MVP-HELP for Windows

...where you can have fun AND be secure

Blog

Windows Security Checklist - Part 7: HOSTS: Blocking Unwanted Web Sites, Malware and Ads

Posted on December 24, 2010 at 6:27 AM

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: January 9, 2005

Revised and Updated: December 24, 2010

(Preamble skipped. You can read it below in previous articles.)


HOSTS: What It Does


To remove and block web site ads and banners, offensive content and malware, you can purchase specific software or you can use free techniques available for any browser. The HOSTS file is built into Windows but comes blank with no entries. It can be used to block ads, banners, cookies, web bugs, and even most hijackers, by blocking the Servers and sites that provide them on your own computer. The following entry 127.0.0.1 ads.badsoftware(example only).com blocks all files provided by the badsoftware Server to the web pages you look at while stopping it from tracking your movements.


The HOSTS is the first place a browser looks for an address after you click on a link or type one into your address bar (unless you are using a proxy server, more on that later). When you type in an URL such as www.happycampers(example only).com. If it does not find the domain name in the HOSTS file, only then does the browser ask the DNS server. It is this fact that makes the HOSTS file an excellent means for blocking web site ads and other threats.


HOSTS is a text file you can open in Notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. A default entry in every HOSTS file looks like this:


127.0.0.1 LOCALHOST #THIS IS THE UNIVERSAL IP ADDRESS OF ALL LOCAL COMPUTERS


127.0.0.1 is an IP address called the "loopback" because it refers to your local computer only. The loopback address gives developers a way to test web software without being physically connected to a network. This prevents errors in network hardware or software from obscuring test results. The loopback address can be used to stop web ads from displaying.


To use the HOSTS file to block web ads, you add a list of hosts serving offensive or malicious content with these domains associated to the loopback address -- your own computer. When you go to a site that contains ads, the browser looks on your own machine for the ads and never visits the ad server. The ads are never displayed and the ad server has no opportunity to put tracking cookies on your computer.


Ad-blocking HOSTS files, for various purposes, are available for download on the Internet.


Regularly Updated AdServers List: http://pgl.yoyo.org/adservers/#foursteps


Windows automatically looks for the existence of a HOSTS (file) and if found, checks the HOSTS first for entries to the web pages you request. The 127.0.0.1 is the address that points to your computer, so when the entry "ad.doubleclick(example only).net" is requested your computer thinks 127.0.0.1 is the location of the file. When this file is not located it will say that it's unable to connect to that address on the page in your browser. It then skips onto the next file and thus the ad server is blocked from loading the banner, cookie, or (perhaps) malicious javascript file.


This takes nanoseconds, which is much faster than trying to get a file from the other side of the planet. Another nice feature of the HOSTS is that it is a two-way file, meaning if some malware does get into your system it cannot get out (call home) as long as the proper entries exist. For this reason it's essential to keep your HOSTS file up to date.


A very large HOSTS can slow down a browser on NTFS platforms (XP, Vista & Win7) To resolve this issue open the Services Editor.


Start > Run (type) "services.msc" (no quotes)

Scroll down to DNS Client,

Right-click and select: Properties

Click the drop-down arrow for Startup type

Select: Manual

Click: Apply/OK and restart.


HOSTS need regular updates since new ad servers keep popping up. If you see an ad while using an ad-blocking HOSTS file, it means one of two things, either the ad is hosted on the site's own server, or it is new. To find out where the ad is coming from, right-click on it and select "Copy Shortcut." If the ad is hosted on the site, you cannot block it with a HOSTS file as HOSTS files only block whole sites. For a new ad server, paste the domain portion of this URL into your HOSTS file with a redirect to 127.0.0.1.


Blocking More Than Ads with MVPS HOSTS


Traditionally, the HOSTS is used to block ads and banners, but it was determined by Microsoft MVPs (Most Valuable Professionals) that many of the parasites and malware that get onto our machines by surfing websites can also be blocked in this fashion.


It serves no purpose if you block the ad banner from displaying, as most other HOSTS files do, but get hijacked by a parasite from a script or download contained on the website. The object is to surf faster while preserving your safety, security and privacy.


