|
Microsoft Bypasses HOSTS File - TechAmok
Microsoft Bypasses HOSTS File - [security] 09:35 AM EDT - Apr,17 2006 - post a comment Dave Korn announced on the Full Disclosure and Bugtraq security lists that
Microsoft is bypassing local lookups for some hosts, meaning that you can't
locally block some sites through your HOSTS file. All of these sites are
MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com
HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com
A quick check suggests that this behavior debuted with XP SP2, and is present on
2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if
someone please would.) Although one could argue that this measure is intended to
thwart attempts to block updating Microsoft products, it's indefensible because:
1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware
technique, a change that causes permanent headaches in situations like yours,
and the potential for negative publicity as a result.
2) As far as I know, their malicious software removal tool didn't exist back
when this behavior was created, so what good was keeping access to Microsoft
open going to do an infected system? What good does it do to install a patch for
a vulnerability that's already been exploited onto the computer of the
archetypal "home user"?
3) Although it falls in line with removing raw sockets and limiting half-open
TCP connections, making these Microsoft hosts and domain unfilterable is even
more egregious because of the implications you mentioned, and because this
behavior was never publicly documented.
4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware
companies whose domains regularly end up in hosts-files would love to be added
to the list, too. (So would everyone else whose software reports "anonymous
usage statistics" and all the other companies making money from web
advertising.*) Going back to #3, it would have been more disruptive but less
controversial if they had removed regard for the hosts-file entirely, or made
the resolver only consult the hosts-file after all else failed, thereby
preventing it from being used for blocking. It's not a great analogy, but this
move is sort of like if they had only blocked raw IP packets headed for a
Microsoft IP address, instead of raw sockets entirely.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
Sep,14 2025 iPhone 17 Pro VS iPhone 16 Pro VS iPhone 15 Pro VS iPhone 14 Pro Sep,11 2025 What's the AMD Alternative to an RTX 5070? Sep,10 2025 Apple got my wife, they might get me next... Sep,09 2025 Which Phone Has The Fastest Wi-Fi 7? Sep,09 2025 Apple Event - September 9 Sep,08 2025 Ferrari F430 *MANUAL* with TUBI EXHAUST SCREAMING on the AUTOBAHN! Sep,08 2025 AMD Adrenalin 25.9.1 Driver Sep,08 2025 Google Brings AI Text Tools to its Keyboard Sep,06 2025 The Fastest Lap In F1 History: Max Verstappen's Pole Lap | 2025 Sep,06 2025 You can't download and install Windows 11 25H2 yet as Microsoft Sep,04 2025 A House of Dynamite - Official Teaser (2025) Rebecca Ferguson, Greta Sep,04 2025 RTX 5060 Ti 16GB + Ryzen 5 5600 : Test in 17 Games Sep,02 2025 BUGONIA Trailer 2 (2025) Emma Stone, Jesse Plemons Sep,02 2025 Huawei unveils world-leading AI supercharged hard drive to power Sep,01 2025 AM4 Lives: AMD Ryzen 5 5500X3D CPU Review & Benchmarks Aug,29 2025 I was wrong, iPhone IS better than Android...- 30 Day iPhone Aug,29 2025 303KM/H BMW X5 M50i GPOWER SOUNDS LIKE THUNDER Aug,29 2025 NVIDIA GeForce 581.15 WHQL drivers Aug,28 2025 Apple Intelligence vs Galaxy AI / Google Pixel AI / Xiaomi HyperAI - Aug,28 2025 The Woman in Cabin 10 - Official Trailer Aug,28 2025 YANGWANG U9 Breaks Global EV Top Speed Record Aug,26 2025 AMD B850 Motherboard Roundup: Sub $200 Models Aug,25 2025 Gamers Nexus: Our Channel Could Be Deleted Aug,24 2025 2025 Audi A5 E-Hybrid 299HP "250KMH is back!!" // REVIEW on Aug,23 2025 I Can't Stop You From Buying This... But I'll Try - GeForce RTX Aug,23 2025 NVIDIA GeForce 581.08 WHQL Driver Aug,21 2025 Murcielago with flames chasing an F1 car on highway (2025) Aug,18 2025 Windows 11 24H2 Security Update Causes SSD/HDD Failures and Aug,17 2025 Samsung Galaxy Z Fold 7 - Tips, Tricks & Hidden Features! Aug,17 2025 500Hz OLEDs are Awesome - Gigabyte AORUS FO27Q5P Review Aug,17 2025 They Said my Gaming & Badminton Club Would Never OPEN! Aug,13 2025 NVIDIA GeForce Game Ready 580.97 WHQL Driver Aug,13 2025 When your Bro needs a new computer... Aug,12 2025 WhatsApp's latest update is a huge "convenience" for group chats Aug,12 2025 COLLAPSE: Intel is Falling Apart Aug,11 2025 Useless or Genius: NVMe SSD Coolers Aug,11 2025 2025 NEW! Audi A6 3.0 TFSI - BETTER than BMW 5? / Aug,10 2025 Ryzen 7 5800X3D vs. 9800X3D, Battlefield 6 Open Beta Benchmark Aug,10 2025 How to Enter BIOS from Windows Using CMD | Easiest Method (No Key Aug,09 2025 Battlefield 6 Open Beta Benchmark: 9800X3D vs. 9700X vs. 265K
>> News Archive <<
| |
|