PDA

View Full Version : [Suggestion] Hosts file protection change



Tarun
2007-08-19, 01:51
I would like to see a change however in the Hosts file protection.

Would it be possible to change it from being the localhost IP address of 127.0.0.1 to the correct null address of 0.0.0.0?

The reason is that by sending a connection to 127.0.0.1, these website hits make the connection retry several times to your own computer before finally giving up.

That is bad and incorrect behavior. 127.0.0.1 is your computer (That's why it says 127.0.0.1 localhost in your Hosts file) and since your computer is active that means it will try to establish an active connection. It doesn't just try once, it tries several times before it times out.

0.0.0.0 is a null address. Going to 0.0.0.0 will allow it to try the connection once and see that it is dead, decreasing any network traffic on your machine/network.

----

Using the Hosts file and altering the DNS Client service decreases both computer performance and network performance, but it also increases network latency. For best results, the Immunizations should do like SpywareBlaster does. This would ensure both maximum efficiency and protection.

This article (http://wiki.lunarsoft.net/Blocking_Malware_and_Advertisements_Safely) features a lot of information about the Hosts file and much more.

PepiMK
2007-08-19, 16:47
Browser plugins won't help a bit against stand-alone malware I'm afraid, so not using the hosts file at all isn't the best solution (well, something similar could be achieved through our own LSP, but people are usually, or should be, very about every LSP).

I think there was a reason why we opted for 127.0.0.1. Just have to browse the code for comments if and why ;)

Tarun
2007-08-20, 18:58
That is bad and incorrect behavior. 127.0.0.1 is your computer (That's why it says 127.0.0.1 localhost in your Hosts file) and since your computer is active that means it will try to establish an active connection. It doesn't just try once, it tries several times before it times out. 0.0.0.0 is a null address, it attempts to connect once, hears that it is dead and stops trying.

Give it a try. Block something in your Hosts file and set up a redirect to 127.0.0.1. Then change it to 0.0.0.0 and you'll see how much faster the connection is canceled.

Many authors of Hosts files incorrectly use 127.0.0.1 instead of 0.0.0.0. They are not doing the proper research into these matters, including networking. 0.0.0.0 is a reserved network address but not a broadcast network address. Often it is referred to as a null address, meaning it points to a dead location. 127.0.0.1 is a loopback to your computer, and since your computer is on it will continue to retry access until it times out. Why attempt to make a connection several times when you can simply make one attempt and that's the end of it?

sims39
2007-08-23, 12:57
I definatley agree. This needs changing, do our suggestions get written down for the next release?

PepiMK
2007-08-23, 13:32
Obviously it is written down - here!

Well, as I said, I remember we had a long discussion as to why we decided for 127.0.0.1. Even "bad or incorrect" behaviour might have reasons. The more you complain though, the less incentive it is for me to find that old reasoning :p:

edit: one reason found easily: the 0.0.0.0 causes WebWasher problems, and WebWasher was for years our most recommended local ad-blocking proxy!

FAUST
2007-08-23, 13:50
From http://www.murga-linux.com/puppy/viewtopic.php?t=16187&sid=5b0559667b8d32f24dae4dc43c6ee3d4

0.0.0.0 VS. 127.0.0.1

"0.0.0.0 is not the same thing as 127.0.0.1. You may get the same behaviour in some cases due to some implementation details, but that does not mean that both are the same!

127.0.0.1 means "The host this software is running on". In contrast, 0.0.0.0 means "Any host"; it can be used in software as the C constant "INADDR_ANY".

While it is true that connecting to 0.0.0.0 from software such as ping will yield the same result as connecting to 127.0.0.1, it is absolutely not true that listening to 0.0.0.0 (in a bind(2) kind of way) yields the same result as listening to 127.0.0.1. After all, in the latter case you will only accept connections that originate from localhost; in the former case, you will accept any connection, whether from localhost, the local network, or the big and evil Internet.

I presume you will have at least some firewall in between, but still.


:)

Tarun
2007-09-03, 22:24
No updates on if it will be correctly set to 0.0.0.0 or will remain unchanged with the incorrect 127.0.0.1?

PepiMK
2007-09-03, 22:52
Well, see above. 127.0.0.1 may be incorrect, but at least it doesn't break some popular proxy software ;)

Tarun
2007-09-04, 00:53
Which proxy software does it break? This is the first I've ever heard of that. If it's just WebWasher, I would see no need to make your software work with others software that is incorrectly coded.

GT500
2007-09-04, 01:41
I find the idea of 0.0.0.0 as opposed to 127.0.0.1 rather interesting, but in the end I don't think it's a huge issue. Redirecting to 127.0.0.1 does not slow down operation enough to cause any real problems (unless your computer is bogged down with bloatware and/or malware), so it's probably OK for it to remain the default.

At the same time, some modification to the immunize code could allow the 0.0.0.0 to be used by default, and the 127.0.0.1 to be used when an install of WebWasher is detected. Obviously it wouldn't be a simple modification, but it is doable. ;)

PepiMK
2007-09-04, 21:47
Well, WebWasher doesn't even seem to exist as a home-user stand-alone proxy software anymore, that would be a point for a change I have to admit :)
I guess this calls for some thorough testing of currently available proxy software.

(btw, the more I search for resources on the speed advantages of 0.0.0.0 over 127.0.0.1, the more opinions I find... for both sides, with 0.0.0.0 slightly leading :rolleyes:)

Since I agree this is an important topic, I've created a project manager entry (http://forums.spybot.info/project.php?issueid=58) about it.

Korrel
2007-10-10, 18:36
Well, I once had my entire (69000 lines long) HOSTS file containing all 127.0.0.1 entries, since changing them to 0.0.0.0 all browsing and internet related actions are much more fluent, no more waiting times for connection to time out, with 0.0.0.0 you immediatelly get a blank page, I use a whole bunch of proxy related tools, Proxomitron, my Firewall Kerio 2.1.5, all are much more happy using the 0.0.0.0 standard for the hosts list.

wk357mag
2007-10-11, 04:14
Well, WebWasher doesn't even seem to exist as a home-user stand-alone proxy software anymore, that would be a point for a change I have to admit :)
I guess this calls for some thorough testing of currently available proxy software.

(btw, the more I search for resources on the speed advantages of 0.0.0.0 over 127.0.0.1, the more opinions I find... for both sides, with 0.0.0.0 slightly leading :rolleyes:)

Since I agree this is an important topic, I've created a project manager entry (http://forums.spybot.info/project.php?issueid=58) about it.

Cool !!!