HOSTS file (?)

Was reading temerc's site, & I wondered if users of either IE-SPYAD or the MVPS HOSTS approach (or preferably anyone who has tried both) could comment pro-con on these programs.

I recall that Fred Langa wrote that he thought that messing with HOSTS file leads to trouble, but I think many people still use one of above apps.

In our case, I did have Spybot S&D (and/or Spywareblaster?) inject its list into HOSTS file, but as I've read that a big HOSTS file can bog down an XP-XP PRO system, I didn't know how far one can go with this approach before reaching the "too big" limit.

And, as I run a "billion" security apps while online, I've had no trouble yet with idiots (or at least the security programs tell me that this is the case)... I don't know if I even should mess about w/HOSTS file.

Info appreciated, as always. SG1 (Pat)

 

Both protect you against infections of websites and preventing is always better than curing.

IE-SPYAD is for MS Internet Explorer only.
If you install IE-SPYAD and you click on Tools/Options/Security/Restricted sites/Sites-button
you will see the bad websites of IE-SPYAD.

The Windows Hosts File is for all applications, that use it.
The Windows Hosts file wasn't originally developped to protect you against bad websites and that's the problem, because a huge Hosts File will slow down any application that uses the hosts file.
The hosts file is in fact a text-file and you don't use text-files to search data.
Normally you use indexed databases to search data.

The software "Hostsman" is an excellent software to update the Windows Hosts File.
The most reliable and relative small hosts file is MVPS.

 

I have been running both now with WinXP Home Ed for a year with no problems. I did follow the mvps.org instructions for changing DNS Client Service "startup type" to "manual" to avoid any slow-down they refer to with Windows XP. It did seem to speed me up a bit after doing that. I run Avast Free AV (all real-time providers on), McAfee FW, SpywareDoctor (all guards on), and SpywareBlaster. No conflicts with these. No problems with Ewido or Adaware on-demand scanning either.

 

there's a recent Security Now! podcast about the hosts file if you're interested
http://www.grc.com/sn/SN-045.htm

 

There's no place like 127.0.0.1

I love it! Just read it at MSVP.org.

Anyway, I have a host of hosts questions. I did a search just to check on a question I have, namely, does the hosts file only effect browsing with the I.E. or does it effect other things as well.

I did not exactly get an answer, but I did read something that was interesting. They said that hosts was a two way protection because if a program inside your computer attempts to connect using an address that is redirected by hosts then the connection will not take place. But, does that mean only if your default browser is IE, or does it mean that some networking component of XP itself refers to the hosts, so that all browsers will benefit. If this were the case, then It might make sense to be more aggressive with the hosts file than I am.

I guess the big question is, if I never use IE (and I don't) does the host file serve any purpose at all?

- point of interest xp users with large hosts (over 136 kb) should not have the DNS service on automatic start do to it causing long delays.

- point 2 of interest. It also mentions something about somesort of connects that adservers attempt to make that, most naturally you want to block. is it really true that after you install sp2 you are forced to click no every time, with no option to check something that remembers your answer? Man, that would be just like being forced to acknowledge the old idiotic "this sight may not appear right...you don't have your activeX on." So you get to choose from being badgered constantly with the same message over and over and be safe, or to not get badgered and have a big red bullseye painted on your computer.

You know, if I were creating a college admissions application, somewhere in there I would slip in, "do you use internet explorer as your primary browser." That would save a lot of time processing the applications!


-HandsOff

 

Re: There's no place like 127.0.0.1

I've found using the hosts file under various browsers produces different results. As Firefox is my primary browser at the mo, I don't like using a hosts file with that as pages appear with "page cannot be displayed" messages or something similar where the ad/banner was. That, to my mind, is just as bad as having the ad/banner there, and makes the page look cluttered. I've stopped using the hosts file for this reason.

 

Hi TonyW ... it's just because you're using half of the solution.
There's quite a few *host server* that listen on 127.0.0.1:80 and alwais answear with a 1*1 pixel transparent gif ... so you do not see any error message

two of them are:

Blackhole Proxy
http://s91363763.onlinehome.us/BlackHoleProxy/

eDexter
http://www.accs-net.com/hosts/eDexter.html


Another option to host file is Proxy Automatic Configuration (PAC) file :
Host file does not handle subdirectory or particular url...
Pac files does...


here's a nice article that describe host, pac and talk about the two application i mentioned before:

http://www.windowsdevcenter.com/pub/a/windows/2004/03/30/hosts.html?page=1

 

Hi tonyw,

I was seeing that too, but did not realize the host file was the reason (as I have a couple other adblocking products also on the job. I do, however, feel differently about the displayed messages, they actually sort of cheer me up as I idly wonder what would be there.

just as an aside, and probably common knowledge, but Firefox settings in about:config allow you to deactivate blinking text, and gif animations. If it saves one person's sanity, it was worth the effort!

