you make it protect the hosts file in a different manner? Like give a warning when something is trying to write to the hosts file, and then the user allows or blocks. An informed alert should be given, stating that the hosts file poses risk, and if the user is not sure then block it.

    It sure is a much better solution than the current one. Otherwise, it is doing a much better job than malware. Sure, not redirecting, but disabling every entry. :D
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I have to agree with m00nbl00d :thumb:

    Removing ALL the entries in the HOSTS file is absurd :eek:

    Not your fault PrevxHelp i know ;) but this really does need to be sorted, soon.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    just a stupid thought but, what if you set your current host file to read only.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Not stupid at all :thumb: and i'd thought about it too, which is another reason why it's not stupid :D

    I mentioned read only HOSTS to PH before in a thread, and he said ( paraphrasing ) there are ways around it so don't rely on it. Maybe they use these methods ?
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    thanks, I did set all my attributes to read only for it. Will see what happens.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We will be adding this functionality in place :) Just changing the attributes to Read Only isn't enough, however - the protection will be taking place from kernelmode.

    Well, at the moment the warning is saying that it detected a hosts file redirection and then prompts you with a 'Fix' button which will then go through and fix the hosts file entries. The user is given control over this (we don't automatically go through and modify the hosts file) but be sure you click 'Allow' when you receive the prompt and you won't have any issue here when you're legitimately redirecting websites.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I see. Still, my solution is less confusing, and at least it will let the user know what to do, because nothing should be messing with the hosts file (anything) without their permission, and if SafeOnline alerts them for that, with a clear warning, then no issues will occur, I believe.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I agree :thumb: Hosts file modifications as well as a few other system changes will be monitored in a more visible manner to the end user in v4, including straightforward messages warning the user of the change that is occurring.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's great. And, I am giving emphasis to the "straightforward messages". These should be - and, I believe they will! - clear warning messages without all the technical details other applications provide, which I believe is not what Prevx is aiming. ;)
     
  12. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    i think....currently only dr web warns users of any modification in hosts...with the option of correcting/cleaning the hosts or leaving them as they are.....but I've learned to press close rather than FIX in PSO :p
     
Thread Status:
Not open for further replies.