Forgot your password?
typodupeerror
The Internet Windows Technology

Windows 8 Changes Host File Blocking 1030

Posted by samzenpus
from the try-it-like-this dept.
An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."
This discussion has been archived. No new comments can be posted.

Windows 8 Changes Host File Blocking

Comments Filter:
  • Re:So... (Score:5, Interesting)

    by lightknight (213164) on Sunday August 19, 2012 @04:45PM (#41048259) Homepage

    Precisely. It's smells of a bad excuse for some money under the table.

  • Re:Another reason... (Score:5, Interesting)

    by Bill, Shooter of Bul (629286) on Sunday August 19, 2012 @04:46PM (#41048265) Journal

    Why is that a dream come true for an enterprise IT manager? You *want* employees to be on facebook? Or are you saying that crazy behavior on the windows platform ensures your job security?

  • Re:Calm down (Score:5, Interesting)

    by SuricouRaven (1897204) on Sunday August 19, 2012 @05:19PM (#41048501)
    The read-only flag is largely disused. The NTFS permissions are the new one and, oddly enough, it's impossible to write to the hosts file without running as admin and clicking the 'this program wants unrestricted access' dialog. But Microsoft knows just as well as everyone else in IT that to the typical user, that dialog is meaningless: All they know is that clicking yes makes the computer do as it's told.
  • Re:Another reason... (Score:4, Interesting)

    by burne (686114) on Sunday August 19, 2012 @05:26PM (#41048563)

    Could you be so kind to post the other reasons?

    I have been using UNIX/linux/BSD and odd stuff like BeOS, System 7/8/9, OS X, Solaris/CDE, IRIX etc for 15 years.

    Never found a solid reason to use windows, and now you tell me there's more than one reason _not_ to run windows?

    That is one alternative reality I must grab..

  • Re:Another reason... (Score:5, Interesting)

    by Martin Blank (154261) on Sunday August 19, 2012 @06:40PM (#41049037) Journal

    Considering that the number of systems hit by malware making use of HOST file modifications is far larger than the list of systems using it to block access to sites, the balance of evidence is in favor of what Microsoft is doing. I know some people who have extensive files, but that group is very small. LordLimecat was right: it's a feature from a bygone era that is used more often for harm than for good. Even adding a switch to the functionality (which might well be there in the form of a registry entry) doesn't help because that switch will get flipped by malware.

    Sometimes features once useful outlive that usefulness.

  • Re:Another reason... (Score:5, Interesting)

    by ceoyoyo (59147) on Sunday August 19, 2012 @06:54PM (#41049109)

    MS sells ads. The biggest use of the HOSTS file is blocking ads. Google wishes they could do this.

  • Re:Another reason... (Score:3, Interesting)

    by Boaz17 (1318183) on Sunday August 19, 2012 @07:15PM (#41049239) Homepage

    Crap!

    The hole to plug (17 years over do) Is the fact that malware is able to modify the hosts file or flip a registry switch. Not some M$ convoluted notion of spaghetti security. I bet that by itself has holes in it.

    Guys be careful an M$ troll making a days pay ...

    Free Life
    Heart

  • Re:Another reason... (Score:3, Interesting)

    by Anonymous Coward on Sunday August 19, 2012 @07:36PM (#41049393)

    Yup, that's what I use it for too. Changing DNS changes it for everybody, which is what I don't want.

  • Re:Another reason... (Score:5, Interesting)

    by AK Marc (707885) on Sunday August 19, 2012 @07:43PM (#41049427)
    I've seen it done by managing the hosts file with a login script. The issue was that two companies merged with separate intranets that had intranet names that overlapped public names. The DNS merge was months away, so hosts allowed employees in both companies to get to both intranets until DNS was set up appropriately. I can't argue it was best. I can only argue that because of business reasons, it was just about the only possible solution (natting could have worked, but it was uglier).
  • Re:Another reason... (Score:4, Interesting)

    by wolrahnaes (632574) <seanNO@SPAMseanharlow.info> on Sunday August 19, 2012 @08:24PM (#41049667) Homepage Journal

    You didn't understand the question. The question was about servers hosting multiple domains, assumedly in the context of HTTP since most other protocols don't give a fuck about the domain name. To test this properly, you'll need to either edit the HTTP request by hand or convince your machine that so and so server is actually the host you're requesting. The HOSTS file provides a convenient way to do this for those without direct control over their DNS server.

