Let’s examine a bit of history. Before DNS (Domain Name System) was used, all computers connected to the Internet’s precursor, ARPANet, had to have a file with the names and IP addresses of all other computers. This file was a text file known as a HOSTS file. Even when DNS was implemented, HOSTS files were, and still are, available on every operating system that supports TCP/IP. What’s even more significant is that HOSTS files will be used to resolve a name before DNS, essentially meaning that a HOSTS file overrides DNS information.
This can work to both are advantage and disadvantage. Malware can “hijack” the system’s HOSTS file to redirect a legitimate URL, such as http://www.google.com and send the user to an attacker’s site. Not surprisingly, a lot of anti-virus/anti-malware software will try to protect the HOSTS file from changes.
Conversely, we can use the HOSTS file to block certain “bad” URLs by redirecting to the localhost address of 127.0.0.1. This can be any URL, such as a phishing site, known malicious site, or even ad sites. Since the HOSTS file is system-wide, it blocks these sites regardless of the Web browser, e-mail program, or any other program used.
The obvious problem is that manually entering the ever-growing list of sites into the HOSTS file can take a long time. Fortunately, there are HOSTS files that are maintained and updated with a list of such servers:
While downloading these updated HOSTS files is very useful, we can go one step further and use programs to keep them updated or even turn on/off the HOSTS file. Some good programs are:
One of the most powerful is Hosts Manager
Before modifying or downloading the HOSTS file, check your anti-virus/anti-malware settings. Some will try to protect against HOSTS file modification. Since you want to modify the file, you’ll probably need to disable the anti-virus/anti-malware protection of the file.
In addition to the HOSTS file, it’s worthwhile to examine DNS servers too. Most people who connect to the Internet simply use the DNS servers provided by their ISP. While there is nothing wrong with this, you don’t have to use them! You can use any DNS server for name resolution. This is especially useful of you are setting up a system and don’t recall the IP address of a valid DNS server. Fortunately, there is a root DNS server, 188.8.131.52 that has an easy-to-remember IP address.
Another useful DNS service is OpenDNS. This service provides many things:
- It blocks known phishing sites.
- It helps correct mistyped URLs, such as og instead of .org.
- If you create an account, it provides the ability to create parental controls or site blocking.
- Other useful features for those with an account.
Here’s a button that determines if you’re using OpenDNS or not. If not, you can click the button to learn more. Or, you can simply visit www.opendns.com to find this information. OpenDNS server IP addresses are: 184.108.40.206 and 220.127.116.11. You would need to provide that information to either a static IP address on a system or for the router’s DHCP information.
By using both of these methods, a custom HOSTS file and OpenDNS, you can thwart a lot of malicious sites. Again, it doesn’t matter which browser or program being used, since these are system-wide settings. Additionally, the OS isn’t important since all TCP/IP-based systems, Linux, Windows, Mac OS X can use HOSTS files and OpenDNS.
For those that have to support family members who “get in trouble” by browsing sites they aren’t supposed to, these techniques should help solve that problem. Obviously, good anti-virus software should be used even with these methods. (For those that have family members who are unwilling to pay for AV software, both AVG and Avast! have free versions.)