There are many bad places on the World Wide Web. And by bad I don’t mean poorly designed Web sites containing pages filled with useless information (my personal Web site would qualify here). I am referring to Web sites that are specifically designed to do bad things to your computer. These so-called malicious Web hosts have but one purpose: to infect your computer with Adware, Spyware and even Malware when you visit their Web pages. There is a lot of money to be made in stealing your private information, tracking what you do on the Internet, and gaining control of your computer. Malicious Web sites are a significant tool used to accomplish these nefarious goals.

I know what you are thinking: “There are a lot of free Spyware and Malware scanners out there. I’ll just use one of those!” Yes, there are many free and low-cost anti-Spyware and anti-Malware programs. However, most virus and Spyware scanners work by identifying malicious software after it has infected your computer (and if you attempt to remove the Malware you can never be sure that it is truly gone). In other words, scanners are reactive to the presence of malicious software on your computer. What you really need is protection that is proactive and prevents the Malware from infecting your computer in the first place. And wouldn’t it be nice if this protection were simple to install, transparent to operate, and be free of charge as well? Have you ever heard of the hosts file?

Buried deep within the file system of your Windows, Macintosh, or Linux computer is the hosts file. This file is actually part of the TCP/IP network stack installed in the operating system. It is a text file used to map IP network address (also called host addresses) to a symbolic name (called a domain name) representing a computer on the network referred to as a network host. For example, the hosts file might have an entry for the IP address 209.62.5.3 that is associated with the domain name techexams.net. The domain name is easier to remember and type in than the numeric address, and using names rather than number make the Internet–or any IP network–just a little bit easier for us humans to use.

You might have recognized that a common Internet service, the Domain Name Service (DNS), provides the same functionality of the hosts file. DNS too translates domain names to IP addresses (and visa versa), but DNS has existed only as far back as 1983; before that, the hosts file was a computer’s only repository for the names and addresses of all hosts on an IP network. In fact, it was the growth of the Internet into a network of many hundreds of thousands of hosts that made using hosts files for network communications impractical, inspiring the invention of DNS. However, despite the success of DNS for name resolution, the hosts file feature was never removed from the TCP/IP stack and is still very useful today.

Making Internet Access Just a Little Bit Faster

When you enter a domain name in a network-aware program, such as a Web browser or FTP client, that name must be first be converted (or resolved) to an IP address before it can be used to connect with a network host. You might think that a DNS query message is always sent to resolve every domain name. However, the TCP/IP stack actually looks for the domain name first in the hosts file.

It is much faster to resolve a domain name locally from the hosts file than it is to send a DNS request to a server over the network–even if the hosts file contains many thousands of domain names and addresses. Therefore, a typical “hack” to improve network performance is to place commonly used domain names and their associated IP address in the hosts file, thus removing the need to create DNS network traffic.

You cannot eliminate the need for DNS; it is not possible to use a hosts file to resolve the domain name of every network host you may want to visit. You should therefore consider an additional way to gain network performance by using very fast Internet-based DNS servers rather than the DNS servers supplied by your Internet Service Provider.

OpenDNS is an excellent and free DNS service for any computer on the Internet. To use OpenDNS, configure your Internet router’s primary DNS setting to 208.67.222.222 and its secondary (or alternate) DNS setting to 208.67.220.220. If your router has a third DNS setting, assign it the address of your ISP’s primary DNS server. If the OpenDNS servers are faster than your ISP’s DNS servers are, you will see a noticeable speed improvement when Web browsing.

Using a hosts file can also speed up network access for programs (especially Web browsers) by preventing network connections. A Web page may have dozens of scripted elements, each of which are downloaded from a Web server, and usually over separate network connections. A typical commercial Web site will have many scripts for detecting who you are, what you are looking at, and presenting content for rendering by your Web browser.

If specific scripts running on the page in your Web browser can be prevented from communicating with the servers, your Web browser would load the page much more quickly. Well, faster loading Web pages at the sacrifice of viewing a few pop-up windows and advertisement is something else you can expect when you use a hosts file.

Protecting Your Privacy using the Windows Hosts File

The hosts file helps a network program find a host on a network, but it can hide a host from network programs as well. For example, if you wanted to block access to a specific network host, you can place the host’s domain name in your hosts file with the IP address of 127.0.0.1. Each time a network program referenced the name of the host, the program is redirected back to the local computer. The network connection request will then result in an “unable to connected” error, thus preventing the computer from connecting to the host.

The hosts file can effectively block any program that attempts to connect to a network hosts using the host’s domain name. The computer is protected by blocking its access to malicious network hosts. Here are a few examples of how a host file protects your computer and your privacy on the Internet:

• Blocking Web sites that contain objectionable content
• Blocking certain pop-up advertising programs and traps
• Preventing the user from visiting known phishing Web sites
• Preventing some Web browser-based exploits which redirect the browser to malicious Web sites
• Preventing the user from visiting Web sites that are known to provide or install Spyware, Adware, or other malicious programs
• Preventing Spyware and Adware already installed on the computer from “phoning home” and reporting the user’s private information
• Preventing Web bugs embedded in spam email from “phoning home” to log when and where the user read the email

Using a hosts file in place of DNS also help to insure privacy. Each DNS query must travel across a network where it could possibly be “sniffed” and logged by other programs. The administrator of the DNS server has the ability to log all DNS requests from specific IP addresses (such as your Internet router), but network routers and other hosts on the network will also be able to log your DNS traffic as well.

