1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Confused on the "host" file use?

Discussion in 'General Security' started by Bud Norris, Apr 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Bud Norris

    Bud Norris Thread Starter

    Joined:
    Jan 31, 2003
    Messages:
    93
    The "hosts" file is used to connect a site "name" to it's internet address to be able to access the site on the web. However if a site name is preceded by the internet address 127.0.0.1 your computer will not access the site because the address 127.0.0.1 is your computer itself and therefore NO address is found to access
    .
    Now some antispyware will write to your "hosts" file when it finds a tracker file or other malicious type file. The reason for this is that if the file causes, during your online browsing, your computer to try to access a tracking or malicious site it cannot do it. The reason is as I said previously because the site name is found in the "hosts" file with the address 127.0.0.1.

    You also can put entries in your "host" file that will deny access to a site you do not want your computer to be able to access. How to write this in the "host" file is shown at the beginning of the "host" file contents.

    If your "host" file is empty nothing is denied to your computer to access. And this the way most "host" files are loaded. The "hosts" file I'm talking about is the "hosts" file inside the C:/windows/system32/drivers/etc/ folder on your computer. There are other files in this folder also but the "hosts" file is the one that does the job. You can open it with Notepad or Wordpad.

    Just today a friend had some trouble and ran Norton Systems to remove some trackers and malicious "trojan horse" files. In the process his access to the internet via his browser Internet Explorer was lost. He still had Outlook Express mail access because it doesn't use the browser to access the mail site. As it turned out, his browser was set to access the internet through a "proxy server" with the address of, guess what?, 127.0.0.1. Which is the "hosts" file address on his computer AND his home page and other site locations were IN the "hosts' file with the web address of 127.0.0.1.
    How this happened I am not exactly sure except that it happened immediatly after Norton did the trojan removal job, so it had to be associated.

    Almost no Windows XP Home user uses a "proxy server", it's mostly for large corporations and company networks. And the address 127.0.0.1 is not a legitimate "proxy server".

    The problem was resolved by unchecking the setting in his IE tools, internet options, connections, LAN settings, "use a proxy server...". This stopped the computer going to the "hosts" file for the site addresses which had some how been put in the file as 127.0.0.1.
    I didn't bother to delete the "hosts file" because any malicious site names in there may still be stopped if some tracker file was still on his computer. The use of this "hosts" file to call up site addresses is very vague and confusing and the fact that antispyware puts info in it must mean something for stopping tracking.

    Now if this doesn't help to somewhat explain the use of the "hosts" file just join the crowd for "confused"!

    Blah.Blah & Blah!
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    A DNS server resolves alpha names to an ip address. The hosts file do the same thing.

    So if you have a small network with a web server that is hosting only something for internal use, you can put this into the host file

    192.168.2.15 mywebserver.com

    And voila, your browser will recognize mywebserver.com as a legit address.
     
  3. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    I use a proxy at 127.0.0.1 (localhost, of which there are many) to filter ads, remove content from loading web pages, and control cookies. I also run a DNS server at 127.0.0.1. There are many proxy servers that use that address for safety and control, and they are legitimate and desirable. Many security programs use this sort of proxy to prevent malicious content from entering over the connection. It serves as a buffer between browsers and the net.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,756
    First Name:
    Karen
  5. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    You have some misapprehensions here.

    The address 127.0.0.1 (also known as "localhost") is the ip address of the local computer that the software is running on. This is true under any circumstances, even when that computer has some external IP address due to the fact that it is connected to a network.

    When you put 127.0.0.1 ahead of a domain name in your hosts file, you are telling your computer to resolve that domain name to the local computer. Since there is nothing on the local computer to match that domain name, the result is that your browser can't find what it was looking for and returns a message to that effect.

    If you dig into the internals of Windows or OSX or Linux or any other *nix, you will find many many circumstances where programs want to communicate with other programs, and will choose to do this using network protocols. In the common case, where the program communicating and the one being communicated with are both on the same machine, the program communicating will address the target program using the address 127.0.0.1, which tells the network communications protocols that the target program is on this machine.

    Norton behaves this way too. When you install all the Norton crap, it will change your browser settings so that instead of directly connecting with the internet your browser connects with some norton software (called a "proxy"), and then that norton software browses for you. This enables the norton software to scan what is coming into your browser so that it can do its thing. Same with email.

