I guess it is time to start a thread with discussion about "How to protect your HOSTS file".

First things first:


What is the HOSTS file?

See this site:
http://www.accs-net.com/hosts/what_is_hosts.html

Quotes:

"The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block."

- end quotes -

If you like, you can read more about HOSTS at that site.


Maintaining your HOSTS file

Several sites publish frequently free updates for your HOSTS file.
Those updates will add entries to your HOSTS file by which it will block malicious sites.
Of course it is up to you whether you "install" them.

Two examples where you can get those:

1. Hpguru (http://webpages.charter.net/hpguru/hosts/hosts.html)

2.
MVPS (http://mvps.org/winhelp2002/hosts.htm)


Maintaining your HOSTS file -2-

A nice free tool by which you can maintain your HOSTS file, can you find here:
Hostess (http://accs-net.com/hostess/)


Why is it important to protect your HOSTS file

Some malware and some malicious sites will try to make changes to your HOSTS file.
Lots of things can be said about this.
An example:

The IP address of the Wilders-forum ( www.wilderssecurity.com ) is (at this moment): 64.91.226.241
If some malware would add an entry to your HOSTS file like this one for example:
127.0.0.1 www.wilderssecurity.com
then you would never be able to connect to this board, because the IP address 127.0.0.1 is your own computer.


Several means for "protecting" your HOSTS file

There are two different means for protecting your HOSTS file:

1.
Pro-active

This one tries to guard against changes on your HOSTS file.

2.
Warning you after a change has been done


Protecting Pro-active -1-

For an example I would like to point to this site:
http://mvps.org/winhelp2002/hosts.htm

Quotes:

Locking the HOSTS File

There are many of these hijackers that add their own entries to your HOSTS file. This is commonly know as redirects. To add a level of protection you might want to consider making your HOSTS file "read only". You can download a small batch file to accomplish this:

lockhost.bat [right-click - Select: Save Target As] unlockhost.bat (XP\2K)
LockHostsME.bat [right-click - Select: Save Target As] UnlockHostME.bat (98\ME)
To use: place the appropriate files in your Windows folder, create a shortcut to each.

- end quote -


Protecting Pro-active -2-

SpywareBlaster from Javacool can also do it !

See:
- the SpywareBlaster site:
http://www.javacoolsoftware.com/spywareblaster.html
- the SpywareBlaster forum:
http://www.wilderssecurity.com/index.php?board=34



Warning you after a change has been done

Lots of (free or not-free) programs can do this for you.
I mention two:

1.
FileChecker from Javacool:
http://www.javacoolsoftware.com/filechecker.html

2.
TDS-3 with its CRC32-test:
http://www.wilderssecurity.com/showthread.php?t=13740


Remark

Well, I know that I didn't cover everything on this topic.
But I hope that this will start a discussion.

Regards, Jan.

Good idea FanJ,

For Windows 2000 and XP users there is also the possibility to move your hosts file to an unexpected location as discussed in this thread:
http://www.wilderssecurity.com/showthread.php?t=21116


A lot of hijackers still use this way of redirecting, so this is certainly worth discussing.

Regards,

Pieter

The hosts file reader is also very useful in these case to find or move the hosts file

from http://members.shaw.ca/techcd/

it is made by our friend Option^explicit who made Killbox which we use to help solve many problems

Could Javacools File Checker be used to protect this file as well?
Rick

-{ Quote: "Could Javacools File Checker be used to protect this file as well?
Rick" }-


Hi Rick,

Sure it can ! :)
If you use it for that purpose, it will warn you in case your HOSTS file has been changed (FileChecker from Javacool is not pro-active).

Thanks. Didn't see that written in the first post. Need more coffee.
Has anybody tried "toggle hosts" from accs-net? Also seen above where the host file can be moved on 200 and XP. Can this be done on 98?
Rick

-{ Quote: "The hosts file reader is also very useful in these case to find or move the hosts file

from http://members.shaw.ca/techcd/

it is made by our friend Option^explicit who made Killbox which we use to help solve many problems" }-

Aye dvk, I have had it for a couple of weeks now, and it's also VERY handy to edit/change/delete stuff from Hosts WITHOUT having to navigate to C:/WINDOWS/system32/drivers/etc/hosts, do an "Open with....." change... save as *all files [no extension] and backing back out.

