Now I want to avoid users to change hosts file, so that they could place/access a copy of that file locally.
Nobody seems to be asking the critical question:
WHY?
What exactly are you trying to prevent?
Anyone with even a tiny amount of experience (or a bit of Google) and a collection of free tools can redirect your traffic, provide fake or MITM SSL certs, spoof DNS information, or freeze and modify your program.
If you are trying to prevent various client-side cheats, the most viable solution is to never send the information to the clients in the first place.
If you are trying to prevent interception, that is not possible; corporate environments do it all the time and substitute SSL/TLS certs with a corporate edition as it passes through their proxies. The protocol is designed to permit that type of MITM attack because our corporate overlords demand it. :-)
What specifically are you trying to prevent, and why?