Eliminating "spyware" and ads (From Oct. 29, 2000)

An entire class of programs has been tarred, inaccurately, with the sobriquet "spyware". These programs are really "adware" and there's nothing wrong with adware if the publisher is up front about it. Unfortunately, many of them are not.

Spyware, on the other hand, examines files on your computer and can transmit information to someone you don't know. An example of this kind of program is "Back Orifice". Someone must trick you into installing the BO server application, but that's usually not difficult.

So, in my opinion, adware is OK if you're told the details in advance. Spyware is not OK under any circumstances.

A personal firewall such as Zone Alarm (http://www.zonelabs.com/) can eliminate the Back Orifice threat and can shut down some of the other annoyances. Symantec's Norton Internet Security includes a firewall but also offers the ability to block banner advertisements that appear on Web sites.

I'm not a foe of advertising, but I am a foe of annoying advertising. Banner ads annoy me, particularly the ones that include something that moves. Some of these ads are provided by companies such as DoubleClick. This is a company that attempts to track your travels on the Internet and to match your e-mail address with your physical address. Depending on your point of view, this might be all right or it might not. The fact that it happens without your knowledge makes it at least suspect.

One company's banner ad shows a monkey running left and right across the screen. I hate this ad. I've told Web masters of sites that display the ad. I once even paid enough attention to find out who the ad was for (I've since forgotten, which may illustrate how "effective" this technique is) and complained to the administrator of the organization that uses the monkey. Nobody even bothered to reply.

Surprised? Neither was I.

Another company uses an ad that looks like an official Windows message. The banner says your Internet connection is not optimized and asks if you want to fix it. Needless to say, this is an ad that works. Is it honest? No! But it works and ethics be damned.

Copycat advertisers are using the same trick now.

You can defeat these ads without having to shell out even one cent. If you have a standard modem connection, it may make connecting with some sites a bit slower, but at least you won't have to watch that idiotic monkey!

Install a hosts file on your PC!

Mac users please note: See the section at the bottom of this page for information about using "Hosts" on a Mac.

When a Web browser, telnet, or FTP client want to connect to a server, it has to translate the English name of the site (www.Blinn.com, for example) to an IP address (www.Blinn.com evaluates to 209.15.99.71). It's this IP address that the Internet protocols use to make the connection.

To convert the English address to an IP address, the PC first checks to see if a "hosts" file resides on the local computer ("localhost"). If localhost has a hosts file, the system will look there to see if it can find a match. If so, it uses the IP address supplied in the hosts file. If not, it makes a request with the DNS (domain name service) server that your ISP provides. These machines typically have names like ns1.somedomain.com and ns2.somedomain.com -- a primary server and a backup server. If the English name is found there, the connection is made. If not, you get a "no DNS entry" error message.

The important point to note is that the localhost hosts file takes precedence.

Next you need to know where the ads are coming from. I'm going to skip an explanation for this step. If you want to read more about it, check the links you'll find later. You can obtain a list of ad servers quite easily.

You then need to use this list of ad servers to create a hosts file. The hosts file simply needs to point each ad server at the localhost. The IP address for localhost is 127.0.0.1 -- and this is true whether you have a PC, a Mac, or a Unix/Linux machine.

By telling hosts that "goofy.ads.com" is at 127.0.0.1 instead of its real address, you tell the system to look on YOUR computer for the ad. It won't find the ad there, of course, so you won't see the ad.

This approach seems to cause delays on some systems and one of my sources suggests using 0.0.0.0 instead. This, the source says, can significantly speed browser access. When I tried the technique on a Windows 2000 machine, the ads returned. It may be that Windows 2000 is smart enough to know that 0.0.0.0 is a bogus address, bypass it, and ask a DNS server for the real address.

I don't see any delay at all, so I'm happy with the 127.0.0.1 entries.

This is of CRITICAL importance

Read this next section carefully and make sure you understand exactly what you're supposed to do. If your system is already using a "hosts" file, replacing it could cause your currenct connections to stop working. If you create the file with anytning other than a plain text editor (Ultra Edit or Notepad, for example) the results will not be good.

If you're not comfortable tinkering with critical files, STOP NOW!

Search your computer for "hosts.sam" (sample hosts file) and for "hosts". If you find an existing "hosts" file (no extension), make sure that you save it. The hosts file might be in use and you don't want to wipe out any existing entries.

Hosts is a plain ASCI text file, so you can open it with Notepad.exe or with Word or WordPerfect. If you use a word processor, be CERTAIN that you save the file as a text file. And be certain that the file's name is "hosts" with no extension.

On Windows 2000, you'll find both a hosts file and an lmhosts.sam file. The sam file is a sample file. So is the hosts file unless your system administrator has made some changes. When you've downloaded a new hosts file, you can simply replace the existing hosts file -- you don't even have to reboot the system. The ads just disappear.

For Windows NT, the file will be in:
C:\WINNT\SYSTEM32\DRIVERS\etc

For Windows 9x, look in:
C:\WINDOWS\

For Windows 2000, hosts will be in:
C:\WINDOWS\SYSTEM32\DRIVERS\etc
or
C:\WINNT\SYSTEM32\DRIVERS\etc

Sites with the information you'll need

You can obtain a hosts file from http://www.smartin-designs.com/ or from http://www.accs-net.com/hosts/. Keep these addresses because you'll need to download a new file occasionally.

Steve Gibson's site (http://www.grc.com/) includes useful information on spyware, various other threats, and firewalls. Steve can tend to be a little paranoid, but it never hurts to be safe.

Thanks to Ian Kingston (i.kingston@ntlworld.com), who provided some of the background information and to Jane Lyle at Indiana University for forwarding one of Ian's reports.

Information for Mac users

Thanks to Karen L. Bojda (kbojda@soltec.net), Bojda Editorial & Writing Services, for providing this Mac-specific information:

First, the Mac Hosts file uses a different format than Windows'. Briefly, the format is

domain.name A 127.0.0.1
OR
domain.name CNAME 127.0.0.1

(I haven't tried using 0.0.0.0, but I can confirm that "domain.name A 127.0.0.1" works fine on my Mac OS 8.5.)

Second, the file can either be called exactly "Hosts" (I'm told it's case sensitive) and placed in the System Preferences folder, or it can be called anything and put anywhere, in which case you have to run the TCP/IP control panel, click the Select Hosts File... button, and locate and select the desired file.

The following web site offers a Mac-format ad-blocking hosts file (much smaller than the one offered by the site you've got linked), along with info about configuring the hosts file on several different platforms (including the Mac and Linux): http://www.ecst.csuchico.edu/~atman/spam/adblock.shtml

Another solution is to use an ad-blocking proxy server. I use AdKiller (for the Mac), which is free and is available from http://www.robinlewis.com.

Annoying legal disclaimer

My attorney says I really need to say this: The Technology Corner website is for informational purposes only. Neither Joe nor I assume any responsibility for its accuracy, although we do our best. The information is subject to change without notice. Any actions you take based on information from the radio program or from this website are entirely at your own risk. Products and services are mentioned for informational purposes only and their various trademarks and service marks are the property of their respective owners. Technology Corner cannot provide technical support for products or services mentioned on the air or on the website.