Spyware Warrior

[Moore]

###################################################################


<< SWW HOSTS File Protection Guide >>


###################################################################


Why should I use a HOSTS file ?

Customising your HOSTS file is one of the best free alternatives to blocking ads and spyware sites.

A regularly updated HOSTS file can help to prevent spyware / malware from making connections to and from your computer
and also prevent your browser from accessing sites which serve advertising or collect marketing data on you.

By making good use of the HOSTS file , which is already part of the windows operating system ,
you can greatly improve your safety on the internet, save your bandwidth and reduce the chances of being hijacked.

You can also feel more comfortable in knowing that you have increased your protection against rampant spyware & adware,
while also reducing the amount of personal information that is being gathered about you from websites.

It's important to keep your HOSTS file updated like most other security tools,
many of the HOSTS files listed on this page are updated regularly to keep up with the newer malicious sites discovered.

You can add your own sites as you wish, or download a pre made Hosts file maintained by various sites for free.

How it works

Basically, when connecting to any website, your computer sends out a DNS request to retrieve the IP address of that sites domain name.

The HOSTS file is checked first, before the DNS request is sent out from your system.

The HOSTS file allows you to null route any domain of your choice by substituting your own local host IP address "127.0.0.1" with the real IP address.

Essentially this prevents your system from allowing the DNS request to be resolved to it's real IP address, and so the site is unable to load in your browser or other network enabled application.

This is a very effective and totally free way of preventing/blocking hijackers, popups, advertisements and any other annoyances you may encounter during your internet travels.

=======================================

How do I install this HOSTS file?

Simply download the file and put it in the following location depending on your Operating System:

Windows XP C:>WINDOWS>SYSTEM32>DRIVERS>ETC
Windows 2K C:>WINNT>SYSTEM32>DRIVERS>ETC
Windows 98/ME C:>WINDOWS

The Hosts file must have no file extension to work properly , this means it should not end with a .txt .doc. etc , it should just be labelled HOSTS.

Please read this great post by Blackspear at Wilders Security Forums ,
for an extremely well detailed guide to installing a Hosts file [ with pictures ]

<> http://www.wilderssecurity.com/showthread.php?t=78363 <>


Bluetack HOSTS File information and download -
http://bluetack.co.uk/hosts.html
http://www.bluetack.co.uk/forums/index.php?showforum=125

:: Bluetacks Hosts File ::
http://www.bluetack.co.uk/forums/index.php?showtopic=8406


=======================================

Just in case you're wondering : You cannot block IP addresses in a HOST file , only the hostname.

Example:
YES: fedora.nictechnetworks.com
NO: 69.20.16.183


Entries in the Hosts file must begin with localhost address 127.0.0.1 [ or another null address to resolve the unwanted hostnames to ]

127.0.0.1 fedora.nictechnetworks.com

While you cannot use IP addresses to block connections with a Hosts file you can use an IP address in a Hosts file to "override" the DNS resolution of a hostname.

Hijackers can also make use of this however, often hijacking the Hosts file to allow redirection of search engines, or well known security sites to the IP address of the hijackers site instead. Usually to keep their victims from seeking any help.

One example is this rootkit hijack which wipes out the hosts file and blocks the majority of most well known anti-virus sites , it also patches a few system files to bypass the firewall:
http://www.bluetack.co.uk/forums/index.php?showtopic=15097

In the case of competing spyware companies , they hijack the HOSTS file to prevent connections to other spyware / hijack sites to make sure they are the only ones who get the advertising revenue. It's all about the money.

Hijack redirection example:

69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
66.79.171.75 www.google.com
66.79.171.75 www.yahoo.com
66.79.171.75 www.altavista.com

Hijack security site prevention example:

These entries below for example , will prevent a computer from accessing any of the security sites for help..

127.0.0.1 www.kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 viruslist.com

CWS trojans and various other hijackers can easily change the read only settings of a Hosts file to allow them to overwrite the Hostfile entries with their own data.

So it's important to keep a backup of your HOSTS file.

Another good example is the SpySherrif / SpywareNo Hijacker in this thread at Bluetack forums :

http://www.bluetack.co.uk/forums/index.php?showtopic=9994

It not only took out [ wiped out ] my locked Hosts file , but the trojans that accompany the hijack easily disabled the windows taskmanager and many of my security programs as well..

You cannot be too protected , the more layers of security you have set up the better.

