Taking Control with the Hosts file

One of the lesser known, but important files included with Windows is the hosts file. It’s a simple text file without a file extension that was designed to map or override IP addresses before accessing a domain name server. Recently, it’s taken a more protective role in ad blocking and stopping spyware.

Another way to think of a hosts file is as an address translator and redirector. If you went to New York City and asked to go to the New York Times Company, someone would translate your request into 229 West 43rd Street. A similar process happens on the web. Your browser first checks your hosts file to see if it has an IP address for nytimes.com. If the hosts file has an entry it is used, otherwise a domain name server is queried to get the IP address of 170.149.168.130. (Yes, technically, you can enter that IP address into your browser’s address bar and get to www.nytimes.com.)

One benefit of using the hosts file is precedence. Most systems access this file first because it’s loaded into the computer’s memory at start up. There are some exceptions such as people who use proxy servers.

When various types of Internet advertisements became invasive, some people used the hosts file as a means to bypass the ads. People would add an entry to their hosts file that redirected an ad server away from the intended destination. Or, using our analogy from above we could redirect the New York Times traffic to your home address.

This redirection can be accomplished by adding a line such as the following to the hosts file:

127.0.0.1 www.timeatlas.dev

In the above example, I’ve added an entry for my test domain which is on my desktop. When I type the domain into my web browser, the system first looks in the hosts file and find the entry 127.0.0.1. This IP address is a universal address assigned to the localhost that is your PC. So, rather than going to the true IP address, the request would stop at your PC and the ad wouldn’t appear. You can also add a # sign and comment to identify the site. In this case, timeatlas.dev doesn’t exist out on internet.

Alternate Uses of Hosts File

This same process is also used by some anti-spyware and ad-blocking packages. Instead of redirecting ad servers, they protect you by preventing access to various sites. Typically, these are sites that have spyware, malware or adult-orientated material. Some of these programs also lock the hosts file or alert you if there have been changes.

Because the file can redirect traffic, some malicious programs have tried to insert entries into this file for their purposes. One morning, you type http://www.nytimes.com/ and you’re now staring at some adult site in Eastern Europe. Sorry, the hosts file doesn’t do any site verification. If there is an entry for the New York Times that maps to an IP address in Eastern Europe, well that’s where your browser will go. As this example illustrates, you can be hijacked as you can use any IP address and not just 127.0.0.1.

Location of the Windows Hosts File

The good news is you control the hosts file. You can easily add, edit or delete entries using a text editor such as Windows Notepad. The exception is Windows Vista & Windows 7. Microsoft support has provided a knowledge base article on modifying the hosts or lmhosts file.

It’s probably worth 5 minutes to look at the file in case you ever need to change the contents. The hardest part, is probably finding the file as the location differs based on which Windows operating system you are using.

Windows 8, 7 & Vista – C:\windows\system32\drivers\etc
Windows NT – C:\winnt\system32drivers\etc
Windows XP – C:\windowssy\stem32drivers\etc

If you want to find out more about hosts file, there are plenty of articles and resources. Some people have compiled their own lists that you can download. Others have programs that make editing the file easier. And if you do decide to change your hosts file, please remember to make a backup first. You’ll also need to reboot your computer to have the changes work.