Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows 8 bypasses and modifies the hosts file

Anonymous Coward writes | about 2 years ago

The Internet 8

An anonymous reader writes "Windows 8 has been confirmed to not only ignore, but also modify the hosts file. As soon as a website that should be blocked is accessed, the corresponding entry in the hosts file is removed, even if the hosts file is read-only. The hosts file is a popular, cross-platform way of blocking access to certain domains, such as ad-serving websites, but now that Microsoft clearly wants to control your web browsing experience, the practice not be that cross-platform anymore."
Link to Original Source

cancel ×

8 comments

Sorry! There are no comments related to the filter you selected.

Update (1)

jbolden (176878) | about 2 years ago | (#41046939)

First off the article totally underestimates the use of the hosts file. This is what existed before DNS and I still use it for my home network and non-dns based routes. Anyway what's doing this according to the update in the article is Windows Defender which cleans the hosts file automatically to prevent malware from redirected people. Since Defender can be disabled this is likely a feature not a bug.

Re:Update (1)

sjames (1099) | about 2 years ago | (#41047165)

If it's overriding a user's deliberate decision to disable an ad site in hosts, then it's a bug even if it's a 'feature'.

Re:Update (1)

jbolden (176878) | about 2 years ago | (#41047559)

How is the system supposed to tell about changes to hosts file made from a user or from malware.

Windows Defender on = Microsoft runs my hosts file
Windows Defender off = I run my hosts file

Re:Update (1)

sjames (1099) | about 2 years ago | (#41047645)

It needs to either leave it alone if it is set read only or it needs to clearly indicate that it would like to make changes to the hosts file and allow the user to say no.

Re:Update (1)

jbolden (176878) | about 2 years ago | (#41047771)

That gets to the issue of what security tools should do. For the average user what are they supposed to do with a message like "Windows Defender has detected invalid links in your hosts file, which is used in domain name resolution. Should it change these to match your ISP's name server's settings or leave them alone?"

They can't answer that. A question can't be the default since the vast majority of the time the person getting the question can't answer the question. Heck, the person who wrote the article noting this didn't seem to actually understand what the hosts file did he just learned a trick that no longer worked. So sorry I disagree with you. I think it is reasonable to say that if you don't know to go into Windows Defender -> Tools and alter the allowed items list then you don't know enough to mess with Window's networking (which is btw more complex than Linux networking so don't judge based on Linux experience). Guys like the guy who wrote that article need to either learn more or defer to Microsoft.

Linux is better for allowing for self administration, the learning curve is shallower since more of the guts are exposed.

Re:Update (1)

sjames (1099) | about 2 years ago | (#41047983)

It is worth considering that I might dis-able an ad server in hosts (a very common technique BTW) because it has a reputation for ads with malware attached. Remove that block and my security is decreased.

The question to ask would be "one or more domains have been altered by placing entries in the hosts file. Did you do that on purpose? (if you don't understand the question, choose no)". Just to be sure, also provide an OK button for the user to click without thought that allows removing the entry.

Windows defender is a new 'feature', so even an experienced admin might not know about every aspect of it. They could find out about it if it will kindly announce itself. It would also be more useful if it could be fine tuned rather than all or nothing.

Re:Update (1)

jbolden (176878) | about 2 years ago | (#41048195)

They could find out about it if it will kindly announce itself. It would also be more useful if it could be fine tuned rather than all or nothing.

It can be. That's what I was saying about going into the tools menu and changing allowed items.

The question to ask would be "one or more domains have been altered by placing entries in the hosts file. Did you do that on purpose? (if you don't understand the question, choose no)". Just to be sure, also provide an OK button for the user to click without thought that allows removing the entry.

That questions plus a list of the changes would be better. People googling that question are going to see entries that talk about saying yes without understanding the context was people changing stuff on purpose. Giving them a list might be more helpful and asking "did you make these changes on purpose?" with OK auto removing (I agree with that one, it always shocks me that so few read security alerts).

It is worth considering that I might dis-able an ad server in hosts (a very common technique BTW) because it has a reputation for ads with malware attached. Remove that block and my security is decreased.

I agree its common. I just question whether people who don't understand the layers of Windows networking should be messing with it at this low level. Having a GUI ad blocker which adds the entry to Windows defender and the browser strikes me as a better solution or for IE using the method Microsoft provided: Internet Explorer's InPrivate Browsing

Re:Update (1)

niftymitch (1625721) | about 2 years ago | (#41049493)

I wonder, where does it gets the answers?
I wonder, how does it validates them as correct?

Inside many companies the internal host names and addresses
are managed with care via local DNS to give correct answers
inside the firewall without busting the device when the sales force
is outside the firewall making a house call. Via VPN inside
answers no VPN outside answers.

Other companies use proxy servers to tinker with, manage,
measure and filter web access. I wonder, how does that interact?

Schools today have conflicting mandates to impose control. Will this
tangle that control? Note the Tennessee legislator types all laid
chicken eggs because the SAT had Darwin friendly questions.

I know that one difficult to disable botnet of computers did
nasty things with DNS but I am not sure this is any better
or if it would have resolved the issue.

What is keeping WindowZ from replacing *.google.com
with a proxy so they can see all the traffic? Today many
ISPs return cash cow servers for lots of reasons and return
proxy resources for event sites. Sometimes with and some
without permission. The recent data loading records from the BBC
Olympics make it obvious that a bandwidth limited carrier could game the
system and present their customers with a "Better Experience".
This is not illegal AFAIK but since it is not illegal what is to
limit abuse. Proxy and caching resources are difficult to audit
from the outside which leaves self-policing.

I have often resorted to testing a web site internally
by tinkering with host files and internal DNS. It is difficult
to test a "big" site change perhaps for a product announcement
and keep it tight and secure inside the firewall where select
executives and managers can see and approve the content
prior to pushing it out live. I would not permit/ trust most executives
to turn off any security feature like Windows Defender.

One more reason to not play the game....

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>