locked
Windows 8 and Host file

    General discussion

  • Hey there the, I just started to work with windows 8 dev preview to make my program usable for the next OS, my software blocks websites via the host file just like spybot and other software but this is only designed for familys to block websites when the child says I want to do my homework but really there on facebook, My software works great on windows XP, Vista & 7.

     

    My software works OK in 8 no Start Overlay Options yet but my problem is my software will add the entrys to the host file I check it there added, but soon as the browser is open 8 replace the host file, why does it do this, this is not acceptable for one this will brake EVEY host file app in the world why would you change this action, I not able to program in c++ or others like this sadly and I do this to help people not for money. is this just a action of the dev preview or as a new function been added to windows 8 that I don't know about? can you please help as this is not acceptable of MS to stop me from been able to block websites like this, I can't use a proxy or other means and I can't just edit the proxy file as only IE uses that by default.

     

    So could someone from MS or anyone else that knows about this host file, every other device I used from iphone, android, mac, older windows and Linux all use this option to be able to stop websites that are known as bad, spybot is one of the best known tools on the web and thats how that does it but from what I see looks like it wont work anymore, as the host file been moved under the replace windows file function like some other files on windows do I have to force owner ship of the file and if so why.

     

    Thanks I hope someone can clear this up.


    Rexzooly
    • Changed type Rexzooly Monday, September 19, 2011 1:23 AM I can't update the post
    Sunday, September 18, 2011 11:43 PM

All replies

  • I didn't have the same issue that you are having. I can add an entry and it stays. I just edit the file with notepad as administrator.


    Thanks,
    Bobby Cannon
    http://sharpdeck.net
    Sunday, September 18, 2011 11:58 PM
  • I have found that its Windows Defender, the new updates it now stop my software from doing its job, I not sure what I can do as I don't have the money to sign my software everything I make is freeware or open source, the software is flagged as Medium and this is NOT good people will NOT see this as a problem of defender jumping on the wrong thing they will think or its been flagged and this will give the software a bad name before its out.

    I would give you what it said i have to all written own but then IE metro for NO reason went blank removed everything I did so I am really not happy.

    But is said something like Host Hijack.

     

    My software is called Mother Says No, found alpha one at http://thinkcritical.co.uk if you like download it as this is the one I am tested alpha 2 is based on the same code, it opens the host file makes the edits and then outs the host file back to the read only state.

     

    I know its worked as it as the #'ed content

    #Open-Mother
    #myspace.com Blocked[19/09/2011:00:25:38]


    #myspace.com Blocked[19/09/2011:00:29:04]


    #facebook.com Blocked[19/09/2011:00:55:07]


    #Closed-Mother

    The blank spaces used to have the local IP and the domain address, there would be more space on the Alpha 2 version as blocks mobile and touch we know what kids are like tying to bypass what the mother/father says lol.

     

    Also Bobby on you Win8 system what AV are you using I would like to protect myself how I am online still as this is dual booted so my windows 7 system could still get damaged if this one gets a virus. 


    Rexzooly
    Monday, September 19, 2011 12:16 AM
  • Well, you would have the same problem with Microsoft Security Essentials/Norton/Spybot/AVG too. Security software do conflict with each other, not only with host files but also with API hooks and file scans. You can just tell the user what and why you are changing, and left the user to decide whether to accept your change.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Monday, September 19, 2011 12:44 AM
  • @Sheng Jiang

    Sorry but I tested my software on ALL of them tools and it works, The NEW Windows Defender as flagged this new problem up I have but many tests on the other OS's with so many diff apps installed and it works great, So how would I go by making this known as safe, my software is safe and even tho its alpha people are using it, but Mothers and Fathers that don't know anything about computer what accept this face or you have to change this and that settings on your PC, sorry but I find that reply stupid form any dev, the only advice you can give is add a notice well sorry that's not the way you go, I need to know how I can get the Windows Defender know it's safe, I know Windows 8 is a new and many things may change but how if it thinking a program that is installed to the OS is hijacking a file when it as the permissions to do so via the host and also as to be elevated to ADMIN before the software is able to edit the software.

     

    I thank you for your reply but I feel your reply is not the right road, I don't have problems with the given software your stated part from MSE as I not tested with MSE as no one I know use it, and I mean No one from the standard user to the tech, all the other tools I use myself and they work with them.

