You can


Recommended Posts

You can?t block Facebook using Windows 8?s hosts file

The Windows hosts file offers a great way of blocking or redirecting certain Internet hosts. I?m for instance using it whenever I move websites to a new hosting company to check the life site before the DNS has fully propagated. You can also download software like Hosts Man that allow you to add lists of known malicious sites or advertising servers to the file to block those automatically from being visited on the computer.

In theory, you can add any domain, host or website to the hosts file so that it is blocked on the system. Ghacks reader SGR just informed me that this apparently has changed in the Windows 8 RTM version.

windows-8-hosts-file.png

While you can still add any host you want to the hosts file and map it to an IP, you will notice that some of the mappings will get reset once you open an Internet browser. If you only save, close and re-open the hosts file you will still see the new mappings in the the file, but once you open a web browser, some of them are removed automatically from the hosts file.

Two of the sites that you can?t block using the hosts file are facebook.com and ad.doubleclick.net, the former the most popular social networking site, the second a popular ad serving domain.

The strange thing is that even write protecting the file does not have an effect on it as entries are still removed once you open a web browser. Actually, any kind of Internet connection seems to be enough for that behavior. If you open the Windows Store for instance, the entries get removed as well automatically.

This could be a bug that is affecting only some high profile sites and services, or something that has been added to Windows 8 deliberately. We have contacted Microsoft and are currently waiting for a response from a company representative. Since it is Sunday, it is not likely that this is going to happen today.

It is also in the realm of possibility that the hosts file may not accept other hosts.

Update: Tom just pointed out that turning off Windows Defender, which basically is Microsoft Security Essentials, in Windows 8 will resolve the issue. It appears that the program has been designed to protect some hosts from being added to the Windows hosts file. To turn off Windows Defender press the Windows key, type Windows Defender and hit enter. This launches the program. Switch to Settings here and select Administrator on the left. Locate Turn on Windows Defender and uncheck the preference and click save changes afterwards.

Please note that this turns off Windows Defender, and that it is recommended to have another antivirus program installed on the system to have it protected against Internet and local threats.

Source: ghacks.net

Link to comment
Share on other sites

I smell a payoff here...

A lot of anti-malware suites will prevent changes to the hosts file.. common way to hijack sites and such. Exclude or use a different suite.

Link to comment
Share on other sites

in MSE (and i imagine windows defender) you can exclude files. just excludes the hosts file and it should not change it back

^this.

If you modifiy the host file manually, it will trigger a warning (since it's a good way to do man in the middle attacks for example) but you can tell MSE/Windows defender to allow the change, then it won't revert it back.

Link to comment
Share on other sites

A lot of anti-malware suites will prevent changes to the hosts file.. common way to hijack sites and such. Exclude or use a different suite.

Yep... can understand their reasons for doing it. Bit annoying though if you do alter your hosts file when doing testing and so forth.

Link to comment
Share on other sites

I will take note to turn off Windows Defender when updating my hosts file with a malware stopping one.

Link to comment
Share on other sites

A lot of anti-malware suites will prevent changes to the hosts file.. common way to hijack sites and such. Exclude or use a different suite.

It's the fact that it only blocks some sites, that seems very fishy. If you are going to protect the hosts file in this manner, why not protect it entirely?

Link to comment
Share on other sites

It's that fact that it only blocks some sites, that seems very fishy. If you are going to protect the hosts file in this manner, why not protect it entirely?

Look how big facebook.com is. If some trojan decided to link it to a different IP within the hosts file, thats why it only does some domain names. Malware authors dont care about picsofmygranny.com with its 5 users

Link to comment
Share on other sites

or just install some parental lock software. Im assuming you want to block facebook so your kids cant go on cause they are too young and not cause you have no self control can't just not go there

Link to comment
Share on other sites

It's that fact that it only blocks some sites, that seems very fishy. If you are going to protect the hosts file in this manner, why not protect it entirely?

this

i knew that anti-malware solutions block access to the host file or at least that access triggers a warning; the new thing here is that Windows Defender only blocks some sites, witch is odd.

Link to comment
Share on other sites

Facebook is fine to not add. I see no ill will in that, and it's a common trap for people to input their passwords on Facebook phishing sites.

I am a bit concerned about doubleclick. Is that the common ad platform for Windows 8?

Link to comment
Share on other sites

I am a bit concerned about doubleclick. Is that the common ad platform for Windows 8?

It's one of the biggest ad networks on the internet. Someone being able to redirect all that traffic for their own purposes by modifying someone elses hosts files is quite the issue - considering how many websites have ads served by doubleclick.

By the way, doubleclick is run by Google - Microsoft tends to use their own advertising platform.

Link to comment
Share on other sites

It's that fact that it only blocks some sites, that seems very fishy

Not really. Lets wait an see which sites block and which don't. I'm guessing it's borne out of their diagnosis of which sites are most commonly attacked in such a manner

Link to comment
Share on other sites

It's one of the biggest ad networks on the internet. Someone being able to redirect all that traffic for their own purposes by modifying someone elses hosts files is quite the issue - considering how many websites have ads served by doubleclick.

By the way, doubleclick is run by Google - Microsoft tends to use their own advertising platform.

Ah, that makes sense.

I would be curious to know if other high-profile sites are prevented from being redirected as well. I'd expect at least the Alexa top 50. Right now, we can justify each of those sites individually, but if it's ONLY those two sites, it's worth questioning.

Link to comment
Share on other sites

It's the fact that it only blocks some sites, that seems very fishy. If you are going to protect the hosts file in this manner, why not protect it entirely?

I am glad it doesn't protect the whole file. I can still use it for my own work (which uses internal domains).

Link to comment
Share on other sites

Has anyone tried adding the hosts file to the exclude list to see if it resolves this?

It works according to another post here

Link to comment
Share on other sites

hosts file is not meant for website blocking or anything other kind of blocking. when are people going to learn this.

When there is another effective way to block sites :)

Link to comment
Share on other sites

I can see a very legit use for only doing certain sites. Since DoubleClick is one of the biggest ad networks out there, redirecting it to a mailious IP address using the HOSTS file is a good way to get malware installed. Same with Facebook, and if something like that ever did happen to Mr Average J. User, he wouldn't even begin to know how to fix it.

Link to comment
Share on other sites

Can't believe I'm defending Windows 8, but here goes: I did my own testing here with XP, Vista and 7. It has nothing to do with the OS you are using, and everything to do with MSE. End of story, try it for yourself. MSE will remove certain things from your HOSTS file even if it's Read Only.

Link to comment
Share on other sites

Can't believe I'm defending Windows 8, but here goes: I did my own testing here with XP, Vista and 7. It has nothing to do with the OS you are using, and everything to do with MSE. End of story, try it for yourself. MSE will remove certain things from your HOSTS file even if it's Read Only.

while true, MSE is install by default on windows 8. By doing this i count MSE on windows 8 as part of the windows 8 OS. Im very interested in this, but am not going dog MS and Windows 8 till more is known.

Link to comment
Share on other sites

This topic is now closed to further replies.