Member Avatar for kAtHicKa

Howdy Y'all,

I actually understood almost all of Gorilla's Host File explanation here - but my brain collapsed when I got to this papragraph - just couldn't get my mind around this:

"Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already."

Yeah, so my big question... is using this Hosts file an important part of internet security? Should I do this - cuz it does sound a little over my head.

Input appreciated... thanks! ~KaThiKa

  • 2 Contributors
  • 8 Replies
  • 218 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by DMR
Member Avatar for DMR

An even deeper discussion/explanation of the function of the 127.0.0.1/localhost/loopback address (and the hosts file as a whole) would only make your head implode even faster, so I'll skip the painful details :mrgreen:

To answer your question, though:

I wouldn't say that the hosts file in an "important" part of network security as a whole, but it does have its uses in that regard for just the reasons given in Gorilla's article.

On a very basic level, you can think of associating ("mapping", to be more specific) a "bad" website's URL to the 127.0.0.1 address via the hosts file as a way of sending all traffic to/from that site into a "black hole". The details of how that works are unimportant from a user's perspective; all you really need to understand is that a malicious site that gets mapped to the localhost IP address can scream at you all it wants, but your computer just isn't going to listen to it.

Also: you don't even need to learn how to implement this feature of the hosts file yourself. There are free "anti-spyware" programs which will do this for you automatically, and there are many freely downloadable hosts files which already have entries for known malicious sites/domains enterd into them; you just replace your existing hosts file with one of those.

Links to more information on those programs and "spyware-protected" hosts files can be found here:

http://www.google.com/search?hl=en&lr=&q=adware+block+%22hosts+file%22&btnG=Search

Member Avatar for DMR

By the way- this is a security-related issue, so I'm moving it to our Viruses, Spyware, and other Nasties forum now. That's a more appropriate location for your question, and you'll get more input from our other security experts there.

Buckle up, we're going for a ride... :)

Member Avatar for kAtHicKa

ThanX DMR,

For both the response and for not boGgling my brain further! So, I have Spybot, AdAware, and SpywareGuard - do any of those do the same thing as replacing the Hosts file? Then my next question - do you personally use the Hosts file thing-A-ma-Bob or an anti-spyware progrAm... curious... ~KaTh

Member Avatar for kAtHicKa

WooHoo! :lol:

Didn't feel a thing - I was just typing along, minding mY own business, then WHOOOSH - next thing I knew, I was moved to this forum. Kewlio! Again! Again!!! (jk) :lol:

~KaTh

Member Avatar for DMR

WooHoo! :lol:

Didn't feel a thing

Yeah, well, hang in there- it takes a bit for the nausea to set in... [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/puke2.gif[/img] :mrgreen:

Seriously though, to answer your questions:

1. Ad Aware and SpywareGuard (and it's companion program SpywareBlaster) do thier job by different methods, but SpyBot actually is one of the programs that can add a list of known "nasties" to your hosts file, although it doesn't do it as part of its default installation. To have Spybot add its list of nasties to your hosts file, do the following:

- Open SpyBot and have it check for and install its most current updates.

- Under the Mode menu in SpyBot's main window, choose "Advanced Mode".

- Click on the "Tools" option that appears in left-hand side bar, and then click on "Hosts file". This will display the contents of your current hosts file in the lower right-hand pane, and will also display a button labelled "Add SpyBot-S&D Hosts File" at the top of that pane.

- Click on that button, and SpyBot will add its entries to your hosts file; the addtitions that it makes will appear in the lower right-hand pane after that. If you look through those additions, you'll see that SpyBot has added around one thousand "blocked" sites to your hosts file; all mapped to the 127.0.0.1 localhost IP address.

2. Do I use those sorts of additions in the hosts files on my computers? Absolutely- it's an added level of protection on top of the other utilities I use; unfortunately, there's no such thing as being too cafeful these days.

A few of those "other utilities", by the way, are:

Anti-virus: AVG (free version)
Microsoft AntiSpyware beta
Ad Aware SE personal
ewido Security Suite
Kerio Personal Firewall

Member Avatar for kAtHicKa

Hey DMR, one more thIng...

I know you're really buSy... Maybe you could help wiTh my other post? I haVen't gotten a resPonSe yet from anyone. So, if you get a chance... it involves a HJT LoG...

My Other Post

Thanks again ~ KaTh

Member Avatar for DMR

OMG - I LOVE him/her/it/whatever - perfect!!!

He's a freebie if you want him. Just right-click on him and choose "save image as.." But wait- there's more... :mrgreen:

(I'll try to have a look at your HJT log, but I'm not sure how much time I'll be online today...)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.