Announcement

Collapse
No announcement yet.

A rant, in which I criticize a Windows 8 "feature" (part 1 of who knows how many)

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    A rant, in which I criticize a Windows 8 "feature" (part 1 of who knows how many)

    Recall my handy utility to create an /etc/hosts file that blocks most advertising sites. I use this not only on my Linux laptops, but also on my Windows VMs. Well, it turns out that Microsoft has decided certain of these entries shall be removed in any Windows 8 hosts file!

    For those too creeped out to click the link, the removed entries are:
    • facebook.com
    • ad.doubleclick.net

    Windows Defender (which is Microsoft Security Essentials, relabeled in Windows 8 ) is responsible for this: it checks for the presence of these domain names and, if detected, removes them. Microsoft is taking the decision that I shall see Facebook and I shall see DoubleClick ads, regardless of my personal preference. To regain control over my Windows 8 hosts file, I have to disable Windows Defender and, if I still want malware protection, purchase a third-party product.

    I turn my glare eastward, with the heat of a thousand suns! This is inexcusable, and no tripe-ish answer referring to some "we wish ensure a consistent user experience" will satisfy me.

    But here's what will:
    Code:
    steve@t520:~$ [B]rm -rv '~/vmware/Windows 8'[/B]
    Ah, that was enjoyable to watch.

    #2
    Originally posted by SteveRiley View Post
    Code:
    steve@t520:~$ [B]rm -rv '~/vmware/Windows 8'[/B]
    Ah, that was enjoyable to watch.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      It doesn't seem so long ago that one of Microsoft's marketing phrases was "Where do you want to go today?"

      Now, it seems the phrase is "You'll go wherever the hell we decide you can go, and like it!"
      sigpic
      "Let us think the unthinkable, let us do the undoable, let us prepare to grapple with the ineffable itself, and see if we may not eff it after all."
      -- Douglas Adams

      Comment


        #4
        You bought and paid for your computer running Windows 8, but you don't own it because you can't control it.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #5
          Gawd i love this place!!!

          Rotfl!!!!

          i turn my glare eastward, with the heat of a thousand suns! This is inexcusable, and no tripe-ish answer referring to some "we wish ensure a consistent user experience" will satisfy me.
          woodsmoke

          Comment


            #6
            Originally posted by SteveRiley View Post
            Code:
            steve@t520:~$ [B]rm -rv '~/vmware/Windows 8'[/B]
            Ah, that was enjoyable to watch.
            Yeah, that's where my Win 8 VM went too -- before I ever knew about this crappy "feature". I wonder how much Zuckerberg paid MS for that one?

            Talk about kicking and shoving users toward open source!

            Comment


              #7
              The comments to the ghacks article are ... well, some are just stupid, but some make me think.

              One commenter agrees with another comment that's pure vituperative bile, but then says this:
              I have seen LOTS of malware that installs local services and then redirects websites back to the local machine. In fact HOSTS redirection is a common attack vector, so go Microsoft for including this protection in their included security suite.
              If there are any security experts here ... how true is the claim "hosts redirection is a common attack vector"?

              No need to comment on whether changing the file, for selected hosts only, has any bearing on such a risk.

              (I look forward to the day when someone says "go Microsoft for not allowing userspace programs to edit system files at all without the user re-authenticating".)

              Later
              Yeah, this’ll *really* make Windows 8 popular with the IT crowd. How the heck are we supposed to do our jobs if the OS itself counters this?
              Maybe it and other moves like it will dent the acceptance of Windows 8, but no company (I hope) replies on the hosts file - external firewalls are the thing.
              I'd rather be locked out than locked in.

              Comment


                #8
                Do you think Windows 8 would have been designed this way if Mr William Gates was still running the business on a day to day basis?

                Comment


                  #9
                  @SecretCode: this has nothing to do with security. It's true that some malware can change the hosts file (or could, I don't do that much Windows security anymore). But malware simply writes a new hosts, or adds entries in it. That's one way to block you from going to antimalware-sites for cleaning up, help, etc., or to redirect you to some spooky site.
                  But since Windows 7 (so also in 8 ) that's much harder, because you need administrator rights to change the hosts file. In XP you need that too, but everybody runs that in administrative mode, because otherwise it's unworkable.
                  If I understand SteveRiley well, only that two entries are removed. (Maybe more, I guess SteveRiley doesn't have every possible entry in his hosts). That has nothing to do with security. Removing such an entry from the hosts file (I suppose it's redirected to 127.0.0.1 or something like that) has only one purpose: to make it impossible to block that address. So Microsoft forces you to give data to facebook/ad.doubleclick.net/...

                  Hmmm. I decided to read the article SteveRiley linked to. Should have started with that, before writing something... It turns out this is probably a bug in Windows Defender. I should have known better, because ad.doubleclick.net is owned by Google, so why should Microsoft help Google make money?
                  This kind of bug has been happening before, but it's really an unbelievable stupid bug. Didn't happen for years. Some antimalware-programs etc. check the hosts file for redirects. That's to protect you from being redirected. In the past some programs didn't check the right way and removed every instance of a name. Even if it was there to protect you. It seems Microsoft has managed to get this really stupid error in Windows Defender. Even if ad.doubleclick.net is in the hosts to protect you, remove it. Google will be happy!
                  In this case I believe it's a bug, because Microsoft has no interest in helping Google.

                  Another edit: there are other ways to block things like ad.double.click etc. In Firefox you have extensions like Do Not Track+, adblock, etc. I guess they exist for other browsers too. As far as I know there's no way to manipulate those extensions. But a site can always block you if you don't allow them to set cookies, to connect with some adware-site, etc.
                  Last edited by Goeroeboeroe; Sep 26, 2012, 07:22 AM. Reason: 8 with an ) gives a smiley...

                  Comment


                    #10
                    Originally posted by Goeroeboeroe View Post
                    ...
                    Removing such an entry from the hosts file (I suppose it's redirected to 127.0.0.1 or something like that) has only one purpose: to make it impossible to block that address. So Microsoft forces you to give data to facebook/ad.doubleclick.net/...
                    That's Steve's point.

                    Was it accidental?

                    Hmmm. I decided to read the article SteveRiley linked to. Should have started with that, before writing something... It turns out this is probably a bug in Windows Defender. I should have known better, because ad.doubleclick.net is owned by Google, so why should Microsoft help Google make money?
                    Err... because Google paid them to remove it?

                    This kind of bug has been happening before, but it's really an unbelievable stupid bug. Didn't happen for years. Some antimalware-programs etc. check the hosts file for redirects. That's to protect you from being redirected. In the past some programs didn't check the right way and removed every instance of a name. Even if it was there to protect you. It seems Microsoft has managed to get this really stupid error in Windows Defender. Even if ad.doubleclick.net is in the hosts to protect you, remove it. Google will be happy!
                    In this case I believe it's a bug, because Microsoft has no interest in helping Google.
                    I don't think it can be dismissed as a simple bug, but that does make a convenient excuse when the removals were noticed. We will be able to tell if it was a bug IF Microsoft "fixes" that bug and allows users to include facebook.com and ad.doubleclick.net in their hosts file. Otherwise, it is not a bug.

                    And, Microsoft does have an interest in making money.

                    I programmed apps for Windows for years and used regular expressions to parse text files for various reasons. Using regular expressions to search text files for patterns is a well grounded technology. Complicated at times, but not rocket science. One always uses test case files. Unless MS had given up on hiring professional programmers and is hiring rookies to save money, they tested their algorithms to make sure the hosts file didn't contain domains related to their financial interests.

                    Windows Defender is obviously searching the hosts file for known malware domains and removing them. Being an investor in Facebook, Microsoft has that horse in the race. MS uses ad.doubleclick.net to serve its own ads as well, so it has a second horse in the race as well.

                    Knowing Microsoft's past ethical and greedy behavior, I have no troubling believing that MS removed both the facebook and the ad.doubleclick.net domain names for financial reasons.
                    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                    – John F. Kennedy, February 26, 1962.

                    Comment


                      #11
                      Originally posted by SecretCode View Post
                      If there are any security experts here ... how true is the claim "hosts redirection is a common attack vector"?
                      The claim is not without merit. Infecting the hosts file has been one avenue for enabling other attacks to succeed. But this route isn't so popular anymore: the file is owned by SYSTEM, only those in the Administrator group can change it, and most modification attempts will trigger a UAC consent (one that won't do so is an Admin human intentionally editing the file).

                      Originally posted by Goeroeboeroe View Post
                      If I understand SteveRiley well, only that two entries are removed... That has nothing to do with security. Removing such an entry from the hosts file (I suppose it's redirected to 127.0.0.1 or something like that) has only one purpose: to make it impossible to block that address. So Microsoft forces you to give data to facebook/ad.doubleclick.net/... It turns out this is probably a bug in Windows Defender.
                      The comments in the source article mention another domain that will be removed if its presence is detected. I don't recall which at the moment, though. But the stated reason for doing this is, in fact, to thwart certain malware from hijacking popular domains, regardless of whether Microsoft owns the domain. It is not a bug in Defender.

                      Originally posted by GreyGeek View Post
                      Knowing Microsoft's past ethical and greedy behavior, I have no troubling believing that MS removed both the facebook and the ad.doubleclick.net domain names for financial reasons.
                      I suppose the possibility of this being true is greater than zero percent

                      Comment


                        #12
                        Maybe I'm to naive. But if Microsoft is doing this by purpose it's so unbelievable stupid, I hardly can believe they do it this way. Lots of people use the hosts file, so it's for sure this is noticed.
                        Since Microsoft owns the os completely, I guess they have much more secret ways they can do this. And, as far as I know, they don't do anything with things like adblock or Do Not Track, much more popular then the hosts file.

                        I found on some sites Google, Yahoo, Twiiter, and some other entries are also removed. If they do this on purpose, to make money, it's of course completely wrong etc.
                        If it's indeed a 'feature', it's the most stupid security feature I've ever seen. It's very easy to see if those entries point to 127.0.0.1. If that's the case, there probably is no reason to remove them. If those entries were added through malware, there have to be more indications the machine is infected. Windows Defender should check for those indications before removing this entries.

                        I shouldn't be too surprised if it's just for the money. But it's such a stupid way even the makers of Windows have to be able to find a smarter way, I guess.

                        Comment


                          #13
                          Originally posted by Goeroeboeroe View Post
                          if Microsoft is doing this by purpose it's so unbelievable stupid, I hardly can believe they do it this way. Lots of people use the hosts file, so it's for sure this is noticed... It's very easy to see if those entries point to 127.0.0.1. If that's the case, there probably is no reason to remove them.
                          It isn't uncommon for Microsoft to start with a blunt mechanism and then fine tune it later. A future improvement might be indeed to check what the redirection points to.

                          Originally posted by Goeroeboeroe View Post
                          I found on some sites Google, Yahoo, Twiiter, and some other entries are also removed.
                          Do you have a source for this?

                          Comment


                            #14
                            I should have given the source right away, of course. Here it is:
                            http://hexus.net/tech/news/software/...-ads-facebook/
                            The original site is in German, but I guess most people here prefer English.

                            Yeah, that's right, Microsoft starting with an ax changing it slowly to a kitchen knife. I sometimes still wake up screaming when I've had a bad dream of the first incarnation of Windows Defender, or whatever it was called a few years ago. Don't know how it's working at the moment (apart from changing the hosts file). Microsoft Defender, McAfee and Norton/Symantec: three anti-virus that behaved like malware themselves. Don't know how McAfee and Symantec are at the moment. Well, they had one very good department: marketing.

                            Comment


                              #15
                              If I remember correctly you can block adds in messenger using the host file. Maybe that is the reason for this.

                              Comment

                              Working...
                              X