• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

can programs bypass Windows' "hosts" file?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

jarthel

Member
Joined
Aug 19, 2001
I have a software here that like to phone home every so often. Before you say anything, this is a licensed software that has been paid for.

Uing tcpview (from sysinternal), I found the software is calling home. I just do not like the fact that it needs to call home now and then and I do not know what data (if any) is passed on to the vendor.

so I added the domain to my hosts file. This is the entry I created:

127.0.0.1 domain-here.com.

If I view domain-here.com using a browser, I get an error message which is correct since I do not have a webserver running in localhost.

BUT it seems the offending program is still able to call home. Somehow it is able to bypass my hosts file. In TcpView, the program is using the domain to call home and not its IP.

any ideas (other than install a firewall and blocking the offending domain) on how to prevent the program from calling home?

thank you very much :)
 
ipconfig /flushdns

And how do you domain-here.com in IE is going to 127.0.0.1? Did you check that in your tcpview? The "phone" may be going to a different port, and domain-here.com may not be running on port 80.
 
Does the software have an auto update application? May just be checking for updates periodically.
 
Programs don't need to use the hosts file. The hosts file was just a list of names and IP addresses that has been replaced by DNS. The way that I stop programs from accessing the Internet is to use a firewall. Zone Alarm in my case. I'm guessing that other firewalls have the same ability.
 
Programs don't need to use the hosts file. The hosts file was just a list of names and IP addresses that has been replaced by DNS. The way that I stop programs from accessing the Internet is to use a firewall. Zone Alarm in my case. I'm guessing that other firewalls have the same ability.

Any program needing network access must communicate with the OS network stack. The network stack will communicate with the IP it is given, or if it is given a domain name, will check the local hosts file (whether Windows or other operating system), and only if the name is not found in the hosts file will it check remote DNS servers. Of course it will check cached entries first, hence using ipconfig /flushdns to make sure that it will look in the hosts file. A very easy way to block any program is PeerGuardian. Much less resource-intensive than ZoneAlarm, and does basically the same thing, filters incoming/outgoing connection based on IP. Just make a list of IPs the program is calling, add them to a PG2 list, and enable it as a block list.
 
BUT it seems the offending program is still able to call home. Somehow it is able to bypass my hosts file. In TcpView, the program is using the domain to call home and not its IP.

You cannot determine from tcpview how the program connects. tcpview will just try and resolve the remote ip to a hostname, if one has been configured.

The program can resolve a name like everybody else, it can have the ip hardcoded, it can manually ask a dns server (bypassing the dns in windows, and therefor the hosts file), ...
 
I have a software here that like to phone home every so often. Before you say anything, this is a licensed software that has been paid for.

Here, I must say something. The simple act of denying illegal use in the original post is rather suspicious... The fact that you won't tell us what this software is, or the domain it is attempting to connect to, is even more suspicious.

We could probably help more if you'd tell us what software it is. If you can't do that, then most of us are left thinking you're using this forum for a purpose that is against the rules.
 
Dude said he bought the software. It could be quicktime pro, or some legit (ha!) porn updater. Either way, he said he paid for it, so who cares about what the software is. Not like you can hack out a fix if it's not open source anyways LOL.

Firewall it, if it somehow bypasses internal DNS/hosts entries.

edit: Or make a dns server on your lan and make a manual entry with a bogus IP. I'd go with option A though.
 
Back