Soooo very easy, thoroughly recommend it.

Cheers, TAS

-{ Quote: "Thanks. Didn't see that written in the first post. Need more coffee.
Has anybody tried "toggle hosts" from accs-net? Also seen above where the host file can be moved on 200 and XP. Can this be done on 98?
Rick" }-

I've been using HostsToggle for at least a year now, maybe longer. It's a great little program for quickly enabling/disabling, editing & backing up your hosts file. I've never run into a problem with it.

I don't think it can be moved on 98. I imagine it would've been mentioned if it was possible.

Hi,

The trick described by Pieter, can indeed not be used on Windows 98.
See this thread:
http://www.wilderssecurity.com/showthread.php?t=21116


I use Hostess for maintaining my Hosts file.
With Hostess you can also easily disable/enable your Hosts file.
It simly renames your Hosts file (until you let it rename it back).
But you don't protect it with that.

Cheers, Jan.

I suppose that protecting your Hosts file can also be done in ZAPro.

At this site (http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html#4.5.594.000) I see that in ZoneAlarm Pro version 4.5.530.0 was introduced:

"Host file lock - prevents host file tampering that sends users to spoofed web sites".

Maybe users of ZAPro can confirm that ;)

Zone Alarm does have lock hosts file, located in the firewall settings. Click advanced settings.


;D
Bruce

Thanks, all of you. This is a very useful thread.
Does anybody know where I can find a host file, preferably a maintained one, that can be used for content filtering, such as blocking access to sex/adult sites, etc. Seen ones for blocking advertising and blocking access to known malware sites. I'm looking for one intended for filtering content for younger users. Anybody know if such a one exists or is maintained?
Rick

Hi whoever.

Here mate: HOSTS (http://www.mvps.org/winhelp2002/)

or HERE (http://www.mvps.org/winhelp2002/hosts.htm)

OH first.. get the freebie listed in posts above, to you can edit/etc. your hosts file..

it's currently 157Kb.. has a LOT of entries.. and yes, blocks ads, etc. great.

Cheers, TAS

EDIT: Just did a line count, [I can see no of lines in EDITPAD Lite] and it has OVER 4500 entries.

Also the Hosts file author has it broken up into sections, so you can see which items are blocked. Very easy to see/navigate.

HTH, TAS

There's also the one by hpguru found Here (http://groups.yahoo.com/group/hphosts_support/) or Here (http://www.hostboard.com/cgi-bin/ultimatebb.cgi?ubb=forum&f=7596) or Here (http://webpages.charter.net/hpguru/hosts/hosts.html).

It's about 759KB & contains 24,794 entries.

Hi amerk.... thanks for those links.

Do you have any problems though using one that big?

I have seen some posts previously where they caused a couple of hiccups.

Just curious.. I will give it a try. :)

Cheers, TAS

-{ Quote: "Hi amerk.... thanks for those links.

Do you have any problems though using one that big?

I have seen some posts previously where they caused a couple of hiccups.

Just curious.. I will give it a try. :)

Cheers, TAS" }-

I can't speak for the others here but I haven't had any problems.

I have had some problems with the huge hosts files. Windows 2000 seems to have some real issues with them. XP handles it a lot better.

Regards,

Pieter

-{ Quote: "I have had some problems with the huge hosts files. Windows 2000 seems to have some real issues with them. XP handles it a lot better.

Regards,

Pieter" }-

It has to do with the DHCP Client and DNS Server in Win2000. For more info & how to disable it to speed things up with a large hosts file see the following link.

http://www.pacificnet.net/~bbruce/dmreport.htm

-{ Quote: "I have had some problems with the huge hosts files. Windows 2000 seems to have some real issues with them. XP handles it a lot better." }-
Windows 98 seems to work fine with it. Haven't had any problem, save one entry that needed editing.
Rick
Thanks for the links.

I use hostess and have put together a 1.18 MB HOST file from 9 different sites that maintain various versions of the HOST file. 7 of them still update their list and 2 are older ones that have not been updated in a while. If anyone is interested in such a comprehensive host file they can PM me. When I get home I will update this posting with the links I go to for updating this custom made HOST file.