Blocking Malware and Advertisements Safely

From Lunarsoft Wiki
Jump to: navigation, search

Protecting Your Computer

What would be the best and safest things to use to protect my computer as I surf the Internet?

Whether you're using Firefox, Chrome, Opera, or Internet Explorer you should have the latest version of SpywareBlaster and keep it up to date. Firefox, Chrome, and Opera can all benefit from using uBlock Origin which allows for blocking malicious websites. This makes the need for SpywareBlaster and other software like Spybot Anti-Spyware's Immunization feature redundant. If you're a user of Microsoft Edge, you can utilize the uBlock Origin fork called uBlock Edge. Being able to block malicious websites through the browser is safer and far more efficient.

The Hosts File

What is the hosts file?

The hosts file is used to look up the Internet Protocol address of a device connected to a computer network. The hosts file describes a many-to-one mapping of device names to IP addresses. When accessing a device by name, the networking system will attempt to locate the name within the hosts file if it exists. Typically, this is used as a first means of locating the address of a system, before accessing the Internet domain name system. The reason for this is that the hosts file is stored on the computer itself and does not require any network access to be used, whereas DNS requires access to an external system, which is typically slower.

Where can I find the hosts file?

It depends on what Operating System you are using that determines where you can find the hosts file.

Locations of the hosts file on many Operating Systems:

Operating System Version Directory or Location
Windows 95, 98(SE), Me %WinDir%\
Windows NT, 2000, XP, Server 2003, Vista, Server 2008, 7, Server 2012, 8, 10 %SystemRoot%\system32\drivers\etc\ 1
Windows Mobile All versions Registry key under \HKEY_LOCAL_MACHINE\Comm\Tcpip\hosts
Linux and similar Unix-based /etc
Macintosh 9 and earlier System Folder: Preferences or System folder 2
Macintosh OS X, iOS /private/etc (uses BSD-style hosts file)
iPhone & iPod All /private/etc
OS/2 & eComStation All "bootdrive":\mptn\etc\
Novell NetWare All SYS:etc\hosts
Symbian Symbian OS 6.1-9.0
(Series 60 1st and 2nd edition, UIQ 1-2)
Symbian Symbian OS 9.1+
(Series 60 3rd edition, UIQ 3.x)
C:\private\10000882\hosts 3
Android All /system/etc/hosts

1 The default location, which may be changed. The actual directory is determined by the Registry key \HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
2 Format of the file may vary from Windows and Linux counterparts.
3 Only accessible with file browsers with AllFiles capability, most are not. Note: Macintosh OS X uses BSD-style hosts file.

Hosts File Usage

What should the hosts file be used for?

The hosts file should only be used for redirecting a website or a new IP address. This generally happens if your favorite website has relocated to a new host or their IP has changed. It sometimes takes a few days to update your DNS cache and sometimes it's also up to your ISP to refresh this information on their local cache.[1]

What do you not use the hosts file for?

Under no circumstance should you ever use your hosts file to block malware or advertisements. It is not designed to be used in this manner despite what many websites falsely report. Coincidentally those sites also offer their own malware and ad-blocking hosts files. Some websites will also recommend disabling the DNS Client service or setting it to Manual. By default it is set to Automatic and should not be changed.

MSKB 318803

Note: The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.

The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.

When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.

You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.

This segment from the MSKB is why users should not alter their services unless under direct instruction from a technician.[2]

From Windows 8 and up, Windows Defender can detect malicious changes in the hosts file. While you may be using common host files to block malicious websites, Windows Defenders may see this as a potential hijack. [3]

Recommended Blocking

Why should I use SpywareBlaster and IE-SpyAds and not the hosts file for blocking malware and advertisements?

Malware can still alter and even replace your hosts file. Malware is an executable file, just like everything else you use. It sends a command line parameter to change the state of the hosts file from a read-only state to writable. After that it replaces it with whatever it wants. All it does is send the ATTRIB command along with -R. See this link on DOS Command: ATTRIB for more information.

