Windows 8 prevents site blocking using HOSTS file

Another day, another reason to hate Windows 8. And I haven’t even installed it yet. According to ghacks.net, using the Windows HOSTS file to block web sites will no longer work reliably in Windows 8.

Modifying the Windows HOSTS file is a simple and effective way to fiddle with the way domain names are translated into IP addresses. I use it on development PCs to allow access to locally-hosted web sites using their public URLs. It can also be used to redirect unwanted web sites to LOCALHOST, effectively blocking them. This can be used as a rudimentary form of ad blocking, although there are some risks involved.

Microsoft apparently doesn’t want people using the HOSTS file that way, because it silently updates the file, even if it’s marked as read-only, removing entries for facebook.com and ad.doubleclick.net (a major advertising source), and presumably others.

It turns out that the culprit is Windows Defender, which is enabled by default in Windows 8. Exactly why Windows Defender is doing this is not certain, but it’s safe to assume that Microsoft was pressured to do this by Facebook, Doubleclick, and others. Microsoft will probably claim that it was done for reasons of security, in which case it will be interesting to hear their explanation.

Meanwhile, disabling Windows Defender apparently resolves this issue. You should probably use real anti-malware software anyway. There are plenty of free alternatives.

More evidence of shoddy programming by Adobe

Apparently some Google employees decided to test Adobe Reader after they found several security-related bugs in the PDF reader code used in Google Chrome. They found sixty issues that cause crashes, about forty of which could provide attack vectors.

Bugs, crashes and security issues in Adobe software are nothing new. But given the frequency and number of updates for Reader, one might assume that Adobe had a handle on these issues. The ongoing crashing problems with Flash on Windows 7 indicate otherwise, as does this new revelation from Google.

Don’t be fooled by fake FBI warnings

The FBI has issued an alert about Reveton, drive-by ransomware that first appeared in early 2012.

The term “drive-by” is typically applied to malware that affects users when they visit an infected web site. To put it another way: your computer can become infected by this malware if you visit an infected web site, even if you don’t click anything on that web site or view anything other than the home page. This is why even web searches have become somewhat dangerous.

“Ransomware” refers to malware that presents a warning to the user, in some cases pretending to be from a government agency, that they have violated some law or regulation. The solution presented is to pay a ‘fine’; any money paid goes to the malware’s perpetrator. Surprisingly, this fools enough people to make it a worthwhile scam.

PCWorld has additional information.

Updates for Adobe Flash, Shockwave and Acrobat Reader

Adobe issued several new bulletins today.

First up is Adobe Acrobat and Acrobat Reader. Adobe security bulletin APSB12-16 announces Reader and Acrobat versions 10.1.4 and 9.5.2, which address a specific crashing problem that could allow an attacker to gain control of affected computers.

Next is Adobe security bulletin APSB12-17. This bulletin announces version 11.6.6.636 of Shockwave. Once again, the new version addresses a security issue.

Finally, a new version of the Flash player is announced in Adobe security bulletin APSB12-18. The new version is 11.3.300.271, and it addresses yet another crash-leading-to-possible-exploit security problem. As mentioned previously here, Google Chrome users will receive the new version of Flash for Chrome with the latest version of that browser. It remains to be seen whether this latest fix will resolve the long-standing crashing problems with the Flash player on Windows 7 systems.

August 2012 Patch Tuesday

Another Patch Tuesday is here, and this time there are nine bulletins, with associated patches affecting most versions of Windows and Microsoft Office. Several of the Windows patches are classified as critical.

Details on the August 2012 patches are posted on the Microsoft Security Bulletin site.

The patches are now available via Microsoft Update. Computers configured for automatic updates should start receiving them overnight.

No way to avoid crappy new UI in Windows 8

As predicted by many, Microsoft has officially adopted Apple’s “take what we give you and like it” approach to software development. The hopelessly clunky, nameless, tablet-oriented new user interface in Windows 8 will not be avoidable.

Microsoft apparently really does think that everyone will like the new UI, and anyone who doesn’t is just not important. Since that last group of people includes everyone who uses their computer for more than web browsing, Skype and email, as well as everyone who reviews and evaluates software and makes software purchasing recommendations for organizations, I’m calling it now: Windows 8 is going to be a disaster.

On the other hand, intrepid developers out there have found ways around Microsoft’s idiocy before, and they’ll no doubt do it again. With any luck, they’re working right now on ways to make Windows 8 a usable O/S. UPDATE: Indeed they are – see how to bring back the Start menu in Windows 8 and Samsung’s attempt to revive the Start menu.

Blizzard’s Battle.net hacked

Blizzard, the company that brought you the Diablo series, as well as World of Warcraft, runs a service called Battle.net. The service ostensibly helps online gamers find servers running their favourite Blizzard games. In fact the service is not much more than DRM: technology used by Blizzard to prevent people from playing their games. And prevent them it does. While Blizzard only really wants to prevent people with ‘pirated’ copies of games from playing, server outages and other technical glitches have caused problems for paying customers since the service began. Even people who purchased Diablo III with no intention of playing online must use Battle.net for the single player game, so they are affected by service outages.

Yesterday, Blizzard added insult to injury when they announced that Battle.net had been hacked. According to Blizzard, no financial (credit card) data was stolen, and although passwords may have been taken, those passwords were encrypted. Still, they are recommending that all Battle.net users change their password as soon as possible.

SANS has a breakdown of the implications to users.

When Blizzard announced that Diablo III would require use of the Battle.net service, even for single player games, I decided to protest by not buying the game, despite having enjoyed the previous two games immensely. That’s starting to look like a wise choice.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.