Windows 8 Changes Host File Blocking

An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."

Re:So...

[lightknight]

Precisely. It's smells of a bad excuse for some money under the table.

Re:Another reason...

[Bill, Shooter of Bul]

Why is that a dream come true for an enterprise IT manager? You *want* employees to be on facebook? Or are you saying that crazy behavior on the windows platform ensures your job security?

Re:Calm down

[SuricouRaven]

The read-only flag is largely disused. The NTFS permissions are the new one and, oddly enough, it's impossible to write to the hosts file without running as admin and clicking the 'this program wants unrestricted access' dialog. But Microsoft knows just as well as everyone else in IT that to the typical user, that dialog is meaningless: All they know is that clicking yes makes the computer do as it's told.

Re:Another reason...

[burne]

Could you be so kind to post the other reasons?

I have been using UNIX/linux/BSD and odd stuff like BeOS, System 7/8/9, OS X, Solaris/CDE, IRIX etc for 15 years.

Never found a solid reason to use windows, and now you tell me there's more than one reason _not_ to run windows?

That is one alternative reality I must grab..

Re:Another reason...

[Martin Blank]

Considering that the number of systems hit by malware making use of HOST file modifications is far larger than the list of systems using it to block access to sites, the balance of evidence is in favor of what Microsoft is doing. I know some people who have extensive files, but that group is very small. LordLimecat was right: it's a feature from a bygone era that is used more often for harm than for good. Even adding a switch to the functionality (which might well be there in the form of a registry entry) doesn't help because that switch will get flipped by malware.

Sometimes features once useful outlive that usefulness.

Re:Another reason...

[ceoyoyo]

MS sells ads. The biggest use of the HOSTS file is blocking ads. Google wishes they could do this.

Re:Another reason...

[Boaz17]

Crap!

The hole to plug (17 years over do) Is the fact that malware is able to modify the hosts file or flip a registry switch. Not some M$ convoluted notion of spaghetti security. I bet that by itself has holes in it.

Guys be careful an M$ troll making a days pay ...

Free Life
Heart

Re:Another reason...

[Anonymous Coward]

Yup, that's what I use it for too. Changing DNS changes it for everybody, which is what I don't want.

Re:Another reason...

[AK Marc]

I've seen it done by managing the hosts file with a login script. The issue was that two companies merged with separate intranets that had intranet names that overlapped public names. The DNS merge was months away, so hosts allowed employees in both companies to get to both intranets until DNS was set up appropriately. I can't argue it was best. I can only argue that because of business reasons, it was just about the only possible solution (natting could have worked, but it was uglier).

Re:Another reason...

[wolrahnaes]

You didn't understand the question. The question was about servers hosting multiple domains, assumedly in the context of HTTP since most other protocols don't give a fuck about the domain name. To test this properly, you'll need to either edit the HTTP request by hand or convince your machine that so and so server is actually the host you're requesting. The HOSTS file provides a convenient way to do this for those without direct control over their DNS server.

That said, unless your site is in the list of protected domains this is entirely irrelevant, and if it is you are probably running your own internal DNS which allows for as much testing as you'd like.

The sites affected are regularly accessed domains for which malware has historically been known to attack via the HOSTS file. The few users who legitimately need to add these domains to said files can be assumed to be able to figure out how to disable said restriction (though I agree with the idea that MS should have put a note in the file stating that such a thing was occurring) or run their own DNS making this a non-issue.

tl;dr: You interpreted the question wrong, but the question was pointless to begin with.

Re:Another reason...

[VTI9600]

You'll still be able to add your my-cat-fluffys-enterprise-weblog.com and it will still work.

That's unfortunate because, as others have noted, the hosts file "feature" is indeed a relic of a bygone era that should be laid permanently to rest rather than being broken for certain use cases. There seem to be two camps here; the ones that say "leave our beloved feature intact!" and those who say "kill it for the sake of the enterprise!" They are both right -- What MS should do is not break the hosts file or make it behave inconsistently, but replace it with something better.

A Windows service that allows DNS names to be overridden by user request is what is called for here. It could be added as a supported feature ...something that is controlled by group policy and managed through Windows RM to satisfy the enterprise IT folks ...something with a nice UI and possibly new features like pattern matching for the ad-blocking/web-developing user base.

Practically speaking that probably won't happen, as it's always easier to shoot a piece of software in the head than actually improve or replace it...

Re:MSE: Microsoft Screws Everything

[firewrought]

Yeah, this is basically a cack-handed way of fixing malicious hosts redirects.

Every OS does this: starts out with a simple (possibly easy-to-understand) model and evolves to something with more and more layers of cruft. It's called technical debt, and the long-term consequences are that these systems become harder to learn and understand.

Linux is better than Windows in this regard, but open source is by no means immune to crud formation. The maintenance tools for Debian packaging and the GNU Build System [wikipedia.org] come to mind.

Which brings me to my rant: in order to remain viable as a hobbyist OS, Linux should strive to simplify and remove "stupid complexity" that needlessly hinders technical understanding of its internals. I'm not speaking of user-friendliness per se (because that's a term that we use in reference to end users), I'm talking about removing complexity that isn't inherently necessary for the purpose of the system.

Re:Another reason...

[Joe U]

Why 'fix' something that isn't broken?

Because it is broken.

Malware can easily change the hosts file and screw you up, it's really a hole in name resolution security.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Another reason...

[lister king of smeg]

in the case of the host file you could simply require administrator permission. If the malware has admin access you have already lost. And if the malware is affecting the host file currently then the problem is still not in the host file or its implementation it is that the malware is on the system to begin with and the hole it exploited to do so in the first place is what need fixed.