/?pid=629

Updated:04:15 AM EDT Sep 14


this is ggmania.com subsite Microsoft Bypasses HOSTS File - TechAmok

Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment

Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com

HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com

A quick check suggests that this behavior debuted with XP SP2, and is present on 2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if someone please would.) Although one could argue that this measure is intended to thwart attempts to block updating Microsoft products, it's indefensible because:

1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware technique, a change that causes permanent headaches in situations like yours, and the potential for negative publicity as a result.

2) As far as I know, their malicious software removal tool didn't exist back when this behavior was created, so what good was keeping access to Microsoft open going to do an infected system? What good does it do to install a patch for a vulnerability that's already been exploited onto the computer of the archetypal "home user"?

3) Although it falls in line with removing raw sockets and limiting half-open TCP connections, making these Microsoft hosts and domain unfilterable is even more egregious because of the implications you mentioned, and because this behavior was never publicly documented.

4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware companies whose domains regularly end up in hosts-files would love to be added to the list, too. (So would everyone else whose software reports "anonymous usage statistics" and all the other companies making money from web advertising.*) Going back to #3, it would have been more disruptive but less controversial if they had removed regard for the hosts-file entirely, or made the resolver only consult the hosts-file after all else failed, thereby preventing it from being used for blocking. It's not a great analogy, but this move is sort of like if they had only blocked raw IP packets headed for a Microsoft IP address, instead of raw sockets entirely.


Add your comment (free registrationrequired)

Short overview of recent news articles

Sep,14 2025 iPhone 17 Pro VS iPhone 16 Pro VS iPhone 15 Pro VS iPhone 14 Pro
Sep,11 2025 What's the AMD Alternative to an RTX 5070?
Sep,10 2025 Apple got my wife, they might get me next...
Sep,09 2025 Which Phone Has The Fastest Wi-Fi 7?
Sep,09 2025 Apple Event - September 9
Sep,08 2025 Ferrari F430 *MANUAL* with TUBI EXHAUST SCREAMING on the AUTOBAHN!
Sep,08 2025 AMD Adrenalin 25.9.1 Driver
Sep,08 2025 Google Brings AI Text Tools to its Keyboard
Sep,06 2025 The Fastest Lap In F1 History: Max Verstappen's Pole Lap | 2025
Sep,06 2025 You can't download and install Windows 11 25H2 yet as Microsoft
Sep,04 2025 A House of Dynamite - Official Teaser (2025) Rebecca Ferguson, Greta
Sep,04 2025 RTX 5060 Ti 16GB + Ryzen 5 5600 : Test in 17 Games
Sep,02 2025 BUGONIA Trailer 2 (2025) Emma Stone, Jesse Plemons
Sep,02 2025 Huawei unveils world-leading AI supercharged hard drive to power
Sep,01 2025 AM4 Lives: AMD Ryzen 5 5500X3D CPU Review & Benchmarks
Aug,29 2025 I was wrong, iPhone IS better than Android...- 30 Day iPhone
Aug,29 2025 303KM/H BMW X5 M50i GPOWER SOUNDS LIKE THUNDER
Aug,29 2025 NVIDIA GeForce 581.15 WHQL drivers
Aug,28 2025 Apple Intelligence vs Galaxy AI / Google Pixel AI / Xiaomi HyperAI -
Aug,28 2025 The Woman in Cabin 10 - Official Trailer
Aug,28 2025 YANGWANG U9 Breaks Global EV Top Speed Record
Aug,26 2025 AMD B850 Motherboard Roundup: Sub $200 Models
Aug,25 2025 Gamers Nexus: Our Channel Could Be Deleted
Aug,24 2025 2025 Audi A5 E-Hybrid 299HP "250KMH is back!!" // REVIEW on
Aug,23 2025 I Can't Stop You From Buying This... But I'll Try - GeForce RTX
Aug,23 2025 NVIDIA GeForce 581.08 WHQL Driver
Aug,21 2025 Murcielago with flames chasing an F1 car on highway (2025)
Aug,18 2025 Windows 11 24H2 Security Update Causes SSD/HDD Failures and
Aug,17 2025 Samsung Galaxy Z Fold 7 - Tips, Tricks & Hidden Features!
Aug,17 2025 500Hz OLEDs are Awesome - Gigabyte AORUS FO27Q5P Review
Aug,17 2025 They Said my Gaming & Badminton Club Would Never OPEN!
Aug,13 2025 NVIDIA GeForce Game Ready 580.97 WHQL Driver
Aug,13 2025 When your Bro needs a new computer...
Aug,12 2025 WhatsApp's latest update is a huge "convenience" for group chats
Aug,12 2025 COLLAPSE: Intel is Falling Apart
Aug,11 2025 Useless or Genius: NVMe SSD Coolers
Aug,11 2025 2025 NEW! Audi A6 3.0 TFSI - BETTER than BMW 5? /
Aug,10 2025 Ryzen 7 5800X3D vs. 9800X3D, Battlefield 6 Open Beta Benchmark
Aug,10 2025 How to Enter BIOS from Windows Using CMD | Easiest Method (No Key
Aug,09 2025 Battlefield 6 Open Beta Benchmark: 9800X3D vs. 9700X vs. 265K
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs