Hosts File Protection - Online Armor Firewall Software

Hosts File Protection

One method that could be used to fool you into visiting fake Online Banking sites is DNS Poisoning, or other related attacks.

The HOSTS file is used to store information on where to find computers on the internet - mapping the "human friendly" name to the computer's IP address.

The main functions of the HOSTS file have been taken over by the DNS system - it is not really necessary to maintain one any more - at least for the originally designed purpose.

However, the HOSTS file still works. If you write the IP address of a computer into it, your computer will still use it.

How is a HOSTS file used today?

Today, there is one common use for the hosts file - blocking advertising, dangerous or otherwise unwanted web sites. This is typically done by putting an entry for the website which points to your local machine (127.0.0.1).

e.g. 127.0.0.1 AdvertisingServer.example.org

The problem is that while the HOSTS file can be used for good (see: http://www.mvps.org/winhelp2002/hosts.htm) malicious programs can use the hosts file to either block access to legitimate sites (security sites) or alternatively, redirect traffic from legitimate sites to dangerous sites.

How does Online Armor help to protect me?

Similar to the DNS Check, Online Armor checks your HOSTS file and alerts you if anything changes. You then get the chance to allow, or block those changes.

If you are installing changes to your hosts file from a trusted site such as MVPS then you should allow the changes. However, if you unexpectedly receive a popup regarding this you should be cautious. If the hosts entry ever relates to a bank or financial site such as Paypal.com - you should assume the worst and seek help.