Audit Square Advisory

Table of contents:

How to setup hosts and lmhosts.sam?

Permanent link:

https://auditsquare.com/advisory/windows/how-to-setup-uac

In Windows system there are many configuration files, two of them are hosts” and “lmhosts.sam” files.

What is the “hosts” file?

The hosts file is used by an operating system to map hostnames to IP addresses. It is a plain text file, and is conventionally named hosts.

The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names. Each field is separated by white space (blanks or tabulation characters). Comment lines may be included; they are indicated by a hash character (#) in the first position of such lines. Entirely blank lines in the file are ignored. For example, a typical hosts file may contain the following:

# This is an example of the hosts file
127.0.0.1  localhost loopback
::1        localhost
127.0.0.1  www.unwantedsite.com

The Hosts file today seems to be more used for blocking unwanted web sites.

What is the “lmhosts.sam” file?

The LMHOSTS (LAN Manager Hosts) file is used to enable Domain Name Resolution under Windows when other methods, such as WINS, fail. It is used for NetBIOS name resolution. [Source: Wiki, DCIT]

Why is it a security issue?

These configuration files could be misused for unwanted redirection to a phishing site by malware applications. User could type well-known address of his bank, but is redirected to bank phishing site, because of record in the configuration file.

How to fix it?

Using GUI

There is no special GUI for these settings, you have to use Windows Explorer or some File manager application.

  • Host file is in Windows located in %SystemRoot%\system32\drivers\etc\, where %SystemRoot% is usually C:\Windows
  • LMHOSTS file is in Windows located in %windir%\system32\drivers\etc\ , where %windir% is usually C:\Windows

These files should be empty or each line should begin with “#“ character. There are exceptions, for example if you are using some “immunization” software like Spybot Search & Destroy.

Using a group policy

It is not possible to easy setup this policy in group policy. You can use some scripts, but it is over this manual (you can try to contact us).