If successful at infiltrating your system, viruses and other malicious code will use a common procedure in which they write entries into a special file called the Hosts file. By putting these special entry lists into the Hosts file, attackers attempt to accomplish one of following two things:
1) Viruses will put entries into your Hosts file to stop you from having any contact with any antivirus protection’s domain (i.e. Symantec.com).
2) Malware users will use this to signal to the mother ship that you’re online and to begin an advertisement bombardment.
Before I go any further with this week’s security article, let me give you a brief summary of the Hosts file and what its job actually is in your system. Usually when you open up a Web browser and attempt to connect with a Web site, you’re using DNS (Domain Name System) to resolve the domain name to the IP address (set of numbers that identifies you online). There are a couple more factors at play here, but that should be enough to get the general concept going.
The Host file is a file that is like an internal DNS cache allowing your system to connect directly to the Web site without having to “resolve the name.” Let me clarify. Again, let’s say you open up a browser such as Internet Explorer and type in worldstart.com and hit enter. Normally your system would use DNS and attempt to resolve the name by contacting other servers online until it found the right IP address to connect to. However, the system always looks through the Hosts file first for the name to see if it already has an IP address associated with it. If there is an entry for WorldStart in your Hosts file, you can immediately connect directly to WorldStart without relying on DNS to resolve the name.
Usually the Hosts file never gets used because there’s only one entry in there, by default, and that’s basically for testing purposes. There are however, a couple of really cool tricks you can do by putting your own entries into the Hosts file to, not only speed your surfing up, but to also stop ads/banners, hijackers and other online parasites.
Adding Hosts Entries to Quicken Connection Speed to Your Favorite Web sites:
Putting entries in the Hosts file is simple. Let’s do one right now.
1) First we need to find the Hosts file and open it up in Notepad. Look for the proper location of the Hosts file for your particular Windows Operating System:
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
(You may need administrator access for Windows NT/2000/XP)
2) Once you find your Hosts file and open it in Notepad, you should see an example of a host entry using Rhino.acme.com and one entry in the list.
3) Before making any changes to your Hosts file, you want to save a copy of the file somewhere safe in case you want to reinstall it. Go to File>Save As (save as file type All Files not .TxT. It will not read the file correctly if you save it as a .TXT document).
4) After you save a copy of the Hosts file somewhere safe, go back to the original Hosts file and let’s put in an entry. The syntax is very simple and consists of two entries separated by a space. First put the IP address of the destination you want, followed by at least one space and then the host name you want to associate with the IP address. For example:
You can usually find the IP address of a particular Web site by doing a Nslookup from a command prompt.
That’s it. You just created your first Hosts file entry. Now, open up a browser and attempt to connect to worldstart.com. If it worked, then pat yourself on the back, you just added an entry to the Hosts file.
Using Your Hosts File for Defense and Security:
In addition to using your Hosts files to setup better connections to popular sites, you can also set your Hosts file to associate the industry’s most well known troublemaking host names with internal addresses. Doing this stops third party Internet parasites and banner ads from accessing the Web. You can do this by associating these host names with an internal address such as 127.0.0.1. Associating the name with this address causes the service to never leave the local system, but rather loop back to the system, thus never contacting the mother ship.
This is great Chad, but what am I supposed to do? Go out and create an entire list of malicious sites on the Web and manually enter them in the Hosts files? Yes, but don’t worry, Chad’s got you covered with an easier solution. There are some really great sites on the Web that create these huge Hosts lists of known online pests and puts them in a batch file. The list is huge. It looks like Santa’s bad list or something. But all the entries come together in a batch file, so all you have to do is double-click on it and it will create all the entries for you. This list has the majority of shady, spying sites on the Web listed in their downloadable Hosts files. The list updates regularly, so if another nasty site becomes known, it will be put on the list and they will notify you of any changes via e-mail once you have signed up for the service.
Well that’s pretty much it, but here are a couple of notes you might want to keep in mind:
1) Sometimes if the Hosts files gets too big, 135kb in Windows 2000, XP, the connection can get slow (Windows 98 and Me are unaffected).
· Start, Run, type in “services.msc” (no quotes).
· Scroll down to “DNS Client,” right-click and select Properties.
· Click the drop-down arrow for “Startup type.“
· Select Manual, click Apply/OK and restart.
2) If you are starting to have problems when you attempt to connect to a site online, you may want to go through the Hosts file and do a search for site (cntrl+F) to see if it is in the list. Then it’s up to you to continue to block the address or assign the correct one.
3) If your Internet connection implements a Proxy server, you may want to use the method listed below to work around it.
· In IE, go to Internet Options, Connections tab and choose your connection.
Make sure the box called “bypass proxy for local address” is checked.
Example: click the LAN Settings button, select Proxy Server.
“Bypass proxy server for local addresses,” click the advanced button.
Add 127.0.0.1, click OK, OK.
That should do it. You now have everything you need to edit your Hosts file and hopefully you should see some improvements in your online experience with better security. Hope it helps. Until next week, stay safe out there.
Install here: http://www.mvps.org/winhelp2002/hosts.zip
Here is a great site for Hosts files: http://www.mvps.org/winhelp2002/hosts.htm