    So, when you uninstalled Norton, you removed the software that your browser wanted to connect to. When you then changed the settings in the browser so that it does not use a proxy on localhost, then you restored its ability to connect directly with the internet.
     
  6. bp936

    bp936

    Joined:
    Oct 13, 2003
    Messages:
    3,033
    yeap, thank you,
    I now might understand host files a bit more, but the confusion isn't cured yet.:)
     
  7. Bud Norris

    Bud Norris Thread Starter

    Joined:
    Jan 31, 2003
    Messages:
    93
    I understand how the Hosts file works but I didn't know what you say Norton does for browser control. I have use Norton AV and it doesn't direct my browser, IE-8 to use a "proxy server". Maybe Norton Internet Suite does I don't know. And pointing to address 127.0.0.1 as the "proxy server" to use when conecting to the Internet doesn't seem kosher to me!

    Also I didn't remove the Norton program on my friends computet. I just turned off the "use a proxy server" feature. If I would have been allowed, I would edited his "hosts" file to remove any reference to his home page and any other site name he was using prior to the problem.
     
  8. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    In fact, to point to the proxy server, you specify both an address and a port. So the specification would be 127.0.0.1:portno.

    It has been a long time since I've used norton, but IIRC (and I may not), Norton used port 3128 for the http proxy server.

    And, whether or not it seems "kosher" to point to your own machine for a place to make a connection, that is how it is done.

    Edit because of stupid smiley:

    127.0.0.1 : portno (with the spaces removed.)
     
  9. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Yes, that is "how it is done". It is the only way to have traffic filtered before it enters the machine with that type of program. Otherwise, the security is completely lost.
     
  10. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear Bud Norris,
    Why do you want to use Hosts File at all? i am providing an excerpt from an excellent article from another site(i will provide the link-please read it carefully)

    QUOTE"
    Why would I want to use a HOSTS file
    There are a variety reasons as to why you would want to use a HOSTS file and we will discuss a few examples of them so you can see the versatility of the little file called the HOSTS file.​
    Network Testing - I manage a large Internet Data center and many times we need to set up test machines or set up development servers for our customers applications. When connecting to these development or test machines, you can use the HOSTS file to test these machines as if they were the real thing and not a development server. As an example, lets say that you had a domain name for a development computer called development.mydomain.com. When testing this server you want to make sure it operates correctly if people reference it as the true web server domain name, www.mydomain.com. Since if you change www.mydomain.com in the DNS Server to point to the development server everyone on the Internet would connect to that server, instead of the real production server. This is where the HOSTS file comes in. You just need to add an entry into your HOSTS file that maps www.mydomain.com to the IP address of the development server on the computers that you will be testing with, so that the change is local to the testing machines and not the entire Internet. Now when you connect to www.mydomain.com from your computer with the modified HOSTS file you are really connecting to the development machine, but it appears to the applications that you are using that you are connecting to www.mydomain.com.​
    Potentially Increase Browsing Speed - By adding IP address mappings to sites you use a lot into your HOSTS file you can potentially increase the speed of your browsing. This is because your computer no longer has to ask a DNS server for the IP address and wait to receive it's response, but instead can quickly query a local file. Keep in mind that this method is not advised as there is no guarantee that the IP address you have for that domain name will always stay the same. Therefore if the web site owner decides to change their IP address you will no longer be able to connect.​
    Block Spyware/Ad Networks - This reason is becoming a very popular reason to use the HOSTS file. By adding large lists of known ad network and Spyware sites into your hosts file and mapping the domain names to the 127.0.0.1, which is an IP address that always points back to your own machine, you will block these sites from being able to be reached. This has two benefits; one being that it can make your browsing speed up as you no longer have to wait while you download ads from ad network sites and because your browsing will be more secure as you will not be able to reach known malicious sites".UNQUOTE.



    the website : http://www.bleepingcomputer.com/tutorials/tutorial51.html :)(y)
     
  11. Bud Norris

    Bud Norris Thread Starter

    Joined:
    Jan 31, 2003
    Messages:
    93
    So Norton redirects your computer to their special site and then connects to the site you are caling for in order to filter the info through their anti-whatevers, huh?
    Well it may sound good but when something happens that somehow changes the hosts file so that you cannot access this special site you're screwed. Does Norton tell you about this possibility?

    Also this computer had just the address 127.0.0.1 without any port number.

    Talk about possible slow access time, having to access Norton before calling for the address you want sems like it would slow things down. The posibility of something happening to cause failure to be able to access the web with your browser is obviously greatly enhanced. As happened here.

    The plain Norton anti-virus program doesn't do anything like that. I've used it for years and never had any such thing happen to me. Also my hosts file is empty except for some info SpyBot puts there on known bad site names to prevent calling them up.

    Once again this proves to me that the fancier your programs get the more risk of failure you encounter. That's why I don't use Norton's Security Suite!
     
  12. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,793
    I turn off things like that.
    Got a-squared Anti-Malware that is a paid program but I won it so it was free. But I don't like to keep it running and only open it every so many days to update it and then I close it down.
    But it has "surf protection" and that was a pain so I turned it off. Seems to read also from your hosts file so your bugged all the time and if you have a hosts file and know how to use it then the "surf protection" is over kill.

    In my Online Armor paid version there is "web shield" works some what the same but was not as bad but it keep me from doing things my way so I disabled that on my firewall.
     
  13. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    I can't decide whether you are just being argumentative or whether your really don't get it.

    You don't go to a "special site" that Norton "sends you to". A specific program on your computer, written by Symantec, and having a specific port number, is inserted into your browsing path. Your hosts file has nothing to do with that.

    And your computer ADDRESS is 127.0.0.1. Any program on your computer can open a port, which will then be used by any program that wants to use it - and that program will address using the 127.0.0.1 : portno scheme.

    I actually think you are just being argumentative, and I find dealing with that to be a waste of time and bandwidth.

    You have been told. This is how it works. Period, end of discussion. Not going to debate with you whether or not it should be; based on your comments it is clear you lack the qualifications to have that debate.

    This is how it is. Period.
     
  14. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear Hewee,
    you are an ACE at winning things in contests! You won WinPatrol and now a-squared Anti-Malware! Must have won many things in between! You are being coy:Dlol! If you cannot make the @op understand the nuances of the Hosts file, then nobody can! To a certain extent, JimI8 is right! WinPatrol and Hosts file are so much in sync, i don't know really why he's bringing up Poor Norton.:confused:
     
  15. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,793
    The WinPatrol was my first went over at a contest at Calendar of Updates that had to do with I think the Calendar of Updates logo or site Wallpaper. They had other contest too.
    But with grand prize, 1st, 2nd, 3rd etc and on a couple of them only a couple people got into the contest so I could not lose and won more then one because I won on each grand prize, 1st, 2nd, 3rd etc. :D
    It was way to easy. Even got a free WinPatrol from Bill for help out at his forum when it was over at CastleCops ยป Security Forums that closed down because he went to work for MS. I won programs I never installed and also wonder 3 to 4 of the very same program. Running on the 3rd version of the Online Armor that runs out in 2 months and then I have another I goofed and started when I started a new account when I was wanted to add to the one I had so time started on that free year of the paid version. But I have another Online Armor ++ also I got for free from a gaveaway and that one has not been started. Not sure how it installs and what can be disabled because the ++ part is I think "a-squared Anti-Malware" and I don't want it running all the time.
    I won the most and all programs from http://www.tenebril.com/index.php but after the newer SpyCatcher version it had so many things that was false I no longer trusted the program. Got 4 copy's of it too. GhostSurf was a pain to use because it was always asking what to do and the version I had was using up all my memory. It did something ever so many seconds and from fresh start up of the computer after 15 min's it used all the memory up and then the PC got slower because it was having to use the swap file on everything. They had a cool post it notes program too but the really cool part like using it in email or web sites and then give it to others was the other person would have to have the program also so what good is it. I don't even see it at the site now.

    See this here also.
    Securing Your Web Browser

    Blocking Unwanted Parasites with a Hosts File
    Plus more from click from the dropdown at the top.

    Using the Windows Hosts File

    http://hosts-file.net/

    How to use Hosts

    I started out using eDexter long long ago.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919267

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice