What is a Host file? How can it prevent spyware from “calling home” with your personal information? Learn how the Hosts file works and how to use it to stop spyware.
1. How the Hosts File Works
The Hosts file is a sort of web address book inside the Windows folder of your hard drive. It loads into system memory at each startup, where it cross-references saved domain names to IP addresses.
The need for cross-referencing is because, the Internet only works with numeric IP addresses.
IP addresses are in the form of a block of numbers arranged in four groups, something like this: 126.96.36.199, where each group may be from 0 – 255.
Somewhere in the system there needs to be a cross reference between the two. Cross-references between domain names and IP addresses are found on various domain name servers (DNS) distributed throughout the Internet.
However, when you type a domain name into your browser search box, your computer first looks for the IP address in your Hosts file.
Then, if Windows finds the domain name listed in your Hosts file, it will not bother to look it up on any external domain name servers. (Keep this fact in mind.)
Originally, the Hosts file came about because, before there were high-speed Internet connections, it was much faster to look up an IP address if it was already stored on your local machine.
2. The Hosts File as an Anti-Spyware Tool
With faster computers and high-speed Internet there is really no need for a locally stored cross-reference.
At the same time, malicious sites just keep on increasing! They often work by embedding a disguised link inside an otherwise innocent looking web page.
If you happen to click on – or sometimes even mouse over – that link, the spyware “calls home” and sets up an ad server, a data miner, a hit counter, or some other intrusion of your privacy.
Now back to the Hosts file: in its newest configuration, your Hosts file is an excellent spyware blocker.
Now, when you discover a malicious domain, you can add it to your Hosts file, cross-referencing it to a false IP address that connects only to a black hole inside your computer. The spyware “thinks” it is calling home, but the call goes nowhere.
3. The Structure of a Hosts File
The original Hosts file looks something like this:
# start of your favorite sites – original use for a Hosts file
Normally, Hosts files are much larger than this. (Lines beginning with the pound # sign are comment lines which the computer ignores.)
The modern Hosts file used as a spyware/adware denial tool that looks something like this (with 127.0.0.1 localhost always as the first line):
# start of blocked sites – modern use for a Hosts file
Notice that these IP addresses are all the same: 127.0.0.1 -this points only to your own local computer.
An infected web page could try to connect your computer to bannercraze.com, for instance. As usual, your browser looks up the IP address, which in this case, it finds in the Hosts file. Since the IP address resolves to 127.0.0.1 in the Hosts file, the call cannot go out.
(Remember: If a domain name is stored in your Hosts file, Windows will not bother to look it up on any external DNS servers.)
A comprehensive Hosts file can also speed up downloading of web pages because you will not have to wait for targeted ads and other spurious items to load.
Of course, simply maintaining a Hosts file is not a magic cure-all for every evil on the Internet, but it does provide an additional, quite effective defense mechanism.
But there has to be a catch, right? There is. In fact, there are several catches. You will have to:
a) recognize each piece of malware
b) look up its domain name
c) update your Hosts file for each new intruder
It becomes a never-ending task because these companies are constantly adding new domain names to stay ahead of us.
Take heart. There are several comprehensive Hosts files that you can download and use at no cost. To keep these files up to date you will have to download the latest versions regularly. One available source is: someonewhocares.org
By far, the easiest way to maintain an effective Hosts file is to let a good anti-spyware program do it for you. A very popular, free utility is SpyBot – Search & Destroy. It searches the web for problem domains and then “inoculates” your computer by including them in your Hosts file.
To learn more about the Hosts file, search on the term in your Internet browser. There are over 30 million search results for “Hosts file”.