Forgot your password?
typodupeerror
The Internet Windows Technology

Windows 8 Changes Host File Blocking 1030

Posted by samzenpus
from the try-it-like-this dept.
An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."
This discussion has been archived. No new comments can be posted.

Windows 8 Changes Host File Blocking

Comments Filter:
  • Another reason... (Score:5, Insightful)

    by Spritzer (950539) * on Sunday August 19, 2012 @04:21PM (#41048071) Journal
    So, after reading the article this can be summarized as "Microsoft gives you one more reason to disable Windows Defender and use a third party AV app."
  • by binarylarry (1338699) on Sunday August 19, 2012 @04:23PM (#41048081)

    Microsoft gives you one more reason to switch to Mac OSX or Ubuntu.

  • So... (Score:5, Insightful)

    by Anonymous Coward on Sunday August 19, 2012 @04:24PM (#41048089)

    Just add the hosts file to the Defender's white list. If you know how to edit the hosts file, you should know how to add it to the white list.

    Otherwise, who says the edits to that file were not malicious.

  • by Anonymous Coward on Sunday August 19, 2012 @04:28PM (#41048117)

    As comments in the article point out, this behavior can be turned off by going to the Windows Defender settings... But by and large this make sense for 95% of Windows users as they will have NO clue about the hosts file, and even less of a clue if it has been modified for a phising attack. Nice to see microsoft take another step forward in protecting the blindingly ignorant and inept.

  • by Anonymous Coward on Sunday August 19, 2012 @04:29PM (#41048133)

    I completely agree. This is the nail in the Windows coffin for me.

  • by Anonymous Coward on Sunday August 19, 2012 @04:29PM (#41048137)

    Microsoft gives you one more reason to switch to Mac OSX or Ubuntu.

    You think Apple or Canonical would never do this? What are you smoking? Maybe switch to Debian would sound a little more reasonable. Buy up routers that actually let you block things while you still can is more like it though. I wonder how long before you aren't ALLOWED to block certain addresses on pain of going to jail as a dirty pirate.

  • by lowlymarine (1172723) on Sunday August 19, 2012 @04:32PM (#41048155)
    Exactly, this is a perfectly reasonable anti-phishing measure that can be easily disabled, as is clearly explained in the linked article. But hey, we can't have any such pesky facts sneak into a /. summary, it might stymie some good old-fashioned MS bashing.
  • by Blue Stone (582566) on Sunday August 19, 2012 @04:39PM (#41048219) Homepage Journal

    Yeah, this is basically a cack-handed way of fixing malicious hosts redirects.

    It'll prevent malicious programmes from sending you to fake Facebook, but at the expense of entirely overriding any preferences YOU as tthe computer owner might wish to make via the Hosts file.

    It's a staggering level of incompetence that this is their solution. It needs to be changed and they need to find either another way of solving it or allow some form of granulation and user input.

  • by nurb432 (527695) on Sunday August 19, 2012 @04:39PM (#41048223) Homepage Journal

    Hope you enjoy your new 'media consumption appliance'. Its becoming less and less of a 'general purpose computer' every day.

  • by ackthpt (218170) on Sunday August 19, 2012 @04:39PM (#41048225) Homepage Journal

    I completely agree. This is the nail in the Windows coffin for me.

    If you are an enterprise IT manager this is your dream come true. You're not seeing this from the angle Microsoft is, they count on enterprise income more than they do home users.

  • Re:Calm down (Score:2, Insightful)

    by Anonymous Coward on Sunday August 19, 2012 @04:51PM (#41048303)

    Linux isn't an operating system, just a kernel. Fedora 17 is an operating system. Windows is an operating system. All of windows is developed and produced by microsoft.

    I think the point you were tryign to make is that its an optional part of windows.

  • Re:Calm down (Score:5, Insightful)

    by khasim (1285) <brandioch.conner@gmail.com> on Sunday August 19, 2012 @04:52PM (#41048309)

    This seems like a very ineffective way of solving that problem, but at least it doesnâ(TM)t look like there is some evil malicious intent..

    Considering that one of the sites they are unblocking is ad.doubleclick.net (which is often blocked because the user wants it blocked) then Microsoft is taking away an option from the user.

    What will be interesting will be when someone compiles a list of the sites that will be unblocked ... and finds how many BANKS will still be subject to phishing like this ... but ad.doubleclick.net will be protected.

    This is a stupid move by Microsoft done in a stupid fashion.

  • Re:Calm down (Score:5, Insightful)

    by mrnobo1024 (464702) on Sunday August 19, 2012 @04:54PM (#41048319)

    The hosts file can only be modified by administrators. Any additional protection is useless because if malware has gotten itself running as administrator, it can just kill or modify windows defender anyway.

  • by kimvette (919543) on Sunday August 19, 2012 @04:56PM (#41048345) Homepage Journal

    This is another good reason to stick with Windows 7, giving Windows 8 a miss.

    One common use of the hosts file is to test staging servers, particularly web servers before pushing them live, and without the complexity and time it takes to set up an additional DNS server.

  • Re:Calm down (Score:5, Insightful)

    by Firehed (942385) on Sunday August 19, 2012 @04:57PM (#41048349) Homepage

    Yes, but among the vast majority of users (i.e., not Slashdot readers), the hosts file is an attack vector rather than an adblocker or development tool. All of that security training people should receive around double-checking what's in the address bar goes out the window when the hosts file has been compromised.

    It sounds like MS's security tools have been a bit overzealous in trying to protect this file and can't determine what's a legitimate versus non-legit edit. But it's better to err on the side of being more rather than less secure here, especially with the amount of damage a maliciously-edited hosts file can do.

    Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out. There should be a tool that can edit, save, and sign the hosts file to make this distinction, not entirely unlike visudo - and all operating systems should have something similar. My Cisco VPN client straight-up replaces my hosts file every time I connect, and while I was able to find and update the file it uses to make that less annoying (I have hosts for a lot of VMs in there), the fact that a non-privileged application can do that is quite scary.

  • Re:Calm down (Score:5, Insightful)

    by techno-vampire (666512) on Sunday August 19, 2012 @05:12PM (#41048445) Homepage
    Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out.

    No, it's Microsoft being stupid and ignoring its own security. If a non-privileged program is permitted to ignore the fact that a file is set to be Read-Only, you have absolutely no protection against malicious code changing anything it wants. All it has to do is infect Windows Defender and it can do anything it wants. If I were still a Windows user, I'd be very reluctant to trust Windows 8 at this point because of this obvious lack of common sense in how it handles this.
  • by Nerdfest (867930) on Sunday August 19, 2012 @05:12PM (#41048449)

    If they're interested in 'enterprise' (I really hate that word these days), they may want to have a look at what's been happening. Good or bad security-wise, people have been pushing for using their own devices, devices they *like* to use. I think the only thing really stopping it from taking off for tablets and phones is the failure of Rim, Apple, etc, to open their protocols so a business does not need to pick a single type of device. If they ever figure that out, Microsoft is hosed.

  • But it also does this for Doubleclick, which sounds more like someone sucking up to their corporate partners.

    You do realize who owns DoubleClick, right? Google. Not exactly a partner of Microsoft. Microsoft has their own ad network that competes with DoubleClick, so that part actually helps make a case to me that this was not ill-intentioned.

  • Hamhandedness. (Score:5, Insightful)

    by khasim (1285) <brandioch.conner@gmail.com> on Sunday August 19, 2012 @05:18PM (#41048487)

    If you are an enterprise IT manager this is your dream come true.

    Hardly. At the enterprise level there are multiple different ways of handling situations such as this. Which one(s) you choose depends upon how you've organized Active Directory and your network.

    But a different point is that this is an OLD way of phishing. The phisher is publishing the IP addresses that need to be blocked. So, again, at the enterprise level this kind of phishing would not be an issue.

