Ok I just found out something possibly troubling regarding #8 below. SpyBot just had an update, and it would see on its "Immunize" page if you look through it under IE you'll see "Domains" and "IP's" which could be hosts file updates, but also at the very bottom is the hosts file itself, which currently lists 9948. My hosts file earlier had 9984 lines (not all are actual domains or IP's, some are comment lines), and now after the SB update it has 9986 lines. Only 2 more, but it could have had much more updates than that. So the only way I can know is if I can remember one of the domains I added, then see if that domain is in the new hosts file. If it's not, then that would mean SB only updates its OWN additions, and you lose anything you added, and you lose what's added from that site Hugh mentioned. -Clint ----- Original Message ----- 1. You just click "Add", then do it again and again for each site. 2. Adding one to the hosts file totally blocks ALL and ANY access, you can't even get to the site. 3. No, if it's in the hosts file it doesn't need to be in Restricted Sites. 4. I'm not sure, theoretically only YOU can modify it (or allow access to it) because it's read-only. Try and make a change to it as-is and watch what happens, so yes, it's read-only for a good reason. Many anti-malware programs will lock it.....it could be it's not read-only by default, and maybe SpyBot, Spyware Blaster or other may make it read-only, I can't remember. Spyware Blaster will make encrypted backups of it, and restore a backup if something screws it up. SpyBot also makes backups and can restore them. I remember seeing something like "Lock hosts file" on one of my anti-malware programs, but I can't find it now on any of them. Spyware Terminator has "Hosts intrusion prevention system". My AV software "Kaspersky Internet Security" (KIS) won't allow ANY changes to mine unless I allow it, so it protects me from it getting changed without my permission. 5. Yes & yes, but if there's any entries in yours you may want to see if they're in mine and if not, add them. 6. I've never seen nor heard of a firewall-alerted attack or potential firewall-alerted attack that did anything to the hosts file. It may exist, I've just never heard of it. There's not much of a reason for a site to do that: if it's listed in your hosts file, you can't even get to the site for it to even try anything with your hosts file. A FW can block that kind of access from a site or IP, but only if it's a decent one. KIS that I use would prevent it. (It's also a firewall and system-wide protection suite). There's much more lucrative efficient things for malware to do to a PC than to just modify the hosts file. 7. I'm checking into that now. 8. From the looks of it, it may update it and then saves the previous one as a restorable backup, because I have a bunch of them. FAIK it may not ever update the hosts file, I've never checked. The backups created just could be periodical backups. For it to be able to update the file that, it would have to be able to override the PC's setting of read-only on the file. I don't know if it can do that. The domains it puts in the hosts file could be only put there just after you install it, and tell it to add its list to your hosts file, and it may not be updated again, and that may be when it makes it read-only. ? If so, then it could have precedence over the read-only setting, and be able to unlock it, update it, then lock it back. But, I've never gotten any alert from KIS that it was trying to do that. I'm going to have to try and remember what I last added to my hosts file, then watch for any SpyBot hosts file updates, then see if what I added is still there. -Clint God Bless Clint Hamilton, Owner http://www.OrpheusComputing.com http://www.ComputersCustomBuilt.com ----- Original Message ----- From: "David Grossman" This is a very useful and important tip, Clint. Thank you. For those who are having difficulty finding it, the Restricted Sites area that Clint mentioned is located at Tools - Options - Security - Restricted Sites in my OE6. Clint, I have a number of questions: 1. I see how to add a single line to the Restricted Sites, but I do not see how to add multiple lines. How is that done? 2. Please explain how the Hosts file is better than the Restricted Sites - or what is the difference between them. 3. Is there any advantage to having the restrictions in BOTH the Restricted Sites and the Hosts file? 4. Can't malware also unprotect the Hosts file (by removing the Read Only attribute) just as we humans can? Does the Read Only attribute really add protection? 