Host File vs a Blacklist?

What do you think is more comprehensive to use to block bad sites?

dja2k

 

Blacklists.
Domains (of crap sites) change very quickly.

 

Okay I know most around here use an MVPS host file. If I drop using that host file, which blacklists would equal or are better than the host file blocked entries? I have used some blacklists from B.I.S.S. but I never know which ones to use individually or combined. I know that the level 1 blacklist is for p2p though.

dja2k

 

Level 1, ads and spyware are enough, IMHO. Others also block .gov sites, .edu sites

 

Thanks, I figured those were enough because the others block too much regular web surfing stuff.

dja2k

 

Are you using the blacklist manager built into OA FW or PeerGuardian?

 

I use the B.I.S.S. blacklist manager and do my own and then import them to Online Armor. I have dropped using PeerGuardian.

dja2k

 

is there any harm in combining both techniques? host and blacklist?

 

I don´t think so, but there is no gain either.

 

The thing about using both is if there is some website that you do want to go in but being block lets say by the host file entry and\or the blacklist entry, then you would have to eliminate both (disable) to be about to run that site. Like anything else, host files and blacklists can have false positives, what might be moderately unsafe for the user can be highly unsafe for the makers of such files.

dja2k

 

Hosts is also a blacklist, so I don't understand the title of this thread.
The only advantage of hosts is its PREVENTING nature.
If you can't visit a bad website anymore, you won't get its infections either, unless you like to get infections and remove them afterwards with a scanner, but that is already TOO LATE, if the malware was able to do its evil job.
So it helps for what it's worth and it has the same disadvantages of any blacklist : INCOMPLETE and FALSE/POSITIVES.

 

HOSTS file does NOT primarily seek to block "bad websites." Further, HOSTS file is a list of unique domain names (not signatures, behavior patterns, or heuristics). Hence HOSTS file cannot produce False Positives by false match.

HOSTS file mainly (not solely) seeks to block advertisements & add-ons -- such as click counters, pop-ups, trackers, banners, etc. -- each of which is used by a broad spectrum of MANY internet websites.

Each of those blocked add-ons is used by LOTS & LOTS of websites. Many of those websites are otherwise *clean as a whistle* -- BUT, in addition to their useful content, they have advertising schtuff that loads, too. For example, CNN's website has that sort of thing. HOSTS file blocks the ads on CNN (leaving blank spaces where the ads would otherwise appear) while still allowing CNN's news articles to be viewed.

In fact, the blocking done by HOSTS causes many websites to load faster because the add-ons usually load their banners, pop-ups, click counters, tracker cookies, etc., from websites other than the one you are visiting.

The notion that HOSTS file is primarily a blacklist of dangerous websites is a misconception. A good way to get a better feel for this is to download & view an actual HOSTS file -- such as the one from MVPS, which is over YONDER.

Whitelisting applications/processes is practical. Developing a widely-useful whitelist of websites is probably NOT practical at this stage of the game. IMO - the internet is too huge, & human tastes are too varied, to be satisfied by a "one size fits all" whitelist of websites. {But then, it wasn't all that long ago when I was firmly convinced that 64K was a lot of RAM & 233MHz was a really fast cpu so... who bludy knows, eh? }

 

If a good website is mentioned in the HOSTS file, you can't access it, I consider this as a false/positive.
I've seen posts at Wilders, where good websites were blocked by the BLUETACK HOSTS file, which is a big HOSTS file, that's why most people probably use the MVPS HOSTS file.

If a bad website isn't mentioned in the HOSTS file, you can visit it and get infected and then you have to depend on the rest of your security softwares.
That's typical for blacklists, if it isn't listed, the blacklist won't be of any help.

Of course the HOSTS file was never intended to be used for blocking bad websites and IE-SPYAD is only good for MSIE.

 

Please note: I said that HOSTS doesn't produce FPs by false match. Antiviruses do. Anti-spywares do. HOSTS files do not.

It is fallacious to compare HOSTS file to anti-spy/anti-virus etc. By far the majority of entries in MVPS HOSTS file are NOT "bad/infectious websites" -- in fact, the vast majority of HOSTS entries are not "websites-of-content" at all.

As I reported earlier, the majority of entries in HOSTS file pertain to outfits that produce add-on's for use by mostly legitimate websites -- ads, pop-ups, banners, counters, etc.

I suggest you download & view a sample HOSTS file. When you view it, please notice that almost all of the entries carry descriptive domain names including words such as adbanner, adservers, amazingcounters, bighits, blogadswap, clickbank, easyhits, freestats, hitslog, and so forth.

The only reason I am pursuing this discussion is because HOSTS file is a valuable tool. You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, etc. IMO, HOSTS should not be relegated to the status of "bad ol' blacklist" without at least doing a bit more research.

For example, the HOSTS file that I am using blocks the ubiquitous "ad . doubleclick . net". HOSTS blocks all files supplied by doubleclick's server to whatever web page you are viewing. Moreover, HOSTS also prevents that server from tracking your movements. Why? ... because in certain cases "Ad Servers" will try to open a separate connection on the webpage you are viewing.

In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".