Are "Hosts" file still a good idea?

The HOSTS file doesn't impact boot times, so not sure why you felt the need to put that in. What it does do is force an extremely expensive (process wise) task of opening an unoptimized text file and comparing each individual line against the site you're trying to load.

In programming terms, it calls the system function to open the file, read it into memory, and then the system function to close the file every single time you try and go to a website. These days, with just about every single site having content loaded from about a half-dozen other sites the amount of overhead a HOSTS file creates adds up very quickly.

If you take these forums as an example, CNet is trying to load content from like 8 different sites. So every single time you try and load a new post, the OS has to open the HOSTS file, read it into memory, check each line against the current site, then close the file. Now rinse and repeat for each of the other 7 domains or subdomains that CNet's code is trying to load content from. That is for every single page request you make and the warm fuzzy feeling you get having a HOSTS file is about 99% of the security you've added to your setup.

You see this sort of thing happen all the time. Things that have existed for years, like the HOSTS file which probably dates back to some of the earliest days of Unix, and have been rightfully forgotten by most as better solutions (like DNS) have been created are "discovered" by some moron who fancies themselves some kind of computer security expert. So they go prancing around like some kind of dandy proclaiming to world+dog about this great new thing they found and how it can make your computer hacker proof or some other equally boastful claim. Real security experts just roll their eyes and get back to work, but people who know even less than the prancing dandy moron are impressed and blindly follow this person. Steve Gibson of GRC is probably my favorite real-world example of said prancing dandy moron for security. There are other good ones out there, like once upon a time people claimed you should never install more than I want to say 2GB of RAM, because that was the maximum 256K of L2 cache (which was common at the time) could properly cache. It was true, but the part they left out of their analysis was that while you would take a performance hit, uncached RAM would still be hundreds of times faster than HDDs of the day, just not the thousands of times that cached RAM would be. The idiotic notion that you should set your swap file to 1.5X your installed RAM still pops up on occasion. Loads of bad info about rechargeable batteries continues to float around on the Internet, like lithium ion batteries suffering from the memory effect.

At least in this case the OP had the sense to ask, also known as step 1.

And you can get rid of those web bugs and what not with NoScript. If you're using Linux, odds are good you're using either Chrome or Firefox. Firefox and NoScript will wipe out all the tracking elements in a page unless you explicitly allow them. Since it's a whitelist solution it doesn't depend on you having to update the list to keep on top of new domains that pop up daily to get around reactive solutions like a HOSTS file. Everything is blocked unless you explicitly allow it.

it works system wide, and isn't just for the browser. It can be used for virus and trojans which may contact a site which when discovered can be looped back in the hosts file, rending such trojan impotent. Main advantage is it's not for just a browser, but for the system. I have nothing against the No Scripts.

So use IPTables which is much more efficient, still system wide, also considerably more flexible. There are plenty of GUI front ends these days. You've got a first rate stateful firewall just sitting there and you choose to use some second rate hack? Besides, what could you possibly be doing on Linux that you are worried about viruses and trojans? You haven't demonstrated anywhere near the level of skill I'd expect to see from someone who manages a large website or some kind of important server which may very well be the target of one of the few actual hackers out there with some real skill. From everything I've seen, you certainly have an above average level of knowledge of computers, though you're still working on putting together the various implications of how different things you know fit together. That will come after the whole "I'm better than you Windoze users because I use Linux" arrogant phase everyone goes through when they first start using Linux. But just like long-time Linux users weren't impressed when I managed to install Linux circa 1995, I'm not impressed by anyone who thinks installing Linux today is some kind of accomplishment. The amount of hand-holding present is greater than Windows' installer. Same with how a great many Linux users today are just as lost at a command line as a Windows user. Most Linux users don't even know how to compile their own software, they just accept pre-built binaries off a distribution repository. When you manage to install a version of Slackware circa 1995 on a Packard Bell or Compaq system from roughly the same time period, I'll be a bit more impressed. Not that I expect you'd admit to it, but it wouldn't surprise me if the first thing through your head when reading this was "What's IPTables?"

You're free to do what you want with your own system, but you're doing things the hard way for no good reason. At the very least, you could just install the Linux version of PeerGuardian. It's system wide, has logging features the HOSTS file does not making it easier to actually trace back what program(s) might be up to nefarious things and which are just suffering from some legitimate network error. The long time Linux users you're trying to impress (you can spare us the bit about how you don't care, because we all know you do) will be far more impressed by you using the right tool for the job than you managing to brute force a square peg into an uneasy fit into a round hole. Right now you haven't done anything more than what Windows users do out of ignorance and a lack of robust networking tools. You aren't going to impress anyone but even newer arrivals to the Linux world than yourself by doing that. Being a Linux user is supposed to set you apart and above we lowly Linux users, otherwise you wouldn't bring it up in 9 out of 10 posts, even when it has absolutely nothing to do with the subject, tangentially or directly. It's hard to be in awe of your technical prowess when you're just repeating the mistakes of Windows users, only on Linux.

Did you finally grow up and morph into Jimmy Greystone?

After all these years Scott, I guess you still can't change. How many times were you banned as a teen?

Actually I did run a fairly popular website for awhile, it was well known here at CNET forums too. Philip Dyer headed up the CNET forums att. I also was a mod here but quit 10 years ago due to other things needed doing at the time. You really don't know as much about me as you think you do.

There's always more than one way to do something. I like using the simplest, and it just doesn't get simpler than using a hosts file. No sense using a plethora of "robust networking tools" when something simple gives the same or better result.

You are like the guy who if the grass was too high to mow would run out to rent a bushhog, while I'm the guy who would then walk over to the shed, get out the sling blade and have it already done, sitting on porch with my glass of tea, before you even got back with your expensive rental.


All your attempts at insults aside, I realize you probably suffer some psychological pathology that you seem unable to overcome which makes your many diatribes more amusing than anything else. One day I may go through and collect them all, put in a book form, perhaps send off to be analyzed by professionals who can precisely determine what your particular psychosis actually is.

I knew a person similar to you before. The person could never give praise nor help without also including criticism. Called it "constructive criticism". Died a few years back. Very few, less than 10 came to the funeral.

Coryphaeus had a site for a long time. I found this was still available.

some moderator thoughts.

http://76.185.152.133/modalert.htm

Back when we changed the forum software over from Twister to Jive.

http://76.185.152.133/cnetnot.htm

I don't know how long the IP link will be valid, he's dropped use of his domain name.