I see this thread is getting limp.
- not surprising after a run of 101 pages !

I have some q's from a noob perspective...
1. Which is best practice to block - use hosts entries, use a Firewall, or both ?
2. I see many examples contributed here have several entries per developer. Where/how does one get to know all these?
4. Has anyone distilled down all the contributions here to a MASTER FILE (besides like somewhocares) ?
3. Which is a good general-purpose popular firewall (for DAW work); a 3rd-party one or Windows Firewall?
5. I see other similar topic threads around eg.
"Host file... etc/host,
How do I stop plugins from connecting to the internet and calling home?
Is there an easy hosts on/off switcher available at all?"
... so I might be asking similar questions there too ...

 

Last edited: Jan 11, 2026 at 2:06 PM

I use a hosts file generated from a couple sources, a software firewall and a DNS service not hosted on the same machine (NextDNS in my case. PiHole, grimd or similar if you want to self-host).

Behaviour analysis of the software. Decompilation, string extraction from the binary. Domain scanning (e.g. SubDomainFinder).

I don't think so.

Windows Firewall Control and simplewall are pretty good frontends to the Windows Firewall.

Set your software firewall to block all traffic and have it notify you of programs trying to connect to the outside world and build an allowlist over time. Blocking your DAW will also block most (>90%) plugins, but won't catch plugins using Windows' built-in functionality (WebView, curl, opening URLs in one of the installed browsers, ..) or standalone programs the plugin may have installed. So just blocking your DAW and letting everything else pass through the firewall is not a watertight option.

https://github.com/scottlerch/HostsFileEditor for example.

 

I use easylist hosts file which can be downloaded from Github: https://github.com/easylist/easylist it's one of the best.

I do use uBlock Origin (which uses easylist and a couple of others), too, but I realised in some cases it's not enough for effective blocking and if you don't want or can't use Ad blocker, this one is pretty good. It's better to block Ad websites completely, at the source. I've compiled my own list-hosts file from looking at what uBlock Origin blocks, but using easylist is definitely much easier.

Using a different DNS server helps too, so you don't get spied on (lol, I wonder but anyway...) served malware. I use Quad9 which is based in Swiss even on my Android phone. Speaking of Android phone, installing DuckDuckGo browser is a good way to block tracking from apps you have installed.

Now, I guess Android also has /etc/hosts file. Maybe there's a way to edit it.

 

To bypass your hosts file you may be able to just use a VPN.
(Some free one you can have in your browser menu, maybe.)

I use BlueLife Hosts Editor to manage the hosts file, and it also has easy-to-enable & disable check boxes for each line.
But as I use Windows Firewall (Windows Firewall Control GUI) I guess hosts file is redundant.
I do it anyway