Recommend DNS services to fight against malware

Discussion in 'other anti-malware software' started by Kernelwars, Aug 17, 2010.

Thread Status:
Not open for further replies.
  1. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    469
    Location:
    Belgium
    I experienced quite some problems for a very long time, and only recently discovered my huge HOSTS file was the cause of it. When doing pingtests on some well known sites like www.pingtest.net and overall experience of website loading, my ping results were horrible 300ms+ , since removing the biggest part of the hosts file, and only keeping rather small MVPS hosts file, my pings returned to +-40ms.
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Have you tried using an optimized hosts file? Did the same problem still prevail?
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Incorrect, a hosts file is the single easiest way to block prety much all ads across every program on your system, be it a browser or otherwise. I prefer it because my browser use varies, and I don't want to have all these extra addons loaded and slowing down browsing.

    ad.png

    You can also try disabling/enabling the DNS service. My surfing is faster with the service enabled. I do however use Hostsman's optimizer, it rocks :cool:
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Can you explain why am I still seeing an ad in your image at Softpedia? Maybe because the ads in question are like so:

    -http://s2.softpedia-static.com/images/ABETD2.jpg?v=26 (this is for the current ad)

    If you block -s2.softpedia-static.com then it will cripple Softpedia's website, because more content is stored in that domain.

    So, the only way to block certain ads is not through hosts file, and simply because you will pretty much cripple the website.

    -Edit-

    One more example:

    -http://www.wilderssecurity.com/pub/www/delivery/ck.php?some_more_stuff_in_here

    Imagine something like the above example. How would you block that in a hosts file? There's simply no way, because the hosts file is not designed to assign/block a given IP to a sub-domain; only given IPs to domains.

    -End of Edit-

    Even with DNS Client service disabled With DNS Client enabled things are slower; it will also depend on the number of entries in the hosts file. For example, with an unoptimized hosts file with ~15000 entries, there's no need to disable it. The system loads fine. But, add to that more ~400000 entries and you'll see the difference. But, not every system will complain in the same exact way; some will be slower, some will be faster.

    I can only tell about my own experience, of course.
     
    Last edited: Jan 20, 2011
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Yes I understand what you're saying about certain ads not being able to be blocked, but this is really rare, most websites will use a 3rd party host. But since I have flash asking me to load when I browse to a website, I will rarely ever experience these ads. If it comes down to the 1% of ads that would get through, they are apparently not obtrusive enough for me to notice them. Especially not to the point I'd be willing to install an addon to parse every page I go to, in the slight case I see an ad. Surely some people would agree?

    I currently only use the MVPS HOSTS file via HostMan so it's optimized. My downloads from softpedia work fine.

    noad.png

    Also, I don't think the hosts count as anything to do with it, at least on Windows 7. I once had a massive hosts file with something like 6 sources and thousand of entries. It was still faster on my Win7 machine to keep the DNS service enabled, although it was faster on my XP machine(back in the day when I had one) to disable it. I think the DNS service in Windows 7 might be a bit more optimized.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Oh, don't take me wrong. I agree. I dislike addons. ;)

    I just tried to, merely, point out that a hosts file is, in some cases, not enough to block ads. That was all I meant. :)
     
  7. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Yup, you're right :)

    So, what do you use for blocking ads? Also back to the topic, do you use a DNS service for malware?
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I use hosts file from MVPS, plus -http://hosts-file.net/?s=Download (there's an ads and trackers hosts file as well over there) and PGL adservers hosts file -http://pgl.yoyo.org/adservers/serverlist.php?showintro=0;hostformat=hosts

    I also use a couple others, but not 100% only ads and trackers, also malware... so may not be interesting to mention, if we're only talking about ads and trackers. Most likely, they overlap most entries, anyway.

    I personally use ClearCloud DNS. I also have it set for my relatives as well; those near me, that is. :D

    I like the detection capabilities of VIPRE; detection speaking, of course.
     
  9. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    One of the things I dislike about using a hosts file is the space it leaves where the ad was. If only the text/graphics underneath could move up.

    I use Firefox with Adblock Plus in conjunction with the EasyList subscription which contains element hiding techniques. It tidies the page up where the ad was.
     
  10. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    You could give a try to eDexter. It is very light on resource.
     
  11. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Source
     
    Last edited by a moderator: Jan 21, 2011
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That statement is flawed in my opinion. How so? First, I'd like to understand what is the definition of "Special AntiSpyware Hosts Files".

    If there's a "Special AntiSpyware Hosts Files", then I can also say there's a "Special Anti-Ads&Trackers Hosts Files"?

    There are simply hosts files; some block access to both malicious and ads/trackers domains; others only malicious domains and others only ads/trackers domains. There are no special hosts files.

    Secondly, many ads link people to malicious content/malicious domains. So, by blocking ads via hosts file, then users are also making their browsing experience safer, because they won't be victims of infecting ads. If it isn't there, it can't harm them.

    So, the way I see it, this is in no way a false sense of security; just one more layer of security.

    I'm not advocating everyone needs to use a hosts file to be safer; I'm strictly saying that, if someone uses a hosts file to block ads, because this person simply does not want/dislikes extensions/add-ons or third-party applications, then for sure it will bring two benefits: Kill one infecting vector and speed up browsing because no ads will be loaded.

