Change Request: Option for approved hosts-file
So, as many others I am looking for a way to keep my local changes to my hosts file, while retaining the option for protection via the "Scan host file"-option in the settings-section of "Vulnerability".
The "Scan host file"-option is useless as it is today for advanced users, and also misleading in the description, as it reads "Checks the file that maps hostnames to IP addresses to prevent DNS hijack attacks", where a more appropriate description would read "Prevents any alteration to the file that maps hostnames to IP addresses to prevent DNS hijack attacks"
As a software developer, I would myself implement this feature with an option to add my own template-file into BitDefender, which would from then on be the only accepted host-file within Windows' "etc"-folder. Any direct alteration to the file would revert the file to the version added within BitDefender.
A further opt-in enhancement would be an option for the subscriber to retain a copy of the host-file within BitDefenders Cloud, so every new installation of BitDefender would automagically, per default, use the approved host-file for that installation.
Do you need a hand implementing this feature? I put my services at your disposal.
Thanks for an otherwise excellent product.
Comments
-
Any thoughts on this matter? Thanks.
1 -
It makes sense. How would one define such a template? IPv4/IPv6/domain based, such as a some form of a list 192.168.1.1 acme.com *.acme.org ?
2 -
Agreed, a simple text file, with the same basic layout as the host-file in the etc-directory, i.e.
[IP] [hostname] [other hostname if needed]
It should be simple to parse each line through a regex parser with matches for data-lines and comments
0 -
The most official standard, which Microsoft adheres to, and most others also, even Apple, would be RFC 952
Link to the documentation:
https://datatracker.ietf.org/doc/html/rfc952
0 -
A note.
The "Scan host file"-option is useless as it is today for advanced users, and also misleading in the description, as it reads "Checks the file that maps hostnames to IP addresses to prevent DNS hijack attacks", where a more appropriate description would read "Prevents
anyalteration to the file that maps hostnames to IP addresses to prevent DNS hijack attacks"Actually this is not accurate. Every host is scanned (IP transformed into hosts with reverse DNS query) into our URL status service, and if it is found to be malware, untrusted, phising etc. it is commented. Otherwise it is not.
0 -
Excellent explanation of the current functionality. Thank you.
So, in my case, I have a hosts-file filled with client-specific DNS resolution entries, each only valid when I'm connected to a specific client's VPN. I use this to help software development and debugging, where host names and host name aliases are an integral part of the infrastructure of the software components.
This is in line with what I experience is a current-world usage of the hosts-file for many power users working with closed, internal subnets of independent clients; local resolution of a client's internal host names at remote sites, where the VPN server does not provide adequate name resolution for whatever reason.
One made-up example could be an internal server at a client site named "client-01", which I might call "client01.[clientname].local", to keep a consistent naming convention and aid in temporary provisioning individual test and debug server endpoints.
It's not that I don't like the idea you have implemented with the scanning of the hosts file, but the implementation relies heavily on your infrastructures ability, via PTR-records and possibly A-records for forward-confirmed entries, to discern what is legit and what is malware, phishing or otherwise malevolent endpoints. I guess the root issue is that PTR and forward-confirmation is not an explicit IETF requirement (i.e. is optional).
Anyway, "Scan host file" is the first option I have to manually disable from all my BitDefender installations. I would actually have liked to keep this option checked and still be able to keep my own entries.
Thanks.
0 -
Noted. I proposed this custom filtering type of hosts scan to the team and management. I am not sure at this time when and how it will be done, but now that I started, I will continue pushing to implement this.
0
