How to identify and prevent programs from phoning home

Networking monitoring can be an eye opener in regards to network connections of programs that run on a computer system.

I started to monitor network connections closely recently and decided to take a closer look at some popular programs installed on a Windows test machine to check if they'd phone home automatically.

The program I'm using for the monitoring is Fiddler, but programs like Wireshark should work as well.

I set up Fiddler and started to monitor the program's output while launching and using programs such as Bandizip, Steam or Firefox.

Some network connections are required obviously. When I enter an address in the Firefox address bar for instance, I want that connection to be made.

But there are connections that are not initiated by the user. Some may still be necessary or wanted by the user, a check for updates for instance. If you monitor the connections closely however, you may notice some that you don't consider essential or required at all.

If you take the popular archive program Bandizip for instance. It checks for updates by default but also connects to analytics.bandisoft.com on first start as well.

While you can disable the update check in the program options, you cannot disable the ping to Analytics and the setting of a cookie on the system.

Dealing with unwanted connections

Once you have identified an unwanted connection on your system, you need to find a way to deal with it. You may have several options at your disposal, for instance by creating a new rule in a software or hardware firewall to block the domain.

One of the easier options is to use the Hosts file that every version of Windows ships with. Let me walk you through the steps of blocking the Bandizip Analytics domain from connecting to your system.

1. Open File Explorer on your system. You may do so with the shortcut Windows-E, or by clicking on its icon in the taskbar.
2. Navigate to c:\windows\system32\drivers\etc.
3. Copy the hosts file to your desktop. This needs to be done as you cannot edit it directly in the directory.
4. Right-click on the hosts file on the desktop and select edit. Use Notepad or another plain text editor to do so.
5. Add the line 0.0.0.0 0.0.0.0 at the top.
6. Add the link 0.0.0.0 analytics.bandisoft.com
7. Save the document afterwards.
8. Copy it back to the c:\windows\system32\drivers\etc and confirm the replacing of it.

This blocks connections to analytics.bandisoft.com by mapping it to the address 0.0.0.0 instead of its original IP address.

Why 0.0.0.0 and not 127.0.0.1? Because it is faster.

Closing Words

It takes time to monitor and identify unwanted connections on a system. A firewall may help with that if it is configured to prompt whenever a new connection is established for the first time.