Blocking ads and malware with host files on Mac, Windows and Linux
Published by on February 28, 2017 in Information Security

https://www.flickr.com/photos/dullhunk/380814854There exists, on every computer on the internet today, a simple little text file called hosts. It used to be used to translate the names of servers into their internet addresses. However, with the development of technologies like DHCP and DNS servers, it has fallen out of common use. This simple little how to will reveal a way for you to make use of this file to block access to thousands of sites that serve no purpose other than hosting ads and malware.

Get a good hosts file

This tutorial shows you how to replace the existing hosts file on your computer with one that you will download. While there is nothing wrong with the existing file, this is a simpler solution than copying the contents of the new file into the existing one. The danger with modifying the existing file using a simple text editor is in the lack of an extension on the file name. While it is just a text file that can be read with any text editor, if that editor program adds the .txt extension to the filename, it will no longer be of any use to the operating system.

You could just as easily overwrite the existing file with the new one instead of renaming the original with the .old extension. However, it’s always a good idea to keep a backup of the original in case anything goes wrong, like getting a corrupted or incomplete copy of of the new hosts file.

To start, you will want to download a copy of this file that has already been loaded with over 32,000 known ad and malware sites at the time of this writing. Many thanks to Steven Black for all the work that he has put into collecting this list. He has even gone so far as to edit out duplicates and continues to add to it on a regular basis from what he refers to as “high quality sources”.

When it is finished downloading (which should not take long, seeing as how it’s less than one megabyte in size) you will want to extract the hosts file from it. You will then copy the new file to its final destination on your computer.

Windows 7 and older

  1. Open Windows Explorer (the icon that looks like a folder) and browse to your Downloads folder
  2. Extract the hosts file from the hosts.zip that you downloaded above, right click on the extracted hosts file and select Copy from the menu. Make sure you don’t copy the hosts.zip file.
  3. In that same Windows Explorer window, expand the C:\ drive from the left side pane (you may need to expand My Computer to see the list of available drives) followed by System32 then drivers
  4. Click on the etc folder to select it. You will see that there is a hosts file already in this folder in the center pane of the Explorer window
  5. Right click the hosts file, select Rename and give it the name hosts.old. Windows might complain that this file is protected or is a system file. Grant yourself permission and carry on.
  6. Right click a blank spot inside this folder and select Paste to put a copy of the downloaded hosts file into this folder. Again, if Windows prompts you, grant yourself permission to carry on.
  7. Close and restart your web browser

Windows 8, 8.1 and 10

  1. Switch to Desktop mode and launch the Windows Explorer off the quick start bar
  2. Open your Downloads folder to extract the hosts file from the hosts.zip
  3. After extracting the file, right click on the hosts file and select Copy from the menu
  4. From the left side pane, expand the C:\ drive, then the System32 folder, then drivers folder and select the etc folder from inside drivers
  5. Right click on the hosts file in the etc folder, select the Rename option from the menu and name it hosts.old. If Windows pops up a prompt, tell it that you really do know what you’re doing and to let you get on with it.
  6. Right click on any blank spot inside this folder and select Paste to place a copy of the downloaded hosts file into this folder. Again, if Windows complains, tell it to mind it’s own business and to let you continue with yours.
  7. Close and then restart your web browser

Mac OS X

  1. If the hosts.zip file downloaded to your desktop, double click on it to extract the hosts file from it right onto your desktop
  2. Open Finder and select the Go menu option from the top of the screen.
  3. Click on Go To Folder from that menu
  4. Type /private/etc/hosts into the Go To Folder box and click the Go button
  5. Scroll down until you see the highlighted hosts file.
  6. Drag the hosts file from your desktop into the Finder window
  7. OS X may prompt you with a question about what to do with the original file. Select the Replace option as you won’t be going back to the original after this.
  8. You may also be asked for your password to verify that you really, really mean it.
  9. Close and restart your browser

