Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

How to effectively prevent Malware by using a HOSTS file

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

How to effectively prevent Malware by using a HOSTS file

What you see above is the screenshot of the HOSTS file that exists in Windows XPSP2. A simple text file without any extension, just named HOSTS. A similar file exists in all most all other operating systems, including all versions of Windows, Unix, Linux, BeOS, BSD, Macintosh, OS/2 and Netware.


What is the HOSTS file?


When surfing the Internet, when you try to access a previously unknown hostname your browser normally first checks the HOSTS file to see if the URL you have entered such as www.google.com or www.amazon.com has a corresponding IP address mapped to it before accessing the Domain Name System. "HOSTS files have long since given way to network-based naming systems such as DNS; however, they are still used with specific machines to override such naming systems for testing purposes and special situations".


Pyrenean – author of eDexter and DNSKong programs, has this to say on the DNS lookup sequence:


"On a standard configuration, the local IP cache gets checked, then hosts and then the DNS chain gets a chance to map the name to an IP."


For example the IP address of www.microsoft.com is 207.46.199.60 and the IP address of www.google.com is 66.102.7.147. Let's say we wished to point www.google.com to www.microsoft.com. We would add the following line to the HOSTS file.


207.46.199.30 www.google.com


Now whenever you click a link to www.google.com or enter it manually in the address bar of your browser it will take you to www.microsoft.com based on the IP address of Microsoft being mapped to the hostname of Google in your HOSTS file.


Where exactly is the HOSTS file?


The location of the HOSTS file differs with the operating system.



Windows 3.x, 95, 98, Me: C:WINDOWS


Windows 2000: C:\WINNT\SYSTEM32\DRIVERS\ETC


Windows XP, 2003: C:\WINDOWS\SYSTEM32\DRIVERS\ETC


Windows 7: C:\Windows\System32\drivers\etc



How can a HOSTS file protect me?


A custom made HOSTS file containing thousands of dubious URLs can be used to block all kinds of ads, Web bugs, cookies,etc., by stopping your computer from communicating with the ad servers. This way you may only block sites that serve unwanted content or any other site that you choose to block.


Note: Using a HOSTS file will not prevent ads that are served from the same Website you are viewing and also it will not work with URL's that begin with IP numbers.


How this is achieved?


By using the loopback IP address of your computer i.e,127.0.0.1 or 127.42.69.93. "A loopback is a communications channel with only one endpoint. Any message transmitted through such a d not come from the original URL/server and typically the ads comes from URL's other than the one initially addressed ie., from a third party server. Often from the servers of large ad agencies whose business is providing various kinds of ads for the Websites. By putting a list of such URL's into the HOSTS file many ads can be blocked.


For example, an entry might be:


127.0.0.1 www.must-not-be-seen.com


Any request by your browser for the above hostname just gets sent right back to your own computer. Instead of ad-images you may just get a red x with a little bit of text or "The page cannot be displayed" message where the ad would normally appear or if it is an out and out malware site your browser will just show the "The page cannot be displayed" message.


How to effectively prevent Malware by using a HOSTS file


Where to download?

The following sites offer regularly updated HOSTS file for download.

When selecting a HOSTS file for download, keep an eye on the size of the file as it has been reported that a very large HOSTS file causes noticeable slowdown in the machines running Windows 2000 and Windows XP. Some of the files in the above list are over 1MB. I personally prefer and use the HOSTS file from the first link on the list. You may want to experiment with various HOSTS files before deciding on one.


Download and Install


The following screenshots show the download and installation of the Hosts.zip file from http://www.mvps.org/winhelp2002/hosts.htm in a Windows XPSP2 machine using Internet Explorer and Winzip. The location where you will place the HOSTS file depends on the operating system that you use. Please refer above for the location appropriate to your operating system. Further you may only require an unzipping utility like Winzip if you use a Windows version other than XP, as it has its own in-built utility. In Windows XP you may only have to right click on Hosts.zip and copy and paste the HOSTS file on the right pane to the appropriate location.


Download the hosts.zip file from the URL mentioned above to your desktop. Double click the Hosts.zip file or open it with Winzip and then click Extract


How to effectively prevent Malware by using a HOSTS file


Now browse to the appropriate location. In Windows XP, browse to C:WINDOWSSYSTEM32DRIVERSETC folder and click Extract.


How to effectively prevent Malware by using a HOSTS file


Click Yes to confirm the replacement of the original HOSTS file that came with your Windows installation with the one you have downloaded.


How to effectively prevent Malware by using a HOSTS file


Now you are set to surf the Internet faster and ads-free. Check for updates every 15days of so have the latest protection.


Host Managers


There are many applications available for download for easily managing your HOSTS file, nearly all of them are free. I use and recommend a fine freeware application HostsMan. It can do everything you can conceivably do with a HOSTS file from simple editing to scanning for duplicates or possible hijacks, locking the HOSTS file, Flush DNS cache, lock your HOSTS file and it can even disable the DNS Client service.


Back toTen Steps to Malware Prevention



{ 0 comments… add one now }

Leave a Comment

{ 2 trackbacks }