The MVPS hosts file ... some questions

[Guest]

From time to time people pass on in Announcments that the MVPS hosts file has
been updated. Each time I scratch my head and wonder what it's all about.

I've been to the website several times, and have failed to understand almost
everything I read there. I can't understand any of the explanations about
what a hosts file is or does. Despite this, I've managed to find my own hosts
file, which seems to have just a single entry - 127.0.0.1. Spywareblaster has
backed this up, apparently. I presume that's a Good Thing? Spybot S&D has
done something with it (or so it says) but I don't understand what.

My question is - bearing in mind my total inability to understand the first
thing about it, or what it does, am I taking a significant risk by ignoring
this MVPS thing that updates every so often? I'm inclined to think that by
messing about with it in ignorance I may do more harm than good. Am I right
to think that I'm better off leaving well alone?

 

[RobbL]

I'm with you Alan, I can't get a grip on those posts either -- am glad you
stood up and said what I suspect a lot of other folks are feeling as well!

 

[Guest]

I'm with ya's, I don't have a clue to what that means.

 

[Robinb]

I was wondering the same thing.
Anyone who is a MVP here wanna please explain?
thanks
robin

 

[Anonymous Bob]

I'm with you Alan, I can't get a grip on those posts either -- am glad you
stood up and said what I suspect a lot of other folks are feeling as well!

Once upon a time, long ago and far away, the hosts file served the function
of translating canonical names to ip addresses and defined all the external
connections a computer could make. With the advent of the world wide web the
hosts file wasn't adequate to the task and DNS (Dynamic Name Service) was
born. All was well for several years until adware complicated our lives. At
this point the hosts file was pressed back into service to block ad servers
by redirecting their canonical names to the local hosts address (either
127.0.0.1 or 0.0.0.0). The hosts file is always checked before a DNS
request. It is now used to block not only ad servers, but also malicious
sites.

Beyond this explanation and the explanation on the MVP web site, perhaps it
would be best if specific questions were presented.

Bob Vanderveen

 

[Guest]

Beyond this explanation and the explanation on the MVP web site, perhaps it
would be best if specific questions were presented.

Thanks Bob. Despite your noble effort to explain, the whole business remains
impenetrable to me I'm afraid - but I think I had already accepted that I was
unlikely to be able to understand it. However, my original question was a
pretty specific one. I'll offer it again:

Bearing in mind my inability to understand anything about the hosts file, or
what it does, or the role of the MVPS hosts updates, or what they are - am I
taking a significant risk by ignoring this MVPS hosts update business? Or am
I right
to think that in my state of ignorance, I'm better off leaving it well alone?

 

[Guest]

Alan,

No, you are not "am I taking a significant risk by ignoring this MVPS hosts
update business". It is just an other kind of proactive protection.

You are taking no more risk than not having 12 different Malware checkers.

If it helps you understand the HOSTS file think of it this way.
It's a local post office that has all the WRONG addresses!

"Hosts, where is www.evil.com?" Response "your local machine"
"Hosts, where is www.malware.com?" Response "your local machine"
"Hosts, where is www.virus.com?" Response "your local machine"
"Hosts, where is www.flash.com?" Response "your local machine"

If you try to go to any of the addresses above, and they are listed in the
hosts file, they are bounced back with no reply to 127.0.0.1 (the internal
address of your machine)

"There's no place like 127.0.0.1, There's no place like 127.0.0.1, There's
no place like 127.0.0.1", because home [127.0.0.1] is safe.

?
Tim
Geek w/o Portfolio

 

[Guest]

No, you are not "am I taking a significant risk by ignoring this MVPS hosts
update business". It is just an other kind of proactive protection.

Ah! A glimmer of understanding dawns.

If it helps you understand the HOSTS file think of it this way.
It's a local post office that has all the WRONG addresses!

That REALLY helps! The idea is to put into the hosts file all the addresses
you NEVER want to go to! That's the first time I've understood that, and I
begin to believe you may be a communicative genius, Tim.

If you try to go to any of the addresses above, and they are listed in the
hosts file, they are bounced back with no reply to 127.0.0.1 (the internal
address of your machine)

So 127.0.0.1 is ME!!! That's where my computer believes itself to be. This
is a signpost to home. Yes?

So the MVPS hosts file contains a list of evil addresses. And the idea is
that I replace my minimal host file (which at the moment just says 'home is
where the heart is') with the MVPS hosts file. This file will be checked
every time I want to connect to a website, and if I try to connect to a nasty
one in the list, it will tell me to stay at home instead.

So the reason the hosts file gets updated is because the evil websites don't
stay constant. New ones are created. Old ones disappear. Right?

So I see now that this is different to the protection that Spywareblaster
provides. Spywareblaster disables the ActiveX control abilities for a set of
bad websites. But this MVPS hosts file prevents you from ever going to them
in the first place. Yes?

Thanks Tim. That was extremely helpful - and I bet I'm not the only person
it's helped.

 

[Anonymous Bob]

You've got it! <g>

Bob Vanderveen

 

[Guest]

You've got it! <g>

Well, since I'm on a roll, maybe I can push another one.

