Windows 8 Changes Host File Blocking

← Back to Stories (view on slashdot.org)

Windows 8 Changes Host File Blocking

Posted by samzenpus on Sunday August 19, 2012 @08:21AM from the try-it-like-this dept.

An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."

115 of 1,030 comments (clear)

Another reason... by Spritzer · 2012-08-19 08:21 · Score: 5, Insightful

So, after reading the article this can be summarized as "Microsoft gives you one more reason to disable Windows Defender and use a third party AV app."
1. Re:Another reason... by binarylarry · 2012-08-19 08:23 · Score: 5, Insightful
  
  Microsoft gives you one more reason to switch to Mac OSX or Ubuntu.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
2. Re:Another reason... by Anonymous Coward · 2012-08-19 08:29 · Score: 4, Insightful
  
  I completely agree. This is the nail in the Windows coffin for me.
3. Re:Another reason... by ackthpt · 2012-08-19 08:39 · Score: 5, Insightful
  
  I completely agree. This is the nail in the Windows coffin for me.
  If you are an enterprise IT manager this is your dream come true. You're not seeing this from the angle Microsoft is, they count on enterprise income more than they do home users.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
4. Re:Another reason... by Bill,+Shooter+of+Bul · 2012-08-19 08:46 · Score: 5, Interesting
  
  Why is that a dream come true for an enterprise IT manager? You *want* employees to be on facebook? Or are you saying that crazy behavior on the windows platform ensures your job security?
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
5. Re:Another reason... by Anonymous Coward · 2012-08-19 08:50 · Score: 5, Informative
  
  Enterprise customers will block it at using DNS or using Group Policy, not the hosts file.
6. Re:Another reason... by MicroSlut · 2012-08-19 08:51 · Score: 5, Informative
  
  What Enterprise IT Manager is using the Hosts file to block web sites? Enterprises use firewalls. I've been blocking doubleclick at the firewall/proxy level for as long as I can remember.
7. Re:Another reason... by Nerdfest · 2012-08-19 09:12 · Score: 4, Insightful
  
  If they're interested in 'enterprise' (I really hate that word these days), they may want to have a look at what's been happening. Good or bad security-wise, people have been pushing for using their own devices, devices they *like* to use. I think the only thing really stopping it from taking off for tablets and phones is the failure of Rim, Apple, etc, to open their protocols so a business does not need to pick a single type of device. If they ever figure that out, Microsoft is hosed.
8. Re:Another reason... by Samantha+Wright · 2012-08-19 09:22 · Score: 4, Informative
  
  It turns out Windows Defender just prevents certain domains from being added. Disable Windows Defender or use a host name less common than "ad.doubleclick.net" or "facebook.com", and the hosts file works just fine. I'm guessing the idea is to safeguard against phishing and ad-replacement attacks.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
9. Re:Another reason... by burne · 2012-08-19 09:26 · Score: 3, Interesting
  
  Could you be so kind to post the other reasons?
  I have been using UNIX/linux/BSD and odd stuff like BeOS, System 7/8/9, OS X, Solaris/CDE, IRIX etc for 15 years.
  Never found a solid reason to use windows, and now you tell me there's more than one reason _not_ to run windows?
  That is one alternative reality I must grab..
10. Re:Another reason... by snemarch · 2012-08-19 09:35 · Score: 3, Insightful
  
  Umm, would you use the hosts file if setting up a Windows box for firewall purposes? I think not.
  I actually think not allowing critical things like *.microsoft.com (especially windows update and MSE) being redirected is a good thing - but there should be a Big Fat Popup warning that this is being done, and extending the hosts-removal for things like facebook and doubleclick? That's dubious, to put it mildly.
  
  --
  Coffee-driven development.
11. Re:Another reason... by vux984 · 2012-08-19 09:39 · Score: 4, Informative
  
  How can I check a site is up on a server with a certain domain name before I point DNS to it?
  I guess you could add it to the hosts file the way you always did.
  All they did was block redirecting certain high profile domains that were commonly attacked by phishing and url redirection attacks by malware writing to the hostsfile. You'll still be able to add your my-cat-fluffys-enterprise-weblog.com and it will still work.
  Unless you happen to work on small handful of high profile websites that are commonly attacked by phishing/url redirection attacks, nothing has changed.
  If you do happen to work for facebook, and you do happen to use your hosts file to point facebook.com at internal development servers and you happen to use Microsoft's Windows Defender on your development pc, then things got ever so slightly more complicated. You'll probably cope, though.
  if you're an enterprise IT sysadmin, this is a nightmare.
  Yes, a nightmare on the same scale as the Dairy Queen across town being out of my favorite flavor. The horror.
12. Re:Another reason... by Anonymous Coward · 2012-08-19 09:58 · Score: 3, Insightful
  
  Yes but my point is, I will now have to use a firewall to keep Adobe CS_ from phoning home.
13. Re:Another reason... by LordLimecat · 2012-08-19 10:07 · Score: 5, Insightful
  
  An IT manager using Hosts is an IT manager that needs to be replaced.
  First, if you are doing your web filtering on the workstation, you are doing it badly, badly wrong. Second, HOSTS is not somethin that is easily maintained or modified. Third, there are about a zillion better ways to accomplish blocking than using a HOSTS file.
  Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.
14. Re:Another reason... by LordLimecat · 2012-08-19 10:08 · Score: 2
  
  And this move makes sure you will never consider using a Windows-based platform as a small office-firewall,
  And it also guarentees you will never use it as a stapler. Thing is, noone was doing either of those things before, nor will they now.
15. Re:Another reason... by cayenne8 · 2012-08-19 10:25 · Score: 5, Insightful
  
  Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.
  Even allowing for your premise....
  Why on earth would MS destroy a simple, well known behavior that users might indeed have reason to want to use? Why 'fix' something that isn't broken? Why break something that wasn't hurting anything else on the OS?
  No harm in leaving a well known tool and behavior be.....but plenty of reason not to fuck with it, no?
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
16. Re:Another reason... by LordLimecat · 2012-08-19 10:30 · Score: 2
  
  I agree, I just dont think theres anything remotely noteworthy here. If it werent for awful 90s era programs that cant handle DNS, Id say kill the entire thing off and end the stupid "Hosts is a good idea" myth altogether.
17. Re:Another reason... by Martin+Blank · 2012-08-19 10:40 · Score: 5, Interesting
  
  Considering that the number of systems hit by malware making use of HOST file modifications is far larger than the list of systems using it to block access to sites, the balance of evidence is in favor of what Microsoft is doing. I know some people who have extensive files, but that group is very small. LordLimecat was right: it's a feature from a bygone era that is used more often for harm than for good. Even adding a switch to the functionality (which might well be there in the form of a registry entry) doesn't help because that switch will get flipped by malware.
  Sometimes features once useful outlive that usefulness.
  
