1. Like I said to John: But at any rate, it's not a waste of time because of course not every kind will do this, only rare forms of malware will, so if it's read-only it's still going to be MUCH safer. It's logical to leave it read-only so it will be a safe as possible. 2. I can and never will recommend to anyone to not use a firewall. Especially for newbies. They can literally save your butt! Sure some of them can sometimes be confusing and complicated, but that just depends on which one you use, and like most things on your PC, you simply must LEARN about it! We all have "a personal obligation to ourselves" to use one and learn about it. Even one on the basic default non-confusing settings is better than none at all. I believe it was SP2 that put the FW on by default. 3 & 4. No and I'm still wondering how to incorporate both. That site you mentioned may have the answer, http://www.abelhadigital.com/, but it seems to have many bugs in it: "ATTENTION: This release doesn't fix many bugs that were reported after v3.1.55, but (most of them) are fixed in the UNstable version (3.2)." So what I did was put a test area in my hosts file: 127.0.0.1 www.HostsFileTest.com 127.0.0.1 HostsFileTest.com ....but I'll have to wait until there's another SpyBot hosts file update to see if that area still remains. Well this doesn't look good and appears to certainly be a problem: what I did for now, was undo the Immunize area, and that set the hosts file back to default, empty. I then enabled it again and what I added was gone! So much for that. I would think the same problem will happen with new SpyBot updates. My hosts file now is only 9974 lines long, and yesterday it was 9986! So it would also seem that SpyBot screwed something up and didn't even able all of ITS OWN hosts file additions like they were! Because on this particular format, I had not yet added that many new entries (12) to my hosts file. I'm glad you mentioned that about SB updates possibly deleting custom entries. The answer seems to be "yes". So we're going to have to find a way around this, and regarding your #6 (you had two 5's but I changed it below in your post), adding new data to a hosts file is going to have to wait until we can find out how to incorporate ALL origins without them overwriting each other. The answer could be we have to do it manually, which is a real PITA. You'd have to make a copy of it BEFORE there's a new SB update, then let SB update the file, then find all the duplicates and remove them, then add them again from other origins! At least http://www.abelhadigital.com/ may be used to find the duplicates. But you can't download it now because they've reached their quota!!!! And the mirror download for the STABLE release version is the wrong link, it goes to the BETA version! After some searching I found it here if anyone wants it: http://www.snapfiles.com/download/dlhostsman.html 5. I asked that yesterday of Hugh I think it was, I haven't seen a reply yet. There are no IP addresses in the hosts file, so it must be that way for a reason, as in it's possible you can't put them there. I just tried looking for info on this and can't find any. -Clint God Bless Clint Hamilton, Owner http://www.OrpheusComputing.com http://www.ComputersCustomBuilt.com ----- Original Message ----- From: "David Grossman" Thank you for your responses. 1. John's response confirmed one of my initial suspicions, as I wrote in my initial message - that malware can change the Read Only attribute, so the setting is of little value. 2. Hugh presented a surprising, but somewhat convincing argument against using a firewall. Have others had similar experiences? Is the problem limited to Comodo? Actually, everybody probably DOES have a firewall installed and turned on by now. The weak Windows firewall was turned on by default with XP SP1 or SP2 (I forgot which). Hugh, do you turn off the Windows firewall for your clients, or do you disable it when there is a problem? 3. Clint, you asked whether there is anything wrong with having duplicates in the Hosts file. Did you get a response? If they will not cause a problem (except for possibly adding some nanoseconds for websites to load) then we can just add lists with addresses. 4. I'm still concerned about Spybot or other antimalware programs deleting the entries that I add. 5. I would like to confirm my understanding about adding IP numbers instead of website names to the Hosts file. Is the following summary correct? - Add website addresses to the Hosts file - Add IP numbers to the Restricted Zone 6. I'd like to find out the experience of others with the HostsMan and Wikipedia hosts files before installing them in my computer. Has anybody on this group used them? David Grossman > -----Original Message----- > From: pcworks-bounce@xxxxxxxxxxxxx > [mailto:pcworks-bounce@xxxxxxxxxxxxx]On Behalf Of John > O'Flynn > Sent: Monday, November 24, 2008 1:25 AM > To: pcworks@xxxxxxxxxxxxx > Subject: Re: [PCWorks] A tip for stopping annoying harassing > "slide-ups" (a kind of pop-up) immune to pop-up blockers > > > Some people are finding HostsMan useful. > http://www.abelhadigital.com/ > I haven't had time to check it out, but as I understand it, > it alows you > to combine hosts lists from various sources (eg MVPS) and > takes care of > duplicates. > > There is some good info and a list of custom hosts files > here: > http://en.wikipedia.org/wiki/Hosts_file > > I read somewhere but can't remember where, that setting the > hosts file > to read only is a waste of time because some of the newer > malware can > simply undo this setting and tamper with it. > > John > > > ----- Original Message ----- > From: "Hugh Vandervoort" <hughv2@xxxxxxxxxxx> > To: <pcworks@xxxxxxxxxxxxx> > Sent: Sunday, November 23, 2008 12:23 PM > Subject: Re: [PCWorks] A tip for stopping annoying harassing > "slide-ups" > (a kind of pop-up) immune to pop-up blockers > > > > Here's the entry in my Hosts file: > > # Start of entries inserted by Spybot - Search & Destroy > > 127.0.0.1 007guard.com > > 127.0.0.1 008i.com > > ... > > I Installed the MVP Hosts file first, then the S & D file > > > > I've installed many a firewall, and almost all my users end > > up > confused. > > I know the conventional wisdom, and I, as well as many > > others, reject > it. > > Just one of many examples: > > > > "After seeing the recommendation about Comodo, I decided to > > try it. > > After half a day of unsuccessfully trying to get it to play > > nice with > my > > system, I finally decided to uninstall it. After the > > uninstall, > nothing > > worked. No Internet connection, nothing in the Control > > Panel would > work, > > Firefox would not start, Spy Sweeper hung, etc. Had to > > resort to a > > system restore. After doing some research, a lot of others > > have had > > problems as well. Just a word of caution." > > > > Thanks, but no thanks. > > > > > > Clint Hamilton-PCWorks Admin wrote: > > > (Regarding #1, he was talking about the Restricted Sites > > > area, > > > not the hosts file). > > > > > > Regarding #2; you can't put IP addresses in the hosts > > > file? > > > > > > #6.......HUH???? I'm shocked to hear that. :-0 Whether > > > the > > > security is a "false sense" or not, there's no denying > > > the fact > > > they block a multitude of sins. I don't call that false > > > sense > > > of security. Without one, you have no idea when > > > something is > > > getting access to your PC--deleting data, stealing > > > sensitive > > > data, adding malware, etc. > > > > > > Has anyone been able to determine yet if when SpyBot > > > updates > > > the hosts file, it overwrites any custom entries added > > > either > > > by you, or by MVPS? Or does it just add the new data to > > > the > > > file leaving what's there intact? If the latter, then > > > how can > > > it do it alphabetical order? > > > -Clint ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-