The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.
You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.
In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".
What is a HOSTS file? It is Windows specific — The HOSTS file's primary function is to speed up surfing the internet by caching IP address. A select group of IP address's to your most visited websites could be stored in the HOSTS file.
Let's say CNN's website is cached in the HOSTS file then the entry would look like this
Whenever you type in www.cnn.com in your web browser it will use the IP address 18.104.22.168 located in your HOSTS file instead of having to request it from your ISP's DNS servers (or a parent DNS server up the chain)
Hijacked HOSTS file: A useful tool, however it can be subverted by various spyware programs, redirecting a user away from a legitimate site and sending them to their portal instead i.e.
Let's say we wished to get our Amazon lookup to point to CNN's website
We would add this line to the HOSTS file.
This line now points all references to www.amazon.com to CNN's website.
Where is the HOSTS file located?
Windows NT/2K/XP = [System root]\system32\drivers\etc
Windows 95/98/ME = [drive]\windows
The [drive] is usually drive "c:"
The [System root] is usually "c:\winnt" or "c:\windows"
For Windows Vista: By default, if you try to modify your hosts file in Vista, it will not let you save it. It tells you that you don't have permission. To successfully modify the hosts file, run notepad.exe as an administrator and open the file.
1) Browse to Start -> All Programs -> Accessories
2) Right click "Notepad" and select "Run as administrator"
3) Click "Continue" on the UAC prompt
4) Click File -> Open
5) Browse to "C:\Windows\System32\Drivers\etc"
6) Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7) Select "hosts" and click "Open"
8) Make the needed changes and close Notepad. Save when prompted.
Of course the HOSTS file can also BLOCK undesirable websites as well
By redirecting them to your computer (127.0.0.1)
However this will generate a page not found error.
Let us say we wanted to block www.cnn.com, we would do the following
If there is no web server on your local machine then you would get unable to connect to site. If the local computer has a web server then it will serve that web servers default webpage, if no web page is found then it would issue a "page not found" error.
You can download and and replace your HOSTS file with this list of known adware, spyware, annoying websites. hosts.zip (32k)
Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.
To resolve this issue (manually) open the "Services Editor"
Start | Run (type) "services.msc" (no quotes)
Scroll down to "DNS Client", Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, or Disabled (recommended) click Apply/Ok and restart.
When set to Manual you can see that the above "Service" is not needed (after a little browsing) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column.
Note: The above instructions are intended for a single (home-user) PC. If your machine is part of a "Domain", check with your IT Dept. before applying this work-around. This especially applies to Laptop users who travel or bring their machines home. Make sure to reset the Service (if needed) prior to connecting (reboot required) to your work Domain…..
Resolution Order: When is the HOSTS file referenced, what is the order of lookup and can this order be changed?
The order is as follows:
- Check to see if the name queried is itself.
- Checks the local HOSTS file.
- Check the domain name servers (DNS).
- Checks the NetBios name resolution.
Can the order be changed? Yes
The registry settings is for Windows NT 4.0 SP4 and above.
(Previous to SP4 changing the registry values had no effect on the order)
You can get windows to use the NetBios lookup first BEFORE the DNS sequence, (the DNS sequence is listed above, 1-3).
Go to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
click "add value";
Value name: DnsNbtLookupOrder
Value: 1 or 0 (default=0, DNS is used first, 1 then NetBios lookup is used first)
Save and restart your computer
But what is the exact order that NetBios uses?
- NetBIOS name cache.
- WINS server.
- B-node broadcast.
- LMHOSTS file.
- HOSTS file.
- DNS server.
More Reference Links on this issue: