What the..? How did doubleclick.net manage to alter my Hosts file?

I use a big honkin’ Hosts file to point requests for known ad-servers to a fake IP address.

Sometime during the last few weeks, I started noticing ads from doubleclick.net servers were getting through.

At first, I thought that it was just them adding newly-named servers, so I just kept opening my hosts file and adding the offending server to the bottom of the list, eg: “0.0.0.0 m23.doubleclick.net

I did that a couple of times, until I noticed that one of them that I knew I’d blocked previously, with a subdomain of “ad3.”

I looked a little closer and noticed that every single reference to a doubleclick server had been remarked out. (More than thirty of them, eesh!)

It seems most likely to me that this sort of thing would happen after installing dodgy freeware, but I don’t recall downloading anything apart from the latest version of DivX recently.

I know that DivX has been in bed with Gator, so I wouldn’t put this sort of thing past them, but whatever did this left the Gator servers blocked, and I don’t see any mention of DivX installs altering your hosts file in a cursory web and usenet search.

Anyone else had this experience? Any ideas on who I ought to hunt down and beat into submission for this outrage?

What is the point of this invasive action? Do they really think that someone who has taken the time to specifically block their crap ad servers by name is going to respond positively having that change undone, and motor over to classmates.com? Argh.

I fixed the file and tagged it read-only, but I suspect that folks that would feel comfortable editing your system files may not shrink from changing their attributes, either.

If a program can change the attributes on a file, why bother with write-protection at all? It seems like nothing more than an advisory, and if an arbitrary program can ignore advisories, what purpose does it serve?

Coming from a Unix-based environment, it seems the height of bizarre.

Not sure if you will find this useful, but here is an interesting discussion about how to disable the adware in DivX 5 and DivX Pro 5.

Um, Derleth? This is exactly how Unix works. Any program that you start runs with your permission set, so if it calls chmod() on a file that you own, it’ll successfully change the properties on that file.

-lv

Yes, but in the Unix world, no ordinary user or process running as a user would be able to modify operating system files. Yes, you can set up an account that way in Windows, but it is not immediately obvious to an ordinary user.

Y’know, with Mozilla (I use the Firebird version), you can just right-click on an image and choose “Block images from m23.doubleclick.net.” That’s a lot easier than editing your hosts file.

LordVor: That’s why I’d create that file as root, and make it read-only to all nonroot processes and/or users. A lock like that is a long way from the advisory a Windows read-only permission seems to be.

sigSEGV: That’s correct, that’s absolutely right, but that’s also the first time I’ve ever seen someone top-post on the SDMB. We like to bottom-post here, just like in email and on usenet.

To top-post is to put your reply above the text you’re replying to. It makes everyone else scroll down to figure out what the hell you’re talking about. It’s annoying. Please don’t do it.

The security of OS files depends on the version of Windows you’re running.

If it’s 95/98/Me then there’s no security to speak of anyway. Not a lot you can do here to safeguard yourself except upgrade to an NT, 2000 or XP OS.

On NT3, NT4, 2K, XP and 2K3 the file system permissions are quite Unix-like. Ordinary users don’t have permission to alter the hosts file. By default only the Administrator and System accounts have write access.

Pretty much like Unix, in fact.