Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I edit the hosts file in Windows 7?

I’m very familiar with 127.0.0.1 – the network address that I’ve actually
managed to use to make it harder for me to get on to some of the websites that
I find a little bit too addictive. Now, I’ve gotten it to work on my XP desktop
but I can’t get it to work on my Windows 7 laptop. I’ve learned how to use
Notepad to edit the file but I’ve not been able to get it to stick. Hope you
can help me.

In this excerpt from
Answercast #89
, I look at changes in Windows 7 that protect the hosts file
from being edited unless you specifically run Notepad as administrator.

]]>

Windows 7 hosts file

Actually, yes. It’s very straightforward but it’s not obvious.

The issue here is that Windows 7 includes a certain amount of additional security. This is specifically because one of the things that malware does is it will sometimes rewrite your hosts file (the file that contains these IP addresses) and redirect you from places you think you’re going – to places that the malware wants you to go.

What this is, is the “hosts file”.

For those who are reading along, or listening along, it’s a file on your system that allows you to map specific domain names (like say, ask-leo.com) to an IP addresses, thereby avoiding the DNS lookup that would send that domain name lookup to the right server.

Server DNS system

Now, normally you don’t want to do that. You want Ask Leo! to come up from the DNS system – so that If I get a new IP address, and if I move the website to a different server, it all becomes transparent to you – because you’re not dealing with IP addresses; you’re dealing with “ask-leo.com.”

So with that in place, sometimes there are reasons that you want to change the Hosts file: for example, to prevent people from going to certain places.

IP address of “this” machine

The number that this person mentioned at the beginning of the question, 127.0.0.1, is a special IP address that always refers to “this machine.”

In other words, 127.0.0.1 is an IP address for your machine, and on my machine it’s an IP address that means “my machine.”

What that means is that it’s a valid IP address that you can then use to override an IP address.

Altering the Hosts file

So, let’s say you didn’t want people to go to ask-leo.com – ever. (Not sure why you’d want to do that but I’ll use myself as the example.)

In the hosts file, what you would do is you would add an entry that said basically “127.0.0.1 is the IP address of ask-leo.com.” Then any time you try to go to ask-leo.com, the lookup would get the local address and it would try and fetch the web page from your own machine.

Well… your own machine isn’t running a web server and therefore, the lookup would fail.

That’s one way of blocking access to questionable sites or, as this person has asked, addictive sites.

Finding the Hosts file

So, where is the hosts file? How do you edit it?

Well. The hosts file has actually not moved in a long, long time. It’s in C:Windows/system32/drivers/etc, and in that folder is the file called hosts.

It is just a text file.

Now as I said earlier, Windows 7 increased the security on that file making it more difficult for random programs to modify it – because, as I said, malware can actually cause the lookup to be redirected, not necessarily to your machine… but to their machine.

You may think, for example, that you are going to Paypal.com but if malware makes Paypal.com actually refer to some server in, I don’t know, China, then you could be thinking you’re accessing PayPal when you’re not.

That’s why this security is so important. Many anti-spyware tools (Spybot comes to mind) actually perform a similar kind of lockdown of this file and prevent you from modifying it.

Accessing the Hosts file in Windows 7

Now, what you need to do in Windows 7 is actually very simple.

You need to run Notepad as the administrator.

  • So in the Start menu, in All Programs, in Accessories, you should find a shortcut for Notepad.

  • Right-click on it and then click on “Run as Administrator.”

  • Then use FileOpen to open C:Windows/system32/drivers/etchosts.

You should be able to make the modifications that you’re looking for. You should be able to make entries in that file to make these kinds of mappings and then save the file.

In other words, you need to run the editing tool “as the administrator.”

It’s not enough to have administrator privileges on your account because, I’ve discussed before, even though you may have administrative privileges you aren’t actually running as the administrator until you specifically request it with this “Run as Administrator” idea.

Malware detection tools

There’s one other thing that can get in the way I alluded to it earlier; and that is your anti-malware software.

Since the hosts file is a known place where malware likes to play, sometimes your anti-malware software will also get in the way. Now I can’t tell you specifically what it is in your program because I don’t know if you’re running anti-malware software, and if the anti-malware tool you’re running includes this protection. But it’s something to look for.

If, after running the Notepad with “Run as Administrator” and making changes, and those changes don’t stick – then you should absolutely take a look at the anti-malware software that you’re running and see if there are options to prevent it from monitoring the hosts file; or options that will allow you to temporarily remove that protection while you make the changes you want to make.

(Transcript lightly edited for readability.)

Subscribe to Confident Computing! Tech problem solving & safety tips with a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my FREE special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

No strings. No email. Here's the direct download. (Just right-click and "Save As...".)

10 comments on “How do I edit the hosts file in Windows 7?”

  1. The hosts file is often set to read-only (either by anti-malware programs, or by Windows itself), which would prevent even a “run as administrator” program from overwriting it. (The file may even be set to “system” and/or “hidden”.)

    What I do is start an administrator command prompt (just like your administrator notepad, but for “command prompt” instead), and type:

    cd %windir%\system32\drivers\etc
    attrib hosts

    (Make note of the attributes)

    attrib -r -s -h hosts
    notepad hosts
    attrib +r hosts

    (Use “+r”, “+s”, and/or “+h”, depending on original attribs.)

    exit

    Reply
  2. Microsoft Security Essentials doesn’t like you modifying the hosts file from the original. It will erase all your changes.

    The only way around is to create an exception but then it won’t scan it for changes that are made since you made the last known changes. Frustrating.

    I’ve not experienced this myself. I fairly regularly fiddle with my hosts file (as I’m testing various sites and domains) and run MSE – never had a change get undone on me.

    Leo
    22-Jan-2013

    Reply
  3. Now I’m totally confused. Do you “want” sites listed in the hosts files, or you “don’t want” them listed?

    i just opened mine and there are a great many sites that I have never visited, nor ever will. How did they get there, and is that a good or bad thing?

    It depends.

    You *may* want sites listed there if you’re attempting to prevent access to those sites. Those would have addresses of 127.0.0.1. It’s a common technique that some anti-spyware tools use – they put known bad sites in a list here to prevent you from ever accidentally going there. Some ad blockers also use this technique.

    You *may not* want sites listed there that are being directed to some other address. For example malware can put things there that could cause you to visit their server when you, for example, think you’re visiting paypal.com (or google.com or who knows what else). Good anti-malware tools should check for this.

    Leo
    22-Jan-2013
    Reply
  4. Bob Price,
    That’s worrisome. I would think that, generally, you don’t want sites listed in the hosts file as each listing is a redirect. Especially if you didn’t put them there!

    I’m a web designer and I use the Hosts file all the time when I am making DNS changes (like registering a new domain.) Generally the hosts file has nothing in it except instructions.

    What you can do is put a # (pound sign) at the beginning of each line and save the file, then see if things run normally. Back up the file first, and ideally backup the whole computer.

    Might be time for a deep malware look!

    Reply
  5. Thanks, Connie, so why not just delete every entry? And I frequently run about six differernt malware, spybot, and virus problems, one at a time.

    Reply
  6. More: adding an * is fine, but there are a gigantic number of lines–it would take hours. Why not rename host to host-old, reboot, and see what happens.? I really thought i understood the purpose of the host file, but now see that I’m clueless.

    Reply
  7. Confusion continues: other sites say adding a server will actually block access, so I want bad sites listed, right?

    “If you put ad server names into your Hosts file with your own computer’s IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a “busy signal” of sorts.”

    Reply
  8. Sometimes the notepad method doesn’t work because your anti virus will still not give you easy access to it. So you can usually edit it in safe mode if all else fails.

    Reply
  9. Bob Price… Let me add some emphasis to the item you quoted:

    “If you put ad server names into your Hosts file with your own computer’s IP address, your computer will never be able to contact the ad server.”

    Note that “127.0.0.1” is always “this computer”.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.