Technically, the change wasĢ16.92.35.29 #really Īfter saving the hosts file, I verified that was indeed, re-directed to. So I modified the hosts file to send another of my websites, to the gripes site. A website of mine that I haven't updated in years,, has its own IP address. Good thing too, as this is just the sort of thing restricted users shouldn't do.Īn administrator can modify the hosts file and, surprisingly, Security Essentials didn't prevent the modification and didn't object afterward.
This protection is provided by Windows, not by Security Essentials. The first thing I noticed was that a restricted user can't modify the hosts file. Real time protection was enabled during all tests. Both the virus and spyware definitions were version 1.69.64.0. The Virus definitions were created at 2:49AM. The tests were run under Windows XP SP3 on Octousing MSE version. It's easy to test and so I did, as described below. This made me wonder what happens if the hosts file gets modified while MSE is running. On my test Windows XP computer, an unmodified hosts file was left unchanged by the installation of Security Essentials. MSE doesn't always replace the hosts file. This may be a good decision, but it wasn't externalized, Gibson had to figure it out on his own. MSE gave him a new empty file after making a backup of the original. It turned out that when he installed Security Essentials, it replaced his hosts file. One day when he couldn't reference some computers by name, he tracked down the problem to Microsoft's new Security Essentials (MSE).
Gibson is the rare techie that actually uses the hosts file for its original intent. What brings this up, is a recent comment by security expert Steve Gibson on his Security Now podcast. Protecting the hosts file from modification is thus a standard practice for antispyware software. A computer with a maliciously modified hosts file can send someone to a duplicate copy of a bank web site, one that looks totally legit, but is designed to steal userids and passwords.īy default, the hosts file is used before DNS, a poor design decision by Microsoft. Another tactic is to change the entry for bank websites. Microsoft never retired the hosts file* and bad guys abuse it.įor example, screwing up the mapping of names to numbers can prevent antivirus software from self-updating.
0 kommentar(er)
