How to protect the host file in Windows file systems

20100804B04

First of all what is the host file? The Hosts file is like an address book. When you type an address like www.google.com into your browser, the Hosts file is consulted to see if you have the IP address, or “telephone number,” for that site. If you do, then your computer will “call it” and the site will open. If not, your computer will ask your ISP’s (internet service provider) computer for the phone number before it can “call” that site. Most of the time, you do not have addresses in your “address book,” because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

Why is so important to protect the hosts file on your Windows system? Well  the hosts file is unprotected, malware (adware, viruses..) could modify it and insert redirects to perform phishing and hijacking attacks. Such an attack can for example redirect you to a malicious banking website whereby the URL and interface appear to be correct but under the hood the site could use malicious content that tries to collect your bank account credentials.

Now how to protect it? A very simple solution to help prevent unauthorized changes to the hosts file, is to mark it as read-only. To do so, navigate to the hosts file with Windows Explorer – the file is located in the %Systemdrive%\Windows\System32\drivers\etc folder – right-click the file, select Properties, check the Read-only Attribute, and click OK.

z0T7r

Leave a Reply

Your email address will not be published. Required fields are marked *