topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 8:11 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: HOSTS File for malware prevention  (Read 7758 times)

techidave

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,044
    • View Profile
    • Donate to Member
HOSTS File for malware prevention
« on: August 21, 2010, 02:35 PM »
I have been reading about the use of the HOSTS file to prevent malware, etc., from getting on  your computer.  I am having trouble determing if Firefox and Opera use the HOSTS file like IE does.  how does the HOSTS file supplied by mvps.org differ from that of Spyware Blaster or Spybot's Search and Destory Immunize feature?

I am trying to figure out if the HOST file is a good way to prevent malware on computers??

How does this differ from Restricted Sites (probably IE only)?

Dave

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #1 on: August 21, 2010, 03:28 PM »
I am trying to figure out if the HOST file is a good way to prevent malware on computers??

Apparently folks aren't using the HOSTS file as a malware blocker as much as they used to. Perhaps many users now more effectively rely on sandboxing and virtualization software for malware protection.

In this Wilders poll "Do you use HOSTS file?", the majority of respondents (60.90%) indicated they no longer use it. Many folks indicated maintaining the HOSTS file is a futile exercise.
« Last Edit: August 21, 2010, 03:32 PM by sajman99 »

Krishean

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 75
  • I like pie
    • View Profile
    • Draconis Labs
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #2 on: August 21, 2010, 03:47 PM »
to answer your question, yes firefox and opera are affected by the hosts file. the hosts file is used to alter domain name resolution in windows, and affects anything that uses windows for networking (if a program uses its own network driver than i think it can get around anything in the hosts file anyway)

the problem with using the hosts file for malware protection is that it ONLY affects domain name resolution. so its good if an entire domain is dedicated to malware, but if a site is infected with malware through an ad (example: http://techcrunch.com/2010/03/23/yahoo-top-ad-malware-distributor-says-its-not-their-problem/) or some other attack, its not going to block that, and as malware domains are constantly changing on an hour-by-hour basis, keeping an updated hosts file is next to impossible

also if a program does not use dns resolution and uses an ip like 173.194.33.104 (www.google.com) or if malware comes from an ip (http://173.194.33.104/) the hosts file is not going to block it

EDIT: that said, i do use the "immunize" feature of spybot s&d, which does add entries to the hosts file (in some cases i have it seen it ignore the hosts file tho), because it doesn't hurt (unless of course one of the sites in the hosts file is legitimate and you are trying to go there, it makes it unplesant to diagnose why its not working)

EDIT2: i should probably explain how the hosts file works exactly. when you click on a website, for example www.google.com, "www.google.com" is meaningless to a computer, computers only understand ip addresses (173.194.33.104) so before you are able to get to google, your computer must first contant a domain name server to look up the ip address of the domain name. the domain name server tells your computer the ip address of google and your computer then contacts google and you go on your merry searching way... however, if www.google.com is in your hosts file your computer skips the step where it contacts the domain name server and uses the entry in the hosts file. so if you put "127.0.0.1 www.google.com" (DONT DO THIS) in your hosts file, instead of going to google your computer would try to contact 127.0.0.1 (which is a local address for your own computer) and this would not work. thats how the hosts file works, it reassigns domain names to some other ip address.
Any sufficiently advanced technology is indistinguishable from magic.

- Arthur C. Clarke
« Last Edit: August 21, 2010, 04:03 PM by Krishean »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #3 on: August 21, 2010, 06:53 PM »
OpenDNS would be a better way of effecting the same thing as it can be configured in a single location (the network border) and can be used to block many other network nuisances (FaceBook).

techidave

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,044
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #4 on: August 21, 2010, 08:20 PM »
Good idea sj. I keep forgetting about this program.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #5 on: August 22, 2010, 03:03 AM »
+1 for Krishean -- Excellent explanations. :)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #6 on: August 25, 2010, 03:33 PM »
The security company Sunbelt Software is establishing a DNS Server named ClearCloud DNS which can be used to block malware sites.

This is a free service (currently in beta) which is designed to add an additional layer of security.

Details can be found here:  http://www.clearclouddns.com/

Russ V

  • Supporting Member
  • Joined in 2008
  • **
  • default avatar
  • Posts: 12
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #7 on: August 25, 2010, 05:14 PM »
Cool;  you can also use google dns at: http://code.google.com/speed/public-dns/
Note: if you use services by your internet provider...like news groups or use local content, can stop working for days when local network changes occur.   in that case, i recommend keeping your secondary dns search ip to something your provider provides.

Lastly, i've stopped using spybot immunization on my slow machine at work.  i find myself removing a lot of programs i once thought would help.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #8 on: August 26, 2010, 10:33 AM »
Using the hosts file for anything but specialized purposes (like blocking a few call-home servers, or *very* limited LAN computer naming) is pretty bad, imho. It takes a bit of time to process large hosts files, and it's futile trying to keep a hosts file up to date wrt. malware and ads.

What you need is an ad-blocker for your browser combined with anti-malware software.
- carpe noctem

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #9 on: August 26, 2010, 10:44 AM »
What you need is an ad-blocker for your browser combined with anti-malware software.

I recommend Ad Muncher (munches more than just ads, in more than just browsers) along with whatever hosts file entries your anti-malware may want to add. (remember that neither are a substitute for a good antivirus, and nothing is a good substitute for common sense...you need all of it!)

And please, please, please, run noscript and turn off Java in your browser unless you are about to use a site you know you can trust that needs it.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #10 on: September 21, 2010, 12:50 AM »
Comodo has now went live with the "malware site blocking" feature of Comodo SecureDNS.

Announcement and site.

Perhaps it's all part of their attempt to rule the world. ;D  Just kidding--but it seems they have software and services for darn near everything.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: HOSTS File for malware prevention
« Reply #11 on: September 24, 2010, 07:59 AM »
Malwarebytes and Emsisofts site-blocking is based on hphosts which can be implemented as good old hosts file with daily updates, so not exactly futile. Hosts files are not better than content of course, so most suck in a security context.

Please, please give me a valid non-paranoid reason to turn off javascrip per default - or java :) Go YesScript https://addons.mozil.../firefox/addon/4922/