The issue isn't that you can't add hosts to the file, the issue is that it's going to revert specific hosts, most notably ad.doubleclick.net and facebook.com so far. There are more than likely going to be more of them. Add either of these to your hosts file with Windows 8: 0.0.0.0 ad.doubleclick.net 0.0.0.0 facebook.com and save the file. If you have Defender running, if you reload that hosts file in your text editor, you'll see those two entries have disappeared - that's what all the fuss is about so far, and I'm suspecting there will be many other domains that can't be added as well. They're buried in Defender's files someplace and no one has yet to yank 'em out but, there's got to be more in there. I copied my hosts file to the Desktop, opened it with Notepad++, added those two entries (0.0.0.0 is faster than 127.0.0.1) and saved the file - I then reloaded the just saved file like 1 second later and those entries were already removed, and that was the copy of the hosts file on the Desktop, not the actual hosts file in the Windows\system32\drivers\etc folder. It simply won't allow those domains (and again, probably others) to be stashed in the hosts file, period. You have to completely disable Defender to get at least those two domain entries to stick. I've been having nothing but small issues with Windows 8 and that one is the deal-breaker. Microsoft has made changes to Defender and MSE (the v4 test edition) and I'm not interested in the OS trying to "protect me" by doing stuff I didn't ask it to do or won't let me have full control over. I'm sticking with Windows 7 for years to come, it seems.
Could this be the reason for this: Adobe Acrobat X host files were set to block in win 7. I could use it without any problems in win 7 for more than a year. In win 8 however, I found that installing with key (fake) and then blocking hosts had no effect whatsoever. Subsequently when I opened Adobe (my usual procedure is block hosts and then open adobe), within a minute, it told me to change the keys. Would turning off defender and installing MSE help. I use MSE in win 7 with no problems at all.
I was just testing with that 2 entries: 0.0.0.0 ad.doubleclick.net 0.0.0.0 facebook.com and ad.doubleclick.com were instantly removed from hosts file. Done the same again and used my own server IP instead of 0.0.0.0 and the same happens instantly. Than added a lot of host regarding Adobe to the host files and those are still all there. Till now, for me it's ad.doubleclick.net at the moment which will "disappears" directly.
I also was just testing these 2 entries: 0.0.0.0 ad.doubleclick.net 0.0.0.0 facebook.com they have not been removed from the host file,i tested on two win8 x64 rtm OS's and windows server 2012 x64,rebooted more than 4 times,still there
After disable Windows Defender, nothing disappears more from hosts file. That said, it seems to be that Windows Defender is responsible.
Why not add hosts file to the Windows Defender exclusions ? That should prevent it from behaving that way. Open windows defender, go to the Settings tab. It's right there.
I don't think that will be a good idea! Who know which hosts are in the exclution list of MS? and to check every time again and again could be just more than boring! I'll use Avast AV for my systems which is anyway netter than Windows Defender!
I think you've misunderstood. Adding the hosts file to exclusions will allow you to make any changes that you want without WD reverting them. Essentially that file won't be protected by WD anymore.
Don't remember if it has the same name in Windows 8 (using older version) but what happens if the dns client service is shut down, this been checked it's not running? Heard of dnsapi.dll has been used of the same reasons before in bypassing Microsoft domains.
Correct. Defender works like every other AV type program, select a file for exclusion and it is no longer protected. On the philosophy of why it's doing this. It's not big brother, it's not a conspiracy, it's just the default setting is to protect the hosts file, and IMO it's a good setting for most people who are not techies. Anyone who is a techie and has need to change it, can come to MDL and read this thread to find out how.
I might tend to agree with you but... The hosts file itself isn't being protected by Defender overall - it's being edited/monitored in real time for specific hosts entries and if/when they appear they are automagically removed and that's where the problem(s) are. We don't know (at least not yet) what other domains may be edited/removed instantly if they're added. It's obvious that there's going to be ads in Metro/Modern apps as time passes, that's a given, and that one of the largest (if not the largest) click-thru providers is DoubleClick so, the fact that their domain is being automagically edited/removed/monitored is a problem. Their excuse of doing it for "malware protection" is baffling to me since I've never seen it happen, and as I explained to a friend yesterday: "The hosts file is a protected system file - if you've got some stinkin' malware that can edit/overwrite the hosts file, you've got bigger problems to worry about..." and I stand by that statement. As for adding it to the excluded files list, that was something I figured I'd be able to do but on my Windows 8 test bed machine (Enterprise RTM, legit from my Technet account) it wouldn't allow me to add it for whatever reason, probably Defender getting involved yet again. Since Defender works with updates at any time, there's no reason to think that Microsoft won't start adding more domains to their "do not remove" list as far as hosts entries are concerned. It may only be ad.doubleclick.net and facebook.com for now but there's nothing stopping them from adding more domains with future Defender updates, and that's why I'm done with Windows 8 pretty much before it even gets started (and again, I have a Technet account and I'm legit across the board). Windows 7 does everything the right way the first time out...
1. You people have to remember that windows 8 was designed with the same exact rootkit technology that microsoft acquired when they bought skype shortly after skypes proprietary layer 2 tunnelling protocol was disclosed for what it really was (the original articles have since been adjusted by alphabet soup counterintel op intervention agencies to hide the facts). 2. MS patented that oh so desired rootkit, uh... i mean proprietary layer 2 tunneling protocol as "spying technology" (look it up!), thus its built directly into the kernel of the OS and its function is deceivingly documented as well (Think carrierIQ here x1000). 3. Every major news/advertising/sales/media/social networking/governmental/regulatory/ap2p/etc types of agencies/organizations in the world has invested in this OS to have their hands deep into the OS and desktop environment to deliver content to you in real time... So they have real time data mining/acquisition (keystrokes, audio, video, program/file access, etc) being streamed directly to/from your computer to every fusion center, alphabet soup agencies, affiliated parties, and other invested data harvesting organizations throughout the world that want to retrieve statistical/logistical/relevant and highly private information from you.... do you really think MS was going to knowingly let you block them with the hosts file? You have to be absolutely blind not to know what is going on here by this point. NOTE: If disabling Windows Defender & any other MS security product (such as their security essentials or w/e) doesn't solve your problem (obviously the problem is *mentally* yours if you are using this software anyways, or Win8 for that matter), try using PeerBlock in conjunction to visiting the blocklistpro, and iblocklist websites to get the software and IP blacklists to create a customized blocklist solution to prevent this type of activity from occurring. //just my 2 cents on the matter. Take it or leave it. You will be reading about it later depending on who blows the whistle first. Everyone should relay this information to non-affiliated security experts (if you know any), and on as many blog/forums/websites as possible to get the information out before this makes its official public release.
Even though Windows 8 protects the hosts file and keeps it hidden, I am able to see my hosts file by Run and typing in C:\Windows\System32\drivers\etc. Then I can open the file in Notepad and edit it.
I've been suspicious of Windows 8 from day 1. It bothers me that windows explorer(I said Windows Explorer, not Internet Explorer) wants to connect to numerous IP's right after I boot up my computer. I can't help but wonder what information it is sending. I'm using ESET System Security and I have the firewall set to interactive mode instead of the default automatic mode. It's scary how frequently windows explorer tries to connect out.