Helping people with computers... one answer at a time.

Windows 7 hosts file can only be edited with specific administrator privileges starting with the Vista operating system.

I'm very familiar with 127.0.0.1 - the network address that I've actually managed to use to make it harder for me to get on to some of the websites that I find a little bit too addictive. Now, I've gotten it to work on my XP desktop but I can't get it to work on my Windows 7 laptop. I've learned how to use Notepad to edit the file but I've not been able to get it to stick. Hope you can help me.

In this excerpt from Answercast #89, I look at changes in Windows 7 that protect the hosts file from being edited unless you specifically run Notepad as administrator.

Windows 7 hosts file

Actually, yes. It's very straightforward but it's not obvious.

The issue here is that Windows 7 includes a certain amount of additional security. This is specifically because one of the things that malware does is it will sometimes rewrite your hosts file (the file that contains these IP addresses) and redirect you from places you think you're going - to places that the malware wants you to go.

What this is, is the "hosts file".

For those who are reading along, or listening along, it's a file on your system that allows you to map specific domain names (like say, ask-leo.com) to an IP addresses, thereby avoiding the DNS lookup that would send that domain name lookup to the right server.

Server DNS system

Now, normally you don't want to do that. You want Ask Leo! to come up from the DNS system - so that If I get a new IP address, and if I move the website to a different server, it all becomes transparent to you - because you're not dealing with IP addresses; you're dealing with "ask-leo.com."

So with that in place, sometimes there are reasons that you want to change the Hosts file: for example, to prevent people from going to certain places.

IP address of "this" machine

The number that this person mentioned at the beginning of the question, 127.0.0.1, is a special IP address that always refers to "this machine."

In other words, 127.0.0.1 is an IP address for your machine, and on my machine it's an IP address that means "my machine."

What that means is that it's a valid IP address that you can then use to override an IP address.

Altering the Hosts file

So, let's say you didn't want people to go to ask-leo.com - ever. (Not sure why you'd want to do that but I'll use myself as the example.)

In the hosts file, what you would do is you would add an entry that said basically "127.0.0.1 is the IP address of ask-leo.com." Then any time you try to go to ask-leo.com, the lookup would get the local address and it would try and fetch the web page from your own machine.

Well... your own machine isn't running a web server and therefore, the lookup would fail.

That's one way of blocking access to questionable sites or, as this person has asked, addictive sites.

Finding the Hosts file

So, where is the hosts file? How do you edit it?

Well. The hosts file has actually not moved in a long, long time. It's in C:Windows/system32/drivers/etc, and in that folder is the file called hosts.

It is just a text file.

Now as I said earlier, Windows 7 increased the security on that file making it more difficult for random programs to modify it - because, as I said, malware can actually cause the lookup to be redirected, not necessarily to your machine... but to their machine.

You may think, for example, that you are going to Paypal.com but if malware makes Paypal.com actually refer to some server in, I don't know, China, then you could be thinking you're accessing PayPal when you're not.

That's why this security is so important. Many anti-spyware tools (Spybot comes to mind) actually perform a similar kind of lockdown of this file and prevent you from modifying it.

Accessing the Hosts file in Windows 7

Now, what you need to do in Windows 7 is actually very simple.

You need to run Notepad as the administrator.

  • So in the Start menu, in All Programs, in Accessories, you should find a shortcut for Notepad.

  • Right-click on it and then click on "Run as Administrator."

  • Then use File - Open to open C:Windows/system32/drivers/etc - hosts.

You should be able to make the modifications that you're looking for. You should be able to make entries in that file to make these kinds of mappings and then save the file.

In other words, you need to run the editing tool "as the administrator."

It's not enough to have administrator privileges on your account because, I've discussed before, even though you may have administrative privileges you aren't actually running as the administrator until you specifically request it with this "Run as Administrator" idea.

Malware detection tools

There's one other thing that can get in the way I alluded to it earlier; and that is your anti-malware software.

Since the hosts file is a known place where malware likes to play, sometimes your anti-malware software will also get in the way. Now I can't tell you specifically what it is in your program because I don't know if you're running anti-malware software, and if the anti-malware tool you're running includes this protection. But it's something to look for.

If, after running the Notepad with "Run as Administrator" and making changes, and those changes don't stick - then you should absolutely take a look at the anti-malware software that you're running and see if there are options to prevent it from monitoring the hosts file; or options that will allow you to temporarily remove that protection while you make the changes you want to make.

(Transcript lightly edited for readability.)

Article C6259 - January 20, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

10 Comments
Ken B
January 21, 2013 11:11 AM

The hosts file is often set to read-only (either by anti-malware programs, or by Windows itself), which would prevent even a "run as administrator" program from overwriting it. (The file may even be set to "system" and/or "hidden".)

What I do is start an administrator command prompt (just like your administrator notepad, but for "command prompt" instead), and type:

cd %windir%\system32\drivers\etc
attrib hosts
(Make note of the attributes)
attrib -r -s -h hosts
notepad hosts
attrib +r hosts
(Use "+r", "+s", and/or "+h", depending on original attribs.)
exit

James
January 22, 2013 10:26 AM

Microsoft Security Essentials doesn't like you modifying the hosts file from the original. It will erase all your changes.

The only way around is to create an exception but then it won't scan it for changes that are made since you made the last known changes. Frustrating.

I've not experienced this myself. I fairly regularly fiddle with my hosts file (as I'm testing various sites and domains) and run MSE - never had a change get undone on me.
Leo
22-Jan-2013

bob price
January 22, 2013 10:36 AM

Now I'm totally confused. Do you "want" sites listed in the hosts files, or you "don't want" them listed?

i just opened mine and there are a great many sites that I have never visited, nor ever will. How did they get there, and is that a good or bad thing?

It depends.

You *may* want sites listed there if you're attempting to prevent access to those sites. Those would have addresses of 127.0.0.1. It's a common technique that some anti-spyware tools use - they put known bad sites in a list here to prevent you from ever accidentally going there. Some ad blockers also use this technique.

You *may not* want sites listed there that are being directed to some other address. For example malware can put things there that could cause you to visit their server when you, for example, think you're visiting paypal.com (or google.com or who knows what else). Good anti-malware tools should check for this.
Leo
22-Jan-2013

connie
January 22, 2013 10:53 AM

Bob Price,
That's worrisome. I would think that, generally, you don't want sites listed in the hosts file as each listing is a redirect. Especially if you didn't put them there!

I'm a web designer and I use the Hosts file all the time when I am making DNS changes (like registering a new domain.) Generally the hosts file has nothing in it except instructions.

What you can do is put a # (pound sign) at the beginning of each line and save the file, then see if things run normally. Back up the file first, and ideally backup the whole computer.

Might be time for a deep malware look!

bob price
January 22, 2013 11:06 AM

Thanks, Connie, so why not just delete every entry? And I frequently run about six differernt malware, spybot, and virus problems, one at a time.

bob price
January 22, 2013 11:11 AM

More: adding an * is fine, but there are a gigantic number of lines--it would take hours. Why not rename host to host-old, reboot, and see what happens.? I really thought i understood the purpose of the host file, but now see that I'm clueless.

bob price
January 22, 2013 11:24 AM

Confusion continues: other sites say adding a server will actually block access, so I want bad sites listed, right?

"If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts."

Carlos Malferrari
January 22, 2013 1:43 PM

An excellent hosts editing program is HostsMan, freeware, available at http://www.abelhadigital.com/hostsman. Do check it out.

Terry Hollett
January 22, 2013 5:08 PM

Sometimes the notepad method doesn't work because your anti virus will still not give you easy access to it. So you can usually edit it in safe mode if all else fails.

Ken B
January 23, 2013 11:50 AM

Bob Price... Let me add some emphasis to the item you quoted:

"If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server."

Note that "127.0.0.1" is always "this computer".

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.