You are here:   Home > Spyware > Blocking Spyware
What's
New		 Doll
Makers		 Room
Makers		 Puzzle
Makers		 Roiworld Stardoll Links
GirlSense - online dress up games for girls with fashion sense

Back to Spyware Comparison

Blocking Spyware



(See also HOSTS file for Linux)

What is a HOSTS file?

It is Windows specific
The HOSTS file's primary function is to speed up surfing the internet by caching IP address. A select group of IP address's to your most visited websites could be stored in the HOSTS file.

Let's say CNN's website is cached in the HOSTS file then the entry would look like this
64.236.24.4 www.cnn.com

Whenever you type in www.cnn.com in your web browser it will use the IP address 64.236.24.4 located in your HOSTS file instead of having to request it from your ISP's DNS servers (or a parent DNS server up the chain)


Hijacked HOSTS file

A useful tool, however it can be subverted by various spyware programs, redirecting a user away from a legitimate site and sending them to their portal instead.
i.e.
Let's say we wished to get our Amazon lookup to point to CNN's website
We would add this line to the HOSTS file.
64.236.24.4 www.amazon.com
This line now points all references to www.amazon.com to CNN's website.


Where is the HOSTS file located?

Windows NT/2K/XP = [System root]\system32\drivers\etc
Windows 95/98/ME = [drive]\windows
The [drive] is usually drive "c:"
The [System root] is usually "c:\winnt" or "c:\windows"

Block Ads

Of course the HOSTS file can also BLOCK undesirable websites as well
By redirecting them to your computer (127.0.0.1)
However this will generate a page not found error.
Let us say we wanted to block www.cnn.com, we would do the following
127.0.0.1 www.cnn.com

If there is no web server on your local machine then you would get unable to connect to site
If the local computer has a web server then it will serve that web servers default webpage
if no web page is found then it would issue a "page not found" error.

You can download and and replace your HOSTS file with this list of known adware, spyware, annoying websites. hosts.zip (32k)


Resolution Order

When is the HOSTS file referenced, what is the order of lookup and can this order be changed?

The order is as follows:
  1. Check to see if the name queried is itself.
  2. Checks the local HOSTS file.
  3. Check the domain name servers (DNS).
  4. Checks the NetBios name resolution.

Can the order be changed? Yes
The registry settings is for Windows NT 4.0 SP4 and above.
(Previous to SP4 changing the registry values had no effect on the order)

You can get windows to use the NetBios lookup first BEFORE the DNS sequence, (the DNS sequence is listed above, 1-3).
Run regedit32.exe
Go to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
click "add value";
Value name: DnsNbtLookupOrder
DataType: REG_WORD
Value: 1 or 0 (default=0, DNS is used first, 1 then NetBios lookup is used first)
Save and restart your computer

But what is the exact order that NetBios uses?
  1. NetBIOS name cache.
  2. WINS server.
  3. B-node broadcast.
  4. LMHOSTS file.
  5. HOSTS file.
  6. DNS server.



references:
Blocking Unwanted Parasites with a Hosts File
How to make the internet not suck (as much)
Microsoft TCP/IP Host Name Resolution Order
Setting the name resolution search order
Windows NT 4.0 ServiceProvidor Priority Values



About     Privacy Policy     Hosting by Web Hosting Canada

Except where otherwise noted, this site is licensed under a Creative Commons License



contact us: elouai@gmail.com
©2003-2008 eLouai.com, All rights reserved