Direct Download of the MVPS HOSTS: http://www.mvps.org/winhelp2002/hosts.zip


How to install MVPS HOSTS:


You can also right-click the link and select "Save Target As." Unzip in a "temp" folder and place in the appropriate installed location. The MVPS HOSTS zip comes with a batch file you can run in XP, Vista and Win7. In Vista and Win7 you will need to have Administrator rights to open and run it. It will automatically install the new HOSTS in the appropriate location, while making a backup of your old HOSTS.


Using HOSTS with Proxies


If you connect to the Internet using a remote proxy server, the HOSTS may not work. A remote proxy server does the DNS requesting for you preventing the HOSTS from being used. Your browser will route its request through your proxy server before your machine looks up an entry in HOSTS.

If you are using a proxy server:


In IE, go to the Internet Options > Connections tab and choose your connection.

Make sure the box called "bypass proxy server for local addresses" is checked.

This type of change should only be made on a stand-alone machine. If you are Networked (ie part of a large business or institution) you should check your configuration with your IT department prior to making any changes. You may also wish to check this change with your ISP (Internet Service Provider) as it could disconnect you from the Internet.


HOSTS: Problems and Solutions


The HOSTS technique is useful, but there can be some problems with it. Ad-blocking HOSTS files can include sites that have ad servers you do not want but you may still want to see them. This occurs because some ad servers provide other types of content. For example, the ad server akamai.com also provides streaming media for many web sites, including Microsoft, for whom they handle Windows Updates. If you block akamai.com, you will not be able to access Windows Updates.


You would like to see something else in place of ads, but in actual practice there are "Action Canceled"  or "(the browser) cannot display the web page" error messages repeated wherever an ad would have been. This can be fixed, as you will soon see.


Problems with delays occur. HOSTS redirect ad-server requests to IP addresses that are not servers. Internet Explorer will fail immediately if it cannot find a server, but other browsers can wait much longer before quitting.

Both these problems can be solved by installing a small, single purpose, local-only HTTP server that does nothing but serve GIF images (which you can determine) when requests are received on the loopback address. This replaces unsightly error messages with the images you prefer, and eliminates delays because the browser receives an immediate response.


 

A free utility for this purpose is eDexter. It also cures Opera's endless searchings. For more info and downloads: http://www.pyrenean.com/eDexter

It works in all Windows platforms, and is also available for use with Macintosh.


Back Button Problems


You click the Back button to return to the previous page and it appears that nothing happens. What usually occurs is that the HOSTS has blocked one or more ad pages that are embedded into the web page you were viewing. To verify this click the small drop-down arrow on the Back button. Is an ad server listed? In some cases the web page can contain a script to prevent the user from returning to a previous page. Simply skip to a valid link.


Making the HOSTS More Powerful


You can augment and strengthen your HOSTS with two freeware security applications.


SpywareBlaster. Download, install, update and apply the update, and you're done. It's simplicity itself. It protects your browsers, and your computer so that malware cannot be loaded nor even opened. Keep it updated, and you're protected. Those who donate to SpywareBlaster can recieve automatic updates.


Spybot - Search & Destroy. Click through according to your language preference. On the next page, click on the symbol beside Spybot Search & Destroy in the upper-right corner to get started. Download and install it. Update it. After receiving the updates, click on the Immunize shield on the main window. Make sure there's a checkmark in the box beside Global Hosts, under the Windows heading down at the bottom. Then click on the green "+" beside Immunize at the top. It will take a minute or two, but when it's done your HOSTS will be augmented with Spybot's protections against bad cookies and nasty web sites.


The HOSTS with these two applications work together to provide comprehensive malware protection online. Spybot Search & Destroy can also scan your hard drive for pernicious spyware and hijacker threats on demand.


Merry Christmas, Yuletide Greetings or Happy Winter Solstice to All, and always take care of your security.


This document is provided "AS-IS" without warranty, and confers no rights.

Categories: Security Articles

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

Already a member? Sign In

0 Comments