How to Turn Your Hosts File into a Malware Firewall

Your Mac's hosts file isn't just for blocking ads. It can also block connections to known malware command-and-control (C&C) servers, ransomware domains, and phishing sites.

By routing these dangerous domains to 0.0.0.0, you create a lightweight, system-level firewall that works alongside (or instead of) heavy antivirus software.

Option 1: The Hard Way (Terminal)
Free

You can use the URLhaus or Phishing Army blocklists. These are updated frequently by security researchers.

sudo nano /etc/hosts

You must copy thousands of domains. Critical: You need to update this weekly, or you're protected against yesterday's threats but vulnerable to today's.

Pros
  • Completely free
  • Lightweight (no background app)
Cons
  • Dangerous if outdated: Static lists age poorly
  • Hard to manage multiple lists
  • No validation of entries
Option 2: Antivirus Software
$40+/year

Traditional AV suites (Norton, McAfee) include web protection that blocks malicious sites.

Pros
  • Real-time scanning
  • Easy to use
Cons
  • Slow: Uses significant CPU/RAM
  • Intrusive: Popups and notifications
  • Subscription model
Option 3: The Sane Way
$5 One-Time

SaneHosts offers the "Kitchen Sink" or "Privacy Shield" profiles, which include curated malware lists from StevenBlack and URLhaus. It keeps them updated automatically.

Why it wins
  • Live Updates: Keeps your protection current
  • Zero Performance Cost: It's just a file, not a process
  • Safe Merging: Combine Ad blocking + Malware blocking
  • Touch ID: Secure your firewall settings
Get SaneHosts — $5

Compatible with macOS 14 (Sonoma) and later.