    The same way that author says that it provides a false sense of security, then I believe that this person is from the opinion that anti-malware applications also provide the same sense of security? If so, there's no point in many people using them. They will be wasting system resources, and who knows money. They will also, at some point, allow infections to occur. And, even if they do detect, the same is not to say the infection is occurring at the very same moment.

    Again, I'm not advocating whether or not people would be needing such anti-malware applications; only mentioning they wouldn't know any better.

    Easily? As the author says, it will depend on whether or not the users would be running as limited users, or even if as administrators and would have nothing but a hosts file protecting them.

    And, how would running a hosts file under a limited user account make it irrelevant? As if there wouldn't be malware capable of executing to user-space?
    I don't understand that statement. (I'm human, after all.)

    An hijacked hosts file would be the least of the concerns, and in such scenario always delete every entry and re-apply the entries, or not.
    I'd be much more concern about my other security measures. If some person's hosts file (be it to block only ads/trackers or malicious domains) gets hijacked, then something that was meant to protect them failed; perhaps, even the user failed.

    I've never experienced any slow downs, no issues. Nor have any of my relatives in years of using hosts file to block ads/trackers.

    Also, unless someone REALLY needs DNS Client enabled, then just disable the freak and with a properly configured firewall rules, and here I'm thinking about outbound traffic, any malware would be needing one additional rule: DNS.

    If there's no global rule allowing connection to the DNS IPs, then the malware can't connect.

    There are always two sides of the same coin; unless someone had made one with two same sides, on purpose. :D

    -edit-

    I just wanted to mention one more thing that slipped my mind the other day, regarding malware modifying a hosts file.

    What if there is a hosts file some X person is using and that, for whatever reason, a malware changes it to redirect users to malicious domains? Would the non-existence of entries in that hosts file prevent such? No, it wouldn't.

    And, I may be mistaken, but AFAIK, unless you're running Windows 7, a hosts file must exist and map both 127.0.0.1 and ::1 to localhost

    In Windows 7 is DNS Client that performs such task, if memory still serves me well.

    So, once more, these statements, more than all others are way too stupid, IMO... Well, not the statements; what is mentioned may happen. What is stupid is what is underlined in all this: That by not having such a "special" hosts file, as the author calls it, would make you safer o_O Let's get real.

     
    Last edited: Jan 23, 2011
  13. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Didn't know about hosts file until it was discussed here. I've installed MVPS and now am not getting annoying ads, so thank you again.

    I'm using Norton DNS as primary, and ClearCloud DNS as secondary, based on the results that DNS Bench gave for their speeds in my area, though the difference in speeds is insignificant.:p
     
  14. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    When I put up the number recommended by one poster to speed up my browsing in the Internet Protocol TCP/IP and restart my pc those numbers were gone and the setting returned into previous setting.

    How could I save up configuration number settings so that it'll not be gone after pc restart?

    Or it's ok that way, and the numbers or settings remain even if those are gone after restart? o_O
     

    Attached Files:

  15. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    469
    Location:
    Belgium
    Thanks, great post Mr PC.
    If I only had read that few years ago.
     
  16. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    those numbers should still be there.

    are you sure you're looking at Internet Protocol version 4 and not 6?
    do you use a "boot to restore" app like Shadow Defender or others?
     
  17. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    How or where can I check Internet Protocol version? I couldn't find it..:oops:

    I don't use boot restore or shadow defender like that.

    I just have DefenseWall Personal Firewall installed and running. Will it possibly affect setting those things? :rolleyes:
     
  18. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    I recommend Norton DNS now..
    I will Recommend Clear Cloud (bcoz it blocks more malwares sites than Norton..*my experience)when its comes out from beta..
    Now its giving DOmain not exist pages for many sites..:mad:
     
  19. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    That appears to be an underhanded dig at Moontan. He had what I thought were some interesting and reasonable things to say in reply to your post. You could respond to those points directly instead of just basically saying some of us know and some of us don't, poor them.
     
  20. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,529
    Location:
    St. Louis, MO

    Open control panel, double click network connections, right click LAN, select properties and you can see the IPv numbers.


    IP.JPG
     
  21. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    Maybe, mine is different from yours. Still the same I couldn't find it. :oops:

    I still uses Pentium 4 Windows XP SP3.
     

    Attached Files:

  22. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    Just a comment on the potential downside of ad blocking. I normally browse with FF with Adblock in place. For some reason one day I used IE8 to go to a site particular to my profession. Behold! Ads did pop up, including one seeking participants for a quick survey; as I was interested in this I took the survey and received a $50 honorarium for my participation. Even better I now get a monthly email for other Medical related surveys (Drug companies mostly) with honoraria varying for $50-$150.

    Summing, Ad blocking isn't always a good thing to do.
     
  23. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,529
    Location:
    St. Louis, MO

    looks like IPv4. if you have IPv6, both v4 and v6 should be showing up under properties. If the DNS addresses are not saving to your Local Area Network properties after reboot, how about adding the addresses to your router?
     
  24. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Sorry, of course I meant Moonblood, not Moontan. Moonblood has a well-argued post in reply to what you said about hosts files. It might be interesting and even informative to see a discussion on his points, instead of "others Still Fail to/will Never understand", which goes nowhere.
     
  25. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    I don't have a router. You mean hardware firewall? I don't use it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.