| ▲ | lousken 4 hours ago |
| How is defender not flagging this? Changing hosts file should raise alarms |
|
| ▲ | Asmod4n 3 hours ago | parent | next [-] |
| Defender warns you this happened. |
|
| ▲ | xattt 3 hours ago | parent | prev | next [-] |
| Can this not be blocked with file permissions? Or a symlink to a file in a ro folder? |
| |
| ▲ | SoftTalker 2 hours ago | parent [-] | | Most software installers demand to be run as root/Administrator. The fact that this is largely seen as acceptable or even sensible is rather silly in this day and age. | | |
| ▲ | deepsun 2 hours ago | parent | next [-] | | Yes, and when apps do request many permissios, I just estimate how reputable the company is. A name like Adobe must be ok, right? | |
| ▲ | cmovq an hour ago | parent | prev [-] | | Software wants to be installed in C:\Program Files so that other software can’t modify their installation without admin permissions. Of course to do that your installer needs to be run as administrator which makes the whole thing rather silly. | | |
| ▲ | tredre3 9 minutes ago | parent [-] | | Software installed through the Windows Store seem immutable enough even though they live in the user's AppData. At least the system prevented me from seeing or modifying the files the last time I tried. I did not try very hard, admittedly, but by contrast modifying something in C:\Program Files is just one UAC confirmation away. |
|
|
|
|
| ▲ | raverbashing 3 hours ago | parent | prev | next [-] |
| I wonder how this works on Windows, if any service overrides/resets it |
|
| ▲ | gjsman-1000 3 hours ago | parent | prev | next [-] |
| The hosts file is not sacred on Windows. Anyone who is administrator can just edit it. I've done it to add domain names to localhost. For anyone hand-wringing over this, this used to be normal. The hosts file was invented a decade before DNS. The end user, or app, would edit their hosts file purposefully after downloading a master copy from the Stanford Research Institute which was occasionally updated. |
| |
| ▲ | jacobgkau 3 hours ago | parent [-] | | > For anyone hand-wringing over this, this used to be normal. People editing hosts files for other reasons was normal (a long time ago-- and it stopped being normal for valid reasons, as tech evolved and the shortcomings of that system were solved). A program automatically editing the hosts file and its website using that to detect information about the website visitor is not the same thing; that usage is novel and was never "normal." | | |
| ▲ | wtallis 3 hours ago | parent | next [-] | | In particular, manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped, and certainly by the time Windows actually had a built-in networking stack. And it was always a red flag for a local app to mess with the hosts file. | | |
| ▲ | anvuong 2 hours ago | parent | next [-] | | Obsolete? My team has an onboard document that spells out lines that needed to be add to host file so they can access internal resources. These are machines directly bought/rented and maintained by the team, so we prefer to use host files instead of going through the company DNS, which is maintained by an entirely different team. | | | |
| ▲ | jeffbee 3 hours ago | parent | prev [-] | | > manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped This claim strikes me as obviously wrong. |
| |
| ▲ | AnthonyMouse 2 hours ago | parent | prev [-] | | Programs adding entries to the hosts file is still pretty normal, e.g. if something that uses a local webserver as its UI and wants you to be able to access it by name even if you don't have an internet connection or may be stuck behind a DNS server that mangles entries in the public DNS that resolve to localhost. | | |
| ▲ | mikkupikku an hour ago | parent [-] | | Programs like that should just be shipped with good documentation. And applications built to be used by normies should almost certainly never be built that way in the first place. |
|
|
|
|
| ▲ | hypeatei 3 hours ago | parent | prev [-] |
| Most users won't care, especially if the Adobe installer warns them that a security warning might popup after installation. Besides, in practice, any malware editing the hosts file isn't going to get much because of HTTPS; one cannot simply redirect "google.com" traffic to their own IP without issue. |
