Host File vs a Blacklist?

Discussion in 'other anti-malware software' started by dja2k, Mar 28, 2007.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    What do you think is more comprehensive to use to block bad sites?

    dja2k
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Blacklists.
    Domains (of crap sites) change very quickly.
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Okay I know most around here use an MVPS host file. If I drop using that host file, which blacklists would equal or are better than the host file blocked entries? I have used some blacklists from B.I.S.S. but I never know which ones to use individually or combined. I know that the level 1 blacklist is for p2p though.

    dja2k
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Level 1, ads and spyware are enough, IMHO. Others also block .gov sites, .edu sites
     
  5. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Thanks, I figured those were enough because the others block too much regular web surfing stuff.

    dja2k
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Are you using the blacklist manager built into OA FW or PeerGuardian?
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I use the B.I.S.S. blacklist manager and do my own and then import them to Online Armor. I have dropped using PeerGuardian.

    dja2k
     
  8. glentrino2duo

    glentrino2duo Registered Member

    Joined:
    May 8, 2006
    Posts:
    310
    is there any harm in combining both techniques? host and blacklist?
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I don´t think so, but there is no gain either.
     
  10. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    The thing about using both is if there is some website that you do want to go in but being block lets say by the host file entry and\or the blacklist entry, then you would have to eliminate both (disable) to be about to run that site. Like anything else, host files and blacklists can have false positives, what might be moderately unsafe for the user can be highly unsafe for the makers of such files.

    dja2k
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Hosts is also a blacklist, so I don't understand the title of this thread.
    The only advantage of hosts is its PREVENTING nature.
    If you can't visit a bad website anymore, you won't get its infections either, unless you like to get infections and remove them afterwards with a scanner, but that is already TOO LATE, if the malware was able to do its evil job.
    So it helps for what it's worth and it has the same disadvantages of any blacklist : INCOMPLETE and FALSE/POSITIVES.
     
    Last edited: Apr 2, 2007
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    HOSTS file does NOT primarily seek to block "bad websites." Further, HOSTS file is a list of unique domain names (not signatures, behavior patterns, or heuristics). Hence HOSTS file cannot produce False Positives by false match.

    HOSTS file mainly (not solely) seeks to block advertisements & add-ons -- such as click counters, pop-ups, trackers, banners, etc. -- each of which is used by a broad spectrum of MANY internet websites.

    Each of those blocked add-ons is used by LOTS & LOTS of websites. Many of those websites are otherwise *clean as a whistle* -- BUT, in addition to their useful content, they have advertising schtuff that loads, too. For example, CNN's website has that sort of thing. HOSTS file blocks the ads on CNN (leaving blank spaces where the ads would otherwise appear) while still allowing CNN's news articles to be viewed.

    In fact, the blocking done by HOSTS causes many websites to load faster because the add-ons usually load their banners, pop-ups, click counters, tracker cookies, etc., from websites other than the one you are visiting.

    The notion that HOSTS file is primarily a blacklist of dangerous websites is a misconception. A good way to get a better feel for this is to download & view an actual HOSTS file -- such as the one from MVPS, which is over YONDER.

    Whitelisting applications/processes is practical. Developing a widely-useful whitelist of websites is probably NOT practical at this stage of the game. IMO - the internet is too huge, & human tastes are too varied, to be satisfied by a "one size fits all" whitelist of websites. {But then, it wasn't all that long ago when I was firmly convinced that 64K was a lot of RAM & 233MHz was a really fast cpu so... who bludy knows, eh?:p }
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If a good website is mentioned in the HOSTS file, you can't access it, I consider this as a false/positive.
    I've seen posts at Wilders, where good websites were blocked by the BLUETACK HOSTS file, which is a big HOSTS file, that's why most people probably use the MVPS HOSTS file.

    If a bad website isn't mentioned in the HOSTS file, you can visit it and get infected and then you have to depend on the rest of your security softwares.
    That's typical for blacklists, if it isn't listed, the blacklist won't be of any help.

    Of course the HOSTS file was never intended to be used for blocking bad websites and IE-SPYAD is only good for MSIE.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Please note: I said that HOSTS doesn't produce FPs by false match. Antiviruses do. Anti-spywares do. HOSTS files do not.

    It is fallacious to compare HOSTS file to anti-spy/anti-virus etc. By far the majority of entries in MVPS HOSTS file are NOT "bad/infectious websites" -- in fact, the vast majority of HOSTS entries are not "websites-of-content" at all.

    As I reported earlier, the majority of entries in HOSTS file pertain to outfits that produce add-on's for use by mostly legitimate websites -- ads, pop-ups, banners, counters, etc.

    I suggest you download & view a sample HOSTS file. When you view it, please notice that almost all of the entries carry descriptive domain names including words such as adbanner, adservers, amazingcounters, bighits, blogadswap, clickbank, easyhits, freestats, hitslog, and so forth.

    The only reason I am pursuing this discussion is because HOSTS file is a valuable tool. You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, etc. IMO, HOSTS should not be relegated to the status of "bad ol' blacklist" without at least doing a bit more research.

    For example, the HOSTS file that I am using blocks the ubiquitous "ad . doubleclick . net". HOSTS blocks all files supplied by doubleclick's server to whatever web page you are viewing. Moreover, HOSTS also prevents that server from tracking your movements. Why? ... because in certain cases "Ad Servers" will try to open a separate connection on the webpage you are viewing.

    In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".
     
Loading...
Thread Status:
Not open for further replies.