facebook rss twitter

Windows 8 hosts won't block Doubleclick ads or Facebook

by Mark Tyson on 20 August 2012, 11:45

Tags: Windows 8

Quick Link: HEXUS.net/qabk5b

Add to My Vault: x

Users of the new Windows 8 RTM OS have been poking around and customising the OS to work the way they like it. A common Windows user customisation is editing entries in the hosts file to block certain sites and domains. These domains may be of advertisers, known malware or with explicit content; anything someone may have a reason to block. It has been discovered that in Windows 8 RTM you can’t use the hosts file to block well known advertising network Doubleclick or “ad.doubleclick.net” among others.

Facebook, ServedBy.Advertising.com, Google.com, Twitter.com and Yahoo.com too

As well as not letting users block the Doubleclick ad network Microsoft has decided users shouldn’t block ServedBy.Advertising.com, Facebook, Google.com, Twitter.com and Yahoo.com either. Any host file editing to redirect these sites to will fail. However regional variations of the above, such as www.google.de can be blocked using hosts…

German Windows news website Dr Windows wanted to see what exactly happens. They edited the Windows 8 hosts file, “waited a few minutes” then opened the hosts file to take a look. Please take a look at the before and after pictures below.

after a couple of minutes some hosts edits were removed...

Windows Defender is defending the hosts file from changes

After a little investigation it was discovered that the part of Windows 8 RTM that “unedits” your hosts file is the new Windows Defender. In Windows 8 RTM Windows Defender is not the same beast as within earlier Windows versions. The program is much more fully featured as a security suite and is comparable to Microsoft Security Essentials which you may have installed in earlier versions of Windows.

Even if you edit your hosts file and write protect it, once you open a web browser it will be restored to unblock the above sites. While you can get around this by turning off Windows Defender, it’s advisable to have an alternative to this free security suite to replace it first. Windows Defender protects your hosts file to stop malware changing it. Malware often changes the hosts file to redirect your browsing to dodgy websites and to lock you out of from helpful antivirus vendor sites.

A user at GHacks.net has suggested that Windows 8 users who want to keep Windows Defender yet be able to edit the hosts file can actually exclude the file from “protection”. Go to “Windows Defender > Settings > Excluded Files and Location. Add the hosts file and see if you still have the problem”. If anyone is running Windows 8 RTM but wants to customise the hosts file this may be the best solution.



HEXUS Forums :: 17 Comments

Login with Forum Account

Don't have an account? Register today!
Interesting that it still allows Bing to be blocked…
Windows 8 hosts won't block Doubleclick ads or Facebook

That's a real sensationalist headline. It will block them fine, you just need to change a setting to allow it.

The hosts file should have been locked down a long time ago, given redirects are put into it by any malware not written by an idiot.
Nice of Microsoft to give the user control over their browsing requirements
Even if you edit your hosts file and write protect it, once you open a web browser it will be restored to unblock the above sites. While you can get around this by turning off Windows Defender … Windows Defender protects your hosts file to stop malware changing it. Malware often changes the hosts file to redirect your browsing to dodgy websites and to lock you out of from helpful antivirus vendor sites.

A user at GHacks.net has suggested that Windows 8 users who want to keep Windows Defender yet be able to edit the hosts file can actually exclude the file from “protection”.
Am I the only one who reads the above and comes to the conclusion that Windows Defender is “broken”? Preventing malware changing the host file seems like a darn good idea, but couldn't they have implemented some form of check-in/check-out system so you - as an informed user - could make your edits in peace and have WD accept them as genuine “yes I really mean that!”?

My suspicious mind also has a problem with the fact that advertisers seem to figure prominently amongst the list of “do not touch” sites… :(
crossy
Am I the only one who reads the above and comes to the conclusion that Windows Defender is “broken”? Preventing malware changing the host file seems like a darn good idea, but couldn't they have implemented some form of check-in/check-out system so you - as an informed user - could make your edits in peace and have WD accept them as genuine “yes I really mean that!”?

My suspicious mind also has a problem with the fact that advertisers seem to figure prominently amongst the list of “do not touch” sites… :(

99% of users don't know what a hosts file is. Anyone that does will known how to add an exclusion or Google it to find out. If an option did pop up, you'd just get most users hitting “yes”.

The advertisement servers are being added as some of the less harmful malware adds in redirects to different ad servers to get the writers more money. Given that most pages also have ads, you can use it as a way to check for updates of the malware.

Anything that gets high traffic ultimately is probably on the list. I doubt there is a sinister motive here.