"I think you're missing my point a little."
Well the main point I was addressing was that you wrote a post about how you thought MS were trying to stop people from blocking ads, so I explained in detail why it was very much about something else (security).
Regarding the below however:
"This routine changes (protected) system files. A routine running with system credentials specifically aimed at maintaining the hosts file. That's a huge risk; because if that routine gets compromised (and IMO that's only a matter of time) how long before malware will start changing hosts so that "www.microsoft.com" points to some malware website, or worse? Without the users realizing this of course. Also the fact that it chooses to bypass settings such as setting the file up with r/o."
Okay - software changes system files all the time. Even "protected" ones. Your OS wouldn't be much good if it couldn't or didn't do that. This actually happens all the time. It's not even new to edit the hosts file. Anti-spyware and anti-virus software already does this. And specifically as I explained in my post, malware already does this. If you the user have the capacity to edit the hosts file, then potentially malware can and real world examples of such malware exist in the wild. If you believe that it is new for software to edit the hosts file, then I'm afraid I have to tell you that this is not new to Windows 8. You already have this. It's just that you've only noticed it now because MS have added new security features that have made you aware of it. Yes, these features can be inconvenient to people who edit the hosts file so that makes them either good or bad according to your needs, but they do make the OS more secure.
"Although current malware (Win7 / Vista) could attack the hosts file as well, there is no guarantee that they can succeed. Either due to privileges or the fact that the file can be protected."
This is not theoretical. It happens. Any of the Qhosts family of viruses (e.g. Win32/Qhosts.L will do so. As pointed out, if you the user can edit the file from within the OS, there is always a possibility that Malware could.
"And sure; Win defender can be turned off, but how many end users would do that? Heck; how many would realize the potential risk this gets them?"
How many users would turn of Windows Defender? As many or more as are likely to edit their hosts file.
Maybe you don't like that MS have enabled Windows Defender by default - that's fine, maybe it's not suited to your needs. But you can turn it off *very* easily and the vast majority of users benefit from it being on by default. If you turn it off, then it's no different to having not installed it in the first place, just as you can not install it on Windows 7 if you wish.
Will you accept that you were wrong to make a big post about how MS are trying to stop you from blocking ads and that this actually makes sense?