HOSTS files

  • Thread starter Thread starter Carol
  • Start date Start date
C

Carol

Is it true that HOSTS files are only useable with Static

IP Addresses and not Dynamic IP Adddresses?

Thank you for any information you might pass on to me.
 
Carol said:
Is it true that HOSTS files are only useable with Static

IP Addresses and not Dynamic IP Adddresses?

Thank you for any information you might pass on to me.
Click to expand...

No, you can make an entry in the host file such as the following:

64.233.161.104 yahoo.com

With this entry every time you type in yahoo.com it would take you to
the listed IP address, which in this case is google.com

I also use entries like these to access my dls modem and my router.

192.168.1.xxx modem
192.168.2.xxx router

then when I type in modem it take me to my modem config options and
router takes me to of course my router setup.


--
Danny Kile
Certified FCC, ISCET, A+ , Network+

Please reply to the Newsgroup ONLY
Your cooperation is appreciated.
 
The purpose of a hosts file is to resolve a DNS name to an actual IP
address.

In the normal sense of that functionality, this only works if the site in
question has a static IP address.

However, the hosts file is used at present for some other purposes, notably
blocking access to DNS names on a list of "bad" sites. For this purpose,.
the actual IP of the target site may be irrelevant.

In any case, whether or not the USER of the hosts file is on a static IP
address is probably irrelevant.
 
Doesn't matter unless you are trying to put something in
the hosts file which runs off DHCP then its IP address can
change at the next reboot (of the remote system). That
might be what you are thinking of.

The hosts file is used by Spyware Blaster to deny the use
of your system to most known spyware. They do this by
telling the system that the IP address for the spyware's
URL is 127.0.0.1 which is the local loopback address.
This keeps the spyware from calling home. You can get it
free at:

http://www.javacoolsoftware.com/spywareblaster.html

The hosts file is also used by some malware to hijack your
system. They might put an entry in for google which leads
to their own fake version of Google so they can redirect
your search (or a fake version of your bank's website so
they can steal your passwords).

Do you know what's in your hosts file?

Ron
 
Do you know what's in your hosts file?
Click to expand...
So--how do you feel about the use of the hosts file to "innoculate" against
malware sites?

My own preference, based on the phrase above, is to keep the file as empty
as possible.
 
I take that back about Spyware Blaster adding stuff to the
Hosts file. Must have been another program. Just
downloaded the newest version and it didn't touch the
hosts file. It did fill up the Restricted Files list
(Tools, Internet Options, Security, Restricted, Sites).

As for your question, Bill, as long as they are all linked
to 127.0.0.1 it doesn't take too long to check that
nothing unexpected has been added. If you run the dummy
proxy that eats all html requests to 127.0.0.1 then it
actually speeds up your surfing.

Ron
 
Ron said:
I take that back about Spyware Blaster adding stuff to the
Hosts file. Must have been another program. Just
downloaded the newest version and it didn't touch the
hosts file. It did fill up the Restricted Files list
(Tools, Internet Options, Security, Restricted, Sites).

As for your question, Bill, as long as they are all linked
to 127.0.0.1 it doesn't take too long to check that
nothing unexpected has been added. If you run the dummy
proxy that eats all html requests to 127.0.0.1 then it
actually speeds up your surfing.

Ron
Click to expand...

I believe that it is Spybot S&D that creates all of those entries in
your host file. I personally like a clean host file, with all of those
entries it is hard to find the ones that do not belong there.

--
Danny Kile
Certified FCC, ISCET, A+ , Network+

Please reply to the Newsgroup ONLY
Your cooperation is appreciated.
 
Danny said:
I believe that it is Spybot S&D that creates all of those entries in
your host file. I personally like a clean host file, with all of those
entries it is hard to find the ones that do not belong there.
Click to expand...

No Spybot does not create this, only protection.

To solve this a user must decide what antispyware program
should be main program.

I also think its better to let MSAS protect this file and
only have 127.0.0.1 Localhost within it.
 
Thank you all for you information. I use MSAS is my
protector of my HOSTS files. Do have one other listing
other than "localhost" and that is "eDexter". Is this
ok??
Thank you again for all that i've learned regarding HOSTS
files and numerous other subjects.
 
Carol said:
Thank you all for you information. I use MSAS is my
protector of my HOSTS files. Do have one other listing
other than "localhost" and that is "eDexter". Is this
ok??
Thank you again for all that i've learned regarding HOSTS
files and numerous other subjects.
Click to expand...

Hi

Remove eDexter !
And choose "Save as" - hosts.file not txt ! looks like this:


# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for
Windows.
#
# This file contains the mappings of IP addresses to host
names. Each
# entry should be kept on an individual line. The IP address
should
# be placed in the first column followed by the
corresponding host name.
# The IP address and the host name should be separated by at
least one
# space.
#
# Additionally, comments (such as these) may be inserted on
individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
 
Hi Carol - Let me add a little to this.

