False Positives on custom HOSTS file

Many of us use custom HOSTS file to prevent sites that contain
advertisements, spyware, and other nasties.

I would urge Microsoft to exclude from their Anti-Spyware program any hosts
entries which resolve to:

127.0.0.1
localhost
127.1
0.0.0.0

We use these commonly to prevent sites we dont want.
For example:

127.1 ad.preferences.com
127.1 ads.doubleclick.com
127.1 ads.infospace.com
127.1 ads.msn.com
127.1 ads.switchboard.com
127.1 ad.linkexchange.com
127.1 ads.enliven.com
127.1 oz.valueclick.com
127.1 banner.linkexchange.com
127.1 commonwealth.riddler.com

-L

LNC,
I have all those entries and many more in my HOSTS file
and *none* of the entries were detected ...
____________________________________________________________
Mike Burgess [MVP Internet Explorer] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 01-04-05]
Please post replies to this Newsgroup, email address is invalid
--

"Locke Nash Cole" <junkmauler@hotmail.com> wrote in message
news:ev50MBE9EHA.2468@cpmsftngsa05.privatenews.microsoft.com...
> Many of us use custom HOSTS file to prevent sites that contain
> advertisements, spyware, and other nasties.
>
> I would urge Microsoft to exclude from their Anti-Spyware program any
> hosts entries which resolve to:
>
> 127.0.0.1
> localhost
> 127.1
> 0.0.0.0
>
> We use these commonly to prevent sites we dont want.
> For example:
>
> 127.1 ad.preferences.com
> 127.1 ads.doubleclick.com
> 127.1 ads.infospace.com
> 127.1 ads.msn.com
> 127.1 ads.switchboard.com
> 127.1 ad.linkexchange.com
> 127.1 ads.enliven.com
> 127.1 oz.valueclick.com
> 127.1 banner.linkexchange.com
> 127.1 commonwealth.riddler.com
>
> -L
>

Several were detected here as well, we redirect many such
sites as well. our detection complained about
adwords.google.com being redirected .. and for
reference this is not the first entry in the host file
either. in fact it appears on line 2097. So the scanner
did not complain about many sites, but for some reason
picked this one out of 4108 entries in the file.

>-----Original Message-----
>LNC,
>I have all those entries and many more in my HOSTS file
>and *none* of the entries were detected ...
>_________________________________________________________
___
>Mike Burgess [MVP Internet Explorer]
http://www.mvps.org/winhelp2002/
>Blocking Spyware, Adware, Parasites, Hijackers, Trojans,
with a HOSTS file
>http://www.mvps.org/winhelp2002/hosts.htm [updated 01-04-
05]
>Please post replies to this Newsgroup, email address is
invalid
>--
>
>"Locke Nash Cole" <junkmauler@hotmail.com> wrote in
message
>news:ev50MBE9EHA.2468@cpmsftngsa05.privatenews.microsoft.
com...
>> Many of us use custom HOSTS file to prevent sites that
contain
>> advertisements, spyware, and other nasties.
>>
>> I would urge Microsoft to exclude from their Anti-
Spyware program any
>> hosts entries which resolve to:
>>
>> 127.0.0.1
>> localhost
>> 127.1
>> 0.0.0.0
>>
>> We use these commonly to prevent sites we dont want.
>> For example:
>>
>> 127.1 ad.preferences.com
>> 127.1 ads.doubleclick.com
>> 127.1 ads.infospace.com
>> 127.1 ads.msn.com
>> 127.1 ads.switchboard.com
>> 127.1 ad.linkexchange.com
>> 127.1 ads.enliven.com
>> 127.1 oz.valueclick.com
>> 127.1 banner.linkexchange.com
>> 127.1 commonwealth.riddler.com
>>
>> -L
>>
>
>
>.
>

In addition the HOSTS file is managed by a logon script
from the domain. the spyware realtime popped up said the
file was being changed and gave the user the option to
get out.. that will not work.

Mike,

I think it depends on which hosts you have in there, not the actual function
of redirecting hosts. It counted several of mine as spyware when actually
they are manual entries by me to PREVENT spyware :P

-L

"Mike Burgess" <winhelp2002@spamthis.com> wrote in message
news:Of4R6LE9EHA.2344@CPMSFTNGSA04.privatenews.microsoft.com...
> LNC,
> I have all those entries and many more in my HOSTS file
> and *none* of the entries were detected ...
> ____________________________________________________________
> Mike Burgess [MVP Internet Explorer] http://www.mvps.org/winhelp2002/
> Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
> http://www.mvps.org/winhelp2002/hosts.htm [updated 01-04-05]
> Please post replies to this Newsgroup, email address is invalid
> --
>
> "Locke Nash Cole" <junkmauler@hotmail.com> wrote in message
> news:ev50MBE9EHA.2468@cpmsftngsa05.privatenews.microsoft.com...
>> Many of us use custom HOSTS file to prevent sites that contain
>> advertisements, spyware, and other nasties.
>>
>> I would urge Microsoft to exclude from their Anti-Spyware program any
>> hosts entries which resolve to:
>>
>> 127.0.0.1
>> localhost
>> 127.1
>> 0.0.0.0
>>
>> We use these commonly to prevent sites we dont want.
>> For example:
>>
>> 127.1 ad.preferences.com
>> 127.1 ads.doubleclick.com
>> 127.1 ads.infospace.com
>> 127.1 ads.msn.com
>> 127.1 ads.switchboard.com
>> 127.1 ad.linkexchange.com
>> 127.1 ads.enliven.com
>> 127.1 oz.valueclick.com
>> 127.1 banner.linkexchange.com
>> 127.1 commonwealth.riddler.com
>>
>> -L
>>
>
>

"Locke Nash Cole" <junkmauler@hotmail.com> wrote in message
news:ev50MBE9EHA.2468@cpmsftngsa05.privatenews.microsoft.com...
>
> Many of us use custom HOSTS file to prevent sites that contain
> advertisements, spyware, and other nasties.
>
> I would urge Microsoft to exclude from their Anti-Spyware program
any
> hosts entries which resolve to:
>
> 127.0.0.1
> localhost
> 127.1
> 0.0.0.0
>
> We use these commonly to prevent sites we dont want.
> For example:
>

{Snip}

Hi Locke,

I agree in general.

I could be wrong, but I think that MSAS actually watches for changes
to the HOSTS file rather than looking at what is actually in there.

Nevertheless, I do think that a change to HOSTS that *adds* a
reference such as:

127.0.0.1 aaa.bbb.ccc

should be accepted by default and a setting allowed to change such
behavious. My reasoning is that the worst that this can do is block
access to a site - it cannot cause someone to get infected (as far as
I know).

Happy to be corrected....

Alan.