[MICHAELM6]

After a marathon go-round with eliminating System Security 2009 from my computer, I just discovered that Online Armor 3.5.0.14 allowed access to "Hosts files" twice. Shouldn't this be blocked?

I need help on this.

[AKAJohnDoe]

Did you tell OA to track the hosts file? There is a checkbox for that option.

[MICHAELM6]

Sorry I didn't make that clear. OA allowed access to inetavirus.com, which is responsible for the System Security 2009 hijacker. Like many computer users, there are some things that baffle me, and system security is one of them. I thought the point of security programs like OA was to prevent accidental exposure to these dangerous sites. System Security 2009 is a real bear to get rid of, but it appears that I've given permission. Should I go into Hosts and tell it to block it in the future, or is there some other reason why I should allow it?

[hewee]

I think for OA to use the hosts file you have you have to have that option checked.
But if it has it in the host file like this...
#inetavirus.com then it is not blocked because any line in your hosts file with # at the start of the line does not count.
I would check your hosts file to see if all is OK.

Also the newer OA has the whitelist, OASIS where it can say how thing get marked as blocked, trusted etc. If you uncheck those places then your the one that says and marks what gets trusted and if you know better then take the trust away from OA of marking things and do it on your own.

For me I manage my hosts file on my own with hostsman and have WinPatrol to let me know if the host file ever changes so have no need to have OA do the same thing.

[Olivaw]

I think you may misunderstand how the hosts file protection in OA works - have a look at this thread http://onlinearmorpersonalfirewall.b...-problems.html

[AKAJohnDoe]

That is a good point, Olivaw.

If one has the option to track the hosts file activated in OA, and something tries to modify the hosts file, and the pop-up occurs notifying the user of this, and the user the Blocks the modification to the hosts file, I believe the way that OA then works is that it effectively sends all requests for that site to somewhere that will never respond, effectively blocking the site, creating an entry in OA to Allow that block.

Convoluted, eh?

[MICHAELM6]

Thanks. After reading the above link to online armor, it's nice to know that even they admit that it's confusing. Below is what I get in OA Hosts.

Allowed 94.232.248.66 inetavirus.com

There's a check in front of "Allowed" Track changes made to hosts file is checked, and the options are:
green=allowed
red=blocked.
Based on the content of the online armor page, do I block it because I was allowed to be directed to the bad site or allow it?

I know this makes me appear as dense as a bag of rocks (and equally dumb), but I don't want to have to go through the experience of getting rid of System Security 2009 again.

[Phantom010]

Check your HOSTS file.

It's located in C:\Windows\System32\Drivers\Etc.

Examine the content of your HOSTS file. We do not need to worry about any line that begins with an # because it is ignored by Windows. Also, the line "127.0.0.1 localhost" or "::1 localhost" can be safely ignored, because it is a standard entry.

A HOSTS file can be used to control Web page to IP address associations.

Anything else that appears in your HOSTS file without an # at the beginning, apart from the "127.0.0.1 localhost" or "::1 localhost" lines, should be viewed with suspicion when we are trying to diagnose the cause of "Page cannot be displayed" errors. The quickest way to test for HOSTS file involvement is to right click the HOSTS file, then select Rename. Add the letter X to the beginning or end of the file name and then ok your changes. By changing the name of the HOSTS file, we stop your web browser from using it, and therefore resolve any issues caused by the file.

This way, you're sure that your Hosts file won't be used by malicious applications.

[Gizzy]

When using Online Armor another good feature to use is Run Safer http://tallemu.com/webhelp3/KF-RunSafer.html

I set any threatgate (browsers, email clients, etc.) programs to Run Safer since I'm using an Administrator account in windows, it restricts them and adds security, you can even run unknown programs as run safer so that if it turns out to be malicious it can't do as much damage.

Also online armor should have alerted you about System Security 2009 trying to run or install...

[Olivaw]

Michael,

I am using MVPS Hostfile including a lot of nasties. Now if I open my Hosts in OA, they are all appearing in there with allowed and green tickmark shown.

Again, quoting from my original link

Quote:

This then leads to the bizarre status of you having an entry in Online Armor for a bad site (pointing to 127.0.0.1) which is allowed. And that status being perfectly correct and safe.

What it actually means is that the entry is allowed to exist in the hosts file. The hosts file entry then does what it does.

Actually, you can test this fairly simple. Just enter an additional entry to your hostfile for a safe site that you don't need, e.g. a newspaper site. Once you have added it to your host file, check that it is included and shown in OA Hosts. Then try to go to that newspaper site. The host file will prevent you from going there and if anyone tries to mess with the hostfile, then OA will block this, meaning the hostfile cannot be tempered with.

[hewee]

I wonder if OA protects the host file from having other programs delete from it. Like Spybot, Adaware, SUPERAntiSpyware etc.
Then if they have to they do more on a reboot.
Test in the pass Spybot, Adaware and CWShredder removed things that other programs had a lock on or if all was not removed it may remove more at boot up.
Only ZA Pro that I had keep anything from getting to the file to start with. I think lots only alert you of changes so that mean they got to the hosts file but you are alerted when it want to save the new hosts file. ZA never let anything get to the hosts file to start with.
So not sure how OA would do on this. Plus if it does keep the hosts file safe will it also do it at boot up or not I do not know. Plus OA has a option to protect you at boot up but it is unchecked by default.
I ran the test years ago with ZA Pro 4.x and it was back when CWShredder was the thing to us and even before it was taken over by Trend Micro that has not updated it in over 4 years.

[Olivaw]

Afaik, OA alerts you when anything wants to make changes to your hostfile.
In my case this happens each time I update my hostfile via MVPS and I then allow those changes. Maybe it's possible to run a tighter ship and lock things down but you would have to ask the experts at the OA forum for more info.

[hewee]

only thing with OA went you change the hosts file is you need to remember to check the box to remember because that first pop up is only for the first site listed in the hosts file so you will get a pop up for every site listed if you don't check the box to remember.

That old test I did was because of CWShredder. It tell you what you had but I did not know where it was pointing to.
I won WinPatrol Plus and then after running CWShredder to clean things WinPatrol would pop up about changes to the hosts file.
So then I tested it many times and had back ups etc and knew all that CWShredder was deleting was from the hosts file so my PC was always clean and what CWShredder was finding was false.