  --
  You can never go home again... but I guess you can shop there.
18. Re:Another reason... by Anonymous Coward · 2012-08-19 10:48 · Score: 5, Insightful
  
  This is silly reasoning. "Since I don't have a good reason to use it, nobody else should either."
  I use it to test services that are replacing old services with the same name. It works well as a temporary/quick way of testing. Yes, I could do it in DNS but it would take much longer to vet the change to our DNS servers than my local hosts file. Thankfully, I don't have to worry about this since I don't use Windows.
19. Re:Another reason... by ceoyoyo · 2012-08-19 10:54 · Score: 4, Interesting
  
  MS sells ads. The biggest use of the HOSTS file is blocking ads. Google wishes they could do this.
20. Re:Another reason... by DJRumpy · 2012-08-19 10:58 · Score: 2
  
  I'm not sure how smaller companies do it, but I don't know of any decent sized enterprises that rely on a hosts file to restrict access to certain sites.
  That said, this is some really stupid shit from the MS gene pool. Hosts should always take priority and simple visiting a site should never modify hosts as a result.
  That said, I wonder if the old trick of setting 'System' to read only works?
21. Re:Another reason... by garett_spencley · 2012-08-19 11:10 · Score: 4, Informative
  
  I agree that for blocking or for network-wide control using HOSTS is a horrible idea.
  I also realize that the issue apparently here is blocking only.
  But with that said, what about independent developers running their own web application on their machine ? If you're a web developer and you do your coding locally, it makes sense to use your host file to send a domain like dev.example.com to 127.0.0.1.
  Again, I know it looks like Windows 8 won't interfere with that. But it's still an example of a legitimate reason someone might rely on the hosts file, and why it could be a major PITA to have it messed with by the OS. Or is there a better way that I'm missing ? ( (and running your own DNS server, even locally, and especially on a Windows machine, seems way overkill and no where near "better" IMO).
  The problem with HOSTS files were they needed to be synchronized, distributed and maintained. Yes, it's a hold over to pre-DNS. But for a single machine who needs to set up certain private domains locally it seems the best option.
22. Re:Another reason... by Boaz17 · 2012-08-19 11:15 · Score: 3, Interesting
  
  Crap!
  The hole to plug (17 years over do) Is the fact that malware is able to modify the hosts file or flip a registry switch. Not some M$ convoluted notion of spaghetti security. I bet that by itself has holes in it.
  Guys be careful an M$ troll making a days pay ...
  Free Life
  Heart
23. Re:Another reason... by Chris+Mattern · 2012-08-19 11:23 · Score: 2
  
  If you are an enterprise IT manager this is your dream come true.
  Dream? No, nightmare. A machine the can't be configured as desitred and rewrites itself at will has no place in any corporate shop. You don't want the user rewriting the hosts file? That's not unreasonable and you can implement that right now, via policy so it's uniformly implemented. A client unavoidably rewriting itself against management wishes and that behavior can't be changed? Completely unacceptable. With this "feature", Windows 8 will not be installed in any corporate shop; at least not in any with any sort of a clue.
24. Re:Another reason... by TapeCutter · 2012-08-19 11:25 · Score: 2
  
  You just forfieted your geek card, Linux is a kernel.
  No he's ok.
  You OTOH, have just earned the pedant endorsement on yours with that post, congratulation. ;)
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
25. Re:Another reason... by rrohbeck · 2012-08-19 11:35 · Score: 3, Informative
  
  Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.
  Ah, so I should rather set up a DNS server for my 5 machines, rather than have one hosts file that never changes and that I append once after installation?
  
  --
  thegodmovie.com - watch it
26. Re:Another reason... by Anonymous Coward · 2012-08-19 11:36 · Score: 3, Interesting
  
  Yup, that's what I use it for too. Changing DNS changes it for everybody, which is what I don't want.
27. Re:Another reason... by AK+Marc · 2012-08-19 11:43 · Score: 4, Interesting
  
  I've seen it done by managing the hosts file with a login script. The issue was that two companies merged with separate intranets that had intranet names that overlapped public names. The DNS merge was months away, so hosts allowed employees in both companies to get to both intranets until DNS was set up appropriately. I can't argue it was best. I can only argue that because of business reasons, it was just about the only possible solution (natting could have worked, but it was uglier).
  
  --
  Learn to love Alaska
28. Re:Another reason... by AK+Marc · 2012-08-19 11:48 · Score: 4, Funny
  
  Is "laptop3.fakedomain.local" reachable from a root DNS server? No? Then this won't affect you. But if you block adsense.com or whatever, even on a hosts file, you will be affected. The best fix is for someone to start up an ad-blocking DNS server that will block the ones people want blocked, and if you want to use it, you point your computers to it. The problem is, it'll be ad supported from the DNS errors, causing the heads of all the users to explode.
  
  --
  Learn to love Alaska
29. Re:Another reason... by Anonymous Coward · 2012-08-19 11:50 · Score: 4, Insightful
  
  If that was the legitimate reason, then the proper course of action would have been to remove the hosts file feature totally (not this half-assed bullshit).
30. Re:Another reason... by AK+Marc · 2012-08-19 11:55 · Score: 2
  
  How can I check a site is up on a server with a certain domain name before I point DNS to it?
  It's not a nightmare if you are competent. nslookup to 4.2.2.2 and get the current IP for the host in question (bypasses your hosts and DNS settings). Then ping the IP (doesn't use hosts or DNS).
  
  If you don't have that stored in your head, you aren't a competent admin. Though I can't count the number of times I used nslookup, only to have the person looking over my shoulder mention he's never seen it before. So the number of competent admins is likely very small.
  
  --
  Learn to love Alaska
31. Re:Another reason... by zoloto · 2012-08-19 11:58 · Score: 2
  
  Frankly, I wish there were an iptables windows clone.
32. Re:Another reason... by wolrahnaes · 2012-08-19 12:24 · Score: 3, Interesting
  
  You didn't understand the question. The question was about servers hosting multiple domains, assumedly in the context of HTTP since most other protocols don't give a fuck about the domain name. To test this properly, you'll need to either edit the HTTP request by hand or convince your machine that so and so server is actually the host you're requesting. The HOSTS file provides a convenient way to do this for those without direct control over their DNS server.
  That said, unless your site is in the list of protected domains this is entirely irrelevant, and if it is you are probably running your own internal DNS which allows for as much testing as you'd like.
  The sites affected are regularly accessed domains for which malware has historically been known to attack via the HOSTS file. The few users who legitimately need to add these domains to said files can be assumed to be able to figure out how to disable said restriction (though I agree with the idea that MS should have put a note in the file stating that such a thing was occurring) or run their own DNS making this a non-issue.
  tl;dr: You interpreted the question wrong, but the question was pointless to begin with.
  
  --
  I used to get high on life, but I developed a tolerance. Now I need something stronger.
33. Re:Another reason... by VTI9600 · 2012-08-19 12:32 · Score: 3, Interesting
  
  You'll still be able to add your my-cat-fluffys-enterprise-weblog.com and it will still work.
  That's unfortunate because, as others have noted, the hosts file "feature" is indeed a relic of a bygone era that should be laid permanently to rest rather than being broken for certain use cases. There seem to be two camps here; the ones that say "leave our beloved feature intact!" and those who say "kill it for the sake of the enterprise!" They are both right -- What MS should do is not break the hosts file or make it behave inconsistently, but replace it with something better.
  A Windows service that allows DNS names to be overridden by user request is what is called for here. It could be added as a supported feature ...something that is controlled by group policy and managed through Windows RM to satisfy the enterprise IT folks ...something with a nice UI and possibly new features like pattern matching for the ad-blocking/web-developing user base.
  Practically speaking that probably won't happen, as it's always easier to shoot a piece of software in the head than actually improve or replace it...
34. Re:Another reason... by Dunbal · 2012-08-19 12:33 · Score: 2
  
  Windows 8 = Windows Hate.
  
  --
  Seven puppies were harmed during the making of this post.
35. Re:Another reason... by Dunbal · 2012-08-19 12:36 · Score: 5, Insightful
  
  The smart IT manager realizes that even if employees spend 20 mins or so a day, they are far more productive than the ones fully restricted, locked down and persecuted. Studies have been done. Smart managers read them. Bad managers crack the whip according to arbitrary "productivity" goals that really mean nothing. Then they wonder why employees are always leaving the company and positions are so hard to fill.
  
  --
  Seven puppies were harmed during the making of this post.
36. Re:Another reason... by Anonymous Coward · 2012-08-19 12:44 · Score: 2, Insightful
  
  If there were, malware would modify it in bad ways and all changes would end up being blocked by windows defender.
37. Re:Another reason... by DarwinSurvivor · 2012-08-19 12:54 · Score: 3, Funny
  
  Find me an employee that spends "20 minutes a day" on Facebook, and I'll show you an employee that is better at hiding the other 3 hours they spent on Facebook than you are at detecting it.
38. Re:Another reason... by X0563511 · 2012-08-19 13:38 · Score: 4, Informative
  
  Have you seen the firewall that comes with the Windows 7 generation? It's no iptables, but it can do the job now.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
39. Re:Another reason... by X0563511 · 2012-08-19 13:40 · Score: 2
  
  So, how is one supposed to test moving a host around without fucking about with the DNS server now, too?
  Used to be I could just stick overrides in HOSTS for the reported nameservers or whatnot and browse/use the host normally, to confirm it works before throwing the switch at the registrar.
  What, are we supposed to ask IT to temporarily modify zones that aren't even in their zone of authority now? Or are we just supposed to throw the switch and see what happens?
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
40. Re:Another reason... by SeaFox · 2012-08-19 13:55 · Score: 5, Insightful
  
  I think what he wants is a firewall system that explicitly cannot be controlled by the operating system without his approval. So if he blocks something he can be assured it will stay blocked regardless of what kind of backroom deals Microsoft makes.
  The most annoying thing about these latest versions of Windows is that there appears to be this new class of user with control that supersedes than the owner of the hardware.
41. Re:Another reason... by Dunbal · 2012-08-19 14:19 · Score: 2
  
  Irrelevant if the work gets done and employee satisfaction is high. Staring idly at a monitor is not productivity.
  
  --
  Seven puppies were harmed during the making of this post.
42. Re:Another reason... by mjwx · 2012-08-19 14:19 · Score: 2
  
  Enterprise customers will block it at using DNS or using Group Policy, not the hosts file.
  Actually we'll block it at the firewall as you can override group policy or DNS easily enough (the hosts file was the perfect way to get around a lot of DNS blocks).
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
43. Re:Another reason... by Lime+Green+Bowler · 2012-08-19 14:20 · Score: 5, Insightful
  
  We use hosts files with shop floor manufacturing software that requires it. It does not function without host entries. You are not the judge of how a hosts file is to be used, and any mindset like yours should not be in IT. You have short sight and low experience in the real world it seems. Any any ass who threatens to "replace" somebody for using a feature that is far from outmoded, or thinks someones methods are "retarded" without benefit of understanding or even offering an alternative is a STFU-and-leave opportunity.
44. Re:Another reason... by Dynedain · 2012-08-19 14:31 · Score: 5, Insightful
  
  no, but dev.realdomain.com might be... and yet I have to overwrite it to simulate on my local machine for development testing. Or perhaps I need to ensure when I load realdomain.com I go directly to a specific IP address instead of the default one that hits the load balancer.
  There's a whole slew of reasons for having a hostsfile (especially for developers) that DNS doesn't solve.
  
  --
  I'm out of my mind right now, but feel free to leave a message.....
45. Re:Another reason... by Joe+U · 2012-08-19 14:47 · Score: 4, Interesting
  
  Why 'fix' something that isn't broken?
  Because it is broken.
  Malware can easily change the hosts file and screw you up, it's really a hole in name resolution security.
46. Re:Another reason... by hobarrera · 2012-08-19 14:54 · Score: 4, Informative
  
  iptables? Really? Have you even tried OpenBSD's pf? That's a powerfull yet easy-to-use firewall!
47. Re:Another reason... by devman · 2012-08-19 15:13 · Score: 4, Insightful
  
  Malware can easily change the hosts file ...
  
  Seems like they fixed the wrong problem.
48. Re:Another reason... by Anonymous Coward · 2012-08-19 15:32 · Score: 5, Funny
  
  I use it to stop Mom from reading my blog.
  As far as she is aware my "awful site" as been offline since May.
49. Re:Another reason... by TheRealGrogan · 2012-08-19 15:45 · Score: 3, Insightful
  
  These people defending MIcrosoft's behaviour are just tools... I wouldn't pay much attention to them. Microsoft can't "kill the hosts file off" because the behaviour is part of the IP specification (defined in the RFC's)
  We expect implementations of the TCP/IP protocol in clients to behave in established ways and Microsoft has no right to change that.
  I make use of the hosts file for various purposes, including getting my forum users set up with hosts file entries to the new server, beforehand, whenever our DNS entries are changing so they can still reach the forum while changes are propagating. THIS is a prime example of why the hosts file still exists and the behaviour should not be fucked with by those assclowns at Microsoft.
  Hosts was never meant to be used for blocking sites, but it works well enough as a consequence and the behaviour should be left alone. Whatever the user puts in there, should work as intended. I don't fucking CARE that it's used for malware. Fight malware in other ways.
50. Re:Another reason... by rrohbeck · 2012-08-19 15:56 · Score: 4, Insightful
  
  I would only be affected if I used Windows 8, which I don't plan to.
  
