How to navigate away from quicksand domains which hold your browser captive until you install their software?

[hummingbird]

On Sun, 13 Jul 2008 19:09:43 -0700 'Tom'
wrote this on alt.comp.freeware:

>On Sun, 13 Jul 2008 21:58:18 +0100, hummingbird wrote:
>> The HOSTS file is named exactly that: HOSTS
>> It has no file extension.
>
>I know. I know. Of course it's named hosts.
>
>I'll explain again. You can fumble around trying to find the hosts file
>every time you have to edit it but I don't wish to be that inefficient.
>
>I just type "hosts", I make my edits, and I save the results as "hosts" and
>I'm done.

I can locate my HOSTS file on my system in about 2 seconds.
But then, I use a real filemanager (payware ZtreeWin).


>Behind the scenes, the magic of that simplicity is:
>a) Typing "Start -> Run -> hosts" exercises the "hosts.exe" registry key
>b) That hosts.exe registry key brings up the hosts.txt file
>c) Saving that as "hosts" saves that file as the proper hosts file.

I do not have a file called hosts.exe on my system, never have
had. Nor is there anything in the registry by that name.

>It's that simple. You might prefer the lousy inefficient way and that's
>just fine. Here's the horribly inefficient way to edit the hosts file.
>
>a) Navigate to C:\windows (hosts belongs here)
>b) Navigate to system32 (dunno why it's here)
>c) Navigate to drivers (it's not a driver)
>d) Navigate to etc (what's etc got to do with it?)
>e) Right click on the hosts file to edit in Notepad
>f) Save as hosts.bak (you should have a backup)
>g) Save as hosts (this overwrites the original file)

This is where the hosts file is located in XP:
C:\WINDOWS\system32\drivers\etc\HOSTS

>So, you can do it either way. I think the method I proposed is elegant.
>I think both methods will work.
>
>BTW, there isn't any hosts.exe file.
>Those who know the Windows registry know that, in Microsoft's infinite
>wisdom, the "App Paths" key MUST end with "exe" for it to work. There is no
>hosts.exe (I repeat) there is no hosts.exe. The whole point of the App
>Paths key is to make the editing of hosts a simple one-click affair.
>
>Hope this helps!


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

[Bear Bottoms]

On Sun, 13 Jul 2008 21:30:09 -0500, Tom <twilson3@hotmail.com> wrote:

> On Sun, 13 Jul 2008 13:56:14 -0500, Bear Bottoms wrote:
>> Bingo
>
> Hi BB,
>
> I stopped doing the URLs but you and others questioned the URLs so I had
> to
> repeat and test one that got me into quicksand (the others were older
> ones
> that I had made a note of prior).
>
> Please look thru the thread again and notice that I only repeated the
> URLs
> to clarify when people were confused when they kindly tested it.
>
> Also please look back and see that I'm trying to answer their concerns,
> e.g., they all got confused by "hosts.exe" which, if you know the
> registry
> (and I know YOU do), is required by microsoft in order to have a "Start
> ->
> Run -> hosts" command work.
>
> Otherwise you have to inefficiently remember the stuuuuupid illogical
> place
> Microsoft puts the hosts text file and then fumble around to get notepad
> to
> open that file sans extension.
>
> Likewise with the confusion about my method of opening a hosts.txt file
> first (in order to have a ready-made backup) and then just saving it as
> hosts so that I could, in a single editing session, have two files (one
> for
> backup).
>
> I'm sorry if people are confused by these little bits of elegance but
> I've
> realized a LOT (especially hummingbird's wonderful suggestion of using
> the
> hosts file and then shift-reloading to get out of the browser quicksand).
>
> I've also learned that other people have OTHER things happening when they
> get redirected to these malicious sites (unnamed as per popular request)
> so
> I guess that is a big reason for the confusion out there.
>
> The good news is the problem is solved.
>
> Here's the solution:
> a) When I get redirected to a quicksand site ...
> b) Instead of killing the entire browser session (which others do) ...
> c) I just type "Start -> Run -> hosts" and save the results as "hosts"
> d) Back in the browser, I just shift reload and close the quicksand tab
> which has now turned to cement forever!
>
> This is the solution I will use and I will not ask more about it (if
> others
> ask me to clarify, I'll clarify).
>
> Thanks,
> Tom

I'll give you the benefit of the doubt I had, and apologize.

