Verifying HOSTS File Entries

Verifying
HOSTS File Entries

The HOSTS file is verified prior to each new update. This is accomplished by verifying that each entry returns a valid DNS (similar to Nslookup) then these (dead) entries are either removed or commented. These comments are entered as "#[server down?]", in some cases the hosting server is down, thus returns no DNS. In other cases the domain may have been suspended for abuse, or the registered owner has let the domain expire. Domains that are expired or down for extended periods are removed.
Comments in the HOSTS File
The comments are included in the shipped version to allow the end-user to determine (if needed) why the entry exists. Over time the amount of entries has grown to a point where it's too easy to forget why they exist without them. This is also done for obvious legal reasons.
Why do I see the "HOSTS file too large" in SpySweeper
For whatever reason Webroot has decided that the end-user only needs 500 entries in the HOSTS file. They have stated they are working on the problem ... until then the work-around is to disable Hosts File Shield.
Open Spy Sweeper and click Options. Click Shields and click Hosts File. Uncheck Hosts File Shield
Is Merging the MVPS HOSTS file with others recommended?
Not really ... and for several reasons. The main reason is the MVPS HOSTS file is verified prior to each update, in many cases there are as many entries removed as there are added. If you simply Merge the file with your existing file, these removed (dead) entries are never removed and the file will continue to grow needlessly.
Another reason is how valid are these other HOSTS files? ... many of which are just copies of someone else's work anyway, and are not updated on a regular basis.
Do other programs add entries to the HOSTS file? [return to FAQ]
Yes there are several legitimate programs that add entries to the HOSTS file. This is why it's important to keep a backup of your existing HOSTS file. When you update via the "mvps.bat" this will rename your existing file. If needed you can open HOSTS.MVP and copy and paste to the new existing HOSTS file any other needed entries.
FireTrust Benign adds entries - more infoJBF sends along this tip: I did some testing on a new machine and let Firetrust just do the entries and they were all at the bottom of your (HOSTS) file of course. I find that Firetrust B9 is a wee bit slower in getting to the entries when at the bottom. When I moved them to the top of the file and right under the "127.0.0.1" (localhost) and speed up was clearly noticed.
AdSubtract - more info
Some (older) versions of Norton Antivirus - more info
Why do I get a Google /Dell search page instead of a blocked ad?
It seems that Dell has added several new Google related programs to their new machines. One of which causes a blocked advertisement to return the user to a Google/Dell search page.The solution (provided by Jill C) is to uninstall Google AFE (older versions) via Add Remove.Newer versions of the pre-installed Google/Dell add-ons = uninstall - Browser Address Error RedirectorEric Osborne sends along this tip: If the above Google programs are not listed in Add Remove ...Go to - Internet Options Programs Manage Add-ons disable CBrowserHelperObject
Why do I see "Access Denied when updating the HOSTS file? (ZoneAlarm)
There is a problem with certain versions of ZoneAlarm Firewall where the HOSTS file is "locked" even though that option is unchecked in the options. To resolve this problem:
1) ZoneAlarm Control Center > Firewall (left pane) > Main (tab in the right pane)2) Advanced (button at the bottom) > and find "Lock hosts file" Check "Lock hosts file". Click OK.3) Click Advanced (button at the bottom) Uncheck "Lock hosts file". Click OK.
You should now be able to update the HOSTS file, however until ZA resolves this problem, on the next Windows restart the file will be locked again (even if that option is unchecked) ... hopefully ZA will correct this shortly!
To Update or Edit the HOSTS file for ZoneAlarm Pro or Security Suite users:1) Program Panel -> Main -> Program Control -> Custom button -> OSFW tab.2) UNcheck the box for OSFW, (Operating System Firewall) then reboot.3) Make your changes (edit or update) to the HOSTS file.4) Open ZAP/ZASS and re-enable OSFW and reboot
Why can't I view the videos at FoxNews? (FoxSports) [return to FAQ]
Unfortunately the Fox News Network has decided to inject commercials into their "Free videos" which are heavily laden with 3rd party ad servers and trackers. You can see the commercial here which plays before whatever video you have selected, to see just a partial list of the 3rd parties involved click here. There are so many I couldn't get them all on one screenshot ... but you get the idea.
Workaround:The only alternative is to rename the HOSTS file ... which you can do on-the-fly ... Important! Just don't forget to enable it again after watching the commercials with your video ...
Why do I get an error trying to Save a webpage in Internet Explorer?
The best explanation I can give you is ... when the browser tries to "Save" the page ... it reads the HTML code on the page and NOT what is actually loaded ... so when there are several items missing, or blocked in this case, it can not complete the task and quits, which generates the Error Saving Web Page.Workaround: rename the HOSTS file and try again ... just don't forget to rename it back again ... also the HOSTS file may not be the cause of the "Error Saving Web Page", an entry in the (IE) Restricted Zone will also cause this as that entry will prevent anything from being downloaded from that site ... or it may be - Error message: This Web page could not be saved
Tim H sends along this tip ... another way to save a webpage is to install one of the free PDF printer File creators then you simply choose File > Print PDF and save as PDF
Why does Symantec (Norton 2007) detect a possible malicious entry in the HOSTS file?
"A malicious entry in your hosts files could prevent LiveUpdate from retrieving updates for your Symantec products, including anti-virus updates. Generally, Symantec LiveUpdate server entries should not appear in your Windows hosts files. Update has detected a potential security compromise on your computer: one or more entries should not appear in your Windows hosts files."
Lists the address 'om.symantec.com' as being in the hosts file and ask what action to perform:Click the drop-down arrow and select option #2 (highlighted in bold below)
1.Leave the entry in the hosts file (warn me about them later)2.Leave the entry in the hosts file (do not warn me about them later)3.Remove the entry from the hosts file (Recommended)
om.symantec.com is really an alias for symanteccom.112.2o7.net (Omniture is a 3rd party data miner)tc.symantec.com is really an alias for symantec.tcliveus.comThese entries do not affect LiveUpdate. See screenshot here - and a related HOSTS News Blog entry hereBoth of these entries are running on Omniture's server and thus are controlled by them, not Symantec.
David B sends along this tip for Norton 360 users ... seems the "Network Address Check" feature scans the users HOSTS file and removes all entries ... Yikes! To prevent this go to the "Undo & Exclude Advanced Settings" screen and exclude the HOSTS file from scanning.
John W sent along additional info on Norton360 ... to exclude the HOSTS file from being scanned:Under Virus and Spyware Settings File Exclusions:"Which disks, folders, or files to exclude from risk scanning"enter the location (generally) - \WINDOWS\system32\drivers\etc\HOSTS
Note: If the HOSTS file is removed by a scan, it can be moved from the Undo List to the Exclusion List by selecting it then clicking Restore Item to system. [screenshot]
Why does Spyware Doctor detect "Possible Website Hijack" in the HOSTS file
Here is yet another false detection by an Antispyware product. This is caused by the coders that have no clue ... the entries detected [screenshot] are all legit entries for the HOSTS file. You can either set these detections to "Ignore" or disable the option for scanning the HOSTS file.
Folks as I've said before anytime after running a scan of any security related product and the only detection is one or more entries in the HOSTS file, this is most likely a false-positive and should be ignored, or excluded from future scans. There is no known infection that only affects the HOSTS