Forgot your password?
typodupeerror
The Internet Windows Technology

Windows 8 Changes Host File Blocking 1030

Posted by samzenpus
from the try-it-like-this dept.
An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."
This discussion has been archived. No new comments can be posted.

Windows 8 Changes Host File Blocking

Comments Filter:
  • Calm down (Score:5, Informative)

    by Anonymous Coward on Sunday August 19, 2012 @04:26PM (#41048107)

    Before everyone gets all excited... the article has already been updated with the fact that this is a feature of “windows defender” (and imo a reasonable one) and can be disabled.

    The hosts file is popular for blocking sites, but also popular for redirecting to phishing sites as well. This seems like a very ineffective way of solving that problem, but at least it doesn’t look like there is some evil malicious intent..

    In other news, running certain anti-virus products will prevent you from writing to the boot sector while they are running

  • Re:Another reason... (Score:5, Informative)

    by Anonymous Coward on Sunday August 19, 2012 @04:50PM (#41048293)

    Enterprise customers will block it at using DNS or using Group Policy, not the hosts file.

  • Re:Another reason... (Score:5, Informative)

    by MicroSlut (2478760) on Sunday August 19, 2012 @04:51PM (#41048301)
    What Enterprise IT Manager is using the Hosts file to block web sites? Enterprises use firewalls. I've been blocking doubleclick at the firewall/proxy level for as long as I can remember.
  • Re:Calm down (Score:5, Informative)

    by jedidiah (1196) on Sunday August 19, 2012 @04:51PM (#41048305) Homepage

    Linux is not owned by a single entity like Windows is.

    Windows is what MIcrosoft says it is because they own it and they can do anything they like with it. If you're offended, your only alternatives are to "hack it" or abandon it.

    There isn't some other pre-packaged variant of Windows you can switch to.

  • Re:Another reason... (Score:5, Informative)

    by Samantha Wright (1324923) on Sunday August 19, 2012 @05:22PM (#41048537) Homepage Journal
    It turns out Windows Defender just prevents certain domains from being added. Disable Windows Defender or use a host name less common than "ad.doubleclick.net" or "facebook.com", and the hosts file works just fine. I'm guessing the idea is to safeguard against phishing and ad-replacement attacks.
  • Re:So... (Score:5, Informative)

    by scrib (1277042) on Sunday August 19, 2012 @05:28PM (#41048569)

    How about this: Windows Defender removes from the hosts file references to well-known and often accessed sites that could be redirected by malware for nefarious purposes?

    I might not want to visit ad.doubleclick.net but I certainly don't want it redirected to some other unknown IP address! Many, many, MANY websites I visit try to pull up links in that domain.

    Perhaps they should make an exception for localhost references, but considering how much of the general population knows about hosts files, I'm inclined to side with GP. Odds are very high that on most machines running Windows Defenders, a redirected ad.doubleclick.net reference is malicious.

  • by LocalH (28506) on Sunday August 19, 2012 @05:31PM (#41048597) Homepage

    The option on one end is to allow the user to have full, unfettered access to everything on their system, from the highest levels down to the lowest. This was done back in the DOS and Win9x days, and although it does have a few benefits in certain niches, it's also very bad for security.

    The option on the other end is to disallow access to modifying the underlying system and related settings, and only allow such actions from full administrator accounts, and maybe not even then (depending on the mindset of the development team). This pisses off a lot of the hardcore techies who like to modify everything they can, but to be fair it does help protect the average user.

    Now, I'm not defending Microsoft on how they've implemented this silently and without notification to the user, but on the face of it I think it's a good idea for the average user, at least with regards to the Facebook part of it (not so much on the Doubleclick part). Think about it - the average non-techie person wants Facebook to work. They will want to get their notifications on the Start screen (and elsewhere).

    I agree with other posters - they should have openly done this and notified the user before "fixing" it - something like "Your hosts file has been modified to prevent access to <site on this list>. Is this desirable to you?" with three options - "Yes", "No", "More information". That way, the techies can click "Yes" and go about their business, average users can click "More information" and maybe actually learn a little bit in the process, then come back and click "Yes" or "No" as per their wishes.

    As with many things, the idea is sound, but the implementation is not. To those saying "well, malware wouldn't redirect to localhost, it'd redirect to a false Facebook", there's nothing stopping a piece of malware from being written that is similar to the existing rogue security software, but that also uses hosts to block access to various social media sites, in an attempt to give the uneducated user further reason to believe they're truly infected as bad as the rogue software tells them they are, and also as a weak attempt to prevent the user from going online and telling people about it even after the rogue software has been removed. They'll do anything to get a few more successful purchases of their crap software. I'm quite surprised they haven't really done this already, to be honest.

  • Re:Another reason... (Score:5, Informative)

    by vux984 (928602) on Sunday August 19, 2012 @05:39PM (#41048655)

    How can I check a site is up on a server with a certain domain name before I point DNS to it?

    I guess you could add it to the hosts file the way you always did.

    All they did was block redirecting certain high profile domains that were commonly attacked by phishing and url redirection attacks by malware writing to the hostsfile. You'll still be able to add your my-cat-fluffys-enterprise-weblog.com and it will still work.

    Unless you happen to work on small handful of high profile websites that are commonly attacked by phishing/url redirection attacks, nothing has changed.

    If you do happen to work for facebook, and you do happen to use your hosts file to point facebook.com at internal development servers and you happen to use Microsoft's Windows Defender on your development pc, then things got ever so slightly more complicated. You'll probably cope, though.

    if you're an enterprise IT sysadmin, this is a nightmare.

    Yes, a nightmare on the same scale as the Dairy Queen across town being out of my favorite flavor. The horror.

  • Re:Another reason... (Score:0, Informative)

    by Anonymous Coward on Sunday August 19, 2012 @05:48PM (#41048727)

    "Linux is the OS."

    You just forfieted your geek card, Linux is a kernel. Ubuntu and every other Linux distribution is, in fact, an OS.

    And, no, GNU/Linux doesn't count. Not until we start seeing things like DeWalt/Hovnainian houses or Monsanto/GreenGiant vegatables and other such nonsense.

  • Re:So... (Score:5, Informative)

    by LordLimecat (1103839) on Sunday August 19, 2012 @06:10PM (#41048859)

    IIRC doubleclick is Google. Are you seriously implying that MS is in some sort of conspiracy to give more money to Google?

    Stop and think about that for a second, then get back to us once you remove the tinfoil hat.

  • Re:Another reason... (Score:5, Informative)

    by garett_spencley (193892) on Sunday August 19, 2012 @07:10PM (#41049211) Journal

    I agree that for blocking or for network-wide control using HOSTS is a horrible idea.

    I also realize that the issue apparently here is blocking only.

    But with that said, what about independent developers running their own web application on their machine ? If you're a web developer and you do your coding locally, it makes sense to use your host file to send a domain like dev.example.com to 127.0.0.1.

    Again, I know it looks like Windows 8 won't interfere with that. But it's still an example of a legitimate reason someone might rely on the hosts file, and why it could be a major PITA to have it messed with by the OS. Or is there a better way that I'm missing ? ( (and running your own DNS server, even locally, and especially on a Windows machine, seems way overkill and no where near "better" IMO).

    The problem with HOSTS files were they needed to be synchronized, distributed and maintained. Yes, it's a hold over to pre-DNS. But for a single machine who needs to set up certain private domains locally it seems the best option.

  • Re:Another reason... (Score:4, Informative)

    by rrohbeck (944847) on Sunday August 19, 2012 @07:35PM (#41049387)

    Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.

    Ah, so I should rather set up a DNS server for my 5 machines, rather than have one hosts file that never changes and that I append once after installation?

  • Re:Another reason... (Score:5, Informative)

    by X0563511 (793323) on Sunday August 19, 2012 @09:38PM (#41050049) Homepage Journal

    Have you seen the firewall that comes with the Windows 7 generation? It's no iptables, but it can do the job now.

  • Re:Another reason... (Score:5, Informative)

    by hobarrera (2008506) on Sunday August 19, 2012 @10:54PM (#41050479) Homepage

    iptables? Really? Have you even tried OpenBSD's pf? That's a powerfull yet easy-to-use firewall!

  • Re:Another reason... (Score:5, Informative)

    by hairyfeet (841228) <bassbeast1968&gmail,com> on Monday August 20, 2012 @12:16AM (#41050925) Journal

    Surely you've got an old PC laying around yes? there are several free DNS servers that run on Linux and Windows, just use one of those and block anything you want blocked there. As a bonus a recursive DNS will speed up your web browsing as you aren't needing to call DNS for anyplace you've already been since you have your own DNS on the LAN, easy peasy.

    Hell if you are worried about power you can buy one of those little plug computers or my personal favorite the little cheap E350 AMD kits. Those things are cheap, make great mini-servers or office boxes, only draw about 18w under load and less than 6w on average, great little units. Newegg usually has them the cheapest if you want one.

    As for TFA if anybody didn't doubt that MSFT is expecting businesses and users with a brain to stay with Win 7 hopefully this will be your wakeup call. Hell frankly i wouldn't be surprised if MSFT takes an LTS approach to businesses because as we know businesses simply don't jump on the upgrade wagon like consumers so they can have 7 for business, 8 and 9 for consumers, 10 for business, etc. That would give business users around 7 years an OS which would be just about perfect now that PCs are lasting so much longer and the consumers can be the beta testers just like Fedora is used by RH.

  • Re:Another reason... (Score:5, Informative)

    by Anonymous Coward on Monday August 20, 2012 @04:44AM (#41052073)

    Hell if you are worried about power you can buy one of those little plug computers or my personal favorite the little cheap E350 AMD kits. Those things are cheap, make great mini-servers or office boxes, only draw about 18w under load and less than 6w on average, great little units

    Seconded, however you'd best steer clear of the Asus and Asrock boards if you plan on doing anything with the PCI slots on those boards. They all use the ASMedia 1083 pci bridge, which happens to be broken beyond belief. See here [kernel.org] and here [marc.info]. TL;DR: the controller has a hardware bug where it fails to deassert its interrupt status, causing IRQ storms which effectively makes connected devices useless.

  • Re:Another reason... (Score:5, Informative)

    by oreaq (817314) on Monday August 20, 2012 @05:45AM (#41052373)

    Hosts was always an unsupported system file hack

    Where do you get this idea from? Hosts files are a common part [wikipedia.org] of the IP stack of various operating systems. Microsoft has been using hosts files at least since Windows 95. They are fully supported and documented [microsoft.com].

  • Re:Another reason... (Score:5, Informative)

    by TCM (130219) on Monday August 20, 2012 @05:46AM (#41052379)

    I make use of the hosts file for various purposes, including getting my forum users set up with hosts file entries to the new server, beforehand, whenever our DNS entries are changing so they can still reach the forum while changes are propagating. THIS is a prime example of why the hosts file still exists and the behaviour should not be fucked with by those assclowns at Microsoft.

    No, it's a prime example of a bad IT person. If you had any clue about what you're doing, you'd lower the TTL prior to making the change, then make the change, then change the TTL back to normal.

    Expecting random clients to modify their config to compensate for your incompetence is just dumb.

Scientists will study your brain to learn more about your distant cousin, Man.

Working...