I don't know what the slowdown issue is, but I am doubting it is due to host file, per se. Why? because win 9x, millennium, 2000 (?). are not effected. That would implicate some windows component wouldn't it?

BTW it is spybots that supplies a hosts file download (you have to go to tools > hosts because it is not installed automatically). SWB has the hosts safe, which could be a real timesaver if you ever need to rebuild it.

I was hoping for a simple answer guys! What I am getting is that I will have to read about edexter, ect... and try it out.

f3x, cant you just tell us if hosts is better or the other PAC file? You sound like you know!

Also, dont know if this is true, but can't you choose your own picture with eDexter to replace the ad? That might have some thematic possibilities!


-HandsOff!



P.S. - fx3, those were some good references! Think I may have to jump on blackhole!

 

Or you can use the freeware Hostsman which maintans the Hosts file and can enable a built in proxy:
http://hostsman.abelhadigital.com/

This also has an option to update the existing HOSTS file when needed.
Important! - make sure you select: Default action - Overwrite
(also link to it on mvps.org site)

 

@ MEM .. i currently use hostman... however there was somthing i didnt like on his proxy... i do not remember exactly what tougth

I beleive it has to do that it return alwais a white page, even on dark background.

@HandsOff

thanks for the honor
To be true with you i alwais used host file and first learn about pac on the page i gave ya.

Pac file is javascript: it means more flexibility but it may be slower as it's a script that have to be parsed. It's also browser dependent if i have well read, eg you have to do the work once for ie and once for firefox.

Host is global, and can block advert even in adware application not related to browser. However i have read article advertising not to use it as it mess up window dns and a very long file can have undesirable result.

I beleive there are more help and ressource for building a good host file than pac file ... but that is largely due to the fact i never heard about pac before .

If you go with the host route i hihgly recommand the HostMan as proposed by mem. I curently use it with blackhole.

 

That's why you turn of the DNS feature of Windows. Hostsman has an option under Options. A very long file does have conflicts, such as the Bluetack HOSTS with MS Antispyware back in the day, but otherwise, a HOSTS file SHOULD not have any other conflicts with any other programs. Maybe with your web viewing experience, but that's up to you. ;P

 

Give Homer a try as well if you are looking for a localhost webserver
Its a freebie as well
http://www.funkytoad.com/Homer.htm

 

Hmmm this is still not crystal clear to me at least.

The recommendation of MSVP was to put DNS to manual, not to disable it (am I right?)

And they assert that the problem with the large file size is not seen in other versions of XP, therefore, again, does that not imply that it is not the size of the file that matters, but rather some sort of conflict, I think with the DNS, but maybe with something else in XP?

I bring this up again because, to me, it would seem reasonable to Disable DNS, rather than just put it on manual, then use as large a host file as you like.

Maybe this is a separate question to pose, but I don't want test Bubba, so...Do I really need the DNS? Mine was set (in services.msc) to automatic, but as a test I put it in manual...But as usual, I am not sure of what effect it has had. On the one hand, I've not caught it started. On the other hand, could that be effecting my internet? It seems like my firewall is blocking more stuff with it's web filtering - probably not related, but still, not accountable otherwise.

-HandsOff

 

Re: There's no place like 127.0.0.1

I have a question regarding this:

IF....you return to using the originally installed Microsoft Hosts File only, is it recommended to enable the DNS Client Service back to automatic (since I'm guessing that disabling or switching to manual is for "large" hosts files)?

I kind of agree with you in this regard, Tony, although I'm not sure that it would provide better security (or even improve browsing speed). But strictly from an "appearance" standpoint, I tend to agree.

 

Re: There's no place like 127.0.0.1

u can but it doesnt hurt to leave it disabled (or manual) either.

 

Re: There's no place like 127.0.0.1

To fix this...
1) With Firefox browser running...
2) Enter "about:config" in the address bar (no quote marks)
3) Do a find on "browser.xul.error_pages.enabled" (no quote marks)
4) Change entry for browser.xul.error_pages.enabled to "false" (no quote marks)
5) Shut down then restart Firefox.

