Windows uses a plain-text file, HOSTS, found in %systemroot%\system32\drivers\etc, to pre-define network names for particular network addresses. By default, the only entry in the HOSTS file is localhost, which is set to 127.0.0.1 and used for local loopback. Administrators or users can place their own name/address pairs in HOSTS, and this will allow the system to default to that IP address for that network name at all times. This saves the time involved for a DNS lookup, and cuts down on traffic to the DNS server. Entries in HOSTS can be local network machines (especially if they have fixed addresses that rarely change), or Internet addresses (which also rarely change).

However, one of the hazards of the HOSTS file is that spyware, viruses, worms, or Trojan applications can hijack it. The file is not encrypted or secured -- it's simply a text file -- and its default permissions allow a program to change it freely. Quite a few programs "in the wild" perform unscrupulous network name hijacking by rewriting HOSTS -- for instance, by redirecting all calls to many common websites to an advertising site. There are far worse things that can be done, such as redirecting sensitive information. You can imagine the disaster that such an exploit could cause.

But it's easy to stop this sort of thing: Set the HOSTS file to read-only. Open the containing folder, right-click on the file, select Properties,

    Requires Free Membership to View

check off the "Read-only" box and click OK. This should stop many programs from rewriting hosts, since while they may have permission to edit the file, they will not usually have permission to change its properties. It may also be possible to stop hijacking of the HOSTS file by editing its security information, but setting it to read only is generally much simpler.

Note that if you plan to make deliberate changes to HOSTS, be sure to unprotect it before doing so.


Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!


This was first published in August 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.