Hosts file a waste of time?

Discussion in 'other anti-malware software' started by SpikeyB, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I've read quite a bit about the hosts file here at Wilders. Then I came across the following, taken from this website: http://mywebpages.comcast.net/SupportCD/XPMyths.html

    I wondered if I should just get rid of my hosts file. Anyone know?

     
  2. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    interesting!
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The idea of using a host files is to prevent connections to known spyware/adware/advertising websites. It will be very effective in blocking advertising and adware (since these domains rarely change) but will require updates for spyware (since new domains are added). While it is true that malware can edit the hosts file, it needs to get onto your machine first.

    For the majority of users, a hosts file provides an extra layer of protection against well-known ad/spyware and does help filter out advertising. It cannot provide 100% protection so does need to be supplemented with other security measures (filtering web traffic, running a firewall+anti-virus, etc).

    The only situation where a hosts file genuinely has no effect is if you use anonymising proxies all the time (like JAP or Tor) - in this case domain lookups are done by a proxy using its own hosts file, not yours.

    While that page makes many valid points, it is not 100% correct.
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Thanks for that Paranoid2000
     
  5. Actaully factually it's 100% correct even paranoid2k would agree . But Notice that the myth that is being busted is this

    Special AntiSpyware Hosts Files are *necessary* to prevent Spyware infections.

    I would agree that they are not necessary if you have other safeguards. Though I think it's unduly harsh to say that "host files are false security" though since they do afford some protection if your system is highly unsecure.

    The rest is 100% correct in terms of the facts.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's not the first time that this has been mentioned at Wilders.

    Keep in mind that total newbies and less-knowledgeable users (the majority of users) need EASY security solutions, which means :
    1. An application-based Firewall or a rule-based Firewall with pre-defined rules, read for use after installation.
    2. AV/AS/AT/AK scanners, which are easy to use. You don't need to be expert to click on scan-buttons and remove-buttons, if you put the false positives aside for a moment.
    3. Sandbox softwares are also userfriendly, but lesser in use than the traditional softwares.
    4. IE-SPYAD is also an userfriendly and preventive solution, but only for MSIE.
    5. HOSTS Files in combination with Hostsman is another userfriendly and preventive solution and works for all browsers.
    And there is nothing else for this type of users to protect their computers.
    ProActive softwares are only developped for knowledgeable users, who know exactly what they are doing.

    I love the word "archaic" and the fact, that the HOSTS File is misused for storing infected websites, because that wasn't the original purpose of the HOSTS File. No wonder there are problems with HOSTS Files.

    Why is that ARCHAIC PART not replaced with something BETTER by Microsoft after so many years ?
    Why didn't Microsoft give the user a better and safer solution to store infected websites for general use ?
    Don't tell me that lack of money was the reason or that Microsoft is unaware of the problems with HOSTS File. If the users know these problems, Microsoft knows them too. I wouldn't be surprised that "Windows Vista" has still that archaic part.

    I also agree that HOSTS File are very vulnerable. What else can you expect from a simple .txt-file, but there is nothing else and it remains a simple preventive security tool for less-knowledgeable users in spite of its vulnerability.
    It's up to Microsoft to give the users better tools and spend their money on improving their OWN softwares in stead of buying ideas of other companies.
    What is a software company worth, when it has only money without a creative brain ? NOTHING. I call such a company a bank.

    Until then I keep on recommending MVPS Hosts File and Hostsman and as far as I know MSAS Realtime warns the users when the Hosts File is changed and if my memory is good some other softwares do the same thing.
    If that doesn't work you can REPLACE the contents of the HOSTS File very easily and fast with Hostsman on a regular base and I never saw a 100% security software upto now. :)
     
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,091
    Hi ErikAlbert,

    I would not expect better security from Microsoft, although they realize its importance with all of the holes in their OS and software. Give them time, but especially one should not desire a result in this area arrived at by a single entity (company), since the Internet is really about collaboration and does not translate well to dictated solutions from any one source.

    Even the verity of DNS depends on the security of the root name servers and network connections that resolve non-local names/addresses - not a MS responsibility nor should it be, so everyone has to work within the existing framework architecture of the Internet until it changes to something else, hopefully in a collaborative sense.

    I do not agree with your statement "that the HOSTS File is misused for storing infected websites, because that wasn't the original purpose of the HOSTS File. No wonder there are problems with HOSTS Files." Rather, I think the use has merely adapted beyond its original intention, which is a good thing!

    Survival of the fittest rules in both the animal and the open software worlds and adaptation plays an important part. While Microsoft in no way can be considered open software, it is just the 800 lb gorilla, lots of $ resources but little inclined to provide simple elegant software solutions that would be counter revenue enhancing - so, they buy up the competition. When new predators change the landscape of competition for local resources, once shared resources tend to be depleted, and survival depends no longer on the shared resouces, but the ability to adapt in order to compete for the remaining resources. Viva le competition!

    Let's see how rapidly MS adapts to quantum and nano-computing down the road. Bigger isn't always better - in fact, as I recall, the bigger they are, the harder they fall!

    -- Tom
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    No longer! Gorillas have been observed using tools properly! :D
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I don't agree and that page is not 100% correct. Here's why:
    While deleting prefetch files (WinXP only) will reduce performance on the next reboot, it is sometimes necessary to recover from situations like a failed install where the prefetch files may have incorrect data. Saying "never ANY reason" is therefore not justified.
    If using NTFS, this file can (and should) be protected by setting access to Read-Only for all non-Administrator users and using a non-Admin account for normal PC use. This will prevent most malware (i.e. any that don't exploit an escalation of privilege vulnerability to gain Admin access themselves) from altering this file.
    Anyone who has spent time on this and other security forums will know how ridiculous this statement is. Windows security is hard because Windows is designed for convenience, not security. Numerous steps have to be taken to secure Windows to tackle all possible attack vectors (malware executables, malware scripts, filtering webpages and HTML email, disabling Windows Services). XP SP2 is just a first step by Microsoft in taking corrective action (and suggests that they consider vulnerabilities a marketing tool since it, and future fixes, will only be offered for the latest versions of Windows). Malware ("anti-x") scanners can do a competent job with known malware - but we are seeing an exponential increase in this meaning that they won't be able to keep up at some point.
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,091
    Hi Paranoid2000,

    I would assert that this is just an example of adaptation, not just to use a tool, but to discover how to use it properly, and teach others of its kind to adopt the use of the tools - to gain an advantage in the grand scheme of things.

    And chimps can use tools too! A gang of male chimps was recorded ganging up on a male member of another troop, chased him to a tree unable to support the weight of 4 of them, the lone chimp fell to the ground, and well it wasn't pretty - but, it did cause the observer filming the episode to conclude that it was a grusome example of strengthening male bonding for political reasons.

    Since chimps can get to be about 4-500 lbs. it makes you wonder if a gang of them would take on a silverback at 800 lbs, probably not without provocation based on territory and not without some loss.

    Metaphorical about humanity as a primate - isn't it. Like I said previously, survival of the fittest, predator and prey - adapt or die (become obsolete)! I would just as soon leave politics out of it, but that's the nature of the beast we are - if you can't beat 'em, buy them out (its what we value more).

    -- Tom
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Hmmm...from hosts files to chimpanzee politics. Man has this thread gone OT. :D
     
  12. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Maybe not. Perhaps chimps have figured out a better way to use Hosts files than we have!
    I mean I have never seen a chimp infected with spyware, have you? :D
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I admit my personal security I.Q. isn't higher than a chimps I.Q., but I have a good excuse : I'm an "User of a lesser God".
     
  14. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    Interesting...I noticed hpHOSTS file blocked a couple of ads at Information Week where Freddy's article is at. :D
     
  15. Paranoid2000, you are nitpicking and you know it. No problems I love nitpicking too.

    Take this.

    Sounds logical and probably true, but I have never come across this. Okay he's probably a bit too extreme,

    Another small nitpick.

    True of course, but I suppose he is talking about the typical user who runs as admins. Even among the small specialised group at wilders (who i suppose will be the ones running host files to block ads), how many % do you think run as non-admin? For such a group, their hosts files can be altered even set as "read only".

    Besides if someone run as a Limited user account, quite a few problems would be solved, and the additional protection given by the host file might become even smalle.r.

    I think this is subjective point, and not everyone agrees on how many steps needs to be taken (you can always think of one more step), how difficult it is etc.

    All in all as i said the article is not factually wrong (leaving aside nitpicks which you can do for any statement even one of yours paranoid),

    I know you don't like the opinion that hosts files are not necessary but that's a different matter. I do surf a lot without host files (sometimes i turn it off and forget to turn it back on for days), and I'm still fine,
    so I do agree, it's not necessary at least for me.
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    My impression from that article was that it was referring to the "read-only" flag in file properties, rather than NTFS permissions. The properties read-only flag does indeed offer no real security since any process can clear it.
    That "one more step" in my mind shows that security is a non-trivial issue.
    As I said above, it makes good points but is not 100% accurate.
    I wouldn't say they are necessary either but they are useful in the majority of cases.

    While it's good to get away from the intricacies of Chimpanzee politics, this is now coming down to issues of personal preference so unless someone has a material issue to add, I'll go do my nitpicking elsewhere. ;)
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    paranoid2000, earlier u said that if using an anonimizing proxy then using a special HOSTS file will have no effect. i assume this doesnt apply to proxomitron as its a local proxy? and id have to stop using the HOSTS to use an anonimizer and vice versa?
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    No it does not apply to local proxies like Proxomitron and no, it is not necessary to stop using a Hosts file with anonymising proxies - it just may not have any effect with them.
     
Loading...
Thread Status:
Not open for further replies.