From: gufus on
Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):


DO> I believe the IT department was thoroughly scanning all machines
DO> because some malware had shut down quite a few accounts. (The host
DO> file has out there 2 years without trend ever balking).

I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was full of
redirections. You should tell your IT department to make this file
READ-ONLY.

--
With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca


From: FromTheRafters on
"gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote in message
news:Z3Qsn.133240$0N3.84100(a)newsfe09.iad...
> Hello, Duh_OZ!
>
> You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):
>
>
> DO> I believe the IT department was thoroughly scanning all machines
> DO> because some malware had shut down quite a few accounts. (The
> host
> DO> file has out there 2 years without trend ever balking).
>
> I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was
> full of redirections. You should tell your IT department to make this
> file READ-ONLY.

It doesn't help when the malware runs as admin.:o)


From: gufus on
Hello, FromTheRafters!

You wrote on Wed, 31 Mar 2010 18:49:01 -0400:

FL>> I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was
FL>> full of redirections. You should tell your IT department to make this
FL>> file READ-ONLY.

F> It doesn't help when the malware runs as admin.:o)

True!

It helps on /most/ malware.

--
With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca


From: Duh_OZ on
On Mar 31, 5:32 pm, "gufus" <stop.nospam.gb...(a)shaw.ca> wrote:
> Hello, Duh_OZ!
>
> You wrote on Wed, 31 Mar 2010 15:05:44 -0700 (PDT):
>
>  DO> I believe the IT department was thoroughly scanning all machines
>  DO> because some malware had shut down quite a few accounts.   (The host
>  DO> file has out there 2 years without trend ever balking).
>
> I'm assuming the HOSTS file used by Microsoft TCP/IP for Windows was full of
> redirections. You should tell your IT department to make this file
> READ-ONLY.
>
> --
> With best regards, gufus.  E-mail: stop.nospam.gb...(a)shaw.ca

I put it out there when the user had admin rights. I figured it
would be an extra layer of protection and once he left no more admin
rights, hence the poor host file sits never updated (2008).

IIRC AdAware may also comment out 'some valid' host entries?

At least it wasn't like what symantec did to a company my sister works
at. Seems an update killed internet connections (on quite a few
computers) so while she was visiting she had to disable the AV in
order to get to the web. On the plus side no malware could get in
since she couldn't get out while it was running!
From: gufus on
Hello, Duh_OZ!

You wrote on Wed, 31 Mar 2010 20:27:38 -0700 (PDT):

DO> IIRC AdAware may also comment out 'some valid' host entries?

QUOTE:

# This file contains the mappings of IP addresses to hostnames. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding IP name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.microsoft.com # source server
# 38.25.63.10 x.microsoft.com # x client host

127.0.0.1 localhost

--
With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca