HOSTS files

Discussion in 'privacy problems' started by toploader, Sep 14, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi - i did a search on my machine expecting to find one HOSTS file and instead found several.... (nothing is ever simple in windows)

    HOSTS c:\Documents and Settings\Bill Bailey\Application Data\WinPatrol

    HOSTS c:\Windows\I386
    LMHOSTS.SA_ c:\Windows\I386

    hosts c:\Windows\system32\drivers.... (note displayed as hosts instead of HOSTS?)
    lmhosts.sam c:\Windows\system32\drivers....

    does anyone know why i have so many and which one is the one i should be updating?
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
    Win 98\ME
    = C:\WINDOWS

    Hope that helps :)
     
  3. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    maybe I can shed a lil light on this as host files is a subject I'm quire familiar with

    ok first lmhosts.sam c:\Windows\system32\drivers....

    .sam isn't a host file really its a sample file and can be binned

    next I googled LMHOSTS.SA_ c:\Windows\I386

    and that's appears to be a Win 2000 Server Setup File so you can ignore that one

    ok so that leaves

    HOSTS c:\Documents and Settings\Bill Bailey\Application Data\WinPatrol
    HOSTS c:\Windows\I386
    hosts c:\Windows\system32\drivers....

    what you need to do here is to check to the contents of these 3 files by opening them in a text edditor should look something like this

    127.0.0.1 localhost
    127.0.0.1 pop3.norton.antivirus
    127.0.0.1 pop3.spa.norton.antivirus

    once you have checked the contents of the 3 files are satisfied that there legitimate host file and not ones placed there by malware you need to get a tool like this one http://www.aldostools.com/hosts.html

    and merge the 3 host file in to 1 file

    once done save the new file to one of the following locations depending on the system you are running

    Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
    Win 98\ME = C:\WINDOWS

    then it should be ok to delete the other 3 host files however that being said if you aren't sure whether there ok to bin zip them up in a zip file for safe keeping and then place them to one side

    now you should only have 1 host file and you can just modify and update that one

    also if you like I can pm you a download link for a host file that is somewhere in the region of 30,000 entries in size this is a host file I have made up from other host files that are publicly available at places like

    http://accs-net.com/hosts/get_hosts.html

    or

    http://www.mvps.org/winhelp2002/hosts.htm

    hope this helps
     
  4. tlu

    tlu Guest

    One additional hint: I use the hosts file from www.mvps.org but experienced a lot of time-out error messages under WinXP. These time-outs vanished after I replaced all 127.0.0.1 entries with 0.0.0.0 (with the exception of localhost, of course!). Worth a try if somebody experiences the same problem.
     
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi Bethrezen - thanks very much for taking the time to reply - i had a look at the three hosts files and they are all empty and have the same sample file....

    ********************************************************
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ********************************************************

    i have winpatrol installed and i know that guards the hosts file i wonder which one it thinks it's guarding? - i will try a few tests to try and determine which one it responds to.

    as you say it should be the one located in windows\system32.

    i think you have given me enough information now to hopefully resolve this - if i need your link i will get in touch.

    thanks again - i appreciate your help. :)
     
  6. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for the additional info - tlu :)
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  8. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for the link Erik :)
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If you are really interested in Hosts Files and want to build your own hosts file, manually or automatically, download this software :
    HostsMan v2.1
    http://hostsman.abelhadigital.com/
    Especially designed for less-knowledgeable users : very simple and very practical. You won't regret it.
     
  10. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks again Erik
     

    Attached Files:

    • thumb.gif
      thumb.gif
      File size:
      178 bytes
      Views:
      1,638
  11. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    cheers Capp :)
     
  12. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    ok i figured it out - the one with the winpatrol suffix is a backup copy taken by winpatrol used to compare for changes and restore the main hosts file if it is changed.
     
    Last edited: Sep 15, 2005
  13. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    glad i could be of asstance

    if all 3 host files are just copys of the ms sample file then ya can get rid of them as there not requierd

    also as a side note you may wanna have a look at this

    http://spyblocker-software.com/IPB/index.php?showtopic=2023

    its a guide i produced from meany sources of infomation from around the web and with the help of meany here at wilders to help prople clean and secure there computers if you scrole down you will find a section on host files that may be of some intrest to you however before using a host file you should be aware of this bug in Windows 2000/XP Pro

     
  14. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks Betrezen - i will need to keep the winpatrol one as winpatrol needs it to monitor the main hosts file. thanks again for all the interesting reading.
     
  15. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Toploader,
    Thanks for the link, a very good one.

    Besides that, I always heard that the Windows Hosts File, wasn't created to protect users against visiting infected websites.
    This host file had another purpose, but I don't know the technical reasons for this.
    It's no secret that very large hosts files can cause problems. They only problem I know is MSAS, which has a very long scan time, when the hosts file is too large.

    I only wonder why M$ didn't develop a special database without limitations (other than Hosts file) after all these years, to protect users against infected websites.
    IE-SPYAD is only for MSIE and I want one that is usefull for any kind of browser and any kind of application without any problems.
    I would never use a .txt-file as a database of malicious websites, because databases are alot better than .txt files and Windows Hosts File is just a .txt-file without the extension "txt".
     
  17. StevieO

    StevieO Guest

    Hi Erik,

    The link you posted earlier to Castlecops with the below info etc will be very useful to those that don't know how to resolve it.

    OnlineArmor also has an issue with a large HOSTS file, but they are working on it as usual !

    . . .

    In most cases a large HOSTS file tends to slow down the machine. However, this only happens in Windows 2000 and XP. Windows 98/se and ME are not affected.

