When you’re running Windows 10, you have Windows Defender antivirus and its firewall running by default. A great start. This offers solid protection for most home users. However, there is a small trick I apply on pretty much every device to improve security drastically:
- Download this file (right-click, ‘save link as’)
- Remove the .txt extension if there is one (it should just be called ‘hosts’)
- Open this folder on your PC – C:\Windows\System32\drivers\etc
- Back-up and replace the old “hosts” file with the new one.
Believe it or not: you are done. Wait, what?
Explainer: what does this hosts-file do?
Basically: this file blocks any connection from your PC to known malicious websites/domains.
How? I’ll have to get a bit technical:
When you enter “www.powrusr.com” in your browser, the following process happens:
- Your browser consults the ‘hosts’ file to see if powruser.com should connect to a predefined IP-address or location.
- If there is no existing record, your PC asks your ISP (internet service provider) to look it up for you… and they’ll provide the actual IP-address for the domain.
- Once the IP-address is known You’ll get connected and the website and/or content loads.
That being said; If you can predefine in the hosts-file (from step 1) that: “PowrUsr.com has to link to IP-address “0.0.0.0” (let’s call it a digital void), then there is NO POSSIBLE WAY for your computer to reach PowrUsr.com. It will just show you the typical browser window “can’t connect”.
How can this hostfile protect me?
The hosts-file mentioned above is an open-source curated hosts-file from Steven Black. It will block access to nearly 60.000 known malicious domains.
- Imagine you receive a phishing mail from ‘your bank’, which actually links to a known malicious domain. You can click the link, but absolutely nothing will happen.
- Imagine opening infected software. Some script will try to steal your data and send it to subdomain.maliciousdomain.com/stealingfiles… It won’t work.
- Imagine actually typing in a malicious link and you really want to visit it. It won’t happen.
But wait! There’s more!
Since this list also contains illegal tracking sites, shock-sites (trust me, you do not want to see these, ever.) and tons of agressive ad/spyware domains, your experience on the internet will be much cleaner, safer ànd faster, since no garbage ever gets through.
Extra FAQ about the hostfile:
- This is great and all, but can this break something?
It cán happen that a certain piece of software or website NEEDS to load certain (most likely malicious) ads, trackers or scripts. They may not work properly until you bypass the hosts-file. Some websites can also give you a notice like ‘you are using an ad-blocker’ and block you from reading an article.
- Can I bypass the hosts temporarily?
Yes. Just rename the file to anything but “hosts”, and it’s immediately disabled. Don’t forget to change it back to “hosts” when you’re done.
- Can this also be used to protect my (kids’) PC from things like pornography, gambling, fake news…?
Yes. If you scroll a bit down on this page, you can find curated hosts-files. These including certain types of ‘shady’ websites which add up to 80.000 entries.
- Can i block any specific site i don’t like?
Yes. Just open the hosts-file with your text-editor, create a new entry and add something like: 0.0.0.0 facebook.com
Save it and you’re done.
- Can I automatically update this hostfile?
Yes. There is software out there that can do this for you, but I choose to do it manually every few months as I prefer to keep my PC as clean as possible.
- Am I now 100% safe?
No. Your PC is now safer, but can never be 100% secure. Many malicious domains come and go every day, so you won’t be safe from unknown malicious domains. I can only advice to occasionally update the hosts-file for extra protection.
- Does this also work on a Mac?
Yes. But I don’t have a Mac, all I know is you can reach the hosts-file with Terminal, then enter: sudo nano /private/etc/hosts (before MacOS Catalina it used to be sudo nano /etc/hosts)
But after that, I’m afraid I can’t help you. If you do know (or find out), it would be awesome if you could leave a comment!