    That said, unless your site is in the list of protected domains this is entirely irrelevant, and if it is you are probably running your own internal DNS which allows for as much testing as you'd like.

    The sites affected are regularly accessed domains for which malware has historically been known to attack via the HOSTS file. The few users who legitimately need to add these domains to said files can be assumed to be able to figure out how to disable said restriction (though I agree with the idea that MS should have put a note in the file stating that such a thing was occurring) or run their own DNS making this a non-issue.

    tl;dr: You interpreted the question wrong, but the question was pointless to begin with.

  • Re:Another reason... (Score:4, Interesting)

    by VTI9600 (1143169) on Sunday August 19, 2012 @08:32PM (#41049711)

    You'll still be able to add your my-cat-fluffys-enterprise-weblog.com and it will still work.

    That's unfortunate because, as others have noted, the hosts file "feature" is indeed a relic of a bygone era that should be laid permanently to rest rather than being broken for certain use cases. There seem to be two camps here; the ones that say "leave our beloved feature intact!" and those who say "kill it for the sake of the enterprise!" They are both right -- What MS should do is not break the hosts file or make it behave inconsistently, but replace it with something better.

    A Windows service that allows DNS names to be overridden by user request is what is called for here. It could be added as a supported feature ...something that is controlled by group policy and managed through Windows RM to satisfy the enterprise IT folks ...something with a nice UI and possibly new features like pattern matching for the ad-blocking/web-developing user base.

    Practically speaking that probably won't happen, as it's always easier to shoot a piece of software in the head than actually improve or replace it...

  • by firewrought (36952) on Sunday August 19, 2012 @08:44PM (#41049757)

    Yeah, this is basically a cack-handed way of fixing malicious hosts redirects.

    Every OS does this: starts out with a simple (possibly easy-to-understand) model and evolves to something with more and more layers of cruft. It's called technical debt, and the long-term consequences are that these systems become harder to learn and understand.

    Linux is better than Windows in this regard, but open source is by no means immune to crud formation. The maintenance tools for Debian packaging and the GNU Build System [wikipedia.org] come to mind.

    Which brings me to my rant: in order to remain viable as a hobbyist OS, Linux should strive to simplify and remove "stupid complexity" that needlessly hinders technical understanding of its internals. I'm not speaking of user-friendliness per se (because that's a term that we use in reference to end users), I'm talking about removing complexity that isn't inherently necessary for the purpose of the system.

  • Re:Another reason... (Score:5, Interesting)

    by Joe U (443617) on Sunday August 19, 2012 @10:47PM (#41050433) Homepage Journal

    Why 'fix' something that isn't broken?

    Because it is broken.

    Malware can easily change the hosts file and screw you up, it's really a hole in name resolution security.

  • Re:Another reason... (Score:5, Interesting)

    by hairyfeet (841228) <bassbeast1968@NOspaM.gmail.com> on Monday August 20, 2012 @12:44AM (#41051107) Journal

    Ask and ye shall receive Comodo Personal Firewall [comodo.com]. Free, easy to use, has sane defaults while at the same time letting you control any in or outbound with any kind of rule you can think up. Personally I'd just take Comodo Internet Security Free as it gives you the AV and Firewall in one, has sandboxing, again a ton of control over the AV, oh and their license makes it free for home AND business use.

    With Windows if you want anything more than the basic you really gotta go third party, that's just the way its always been. I happen to like it that way as it gives me plenty of choices besides whatever MSFT packs in. That said the Win 7 firewall isn't bad, you click on advanced and you can cook up your own rules, not nearly as fine grained as Comodo but for a basic firewall it isn't bad.

  • Re:Another reason... (Score:5, Interesting)

    by lister king of smeg (2481612) on Monday August 20, 2012 @01:43AM (#41051355)

    in the case of the host file you could simply require administrator permission. If the malware has admin access you have already lost. And if the malware is affecting the host file currently then the problem is still not in the host file or its implementation it is that the malware is on the system to begin with and the hole it exploited to do so in the first place is what need fixed.

One picture is worth 128K words.

Working...