The DNS information in your address resolution queries can be used to determine what network hosts you may be connecting to, such as Web sites you are visiting, file servers you are downloading from, and peer-to-peer file sharing networks that you are using. By placing the hosts you frequently visits–or the hosts you may not want others to know that you visit–in your hosts file, you prevent DNS queries for these hosts from being sent on to the public network and possibly being logged.

Using and Maintaining Your Computer’s Hosts File

There are many well-maintained hosts files published on the Internet for the specific purpose of blocking access to Adware, Spyware, and Malware network hosts. The Wikipedia Entry for the Hosts File lists several hosts file you can try, but I recommend that you look at the sites listed below first:

MVPS Spyware Blocking Hosts File

Andrew Short’s Hosts file project

Dan Pollock’s Spyware Blocking Hosts File (127.0.0.1)

Dan Pollock’s Spyware Blocking Hosts File (0.0.0.0)

To use a hosts file, you simply download it to a specific location on your computer. On UNIX and Linux systems, the hosts file is found in the /etc/hosts directory. On Windows 9x/Me computers, the hosts file is in the %WinDir% folder (typically C:\WINDOWS) . On Windows NT, 2000, XP, and Vista, the hosts file is found in the %SystemRoot%\System32\drivers\etc folder (typically C:\Windows\System32\drivers\etc). And on Macintosh OS X systems, the hosts file is located in /private/etc directory. The hosts file is always named “hosts” with no extension. On Windows systems, the default hosts file is installed by manually renaming the file hosts.sam to hosts. It may be necessary to reboot your computer or restart its network services to recognize the updated hosts file.

There are actually two flavors of hosts file that differ where they redirect undesirable network connections. Most hosts files use the localhost address 127.0.0.1 for redirection, and on most computers this address works perfectly fine. However, if you are running a Web server on your computer, you may discover that each time your Web browser hits one of the protected domains in your hosts file, your local Web server’s home page might appear in your Web browser where you would expect to see an advertisement. This is because your Web server’s home page is mapped to the localhost address 127.0.0.1.

Rather than changing your Web server’s configuration, and possibly breaking some of your software in the process, this situation is easily corrected by using a zero hosts files, in which the null IP address of 0.0.0.0 is used instead of the 127.0.0.1 localhost address. Any network connections to 0.0.0.0 are swallowed by the TCP/IP stack and ignored, much the same way /dev/null swallows data streams in the UNIX and Linux file systems. Not all 127.0.0.1 hosts files have a 0.0.0.0 equivalent, so if you need a zero hosts file for your computer, you may need to perform the string search and replace operation yourself each time you update your hosts file.

Limitations of the Hosts File

The hosts file is powerful, but it also has some limitations. Here are some common problems that you may encounter when using a hosts file:

• The hosts file cannot block network connection requests that do not use a domain name.
• The hosts file must be periodically updated to guard against newly discovered threats.
• No host file will include domain names for all known malicious network hosts.
• Errors in the hosts file may accidentally block safe sites.

Using a hosts file as a safeguard from malicious network hosts is by no means a complete or fool-proof form of protection. For example, when a program creates a network connection using an IP address rather than a domain name, the hosts file can do nothing to block the connection, as the host file (or DNS for that matter) is not used to resolve the IP address (type http://64.233.187.99 into your Web browser if you don’t know what I mean).

The hosts file must be periodically updated on every computer for it to be effective as possible. While Spyware and Malware scanners have the convenience of a built-in auto-update feature to download definition files, the TCP/IP stack has no mechanism for automatically updating the hosts file, leaving the administrator to manually update the hosts file or find a 3rd-party program that provide a hosts file updating service.

The hosts file must also be periodically updated by its publisher with the domain names and IP addresses of newly discovered malicious hosts. A host file is that is not frequently maintained is not as effective at protecting you computer against new network threats. You are therefore relying on the due diligence of other people to identify malicious network hosts and add them to their hosts file for you to use.

There is no single best security device to protect your computer from threats on the Internet. Using a well-maintained anti-Spyware, anti-Malware hosts file is an excellent complement to virus and Spyware scanners, hardware and software firewalls, and intrusion protection programs to keep your computer safe on the Internet.

References

Blocking Unwanted Parasites with a Hosts File

Wikipedia Entry for Hosts File

hpHosts Online Database

Steve Gibson’s Security Now! Podcast: The ‘Hosts’ File

This entry was posted on Monday, May 28th, 2007 at 5:06 pm and is filed under JDMurray. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.