|
|
Microsoft Bypasses HOSTS File - TechAmok
Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment Dave Korn announced on the Full Disclosure and Bugtraq security lists that
Microsoft is bypassing local lookups for some hosts, meaning that you can't
locally block some sites through your HOSTS file. All of these sites are
MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com
HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com
A quick check suggests that this behavior debuted with XP SP2, and is present on
2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if
someone please would.) Although one could argue that this measure is intended to
thwart attempts to block updating Microsoft products, it's indefensible because:
1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware
technique, a change that causes permanent headaches in situations like yours,
and the potential for negative publicity as a result.
2) As far as I know, their malicious software removal tool didn't exist back
when this behavior was created, so what good was keeping access to Microsoft
open going to do an infected system? What good does it do to install a patch for
a vulnerability that's already been exploited onto the computer of the
archetypal "home user"?
3) Although it falls in line with removing raw sockets and limiting half-open
TCP connections, making these Microsoft hosts and domain unfilterable is even
more egregious because of the implications you mentioned, and because this
behavior was never publicly documented.
4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware
companies whose domains regularly end up in hosts-files would love to be added
to the list, too. (So would everyone else whose software reports "anonymous
usage statistics" and all the other companies making money from web
advertising.*) Going back to #3, it would have been more disruptive but less
controversial if they had removed regard for the hosts-file entirely, or made
the resolver only consult the hosts-file after all else failed, thereby
preventing it from being used for blocking. It's not a great analogy, but this
move is sort of like if they had only blocked raw IP packets headed for a
Microsoft IP address, instead of raw sockets entirely.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Feb,28 2026 Google Reveals Key New Features of Android 17 Feb,28 2026 OLED Gaming Monitors Are Finally Affordable Feb,28 2026 OpenAI's KYC Partner Exposed in Surveillance Scandal as ChatGPT Feb,28 2026 Pentagon Blacklists Anthropic Over AI Safeguards; OpenAI Secures Feb,27 2026 Have RAM and GPU Prices Peaked? Feb,27 2026 Zoom 'Update' Trap: Fake Site Infects 1,437 Users with Spyware in Feb,27 2026 Stop WASTING Money on Fancy RAM Feb,27 2026 Drunk AI robot Feb,26 2026 AirSnitch Exposes Critical Flaw: Wi-Fi Client Isolation Broken in Feb,26 2026 Revolutionary Ultrasonic Knife Hits Kitchens: C-200 Vibrates for Feb,26 2026 Apple Scores Historic NATO Security Clearance: iPhone and iPad First Feb,26 2026 Kali Linux Goes AI-Powered: Claude Now Runs Your Pen Tests in Plain Feb,26 2026 Resident Evil Requiem - Stunning on PS5 Pro + PS5/Xbox Series X|S Feb,26 2026 Samsung Galaxy S26 Ultra Flexes Hardware Muscle Over iPhone 17 Pro Feb,26 2026 The Galaxy S26 Ultra has a 'wow' feature with video Lock Feb,26 2026 I built the most BORING PC possible... and here is why it's Feb,26 2026 Micron Blasts GDDR7 as Gaming Bottleneck While Nvidia's RTX 50 Feb,26 2026 UK Tightens Grip on Streaming Giants: Age Verification Now Mandatory Feb,25 2026 Samsung Previews New AI Features Ahead of Flagship Phone Launch Feb,25 2026 China's DeepSeek Bars Nvidia and AMD from New AI Model, Boosts Feb,25 2026 Avast Impersonation Scam: Fake Site Tricks Users into Handing Over Feb,25 2026 Microsoft Pulls the Plug: Windows Server 2016 and 2016-Era Windows Feb,25 2026 I Scrapped 13 MACHINES to Prove a Point: STOP BUYING These Brands! Feb,25 2026 How Stealthy was the 7zip Malware and how to spot it? Feb,25 2026 Microsoft Drops Fresh Non-Security Boost for Windows 11 24H2 and Feb,24 2026 Game-Changer: ASML's 1kW EUV Upgrade Promises 50% Chip Production Feb,24 2026 This Outstanding Cooling Technology Might Have No Future Feb,24 2026 AMD Strix Halo 395 vs Intel Panther Lake - Real Benchmarks Feb,24 2026 Anthropic published a blog post saying Claude can modernize COBOL Feb,24 2026 WhatsApp Goes Beyond 2FA: Extra Password Layer Makes Accounts Nearly Feb,24 2026 Google Chrome Gets February 23 Security Boost with 3 High Fixes Feb,23 2026 Stargate Stalls: OpenAI's $500B Dream Hits Roadblocks as $14B 2026 Feb,23 2026 Google Crushes Cyber Threats: Blocks 1.75 Million Bad Apps and Bans Feb,22 2026 Bitcoin Miner Bitdeer Sells Everything: Treasury Hits Zero in AI Feb,22 2026 HW News - More Valve RAM Shortages, Tariffs Ruling, AI Causes PS6 Feb,22 2026 Microsoft's Deep Integration of Copilot in Windows 11 Raises Feb,22 2026 Elon Musk Confirms X Money Now Live in Internal Beta for Employees, Feb,22 2026 Scream (1996) Flashback Review Feb,22 2026 PayPal Confirms Major Breach: SSNs, Emails, and More Exposed from Feb,22 2026 Does Freezing Help Delidding? 9850X3D Delid & Overclocking Test
>> News Archive <<
| |
|
