J
Jim Byrd
Hi Jim - Well, I'll take a crack at it. That is the correct path for Win2k,
and the file you see there is a sample to show you how a HOSTS file should
be set up. Here are the paths for other OSs:
Windows XP=C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K=C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME=C:\WINDOWS
First, you should understand that the original purpose of the HOSTS file
(BTW, it should always be named this way - all caps, no extension) was to
provide a local (therefore fast) translation from URLs to IP addresses for
frequently visited sites (typically your Favorites). It can still be used
this way (I do so, for example - there are utilities available such as CIP,
http://dl.winsite.com/bin/downl?500000007704 which will convert your
Favorites to IP's which you can then saveas and then copy into your HOSTS
file), but has also come to be used to block ad/malware servers. See here
for some good info about this use:
http://www.mvps.org/winhelp2002/hosts.htm This site also has downloads for
some utility programs which you will find useful if you decide to use a
HOSTS file such as RenHosts.bat,
http://www.mvps.org/winhelp2002/RenHosts.bat, and lockhosts.bat and
unlockhosts.bat, http://www.mvps.org/winhelp2002/lockhost.bat, and
http://www.mvps.org/winhelp2002/unlockhost.bat. The lock and unlock files
can be used to protect the HOSTS file in between UPDATES so that it doesn't
get hijacked in the manner you mentioned, while the rename hosts program
will allow you to easily enable or disable the HOSTS file (which keeping the
correct naming convention). As to size/performance - with any relatively
modern computer the delay added by the HOSTS lookup overhead should be
negligable for even moderately large HOSTS files used for ad/malware
blocking. If you use it also for DNS caching as I refered to above, the
time saved over going out to the net for DNS lookups will offset this many
times. If fact you'll notice a considerable speedup in "normal" address
browsing.
I thought it might be useful to add a word or two about security in general.
See if any of this helps
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In
suggest the following:
The minimum necessary to start with are a good hardware or software firewall
and an AV.
For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
UPDATE and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.
Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After UPDATING and fixing things with SpyBot S&D, be
sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
clean "no red" scan. The reason is that SpyBot sometimes has to remove
things which are currently "in use" before it can then clean up others.
Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
Next, courtesy of Mike Burgess:
"--Recommended Minimum Security Settings--
Close all instances of IE and OE
Control Panel | Internet Options
Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab
Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply\Ok
Prevent your "HomePage" setting from being Hijacked
http://www.mvps.org/winhelp2002/ietips.htm
_____________________________
Mike Burgess
Information isn't free if you can't find it!
http://www.mvps.org/winhelp2002/"
Note the Publisher setting - this vector is often overlooked.
Then, from me:
You might want to consider installing the SpywareBlaster and SpywareGuard
here to help prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running (887 parasites
as of this date) if it is already installed, and it provides information and
fixit-links for a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts
to install malware) Keep it UPDATED. Both Very Highly Recommended.
Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension)
Lastly, with regards to cookies: Courtesy of Mel's Spyware Tools, here:
http://homepage.cooketech.net/~cybermel/Mel's Spyware Tools and Ad Blockers.html
XML-Menu for IE6 - (http://www.staff.uiuc.edu/~ehowes/main.htm, click on IE6
Tools on website) "This package contains a full menu of custom Import XML
files that can be used to manipulate IE6's handling of cookies in the
Internet and Trusted zones (the Privacy tab controls only the Internet
zone). The files are divided into three sets: one "short list" of
recommended files, and two "advanced" lists containing a wide range of
possible Privacy configurations. The ReadMe covers the basics of using
custom XML Import files and details all the files that are available. A
..REG file that can be used to restore the default Privacy tab settings is
included."
This is the technique that I use and, while I do very infrequently have to
override on some sites that don't have a Privacy Policy in place, I've found
it almost infallible in stopping bad cookies (I use 1-e, BTW) FWIW, Eric
Howes site, above, is one of the very best on the net with regard to
anything having to do with security. Very Highly Recommended.