    To resolve this issue open the "Services Editor"
    Start > Run (type) "services.msc" (no quotes)
    Scroll down to "DNS Client", Right-click and select: Properties
    Click the drop-down arrow for "Startup type"
    Select: Manual, click Apply/Ok and restart.


    StevieO
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks StevieO, but I know about this for quite some time and I stored all that info even on CD and I did all that and it didn't improve anything.
    When you want VERY FAST ACCESS to databases, you don't use txt-files,
    because databases, don't work with text-lines, they work with RECORDS.
    Cheers :)
     
  19. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi Erik - i found the last link in the Faq interesting (HOSTS File Myth)....

    Myth - "Special AntiSpyware Hosts Files are necessary to prevent Spyware infections."

    Reality - "Hosts Files are False Security. Any Malware/Spyware can easily modify the Hosts File at will, even if it is set to Read-only. Frequently Malware/Spyware uses the Hosts File to redirect you Web Browser to other sites. CoolWebSearch hijackers are masters at altering Read-only ("locked down") Hosts files. They can also redirect Windows to use a Hosts File that has nothing to do with the one you keep updating. The Hosts file is an archaic part of networking setups that was originally meant to be used on a LAN and was the legacy way to look up Domain Names on the ARPANET - DNS History. It tells a PC the fixed numeric address of the internal server(s) so the PC doesn't have to go looking for them through all possible addresses. It can save time when "discovering" a LAN. I don't consider 1970's ARPANET technology useful against modern Malware/Spyware.

    Special AntiSpyware Hosts Files attempt to associate a known safe, numeric address with the names of sites you want to block. When the user or any process on the PC then tries to access a blocked site, it is instead directed to the safe location. This works as long as the site's numeric IP address never changes. But IP addresses do change and they're supposed to be able to. The Web operates via "dynamic" naming, where a human friendly name (www.google.com) is actually an alias for the real address, which is numeric. The numeric address can and will change from time to time as a site or server is moved or reconfigured. People with out-of-date addresses hardwired into their Hosts File will no longer be able to connect to any site whose numeric address has changed. The Hosts entry will permanently point them to a dead location! It's almost impossible to update a Hosts file frequently enough to guard against all threats and even if you did, you'd probably also run into problems in accidentally blocking good sites that happened to move to new numeric addresses.

    Large Hosts Files also cause Internet related slowdowns due to DNS Client Server Caching and disabling DNS Client Server Caching is not a solution. KB318803 "The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated." When cleaning Malware/Spyware from a PC, it is much easier to check a clean Hosts File then one filled with thousands of lines of addresses. Considering how easily a Hosts File can be exploited, redirected and potentially block good sites, it is strongly recommended NOT to waste time using Special Hosts Files. Especially when proper Malware/Spyware protection can be achieved by simply using these steps, all without ever using a Hosts File."
     
  20. Carver

    Carver Guest

    Thats what I use now with this host file http://www.mvps.org/winhelp2002/hosts.zip, I like it very much. I used to use http://www.bluetack.co.uk/forums/index.php?showtopic=8406. But certain addresses are contaminated with spyware, I used spybot S&D after install and I found 12 address that were contaminated. After I deleted them I ran another scan and I was clean, but I had to do this after I updated Host files. I got tiried of this so I switched. I suspect that bluetacks Host file had a lot of out dated addresses and that made it humungus. But I still discontinued DNS Client regardless of which Host file I used.
     
  21. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    note - Winpatrol will detect and alert to changes to the HOSTS file because it compares it with it's own backup copy.
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
     
  23. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi Erik -yes i'm using HOSTS for the same reason - it's better than nothing (i think) :D - i'm getting quite a few connection refused messages as i boldly surf where no TV sci-fi sitcom has been before - so something is happening.

    some say the universe is without limit some are even brave enough to suggest the internet is without limit (which suggests that one day an infinitely large HOSTS file with an infinitely large database will actually exceed the size of the internet.
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    When I'm surfing with Firefox, I often meet websites that are blacklisted in the Hosts file, so it really helps.

    As long they collect the stuff of the bad guys, all definition-based databases and hosts files will become larger and larger, until it isn't practical anymore to use them and the bad guys won't stop creating new ones, because they know it.
    If the technical limits don't kill the definition-based databases, the users will kill them for sure, because they are not going to be happy with the total scan time and the slowing down of their computer, because it will affect their real job. :)
     
  25. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    yeah while it is true that the host file was intended for another purpose altogether

    id say the host file does still have its place mabe not as a safe guard against malware infection but it does make a adiquite basic adblocker which helps speed up surfing because your browser only loads the desierd contents because the bandwidth sucking ads are never conected to by your browser becae it thinks the adservesr are on your computer when there not

    so while the host file may not be effective at stoping malware infection because malware can play with the host file they work fine for adblocking which is what most of the host files you can download are intended for

    and to thoughs that say a host file is fales security i say this would you use adshield for IE or adblock for FF to safe guard you against malware infections on of course not and host file should not be used in this way either host files are ment for ADBLOCKING not malware protection

    so when thay say host files are false security thay must be clear that thay are fasle security if you are using them to protect against malware infection not when using them for adblocking

    i guess at the end of the day yeah host files have there limitations but there limitationd are no difrent than the limitations of any adblocker out there

    thay all requier that you the user maintain a database of bad links in one for or another and one way or another this database is going to be massive because badlinks are as wide spread as the net is vast
     
    Last edited: Mar 16, 2006
Loading...
Thread Status:
Not open for further replies.