Use a Server HOSTS File to Block Malware

People have been using HOSTS files to block malicious and annoying programs on their PCs for quite some time. However, you can also use them on some servers.

Readers

June 27, 2007

2 Min Read
ITPro Today logo in a gray background | ITPro Today

I had been considering the installation of a black hole DNS solution to supplement all the other layers of security on our computer system. With this type of solution, you configure a separate DNS server to answer queries from domains associated with malware, spyware, and other malicious or annoying programs, such as ads, banners, and page counters. However, I wasn't keen about having to install another DNS server. Nor was I thrilled with the prospect of having to create and maintain all the necessary records, which is time-consuming. So, I decided to check into some alternatives.

For a long time, I've known about the HOSTS files that are available on the Internet for home users. Like black hole DNS solutions, HOSTS files can be used to block malicious and annoying programs. I decided to give them a try. After looking at several Web sites, I decided to use the HOSTS file from MVPS.org. The criteria this HOSTS file uses to detect malicious and annoying programs are very thorough. And the HOSTS file is updated periodically.

You typically use HOSTS files on individual PCs, but I wanted to see whether I could get them to work on some of the servers in my small home network. I first tried MVPS.org's HOSTS file with my DNS server. Not surprisingly, it didn't work. I then applied the HOSTS file to Microsoft ISA Server 2004. After a reboot, it worked! The malicious and annoying programs were blocked, and the client response times actually sped up. Although the HOSTS file appears to have no effect on firewall traffic, it works great on proxy traffic. It also works well on ISA Server 2006. I suspect it would work equally well on other proxies and gateways.

Since the evaluation went well on my home network, I implemented the HOSTS file at work. We experienced the same results, as indicated by our client security software, which reported fewer incidents. In addition, I implemented the freeware HostsMan to automate the HOSTS file updates. Since the implementation six months ago, no problems have occurred.

With MVPS.org's HOSTS file, I'm able to protect my entire enterprise with another layer of security that's easily updated and maintained. Kudos to the MVPS.org folks for offering this freeware.

—Rob John
Network Operations Manager
Hyundai Motor Manufacturing Alabama

Editor's note: This Reader to Reader item was a winning entry in the Know Your IT Security contest sponsored by Microsoft Learning Paths for Security.

Share Your Security Experiences


Share your security discoveries, comments, solutions to problems, and experiences with products. Email your contributions to [email protected]. Please include your full name and phone number. We edit submissions for style, grammar, and length. If we print your submission, you’ll get $100.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like