Blocking Malware and Advertisements Safely

From Lunarsoft Wiki
Jump to navigation Jump to search

Protecting Your Computer

What would be the best and safest things to use to protect my computer as I surf the Internet?

Whether you're using Firefox, Chrome, Opera, or Internet Explorer you should have the latest version of SpywareBlaster and keep it up to date. Firefox, Chrome, and Opera can all benefit from using uBlock Origin which allows for blocking malicious websites. This makes the need for SpywareBlaster and other software like Spybot Anti-Spyware's Immunization feature redundant. If you're a user of Microsoft Edge, you can utilize the uBlock Origin fork called uBlock Edge. Being able to block malicious websites through the browser is safer and far more efficient.

The Hosts File

What is the hosts file?

The hosts file is used to look up the Internet Protocol address of a device connected to a computer network. The hosts file describes a many-to-one mapping of device names to IP addresses. When accessing a device by name, the networking system will attempt to locate the name within the hosts file if it exists. Typically, this is used as a first means of locating the address of a system, before accessing the Internet domain name system. The reason for this is that the hosts file is stored on the computer itself and does not require any network access to be used, whereas DNS requires access to an external system, which is typically slower.


Where can I find the hosts file?

It depends on what Operating System you are using that determines where you can find the hosts file.


Locations of the hosts file on many Operating Systems:

Operating System Version Directory or Location
Windows 95, 98(SE), Me %WinDir%\
Windows NT, 2000, XP, Server 2003, Vista, Server 2008, 7, Server 2012, 8, 10 %SystemRoot%\system32\drivers\etc\ 1
Windows Mobile All versions Registry key under \HKEY_LOCAL_MACHINE\Comm\Tcpip\hosts
Linux and similar Unix-based /etc
Macintosh 9 and earlier System Folder: Preferences or System folder 2
Macintosh OS X, iOS /private/etc (uses BSD-style hosts file)
iPhone & iPod All /private/etc
OS/2 & eComStation All "bootdrive":\mptn\etc\
Novell NetWare All SYS:etc\hosts
Symbian Symbian OS 6.1-9.0
(Series 60 1st and 2nd edition, UIQ 1-2)
C:\system\data\hosts
Symbian Symbian OS 9.1+
(Series 60 3rd edition, UIQ 3.x)
C:\private\10000882\hosts 3
Android All /system/etc/hosts

1 The default location, which may be changed. The actual directory is determined by the Registry key \HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
2 Format of the file may vary from Windows and Linux counterparts.
3 Only accessible with file browsers with AllFiles capability, most are not. Note: Macintosh OS X uses BSD-style hosts file.

Hosts File Usage

What should the hosts file be used for?

The hosts file should only be used for redirecting a website or a new IP address. This generally happens if your favorite website has relocated to a new host or their IP has changed. It sometimes takes a few days to update your DNS cache and sometimes it's also up to your ISP to refresh this information on their local cache.[1]


What do you not use the hosts file for?

Under no circumstance should you ever use your hosts file to block malware or advertisements. It is not designed to be used in this manner despite what many websites falsely report. Coincidentally those sites also offer their own malware and ad-blocking hosts files. Some websites will also recommend disabling the DNS Client service or setting it to Manual. By default it is set to Automatic and should not be changed.

MSKB 318803

Note: The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.

The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.

When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.

You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.

This segment from the MSKB is why users should not alter their services unless under direct instruction from a technician.[2]

From Windows 8 and up, Windows Defender can detect malicious changes in the hosts file. While you may be using common host files to block malicious websites, Windows Defenders may see this as a potential hijack. [3]

Recommended Blocking

Why should I use SpywareBlaster and IE-SpyAds and not the hosts file for blocking malware and advertisements?

Malware can still alter and even replace your hosts file. Malware is an executable file, just like everything else you use. It sends a command line parameter to change the state of the hosts file from a read-only state to writable. After that it replaces it with whatever it wants. All it does is send the ATTRIB command along with -R. See this link on DOS Command: ATTRIB for more information.

That's not very secure if it's that simple to disable the read-only attribute, is it?

