View Full Version : HOSTS File Entries
Koosharem
2011-02-24, 04:31
This is the "fourth level of protection" provided by SB S&D. The associated description of this function in "Tools" has a sentence that begins "If you decide to use that [this] function, . . ." implies the user needs to take some action to turn it "on".
Also, in the HELP entry associated with the Hosts File Tool, a sentence begins with: "Spybot-S&D can add a prepared list of web sites known for bad behaviour . . ." This list appears to be the one displayed when you select the Tool.
My question is, has SB already added this list to my HOSTS file (and it is shown in the Tools Section so I can edit it conveniently)? If so, is this "fourth level" in place and functioning? :thanks:
Yes,if you see a long list of entries with destination address 127.0.0.1 under Tools->Hosts,then that is most likely the entries Spybot added to the Hosts file,and the "Fourth Level" is (most likely) in place and functioning.
At the time that "How Spybot-S&D protects against the installation of Spyware/Malware" was written,adding the Spybot entries to the Hosts file was done solely from the Hosts File section of Spybot,as I recall,and only more "advanced" users usually used it.
Since then adding the list to the Hosts file has been included as part of Spybot's immunization.If you click Immunization,then scroll down to the Windows section,right below that you should see Global (Hosts).If there is a number similar to 14825 under Protected,then the list of bad sites have been added to the Hosts file by Spybot,and the "Fourth Level" is in place and functioning.hth. :)
Gopher John
2011-02-24, 18:23
The large section of entries SpyBot Search & Destroy adds to the hosts file will start with the line at the top
# Start of entries inserted by Spybot - Search & Destroy
and have this line at the bottom.
# End of entries inserted by Spybot - Search & Destroy
Any hosts file lines that the user wants to add should be added below the line
127.0.0.1 localhost
and # Start line listed above.
Koosharem
2011-02-25, 03:18
Zenobia -- Thanks for clarifying this. I went to the Immunize Page, and down to Windows/Global (hosts). Yes, the "Protected" entry there is exactly 14,825. So, I we're "good to go" with the SB S&D list of "loop-backs"/blockers. :ninja:
I noticed, after clicking on "Immunize" to open that page, the immunize process started, and progress was illustrated with the "green bar". When complete, the "tally" in the upper-right corner of the page showed 301,272 protected! Why is this so much greater than that shown under "Global (hosts)?? And, why is there so much repetition of the number "14,825" (and several others) in results for IE (3 groups) and Firefox (1 group) :scratch:
Gopher John -- Thank you for your Post also. I found my way down the folder-chain (C:\Windows\System32\Drivers\Etc\Hosts) and opened the list in Notepad. Sure enough, there was the SB S&D-added "blocker" list! And, I understand your remark that any "user add-ons" should be entered on lines between the start and end of the SB list. :bigthumb:
Later :grandpa:
Gopher John
2011-02-25, 03:58
Gopher John -- Thank you for your Post also. I found my way down the folder-chain (C:\Windows\System32\Drivers\Etc\Hosts) and opened the list in Notepad. Sure enough, there was the SB S&D-added "blocker" list! And, I understand your remark that any "user add-ons" should be entered on lines between the start and end of the SB list. :bigthumb:
Later :grandpa:
It is imperative to keep any lines that you add outside the ones that SpyBot S&D's immunizations adds, so that they aren't removed during re-immunization.
Put them between the LocalHost line and the # Start line.
I noticed, after clicking on "Immunize" to open that page, the immunize process started, and progress was illustrated with the "green bar".
Actually,when you click on Immunize,the immunization process doesn't start.It's more or less a check that Spybot does automatically when opening the immunize page.You will see similar results if you click the Check Again button.
To Immunize,you have to click the Immunize button with the green cross beside it.
If you see 0 beside Unprotected in the upper right corner,you should have full Immunization,though. :)
The total number in the upper-right corner is so much greater than the one shown down beside Global (Hosts) because that is the total number of items Spybot is protecting against.
As for why there is so much repetition of the number "14,825" and others in results for IE and Firefox,I do not know.But my best guess is that may be the list of known bad things to the programmers,so that is the amount Immunized in the different areas.
Koosharem
2011-02-27, 01:45
Zenobia & Gopher John :greeting:
Gopher John -- Thanks for catching my misunderstanding! A "little voice" did have me a bit concerned about getting "User Adds" mixed up with the SB list. But, I didn't realize what the consequence would be! So, "User Adds" go betweenthe "Local Host line" and the SB "# Start lline". Got it!
Zenobia -- Thanks for the clarification on what happens by clicking the Immunize "Shield" (Left Side-Panel) and the "Green Cross" (Tool Bar on Immunize Page). That has always puzzled me! I've only recently been using the "Green Cross" because I noticed it always reduced the "Unprotected" to zero -- and that had to be a GOOD THING!:yes:
And, OK on "the numbers". The "Totals" are big numbers and the "Unprotected" are zero, and that works for me!!:yahoo:
Later :grandpa:
GliqInfo
2013-08-06, 21:46
In my recent Spybot S&D immunization, I received 15,490 entries on Spybot's Localhost List.
After checking for some of those domains in my Windows XP Pro Registry, I found that the ZoneMap and P3P folders contained these same entries (or so it appears).
Does Spybot S&D also place these 15,000+ domains in the Windows Registry?
Yes,it does place most or all of those domains in the registry.
The reason why is explained a little bit here under the paragraph about immunization:
http://forums.spybot.info/showthread.php?281-How-Spybot-Search-amp-Destroy-protects-against-the-installation-of-Spyware-Malware
jack noonan
2013-09-01, 04:57
Yes,it does place most or all of those domains in the registry.
The reason why is explained a little bit here under the paragraph about immunization:
http://forums.spybot.info/showthread.php?281-How-Spybot-Search-amp-Destroy-protects-against-the-installation-of-Spyware-Malware
Zenobia, I found the bloated hosts file because I was tracking down the cause for a 94%+ cpu usage by my dns
client service. as soon as i deleted all of these entries, my computer rose out of the bog. please elucidate.
jack noonan
2013-09-01, 05:01
so spybot is listing all of these sites in the hosts file to speed up blocking, great, except my dns client service was hogging 94+% of cpu and computer was running like cold molasses! deleted the entries and all is back to normal speeds. we need some advice here.
That sometimes happens.If you prefer to have the sites readded to the hosts file,then there are some workarounds listed on this website,if you scroll down to Windows DNS Client Service.
http://winhelp2002.mvps.org/hosts.htm#Note
There are instructions there on how to flush the dns cache.
Or,if you don't use network discovery,you could set the service to manual.
http://windows.microsoft.com/en-US/windows7/What-is-network-discovery