False Positives on custom HOSTS file

[Locke Nash Cole]

Many of us use custom HOSTS file to prevent sites that contain
advertisements, spyware, and other nasties.

I would urge Microsoft to exclude from their Anti-Spyware program any hosts
entries which resolve to:

127.0.0.1
localhost
127.1
0.0.0.0

We use these commonly to prevent sites we dont want.
For example:

127.1 ad.preferences.com
127.1 ads.doubleclick.com
127.1 ads.infospace.com
127.1 ads.msn.com
127.1 ads.switchboard.com
127.1 ad.linkexchange.com
127.1 ads.enliven.com
127.1 oz.valueclick.com
127.1 banner.linkexchange.com
127.1 commonwealth.riddler.com

-L

 

[Mike Burgess]

LNC,
I have all those entries and many more in my HOSTS file
and *none* of the entries were detected ...
____________________________________________________________
Mike Burgess [MVP Internet Explorer] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 01-04-05]
Please post replies to this Newsgroup, email address is invalid

 

[JR]

Several were detected here as well, we redirect many such
sites as well. our detection complained about
adwords.google.com being redirected .. and for
reference this is not the first entry in the host file
either. in fact it appears on line 2097. So the scanner
did not complain about many sites, but for some reason
picked this one out of 4108 entries in the file.

-----Original Message-----
LNC,
I have all those entries and many more in my HOSTS file
and *none* of the entries were detected ...
_________________________________________________________ ___
Mike Burgess [MVP Internet Explorer] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 01-04- 05]
Please post replies to this Newsgroup, email address is invalid
--

com...
Many of us use custom HOSTS file to prevent sites that contain
advertisements, spyware, and other nasties.

I would urge Microsoft to exclude from their Anti- Spyware program any
hosts entries which resolve to:

127.0.0.1
localhost
127.1
0.0.0.0

We use these commonly to prevent sites we dont want.
For example:

127.1 ad.preferences.com
127.1 ads.doubleclick.com
127.1 ads.infospace.com
127.1 ads.msn.com
127.1 ads.switchboard.com
127.1 ad.linkexchange.com
127.1 ads.enliven.com
127.1 oz.valueclick.com
127.1 banner.linkexchange.com
127.1 commonwealth.riddler.com

-L

.

 

[JR]

In addition the HOSTS file is managed by a logon script
from the domain. the spyware realtime popped up said the
file was being changed and gave the user the option to
get out.. that will not work.

 

[Locke Nash Cole]

Mike,

I think it depends on which hosts you have in there, not the actual function
of redirecting hosts. It counted several of mine as spyware when actually
they are manual entries by me to PREVENT spyware

-L

LNC,
I have all those entries and many more in my HOSTS file
and *none* of the entries were detected ...
____________________________________________________________
Mike Burgess [MVP Internet Explorer] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 01-04-05]
Please post replies to this Newsgroup, email address is invalid
--

Many of us use custom HOSTS file to prevent sites that contain
advertisements, spyware, and other nasties.

I would urge Microsoft to exclude from their Anti-Spyware program any
hosts entries which resolve to:

127.0.0.1
localhost
127.1
0.0.0.0

We use these commonly to prevent sites we dont want.
For example:

127.1 ad.preferences.com
127.1 ads.doubleclick.com
127.1 ads.infospace.com
127.1 ads.msn.com
127.1 ads.switchboard.com
127.1 ad.linkexchange.com
127.1 ads.enliven.com
127.1 oz.valueclick.com
127.1 banner.linkexchange.com
127.1 commonwealth.riddler.com

-L

 

[Alan Alan]

Many of us use custom HOSTS file to prevent sites that contain
advertisements, spyware, and other nasties.

I would urge Microsoft to exclude from their Anti-Spyware program any
hosts entries which resolve to:

127.0.0.1
localhost
127.1
0.0.0.0

We use these commonly to prevent sites we dont want.
For example:

{Snip}

Hi Locke,

I agree in general.

I could be wrong, but I think that MSAS actually watches for changes
to the HOSTS file rather than looking at what is actually in there.

Nevertheless, I do think that a change to HOSTS that *adds* a
reference such as:

127.0.0.1 aaa.bbb.ccc

should be accepted by default and a setting allowed to change such
behavious. My reasoning is that the worst that this can do is block
access to a site - it cannot cause someone to get infected (as far as
I know).

Happy to be corrected....

Alan.