security through hosts file needed?

Discussion in 'other firewalls' started by zakazak, Oct 18, 2010.

Thread Status:
Not open for further replies.
  1. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    hello, i use MSE + Comodo Free Firewall (with HIPS) and jsut read through this:
    http://www.mvps.org/winhelp2002/hosts.htm

    now is it rly needed to use such a hosts file? I already use adblock with firefox.. so ads arent rly a problem. The only usefull part of this hosts file i could think of, is that it also blocks malicious software trying to connect/send something.

    But if you continue reading, then you will come to the part where it says that this big hosts file can slow down your pc. They provide a solution.. but thats not a real option for me.

    So my question:
    Is it needed to have such a host file altough i have MSE + Comodo FW + adblock (firefox) and worth the trubles with dns-client service?

    Is there a hosts file (or ip list) which gets update frequently but only includes things like sites which try to damage you with exploits, malicious stuff ,... so no adware? (so this would means it maybe is a small hosts file then and wont slow down the pc)

    Is it totally senseless?

    Thanks :)
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Whether you need a hosts file or not, well... the answer is really up to you, IMO. And, if you need to ask that question, then ,IMO, you don't feel secure with the current security setup you got there.

    There are other things you can to help the system be safer and more secure, like tightening up the web browser, for example.

    If you wish IP block lists (Does COMODO already support importing of lists?), you could use PeerBlock and make use of lists like these:

    http://www.iblocklist.com/lists.php

    But, considering what you wish, I'd pick these ones:

    http://www.iblocklist.com/list.php?list=bt_spyware
    http://www.iblocklist.com/list.php?list=bt_hijacked
    http://www.iblocklist.com/list.php?list=bt_dshield
    http://www.iblocklist.com/list.php?list=ynkdjqsjyfmilsgbogqf

    There are more lists that I could provide, but not in PeerBlock's format. You'd have to convert them.

    You try and make use of an alternate DNS service, like Sunbelt ClearCloud DNS, which will protect you against malware.
     
  3. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    ye peerblock would be an alternative solution for the hosts file.. though i just didnt like to have another security program running ;)

    and i feel comfortable with my current situation.. i just wonder if such a modified hosts file would bring more security or if it is senseless anyway :)

    and ye i also know that site.. but i would have to convert all the lists by hand for the hosts file which takes ages :S
     
  4. tlu

    tlu Guest

    IMHO it isn't. Since you're using AdblockPlus I suggest that you add the comprehensive Malware Domains subscription at the bottom of this site instead. It's updated daily and as good or better as any hosts file.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    A hosts file allows to globally block access to malicious websites (excluding ads and trackers). Adblock Plus will block for Firefox.
    So, how is it that it is "as good or better as any hosts file"?

    I'm not debating whether or not a hosts file is needed. But, I'm wondering how would an Adblock Plus subscription be as good or better than a hosts file?
     
  6. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    ye thinking the same.. a hosts file would propably be better.. on the other site.. every random program could open the hosts file and clear it? :S

    MSE & Comodo wont "lock" the hosts file.
     
  7. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    I totally agree with this.

    Myth - "Special AntiSpyware Hosts Files are necessary to prevent Spyware infections."

    Reality - "Using Special AntiSpyware Hosts Files are a waste of time and leads to a false sense of security.
    Any Malware/Spyware can easily modify the Hosts File at will, even if it is set to Read-only.
    It is impossible to "lock-down" a Hosts File unless you are running
    as a limited user which makes using it in this case irrelevant anyway.
    Various Malware/Spyware uses the Hosts File to redirect your Web Browser to other sites.
    They can also redirect Windows to use a Hosts File that has nothing to do with the one you keep updating."

    Large Hosts Files "cause Internet related slowdowns due to DNS Client Server Caching.
    This negatively effects your browsing speed. AntiSpyware Hosts File authors irresponsibly recommend
    disabling the DNS Client Service to solve this problem. This is not a solution.
    The overall performance of the client computer decreases and
    the network traffic for DNS queries increases if the DNS resolver cache is deactivated.
    This effectively reduces Internet Performance for sites you have previously visited
    and puts an unnecessary load on your ISP's DNS server."

    Source
     
  8. tlu

    tlu Guest

    So? Since zakazak is using FF and AdblockPlus anyhow why not use this subscription?

    See for details here.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It's not possible for a hosts file to keep up with these sites. These sites are very short lived and change faster than the malware itself. There's no way anyone could make a list of these sites that's anywhere near complete or up to date. Yes, you can block entire domains known to spread malware, and you're likely to block a lot of clean sites in the process.

    The hosts file isn't really useful from a security point of view. I use it more as a junk blocker (ads, google junk, etc) and for address resolving on the more inportant sites (its intended purpose). Used this way, it can protect against methods of spoofing\tampering (can't think of the correct word this morning) with DNS as your PC checks the hosts file first.

    Regarding the DNS service, I've had no problems from disabling it. Internet apps can do their own DNS resolving.
     
  10. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Not needed.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    If read my previous post again, you'll see I wasn't debating the use or non-use of a hosts file. I merely was wondering how is it that block list that works for one browser be better than a block list that globally blocks access?

    I wasn't really making a Adblock + subscription vs hosts file.

    Anyway, I gave the suggestion to use an alternate DNS service like Sunbelt ClearCloud DNS which will block access to malicious domains.


    Regards
     
  12. tlu

    tlu Guest

    Well, it's much easier to keep it updated if you run as LUA.
     
  13. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    idk if Hosts are exactly needed for security, but if u want an easy to manage hosts program that will auto update multiple hosts lists for u and let u manage it easier (allowing certain hosts etc.) then u can try HostsMan, i used to use it and its quite a nice little program

    http://www.abelhadigital.com/hostsman
     
Loading...
Thread Status:
Not open for further replies.