Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 8 Changes Host File Blocking

Posted by samzenpus on from the try-it-like-this dept.

An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites."

31 of 1,030 comments (clear)

  1. Another reason... by Spritzer · · Score: 5, Insightful

    So, after reading the article this can be summarized as "Microsoft gives you one more reason to disable Windows Defender and use a third party AV app."

    1. Re:Another reason... by binarylarry · · Score: 5, Insightful

      Microsoft gives you one more reason to switch to Mac OSX or Ubuntu.

      --
      Mod me down, my New Earth Global Warmingist friends!
    2. Re:Another reason... by ackthpt · · Score: 5, Insightful

      I completely agree. This is the nail in the Windows coffin for me.

      If you are an enterprise IT manager this is your dream come true. You're not seeing this from the angle Microsoft is, they count on enterprise income more than they do home users.

      --

      A feeling of having made the same mistake before: Deja Foobar
    3. Re:Another reason... by Bill,+Shooter+of+Bul · · Score: 5, Interesting

      Why is that a dream come true for an enterprise IT manager? You *want* employees to be on facebook? Or are you saying that crazy behavior on the windows platform ensures your job security?

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    4. Re:Another reason... by Anonymous Coward · · Score: 5, Informative

      Enterprise customers will block it at using DNS or using Group Policy, not the hosts file.

    5. Re:Another reason... by MicroSlut · · Score: 5, Informative

      What Enterprise IT Manager is using the Hosts file to block web sites? Enterprises use firewalls. I've been blocking doubleclick at the firewall/proxy level for as long as I can remember.

    6. Re:Another reason... by LordLimecat · · Score: 5, Insightful

      An IT manager using Hosts is an IT manager that needs to be replaced.

      First, if you are doing your web filtering on the workstation, you are doing it badly, badly wrong. Second, HOSTS is not somethin that is easily maintained or modified. Third, there are about a zillion better ways to accomplish blocking than using a HOSTS file.

      Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.

    7. Re:Another reason... by cayenne8 · · Score: 5, Insightful

      Its basically a kludge from bygone days before DNS, and for 99% of use cases where you might think "I can use a HOSTS file for that", there are far better methods-- or else the thing you are trying to do is retarded.

      Even allowing for your premise....

      Why on earth would MS destroy a simple, well known behavior that users might indeed have reason to want to use? Why 'fix' something that isn't broken? Why break something that wasn't hurting anything else on the OS?

      No harm in leaving a well known tool and behavior be.....but plenty of reason not to fuck with it, no?

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    8. Re:Another reason... by Martin+Blank · · Score: 5, Interesting

      Considering that the number of systems hit by malware making use of HOST file modifications is far larger than the list of systems using it to block access to sites, the balance of evidence is in favor of what Microsoft is doing. I know some people who have extensive files, but that group is very small. LordLimecat was right: it's a feature from a bygone era that is used more often for harm than for good. Even adding a switch to the functionality (which might well be there in the form of a registry entry) doesn't help because that switch will get flipped by malware.

      Sometimes features once useful outlive that usefulness.

      --
      You can never go home again... but I guess you can shop there.
    9. Re:Another reason... by Anonymous Coward · · Score: 5, Insightful

      This is silly reasoning. "Since I don't have a good reason to use it, nobody else should either."

      I use it to test services that are replacing old services with the same name. It works well as a temporary/quick way of testing. Yes, I could do it in DNS but it would take much longer to vet the change to our DNS servers than my local hosts file. Thankfully, I don't have to worry about this since I don't use Windows.

    10. Re:Another reason... by Dunbal · · Score: 5, Insightful

      The smart IT manager realizes that even if employees spend 20 mins or so a day, they are far more productive than the ones fully restricted, locked down and persecuted. Studies have been done. Smart managers read them. Bad managers crack the whip according to arbitrary "productivity" goals that really mean nothing. Then they wonder why employees are always leaving the company and positions are so hard to fill.

