Windows 8 Changes Host File Blocking 1030
An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."
Calm down (Score:5, Informative)
Before everyone gets all excited... the article has already been updated with the fact that this is a feature of “windows defender” (and imo a reasonable one) and can be disabled.
The hosts file is popular for blocking sites, but also popular for redirecting to phishing sites as well. This seems like a very ineffective way of solving that problem, but at least it doesn’t look like there is some evil malicious intent..
In other news, running certain anti-virus products will prevent you from writing to the boot sector while they are running
Re:Another reason... (Score:5, Informative)
Enterprise customers will block it at using DNS or using Group Policy, not the hosts file.
Re:Another reason... (Score:5, Informative)
Re:Calm down (Score:5, Informative)
Linux is not owned by a single entity like Windows is.
Windows is what MIcrosoft says it is because they own it and they can do anything they like with it. If you're offended, your only alternatives are to "hack it" or abandon it.
There isn't some other pre-packaged variant of Windows you can switch to.
Re:Another reason... (Score:5, Informative)
Re:So... (Score:5, Informative)
How about this: Windows Defender removes from the hosts file references to well-known and often accessed sites that could be redirected by malware for nefarious purposes?
I might not want to visit ad.doubleclick.net but I certainly don't want it redirected to some other unknown IP address! Many, many, MANY websites I visit try to pull up links in that domain.
Perhaps they should make an exception for localhost references, but considering how much of the general population knows about hosts files, I'm inclined to side with GP. Odds are very high that on most machines running Windows Defenders, a redirected ad.doubleclick.net reference is malicious.
Mutually incompatible options (Score:5, Informative)
The option on one end is to allow the user to have full, unfettered access to everything on their system, from the highest levels down to the lowest. This was done back in the DOS and Win9x days, and although it does have a few benefits in certain niches, it's also very bad for security.
The option on the other end is to disallow access to modifying the underlying system and related settings, and only allow such actions from full administrator accounts, and maybe not even then (depending on the mindset of the development team). This pisses off a lot of the hardcore techies who like to modify everything they can, but to be fair it does help protect the average user.
Now, I'm not defending Microsoft on how they've implemented this silently and without notification to the user, but on the face of it I think it's a good idea for the average user, at least with regards to the Facebook part of it (not so much on the Doubleclick part). Think about it - the average non-techie person wants Facebook to work. They will want to get their notifications on the Start screen (and elsewhere).
I agree with other posters - they should have openly done this and notified the user before "fixing" it - something like "Your hosts file has been modified to prevent access to <site on this list>. Is this desirable to you?" with three options - "Yes", "No", "More information". That way, the techies can click "Yes" and go about their business, average users can click "More information" and maybe actually learn a little bit in the process, then come back and click "Yes" or "No" as per their wishes.
As with many things, the idea is sound, but the implementation is not. To those saying "well, malware wouldn't redirect to localhost, it'd redirect to a false Facebook", there's nothing stopping a piece of malware from being written that is similar to the existing rogue security software, but that also uses hosts to block access to various social media sites, in an attempt to give the uneducated user further reason to believe they're truly infected as bad as the rogue software tells them they are, and also as a weak attempt to prevent the user from going online and telling people about it even after the rogue software has been removed. They'll do anything to get a few more successful purchases of their crap software. I'm quite surprised they haven't really done this already, to be honest.
Re:Another reason... (Score:5, Informative)
How can I check a site is up on a server with a certain domain name before I point DNS to it?
I guess you could add it to the hosts file the way you always did.
All they did was block redirecting certain high profile domains that were commonly attacked by phishing and url redirection attacks by malware writing to the hostsfile. You'll still be able to add your my-cat-fluffys-enterprise-weblog.com and it will still work.
Unless you happen to work on small handful of high profile websites that are commonly attacked by phishing/url redirection attacks, nothing has changed.
If you do happen to work for facebook, and you do happen to use your hosts file to point facebook.com at internal development servers and you happen to use Microsoft's Windows Defender on your development pc, then things got ever so slightly more complicated. You'll probably cope, though.
if you're an enterprise IT sysadmin, this is a nightmare.
Yes, a nightmare on the same scale as the Dairy Queen across town being out of my favorite flavor. The horror.
Re:Another reason... (Score:0, Informative)
"Linux is the OS."
You just forfieted your geek card, Linux is a kernel. Ubuntu and every other Linux distribution is, in fact, an OS.
And, no, GNU/Linux doesn't count. Not until we start seeing things like DeWalt/Hovnainian houses or Monsanto/GreenGiant vegatables and other such nonsense.
Re:So... (Score:5, Informative)
IIRC doubleclick is Google. Are you seriously implying that MS is in some sort of conspiracy to give more money to Google?
Stop and think about that for a second, then get back to us once you remove the tinfoil hat.
Re:Another reason... (Score:5, Informative)
I agree that for blocking or for network-wide control using HOSTS is a horrible idea.
I also realize that the issue apparently here is blocking only.
But with that said, what about independent developers running their own web application on their machine ? If you're a web developer and you do your coding locally, it makes sense to use your host file to send a domain like dev.example.com to 127.0.0.1.
Again, I know it looks like Windows 8 won't interfere with that. But it's still an example of a legitimate reason someone might rely on the hosts file, and why it could be a major PITA to have it messed with by the OS. Or is there a better way that I'm missing ? ( (and running your own DNS server, even locally, and especially on a Windows machine, seems way overkill and no where near "better" IMO).
The problem with HOSTS files were they needed to be synchronized, distributed and maintained. Yes, it's a hold over to pre-DNS. But for a single machine who needs to set up certain private domains locally it seems the best option.
Re:Another reason... (Score:4, Informative)
Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.
Ah, so I should rather set up a DNS server for my 5 machines, rather than have one hosts file that never changes and that I append once after installation?
Re:Another reason... (Score:5, Informative)
Have you seen the firewall that comes with the Windows 7 generation? It's no iptables, but it can do the job now.
Re:Another reason... (Score:5, Informative)
iptables? Really? Have you even tried OpenBSD's pf? That's a powerfull yet easy-to-use firewall!
Comment removed (Score:5, Informative)
Re:Another reason... (Score:5, Informative)
Hell if you are worried about power you can buy one of those little plug computers or my personal favorite the little cheap E350 AMD kits. Those things are cheap, make great mini-servers or office boxes, only draw about 18w under load and less than 6w on average, great little units
Seconded, however you'd best steer clear of the Asus and Asrock boards if you plan on doing anything with the PCI slots on those boards. They all use the ASMedia 1083 pci bridge, which happens to be broken beyond belief. See here [kernel.org] and here [marc.info]. TL;DR: the controller has a hardware bug where it fails to deassert its interrupt status, causing IRQ storms which effectively makes connected devices useless.
Re:Another reason... (Score:5, Informative)
Hosts was always an unsupported system file hack
Where do you get this idea from? Hosts files are a common part [wikipedia.org] of the IP stack of various operating systems. Microsoft has been using hosts files at least since Windows 95. They are fully supported and documented [microsoft.com].
Re:Another reason... (Score:5, Informative)
No, it's a prime example of a bad IT person. If you had any clue about what you're doing, you'd lower the TTL prior to making the change, then make the change, then change the TTL back to normal.
Expecting random clients to modify their config to compensate for your incompetence is just dumb.