and the file you see there is a sample to show you how a HOSTS file should
be set up. Here are the paths for other OSs:
Windows XP=C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K=C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME=C:\WINDOWS
First, you should understand that the original purpose of the HOSTS file
(BTW, it should always be named this way - all caps, no extension) was to
provide a local (therefore fast) translation from URLs to IP addresses for
frequently visited sites (typically your Favorites). It can still be used
this way (I do so, for example - there are utilities available such as CIP,
http://dl.winsite.com/bin/downl?500000007704 which will convert your
Favorites to IP's which you can then saveas and then copy into your HOSTS
file), but has also come to be used to block ad/malware servers. See here
for some good info about this use:
http://www.mvps.org/winhelp2002/hosts.htm This site also has downloads for
some utility programs which you will find useful if you decide to use a
HOSTS file such as RenHosts.bat,
http://www.mvps.org/winhelp2002/RenHosts.bat, and lockhosts.bat and
unlockhosts.bat, http://www.mvps.org/winhelp2002/lockhost.bat, and
http://www.mvps.org/winhelp2002/unlockhost.bat. The lock and unlock files
can be used to protect the HOSTS file in between UPDATES so that it doesn't
get hijacked in the manner you mentioned, while the rename hosts program
will allow you to easily enable or disable the HOSTS file (which keeping the
correct naming convention). As to size/performance - with any relatively
modern computer the delay added by the HOSTS lookup overhead should be
negligable for even moderately large HOSTS files used for ad/malware
blocking. If you use it also for DNS caching as I refered to above, the
time saved over going out to the net for DNS lookups will offset this many
times. If fact you'll notice a considerable speedup in "normal" address
browsing.
I thought it might be useful to add a word or two about security in general.
See if any of this helps
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In
machine, there are a number of things which need to be considered. I wouldJim Self said:Hi,
Is this path where the HOSTS file should be?
C;\WINNT\System32\Drivers\etc\Hosts
My HOSTS file has the following;If you want to take steps to defend your
suggest the following:
The minimum necessary to start with are a good hardware or software firewall
and an AV.
For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
UPDATE and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.
Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After UPDATING and fixing things with SpyBot S&D, be
sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
clean "no red" scan. The reason is that SpyBot sometimes has to remove
things which are currently "in use" before it can then clean up others.
Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
Next, courtesy of Mike Burgess:
"--Recommended Minimum Security Settings--
Close all instances of IE and OE
Control Panel | Internet Options
Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab
Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply\Ok
Prevent your "HomePage" setting from being Hijacked
http://www.mvps.org/winhelp2002/ietips.htm
_____________________________
Mike Burgess
Information isn't free if you can't find it!
http://www.mvps.org/winhelp2002/"
Note the Publisher setting - this vector is often overlooked.
Then, from me:
You might want to consider installing the SpywareBlaster and SpywareGuard
here to help prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running (887 parasites
as of this date) if it is already installed, and it provides information and
fixit-links for a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts
to install malware) Keep it UPDATED. Both Very Highly Recommended.
Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension)
Lastly, with regards to cookies: Courtesy of Mel's Spyware Tools, here:
http://homepage.cooketech.net/~cybermel/Mel's Spyware Tools and Ad Blockers.html
XML-Menu for IE6 - (http://www.staff.uiuc.edu/~ehowes/main.htm, click on IE6
Tools on website) "This package contains a full menu of custom Import XML
files that can be used to manipulate IE6's handling of cookies in the
Internet and Trusted zones (the Privacy tab controls only the Internet
zone). The files are divided into three sets: one "short list" of
recommended files, and two "advanced" lists containing a wide range of
possible Privacy configurations. The ReadMe covers the basics of using
custom XML Import files and details all the files that are available. A
..REG file that can be used to restore the default Privacy tab settings is
included."
This is the technique that I use and, while I do very infrequently have to
override on some sites that don't have a Privacy Policy in place, I've found
it almost infallible in stopping bad cookies (I use 1-e, BTW) FWIW, Eric
Howes site, above, is one of the very best on the net with regard to
anything having to do with security. Very Highly Recommended.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
=====================================================================
I run Computer Associates EZarmor/antivirus with Zone Alarm, and wonder
just how necessary it is to even have a HOSTS file? I'm a stand alone
home user with no external connections other than the phone to the
internet. When I used a HOSTS file that had hundreds of entries along
the lines of those shown below, It really bogged down my connection and
disconnect times, from seconds to sevral minutes.
I originally looked into HOSTS files when my daughters compouter at
school was constantly being taken from her by hijackers, HBOs etc. Now
that I have her running Adaware, SpamBot, HijackThis, BHODemon,
StartCop, Belarc Advisor, and maybe more, I don't see too many problem
areas and wonder if the slowness a HOSTS file creates is worth the
efforts to maintain?
.......................
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com #[Restricted Zone site]
127.0.0.1 f.abz.com
127.0.0.1 w.abz.com
127.0.0.1 acegroup.net
127.0.0.1 actualnames.com #[Parasite.ActualNames][Restricted Zone site]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 adserv.adbonus.com
etc.............................for pages and pages
Thanks for taing the time to answer these questions!
---==X={}=X==---
Jim Self
AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com
Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm