News - Windows 8 hosts won't block Doubleclick ads or Facebook

[aidanjt]

One more reason to use 0.0.0.0 "black hole" redirects instead of 127.0.0.1 loop-back address on systems that support this. It's also a lot faster (since that address doesn't exist) and uses less resources as it won't try to establish a connection to localhost firing all kinds of network aware events and running locally installed software. Many users are running web servers and/or update services listening on specific ports and 127.0.0.1 redirects would try to establish a connection with these services. Too many connections to localhost without specifying a port number can create all kinds of problems, including extremely long log files and random system crashes if certain advanced SYN Flood or DDoS detectors are installed and block incoming ports on a network loop-back address as a result of too many requests. Do try however, if your system supports 0.0.0.0 redirects before using them with all DNS targets you'd like to block with specific redirects in your HOST file! Cheers!

I doubt it only removes HOST entries for loopback, that wouldn't do anything to prevent malware redirecting social media sites, online banking sites, etc. to fake online servers and harvest account credentials.

[scaryjim]

Just because it points to 127.0.0.1 doesn't mean it's legit, in theory the malware could host its own web server locally, especially if the writers knew localhost entries remain untouched.

More to the point, genuine malware uses localhost redirects to prevent software updates. I've cleaned a couple of machines where the anti-virus had caught/cleaned the infection, but not before dozens of HOSTS entries were added pointing all major anti-virus update domains to 127.0.0.1. One of those machines hadn't had virus updates for 18 months when I looked at it...