Results 1 to 8 of 8

Thread: [Bug] Hosts file leftovers

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default [Bug] Hosts file leftovers

    When you remove the Spybot Hosts file, these leftovers are present:
    Code:
    # Start of entries inserted by Spybot - Search & Destroy
    # End of entries inserted by Spybot - Search & Destroy
    It also keeps the read-only attribute, whereas the default is not to have the Hosts file with read-only.

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Well, these entries do no harm, right? And they may speed up an immunization in the future

    The read-only attribute is to prevent simple malware from writing to it. Since it's a file not written to be the system by default, I don't see any harm in that as well.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  3. #3
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    Malware can still alter and even replace your Hosts file. Malware is an executable file, just like everything else you use. It sends a command line parameter to change the state of the Hosts file from a read-only state to writable. After that it replaces it with whatever it wants. All it does is send the ATTRIB command along with -R.

    That's not very secure if it's that simple to disable the read-only attribute, is it?

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Posts
    144

    Default

    so when does "SpyBot-Tarun" get released???

  5. #5
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    Just saying that if someone wants to remove the Hosts file protection, everything should be removed. Leftovers are considered sloppy.

  6. #6
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Well, if we're about being smart-ass, I'm pretty sure absolutely NO malware would ever send the ATTRIB command What malware would do would be to use kernel32.dll:SetFileAttributes.

    But then, you're going into the general direction of "every protection is useless, because it can be circumvented". The important point is that some silly malware can be stopped there, and an additional layer, however small it is, cannot really harm
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    Quote Originally Posted by Tarun View Post
    Just saying that if someone wants to remove the Hosts file protection, everything should be removed. Leftovers are considered sloppy.
    What I meant by this statement is:
    If a person opts to remove the Spybot S&D Hosts file additions, it should remove all the code, including
    Code:
    # Start of entries inserted by Spybot - Search & Destroy
    # End of entries inserted by Spybot - Search & Destroy

  8. #8
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    So were the remnants removed when you remove the Hosts file Immunizations/"protections"?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •