How to Block Access to Specific Sites With a Hosts File - Windows Defender Tutorial

How to Block Access to Specific Sites With a Hosts File - Windows Defender Tutorial
Page content

A domain name isn’t actually the location of a website; it’s just a memorable name that’s associated with an Internet Protocol address, which is a considerably less memorable series of numbers, such as 182.56.54.235. Whenever you enter a domain name in your browser’s address bar, the browser connects to a Domain Name System server and is then redirected to the correct IP address from which the website is delivered.

In between your browser and the DNS server is your local Hosts file, which also associates domain names with IP addresses (even though it has no such entries by default). Whenever a browser requests a domain name, Windows reads this file to see if there’s an entry for the entered domain name. If there is, then Windows uses the Hosts file’s associated IP address and bypasses the DNS server entirely.

You can capitalize on this behavior by redirecting a domain request to any IP address you desire, including one typically associated with an entirely different domain. However, if your intention is the block the site, pointing to your localhost IP address works just fine. With this approach, requests for the blocked domain are directed to your localhost, which Windows won’t be able to find, so the domain fails to resolve.

The danger of this system is malware can potentially use the Hosts file to perform nefarious deeds. As an example, if malware changes the Hosts file to point mail.google.com to a hijacker’s Gmail-mimicked website, you might not realize you’re on the wrong site, because even the address bar would say you’re at the right place. Therefore, you enter your username and password hoping to check your Inbox, but instead deposit your login details directly into malicious hands.

Windows 8 recognizes this risk, so Windows Defender scans for changes in the Hosts file, including your changes. If it detects a change, it restores the original file, figuring the change was the result of malware. That’s thoughtful of them, but it plays havoc on your attempts to block sites. Therefore, to ensure your Hosts entries remain, you need to bypass Windows Defender by adding the Hosts file to your exclusion list and then configure the Hosts file.

Configuring the Hosts File

1. Type “defender” in the Windows search screen and click “Windows Defender” in the results.

2. Select the “Settings” tab and click “Excluded Files and Locations.” Type “C:\Windows\System32\drivers\etc\hosts” without quotes in the File Locations field, select “Add” and click “Save Changes.” Windows Defender will now ignore any changes to the Hosts file.

3. Type “notepad” in the Windows search screen, right-click “Notepad” and then click “Run as Administrator.” If a User Account Control confirmation appears, click “Yes.” This step is necessary to save any changes you make to the Hosts file; if you don’t run Notepad as an administrator, you can’t save the file in the original location. You could, however, save it to another location and then copy it back to its original location, but using Notepad as an administrator is faster and more convenient.

4. Click “File” and select “Open.”

5. Type “C:\Windows\System32\drivers\etc\hosts” in the File Name field and click “Open.” It doesn’t matter what folder you’re currently viewing as long as you enter the full path.

6. Type “127.0.0.1 “ and then the domain name on the same line. Each complete entry must be on a new line and have at least one space between the IP address and the domain name. It’s a good idea to separately add entries to the root domain name, such as “yahoo.com,” and the www version, such as “www.yahoo.com.” That way, you can be sure that both versions are blocked, regardless of the server settings or your browser.

7. Click “File” and then “Save” to save your changes. If you ever need to access the site again, repeat the procedure and delete the appropriate entries.