  --
  thegodmovie.com - watch it
51. Re:Another reason... by hairyfeet · 2012-08-19 16:16 · Score: 4, Informative
  
  Surely you've got an old PC laying around yes? there are several free DNS servers that run on Linux and Windows, just use one of those and block anything you want blocked there. As a bonus a recursive DNS will speed up your web browsing as you aren't needing to call DNS for anyplace you've already been since you have your own DNS on the LAN, easy peasy.
  Hell if you are worried about power you can buy one of those little plug computers or my personal favorite the little cheap E350 AMD kits. Those things are cheap, make great mini-servers or office boxes, only draw about 18w under load and less than 6w on average, great little units. Newegg usually has them the cheapest if you want one.
  As for TFA if anybody didn't doubt that MSFT is expecting businesses and users with a brain to stay with Win 7 hopefully this will be your wakeup call. Hell frankly i wouldn't be surprised if MSFT takes an LTS approach to businesses because as we know businesses simply don't jump on the upgrade wagon like consumers so they can have 7 for business, 8 and 9 for consumers, 10 for business, etc. That would give business users around 7 years an OS which would be just about perfect now that PCs are lasting so much longer and the consumers can be the beta testers just like Fedora is used by RH.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
52. Re:Another reason... by hairyfeet · 2012-08-19 16:44 · Score: 4, Interesting
  
  Ask and ye shall receive Comodo Personal Firewall. Free, easy to use, has sane defaults while at the same time letting you control any in or outbound with any kind of rule you can think up. Personally I'd just take Comodo Internet Security Free as it gives you the AV and Firewall in one, has sandboxing, again a ton of control over the AV, oh and their license makes it free for home AND business use.
  With Windows if you want anything more than the basic you really gotta go third party, that's just the way its always been. I happen to like it that way as it gives me plenty of choices besides whatever MSFT packs in. That said the Win 7 firewall isn't bad, you click on advanced and you can cook up your own rules, not nearly as fine grained as Comodo but for a basic firewall it isn't bad.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
53. Re:Another reason... by Sfing_ter · 2012-08-19 17:36 · Score: 2
  
  No, he didn't, Microsoft says it OVER AND OVER again. Like in 1999, when they were shilling exchange to sysadmins and consultants so "you can bill more hours"
  
  --
  A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
54. Re:Another reason... by lister+king+of+smeg · 2012-08-19 17:43 · Score: 4, Interesting
  
  in the case of the host file you could simply require administrator permission. If the malware has admin access you have already lost. And if the malware is affecting the host file currently then the problem is still not in the host file or its implementation it is that the malware is on the system to begin with and the hole it exploited to do so in the first place is what need fixed.
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
55. Re:Another reason... by GeniusDex · 2012-08-19 18:46 · Score: 5, Insightful
  
  It is inherentily impossible to build something into an OS which cannot be controller by that OS itself. If you want these really secure firewalls, they should be on a separate appliance and all your traffic should be routed through them.
56. Re:Another reason... by AmiMoJo · 2012-08-19 19:36 · Score: 4, Insightful
  
  You seem to be a bit confused about how Windows works.
  If it is your PC and you are the administrator then yes, you have full control over it. You can set any firewall rules you want and they won't be overwritten by "backroom deals" or anything like that. Hosts was always an unsupported system file hack, and there is a pretty powerful firewall in Windows 7.
  On the other hand if it isn't your computer then the (network) administrator can overrule you with Group Policy Settings. This is exactly the same as on a Linux box if you don't have a root access. Your administrator can decide if you have access to the firewall, or even right down to what types of firewall rule you can make. There really is a huge amount of fine grained control available. Enterprise admins love it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
57. Re:Another reason... by 1u3hr · 2012-08-19 19:46 · Score: 2
  
  Why on earth would MS destroy a simple, well known behavior that users might indeed have reason to want to use? Why 'fix' something that isn't broken? Why break something that wasn't hurting anything else on the OS?
  The motivation was probably not to stop you blocking ads, but to stop malware creating DNS entries so they could send you to their site instead of the the intended one.
  The annoying thing is that rewriting the hosts file just happens silently, instead of asking the user if this was what he wanted to do. If there were malicious DNS entries, I think I'd like to know, it's a symptom of something very bad going on.
58. Re:Another reason... by asdf7890 · 2012-08-19 19:51 · Score: 4, Insightful
  
  then the proper course of action would have been to remove the hosts file feature totally
  IIRC you still need posix compliance (or the ability to claim it such that your claims can not be rubbished too easily) for your OS to be used in many US agencies, and the hosts file is one of the many minor points mentioned in that specification. Presumably that spec says something about having the feature, but does not say anything about effectively disabling it in this way.
59. Re:Another reason... by TheRaven64 · 2012-08-19 20:20 · Score: 5, Insightful
  
  A very small amount of Microsoft's revenue comes from selling ads. Almost all of one of their major competitors' revenue comes from selling ads. It's therefore in their best interests to make ad blocking easy...
  
  --
  I am TheRaven on Soylent News
60. Re:Another reason... by TheBogBrushZone · 2012-08-19 20:25 · Score: 2
  
  I suspect the most popular use for hosts is actually to stop pirate software *cough*Photoshop*cough* from dialling home.
  
  --
  And behold, a command prompt and he who sat upon it, his name was shutdown and -h 3:11 followed with him
61. Re:Another reason... by Anonymous Coward · 2012-08-19 20:44 · Score: 5, Informative
  
  Hell if you are worried about power you can buy one of those little plug computers or my personal favorite the little cheap E350 AMD kits. Those things are cheap, make great mini-servers or office boxes, only draw about 18w under load and less than 6w on average, great little units
  Seconded, however you'd best steer clear of the Asus and Asrock boards if you plan on doing anything with the PCI slots on those boards. They all use the ASMedia 1083 pci bridge, which happens to be broken beyond belief. See here and here. TL;DR: the controller has a hardware bug where it fails to deassert its interrupt status, causing IRQ storms which effectively makes connected devices useless.
62. Re:Another reason... by azalin · 2012-08-19 21:33 · Score: 2
  
  Your reasoning does not comply with MS bashing guidelines. Please refrain from using your brain so often.
63. Re:Another reason... by oreaq · 2012-08-19 21:45 · Score: 5, Informative
  
  Hosts was always an unsupported system file hack
  Where do you get this idea from? Hosts files are a common part of the IP stack of various operating systems. Microsoft has been using hosts files at least since Windows 95. They are fully supported and documented.
64. Re:Another reason... by TCM · 2012-08-19 21:46 · Score: 4, Informative
  
  I make use of the hosts file for various purposes, including getting my forum users set up with hosts file entries to the new server, beforehand, whenever our DNS entries are changing so they can still reach the forum while changes are propagating. THIS is a prime example of why the hosts file still exists and the behaviour should not be fucked with by those assclowns at Microsoft.
  No, it's a prime example of a bad IT person. If you had any clue about what you're doing, you'd lower the TTL prior to making the change, then make the change, then change the TTL back to normal.
  Expecting random clients to modify their config to compensate for your incompetence is just dumb.
  
  --
  Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
65. Re:Another reason... by godefroi · 2012-08-20 02:58 · Score: 2
  
  I think he meant the technique of redirecting certain names to (f.e.) 127.0.0.1 using the hosts file as an ad-blocking tool was an unsupported hack. The original purpose of the hosts file certainly didn't include ad-blocking, but to say "unsupported" is a stretch.
  
  --
  Karma: Poor (Mostly affected by lame karma-joke sigs)
66. Re:Another reason... by AaronLS · 2012-08-20 04:46 · Score: 2
  
  I agree completely. I don't know what these guys have been smoking that they think they should be configuring each desktop when they should be doing it in their infrastructure. Linux or Windows, if you have physical access to the machine, you can do as you please with enough perseverance. If you're not putting these rules into your firewall/network infrastructure, anyone can plug their laptop into a wall, spoof their desktop's MAC, and do as they please as well.
  The hosts file was never meant for implementing IT policies like this. There is a legitimate reason they have made this change. There are plenty of viruses that will modify the host file as a way to block internet access in order to disable anti virus updates or downloads of targeted removal software. For the 1% of us that really know our stuff, we fix this manually, but for the other 99% they sit there with an infected computer for maybe a week or more before they find someone to fix it, all the while their computer is doing the bidding of the malware, spreading or participating in a botnet.
  If anything I would expect them to at least popup a notification whenever the host file is modified, and provide an option to opt-out.
67. Re:Another reason... by AaronLS · 2012-08-20 04:55 · Score: 3, Insightful
  
  There were no backroom deals here. Certain domains are commonly targetted by malware. If malware, or perhaps another user/IT with malicious intent, modifies your hostfile to redirect facebook.com to a phishing site, it will still appear to be at a legitimate domain of facebook.com but actually serving the phishing site. It won't have SSL but your average user won't notice. So you see, it is in the interests of preventing the hosts file from being a tool for malware or malicious users. It is not in the interest of some backroom deal MS made with facebook.
68. Re:Another reason... by Cederic · 2012-08-20 05:21 · Score: 2
  
  While you're entirely correct about the legitimate purpose of this change, it does open the door to Microsoft assuring that doubleclick.net or equivalents aren't set in hosts to 127.0.0.1
  You don't have to work with Microsoft for very long to realise that actually, yes, this is something they would consider.
69. Re:Another reason... by ancientt · 2012-08-20 13:41 · Score: 2
  
  I agree that Windows does have a better firewall than it used to, but saying it is no iptables is an understatement. Blocking incoming traffic is important and blocking outgoing traffic is important but the important thing for me about iptables is the ability to redirect traffic. I redirect traffic coming in on 80 to a completely different machine (or not if it isn't up) and capture outbound DNS and redirect it to my own server. I can do port-knocking to open up ftp, telnet or ssh to only friendly users and turn the rest away. My favorite trick right now is a monitor that looks at my logs and adds the IPs of hacking attempts to a block everything list that is dynamically updated. I write my own tools to some degree, but there are tools to do that reactive blocking automatically that I utilize as well.That the job I want and the Windows firewall is a far cry from capable in that regard.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
So... by Anonymous Coward · 2012-08-19 08:24 · Score: 5, Insightful

Just add the hosts file to the Defender's white list. If you know how to edit the hosts file, you should know how to add it to the white list.
Otherwise, who says the edits to that file were not malicious.
1. Re:So... by lightknight · 2012-08-19 08:45 · Score: 4, Interesting
  
  Precisely. It's smells of a bad excuse for some money under the table.
  
  --
  I am John Hurt.
2. Re:So... by scrib · 2012-08-19 09:28 · Score: 4, Informative
  
  How about this: Windows Defender removes from the hosts file references to well-known and often accessed sites that could be redirected by malware for nefarious purposes?
  I might not want to visit ad.doubleclick.net but I certainly don't want it redirected to some other unknown IP address! Many, many, MANY websites I visit try to pull up links in that domain.
  Perhaps they should make an exception for localhost references, but considering how much of the general population knows about hosts files, I'm inclined to side with GP. Odds are very high that on most machines running Windows Defenders, a redirected ad.doubleclick.net reference is malicious.
  
  --
  Help! Help! I'm being repressed!
3. Re:So... by Darkness404 · 2012-08-19 09:45 · Score: 2
  
  Switch to the better Linux distribution. It is unlikely (unless you are writing low level programs) that you will ever have a problem with changes made in the Linux kernel. The biggest problems with Linux distribution are all the UI changes (such as GNOME 3 and Unity). For example, I switched from Vista on my machines to Ubuntu because it took me about 30 minutes to configure a generic Ubuntu install to one that fit my preferences, it took me a good 3-4 hours to configure a Vista install to one that fit my preferences because they system would fight me all the way. A couple of years ago, Ubuntu made a bunch of stupid changes which meant that configuring a new install would take me a good 3-4 hours to configure, configuring a Debian install took only about 30 minutes. Eventually my Debian install became out of date and it made more sense to go to Linux Mint rather than spend 3-4 hours configuring and updating Debian, etc.
  
  --
  Taxation is legalized theft, no more, no less.
4. Re:So... by aaarrrgggh · 2012-08-19 09:56 · Score: 2
  
  Every web page you visit (practically) has an ad.doubleclick reference. Could be a pretty effective attack vector to spoof them. But, clearly preventing someone from doing this through hosts would not eliminate the ability to do it.
5. Re:So... by LordLimecat · 2012-08-19 10:10 · Score: 4, Informative
  
  IIRC doubleclick is Google. Are you seriously implying that MS is in some sort of conspiracy to give more money to Google?
  Stop and think about that for a second, then get back to us once you remove the tinfoil hat.
6. Re:So... by Kjella · 2012-08-19 11:17 · Score: 2
  
  Stop and think about that for a second, then get back to us once you remove the tinfoil hat.
  Aha, it's a conspiracy to make me remove my tinfoil hat!
  
  --
  Live today, because you never know what tomorrow brings
7. Re:So... by DeathFromSomewhere · 2012-08-19 16:05 · Score: 2
  
  The article may have made a reference to Doubleclick but do you really think Microsoft doesn't have equivalents?
  They do have an equivalent. It's called aQuantive. They just wrote it off a month ago.
  
  When was the last time Microsoft made a decision that did not effect the "bottom line" ?
  Never. Everything AFFECTS the bottom line in some way.
  
  Windows is deployed on at least hundreds of millions of machines world wide, if Microsoft got these ad companies together and told them they could "fix" people trying to block their servers ads you think they would pony up a couple bucks?
  
  More likely they would whine to the media and cause a shitstorm. As if people adding doubleclick to their hosts file was ever a major problem in the first place. I'll go out on a limb here and say that browser adblockers are vastly more common.
  
  --
  -1 overrated isn't the same thing as "I disagree".
How will APK react to this? by metrix007 · 2012-08-19 08:24 · Score: 5, Funny

APK's sole existence seems to be reliant on advocating the hosts file as a means of host filtering, despite more modern, flexible, easier, convenient and powerful alternatives existing.
How will APK stay relevant with the demise of the hosts file in Windows 8? Stay tuned....

--
If you ignore ACs because they are anonymous - you're an idiot.
Calm down by Anonymous Coward · 2012-08-19 08:26 · Score: 5, Informative

Before everyone gets all excited... the article has already been updated with the fact that this is a feature of “windows defender” (and imo a reasonable one) and can be disabled.
The hosts file is popular for blocking sites, but also popular for redirecting to phishing sites as well. This seems like a very ineffective way of solving that problem, but at least it doesn’t look like there is some evil malicious intent..
In other news, running certain anti-virus products will prevent you from writing to the boot sector while they are running
1. Re:Calm down by Anonymous Coward · 2012-08-19 08:51 · Score: 2, Insightful
  
  Linux isn't an operating system, just a kernel. Fedora 17 is an operating system. Windows is an operating system. All of windows is developed and produced by microsoft.
  I think the point you were tryign to make is that its an optional part of windows.
2. Re:Calm down by jedidiah · 2012-08-19 08:51 · Score: 4, Informative
  
  Linux is not owned by a single entity like Windows is.
  Windows is what MIcrosoft says it is because they own it and they can do anything they like with it. If you're offended, your only alternatives are to "hack it" or abandon it.
  There isn't some other pre-packaged variant of Windows you can switch to.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
3. Re:Calm down by khasim · 2012-08-19 08:52 · Score: 5, Insightful
  
  This seems like a very ineffective way of solving that problem, but at least it doesnâ(TM)t look like there is some evil malicious intent..
  Considering that one of the sites they are unblocking is ad.doubleclick.net (which is often blocked because the user wants it blocked) then Microsoft is taking away an option from the user.
  What will be interesting will be when someone compiles a list of the sites that will be unblocked ... and finds how many BANKS will still be subject to phishing like this ... but ad.doubleclick.net will be protected.
  This is a stupid move by Microsoft done in a stupid fashion.
4. Re:Calm down by mrnobo1024 · 2012-08-19 08:54 · Score: 5, Insightful
  
  The hosts file can only be modified by administrators. Any additional protection is useless because if malware has gotten itself running as administrator, it can just kill or modify windows defender anyway.
5. Re:Calm down by Firehed · 2012-08-19 08:57 · Score: 4, Insightful
  
  Yes, but among the vast majority of users (i.e., not Slashdot readers), the hosts file is an attack vector rather than an adblocker or development tool. All of that security training people should receive around double-checking what's in the address bar goes out the window when the hosts file has been compromised.
  It sounds like MS's security tools have been a bit overzealous in trying to protect this file and can't determine what's a legitimate versus non-legit edit. But it's better to err on the side of being more rather than less secure here, especially with the amount of damage a maliciously-edited hosts file can do.
  Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out. There should be a tool that can edit, save, and sign the hosts file to make this distinction, not entirely unlike visudo - and all operating systems should have something similar. My Cisco VPN client straight-up replaces my hosts file every time I connect, and while I was able to find and update the file it uses to make that less annoying (I have hosts for a lot of VMs in there), the fact that a non-privileged application can do that is quite scary.
  
  --
  How are sites slashdotted when nobody reads TFAs?
6. Re:Calm down by techno-vampire · 2012-08-19 09:12 · Score: 5, Insightful
  
  Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out.
  
  No, it's Microsoft being stupid and ignoring its own security. If a non-privileged program is permitted to ignore the fact that a file is set to be Read-Only, you have absolutely no protection against malicious code changing anything it wants. All it has to do is infect Windows Defender and it can do anything it wants. If I were still a Windows user, I'd be very reluctant to trust Windows 8 at this point because of this obvious lack of common sense in how it handles this.
  
  --
  Good, inexpensive web hosting
7. Re:Calm down by SuricouRaven · 2012-08-19 09:19 · Score: 4, Interesting
  
  The read-only flag is largely disused. The NTFS permissions are the new one and, oddly enough, it's impossible to write to the hosts file without running as admin and clicking the 'this program wants unrestricted access' dialog. But Microsoft knows just as well as everyone else in IT that to the typical user, that dialog is meaningless: All they know is that clicking yes makes the computer do as it's told.
8. Re:Calm down by LordLimecat · 2012-08-19 10:14 · Score: 2
  
  If a non-privileged program is permitted to ignore the fact that a file is set to be Read-Only, you have absolutely no protection against malicious code changing anything it wants.
  
  Im going to go out on a limb and say you have no idea what youre talking about-- primarily because you seem to think that Windows Defender is non-privileged. It would be a pretty sorry anti-malware / virus software that ran in user-mode.
  Im going to go further out on a limb here and say that Defender probably runs with System rights, and can do pretty much whatever it wants from a OS security perspective.
9. Re:Calm down by DigiShaman · 2012-08-19 10:56 · Score: 5, Insightful
  
  Within NTFS permissions, an explicit "Deny" will take priority over an explicit "Allow". Have they even tried flagging the file with deny writes? In theory, that should prevent modifications to the file.
  It's a pain in the ass, but you could always reset the NTFS permissions via ownership and inheritance each time you wanted to make or change an entry to the host file.
  
  --
  Life is not for the lazy.
10. Re:Calm down by cbiltcliffe · 2012-08-19 13:55 · Score: 2
  
  Not using Windows is irrelevant.
  Any security software, by definition, and regardless of operating system, has to have access to the entire system, ergo, needs system rights.
  The fact that you missed this has nothing to do with your lack of Windows knowledge, and everything to do with your lack of security knowledge.
  I'd say that's quite the limb, after all.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
11. Re:Calm down by SuricouRaven · 2012-08-19 23:16 · Score: 2
  
  Easily done, but then the malware would simply change the permissions on the host. Or right now, it might disable windows defender. Any account in the administrators group can do that. The problem is that, due to legacy issues, Microsoft is doing it's permissions backwards: Rather than making it possible to provide non-administrator users with more granular access, they are instead having to find ways to restrict what the administrator account can do.
This makes sense... for (most) Windows users by Anonymous Coward · 2012-08-19 08:28 · Score: 5, Insightful

As comments in the article point out, this behavior can be turned off by going to the Windows Defender settings... But by and large this make sense for 95% of Windows users as they will have NO clue about the hosts file, and even less of a clue if it has been modified for a phising attack. Nice to see microsoft take another step forward in protecting the blindingly ignorant and inept.
1. Re:This makes sense... for (most) Windows users by lowlymarine · 2012-08-19 08:32 · Score: 5, Insightful
  
  Exactly, this is a perfectly reasonable anti-phishing measure that can be easily disabled, as is clearly explained in the linked article. But hey, we can't have any such pesky facts sneak into a /. summary, it might stymie some good old-fashioned MS bashing.
2. Re:This makes sense... for (most) Windows users by VortexCortex · 2012-08-19 09:00 · Score: 2
  
  As comments in the article point out, this behavior can be turned off by going to the Windows Defender settings... Nice to see microsoft take another step forward in protecting the blindingly ignorant and inept.
  No, a step forward would be requiring administrator rights to write to the file, and then ensuring admin access is granted only when actually needed. Please, understand this: If you've got software modifying your hosts file, then Windows Defender hasn't done its job and you've got much bigger problems already.
3. Re:This makes sense... for (most) Windows users by Firehed · 2012-08-19 09:01 · Score: 2
  
  Prompting users to make security decisions means you have less security. If Defender prompted you every time it was blocking a write to a sensitive/monitored file, most people (the ones that really need the extra security software) would be inundated with requests eventually causing them to hit allow every time just to make the dialog boxes go away.
  There should be a comment in the hosts file indicating how to opt-out of this behavior, but I think what Microsoft has done here is both reasonable and a good security decision. People doing local dev work (myself included, although I don't do web development on Windows) would see the comment and how to disable things, and the rest of the world would have a secure, non-compromised hosts file - as they should.
  
  --
  How are sites slashdotted when nobody reads TFAs?
4. Re:This makes sense... for (most) Windows users by wolrahnaes · 2012-08-19 09:13 · Score: 2
  
  It seems to make sense. Inject your own ads in place of one of the most popular ad networks. Any other content you want to bundle along with those ads you can as well of course.
  
  --
  I used to get high on life, but I developed a tolerance. Now I need something stronger.
5. Re:This makes sense... for (most) Windows users by wolrahnaes · 2012-08-19 09:16 · Score: 4, Insightful
  
  But it also does this for Doubleclick, which sounds more like someone sucking up to their corporate partners.
  You do realize who owns DoubleClick, right? Google. Not exactly a partner of Microsoft. Microsoft has their own ad network that competes with DoubleClick, so that part actually helps make a case to me that this was not ill-intentioned.
  
  --
  I used to get high on life, but I developed a tolerance. Now I need something stronger.
Adobe's Activation Servers by Anonymous Coward · 2012-08-19 08:33 · Score: 5, Funny

Prepare them for the shitstorm.
Bad/lazy programming by bobbutts · 2012-08-19 08:33 · Score: 2

This seems like one of those situations where someone didn't think of the potential side effects. The goal was to fix some attack on specific sites, but the solution failed to consider that the mere presence of entries like Facebook is not enough to determine of the entry is in fact malicious and/or unintended. Security and expected behavior is compromised in too high a number of situations to use this software imo.
MSE: Microsoft Screws Everything by Blue+Stone · 2012-08-19 08:39 · Score: 4, Insightful

Yeah, this is basically a cack-handed way of fixing malicious hosts redirects.
It'll prevent malicious programmes from sending you to fake Facebook, but at the expense of entirely overriding any preferences YOU as tthe computer owner might wish to make via the Hosts file.
It's a staggering level of incompetence that this is their solution. It needs to be changed and they need to find either another way of solving it or allow some form of granulation and user input.

--
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
1. Re:MSE: Microsoft Screws Everything by SuricouRaven · 2012-08-19 09:21 · Score: 2
  
  It'll break some existing malware. It'll take the authors a week or so to adapt, and then a few more weeks for the scammers to deploy patches. Doesn't seem worth the effort, really.
2. Re:MSE: Microsoft Screws Everything by LordLimecat · 2012-08-19 10:21 · Score: 2
  
  If anyone is considering trying this, I highly recommend you leave SYSTEM read privileges in there if you want it to continue to work.
3. Re:MSE: Microsoft Screws Everything by firewrought · 2012-08-19 12:44 · Score: 3, Interesting
  
  Yeah, this is basically a cack-handed way of fixing malicious hosts redirects.
  Every OS does this: starts out with a simple (possibly easy-to-understand) model and evolves to something with more and more layers of cruft. It's called technical debt, and the long-term consequences are that these systems become harder to learn and understand.
  Linux is better than Windows in this regard, but open source is by no means immune to crud formation. The maintenance tools for Debian packaging and the GNU Build System come to mind.
  Which brings me to my rant: in order to remain viable as a hobbyist OS, Linux should strive to simplify and remove "stupid complexity" that needlessly hinders technical understanding of its internals. I'm not speaking of user-friendliness per se (because that's a term that we use in reference to end users), I'm talking about removing complexity that isn't inherently necessary for the purpose of the system.
  
  --
  -1, Too Many Layers Of Abstraction
Where do WE want you to go to today? by nurb432 · 2012-08-19 08:39 · Score: 4, Insightful

Hope you enjoy your new 'media consumption appliance'. Its becoming less and less of a 'general purpose computer' every day.

--
---- Booth was a patriot ----
Another reason to skip Windows 8 by kimvette · 2012-08-19 08:56 · Score: 5, Insightful

This is another good reason to stick with Windows 7, giving Windows 8 a miss.
One common use of the hosts file is to test staging servers, particularly web servers before pushing them live, and without the complexity and time it takes to set up an additional DNS server.

--
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Hamhandedness. by khasim · 2012-08-19 09:18 · Score: 5, Insightful

If you are an enterprise IT manager this is your dream come true.
Hardly. At the enterprise level there are multiple different ways of handling situations such as this. Which one(s) you choose depends upon how you've organized Active Directory and your network.
But a different point is that this is an OLD way of phishing. The phisher is publishing the IP addresses that need to be blocked. So, again, at the enterprise level this kind of phishing would not be an issue.
If a phisher really needed to redirect traffic like that he'd have an easier time just getting the information in the local machine's DNS cache. That way it would never show up in the hosts file which means that it would be that much harder to spot. Then just keep updating the DNS cache.
So this is the wrong solution to the wrong problem and it is implemented in the wrong way. And it will probably cause more issues in the future as 3rd party developers have to work around not having the hosts file as a reliable option any more.
Nice way to remove a useful tool that's been around for decades.
Mutually incompatible options by LocalH · 2012-08-19 09:31 · Score: 4, Informative

The option on one end is to allow the user to have full, unfettered access to everything on their system, from the highest levels down to the lowest. This was done back in the DOS and Win9x days, and although it does have a few benefits in certain niches, it's also very bad for security.
The option on the other end is to disallow access to modifying the underlying system and related settings, and only allow such actions from full administrator accounts, and maybe not even then (depending on the mindset of the development team). This pisses off a lot of the hardcore techies who like to modify everything they can, but to be fair it does help protect the average user.
Now, I'm not defending Microsoft on how they've implemented this silently and without notification to the user, but on the face of it I think it's a good idea for the average user, at least with regards to the Facebook part of it (not so much on the Doubleclick part). Think about it - the average non-techie person wants Facebook to work. They will want to get their notifications on the Start screen (and elsewhere).
I agree with other posters - they should have openly done this and notified the user before "fixing" it - something like "Your hosts file has been modified to prevent access to <site on this list>. Is this desirable to you?" with three options - "Yes", "No", "More information". That way, the techies can click "Yes" and go about their business, average users can click "More information" and maybe actually learn a little bit in the process, then come back and click "Yes" or "No" as per their wishes.
As with many things, the idea is sound, but the implementation is not. To those saying "well, malware wouldn't redirect to localhost, it'd redirect to a false Facebook", there's nothing stopping a piece of malware from being written that is similar to the existing rogue security software, but that also uses hosts to block access to various social media sites, in an attempt to give the uneducated user further reason to believe they're truly infected as bad as the rogue software tells them they are, and also as a weak attempt to prevent the user from going online and telling people about it even after the rogue software has been removed. They'll do anything to get a few more successful purchases of their crap software. I'm quite surprised they haven't really done this already, to be honest.

--
FC Closer
Not user friendly, hostile by frovingslosh · 2012-08-19 09:38 · Score: 4, Insightful

From the article, Two of the sites that you can’t block using the hosts file are facebook.com and ad.doubleclick.net
I started using the hosts file over a decade ago, when I traced crashes that I was having to doubleclick.net. Ad supported software that I was using was receiving files from them, but it was doing a lot more than just displaying the ads (which I would not have objected to). Many users were experiencing this, but the author would not fix it so I and others started blocking the site (which resolved the problem, although the author lost some small amount of revenue).
More recently I have also started blocking facebook. I never use it, have no account there, but I've noticed an awful lot of network traffic going to and from my site with facebook.com. I'm not even a member, so I don't feel the need for them to track most of the sites that I visit. The hosts file has so far worked very well for this.
And argument that this feature is in any way for the benefit of the clueless user is bogus. The common way to block a site via the hosts file is to equate it to the IP address 127.0.0.1, which is the local machine. If Microsoft were doing this for the benefit of their users then they would simply look at the hosts file and, if they found redirects for sites that they were concerned about that were not pointed to the local machine, they might well conclude that it was potentially an attempt to hijack a domain name and then, after warning the user (and even asking him) correct the problem. This would even show the user that Microsoft was doing something good for the user for a change. But if the address is redirected to the local machine, the only reasonable conclusion that I can see is that the user wanted it that way (as it provides no attack vector). It took me about 30 seconds to realize that changing 127.0.0.1 redirects was user unfriendly and could easily be avoided if Microsoft were really concerned about their users who paid for the software. They just have to look at the IP address that the hosts file contains and if it is 127.0.0.1 then allow it to stay! Clearly Microsoft realized this too. The only reasonable conclusion is that they are doing this because they have a motive that is against customers interests.

--
I'm an American. I love this country and the freedoms that we used to have.
1. Re:Not user friendly, hostile by cbiltcliffe · 2012-08-19 13:48 · Score: 2
  
  Assuming that all redirects to localhost are user-specified is all well and good, until you figure out that some malware makes the hosts file looks like this:
  update.symantec.com 127.0.0.1
  update.trendmicro.com 127.0.0.1
  update.mcafee.com 127.0.0.1
  update.microsoft.com 127.0.0.1
  Not that I consider this a good move by Microsoft, by any means, but implying that the situation is as simple as you're making it out to be is dangerous.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
The answer is simple enough by __aaqvdr516 · 2012-08-19 10:12 · Score: 4, Insightful

The answer is simple enough:
If you're already smart enough to edit the hosts file, you should be smart enough to add hosts to Windows Defender exclusion list.
Is this a change from the way that things were done in the past? Of course it is. This is how systems become more secure for the average user. Average Joe isn't messing with hosts.
Chicken Little, the sky is not falling.
Re:Thank-You, & here's a challenge I always ma by LordLimecat · 2012-08-19 10:12 · Score: 2

Advantages over "other things"? Two words:
Firewall entries.
More flexible, centrally maintained, more granular, more reliable, and not prone to user tampering. Yea, how horrible.
on what planet? by frovingslosh · 2012-08-19 12:19 · Score: 2

On what planet does it make sense to change entries in a file on the system and not even warn the user that you are doing so? And since they are reportedly making the changes selectively, then if there were really an attacker his attack could have made other changes, but the user was never warned that the host file had anything "suspicious" in it and so would not be aware to even look at it and see if there was anything that the Great and Powerful Microsoft had missed. This isn't for the user, it is purely for MS's own interests.

--
I'm an American. I love this country and the freedoms that we used to have.
Malware. by Deathlizard · 2012-08-19 13:19 · Score: 4, Insightful

the Hosts file is targeted my malware to redirect to malicious sites and to keep under the radar to infect systems after they have been clean. (or even to a locally hosted proxy to infect sites like Facebook) Personally, I've seen facebook and myspace targeted in it. Never seen doubleclick but my guess is doubleclick is a target so that they can redirect to their own profit generating ads, or more malware to attempt to extort money out of people.
My guess is that the sites defender removes from hosts are sites that have been targeted by malware in the past. Frankly, I'd like to see the list of domains it looks for, but I'm sure that I woudn't want any of them redirected to some scumware site trying to pawn off fake antivirus.

--
In Soviet Russia, Trojan exploits YOU!
Evene if it is windows defender it is bad by aepervius · 2012-08-19 14:15 · Score: 2

If one redirect a site to 127.0.0.1 from the aforementionned double click, chance that it is a malware is nil. Before removing the entry windows defender should check the IP and leave it for those site at 127.0.0.1. OTOH if it is an anti virus site it should remove it if it is precisely 127.0.0.1. If they went the extra way to check for some specific web site, then they should have done the extra way and check for the IP. Or make a pop up windows warning of the behavior and how to stop it.

--
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Re:Thank-You, it is... apk by crutchy · 2012-08-22 20:19 · Score: 2

def reverse(s):
try:
trollstring = ""
for apksays in s:
trollstring = apksays + trollstring
except:
print("error/abend in reverse function")
return trollstring
s = ""
print reverse(s)
try:
s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
s = reverse(s)
print(s)
except Exception as e:
print(e)
ParseError: bad input on line5

http://mathcs.holycross.edu/~kwalsh/python/