Does the Antispyware beta modify the Hosts file?

[Moondoggy]

Can anyone tell me if the beta modifies the Hosts files?
My Hosts file is loaded with ad setting that all point to
the local host address.

 

[Bill Sanderson]

I don't see this, and haven't seen any such facility in the menus.

However, a good many other antispyware products do this.

If what you are seeing are "bad" dns names set pointing to the local host
address, this is likely from one of the other antispyware products.

 

[Donald]

My Hosts file is also loaded with ad setting that also
point to the local address. Is this correct?

 

[plun]

Bill wrote

-----Original Message-----
I don't see this, and haven't seen any such facility in
the menus.

However, a good many other antispyware products do this.

If what you are seeing are "bad" dns names set pointing
to the local hostaddress, this is likely from one of the
other antispyware products.

Thinking in long term I think its better to have a
clean hosts file and let MSAS handle protection.

If we for example look at the mvps.org hosts file.
http://www.mvps.org/winhelp2002/hosts.txt
Something can easily be modified with malware.

So to make it easy for normal users a good advice must be
to only have localhost within the hosts file.

127.0.0.1 Localhost

 

[Moondoggy]

I came into work this morning and looked at my hosts file
on my work PC and it too was modified to included a large
number of advertiser sites all pointing to 127.0.0.1, the
local host address.

I'm guessing that either it is Microsoft's Antispyware
beta or Webroot's Spysweeper, both of which have been
recently tried out on both my home and office machines.

Here is where I draw the line on ad's..... If a web page
contains ads and they don't pop up and by just being on
the page cause no harm to my system then I have no
problems with the ads being there. In my mind the "page
cannot be displayed" being displayed is more annoying
than the ad itself. Most of the time I simply ignore the
Ads anyway.

Regardless of which product changed the hosts file there
should have been something in a help or doc file
informing the user that this modification had taken place
and some option to have or not have your hosts file
modified. For example, in my office users have been
requested to not use the host file at all because of the
potential for internal IP addresses to change with no
user notification. Hosts file override DNS and that is
what you have DNS for is to resolve addresses.

 

[Donald]

When there is a very long list of Host files it would be

helpful if there was another way to block them than one
at a time, at this rate it will take hours. Any
suggestion?

 

[Bill Sanderson]

I agree--as little as possible, so that you don't have to search through the
dross to find something that has been slipped in.

 

[Bill Sanderson]

Please check with Webroot Spysweeper. I don't believe this action is from
Microsoft Antispyware.

 

[Bill Sanderson]

The hosts file is a simple text file located at:

/%windowsroot%/system32/drivers/etc

It is called "hosts" with no extension. If you see a "hosts.sam" that is a
sample file that is identical to an unmodified hosts file. You can rename
the current hosts file to another name (hosts.old, for example),. and copy
hosts.sam to hosts and get back to the original state of the machine.

You can also open the hosts file in notepad and edit it--the syntax for the
lines is given in comments at the start of the file.

This is something to be careful of because it can have perplexing results if
the contents aren't consistent and known--but it isn't nearly as dangerous
as working with the registry, for example. The machine will run fine with
no hosts file at all.

 

[Bill Sanderson]

It isn't a problem, but it is also not a result of running Microsoft
Antispyware.

 

[Moondoggy]

I did check with WebRoot and they claim that their
software will allow you to browse the Hosts file but not
modify it. The also went on to say that their software
in no way modifies the Hosts file. If Webroots claim is
true there are very few possible tools that could have
modifed the Hosts files on two different PC with the
exact same entries in both. I guess I'm still curious
whether others have had the same long list of advertisers
added to their Hosts file?

 

[Bill Sanderson]

Spybot Search & Destroy can place entries in the hosts file. Are you sure
you haven't run that?