That's not very secure if it's that simple to disable the read-only attribute, is it?

How to Safely Block Malware

How can I safely block malware when I surf the Internet?

For stopping malware the best thing to use is SpywareBlaster for Firefox and IE. If you need more protection you should use IE-SpyAd with SpywareBlaster. You can also make use of Spybot S&D's Immunize, SDHelper BHO and the Opera Plug-in Immunity. All of these options work very well and have no impact on your computer's performance or cause any Internet related slowdowns.

Block Advertisements

Internet Explorer

What should I use to block advertisements in Internet Explorer?

For Ad-Blocking in IE you can block ads with IE-SpyAd. This is a great utility to use, because it will block both malware links and advertisements in the IE browser! Now, do you need IE-SpyAd? Well, if you use IE and have valid concerns about malware, it would be a good idea. If you never use IE at all, or only use it for Windows Updates, then you probably won't need it. The choice is yours. Best of all, it's based off of the registry by adding domains and IP addresses to the Restricted Domains list. All of this is stored in the registry, so you won't have to worry about it slowing your connection or having any impact on your computer's performance. Awesome huh?

It doesn't stop there! The maker of IE-SpyAd also has a way to block ads with Agnitum Outpost Professional Firewall. It's called AGNIS. AGNIS for Outpost is a ported version (Ported in this case, is that it was for other software and then carried over for another) of AGNIS for AtGuard and Norton Internet Security (and also Norton Personal Firewall). This list will integrate into your Outpost Pro firewall to help block ads of all kinds, including Flash, Javascript, even certain image sizes. You can replace them with the text [ad] or a 1x1 pixel transparent gif image.


What should I use to block advertisements in Firefox?

For ad-blocking in Firefox, you can use Adblock Plus or uBlock Origin with EasyList. Now, some of you are probably asking what's so great about ad blocking with your browser. Well, let's look at the Google text ads, shall we? If you have an adblocker installed enabled, it actually comments out the Google text ads.

<script type='text/javascript'>


google_ad_client = "pub-2666250944335766";
google_ad_type = "text_image";
google_ad_channel ="3469252430";
google_alternate_ad_url = "";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = '728x90_as';
google_color_border = '2666B8';
google_color_bg = 'FFFFFF';
google_color_link = "000099";
google_color_url = '008000';
google_color_text = '000000';


<script type='text/javascript'

Did you notice these codes above: <!-- -->? Those are HTML comment tags. What those do is hide any text that is between them. That's right, it's similar to programming (though HTML is a document formatting (markup) language.)

So, how did it get there? Well, as a page loads, adblockers check through a huge list that it has downloaded and enabled, thanks to lists like EasyList. It looks for keywords in URLs and other places within the generated page source code for any webpage. When it finds a match it comments it out. So when your page loads, you get to see the webpage without any nasty ads or bloat. Plus, pages will load faster (and some quieter!). What's even cooler about adblockers is that you can set it to automatically disable on certain webpages of your choice so you can continue to support your favorite websites.


What should I use to block advertisements in Chrome?

Chrome has the benefit of having Adblock Plus or uBlock Origin just like Firefox. You can also benefit from using the EasyList with Chrome and it is strongly recommended to do so.


What should I use to block advertisements in Opera?

Opera also has several methods to block advertisements. There is Adblock Plus, uBlock Origin, and urlfilter.ini. With urlfilter.ini you simply save it as urlfilter.ini in the Opera profile directory.

That location is generally found at %AppData%\Opera\Opera\Profile

Useful Downloads

Lunarsoft highly recommends using uBlock Origin paired with EasyList and EasyPrivacy.

Reference Links

  1. Microsoft TCP/IP Host Name Resolution Order
  2. How to Disable Client-Side DNS Caching in Windows XP and Windows Server 2003
  3. Hosts file is detected as malware in Windows Defender