Securing Your Mac Against Malware with Hosts File

gasmask

With zero day vulnerabilities on the loose more than ever before, it is best to take every precaution against being the first to get your system broken by malicious hackers. One way that helps is to avoid altogether any sites that are known to be suspect. One site that maintains a very good list of sites for blocking is http://someonewhocares.org/hosts/. This file can be copied and pasted directly into your system host file (see the directions in the page itself) to immediately give your system protection. It is a long file, which should give you some idea of how big a problem malware is.

Malware protection is a moving target however. The moment you have pasted something into your hosts file, someone else in the world is already setting up another malicious site that will need to be blocked. The hosts file at the above site changes periodically with updates to new blocked sites that you will want on your system. Managing the changes can be a complicated and repetitive task. You wouldn’t want to remember to check the site, then sit and compare the new hosts file to the previous one manually – that’s a foolish use of your time when a computer program can do the job better. Using a tool to automate this takes the headache off your shoulders and provides prompt updates. Enter Gas Mask.

Gas Mask is a tool that lets you manage one or more static or dynamic hosts files and keeps a constant merged list.  I use the original hosts file from my Mac with some local additions, a list of hosts for Adobe updates, and the dynamically updated hosts file from the above site. For those that don’t know, using the localhost address is a shortcut to point to your own machine instead of the bad site. Make sure the tool is set to run at system startup so that it is always doing its job. Your computer will check this file before checking the internet for the location of a web site, so you are always protected no matter where you are.

Gas_Mask_Prefs

The dynamic pieces are constantly checked according to a schedule you define in the Preferences, then assembled and saved as your hosts file. Visiting any of the sites listed as 127.0.0.1 (or 0.0.0.0 if you used the zero version of the site) should come up as blocked. Enjoy your new found safety!

BTW, if you are a Windows user, this will work for you too, however I am not aware of any tools that manage this for you.

Advertisements