First, you should understand that the original purpose of the HOSTS file
(BTW, it should always be named this way - all caps, no extension) was to
provide a local (therefore fast) translation from URLs to IP addresses for
frequently visited sites (typically your Favorites). It can still be used
this way (I do so, for example - there are utilities available such as CIP,
http://dl.winsite.com/bin/downl?500000007704 which will convert your
Favorites to IP's which you can then saveas and then copy into your HOSTS
file), but has also come to be used to block ad/malware servers. See here
for some good info about this use:
http://www.mvps.org/winhelp2002/hosts.htm This site also has downloads for
some utility programs which you will find useful if you decide to use a
HOSTS file such as RenHosts.bat,
http://www.mvps.org/winhelp2002/RenHosts.bat, and lockhosts.bat and
unlockhosts.bat, http://www.mvps.org/winhelp2002/lockhost.bat, and
http://www.mvps.org/winhelp2002/unlockhost.bat. The lock and unlock files
can be used to protect the HOSTS file in between UPDATES so that it doesn't
get hijacked by malware, while the rename hosts program will allow you to
easily enable or disable the HOSTS file (while keeping the correct naming
convention). As to size/performance - with any relatively modern computer
the delay added by the HOSTS lookup overhead should be negligable for even
moderately large HOSTS files (typically 250KB to 500KB) used for ad/malware
blocking. If you use it also for DNS-to-IP caching as I refered to above,
the time saved over going out to the net for DNS lookups will offset this
many times. If fact you may notice some speedup in "normal" address
browsing.

To address your specific original question - whether YOUR IP is static or
dynamic is immaterial. However, if you're using the HOSTS for URL-to-IP
address translations, then, of course whether the TARGET IP is static or
dynamic would matter unless the HOSTS file were updated for each change of a
dynamic IP. For blocking purposes, it doesn't matter, since the translation
is always to "127.0.0.1" or "localhost".

Various spyware/malware programs "attack" the HOSTS file by sustituting the
IP addresses they want you to use inplace of the correct or blocking
addresses. Consequently, a number of anti-malware programs provide means of
varying effectiveness to protect the HOSTS file from change. The best
approach I'm aware of for this is that taken by ZoneAlarm (if you happen to
use that firewall). (Contrary to something said earlier, SpywareBlaster and
the Immunize function of Spybot S&D do NOT work on the HOSTS file - they
accomplish their protection by setting "kill" bits for known bad ActiveX
components in the Registry.) As with all anti-malware programs, your HOSTS
file should be keep UPDATED.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Jim said:
convention). As to size/performance - with any relatively modern computer
the delay added by the HOSTS lookup overhead should be negligable for even
moderately large HOSTS files (typically 250KB to 500KB) used for ad/malware
blocking. If you use it also for DNS-to-IP caching as I refered to above,
the time saved over going out to the net for DNS lookups will offset this
many times. If fact you may notice some speedup in "normal" address
browsing.
Click to expand...

Well, do we trust MSAS or not, MSAS blocks hosts intruders !

For a normal user it must be better to just have one single line
within hosts file.

This user can also easy check this with MSAS - Advanced
tools- System Explorers
Windows hosts file.

This is easy and why make this to mess with other methods ????
Really stupid I think.
 
Hi plun - Well, there's maybe a little misunderstanding here. While MSAS
monitors your HOSTS file and detects attempts to change it (as you said) it
doesn't have anything to do with the legitmate HOSTS file usages of
URL-to-IP lookup and/or malware/adware site blocking. Thus it may prevent
malware from "taking over" your HOSTS, it doesn't do what the HOSTS does for
these purposes. Consequently, if you want to avail yourself of these
capabilities, then it isn't necessarily better to just "have one line".
It's a "get what you pay for" world. :)

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Jim said:
Hi plun - Well, there's maybe a little misunderstanding here. While MSAS
monitors your HOSTS file and detects attempts to change it (as you said) it
doesn't have anything to do with the legitmate HOSTS file usages of
URL-to-IP lookup and/or malware/adware site blocking. Thus it may prevent
malware from "taking over" your HOSTS, it doesn't do what the HOSTS does for
these purposes. Consequently, if you want to avail yourself of these
capabilities, then it isn't necessarily better to just "have one line".
It's a "get what you pay for" world. :)
Click to expand...

Hi Jim

Well, I think a "one line" default MS solution is better in
long term for normal users.

If this changes I think its better that MS changes the hosts
file or MSAS protection.

Some Bagle variants really writes a lot within hosts files
and it must be better
to just have one line.

IMHO (only talking about normal users)
 
Back
Top