Even if you only safe known sites, there have been cases where Ad servers have been hacked and used to install malware on unsuspecting users through their ad network... and servers hosting the website you visit may even get hacked and end up hijacking it's visitors, totally unknown to the server operators.

These are very rare cases , but anything is possible.

A well maintained/updated Hosts file will stop most if not all of the known threats that you are capable of blocking by hostname from getting into your system , the unknown threats will need to be handled by your next layer of protection.

B.I.S.S. Hosts manager , SpywareBlaster and Toadbee's Hoster [ and probably other programs ] make backing up your Hosts file very easy.. Try to get into the habit of making a backup after you add your own entries just in case it gets wiped out.

=======================================

Warning!: Extremely large Hosts files may slow down browsing in windows 2000 / XP ,
it is advised to switch the DNS Client service in services.msc to manual or disabled.

Go to start-> run-> [ type in] Services.msc

Scroll down to DNS Client and select the option to set it to disable/manual

##############################
Recommended HOST file downloads:
##############################


Bluetack Hosts File
http://www.bluetack.co.uk/forums/index.php?showtopic=8406

HP-Hosts
http://hosts-file.net/

http://someonewhocares.org/hosts/

Great HOSTS file information site -
http://www.accs-net.com/hosts/index.html

HOSTS File / ADSERVERS Lists -
http://pgl.yoyo.org/adservers/

hostsfile.mine.nu
http://hostsfile.mine.nu/downloads/

=======================================

Excellent HOSTS File Guides / Information :

http://www.spywarewarrior.com/viewtopic.php?t=410
http://www.bleepingcomputer.com/forums/index.php?showtutorial=51
http://www.accs-net.com/hosts/index.html
The hosts File - DerkerTechnology.net

http://www.spywarewarrior.com/uiuc/soft8a.htm#HOSTS

===============================================
- Recommended HOSTS file management tools -
===============================================

The best FREE Hosts File Managers:

-------------------------------------------------------------------------------------

- B.I.S.S. Hosts Manager - By Bluetack Admin Kimberly -

:: Latest updates of Hosts Manager / Hosts Switch ::
http://www.spywarewarrior.com/viewtopic.php?t=22331


:: FREE Download ::
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=5

:: Details ::
http://www.bluetack.co.uk/forums/index.php?showtopic=9240



---------------------------------------------------------------------------

:: B.I.S.S. HOSTS Switch ::

Full details/history please read :
http://www.bluetack.co.uk/forums/index.php?showtopic=13516

Instead of having the B.I.S.S. Hosts Manager open to disable / enable your hosts file, you can now use the B.I.S.S. Hosts Switch



New Hosts Switch [1.2.2.0-1.3.1.0] features include :

• The popup menu has a new entry called "Add Hosts Entry"
  
• New Tray Icons
  
• Included a help file. You will need Acrobat Reader. F1 brings up the help file.
  

Add Hosts Entry



An input box will show up on your screen to add the new website. Just enter the website, don't type the IP prefix (127.0.0.1 or 0.0.0.0), it will be added automatically.



Tray Icons

The Tray Icon will now show the state of the Hosts file : disabled or enabled
A left click on the Tray Icon will restore the program on the screen. A right click on the Tray Icon brings up a menu.






If you are using Internet Explorer, you can add a toolbutton to the default Toolbar to launch the program very quickly. You can set it to load at Windows boot - Normal or in the Tray ...

B.I.S.S. Hosts Manager 2.0 is recommended to access the full features of the add-on. If you already have B.I.S.S. Hosts Manager 2.0 installed, you don't need to download this Add-On separately, it's included from the 1.7 version upwards.

Select Custom Setup if you want to change the default install folder. If B.I.S.S. Hosts Manager is installed, it's recommended that you install this Add-On in the same folder.



Want easy access while browsing ? Add a button to your IE ToolBar .... it will open up the program when you click on it.
This feature only works with Internet Explorer.



When you check the option in the program, start a new Internet Explorer instance afterwards. If the button does not show up on the toolbar, you might need to go to View | Toolbars | Customize and move the Hosts Switch button from "Available toolbar buttons" to "Current toolbar buttons".

---------------------------------------------------------------------------------

- HostsXpert v3.8 by Toadbee [ Formerly known as Hoster ]

[3162]

I made this a Sticky, for now
_________________
Proud member of the Chest Zipper Club!