Spywareblaster has a backup of my hosts file. Now I presume it does that
because it's possible for malware to do Bad Things to my host file, like -
replace 127.0.0.1 with an address of the Bad Man's choosing? Is that right?
So the point of the back up is that if I were suddenly to find myself
unexpectedly at an unknown website, it would mean my hosts file has been
compromised. I could then use Spywareblaster to restore my old one.

Is that right?

 

[Anonymous Bob]

Well, since I'm on a roll, maybe I can push another one.

Spywareblaster has a backup of my hosts file. Now I presume it does that
because it's possible for malware to do Bad Things to my host file, like -
replace 127.0.0.1 with an address of the Bad Man's choosing? Is that right?
So the point of the back up is that if I were suddenly to find myself
unexpectedly at an unknown website, it would mean my hosts file has been
compromised. I could then use Spywareblaster to restore my old one.

Is that right?

I think you have the basic idea correct. Another malicious thing that can be
done is to prevent your anti-adware and anti-virus programs from updating by
changing the update address to localhosts.

If you're running w2k or xp and decide to use the hosts file be sure to
disable the DNS Client as described at the MVP site because using both will
slow your surfing. The time saved due to not connecting to the ad servers
more than makes up for any time lost by not using the DNS Client's cache.
There's a batch file on that page to disable the service.

Let us know how it goes.

Bob Vanderveen

 

[mikeyhsd]

its a list of IP addresses/ sites that are ignored by your computer.
primarily used these days to block ads and other garbage from web sites.


(e-mail address removed)@sport.rr.com

From time to time people pass on in Announcments that the MVPS hosts file has
been updated. Each time I scratch my head and wonder what it's all about.

I've been to the website several times, and have failed to understand almost
everything I read there. I can't understand any of the explanations about
what a hosts file is or does. Despite this, I've managed to find my own hosts
file, which seems to have just a single entry - 127.0.0.1. Spywareblaster has
backed this up, apparently. I presume that's a Good Thing? Spybot S&D has
done something with it (or so it says) but I don't understand what.

My question is - bearing in mind my total inability to understand the first
thing about it, or what it does, am I taking a significant risk by ignoring
this MVPS thing that updates every so often? I'm inclined to think that by
messing about with it in ignorance I may do more harm than good. Am I right
to think that I'm better off leaving well alone?

 

[Bill Sanderson MVP]

I've not read the rest of the thread (yet) as is often my foolish habit, but
I'll chime in at the start anyway.

The file you have is the default hosts file found on any Windows system, and
it is just fine.
This file is an ancient mechanism for name resolution--it is checked first,
before other name resolution mechanisms. So--if you are malware, and you
want Symantec to not be able to update, you point www.symantec.com at
127.0.0.1--which is defined to be your machine--localhost--and that takes
care of that. (try that with www.microsoft.com, though!)

So--this file can be used either for entirely legitimate purposes--large
corporate networks may need to put entries in this for various reasons--for
"good" purposes--the MVP's hosts file has lines equating various known
spyware and malware sources to 127.0.0.1--you just won't go there--or the
banner ads just won't display--or bad purposes--viruses and spyware use the
hosts file to try to disarm anti-malware software.

My own preference is to leave the file empty, so that I can easily see
what's there, if there is any doubt. However, I don't mind seeing large
collections of entries on machines I work with--as long as I know what app
put them there. The problem with having this file full of entries is that
it will be hard to spot an entry placed by malware in the midst of all the
ones put there by the good guys.

The MVPS hosts file has another very useful purpose, though: It is an
excellent reference to domains and IP addresses that are known to be "bad."
It can be useful just as a text reference to check into when you have a URL
or an address some machine is going to that you don't know why. The folks
behind this file research it very carefully--and it is a useful resource
even if you don't use it for name resolution on a machine.


--

 

[Bill Sanderson MVP]

I wouldn't lose any sleep over it. If I had a machine used by kids or
others whose surfing habits might be suspect, I'd definitely consider
putting it in as part of an attempt to increase the level of safety.

--

 

[Bill Sanderson MVP]

Excellent. However, remember that the good guys and the bad guys can both
add entries.

--

 

[Guest]

If you're running w2k or xp and decide to use the hosts file be sure to
disable the DNS Client as described at the MVP site because using both will
slow your surfing. The time saved due to not connecting to the ad servers
more than makes up for any time lost by not using the DNS Client's cache.
There's a batch file on that page to disable the service.

Let us know how it goes.

Thanks for this Bob. I'm still not sure yet whether just to leave things
alone, but far more important than whether or not I choose to use the MVPS
hosts file is the fact that I now understand what it does, and I know how to
check it, and I know what kinds of bad things to look for in it. Education
really is power, you see! This thread has been incredibly useful, and the sum
total of all these explanations provides a far better, clearer account of the
hosts file that I've ever found elsewhere.

I wish there were some way of highlighting it. It'll help a lot of people -
if only they can find it.

 

[Guest]

I've not read the rest of the thread (yet) as is often my foolish habit, but
I'll chime in at the start anyway.

I'm glad you did, Bill - because you've given a different take on the issue.
This thread now has enough different approaches to the subject to enable
pretty well anyone to understand what seems to many people a pretty obscure
and impenetrable business. Thank you. And everyone else who contributed.