5. Does your hosts.zip file include the Spybot items? Can I just replace my hosts file with yours? 6. Shouldn't a firewall block these intrusions from other websites? If so, shouldn't we be making changes in our firewalls? 7. Hugh recommended a different file. Is there a way to merge your file, Clint, with Hugh's? 8. When Spybot updates the Hosts file, does it just replace the file? If so, then any additions from Clint and/or Hugh and/or mvps will be deleted. David Grossman > -----Original Message----- > > Most of the pop-up blockers we use won't stop many kinds of > them. If you've gotten as fed up as I have with them, > there's > a couple of things you can do to wipe them out, site-by-site. > I was getting infuriated with a particular "slide-ups" at > some > sites I frequent. As the name implies, they slide up in some > sort of a slower animated form onto the webpage rather than a > pop-up in a separate window, (this is why the pop-up blockers > won't work on them), and always, as all of them, with some > totally useless BS on them like "Hi, my name is [....] and > I'm > looking for a friend", from all those kinds of > "cyber-terrorism" > dating sites for example. (I fail to see why anyone with an > otherwise legit website would want to contaminate their site > with this kind of garbage). > > This is on IE, I'm not sure how to do this in FireFox. The > first thing you can do is put the domain of the offending > pop-up/slide-up in the Restricted Sites Zone. For those of > you > that don't know, as the name also implies with this it's a > more > restrictive zone than the default "Internet Zone" where many > things are not allowed like various downloads, Cookies, > redirects, scripts, etc. You should use these types of > formats: > > BadDomain.com > www.BadDomain.com > *.BadDomain.com > > The *. should be inclusive of the www version since that's a > wildcard, so it may tell you it's already listed in the zone, > so > add the www version before the wildcard version. The reason > for the wildcard is that protects against ads.BadDomain.com, > ad.BadDomain.com, banners.BadDomain.com, etc. If you > make an error, it will tell you the correct formats it > accepts. > > The other thing that works even better is to put the domain > in your "hosts" file. (I don't know if FireFox uses the same > file or not). You can search your HD for it, or it should be > at the path "C:\WINDOWS\system32\drivers\etc". This is > a read-only file, so you have to right click it, Properties, > then uncheck "Read Only" > Apply > Ok. Then open it in > Notepad. The domains listed in the file are in alphabetical > order, so you have to search through it for the right spot. > Note the locations of the www versions of the domains in > the file, then do the same in the right spot with your > offending domain. Then close out of the file saving it, > and BE SURE to set it back to read-only! > > For those that don't know, the "hosts" file controls the > websites visited on the host PC by not allowing access to > them. By doing this, it also totally blocks anything that > could > come from the website, including bogus IM's and these > kinds of annoying pop-ups & slide-ups. > > If anyone is not using a hosts file, or it's blank (and if so > it > means you're not using SpyBot which is bad), the format is > like this: > > 127.0.0.1 www.BadDomain.com > 127.0.0.1 BadDomain.com > > After adding numerous domains to my hosts file, I'm no > longer bothered by these nuisances. > > To find the offending domain, if the whole thing is clickable > just right click the slide-up/pop-up and "Copy shortcut" > then paste it somewhere and you can see the domain. > If the whole thing is not clickable, then just do this with > a link in it. If you still can't find the domain, if "Copy > shortcut" is grayed out or not there, then you'll have to > click it. Just be sure to immediately click "Stop" to > stop the page from loading, and you can get the domain > URL from the address bar. (You don't want to give them > any traffic or risk getting malware from their site on your > PC). > > Like I mentioned above, SpyBot does a great job of > modifying your hosts file. It adds many thousands of > nefarious domains (about 4500+ so far) that protects > your PC from anything from these domains. But it does > indeed leave many out that should be added. If anyone > wants to use mine, or see it to be sure your syntax or > format is correct for anything you want to add, I've > uploaded it and I'll leave it there for a few days. > There's almost 10,000 lines in mine. > http://www.orpheuscomputing.com/computers/hosts.zip > -Clint ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-