Geek Friday: Circumventing the Advertisers Via HOSTS File

When you type the name of a site into the address bar of your favorite browser, Windows tries to find the numerical address that the name points to.  When it finds the numerical address, it will then send a request to that address for the page being sought.  If the name cannot be translated, the browser will give the “sever not found” error message.

Normally, site names are looked up using a Domain Name Service (DNS) server that keeps a table of these name-address translations.  If the entry is too old or if the name hasn’t been looked up previously, it will ask further up the line until a match is found or it is determined that a match does not exist.  If a match is found, the address is cached on the server for future retrievals for whatever time limit is set by the server administrator.  The numerical address is then returned to the client requesting the lookup.

However, a computer may attach to other servers or computers on its local area network (LAN) that are not in the DNS system.  Usually this is because no one outside of the LAN is expected to try to communicate with those machines.  In fact, such communication may not even be desired.  There are a few ways to deal with this situation, but one method is to use the local machine’s HOSTS file.  Windows will first do any lookups using this file before doing a DNS query.

There may be other reasons to use a HOSTS file, but most of those reasons are obsolete and can have negative consequences.  An entry in a HOSTS file assumes that the address will never change, but in reality addresses on the Internet change all the time for various reasons.  That is why a DNS server will rarely take more than 48 hours to expire a particular entry from its cache.  The larger servers will expire much more frequently than that.

One effect of a HOSTS file can be redirecting browsers to other servers than what the DNS server would return.  Malware can use this to redirect surfers to servers that host more malware or to sites that illegitimately count as hits for ads.  However, this same effect can be used to redirect sites that serve up ads, banners, tracking cookies and more back to the local machine.

The universal IP address for “localhost” is 127.0.0.1.  By putting these unwanted sites into the HOSTS file and redirecting them to 127.0.0.1, they are then pointing to the localhost machine rather than their real site.  This prevents the loading of the ads, banners, etc.

The MVPS HOSTS file is the most comprehensive one of its kind, and it is available for free (however a donation for their effort would be a good idea).  The site is full of information about how it works and how to install the HOSTS file.  In addition, it is updated on a regular basis (which means you need to check regularly or sign up to get notified).

Website Apps Website Monitoring