The problem should be gone.

 

Nice to see you back 'gamin!

That is an excellent tip, and I plan to try that setting. You really can't call yourself a firefox user until you've changed at least five hidden settings!

I still am hoping someone can explain why I need or do not need the DNS service. I does not seem to used very much. Adding to the confusion is the fact that the black viper himself has suggested automatic for "Safe" users and disabled for "Power Users".

Are there no "Safe Power Users"? Checking again reveals the DNS Client service has not started. I'd like to think that means it's not needed, and not that it is needed, but not smart enough to start when needed! I guess I will do my usual push the red button and see what happens. DNS, you have been terminated!


-HandsOff

*****************************************************************************************
To Whoever wishes to do the about:config change that Bellgamin brought us:

The search string that Bellgamin gave looks correct, however, for some reason the editor does not "find" that line if you include the whole thing, including the underscore. I've noticed that this is a very quirky Find function. Anyway the line is there, and the list is alphbetized and not all that long so you might want to just scroll down until you find it. Failing that if you actually type it, not cut and paste as I did, there should be no problem. (my guess is that there is a conflict in how underscores are handled in search at least in my implementation).

 

most sites recommend u disable DNS or at least set it to manual. however, they also skimp on any info regarding that decision. one site did say this tho:

 

'DNS Client'
As ever check out the dependences! - services, double click dns client/or r/c choose Properties, select dependences.

Some programs, software, may depend on the dns client and will result in the app not working as expected.

 

I don't want to ruin your thread but if your security is not proper tweaked (with software, gpedit.msc/regedit, ..) any host on the whole www would be senseless ..

but yes a good host is something that can not be bad at all, disable

so the chance of having a drag on surfing is smaller .. but atm I am not using one ..
Because there are far more important area's on one man's computer then blocking sites ... (try to not get anything installed (exe's, dll's, ..) that tries your browser to redirect to those sites ..
Regarding the popup-blocging capacitities of an host .. FFX 'with Noscript and with IE-tab for updating ..

if you're an IE fanat, invest in some decent anti-popupware like Admuncher or with something that has a built in host to block them lol

best wishes,

 

You don't really need to invest in much to secure IE.

A nice free shell, like Maxathon, or Avant, that have the ability to TURN OFF ActiveX with a simple click and their built in popup blocker/ad filtering should suffice for most cases.

I'm using Maxathon with KillFlyingFlashAd plugin with a HOSTS file and IEspyAD and I haven't seen an ad in ages. Much less a popup.

 

Any IE-makeover won't make your setup much more secure then browsing with the original one .. the vulnerabilities stays the same (hence it has practicaly the same core) .. what I've seen a few times was that fixing one of those holes/vulnerabilities were faster fixed with Maxthon then IE itself .. you just gotta love it

 

... hmmmm .. so you're a signature reader ...


It just so happens that I had a signature like that disappear from around here last Thursday at 7:13pm. So, where were you last Thursday evening around 7:13 pm?

That was a good one Infinity! Unfortunatly, as is always the case with computers I am confused. I copied and pasted your signature for my signature collection (hey, everyone needs a hobby, right?) but when I pasted it said:

... hmmmm .. so you're a signature reader ...
Reply With Quote

Reply with Quote What's that all about? Well, here goes:

"Four score and seven years ago today...."


I sort of respectfully have to disagree that the host file is unimportant. It has multiple functions and, in the spirit of what you were saying it does help prevent installations. Also it can be set such that you could use shortened site names or even mispelling protection. Besides, it is satisfying to blacklist annoying sites.


-HandsOff

 

I kinda sorta agree. But, A hosts file may be the difference between never getting malware (reachig a site), and trusting possibly inadequate av's and certainly completely inadequate "anti-spyware" softwares from stopping a nasty.

 

I think and it is my belief that having something like ProtoWall with bluetacks blocklistmanager is a little more constroctive, meaning that it is driverbased (network protection at system/driver level)

regarding having a host .. the updates are so fast and everyday those malwaresites changes .. I used to work with SpyBlocker Pro 's host (for two years, moderating their forum too) and keeping up with updating the host kept me busy for a looooooong time, and when it was finished, you'll have to start right from the beginning

preferable atm: Protowall and their converter.

best wishes.