Best HOSTS file??

Discussion in 'other anti-malware software' started by SamSpade, Oct 21, 2007.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    I got wind of MVP Hosts file a few months ago. It loaded about 600k of pre-confirmed sites that are not good, so I used it for a couple of months.

    Then, I got the latest version of Spybot S&D and loaded its hosts file, which was about 130k bigger than the MVP Hosts. I didn't bother to examine either in great detail; I figure there has got to be quite a bit of overlap, but the Spybot file is more comprehensive.

    But this leads to the question: which hosts file is the "best" at stopping the most nasties. Of course, this has an element of subjectivity to it, as one man's poison may not seem so to another, but let's say I want to take the "conservative" approach and block all sites which are known to drop/unload nasties, as well as sites that tend to pump stuff that is generally not healthy for computers; what are the options?? Is the Spybot hosts file the best? Or the MVP file; and why?

    Thank you.

    Sam

    |||
     
  2. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    MVPS Hosts File is the best around. MVPS + Sypware Blaster Immunization is all you need. You can add OpenDNS to block extra stuff.

    dja2k
     
  3. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks, dja2k. Why is MVPS Hosts better than Spybot's?? Spybot's is -- if nothing else -- bigger! Have you examined both in any detail??

    Sam


    |||
     
  4. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Bigger isn't always better. There can be too many sites that are blocked, some legit some not.

    dja2k
     
  5. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thank you. Have you done any in-depth analysis of either of these hosts files?
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    To answer your question: nobody knows, and it's not important.

    HOSTS file blocking is an obsolete idea. Given the extremely transient nature of the internet, and its near-unestimatable size, it's absolutely pointless to rely on a static list of blacklisted sites to protect you. Best go with solutions that can detect malicious exploits no matter which site they're hiding on, such as LinkScanner or ThreatFire, or a sandbox, or a classic HIPS if you feel up to it. You get the idea.
     
  7. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415


    I see your point, yet if a certain known site were to suddenly come up with a new exploit -- something for which there are no signatures and which somehow evades the bahavior models -- having said site already blocked by a hosts file could be a day-saver, no?


    ||
     
  8. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I agree absolutely. Tried to point that out at one forum, instead it was claimed I don't understand how a host file works at all by one of their high and mighty staff... :-*
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The problem is if a certain known (good) site were to suddenly come up with a new exploit (turn bad), the chances of your HOSTS file blocking it are virtually zero.
     
  10. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    You can hold the same statement against SpywareBlaster's inmunizations...

    This is why most of us go for a layered approach... IMHO a HOSTS file can't do any harm, and can do some good...
     
  11. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Some of you are forgetting that custom hosts files are also for blocking ads, not just malware sites.
     
  12. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    ~Quote removed. Thread has been edited. - Ron~


    that's my only question- resources...if there is little to no resource hit, i think ill use it...
     
    Last edited by a moderator: Oct 23, 2007
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Couldn't agree more.
     
  14. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I think that a HOSTS file is a good idea for a machine that has multiple users. Users or children that might not be as cautious while surfing as some of us here at Wilders.

    I use it myself because it's not hurting anything and I don't notice any impact on resources. MVPS has a text version you can look at online to see the sort of things it blocks. I didn't link directly to the text file, it's down by the folder on that page.

    A question for all the experts. Would you install a Hosts file and immunizations on a parents, grandparents or a childs/teens machine?
     
  15. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Yes, this is mainly my point. What possible harm is there to a hosts file blocker??



    |||
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,734
    Location:
    Texas
    Several off topic posts removed. Stay on topic please. The topic is: Best HOSTS file??
     
  17. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I used to, but I no longer do.

    Why?

    1. Lack of transparency - Most users can't tell when a hosts file has blocked a domain from loading, leading to a lot of pointless "support calls".

    2. Performance hit - less important for modern machines but some people are running on really old machines or have other resource hungry software.

    3. As already pointed out hosts file are largely provide little marginal benefit, when you have already locked down the browser IE for them and up to date patches. Sure you might argue that a locked down browser might still be vulnerable to zero day exploits, but the chances of a hosts file stopping this is low because

    a) Most hosts file "maintainers" update infrequently (not to mention poor quality of some well known ones), certainly not quick enough to cover the time between an exploit is discovered in the wild, and a patch is issued (the fastest seems to be a month or so). If you take into account the AV vendors response time, the window in which you expect the hosts file to protect you from this is even smaller.

    b) Even if the hosts file maintaner do manage to update the hosts file in time to make a difference for the primary site, this doesn't help much because once an exploit in the wild, everyone and their friends will use it, and it will popup all over the web. Site blocking becomes pointless because you have to identify and block *each* and *every* site that uses the exploit.... compare to say antivirus signatures that can detect the actual exploit or at least will semi-reliably stop the payload no matter what site it is on.