    If a phisher really needed to redirect traffic like that he'd have an easier time just getting the information in the local machine's DNS cache. That way it would never show up in the hosts file which means that it would be that much harder to spot. Then just keep updating the DNS cache.

    So this is the wrong solution to the wrong problem and it is implemented in the wrong way. And it will probably cause more issues in the future as 3rd party developers have to work around not having the hosts file as a reliable option any more.

    Nice way to remove a useful tool that's been around for decades.

  • by snemarch (1086057) on Sunday August 19, 2012 @05:35PM (#41048621)

    Umm, would you use the hosts file if setting up a Windows box for firewall purposes? I think not.

    I actually think not allowing critical things like *.microsoft.com (especially windows update and MSE) being redirected is a good thing - but there should be a Big Fat Popup warning that this is being done, and extending the hosts-removal for things like facebook and doubleclick? That's dubious, to put it mildly.

  • by frovingslosh (582462) on Sunday August 19, 2012 @05:38PM (#41048641)

    From the article, Two of the sites that you can’t block using the hosts file are facebook.com and ad.doubleclick.net

    I started using the hosts file over a decade ago, when I traced crashes that I was having to doubleclick.net. Ad supported software that I was using was receiving files from them, but it was doing a lot more than just displaying the ads (which I would not have objected to). Many users were experiencing this, but the author would not fix it so I and others started blocking the site (which resolved the problem, although the author lost some small amount of revenue).

    More recently I have also started blocking facebook. I never use it, have no account there, but I've noticed an awful lot of network traffic going to and from my site with facebook.com. I'm not even a member, so I don't feel the need for them to track most of the sites that I visit. The hosts file has so far worked very well for this.

    And argument that this feature is in any way for the benefit of the clueless user is bogus. The common way to block a site via the hosts file is to equate it to the IP address 127.0.0.1, which is the local machine. If Microsoft were doing this for the benefit of their users then they would simply look at the hosts file and, if they found redirects for sites that they were concerned about that were not pointed to the local machine, they might well conclude that it was potentially an attempt to hijack a domain name and then, after warning the user (and even asking him) correct the problem. This would even show the user that Microsoft was doing something good for the user for a change. But if the address is redirected to the local machine, the only reasonable conclusion that I can see is that the user wanted it that way (as it provides no attack vector). It took me about 30 seconds to realize that changing 127.0.0.1 redirects was user unfriendly and could easily be avoided if Microsoft were really concerned about their users who paid for the software. They just have to look at the IP address that the hosts file contains and if it is 127.0.0.1 then allow it to stay! Clearly Microsoft realized this too. The only reasonable conclusion is that they are doing this because they have a motive that is against customers interests.

  • by Anonymous Coward on Sunday August 19, 2012 @05:58PM (#41048783)

    Yes but my point is, I will now have to use a firewall to keep Adobe CS_ from phoning home.

  • by LordLimecat (1103839) on Sunday August 19, 2012 @06:07PM (#41048843)

    An IT manager using Hosts is an IT manager that needs to be replaced.

    First, if you are doing your web filtering on the workstation, you are doing it badly, badly wrong. Second, HOSTS is not somethin that is easily maintained or modified. Third, there are about a zillion better ways to accomplish blocking than using a HOSTS file.

    Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.

  • by Jaktar (975138) on Sunday August 19, 2012 @06:12PM (#41048871)

    The answer is simple enough:
    If you're already smart enough to edit the hosts file, you should be smart enough to add hosts to Windows Defender exclusion list.

    Is this a change from the way that things were done in the past? Of course it is. This is how systems become more secure for the average user. Average Joe isn't messing with hosts.

    Chicken Little, the sky is not falling.

  • by cayenne8 (626475) on Sunday August 19, 2012 @06:25PM (#41048939) Homepage Journal

    Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.

    Even allowing for your premise....

    Why on earth would MS destroy a simple, well known behavior that users might indeed have reason to want to use? Why 'fix' something that isn't broken? Why break something that wasn't hurting anything else on the OS?

    No harm in leaving a well known tool and behavior be.....but plenty of reason not to fuck with it, no?

  • by Anonymous Coward on Sunday August 19, 2012 @06:48PM (#41049075)

    This is silly reasoning. "Since I don't have a good reason to use it, nobody else should either."

    I use it to test services that are replacing old services with the same name. It works well as a temporary/quick way of testing. Yes, I could do it in DNS but it would take much longer to vet the change to our DNS servers than my local hosts file. Thankfully, I don't have to worry about this since I don't use Windows.

  • Re:Calm down (Score:5, Insightful)

    by DigiShaman (671371) on Sunday August 19, 2012 @06:56PM (#41049123) Homepage

    Within NTFS permissions, an explicit "Deny" will take priority over an explicit "Allow". Have they even tried flagging the file with deny writes? In theory, that should prevent modifications to the file.

    It's a pain in the ass, but you could always reset the NTFS permissions via ownership and inheritance each time you wanted to make or change an entry to the host file.

  • by AK Marc (707885) on Sunday August 19, 2012 @07:40PM (#41049409)
    If the malware uses the hosts file, then neutering the hosts file helps neuter malware. Or were you just complaining because you wanted to complain, and you didn't bother to think about what you said?
  • by Anonymous Coward on Sunday August 19, 2012 @07:50PM (#41049463)

    If that was the legitimate reason, then the proper course of action would have been to remove the hosts file feature totally (not this half-assed bullshit).

  • by Dunbal (464142) * on Sunday August 19, 2012 @08:36PM (#41049727)
    The smart IT manager realizes that even if employees spend 20 mins or so a day, they are far more productive than the ones fully restricted, locked down and persecuted. Studies have been done. Smart managers read them. Bad managers crack the whip according to arbitrary "productivity" goals that really mean nothing. Then they wonder why employees are always leaving the company and positions are so hard to fill.
  • by Anonymous Coward on Sunday August 19, 2012 @08:44PM (#41049759)

    If there were, malware would modify it in bad ways and all changes would end up being blocked by windows defender.

  • Malware. (Score:5, Insightful)

    by Deathlizard (115856) on Sunday August 19, 2012 @09:19PM (#41049943) Homepage Journal

    the Hosts file is targeted my malware to redirect to malicious sites and to keep under the radar to infect systems after they have been clean. (or even to a locally hosted proxy to infect sites like Facebook) Personally, I've seen facebook and myspace targeted in it. Never seen doubleclick but my guess is doubleclick is a target so that they can redirect to their own profit generating ads, or more malware to attempt to extort money out of people.

    My guess is that the sites defender removes from hosts are sites that have been targeted by malware in the past. Frankly, I'd like to see the list of domains it looks for, but I'm sure that I woudn't want any of them redirected to some scumware site trying to pawn off fake antivirus.

  • by SeaFox (739806) on Sunday August 19, 2012 @09:55PM (#41050137)

    I think what he wants is a firewall system that explicitly cannot be controlled by the operating system without his approval. So if he blocks something he can be assured it will stay blocked regardless of what kind of backroom deals Microsoft makes.

    The most annoying thing about these latest versions of Windows is that there appears to be this new class of user with control that supersedes than the owner of the hardware.

  • by Lime Green Bowler (937876) on Sunday August 19, 2012 @10:20PM (#41050279)
    We use hosts files with shop floor manufacturing software that requires it. It does not function without host entries. You are not the judge of how a hosts file is to be used, and any mindset like yours should not be in IT. You have short sight and low experience in the real world it seems. Any any ass who threatens to "replace" somebody for using a feature that is far from outmoded, or thinks someones methods are "retarded" without benefit of understanding or even offering an alternative is a STFU-and-leave opportunity.
  • by Dynedain (141758) <slashdot2@NOspaM.anthonymclin.com> on Sunday August 19, 2012 @10:31PM (#41050345) Homepage

    no, but dev.realdomain.com might be... and yet I have to overwrite it to simulate on my local machine for development testing. Or perhaps I need to ensure when I load realdomain.com I go directly to a specific IP address instead of the default one that hits the load balancer.

    There's a whole slew of reasons for having a hostsfile (especially for developers) that DNS doesn't solve.

  • by devman (1163205) on Sunday August 19, 2012 @11:13PM (#41050575)
    Malware can easily change the hosts file ...

    Seems like they fixed the wrong problem.
  • by TheRealGrogan (1660825) on Sunday August 19, 2012 @11:45PM (#41050749)

    These people defending MIcrosoft's behaviour are just tools... I wouldn't pay much attention to them. Microsoft can't "kill the hosts file off" because the behaviour is part of the IP specification (defined in the RFC's)

    We expect implementations of the TCP/IP protocol in clients to behave in established ways and Microsoft has no right to change that.

    I make use of the hosts file for various purposes, including getting my forum users set up with hosts file entries to the new server, beforehand, whenever our DNS entries are changing so they can still reach the forum while changes are propagating. THIS is a prime example of why the hosts file still exists and the behaviour should not be fucked with by those assclowns at Microsoft.

    Hosts was never meant to be used for blocking sites, but it works well enough as a consequence and the behaviour should be left alone. Whatever the user puts in there, should work as intended. I don't fucking CARE that it's used for malware. Fight malware in other ways.

  • by rrohbeck (944847) on Sunday August 19, 2012 @11:56PM (#41050811)

    I would only be affected if I used Windows 8, which I don't plan to.

  • by GeniusDex (803759) on Monday August 20, 2012 @02:46AM (#41051643) Homepage

    It is inherentily impossible to build something into an OS which cannot be controller by that OS itself. If you want these really secure firewalls, they should be on a separate appliance and all your traffic should be routed through them.

  • by AmiMoJo (196126) <mojo@woCURIErld3.net minus physicist> on Monday August 20, 2012 @03:36AM (#41051837) Homepage

    You seem to be a bit confused about how Windows works.

    If it is your PC and you are the administrator then yes, you have full control over it. You can set any firewall rules you want and they won't be overwritten by "backroom deals" or anything like that. Hosts was always an unsupported system file hack, and there is a pretty powerful firewall in Windows 7.

    On the other hand if it isn't your computer then the (network) administrator can overrule you with Group Policy Settings. This is exactly the same as on a Linux box if you don't have a root access. Your administrator can decide if you have access to the firewall, or even right down to what types of firewall rule you can make. There really is a huge amount of fine grained control available. Enterprise admins love it.

  • by asdf7890 (1518587) on Monday August 20, 2012 @03:51AM (#41051883)

    then the proper course of action would have been to remove the hosts file feature totally

    IIRC you still need posix compliance (or the ability to claim it such that your claims can not be rubbished too easily) for your OS to be used in many US agencies, and the hosts file is one of the many minor points mentioned in that specification. Presumably that spec says something about having the feature, but does not say anything about effectively disabling it in this way.

  • by TheRaven64 (641858) on Monday August 20, 2012 @04:20AM (#41051993) Journal
    A very small amount of Microsoft's revenue comes from selling ads. Almost all of one of their major competitors' revenue comes from selling ads. It's therefore in their best interests to make ad blocking easy...
  • by AaronLS (1804210) on Monday August 20, 2012 @12:55PM (#41056307)

    There were no backroom deals here. Certain domains are commonly targetted by malware. If malware, or perhaps another user/IT with malicious intent, modifies your hostfile to redirect facebook.com to a phishing site, it will still appear to be at a legitimate domain of facebook.com but actually serving the phishing site. It won't have SSL but your average user won't notice. So you see, it is in the interests of preventing the hosts file from being a tool for malware or malicious users. It is not in the interest of some backroom deal MS made with facebook.

Aren't you glad you're not getting all the government you pay for now?

Working...