--
Bear Bottoms
Freeware website: http://bearware.info

[Tom]

On Sun, 13 Jul 2008 22:48:05 -0400, Beauregard T. Shagnasty wrote:

> Tom wrote:
>
>> Behind the scenes, the magic of that simplicity is:
>
> ..to simply place a shortcut on your desktop - calling your text editor
> to load HOSTS. Then all you have to do is save after you edit, and
> bypass all those extra chores you've created for yourself.

That would work also. I prefer the registry App Paths (that's what it's
for) because I can export it and use it on multiple machines and use it
when I re-image my machine, etc. but there are more than a few ways to edit
a file that has no extension and all will work just fine.

[Beauregard T. Shagnasty]

Me Here wrote:

> Beauregard T. Shagnasty wrote:
>> Me Here wrote:
>>> If you have other tabs open that you want to keep viewing, then yes,
>>> it's a good immediate, albeit 'temporary' solution to the problem.
>>> I say temporary because using a Hosts file isn't a good solution.
>>> Many malware sites scan and remove their listings from hosts files
>>> (and even locking it via the read-only attribute won't protect
>>> you).
>>
>> What? You are gonna have to find reliable cites for that nonsense.
>>
>>> They do it by making you log into a benign site first (one that
>>> isn't blocked) and using that to remove their entry from your Hosts
>>> file before redirecting you and trapping your browser. Even
>>> running free FireFox addons such as NoScript won't protect you
>>> unless you've been caught before and know not to allow the site
>>> access to Java or JS.
>>
>> More bollox.
>
> Ahh ****it, I wasn't going to do your homework but I just couldn't
> help Googling to see how many links popped up - so many I just shook
> my head and laughed. Of course, wikipedia was among the top 3...

Hey, I don't have to do homework; you are the one who made the
statements and I asked for cites. Why should I have to prove - or
disprove - your claims.

> Here's two to start you off explaining why hosts files by themselves
> aren't secure and how easily they get hijacked:
>
> http://en.wikipedia.org/wiki/Hosts_file

Micha already answered the point about how a website hijacking the hosts
file isn't possible.

"A website alone doesn't do that. A good browser doesn't do that. An
appropriate system setup doesn't allow that. "

> and just in case you have doubts about the authenticity of information
> in wikipedia:
>
> http://www.virusbtn.com/resources/gl...hosts_file.xml
>
> Once you've grasped that, then you may begin to realise why, if you
> use a hosts file to block stuff, you need to run a hosts file manager
> (all good hosts file managers monitor the hosts file for unauthorised
> attempts at changing it) or else you're just pissing in the wind.

My hosts file is located here: /etc/hosts
What host file manager would you recommend I use?

> Next time, please Google and get your facts right before slighting
> someone else's post.

<lol> Next time, don't write statements like "Many malware sites scan
and remove their listings from hosts files" that aren't true.

And like Micha, I don't have any anti- anything software on my computer
either.

--
-bts
-Friends don't let friends drive Windows

[Beauregard T. Shagnasty]

Me Here wrote:

> Beauregard T. Shagnasty wrote:
>> Me Here wrote:
>>> ... Many malware sites scan and remove their listings from hosts
>>> files (and even locking it via the read-only attribute won't
>>> protect you).
>>
>> What? You are gonna have to find reliable cites for that nonsense.
>
> Oh, just so I don't get the wrong idea - are you saying that malware
> can't change the hosts file or that you've never heard of it being
> done?

And just so you don't think I have no knowledge of the subject, I'm
saying that your statement "Many malware sites ..." [I assume that means
web sites] is false. Subsequent infections by visiting those sites with
insecure browsers on unprotected Windows PCs may load something *else*
that could hijack a hosts file.

--
-bts
-Friends don't let friends drive Windows

[John Corliss]

Tom wrote:
> How do we get out of the browser infinite loop quicksand when we navigate
> to web pages designed to lock us in and force us to hit the "pay me" button
> (whatever they want to force you to do)?
>
> These are just a sample of nasty quicksand web pages I've run into which
> lock your browser into a loop and won't let you get out until you hit the
> "install" or "run" or "OK" button... (whatever it is they want you to do).
>
> http://www.spywareiso.com
> http://antivirus-scanner.com
> http://findyourlink.net
> http://www.findyourlink.net
> http://spywareiso2008.com
> http://www.spywareiso2008.com
> http://www.immenseclips.com
> http://antivirus2009-scanner.com
> http://thecatalogfree.net
> etc.
>
> When you navigate to these quicksand links, you can not get out of their
> infinite loop with your browser no matter what you do. I'm forced to
> control alt delete and kill the browser from the task manager ... but I ask
> ...
>
> Is there a more graceful way, after the fact, to navigate away from
> quicksand domains which have a hold on your browser, other than control alt
> deleting the browser process?

Tom, what browser are you using? That makes a big difference in how to
get around the problem.

Maybe you've answered this question already in this thread, but there
are too many replies to it for me to read the whole thread.

TIA.

--
John Corliss BS206. I use nFilter to block all crossposts and all Google
Groups posts because of Googlespam. No ad, cd, commercial, cripple,
demo, dotnet, nag, share, spy, time-limited, trial or web wares OR warez
for me, please.

[hummingbird]

On Mon, 14 Jul 2008 00:25:33 -0400 'Alfred Einstein'
wrote this on alt.comp.freeware:

>
>"Ed Mullen" <ed@edmullen.net> wrote in message
>newsIGdnTL_78LaWefVnZ2dnUVZ_uydnZ2d@comcast.com...
>> Tom wrote:
>>> On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>>>
>>>> And do a search on "hosts.exe" and you'll find things like this:
>>>
>>> I know. I know.
>>>
>>> Those who know the Windows registry know that, in Microsoft's infinite
>>> wisdom, the "App Paths" key MUST end with "exe" for it to work. There is
>>> no hosts.exe (I repeat) there is no hosts.exe. The whole point of the App
>>> Paths key is to make the editing of hosts a
>>> simple one-click affair.
>>>
>>> But, Microsoft insists that ALL "Apps Paths" keys end with "exe" whether
>>> or
>>> not the file you're trying to open ends with ".exe".
>>>
>>> So, that's the ONLY reason the hosts App Path key is called "hosts.exe".
>>>
>>> Please reply if you understand this 'cuz I feel badly that this was
>>> misunderstood by a few of you.
>>
>> You do not have a freaking clue. Your entire rant about the HOSTS file
>> management process in Windows is ignorant at best, damaging most likely,
>> possibly intent on some nefarious goal.
>
>I think Ed is dead in the head.

Ded Mullet?


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

[hummingbird]

On Mon, 14 Jul 2008 14:23:03 +1000 'Me Here'
wrote this on alt.comp.freeware:

>Tom wrote:
>> On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>>
>>> If Windows, Ctrl Alt Delete to call up the task manager; select the
>>> browser; kill it.
>>
>> Very inelegant.
>>
>> When you have a dozen tabs open, killing the browser, kills all the tabs.
>>
>> When you restart Firefox, it asks if you want to open all the old tabs,
>> but, of course, that will just open the quicksand site all over again.
>>
>> So, without editing the hosts file and shift reloading, you're forced to
>> say NO to reloading your old tabs ... and you lose them all.
>>
>> That's why you don't kill the browser session.
>>
>> Luckily we found a single-click way to solve the problem (type "start ->
>> run -> hosts, add the offending domain, and shift reload the browser). This
>> turns the quicksand URL into cement. Voila! Thanks to hummingbird!


>If you have other tabs open that you want to keep viewing, then yes,
>it's a good immediate, albeit 'temporary' solution to the problem. I
>say temporary because using a Hosts file isn't a good solution. Many
>malware sites scan and remove their listings from hosts files (and even
>locking it via the read-only attribute won't protect you). They do it
>by making you log into a benign site first (one that isn't blocked) and
>using that to remove their entry from your Hosts file before redirecting
>you and trapping your browser.

Good point MH. I've never experienced that trick, especially since
I started safe hexing, but I am aware it can happen.

These days, I seem to be safe with a hosts file to block unwanted
sites, plus a supplementary program or two (SpyWareBlaster etc).


>Even running free FireFox addons such as
>NoScript won't protect you unless you've been caught before and know not
>to allow the site access to Java or JS. You should really be running
>an IP blocking program like PeerGuardian or if that is too much hassle,
>do what I do and use OpenDNS. I'm sure there are other solutions, those
>two just spring to mind. My advice, if you don't want this happening
>again and you're the type that's likely to run across sites like these
>often, is to do a bit of research into blocking methods and choose the
>one that best suits your need.