    I *do* say the same thing about spywareblaster's immunizations but at least these (and i refer to the active killbit here) actually allows you to disable all instances of a known flawed activex control (like the recent realplayer problem), without having to blacklist each and every site that might use it (a futile task obviously)

    This "layers argument" is pretty much the answer to everything here isn't it? seems to be used to to justify pretty much everything, and anything. :)

    But this time the argument is even worse than usual.

    If you want to argue layers, you need to show that each additional layer, at least provides reasonable marginal benefit over other layers. You certainly don't add layers because mainly you think it might "do no harm"...

    Do doctors prescribe medicines mainly because they think it will do no harm, and on the small off chance it might help?
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Once, I wanted to buy Faronics Anti-Executable, but the link to Faronics on-line shop didn't work and the reason was that Faronics on-line shop was blocked by my HOSTS file. It must have been one of the host files provided by Hostsman, but I don't know which one.
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these unwanted contents.

    Few web sites host their own banner ads. Typically they sign up with ad servers that deliver content and track views and clicks. Thus you can block most web site ads by blocking a fairly limited number of ad servers.

    In my own case, I prefer to use the *null* of 0.0.0.0 for diverting, rather than 127.0.0.1. It just seems faster to me. This generally works fine for IE & Mozilla-based browsers, but NOT well for Opera browsers.

    The use of HOSTS entails pretty much the full range of advantages/disadvantages that are inherent to any & all *blacklist-based* security concepts.

    Speaking generically -- One way to compensate for the disavantages of blacklists is to use HIPS-type security apps that are based on detecting & blocking behavioral factors that are typical to malware. Examples of HIPS include but are not limited to SSM, ProSec, ThreatFire, Safe'n'Secure, etc. But those apps place responsibility on users that some users do not want to assume.

    BOTTOM LINE- (1) OTHER people (not the user) assume responsibility for maintaining blacklists whereas (2) users THEMSELVES must bear the ultimate responsibility for deciding if a given behavioral alert manifests probable malware or is, instead, an FP.

    Some folks hold the view that pretty much ALL blacklists, such as HOSTS, are passé. Those folks tend to espouse the HIPS & VM apps instead. Others hold that HIPS apps are too complicated, and they want the set-it-forget-it convenience of blacklist apps. Some apps (such as Prevx & OnlineArmor) try to strike a happy medium -- & do so rather well I think.

    In my case, I use just 2 real-time blacklists - one is a good full-spectrum antivirus, & the other is the HOSTS file. Plus I use one HIPS real-time. The 2 blacklists I use are rigorously maintained up-to-date by others. Taking actions on HIPS alerts is my job. Trying to be *smart enough* for that job is a major reason why I hang out here at Wilders.

    Lately it seems that topics that ask people to recommend blacklist-type programs often get diverted into philosophical debates about blacklists VS behavioral VS virtual VS imaging VS etc. That is what has largely taken place in this thread, I think. I have even done so, myself, in this present discussion.

    I see no post in this thread whereby anyone has advocated use of HOSTS to the exclusion of other security apps. Neither do I see any post which advocates the indiscriminant layering of overlapping security apps. Implications to the contrary are unwarranted.

    If OP wants to use HOSTS, & asks for suggestions as to which outfits do a good job of maintaining them, I think that is a reasonable question which deserves direct & specific answers. Those wishing to go EXTENSIVELY into debates and philosophy should, I think, consider doing so in their own thread. Thus, they can link here to such a thread without hi-jacking the OP's original request.

    My answer/opinion concerning OP's question, once again, is MVPS.
     
  20. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    @ Lusher, You make a couple good points. For now, a hosts file doesn't slow me down and it does also have the added benefits that bellgamin talked about in the first 2 paragraphs of his last post. I also don't expect it to be a zero day protection tool because as you already mentioned, it's only updated about once a month. I do agree that it can lead to troubleshooting problems when a site doesn't work.

    @SamSpade, Sorry I got off-topic. I really can't answer your question to what is the best. All I can say is I see MVPS hosts file recommended at 3 different security forums that I visit. I use it myself because of the recommendations. Good luck with the one/s you choose.

    innerpeace
     
  21. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
  22. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    By the way, has this ever happened?? A "clean" site that turned bad?


    ||
     
  23. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    No problemo. Didn't think your comment was off-topic.

    Maybe you can answer another question: is it possible to combine hosts files? I would think so.


    |||
     
  24. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Earlier this year, the SuperBowl site was hijacked. Don't think any host files could have blocked that.
     
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yes, my friend Toadbee's "HostsXpert" software freebie will do merges of that sort. For information about that app and LOTS more good schtuff, goto YONDER.
     
Loading...
Thread Status:
Not open for further replies.