Steven Black Hosts File causing problems

stueycaster

Millennium Celebration Award Winner
Premium Supporter
I was using the Steven Black Hosts File to block malware and Ads. But lately the DNS Client kept activating and using 30 - 50% of my CPU and blocking me from doing anything online. By googling the symptoms of my DNS Client getting stuck like that I found that it can be caused by too large of a Hosts File. I switched back to the MVPS Hosts file. Now it's not doing that anymore. Now I have had to go back to using AdBlock to block ads.
 
Using a hosts file for this purpose is like drinking water with the bottom cut out. The number of malicious hosts that get spun up daily and randomly generated DNS records make this approach useless.
 
@stueycaster, it's actually line count and not file size that's causing the problem. Steven Black's hosts file may seem "large", but it's actually incredibly smaller than what can be handled.

If you build the lists yourself, use the "--compress" option to crunch 9 domains per line as opposed to just 1. This reduces line count and eliminates your issue.

If you don't build the lists yourself, you can also check out the Unified Hosts AutoUpdate script (ScriptTiger/Unified-Hosts-AutoUpdate), it will automatically keep any Steven Black hosts file up to date and manage custom white and black lists, etc., and also comes with compression options.

If you're looking for pre-generated listed to manually download and update yourself, there's also the "compressed" and "mcompressed" formats here:

While @Neemobeer is correct that countless domains are generated each day, it actually takes time to disperse those domains into the wild via ad campaigns, e-mail campaigns, malicious software, etc., etc., otherwise they are just malicious domains that will never be used. A DNS blacklist shouldn't be used as one's sole form of defense, but is definitely useful in combination with other layers of security. Saying that it's useless would be the same as saying all antivirus is useless because there are countless zero-days just lying in wait. However, as soon as one is released into the wild and a researcher or project collaborator catches it, that particular threat is no more and thus protects the greater majority. Again, multiple layers of security are, of course, always recommended, as any cybersecurity expert will tell you.
 
Well certainly not entirely useless but pretty close to it. These DGAs are automatically spun up and used in a variety of attacks on the order of minutes to hours and not days weeks or months.
 
I have found HOSTS blocking to be useful in the absence of uBlock Origin or something similar. I haven't implemented MVPS because it can create issues which legitimate content (such as fillable forms and online shopping, etc). But overall it has been quite useful in the past. I would not solely rely on it for malware mitigation, but if you're trying to put a system on lockdown, or something, I would definitely put this on the bucket list to roll out to systems that really shouldn't be hitting ad servers. Turn on some end-point security monitoring in an enterprise environment and you find out half of the place is on Facebook.
 
Back
Top