Bug or feature? You can't block Facebook or ad.doubleclick.net on Windows 8

Discussion in 'other security issues & news' started by EncryptedBytes, Aug 19, 2012.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    (-http://www.ghacks.net/2012/08/19/you-cant-block-facebook-using-windows-8s-hosts-file/-)

     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    "Update: Tom just pointed out that turning off Windows Defender, which basically is Microsoft Security Essentials, in Windows 8 will resolve the issue. It appears that the program has been designed to protect some hosts from being added to the Windows hosts file."
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Gotta love how badly some people jump the gun. It's common for malware to try to hijack popular domains using the hosts file, it's obviously going to be suspicious.

    Just because the IP is pointing to the local machine doesn't mean anything, there's been malware that hosts pages locally.

    Pretty sure there was another thread here on Wilders (last month?) with someone complaining about blocking doubleclick with MSE. It's a shame journalists don't do more research before hitting the "submit" button in the hopes to be first to post something. I guess it's all about the traffic.
     
  4. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,097
    Also here.

     
  5. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    This should prove to be interesting for those that run custom Hosts files such as MVPS.
    More as Win 8 goes RTM and the mentioned software comes online.
     
    Last edited: Aug 21, 2012
  6. I agree with elapsed, this isn't a bad thing. If it improves security then it's worthwhile.
     
  7. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Useful to know still. Thanks.
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Related from http://www.drwindows.de/content/576-windows-8-defender-setzt-hosts-manipulation-zurueck.html via http://hexus.net/tech/news/software/43937-windows-8-hosts-block-doubleclick-ads-facebook/. Adding 127.0.0.1 entries for various hosts resulted in the following ones being removed:

    -facebook.com
    -www.facebook.com
    -www.google.com
    -ad.doubleclick.net
    -www.twitter.com
    -www.yahoo.com

    Attention was also drawn to a comment saying that servedby.advertising.com was another entry that gets removed.

    Obviously, 127.0.0.1 entries could be a hijack or protection mechanism. I'm inclined to think that on the test machines there was nothing to corroborate the theory that such entries were a hijack (such as known malware proxy having been detected). IOW, it sounds as though Windows Defender was simply making an assumption, one that was incorrect in the reported cases, and one which would have done harm had those been part of a security/privacy protection mechanism rather than a test case. It also sounds as though such "protection" is enabled by default (user can opt-out the hosts file from that) and the removals are done silently without some kind of obvious alert. It seems the entries are deleted rather than being commented out and I've yet to hear someone say the original hosts file is backed up somewhere.

    IOW, it sounds like this feature could use some work.
     
  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Commenting your Hosts file, is fairly easy assuming the software mentioned doesn't prevent you from doing so. If I were to have a machine with this software that disallowed my maintaining my custom file as I wanted it, I would not be running said software although this is just a personal observation and not a suggestion that anyone wanting to test-drive these new emerging technologies to go right ahead.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.