/?pid=629

Updated:05:24 PM EDT Jul 08


this is ggmania.com subsite Microsoft Bypasses HOSTS File - TechAmok

Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment

Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com

HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com

A quick check suggests that this behavior debuted with XP SP2, and is present on 2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if someone please would.) Although one could argue that this measure is intended to thwart attempts to block updating Microsoft products, it's indefensible because:

1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware technique, a change that causes permanent headaches in situations like yours, and the potential for negative publicity as a result.

2) As far as I know, their malicious software removal tool didn't exist back when this behavior was created, so what good was keeping access to Microsoft open going to do an infected system? What good does it do to install a patch for a vulnerability that's already been exploited onto the computer of the archetypal "home user"?

3) Although it falls in line with removing raw sockets and limiting half-open TCP connections, making these Microsoft hosts and domain unfilterable is even more egregious because of the implications you mentioned, and because this behavior was never publicly documented.

4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware companies whose domains regularly end up in hosts-files would love to be added to the list, too. (So would everyone else whose software reports "anonymous usage statistics" and all the other companies making money from web advertising.*) Going back to #3, it would have been more disruptive but less controversial if they had removed regard for the hosts-file entirely, or made the resolver only consult the hosts-file after all else failed, thereby preventing it from being used for blocking. It's not a great analogy, but this move is sort of like if they had only blocked raw IP packets headed for a Microsoft IP address, instead of raw sockets entirely.


Add your comment (free registrationrequired)

Short overview of recent news articles

Jul,08 2025 Gmail's latest feature helps you get rid of those pesky emails from
Jul,06 2025 I'm an idiot and still made top 5... here's how
Jul,05 2025 The Fantastic Four: First Steps - Official 'Lift Off' Teaser
Jul,04 2025 Samsung Galaxy Z Fold 7 - Hands on Look
Jul,04 2025 RTX 5070 Ti vs RTX 5080 - Is 5080 Gaming Laptop Worth More $$$?
Jul,04 2025 FIRST DRIVE: Praga Bohema - Crazy Hypercar Driven!
Jul,03 2025 Ballerina - Exclusive John Wick Deleted Scene (2025) Keanu Reeves,
Jul,03 2025 Call of Duty: WWII - Remote Code Execution Warning (PC Game Pass)
Jul,02 2025 1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN
Jul,01 2025 Nvidia Drivers (V 576.80 vs V 576.88) - Test In 12 Games - RTX 4060
Jun,30 2025 AMD Adrenalin 25.6.3 Driver Is Available
Jun,30 2025 NVIDIA GeForce RTX 5080 SUPER Could Feature 24 GB Memory, Increased
Jun,29 2025 Guess What Nvidia Did THIS Time
Jun,28 2025 The 10 Best Dinosaur Movies of All Time
Jun,28 2025 Microsoft officially confirms that Windows 11 version 25H2 is coming
Jun,26 2025 Eddington - Official Trailer 2 (2025) Joaquin Phoenix, Pedro Pascal
Jun,25 2025 Microsoft Say System Restore Points Now Expire After 60 Days
Jun,25 2025 Facebook, Netflix, and Microsoft Websites Hijacked to Insert Fake
Jun,24 2025 I put a $3000 GPU in my Average PC... It Was a Mistake
Jun,24 2025 Best External SSD for Mac 2025: After Weeks of Testing, Here's What
Jun,23 2025 Mostly boob jokes this week (RTX 5090 DD) - Tech News June 22
Jun,21 2025 Superman - Official 30 Second Spot (2025)
Jun,21 2025 'The fastest road car I've ever been in!' - Ferrari F80 track day
Jun,20 2025 CPU SCAM: AMD Ryzen 9800X3D Counterfeits & Fraud
Jun,19 2025 28 Years Later Review
Jun,18 2025 HW News - NVIDIA "N1x" CPU Leak, ASUS Xbox ROG Ally, More Intel
Jun,17 2025 NVIDIA GeForce 576.80 WHQL Driver
Jun,16 2025 The Fantastic Four: First Steps - Official 'H.E.R.B.I.E.' Teaser
Jun,15 2025 Huawei Maextro S800 First Look - A True BMW & Mercedes Killer?
Jun,14 2025 Upgrade Windows 10 to Windows 10 LTSC Without Losing Data
Jun,14 2025 Squid Game: Season 3 - Final Games Trailer
Jun,11 2025 WWDC 2025: Everything Revealed in 9 Minutes
Jun,10 2025 Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
Jun,10 2025 This Malware BREAKS WINDOWS!
Jun,10 2025 Reset Forgotten Password without Any Software, without USB drive in
Jun,08 2025 Microsoft Will Block Unsupported Hardware For Windows 11
Jun,08 2025 Memory Wars! Apple vs Ryzen - Is Unified Memory Faster than Shared
Jun,06 2025 Predator: Killer of Killers - Exclusive Clip (2025)
Jun,06 2025 Enable Deep Effect on Samsung One Ui 7
Jun,05 2025 Google Kills Off PayPal in Google Wallet
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs