MSAS not properly BLOCKING host file edits

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Has anyone else noticed that MSAS doesn't actually block edits to the hosts
file (using notepad to edit it) until you tell it to block the edit? I often
have to edit my hosts file to test things with web sites. The process I use
to do this is to remove the read only attribute from the file, open it in
notepad, make the edit, save the file, close the file, set the file to read
only. The second I make the change and click Save, I can use the entry I
just added to access that web site, or to ping that host at the IP address
specified, so I know the change has ALREADY TAKEN EFFECT, but it takes
another second or two for MSAS to ask me if I want to "block" the change. If
I click Allow, the changes are allowed to STAY, if I click Block, the changes
are REMOVED, not blocked.

Does anyone know if there are plans to make this feature work correctly, and
in real time watch for changes being made and actually block them until you
click Allow? Because as it stands now, if a program adds things to your
hosts file, and you just leave the alert window sitting there, the changes
have already taken effect and your system is vulnerable.
 
Hello Jinseng,

I remeber read some of the anwsers, but can't recall exactly where, maybe
you can find it first, if you type HOSTS in the box Search For: the box is
under the tittle Discussions in General Discussion on top of the page.

Engel
 
Spybot Search and Destroy will catch these every time if you have the
"hosts" file blocked in Spybot and if you use their Tea Timer function. It
will ask if you want to allow the change "before" the change takes place. If
you disallow - it won't happen.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
Richard, Thanks for the info. I've used Spybot SD in the past, but never
used the Tea Timer function on my own machine. Good to know that other
products do this, so hopefully MSFT will learn from them and make their
offering better. Still kind of surprising that someone signed off on the
current functionality.

Alex.
 
Back
Top