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

[hummingbird]

On Mon, 14 Jul 2008 08:04:46 +0200 'Michael Fesser'
wrote this on alt.comp.freeware:

>.oO(Me Here)
>
>>Beauregard T. Shagnasty wrote:
>>> Me Here wrote:
>>>
>>>> If you have other tabs open that you want to keep viewing, then yes,
>>>> it's a good immediate, albeit 'temporary' solution to the problem. I
>>>> say temporary because using a Hosts file isn't a good solution. Many
>>>> malware sites scan and remove their listings from hosts files (and even
>>>> locking it via the read-only attribute won't protect you).
>>>
>>> What? You are gonna have to find reliable cites for that nonsense.
>>
>>Google is your friend. I won't do your homework for you.
>
>A website alone doesn't do that. A good browser doesn't do that. An
>appropriate system setup doesn't allow that. Many things have to go
>really wrong in order for this to be possible. The most important:
>
>* You have to use a "browser" like IE, preferrably with all ActiveX crap
> enabled (not necessary, but makes it a bit easier for the attacker).
>
> or
>
> You have to disable your brain before executing a mail attachment.
>
>* You have to be logged-in with admin privileges.
>
>In such an insecure environment it's no surprise when you get infected
>with a trojan. And if the malware is on a system with admin privileges,
>then good night. But if you are at that point, you've already made some
>huge mistakes before. On a properly configured system such things don't
>happen.
>
>Micha

Whatever, what MH described can happen and has been recorded
as happening. How often? I dunno, but a lot of people surf with
minimal security and are open to that risk. A HOSTS file is no
guarantee of absolute security.


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

[hummingbird]

On Mon, 14 Jul 2008 07:53:16 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:

>Me Here wrote:
>
>> Beauregard T. Shagnasty wrote:
>>> Me Here wrote:
>>>> If you have other tabs open that you want to keep viewing, then yes,
>>>> it's a good immediate, albeit 'temporary' solution to the problem.
>>>> I say temporary because using a Hosts file isn't a good solution.
>>>> Many malware sites scan and remove their listings from hosts files
>>>> (and even locking it via the read-only attribute won't protect
>>>> you).
>>>
>>> What? You are gonna have to find reliable cites for that nonsense.
>>>
>>>> They do it by making you log into a benign site first (one that
>>>> isn't blocked) and using that to remove their entry from your Hosts
>>>> file before redirecting you and trapping your browser. Even
>>>> running free FireFox addons such as NoScript won't protect you
>>>> unless you've been caught before and know not to allow the site
>>>> access to Java or JS.
>>>
>>> More bollox.
>>
>> Ahh ****it, I wasn't going to do your homework but I just couldn't
>> help Googling to see how many links popped up - so many I just shook
>> my head and laughed. Of course, wikipedia was among the top 3...
>
>Hey, I don't have to do homework; you are the one who made the
>statements and I asked for cites. Why should I have to prove - or
>disprove - your claims.
>
>> Here's two to start you off explaining why hosts files by themselves
>> aren't secure and how easily they get hijacked:
>>
>> http://en.wikipedia.org/wiki/Hosts_file
>
>Micha already answered the point about how a website hijacking the hosts
>file isn't possible.
>
>"A website alone doesn't do that. A good browser doesn't do that. An
>appropriate system setup doesn't allow that. "

Said the vicar to the 12 year old pregnant girl who had
unprotected sex.

>> and just in case you have doubts about the authenticity of information
>> in wikipedia:
>>
>> http://www.virusbtn.com/resources/gl...hosts_file.xml
>>
>> Once you've grasped that, then you may begin to realise why, if you
>> use a hosts file to block stuff, you need to run a hosts file manager
>> (all good hosts file managers monitor the hosts file for unauthorised
>> attempts at changing it) or else you're just pissing in the wind.
>
>My hosts file is located here: /etc/hosts
>What host file manager would you recommend I use?
>
>> Next time, please Google and get your facts right before slighting
>> someone else's post.
>
><lol> Next time, don't write statements like "Many malware sites scan
>and remove their listings from hosts files" that aren't true.
>
>And like Micha, I don't have any anti- anything software on my computer
>either.

You're out of your depth Shagnasty. Accept it and go fishing.

There are plenty of people who surf unprotected and are at risk
of getting clobbered by websites containing malware. A HOSTS
file is no absolute guarantee of safety.

[HEALTH WARNING]
If you switch off all your security s/w and surf to this website,
see what happens: www.pricelessware.org


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)