Adblock Plus
Browser plugin solutions for blocking ads such as Adblock Plus have become increasingly popular; at the time of this post ABP is the most used Firefox extension. For the uninitiated, ad blocking plugins work by offering various filters to block your browser from downloading from certain domains over the HTTP and HTTPS protocols. At first glance this seems like the ultimate solution and certainly is a good one but it has a few notable and often overlooked drawbacks compared to other solutions.
Hosts File and Advantages
The hosts file is a plain text file that resides on your computer and serves your operating system with mapping hostnames to IP addresses. That definition contains an inline explanation as to why editing your hosts file has more advantages than using ad blocking plugins. For one, because the hosts file serves your operating system at a native level, it has a performance edge compared to ad blocks happening at the browser level. Plugins can be a large burden on already resource intensive browsers due to their runtime nature as well as bugs that result in excess resource hogging. Hosts file blocking can be used with relative effectiveness against known malicious domains that may attempt to compromise your computer through other channels. Browser level blocking deals solely with the HTTP and HTTPS protocols whereas hosts file changes block all connections across all TCP/IP protocols including SSH and FTP. On top of all of that, this can be an additional method to disable or hinder tracking on top of solutions offered by software like ABP. It is important to note that there simple workarounds such as using a hardcoded IP address rather than a domain to launch an attack; therefore, as always, a motivated attacker using a targeted attack will not be deterred.
Getting Started
The first step is to find your hosts file depending on your operating system which you can edit using a text editor such as Notepad.
File Location and Editing
Note: You may lack permissions to save to the directory and will be therefore required to create a new file outside the directory and replace it. Be sure to copy the old hosts file just in case. Also be sure to save as a plain text file—a file with no extension, not even a “.txt” extension. I used Notepad++ to achieve this.
Windows location: C:\Windows\System32\drivers\etc\hosts
Linux location: \etc\hosts
OSX location: \private\etc\hosts
Simple Hosts File Edit
For this demonstration I am going to add just one rule to the hosts file. By adding the following line, the domain “ad.doubleclick.net” will resolve to 0.0.0.0 which is your local machine. This means that anytime that your browser is prompted to download anything from “ad.doubleclick.net” it will block the request and resolve it to your local machine, thereby not displaying the ad.
Simple addition of rule to block DoubleClick
I use 0.0.0.0 instead of 127.0.0.1 because I believe it performs a bit faster since 127.0.0.1 waits for a timeout and I often use 127.0.0.1 for development purposes.
Possible Anti-virus Conflicts
Upon saving the hosts file you may run into a problem with anti-virus software detecting a possible hijacking. A relatively common form of attack is to indeed edit the hosts file and resolve domains to malicious addresses; therefore, Windows Defender immediately comes to my aid. In order to make changes, you have to first add the file in whatever anti-viruses exclusion list. Below is the navigation in Windows Defender where I would click ‘Add’ and it would appear below the input in the list of exclusions.
Windows Defender Navigation
NoScript
NoScript is a browser plugin much like ABP in that it blocks content similarly. The difference is that by default NoScript blocks all JavaScript and other extra content. In order to use NoScript you have to individually whitelist content, causing your browser to reload the page and run accordingly. This is done using the dropdown and click-to-allow interface.
Example of the NoScript interface
There is a noticeable advantage to security and performance by allowing you to decide what content you see from the webpage the first time you visit. Performance is enhanced since you’ve limited the amount of scripts running to only those you allow and deem important. Security is present because you get to personally allow content rather than it just being downloaded automatically without your consent or even knowledge. This allows you time to look up what you’re allowing before giving consent to run.
So-Called Breaking Browsing Experience
Developers might be displeased to think that you are viewing their content how you deem fit but NoScript certainly gives the power back to the user who is ultimately vulnerable otherwise. The amount of content that must be whitelisted often reflects on the reputation of the site itself. For instance accessing Wikipedia might only require me to quickly click-to-whitelist “wikipedia.org” and “wikimedia.org”.
However accessing any sort of reputable or otherwise news publication may involve me deciding what to allow from a list of 10+ requests. Adblock Plus and NoScript “break” the browsing experience in the sense that the developer controls what content you allow. Adblock Plus simply breaks content it deems as ads while NoScript breaks most of the extra content on the site and allows you to rebuild it yourself by what you allow. You can however easily allow all scripts on the page with NoScript should you tire of dealing with the system.
ABP, NoScript, Hosts Combination Benchmarks
The reason I use a combination of NoScript and my hosts file is because it offers a considerable performance boost as well as the most safety. As browsers in general are huge resource burdens it is rather easy to resist the temptation to use both NoScript and Adblock Plus plugins. NoScript uses less resources than Adblock Plus, allows less scripts to run by default, and uses less bandwidth because of this. Below is a table showing the bandwidth benchmarks for a few possible configurations, MVPS is the name of a popular Hosts file that blocks known ad servers.
A few of the bandwidth saving percentages highlighted in red. Source: IANIX
Here we see the ideal configuration for bandwidth and security is using NoScript in conjunction with hosts file blocking to edge out the most bandwidth efficiency possible of the combinations.
Importance of Ads
It is good to remember that ads are an important source of revenue for sites and by allowing them to run you are already supporting them. I stress an emphasis on fair and reasonable ad allowance and for that reason I myself do not block tracking from Google’s DoubleClick or AdSense. However, I always believe it is important to exercise your freedom to maintain the level of privacy and security that allows us all to comfortably use the web.
It’s important to decide if editing your hosts file is for you as it may require upkeep and hinder browsing experience depending on whether you plan on using it for simply blocking ads or as a shortcut to DNS lookup for some of your most visited sites. If you plan on using a large hosts file of your own or a community one such as MVPS HOSTS which can be found here, it is necessary to disable the DNS Client service from your computer in order to prevent a notable performance hit.