     


    Rexzooly
    • Edited by Rexzooly Monday, September 19, 2011 12:56 AM Define whom the message was too.
    Monday, September 19, 2011 12:55 AM
  •  

    Update:

     

    Was able to find Defender and was able to get the error from it again, this is what is stating below, as you can see its only removing the IP and address so
    the software is OK to write Host comments to the file but it will add the IP and domain then Defender will just delete it. There must be a safe way to update the Host file without something blocking the action.

     

    Windows Defender Says:

    SettingsModifer:Win32/PossibleHostFileHijack

    Description:

    This program has potentially unwanted behavior.

     

    Recommendation:

    Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

     

    Category:

    Settings Modifier


    Rexzooly
    • Edited by Rexzooly Monday, September 19, 2011 1:26 AM Messed up
    Monday, September 19, 2011 1:25 AM
  • To detect a change made IS by your app, antivirus would have to to

    Check every file operation to catch your writing in time (something antivirus are already doing but antimaleware may be reluctant to do because the confict with antivirus). Otherwise the security software would not know who changed the host file. And for a file that does not change often and does not pose a security threat on its own (if some program got administrator privilege to write to the file, the user got more problem to worry about), most likely live monitoring for the file is not a good way to spend system resources.

    Think about how much cost antivirus companies to tell make your process is safe. Since you refuse to sign your code, someone has to generate digital signatures for your files to scan effectively. That means the scanner's author would need to maintain a list of your files, and update it again when you release a new version. Unless your app pose a threat or has a large install base, I don't see this happening.

    Now practically all security software know is some unknown software changed the host file. Now why MSE think your change is bad and Bobby and mine is good, I don't know, you probably want to check the MSE forums on answers.microsoft.com. I think if you do something like 127.0.0.1   microsoft.com or 127.0.0.1  symantec.com MSE would care but for for web sites not related to antivirus/antimalware, it is simply not worth tracking of them because those redirections do not pose a security threat.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Monday, September 19, 2011 1:58 AM
  • I have posted the sites I blocked on the demo on Windows 8 them domains are not there are they no its Myspace and facebook and Defender removed the changed ONLY to the IP and Host, I never refused but who do you think I am some rich person? why should I have to be charged to make something to help others sorry but thats WRONG, I can open the host file edit it and place it back manualy I tested this this is why I POSTED about what happened with Defender, I would sign my program happily if it was free, I have NO money not a penny the £899 I have to pay for my unit is one thing, but do you think we all made of money ? I am NOT charging for my software I have NO ads in my software I have NO adds on my website, so if you can find a service that will sign my software for free then sure I do that.

    And can I ask why does the user have to worry about using admin ? this is a function of the software as Admins/Adults have admin accounts and children do not so this software WONT run on a childs account unless a Admin as given the software its password with run as admin command.

    There must be a way to enable software to do its job without having to pay for it, sorry but No its not right or is it acceptable to charge me to sign something yes I know your not but you not helping your telling me to go down road one what I have explained is NOT possible not cos I don't want to its cos I can't No money no nothing I make this software out of the goodness of my heart.

    So please HELP or leave this post alone as I getting sick of having to try and justify why I can't/wont/unable to pay for something that I not charging for in the first place.

     

    So I request Help again:

    So here is what I need, I need help with getting the software to understand that my software is safe so far NO other AV or software as stopped my software Only Defender at this point. If my software needs singing then I need a service that is FREE and will hold the sign for future updates, this software is free I make it free, I host it with MY money I am no big company making 1000's nor do I ask to make 1000's people should not be charged for safry and anyone that things otherwise please DON'T reply I don't want to hear it.

    I also want to know why Defender at this time is the ONLY program that is stopping my software from working, the windows firewall lets programs right a safe command to it with a worrning can this also work similar for Defender.

    I would like to hear from someone that knows how Defender works, and will this update be passed to the windows XP/Vista/7 version as I will need to know if your going to brake my software that's already working on other computers.


    Rexzooly
    Monday, September 19, 2011 2:19 AM
  • I have to modify the host file from an application, and I use a batch command sent to an elevated command prompt launched as a hidden window from within the application.

    No problems so far on Windows 8. Maybe this could be an option that would be usable for your scenario.

     

     

    FIND /C /I "facebook.com" %WINDIR%\system32\drivers\etc\hosts

    IF %ERRORLEVEL% NEQ 0 ECHO ^127.0.0.1                   facebook.com>>%WINDIR%\system32\drivers\etc\hosts

     

    Tuesday, September 20, 2011 7:40 PM