Bug or feature? You can't block Facebook or ad.doubleclick.net on Windows 8

Discussion in 'other security issues & news' started by EncryptedBytes, Aug 19, 2012.

Thread Status:
Not open for further replies.
  1. EncryptedBytes
    Offline

    EncryptedBytes Registered Member

    (-http://www.ghacks.net/2012/08/19/you-cant-block-facebook-using-windows-8s-hosts-file/-)

  2. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    "Update: Tom just pointed out that turning off Windows Defender, which basically is Microsoft Security Essentials, in Windows 8 will resolve the issue. It appears that the program has been designed to protect some hosts from being added to the Windows hosts file."
  3. funkydude
    Offline

    funkydude Registered Member

    Gotta love how badly some people jump the gun. It's common for malware to try to hijack popular domains using the hosts file, it's obviously going to be suspicious.

    Just because the IP is pointing to the local machine doesn't mean anything, there's been malware that hosts pages locally.

    Pretty sure there was another thread here on Wilders (last month?) with someone complaining about blocking doubleclick with MSE. It's a shame journalists don't do more research before hitting the "submit" button in the hopes to be first to post something. I guess it's all about the traffic.
  4. tgell
    Offline

    tgell Registered Member

    Also here.

  5. siljaline
    Offline

    siljaline Registered Member

    This should prove to be interesting for those that run custom Hosts files such as MVPS.
    More as Win 8 goes RTM and the mentioned software comes online.
    Last edited: Aug 21, 2012
  6. ComputerSaysNo
    Offline

    ComputerSaysNo Registered Member

    I agree with funkydude, this isn't a bad thing. If it improves security then it's worthwhile.
  7. safeguy
    Offline

    safeguy Registered Member

    Useful to know still. Thanks.
  8. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    Related from http://www.drwindows.de/content/576-windows-8-defender-setzt-hosts-manipulation-zurueck.html via http://hexus.net/tech/news/software/43937-windows-8-hosts-block-doubleclick-ads-facebook/. Adding 127.0.0.1 entries for various hosts resulted in the following ones being removed:

    -facebook.com
    -www.facebook.com
    -www.google.com
    -ad.doubleclick.net
    -www.twitter.com
    -www.yahoo.com

    Attention was also drawn to a comment saying that servedby.advertising.com was another entry that gets removed.

    Obviously, 127.0.0.1 entries could be a hijack or protection mechanism. I'm inclined to think that on the test machines there was nothing to corroborate the theory that such entries were a hijack (such as known malware proxy having been detected). IOW, it sounds as though Windows Defender was simply making an assumption, one that was incorrect in the reported cases, and one which would have done harm had those been part of a security/privacy protection mechanism rather than a test case. It also sounds as though such "protection" is enabled by default (user can opt-out the hosts file from that) and the removals are done silently without some kind of obvious alert. It seems the entries are deleted rather than being commented out and I've yet to hear someone say the original hosts file is backed up somewhere.

    IOW, it sounds like this feature could use some work.
  9. siljaline
    Offline

    siljaline Registered Member

    Commenting your Hosts file, is fairly easy assuming the software mentioned doesn't prevent you from doing so. If I were to have a machine with this software that disallowed my maintaining my custom file as I wanted it, I would not be running said software although this is just a personal observation and not a suggestion that anyone wanting to test-drive these new emerging technologies to go right ahead.
Thread Status:
Not open for further replies.