..oO(Me Here)
>Beauregard T. Shagnasty wrote:
>>
Micha already answered the point about how a website hijacking the hosts
file isn't possible.
It *IS* possible, that's the point - websites can, and do, do that. Why
does *his* statement pass without so much as a cite whereas mine is
required to produce fact (which I gave). Where are *his* cites? Why do
you believe *his* statement and not mine? Because it supports *your*
point of view?
Just think logically:
1) What is a website? It's HTML and CSS. It's a document, not a program.
You can display it in various formats, but it can't gain kind of an own
life to do funny things to your computer outside its rendering context.
Logical conclusion: A website alone doesn't do that.
2) A browser is just a viewer to display these HTML documents. Even if
there might be some active content like JS embedded into it, it's run in
a sandbox-like environment inside the browser, which itself runs in user
space and doesn't have anything to do with the operating system nor a
way to manipulate it.
Logical conclusion: A good browser doesn't do that.
3) Even if there might be a way to break out of the browser sandbox due
to a buggy plugin or a broken JS implementation, and even if there would
be a way to download and execute some software without the user taking
notice, there's still the operating system (in the Windows world this
means NT/2k/XP - we don't have to talk about the toys 95/98/ME), which
prevents unauthorized accesses to its most important entrails like libs
and system configuration files. The hosts file is not write-accessible
for any regular user, only the system itself and the admins/root are
granted access to modify it.
Logical conclusion: An appropriate system setup doesn't allow that.
Q.E.D.
Of course if you do your daily work with admin privileges (or root on
*nix), then you should never (really never!) complain about problems
with malware or a screwed-up system. Even though it sounds harsh, it's
mostly your own fault and you get what you deserve. Of course you can
also thank MS for not enforcing the creation of a non-privileged user
account on Windows installation, but that's just a part of the problem.
>My hosts file is located here: /etc/hosts
What host file manager would you recommend I use?
There are several freeware ones I used to use before I changed to
OpenDNS. Google Hostfile manager and I'm sure you'll find them.
He's not using Windows, but some kind of *nix system. There all system
configuration files are stored in the /etc folder (you can guess where
MS stol^Wgot the name for its hosts directory from ...)
>And like Micha, I don't have any anti- anything software on my computer
either.
It is true, there is a sucker born ever minute. It's only a matter of
time (if it hasn't happened yet) before you get bent over.
The last virus on my workstation was called Sunday. It's been quite a
while since these old MS-DOS days.
Micha