Any distribution of Linux

  1. Open a terminal and switch to your Downloads folder: cd Downloads
  2. Extract, or unzip the hosts.zip file to the current directory: unzip hosts.zip
  3. Copy the hosts file to the /etc/ folder
    1. If you are logged in as root, rename the hosts file to hosts.old: mv /etc/hosts /etc/hosts.old
    2. Then copy the new file into the /etc/ folder: cp hosts /etc/
    3. If you are not logged in as root, use sudo to rename the file: sudo mv /etc/hosts /etc/hosts.old
    4. And then copy the new file into /etc/: sudo cp hosts /etc/
  4. Close and restart your browser

Flush your DNS cache

In some cases, the computer may have an address cached for one or more of these ad sites. The final step then, if needed, is to flush the cache of linked domain names to addresses. A simple restart of the computer will accomplish this, but if you don’t feel like rebooting, here are the commands needed to flush the DNS cache manually:

Flush the Windows DNS cache

Type the following command into a command prompt, not the powershell:

ipconfig /flushdns

Flush the MacOS DNS cache

For Mountain Lion or Lion, type the following into a terminal:

sudo killall -HUP mDNSResponder

For Mavericks

dscacheutil -flushcache; sudo killall -HUP mDNSResponder

In Yosemite the command changed for flushing DNS cache up until the release of 10.10.4, when it switched again. For 10.10 – 10.10.3 use the following command:

sudo discoveryutil mdnsflushcache;sudo discoveryutil udnsflushcaches;say flushed

For any release after 10.10.4 including El Capitan and Sierra, use the following:

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder;say cache flushed

Flush the DNS cache in Linux

Type the following command into a terminal either with sudo or as root:

service nscd reload

OR

service nscd restart

And there you have it. A simple text file that was originally used to store a list of servers and their addresses, being used as a simple, yet powerful ad and malware blocker. While this is by no means meant to replace any existing ad blocker that you might be using, it is an easy and readily available addition to whatever you may already have.

So what is hosts anyway?

Back in the day, there weren’t any servers that kept massive lists of all of the internet addresses and the domains that they hosted. Each computer was responsible for keeping it’s own list of servers and their unique IP address. An IP address is a string of numbers and decimals, and is associated with a specific domain, such as “comparitech.com”, but looks like “209.58.135.68” to the computer.

In fact, in the internet’s infancy, each internet address pointed to only a single server. Being humans, the creators of the internet realized early on that memorizing a numeric address for each server was just not going to happen. There had to be a way of giving each server a more human-friendly name, and then linking that name to the internet address for that server.

The very first way of doing that was the hosts file. One problem that kept popping up, though, was linking a server’s name to an incorrect address. Doing so pretty much guaranteed that the computer would not be able to reach that server until the address was corrected.

Evolution

Eventually, the hosts files became almost unmanageable due to the sheer number of servers that were hosting information. That’s when someone came up with the idea of creating a group of servers that kept up-to-date lists of website names linked to specific IP addresses. Then, the hosts file only needed to have the names and addresses of the servers in that group.

Fast forward to today where we have DHCP, Dynamic DNS, DNS, multiple virtual web servers sharing a single IP address and all sorts of other craziness compared to the archaic system of manually entering a server’s name and address into a text file on our local computer.

The secret bit of brilliance here is that the hosts file is still looked at before anything else when it comes to looking up a website. If that website is listed in the hosts file, the address provided is used and no further looking up is done, even if that address is incorrect.

It doesn’t matter what version of Windows your PC is running, if you use a Mac or even if you’ve made the switch to any of the Linux distributions, your computer has a hosts file and it is usable as a blocker of web based ads and malware.

Can hosts be corrupted

What this tutorial is doing is technically a corruption of the hosts file. The original intent was to associate server names with their IP addresses. By linking a site name to an invalid IP address, you are breaking a bit of web functionality. Thankfully, you’re breaking it in your favor by blocking your computer’s access to unwanted online content.

Of course, there is a potential for abuse here. You only want to update the contents of this file from trusted, high quality sources. With over 32,000 entries, it would be child’s play to change the IP address of “windowsupdate.microsoft.com” to a site that installs bot.net software disguised as official Microsoft security updates for Windows. Or worse.

Just like with anything else available on the internet these days, caveat emptor!

The old school, Upper Mill, Saddleworth by Duncan Hull under CC 2.0

Leave a Reply

Your email address will not be published. Required fields are marked *