Microsoft's security software modifies HOSTS file
Windows 8 icon Windows 8, set for release on 26 October, automatically deletes entries in the HOSTS file for specific domains. Try, for example, to prevent attempts to access Facebook.com, Twitter.com or ad servers such as ad.doubleclick.net by rerouting them to 127.0.0.1 by adding entries to the HOSTS file and the relevant entries will soon disappear from the HOSTS file as if by magic, leaving nothing but an empty line. The effect does not occur for other domains, such as The H's sister site heise.de, however.
The agent behind this phenomenon turns out to be the Windows Defender security program, which is preinstalled and enabled by default on new installations of Windows. The cause quickly becomes clear on inspecting Defender's history, accessed from the start menu by entering "Defender" and clicking on the history tab. Defender is convinced it's uncovered a potentially malicious modification of the HOSTS file and thus records 'SettingsModifier:Win32/PossibleHostsFileHijack'. Microsoft Security Essentials (MSE) in older versions of Windows also takes care to reset entries for these domains. This is not particularly surprising, since Windows Defender in Windows 8 is essentially just a rebranded version of MSE.
Users who resent being wrapped in cotton-wool like this and wish to continue to use the HOSTS file for the affected domains can add their HOSTS file (c:\windows\system32\drivers\etc\hosts) to MSE's or Windows Defender's exceptions list. The relevant setting can be found under "Settings, Excluded files and locations". Of course this also mean that the anti-virus program will no longer detect any malicious modifications to the HOSTS file.