Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: [Suggestion] Hosts file protection change

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default [Suggestion] Hosts file protection change

    I would like to see a change however in the Hosts file protection.

    Would it be possible to change it from being the localhost IP address of 127.0.0.1 to the correct null address of 0.0.0.0?

    The reason is that by sending a connection to 127.0.0.1, these website hits make the connection retry several times to your own computer before finally giving up.

    That is bad and incorrect behavior. 127.0.0.1 is your computer (That's why it says 127.0.0.1 localhost in your Hosts file) and since your computer is active that means it will try to establish an active connection. It doesn't just try once, it tries several times before it times out.

    0.0.0.0 is a null address. Going to 0.0.0.0 will allow it to try the connection once and see that it is dead, decreasing any network traffic on your machine/network.

    ----

    Using the Hosts file and altering the DNS Client service decreases both computer performance and network performance, but it also increases network latency. For best results, the Immunizations should do like SpywareBlaster does. This would ensure both maximum efficiency and protection.

    This article features a lot of information about the Hosts file and much more.

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Browser plugins won't help a bit against stand-alone malware I'm afraid, so not using the hosts file at all isn't the best solution (well, something similar could be achieved through our own LSP, but people are usually, or should be, very about every LSP).

    I think there was a reason why we opted for 127.0.0.1. Just have to browse the code for comments if and why
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  3. #3
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    That is bad and incorrect behavior. 127.0.0.1 is your computer (That's why it says 127.0.0.1 localhost in your Hosts file) and since your computer is active that means it will try to establish an active connection. It doesn't just try once, it tries several times before it times out. 0.0.0.0 is a null address, it attempts to connect once, hears that it is dead and stops trying.

    Give it a try. Block something in your Hosts file and set up a redirect to 127.0.0.1. Then change it to 0.0.0.0 and you'll see how much faster the connection is canceled.

    Many authors of Hosts files incorrectly use 127.0.0.1 instead of 0.0.0.0. They are not doing the proper research into these matters, including networking. 0.0.0.0 is a reserved network address but not a broadcast network address. Often it is referred to as a null address, meaning it points to a dead location. 127.0.0.1 is a loopback to your computer, and since your computer is on it will continue to retry access until it times out. Why attempt to make a connection several times when you can simply make one attempt and that's the end of it?

  4. #4
    Member
    Join Date
    Sep 2006
    Location
    australia, n.s.w
    Posts
    62

    Default thumbs up

    I definatley agree. This needs changing, do our suggestions get written down for the next release?
    --------------------------------------------------
    King of zlobtrojan, virusburst, spyaxe, and elite bar infections.

  5. #5
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Obviously it is written down - here!

    Well, as I said, I remember we had a long discussion as to why we decided for 127.0.0.1. Even "bad or incorrect" behaviour might have reasons. The more you complain though, the less incentive it is for me to find that old reasoning

    edit: one reason found easily: the 0.0.0.0 causes WebWasher problems, and WebWasher was for years our most recommended local ad-blocking proxy!
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  6. #6
    Member FAUST's Avatar
    Join Date
    Jan 2007
    Posts
    53

    Default

    From http://www.murga-linux.com/puppy/vie...ae4dc43c6ee3d4
    0.0.0.0 VS. 127.0.0.1

    "0.0.0.0 is not the same thing as 127.0.0.1. You may get the same behaviour in some cases due to some implementation details, but that does not mean that both are the same!

    127.0.0.1 means "The host this software is running on". In contrast, 0.0.0.0 means "Any host"; it can be used in software as the C constant "INADDR_ANY".

    While it is true that connecting to 0.0.0.0 from software such as ping will yield the same result as connecting to 127.0.0.1, it is absolutely not true that listening to 0.0.0.0 (in a bind(2) kind of way) yields the same result as listening to 127.0.0.1. After all, in the latter case you will only accept connections that originate from localhost; in the former case, you will accept any connection, whether from localhost, the local network, or the big and evil Internet.

    I presume you will have at least some firewall in between, but still.
    What if love's intolerable pain never leaves us?
    Do we dash our bleeding hearts on the rocks of loneliness?
    And cry unto the lords above who turn away in haste?
    MY DYING BRIDE

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    No updates on if it will be correctly set to 0.0.0.0 or will remain unchanged with the incorrect 127.0.0.1?

  8. #8
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Well, see above. 127.0.0.1 may be incorrect, but at least it doesn't break some popular proxy software
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  9. #9
    Junior Member
    Join Date
    Aug 2007
    Posts
    15

    Default

    Which proxy software does it break? This is the first I've ever heard of that. If it's just WebWasher, I would see no need to make your software work with others software that is incorrectly coded.
    Last edited by Tarun; 2007-09-04 at 00:55.

  10. #10
    Member GT500's Avatar
    Join Date
    Nov 2005
    Location
    Indiana, USA
    Posts
    70

    Default

    I find the idea of 0.0.0.0 as opposed to 127.0.0.1 rather interesting, but in the end I don't think it's a huge issue. Redirecting to 127.0.0.1 does not slow down operation enough to cause any real problems (unless your computer is bogged down with bloatware and/or malware), so it's probably OK for it to remain the default.

    At the same time, some modification to the immunize code could allow the 0.0.0.0 to be used by default, and the 127.0.0.1 to be used when an install of WebWasher is detected. Obviously it wouldn't be a simple modification, but it is doable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •