Main Area and Open Discussion > Living Room

HOSTS File for malware prevention

(1/3) > >>

techidave:
I have been reading about the use of the HOSTS file to prevent malware, etc., from getting on  your computer.  I am having trouble determing if Firefox and Opera use the HOSTS file like IE does.  how does the HOSTS file supplied by mvps.org differ from that of Spyware Blaster or Spybot's Search and Destory Immunize feature?

I am trying to figure out if the HOST file is a good way to prevent malware on computers??

How does this differ from Restricted Sites (probably IE only)?

Dave

sajman99:
I am trying to figure out if the HOST file is a good way to prevent malware on computers??
-techidave (August 21, 2010, 02:35 PM)
--- End quote ---

Apparently folks aren't using the HOSTS file as a malware blocker as much as they used to. Perhaps many users now more effectively rely on sandboxing and virtualization software for malware protection.

In this Wilders poll "Do you use HOSTS file?", the majority of respondents (60.90%) indicated they no longer use it. Many folks indicated maintaining the HOSTS file is a futile exercise.

Krishean:
to answer your question, yes firefox and opera are affected by the hosts file. the hosts file is used to alter domain name resolution in windows, and affects anything that uses windows for networking (if a program uses its own network driver than i think it can get around anything in the hosts file anyway)

the problem with using the hosts file for malware protection is that it ONLY affects domain name resolution. so its good if an entire domain is dedicated to malware, but if a site is infected with malware through an ad (example: http://techcrunch.com/2010/03/23/yahoo-top-ad-malware-distributor-says-its-not-their-problem/) or some other attack, its not going to block that, and as malware domains are constantly changing on an hour-by-hour basis, keeping an updated hosts file is next to impossible

also if a program does not use dns resolution and uses an ip like 173.194.33.104 (www.google.com) or if malware comes from an ip (http://173.194.33.104/) the hosts file is not going to block it

EDIT: that said, i do use the "immunize" feature of spybot s&d, which does add entries to the hosts file (in some cases i have it seen it ignore the hosts file tho), because it doesn't hurt (unless of course one of the sites in the hosts file is legitimate and you are trying to go there, it makes it unplesant to diagnose why its not working)

EDIT2: i should probably explain how the hosts file works exactly. when you click on a website, for example www.google.com, "www.google.com" is meaningless to a computer, computers only understand ip addresses (173.194.33.104) so before you are able to get to google, your computer must first contant a domain name server to look up the ip address of the domain name. the domain name server tells your computer the ip address of google and your computer then contacts google and you go on your merry searching way... however, if www.google.com is in your hosts file your computer skips the step where it contacts the domain name server and uses the entry in the hosts file. so if you put "127.0.0.1 www.google.com" (DONT DO THIS) in your hosts file, instead of going to google your computer would try to contact 127.0.0.1 (which is a local address for your own computer) and this would not work. thats how the hosts file works, it reassigns domain names to some other ip address.

Stoic Joker:
OpenDNS would be a better way of effecting the same thing as it can be configured in a single location (the network border) and can be used to block many other network nuisances (FaceBook).

techidave:
Good idea sj. I keep forgetting about this program.

Navigation

[0] Message Index

[#] Next page