|6th December 2004||
SWIFTER, SAFER SURFING
When I first thought of the idea for this article I was not sure how to classify it.
Was it one of my articles that explains the esoteric Windows files that Microsoft hide from us?
Who cares - it is about all three so is probably of interest to most of my readers.
Do you use the web for seeking out information or do you use it for a multimedia experience? I use it for a bit of both, but when I am looking for information there are some things that really aggravate me. Here is a list of some of them, in no particular order:
As you can see I am a signed up member of the 'Grumpy Old Men' club. Nevertheless, without these irritations the web would be swifter and more inviting for everybody.
Some of these problems can only be solved by the web designer, but since the majority of surfers demand flashy eye candy I don't suppose they will. Of course, here on the ICPUG site I try to avoid such rubbish.
The problem of adverts and advert servers is what this article is mainly about, so I will deal quickly with the problem of Macromedia Flash here.
I HAVE installed Macromedia Flash on my PC - for those very rare occurrences when I need it, like reading the menu of the restaurant where the Project's Christmas Party will be this year! However, because I do not want Flash most of the time, I have a little utility to turn Flash on and off. It is called 'No! Flash' - and the pling (!) is in the right place guys. Obviously written by another signed up member of the 'Grumpy Old Men' club. This little utility can also stop other things, like scripts, pictures, videos and background sounds, but I use it only for Flash. No! Flash is 'DonateWare' and can be found at http://noflash.bbshare.com.
I am sure anyone who has their eyes open and brain engaged will have heard from some source about some of the web nasties out there. I should think everybody is aware of viruses. Some may be aware of Worms and Trojans. Perhaps you are aware of Diallers. As broadband usage increases the latter becomes less of a nasty, but for us still on dial-up they can still be a worry. Actually, they are the thing I most fear.
What Diallers do is change the number you are dialling to access your ISP to one on a premium rate line or even an International premium rate line. The latter can charge up to £6 a minute, so I have read, which may explain why I am a little concerned. The other problem is that I do not totally know how they work, so can never be sure I have taken the right avoidance steps. There have been a few reports in the news of people having extremely large telephone bills, which in this instance is not the fault of BT! For my readers in Blighty with a BT phone, a visit to http://www.bt.com/premiumrates is very useful if you think you may have been duped by a Dialler.
Trojans are little programs that can lurk on a web page. An unsuspecting surfer will read the page as normal, but, unknown to him or her, a program will be downloaded onto the PC. Changes will also be made to the PC to make sure the program starts up every time Windows is started. What happens then is dependant on the program. They could link to ad servers, so you suddenly find you are bombarded with adverts - probably of a salacious nature. They could link to Diallers. They could disable your anti-virus protection. They are nasty nasties!
PERCEIVED WISDOM FOR PROTECTION AGAINST NASTIES
As well as there being no shortage of information about nasties, there is no shortage of information about how to deal with them. These are the main varieties of advice:
Occasionally, one also sees the advice:
Here is my take on these options.
I am all in favour of the rules usually given. However, when you are told NOT to do something - what do you do? Also, mistakes can happen. I save suspect e-mails and read them with Wordpad. Even so, I have on occasion opened them instead of saving them! This is because I am in a hurry and Open and Save are next to each other on the menu.
Installing anti-virus software is probably a necessary pain. Initial installation is no problem. It is keeping it up to date that is. Even on broadband it wastes time and on dial-up 'pay as you go' it costs money, even for a 'free' product. The other problem with relying on anti-virus software is the 'zero-day' attack. The time taken between the release of a virus and the time for the anti-virus companies to provide an antidote is usually small - 'zero days', but if a virus is virulent you may catch it in that time. Relying on your AV product will not help you as much as rules for opening e-mail in this instance.
Ad-Aware and Spybot are useful tools, but they are an 'after the event' solution. You are already infected! They also tend to produce a lot of false positives - or have a very low threshold for what is a nasty.
I regard installing a Firewall as absolutely essential for broadband users and I don't mean the Microsoft product with XP Service Pack 2. This will help against nasties getting in, but is no help at all if you already have a nasty and it wants to get out - could this be because Microsoft products like to phone home a lot?
As to not using Microsoft products - I would say this is a very good protection device. Most nasties target Microsoft insecurities. There have been some attacks at non-Microsoft stuff, most recently against the Java virtual machine, but they are few and far between compared to the regular attacks on IE, Windows, IIS, etc. Unfortunately, it is not a realistic option for many people. They would be lost trying to install anything else, let alone use it.
GIVE A BIG HAND FOR MINE HOSTS ...
(I seem to be lapsing into a Ken Ross style header. It does have relevance, honest!)
There is one method of protection against nasties that I have NEVER seen mentioned in the popular media. I knew about the concept, from my computing background, but then I did not link it to the concept of protection. I was not even searching for protection when I found out about it.
After a session surfing the Space news at work I had one of my periodic 'I am sick of all these ads' attacks. I must have been busy and wanted to read the web pages quicker. I started Googling and eventually came across a page on the 'Most Valuable Professionals' site.
It mentioned one of those esoteric files in the Windows system - HOSTS - see, I told you the header was relevant!
The HOSTS file is located in a different place, dependent on operating system used, as follows:
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
It does not have a file extension and it is in Capital letters. When you get your Windows PC there is not much in the HOST file. I would tell you what it said, except it has a copyright message in the first line!
It includes a lot of comment and the single executable line
The comments explain what the purpose of a HOSTS file is. It is like a little domain name server on your PC. Give it a URL like rhino.acme.com and it will look for the network point 220.127.116.11. Note that there is no 'http://' before the address. This is understood as a default. Whenever a URL is passed to the TCP/IP stack it will check it against the HOSTS file first. If it does not find it here it will then be sent to the Internet as normal and be processed by the Domain Name Servers there.
The idea is that you can give names to your local network devices rather than having to say print to 18.104.22.168.
The HOSTS file is not just a Windows thing. It applies equally to Linux for example.
Now, the executable line above is very important. This maps localhost, your PC, to 127.0.0.1.
You may be asking how this helps to protect against web nasties, or reduce the flow of ads for that matter? This is the link I did not see, but think about it.
You may notice while reading the Guardian web pages a lot of references to 'ads.guardian.co.uk' flashing by in the status line of IE. This is where the ads for the web page are coming from. What would happen if we stuck the following line in the HOSTS file?
It will redirect any references to ads.guardian.co.uk to 127.0.0.1, your localhost/PC. Since the ad pages on the Guardian ad server do not exist on your PC the result is nothing happens. No ad page is fetched and instead of the ad appearing on the Guardian web page you get a little red cross, (with IE anyway).
All this happens in the blink of an eye, even when the HOSTS file is very long. The result is that no ads appear and the page displays quicker.
This technique can be used for any server we do not wish to be accessed by our PC. You could use it like a mini firewall. You could block any ad servers you know about. You could block any servers where Trojans or Diallers are known to lurk. It is a wonderful tool, so simple, and works with any browser / operating system.
THE FLY IN THE OINTMENT
That is all very well, you may be saying, but how do I know which servers to block? OK, I could see some of them flashing by in the IE status line, but I am not going to know where Trojans lurk. You would be absolutely right. This technique would be a right pain if we had to keep editing our HOSTS file. However, our good friends the 'Most Valuable Professionals' have the answer. Somebody, somewhere keeps updating the HOSTS file for us. It is pretty comprehensive too. The current version, (at November 2004), is 183K long. All you have to do is go to the web site, download the file and stick it in the appropriate directory. No installation, no registry changes - just stick it in the right place.
The file can be found here:
You may find that the HOSTS file downloaded excludes something you really want to see.
For example, it excludes most counter sites. I guess it does this because most users don't want to see how many people have visited a page and it just wastes time waiting for the information. However, I want to see the counter on the ICPUG home page as it tells me whether the pages are being read.
This is no problem. Simply put a '#' at the start of the appropriate line in the downloaded HOSTS file and the site will be accessed as normal.
It goes without saying that your own HOSTS file should be kept up to date. There is another subtle thing to do as well, which I neglected until recently! My PC was recently attacked with a number of little programs installed. I eventually got rid of them, the task being made a lot easier with the help of Knoppix(!), and then proceeded to have look at my HOSTS file. I found that some of the items on my machine came from sites that were barred. How could this be? Well, the web nasties get more clever in each incarnation. Some are now deleting the HOSTS file before downloading their little Trojans! The answer to this is to make sure the HOSTS file is locked down by making it a read only, hidden, system file. A little tool exists on the MVPS web page to do this, if you are not proficient at setting file attributes. You also need the unlock file for when you need to update the HOSTS file.
THE IRONIC CONCLUSION
I think you can see what a wonderfully useful weapon the HOSTS file can be in the fight against web nasties and irritants. I did, as soon as it was installed on my home PC. A lot of ads were banished. I have been prevented from entering some dubious sites by redirection. I am no longer tracked by the infamous Doubleclick.
The sad fact is that this investigation started because I wanted to banish ads from web pages I surfed at work. Unfortunately, the set up at work does not allow me to change the HOSTS file! IT know not what they do!
Click here to see readers comments on this article.