There are arguments for and against the hosts file method. Some state that using hosts files slows down the browsing experience; others argue that malware slows you down even more. In testing these methods, I found no significant performance issues. You will need to try it and judge for yourself. However, it does effectively foil any attacks on your system.
However, as you can imagine, the number of entries you would need to include are a bit overwhelming. In addition, as I mentioned earlier, many of the most popular software vendors do not find all the same malware attacks.
How can we be more even more effective?
Making protection simpler
Obviously, manual input is not the way to go. Not only is initial input a massive undertaking, keeping it updated would be a daily administrative task. Thankfully there is a better way several actually.
There are a number of different solutions to automate the process. You can use Winhelp 2002, which will backup your current hosts file and install a fully populated list. Dan Pollack provides a cut and paste solution. Also, there are tools to help automatically update the hosts file. Tools like FaltronSofts Hosts File Updater, HOSTS Secure or Abelhadigitals HostsMan.
HostsMan seems to have the best set of features and automates the update process every 12 hours. Two things to keep in mind: you cannot change the update schedule interval, and you need to restart your machine for the newest updates to take effect on your system.
As you could guess, the bad guys know exactly what we are doing, so some malware is designed to change your hosts file. They do this either by redirecting traffic to phishing sites, blocking Security updates or modifying the registry to change where the operating system looks for the Hosts file.
Check to ensure your security software protects against registry changes and changes to the hosts file. If not, there is always the age-old method of logging in with a non-administrative account. This is still the best way to protect from these kinds of changes. The reality is, though, it does not always work in every situation.
Now these solutions do not mean you get to stop paying your annual subscription to your favorite security software. After all, these methods are meant to work in conjunction with your current solution, not as a replacement. Think of it as the predator /prey relationship. The predator spends time looking for the weakest of the herd. If one of its potential victims proves to be too much of a challenge, it moves on to easier hunting.
I understand no one wants to be called a victim or prey, but that is the point. A little bit of diligence, an extra layer of security and then these terms are nothing more than an illustrative analogy rather than a grim reality. Best of all, this is a free solution that is easy to implement and maintain.