Avast 5.0.677 (free)
Windows XP Pro SP-3
I've found no options to configure Avast (free) to have it monitor for changes to the 'hosts' file or to the registry entries where the TCP properties are defined. A DNS changer pest sometimes modifies the 'hosts' file to redirect lookups to their malicious or phish site. Another method is to modify the TCP registry entries that define what DNS server gets used by the host for the DNS lookups (e.g., HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces). If the hosts file gets corrupted with malicious redirects or the TCP properties get changed to point at a malicious DNS server then the user is unaware that the site they intended to visit is not where they end up.
TallEmu's Online Armor, for example, has its DNS Spoofing Protection feature which, as I recall, has their firewall cross-check the DNS lookups with their safe DNS server to check what gets returned by whatever your DNS server (or local redirect using the 'hosts' file) you happen to actually be using. However, that requires another external connect and lookup to do the cross-check. Online Armor also has its Hosts Checker to warn if changes were made to the 'hosts' file. Alas, the DNS Checker and Hosts Checker are only available in payware versions of Online Armor. WinPatrol (even in the free version) has an option to check for and alert on changes to the 'hosts' file (but lacks any check of changes to the TCP properties, like DNS server(s), in the registry).
While some might argue that DNS changers are something that firewalls should be monitoring (for the pest itself but also for their behavior of modifying the 'hosts' files and/or changing the TCP settings in the registry), remember that Avast has its "Web Shield" that is supposed to help protect us from "bad" sites, and that would include phish or malicious sites due to DNS redirection on the user's own host. Monitoring for changes to the 'hosts' file and of the TCP settings in the registry seem to be functions that should be included in Avast's Web Shield. While I am currently using the free version of Avast, these DNS resource monitors don't seem to be even in the paid versions.
