Need to actively enable hosts?
Surely the simple solution here is for M$ to implement one of the security fixes that would require local host file lookup to be actively enabled?
The vast majority of users don't use it and probably don't even know its there. Now that it can be exploited in such a way it is a clear security vulnerability, ESPECIALLY given most windows users have read/write permissions to this file.