I guess it is time to start a thread with discussion about "How to protect your HOSTS file". First things first: What is the HOSTS file? See this site: http://www.accs-net.com/hosts/what_is_hosts.html Quotes: "The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites. If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block." - end quotes - If you like, you can read more about HOSTS at that site. Maintaining your HOSTS file Several sites publish frequently free updates for your HOSTS file. Those updates will add entries to your HOSTS file by which it will block malicious sites. Of course it is up to you whether you "install" them. Two examples where you can get those: 1. Hpguru 2. MVPS Maintaining your HOSTS file -2- A nice free tool by which you can maintain your HOSTS file, can you find here: Hostess Why is it important to protect your HOSTS file Some malware and some malicious sites will try to make changes to your HOSTS file. Lots of things can be said about this. An example: The IP address of the Wilders-forum ( www.wilderssecurity.com ) is (at this moment): 184.108.40.206 If some malware would add an entry to your HOSTS file like this one for example: 127.0.0.1 www.wilderssecurity.com then you would never be able to connect to this board, because the IP address 127.0.0.1 is your own computer. Several means for "protecting" your HOSTS file There are two different means for protecting your HOSTS file: 1. Pro-active This one tries to guard against changes on your HOSTS file. 2. Warning you after a change has been done Protecting Pro-active -1- For an example I would like to point to this site: http://mvps.org/winhelp2002/hosts.htm Quotes: Locking the HOSTS File There are many of these hijackers that add their own entries to your HOSTS file. This is commonly know as redirects. To add a level of protection you might want to consider making your HOSTS file "read only". You can download a small batch file to accomplish this: lockhost.bat [right-click - Select: Save Target As] unlockhost.bat (XP\2K) LockHostsME.bat [right-click - Select: Save Target As] UnlockHostME.bat (98\ME) To use: place the appropriate files in your Windows folder, create a shortcut to each. - end quote - Protecting Pro-active -2- SpywareBlaster from Javacool can also do it ! See: - the SpywareBlaster site: http://www.javacoolsoftware.com/spywareblaster.html - the SpywareBlaster forum: https://www.wilderssecurity.com/index.php?board=34 Warning you after a change has been done Lots of (free or not-free) programs can do this for you. I mention two: 1. FileChecker from Javacool: http://www.javacoolsoftware.com/filechecker.html 2. TDS-3 with its CRC32-test: https://www.wilderssecurity.com/showthread.php?t=13740 Remark Well, I know that I didn't cover everything on this topic. But I hope that this will start a discussion. Regards, Jan.