Hostsman makes it easy to block malware with a hosts file

I’ve written before about using the hosts file to block domains that are hosting malware. The idea is pretty simple. There’s a known list of domains that are either hosting or controlling malware, so by blocking your computer from accessing those domains, you make it much harder to get infected in the first place, and in the event that you do get infected, at least you block access to the command and control servers.

The problem is that Windows doesn’t make this easy. Well, I found an easy way: Hostsman. You can have it up and running in minutes.

Here’s what you do. Download Hostsman from the link above. Extract it. Run it. Click Run as administrator if needed. Click Select sources. Tick the box labeled Malware Domains. Click Close. Click Check For Updates. Let it download and merge the hosts file. After it finishes, click Dismiss. Click Configure Updater and tick the box for the second option, Automatically check and download new hosts file updates. I also uncheck the option to ask for confirmation. Click OK.

That’s it. I got it done in five minutes, even with writing this up and getting interrupted every 30 seconds.

This isn’t a substitute for antivirus software by any stretch, but it augments antivirus. Here’s the theory behind it.

The most feared malware going around right now is a program called Cryptolocker. If you get infected, it encrypts all your Office documents with military-grade encryption (AES 256), then demands payment in bitcoins within 72 or 100 hours. If you don’t pay up, it destroys the key, making decryption impossible. Well, for 15-20 years at least, which is when most experts believe brute-forcing AES will become somewhat practical.

But if you block the servers Cryptolocker uses for command and control, you can be infected but never show the signs of infection. That gives your antivirus software time to find and remove the infection before it encrypts all of your documents.

It’s free and it’s simple, so I recommend it.

3 thoughts on “Hostsman makes it easy to block malware with a hosts file

  • December 4, 2013 at 5:57 pm
    Permalink

    Curious what it will do to my already heavily emended HOSTS file.

    Have you found out, or should I experiment and let you know?

  • December 4, 2013 at 6:54 pm
    Permalink

    I think it will merge them, but I’m not 100% sure. My hosts files aren’t a good test of that. I would be curious whether it can tell the difference between something that was already there or something from an external source that’s subject to change.

    Definitely make a backup before trying it.

  • December 4, 2013 at 8:30 pm
    Permalink

    Oh, good! I’ll be your guinea pig and let you know tomorrow PM.

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux