Windows 8 forum

Resolved Question

Are "Hosts" file still a good idea?

by edwardnav / May 24, 2014 8:16 AM PDT

I used to use one on my old windows xp, till it seemed to slow down my computer too much. Of course it was "old".

Now I have a new windows 8.1 system. Don't get too many redirects, but I do get some. Using Avast.

Got my boot times down to an average of one minute, wondering if a hosts file would affect that?

Thanks in advance,


edwardnav has chosen the best answer to their question. View answer
Discussion is locked
You are posting a reply to: Are "Hosts" file still a good idea?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Are "Hosts" file still a good idea?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Best Answer chosen by edwardnav

Collapse -
Never has been
by Jimmy Greystone / May 24, 2014 9:06 AM PDT

It never has been a good idea IMO. It's a ridiculously inefficient method which offers very little actual protection, but can cause a lot of problems later when trying to diagnose network issues.

You're far better off using browser-based solutions like NoScript and RequestPolicy for Firefox. While there are variations on the former for other browsers, only Firefox allows blocking of ALL scripts, including inline scripts, before they're ever executed. RequestPolicy just adds an extra layer onto NoScript. Mostly it's a privacy enhancer, by not allowing subdomains to communicate with one another unless you explicitly allow it. So as a (hopefully) fictional example, let's say CNet builds its own software to track the movements of people across its various websites. All of that information is funneled to the subdomain You can prevent any Cnet website from communicating with if you want using RequestPolicy on Firefox.

Not using Internet Explorer reduces your overall risk of malware based threats dramatically. I personally stick with Firefox. Chrome as a browser is an excellent bit of software, but you look at the list of extensions and there are a lot of commercial interests being represented for almost every category you can imagine. Firefox extensions, OTOH, are developed primarily by enthusiast users who are scratching a personal itch and sharing in case someone else might find it useful. There have also been a number of cases recently where some company will offer the developer of a popular Chrome extension a lot of money for the rights to the extension. The new owner embeds some kind of spyware garbage that manipulates search results, etc, and then pushes out an update that will likely get updated automatically by most users. While it could happen with Firefox, to the best of my knowledge, it never has. And to be fair, Google has been pretty good at exiling these bad actors from its extension repository, but the damage is generally already largely done by that point.

Virtually every home router will have a firewall built into it, but if for some reason yours doesn't, the Windows Firewall will be sufficient. All you need to do is fend off automated probes when they come knocking to see if they can find a way into your system. Anyone who thinks that ZoneAlarm or anything else is going to stop an actual human hacker, should you do something stupid enough to make themselves visible to said hacker, is going to quickly find out just how useless those programs are.

The rest is mostly just keeping on top of security updates pushed out by Microsoft and vendors for other software you use and not falling for phishing scams and the like. If you really feel like you need additional protection, something like the program PeerGuardian would provide a much better alternative to a HOSTS file. It has logging, a nice interface where you can turn things on and off to test, plus it's quite a bit more visible so harder to forget it's there when suddenly some website won't load and your browser gives an error like it no longer exists. It's also considerably more efficient and won't produce the same large amounts of overhead like a HOSTS file.

HOSTS files were intended so you can give an easy to remember name to a computer on a LAN. If you have 5-10 different computers, it's probably easier to remember them as "Bob", "Larry", "Steve", "Frank", and "Joe" instead of That is what a HOSTS file is supposed to do, not this nonsense a bunch of idiots playing at being some kind of computer security expert have come up with.

Collapse -
I'm "Finally" a believer
by edwardnav / May 24, 2014 1:42 PM PDT
In reply to: Never has been

I installed Firefox, tried it in the past and for whatever reason always went back to Internet Explorer. So, also installed Thunderbird, set the various defaults. Installed "NoScript". Went to the sites that usually cause issues, and, lo and behold no more issues.

So this time I think I'll stick with Firefox. Seems to be running a little slow, but will be installing more 'memory' next week, maybe that will help. Plus I will be doing a reformat at that time, since I have being doing "so" many things to try and improve overall operation / performance maybe some things aren't just right.

Just wondering, is it necessary or even safe to uninstall Internet Explorer. Or should I just leave it alone.

Thanks again everyone,


Collapse -
From what I understand
by itsdigger / May 24, 2014 1:47 PM PDT

Internet Explorer is so deeply embedded into the system that you can't uninstall it . It isn't hurting anything to have it anyway, just don't use it if you don't want to.


Collapse -
You can't
by Jimmy Greystone / May 24, 2014 11:39 PM PDT

You can't remove IE anymore without basically lobotomizing Windows. However, just because you can't uninstall it doesn't mean you have to use it. A few programs will use parts of IE in their normal operation and there's nothing you can do about that, but most malware comes from two primary sources. Either 1) you visit some site, it prompts you to install something and you just say yes without stopping to investigate what that something is, or 2) you are installing some program and are simply hitting the "Next" button several times in an effort to get to using the new program ASAP, along the way agreeing to install some bundled program.

Not using IE tends to take care of #1 rather handily and a little vigilance when installing programs will take care of #2 in most cases. There have been a few cases where no matter what you say, the bundled program will be installed. I'd say report those bad actors to the FTC and never again download anything from them.

Collapse -
It's a layer in the defense.
by R. Proffitt Forum moderator / May 24, 2014 8:23 AM PDT

I wish folk would not look at it as a panacea.

Collapse -
I still use one
by James Denison / May 24, 2014 2:46 PM PDT

on both XP and Linux Mint. My Mint boot time is 40 seconds, and that's with a very full hosts file, currently with 2564 lines in it. I keep a link to it on desktop so I can quickly add any new offender to the list.

Collapse -
The HOSTS file doesn't impact boot times
by Jimmy Greystone / May 24, 2014 11:29 PM PDT
In reply to: I still use one

The HOSTS file doesn't impact boot times, so not sure why you felt the need to put that in. What it does do is force an extremely expensive (process wise) task of opening an unoptimized text file and comparing each individual line against the site you're trying to load.

In programming terms, it calls the system function to open the file, read it into memory, and then the system function to close the file every single time you try and go to a website. These days, with just about every single site having content loaded from about a half-dozen other sites the amount of overhead a HOSTS file creates adds up very quickly.

If you take these forums as an example, CNet is trying to load content from like 8 different sites. So every single time you try and load a new post, the OS has to open the HOSTS file, read it into memory, check each line against the current site, then close the file. Now rinse and repeat for each of the other 7 domains or subdomains that CNet's code is trying to load content from. That is for every single page request you make and the warm fuzzy feeling you get having a HOSTS file is about 99% of the security you've added to your setup.

You see this sort of thing happen all the time. Things that have existed for years, like the HOSTS file which probably dates back to some of the earliest days of Unix, and have been rightfully forgotten by most as better solutions (like DNS) have been created are "discovered" by some moron who fancies themselves some kind of computer security expert. So they go prancing around like some kind of dandy proclaiming to world+dog about this great new thing they found and how it can make your computer hacker proof or some other equally boastful claim. Real security experts just roll their eyes and get back to work, but people who know even less than the prancing dandy moron are impressed and blindly follow this person. Steve Gibson of GRC is probably my favorite real-world example of said prancing dandy moron for security. There are other good ones out there, like once upon a time people claimed you should never install more than I want to say 2GB of RAM, because that was the maximum 256K of L2 cache (which was common at the time) could properly cache. It was true, but the part they left out of their analysis was that while you would take a performance hit, uncached RAM would still be hundreds of times faster than HDDs of the day, just not the thousands of times that cached RAM would be. The idiotic notion that you should set your swap file to 1.5X your installed RAM still pops up on occasion. Loads of bad info about rechargeable batteries continues to float around on the Internet, like lithium ion batteries suffering from the memory effect.

At least in this case the OP had the sense to ask, also known as step 1.

Collapse -
(NT) Got it - No Hosts File - Don't touch IE - Thanks
by edwardnav / May 25, 2014 12:12 AM PDT
Collapse -
by James Denison / May 25, 2014 5:30 AM PDT
The HOSTS file doesn't impact boot times, so not sure why you felt the need to put that in.

Didn't say it did. Indicated the exact opposite by my boot time.

"What it does do is force an extremely expensive (process wise) task of opening an unoptimized text file and comparing each individual line against the site you're trying to load. "

It's one I'm willing to suffer and endure, to avoid so many of those tracking and ad sites showing in the webpages. I'm currently using 587.3MB of RAM out of 3907.5MB available to the Linux Mint 16 system. I'll survive.

as better solutions (like DNS) have been created are "discovered" by some moron who fancies themselves some kind of computer security expert. So they go prancing around like some kind of dandy proclaiming to world+dog about this great new thing they found and how it can make your computer hacker proof or some other equally boastful claim. Real security experts just roll their eyes and get back to work, but people who know even less than the prancing dandy moron are impressed and blindly follow this person.

I will enjoy dancing with my tinfoil hat tonight, maybe by the light of the full moon, or maybe I'll just get mooned, LOL.

"Steve Gibson of GRC is probably my favorite real-world example of said prancing dandy moron for security."

SHIELDS UP! All ports closed to us, cap'n!!

The idiotic notion that you should set your swap file to 1.5X your installed RAM still pops up on occasion.

That one still happens over in Linux land, and I can't figure why. If you hibernate, the most it can write from RAM is the amount of RAM you have, and unless someone is going to hibernate with some huge document open, the most they might need is less than 1GB swap. Unfortunately in Linux, no swap means no hibernation.

As for IE, you can find the iexplore.exe file, change the name to something else, then create an empty text file and name it iexplore.exe and set as "read only", so Windows won't replace it with a valid one. At least that works through XP.
Collapse -
And you can get rid of those
by Jimmy Greystone / May 25, 2014 8:28 AM PDT
In reply to: yes?

And you can get rid of those web bugs and what not with NoScript. If you're using Linux, odds are good you're using either Chrome or Firefox. Firefox and NoScript will wipe out all the tracking elements in a page unless you explicitly allow them. Since it's a whitelist solution it doesn't depend on you having to update the list to keep on top of new domains that pop up daily to get around reactive solutions like a HOSTS file. Everything is blocked unless you explicitly allow it.

Collapse -
hosts file is easy
by James Denison / May 25, 2014 2:53 PM PDT

it works system wide, and isn't just for the browser. It can be used for virus and trojans which may contact a site which when discovered can be looped back in the hosts file, rending such trojan impotent. Main advantage is it's not for just a browser, but for the system. I have nothing against the No Scripts.

Collapse -
So use IPTables
by Jimmy Greystone / May 25, 2014 11:18 PM PDT
In reply to: hosts file is easy

So use IPTables which is much more efficient, still system wide, also considerably more flexible. There are plenty of GUI front ends these days. You've got a first rate stateful firewall just sitting there and you choose to use some second rate hack? Besides, what could you possibly be doing on Linux that you are worried about viruses and trojans? You haven't demonstrated anywhere near the level of skill I'd expect to see from someone who manages a large website or some kind of important server which may very well be the target of one of the few actual hackers out there with some real skill. From everything I've seen, you certainly have an above average level of knowledge of computers, though you're still working on putting together the various implications of how different things you know fit together. That will come after the whole "I'm better than you Windoze users because I use Linux" arrogant phase everyone goes through when they first start using Linux. But just like long-time Linux users weren't impressed when I managed to install Linux circa 1995, I'm not impressed by anyone who thinks installing Linux today is some kind of accomplishment. The amount of hand-holding present is greater than Windows' installer. Same with how a great many Linux users today are just as lost at a command line as a Windows user. Most Linux users don't even know how to compile their own software, they just accept pre-built binaries off a distribution repository. When you manage to install a version of Slackware circa 1995 on a Packard Bell or Compaq system from roughly the same time period, I'll be a bit more impressed. Not that I expect you'd admit to it, but it wouldn't surprise me if the first thing through your head when reading this was "What's IPTables?"

You're free to do what you want with your own system, but you're doing things the hard way for no good reason. At the very least, you could just install the Linux version of PeerGuardian. It's system wide, has logging features the HOSTS file does not making it easier to actually trace back what program(s) might be up to nefarious things and which are just suffering from some legitimate network error. The long time Linux users you're trying to impress (you can spare us the bit about how you don't care, because we all know you do) will be far more impressed by you using the right tool for the job than you managing to brute force a square peg into an uneasy fit into a round hole. Right now you haven't done anything more than what Windows users do out of ignorance and a lack of robust networking tools. You aren't going to impress anyone but even newer arrivals to the Linux world than yourself by doing that. Being a Linux user is supposed to set you apart and above we lowly Linux users, otherwise you wouldn't bring it up in 9 out of 10 posts, even when it has absolutely nothing to do with the subject, tangentially or directly. It's hard to be in awe of your technical prowess when you're just repeating the mistakes of Windows users, only on Linux.

Collapse -
Is that you Majora?
by James Denison / May 26, 2014 1:14 AM PDT
In reply to: So use IPTables

Did you finally grow up and morph into Jimmy Greystone?

After all these years Scott, I guess you still can't change. How many times were you banned as a teen?

Actually I did run a fairly popular website for awhile, it was well known here at CNET forums too. Philip Dyer headed up the CNET forums att. I also was a mod here but quit 10 years ago due to other things needed doing at the time. You really don't know as much about me as you think you do.

There's always more than one way to do something. I like using the simplest, and it just doesn't get simpler than using a hosts file. No sense using a plethora of "robust networking tools" when something simple gives the same or better result.

You are like the guy who if the grass was too high to mow would run out to rent a bushhog, while I'm the guy who would then walk over to the shed, get out the sling blade and have it already done, sitting on porch with my glass of tea, before you even got back with your expensive rental.

All your attempts at insults aside, I realize you probably suffer some psychological pathology that you seem unable to overcome which makes your many diatribes more amusing than anything else. One day I may go through and collect them all, put in a book form, perhaps send off to be analyzed by professionals who can precisely determine what your particular psychosis actually is.

I knew a person similar to you before. The person could never give praise nor help without also including criticism. Called it "constructive criticism". Died a few years back. Very few, less than 10 came to the funeral.

Collapse -
I found something for your amusement
by James Denison / May 26, 2014 2:34 AM PDT
In reply to: Is that you Majora?
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?