Protecting your HOSTS file

Discussion in 'privacy general' started by FanJ, Apr 2, 2004.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I guess it is time to start a thread with discussion about "How to protect your HOSTS file".

    First things first:


    What is the HOSTS file?

    See this site:
    http://www.accs-net.com/hosts/what_is_hosts.html

    Quotes:

    "The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

    If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block."

    - end quotes -

    If you like, you can read more about HOSTS at that site.


    Maintaining your HOSTS file

    Several sites publish frequently free updates for your HOSTS file.
    Those updates will add entries to your HOSTS file by which it will block malicious sites.
    Of course it is up to you whether you "install" them.

    Two examples where you can get those:

    1. Hpguru

    2.
    MVPS


    Maintaining your HOSTS file -2-

    A nice free tool by which you can maintain your HOSTS file, can you find here:
    Hostess


    Why is it important to protect your HOSTS file

    Some malware and some malicious sites will try to make changes to your HOSTS file.
    Lots of things can be said about this.
    An example:

    The IP address of the Wilders-forum ( www.wilderssecurity.com ) is (at this moment): 64.91.226.241
    If some malware would add an entry to your HOSTS file like this one for example:
    127.0.0.1 www.wilderssecurity.com
    then you would never be able to connect to this board, because the IP address 127.0.0.1 is your own computer.


    Several means for "protecting" your HOSTS file

    There are two different means for protecting your HOSTS file:

    1.
    Pro-active

    This one tries to guard against changes on your HOSTS file.

    2.
    Warning you after a change has been done


    Protecting Pro-active -1-

    For an example I would like to point to this site:
    http://mvps.org/winhelp2002/hosts.htm

    Quotes:

    Locking the HOSTS File

    There are many of these hijackers that add their own entries to your HOSTS file. This is commonly know as redirects. To add a level of protection you might want to consider making your HOSTS file "read only". You can download a small batch file to accomplish this:

    lockhost.bat [right-click - Select: Save Target As] unlockhost.bat (XP\2K)
    LockHostsME.bat [right-click - Select: Save Target As] UnlockHostME.bat (98\ME)
    To use: place the appropriate files in your Windows folder, create a shortcut to each.

    - end quote -


    Protecting Pro-active -2-

    SpywareBlaster from Javacool can also do it !

    See:
    - the SpywareBlaster site:
    http://www.javacoolsoftware.com/spywareblaster.html
    - the SpywareBlaster forum:
    https://www.wilderssecurity.com/index.php?board=34



    Warning you after a change has been done

    Lots of (free or not-free) programs can do this for you.
    I mention two:

    1.
    FileChecker from Javacool:
    http://www.javacoolsoftware.com/filechecker.html

    2.
    TDS-3 with its CRC32-test:
    https://www.wilderssecurity.com/showthread.php?t=13740


    Remark

    Well, I know that I didn't cover everything on this topic.
    But I hope that this will start a discussion.

    Regards, Jan.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Good idea FanJ,

    For Windows 2000 and XP users there is also the possibility to move your hosts file to an unexpected location as discussed in this thread:
    https://www.wilderssecurity.com/showthread.php?t=21116


    A lot of hijackers still use this way of redirecting, so this is certainly worth discussing.

    Regards,

    Pieter
     
    Last edited by a moderator: Apr 11, 2004
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    The hosts file reader is also very useful in these case to find or move the hosts file

    from http://members.shaw.ca/techcd/

    it is made by our friend Option^explicit who made Killbox which we use to help solve many problems
     
    Last edited by a moderator: Apr 11, 2004
  4. whoever

    whoever Registered Member

    Joined:
    Nov 19, 2003
    Posts:
    10
    Could Javacools File Checker be used to protect this file as well?
    Rick
     
  5. FanJ

    FanJ Guest


    Hi Rick,

    Sure it can ! :)
    If you use it for that purpose, it will warn you in case your HOSTS file has been changed (FileChecker from Javacool is not pro-active).
     
  6. whoever

    whoever Registered Member

    Joined:
    Nov 19, 2003
    Posts:
    10
    Thanks. Didn't see that written in the first post. Need more coffee.
    Has anybody tried "toggle hosts" from accs-net? Also seen above where the host file can be moved on 200 and XP. Can this be done on 98?
    Rick
     
  7. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Aye dvk, I have had it for a couple of weeks now, and it's also VERY handy to edit/change/delete stuff from Hosts WITHOUT having to navigate to C:/WINDOWS/system32/drivers/etc/hosts, do an "Open with....." change... save as *all files [no extension] and backing back out.

    Soooo very easy, thoroughly recommend it.

    Cheers, TAS
     
  8. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    I've been using HostsToggle for at least a year now, maybe longer. It's a great little program for quickly enabling/disabling, editing & backing up your hosts file. I've never run into a problem with it.

    I don't think it can be moved on 98. I imagine it would've been mentioned if it was possible.
     
  9. FanJ

    FanJ Guest

    Hi,

    The trick described by Pieter, can indeed not be used on Windows 98.
    See this thread:
    https://www.wilderssecurity.com/showthread.php?t=21116


    I use Hostess for maintaining my Hosts file.
    With Hostess you can also easily disable/enable your Hosts file.
    It simly renames your Hosts file (until you let it rename it back).
    But you don't protect it with that.

    Cheers, Jan.
     
  10. FanJ

    FanJ Guest

    I suppose that protecting your Hosts file can also be done in ZAPro.

    At this site I see that in ZoneAlarm Pro version 4.5.530.0 was introduced:

    "Host file lock - prevents host file tampering that sends users to spoofed web sites".

    Maybe users of ZAPro can confirm that ;)
     
  11. brucegeulam

    brucegeulam Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    15
    Location:
    NW Wisc. USA
    Zone Alarm does have lock hosts file, located in the firewall settings. Click advanced settings.


    :D
    Bruce
     
  12. whoever

    whoever Registered Member

    Joined:
    Nov 19, 2003
    Posts:
    10
    Thanks, all of you. This is a very useful thread.
    Does anybody know where I can find a host file, preferably a maintained one, that can be used for content filtering, such as blocking access to sex/adult sites, etc. Seen ones for blocking advertising and blocking access to known malware sites. I'm looking for one intended for filtering content for younger users. Anybody know if such a one exists or is maintained?
    Rick
     
  13. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi whoever.

    Here mate: HOSTS

    or HERE

    OH first.. get the freebie listed in posts above, to you can edit/etc. your hosts file..

    it's currently 157Kb.. has a LOT of entries.. and yes, blocks ads, etc. great.

    Cheers, TAS

    EDIT: Just did a line count, [I can see no of lines in EDITPAD Lite] and it has OVER 4500 entries.

    Also the Hosts file author has it broken up into sections, so you can see which items are blocked. Very easy to see/navigate.

    HTH, TAS
     
  14. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    There's also the one by hpguru found Here or Here or Here.

    It's about 759KB & contains 24,794 entries.
     
  15. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi amerk.... thanks for those links.

    Do you have any problems though using one that big?

    I have seen some posts previously where they caused a couple of hiccups.

    Just curious.. I will give it a try. :)

    Cheers, TAS
     
  16. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    I can't speak for the others here but I haven't had any problems.
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    I have had some problems with the huge hosts files. Windows 2000 seems to have some real issues with them. XP handles it a lot better.

    Regards,

    Pieter
     
  18. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    It has to do with the DHCP Client and DNS Server in Win2000. For more info & how to disable it to speed things up with a large hosts file see the following link.

    http://www.pacificnet.net/~bbruce/dmreport.htm
     
  19. whoever

    whoever Registered Member

    Joined:
    Nov 19, 2003
    Posts:
    10
    Windows 98 seems to work fine with it. Haven't had any problem, save one entry that needed editing.
    Rick
    Thanks for the links.
     
  20. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    I use hostess and have put together a 1.18 MB HOST file from 9 different sites that maintain various versions of the HOST file. 7 of them still update their list and 2 are older ones that have not been updated in a while. If anyone is interested in such a comprehensive host file they can PM me. When I get home I will update this posting with the links I go to for updating this custom made HOST file.
     
Loading...
Thread Status:
Not open for further replies.