How to Safely Block Malware

How can I safely block malware when I surf the Internet?

For stopping malware the best thing to use is SpywareBlaster for Firefox and IE. If you need more protection you should use IE-SpyAd with SpywareBlaster. You can also make use of Spybot S&D's Immunize, SDHelper BHO and the Opera Plug-in Immunity. All of these options work very well and have no impact on your computer's performance or cause any Internet related slowdowns.

Block Advertisements

DNS

You can now block advertisements on your entire network! There's a few great options that allow blocking advertisements.

AdGuard

AdGuard DNS is a simple to do, free method of blocking advertisements. If you're good with tech you can use the table below to make changes. Need more help? Ask on our forums and refer to the AdGuard guide.

The main difference between the Default and Family DNS is that Family also blocks adult content.

IPv4 Default Family
Primary: 176.103.130.130 176.103.130.133
Secondary: 176.103.130.131 176.103.130.134
IPv6 Default Family
Primary: 2a00:5a60::ad1:0ff 2a00:5a60::bad1:0ff
Secondary: 2a00:5a60::ad2:0ff 2a00:5a60::bad2:0ff

Pi-hole

Pi-hole blocks ads on a network level. Typically it runs on a Raspberry Pi, thus the name Pi-hole. It can also be configured to work with a VPN so you can block ads on the go too.

Firefox

What should I use to block advertisements in Firefox?

For ad-blocking in Firefox, uBlock Origin with EasyList and other lists. uBlock Origin is the recommended ad-blocker, because it also blocks malicious websites. There are others, such as Ad-Block Plus, too. Now, some of you are probably asking what's so great about ad blocking with your browser. Well, let's look at the Google text ads, shall we? If you have an adblocker installed enabled, it actually comments out the Google text ads.

<!-- GOOGLE BANNER -->
<script type='text/javascript'>

<!--

google_ad_client = "pub-2666250944335766";
google_ad_type = "text_image";
google_ad_channel ="3469252430";
google_alternate_ad_url = "www.example.com/advert/example_forums.htm";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = '728x90_as';
google_color_border = '2666B8';
google_color_bg = 'FFFFFF';
google_color_link = "000099";
google_color_url = '008000';
google_color_text = '000000';

//-->

</script>
<script type='text/javascript'
src='http://pagead2.googlesyndication.com/pagead/show_ads.js'>
</script>
<!-- GOOGLE BANNER -->

Did you notice these codes above: <!-- -->? Those are HTML comment tags. What those do is hide any text that is between them. That's right, it's similar to programming (though HTML is a document formatting (markup) language.)

So, how did it get there? Well, as a page loads, adblockers check through a huge list that it has downloaded and enabled, thanks to lists like EasyList. It looks for keywords in URLs and other places within the generated page source code for any webpage. When it finds a match it comments it out. So when your page loads, you get to see the webpage without any nasty ads or bloat. Plus, pages will load faster (and some quieter!). What's even cooler about adblockers is that you can set it to automatically disable on certain webpages of your choice so you can continue to support your favorite websites.

Chrome

What should I use to block advertisements in Chrome?

Chrome is not a recommended browser due to numerous privacy and security concerns. Chrome does have the benefit of Adblock Plus or uBlock Origin just like Firefox. You can also benefit from using the EasyList with Chrome and it is strongly recommended to do so.

Microsoft Edge

What should I use to block advertisements in Edge?

Thankfully, uBlock Origin has been ported to Microsoft Edge and is available in the Windows Store!

Opera

What should I use to block advertisements in Opera?

Opera also has several methods to block advertisements. There is Adblock Plus, uBlock Origin, and urlfilter.ini. With urlfilter.ini you simply save it as urlfilter.ini in the Opera profile directory.

That location is generally found at %AppData%\Opera\Opera\Profile

Internet Explorer

It is no longer recommended to use Internet Explorer, even Microsoft has said not to use it any more.

Useful Downloads

Lunarsoft highly recommends using uBlock Origin paired with EasyList and EasyPrivacy.

Reference Links