      --
      Seven puppies were harmed during the making of this post.
    11. Re:Another reason... by SeaFox · · Score: 5, Insightful

      I think what he wants is a firewall system that explicitly cannot be controlled by the operating system without his approval. So if he blocks something he can be assured it will stay blocked regardless of what kind of backroom deals Microsoft makes.

      The most annoying thing about these latest versions of Windows is that there appears to be this new class of user with control that supersedes than the owner of the hardware.

    12. Re:Another reason... by Lime+Green+Bowler · · Score: 5, Insightful

      We use hosts files with shop floor manufacturing software that requires it. It does not function without host entries. You are not the judge of how a hosts file is to be used, and any mindset like yours should not be in IT. You have short sight and low experience in the real world it seems. Any any ass who threatens to "replace" somebody for using a feature that is far from outmoded, or thinks someones methods are "retarded" without benefit of understanding or even offering an alternative is a STFU-and-leave opportunity.

    13. Re:Another reason... by Dynedain · · Score: 5, Insightful

      no, but dev.realdomain.com might be... and yet I have to overwrite it to simulate on my local machine for development testing. Or perhaps I need to ensure when I load realdomain.com I go directly to a specific IP address instead of the default one that hits the load balancer.

      There's a whole slew of reasons for having a hostsfile (especially for developers) that DNS doesn't solve.

      --
      I'm out of my mind right now, but feel free to leave a message.....
    14. Re:Another reason... by Anonymous Coward · · Score: 5, Funny

      I use it to stop Mom from reading my blog.

      As far as she is aware my "awful site" as been offline since May.

    15. Re:Another reason... by GeniusDex · · Score: 5, Insightful

      It is inherentily impossible to build something into an OS which cannot be controller by that OS itself. If you want these really secure firewalls, they should be on a separate appliance and all your traffic should be routed through them.

    16. Re:Another reason... by TheRaven64 · · Score: 5, Insightful

      A very small amount of Microsoft's revenue comes from selling ads. Almost all of one of their major competitors' revenue comes from selling ads. It's therefore in their best interests to make ad blocking easy...

      --
      I am TheRaven on Soylent News
    17. Re:Another reason... by Anonymous Coward · · Score: 5, Informative

      Hell if you are worried about power you can buy one of those little plug computers or my personal favorite the little cheap E350 AMD kits. Those things are cheap, make great mini-servers or office boxes, only draw about 18w under load and less than 6w on average, great little units

      Seconded, however you'd best steer clear of the Asus and Asrock boards if you plan on doing anything with the PCI slots on those boards. They all use the ASMedia 1083 pci bridge, which happens to be broken beyond belief. See here and here. TL;DR: the controller has a hardware bug where it fails to deassert its interrupt status, causing IRQ storms which effectively makes connected devices useless.

    18. Re:Another reason... by oreaq · · Score: 5, Informative

      Hosts was always an unsupported system file hack

      Where do you get this idea from? Hosts files are a common part of the IP stack of various operating systems. Microsoft has been using hosts files at least since Windows 95. They are fully supported and documented.

  2. So... by Anonymous Coward · · Score: 5, Insightful

    Just add the hosts file to the Defender's white list. If you know how to edit the hosts file, you should know how to add it to the white list.

    Otherwise, who says the edits to that file were not malicious.

  3. How will APK react to this? by metrix007 · · Score: 5, Funny

    APK's sole existence seems to be reliant on advocating the hosts file as a means of host filtering, despite more modern, flexible, easier, convenient and powerful alternatives existing.

    How will APK stay relevant with the demise of the hosts file in Windows 8? Stay tuned....

    --
    If you ignore ACs because they are anonymous - you're an idiot.
  4. Calm down by Anonymous Coward · · Score: 5, Informative

    Before everyone gets all excited... the article has already been updated with the fact that this is a feature of “windows defender” (and imo a reasonable one) and can be disabled.

    The hosts file is popular for blocking sites, but also popular for redirecting to phishing sites as well. This seems like a very ineffective way of solving that problem, but at least it doesn’t look like there is some evil malicious intent..

    In other news, running certain anti-virus products will prevent you from writing to the boot sector while they are running

    1. Re:Calm down by khasim · · Score: 5, Insightful

      This seems like a very ineffective way of solving that problem, but at least it doesnâ(TM)t look like there is some evil malicious intent..

      Considering that one of the sites they are unblocking is ad.doubleclick.net (which is often blocked because the user wants it blocked) then Microsoft is taking away an option from the user.

      What will be interesting will be when someone compiles a list of the sites that will be unblocked ... and finds how many BANKS will still be subject to phishing like this ... but ad.doubleclick.net will be protected.

      This is a stupid move by Microsoft done in a stupid fashion.

    2. Re:Calm down by mrnobo1024 · · Score: 5, Insightful

      The hosts file can only be modified by administrators. Any additional protection is useless because if malware has gotten itself running as administrator, it can just kill or modify windows defender anyway.

    3. Re:Calm down by techno-vampire · · Score: 5, Insightful

      Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out.

      No, it's Microsoft being stupid and ignoring its own security. If a non-privileged program is permitted to ignore the fact that a file is set to be Read-Only, you have absolutely no protection against malicious code changing anything it wants. All it has to do is infect Windows Defender and it can do anything it wants. If I were still a Windows user, I'd be very reluctant to trust Windows 8 at this point because of this obvious lack of common sense in how it handles this.

      --
      Good, inexpensive web hosting
    4. Re:Calm down by DigiShaman · · Score: 5, Insightful

      Within NTFS permissions, an explicit "Deny" will take priority over an explicit "Allow". Have they even tried flagging the file with deny writes? In theory, that should prevent modifications to the file.

      It's a pain in the ass, but you could always reset the NTFS permissions via ownership and inheritance each time you wanted to make or change an entry to the host file.

      --
      Life is not for the lazy.
  5. This makes sense... for (most) Windows users by Anonymous Coward · · Score: 5, Insightful

    As comments in the article point out, this behavior can be turned off by going to the Windows Defender settings... But by and large this make sense for 95% of Windows users as they will have NO clue about the hosts file, and even less of a clue if it has been modified for a phising attack. Nice to see microsoft take another step forward in protecting the blindingly ignorant and inept.

    1. Re:This makes sense... for (most) Windows users by lowlymarine · · Score: 5, Insightful

      Exactly, this is a perfectly reasonable anti-phishing measure that can be easily disabled, as is clearly explained in the linked article. But hey, we can't have any such pesky facts sneak into a /. summary, it might stymie some good old-fashioned MS bashing.

  6. Adobe's Activation Servers by Anonymous Coward · · Score: 5, Funny

    Prepare them for the shitstorm.

  7. Another reason to skip Windows 8 by kimvette · · Score: 5, Insightful

    This is another good reason to stick with Windows 7, giving Windows 8 a miss.

    One common use of the hosts file is to test staging servers, particularly web servers before pushing them live, and without the complexity and time it takes to set up an additional DNS server.

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
  8. Hamhandedness. by khasim · · Score: 5, Insightful

    If you are an enterprise IT manager this is your dream come true.

    Hardly. At the enterprise level there are multiple different ways of handling situations such as this. Which one(s) you choose depends upon how you've organized Active Directory and your network.

    But a different point is that this is an OLD way of phishing. The phisher is publishing the IP addresses that need to be blocked. So, again, at the enterprise level this kind of phishing would not be an issue.

    If a phisher really needed to redirect traffic like that he'd have an easier time just getting the information in the local machine's DNS cache. That way it would never show up in the hosts file which means that it would be that much harder to spot. Then just keep updating the DNS cache.

    So this is the wrong solution to the wrong problem and it is implemented in the wrong way. And it will probably cause more issues in the future as 3rd party developers have to work around not having the hosts file as a reliable option any more.

    Nice way to remove a useful tool that's been around for decades.