|
|
Microsoft Bypasses HOSTS File - TechAmok
Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment Dave Korn announced on the Full Disclosure and Bugtraq security lists that
Microsoft is bypassing local lookups for some hosts, meaning that you can't
locally block some sites through your HOSTS file. All of these sites are
MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com
HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com
A quick check suggests that this behavior debuted with XP SP2, and is present on
2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if
someone please would.) Although one could argue that this measure is intended to
thwart attempts to block updating Microsoft products, it's indefensible because:
1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware
technique, a change that causes permanent headaches in situations like yours,
and the potential for negative publicity as a result.
2) As far as I know, their malicious software removal tool didn't exist back
when this behavior was created, so what good was keeping access to Microsoft
open going to do an infected system? What good does it do to install a patch for
a vulnerability that's already been exploited onto the computer of the
archetypal "home user"?
3) Although it falls in line with removing raw sockets and limiting half-open
TCP connections, making these Microsoft hosts and domain unfilterable is even
more egregious because of the implications you mentioned, and because this
behavior was never publicly documented.
4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware
companies whose domains regularly end up in hosts-files would love to be added
to the list, too. (So would everyone else whose software reports "anonymous
usage statistics" and all the other companies making money from web
advertising.*) Going back to #3, it would have been more disruptive but less
controversial if they had removed regard for the hosts-file entirely, or made
the resolver only consult the hosts-file after all else failed, thereby
preventing it from being used for blocking. It's not a great analogy, but this
move is sort of like if they had only blocked raw IP packets headed for a
Microsoft IP address, instead of raw sockets entirely.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Sep,25 2020 RTX 3080 Users Report Crashes to Desktop While Gaming Sep,24 2020 Sega developing live-action Yakuza film Sep,24 2020 Samsung Expands Galaxy S20 Series With More-Affordable Fan Edition Sep,24 2020 Adobe Acrobat Reader can now Reformat PDFs for Easy Reading on Sep,24 2020 Nokia Updates Entry-Level Phones Sep,24 2020 GeForce RTX 3090 is only 10-15% faster than the RTX 3080 Sep,22 2020 Model Builder Builds A Coliseum With 22,000 Dominos Sep,22 2020 What's Inside $18,000,000 Luxury Doomsday Bunker? Sep,22 2020 WeChat and TikTok Still Available in US; Future Uncertain Sep,22 2020 NVIDIA Responds to Criticism Surrounding the RTX 3080 Launch Sep,20 2020 World's Largest Devil's Toothpaste Explosion Sep,20 2020 Apple One Bundles Apple Services, Including new Apple Fitness+ Sep,20 2020 Apple Watch SE Starts at $279 Sep,20 2020 Apple Watch Series 6 Measures Blood Oxygen Sep,18 2020 Life is Strange 2 Episode 1 Now Free Sep,17 2020 NVIDIA GeForce 456.38 WHQL Released Sep,17 2020 AMD Releases Radeon Software Adrenalin 20.9.1 Sep,16 2020 Nvidia-Branded CPUs might be a possibility in near future Sep,16 2020 Private data gone public: Razer leaks 100,000+ gamers info Sep,15 2020 Crysis Remastered 8K Tech trailer Sep,15 2020 Star Wars: Squadrons - "Hunted" CG Short Sep,14 2020 LG Wing Boasts Swivel Screen Sep,14 2020 NVIDIA to Acquire Arm for $40 Billion Sep,14 2020 Boundary: Raytracing Benchmark Sep,13 2020 NVIDIA: GeForce RTX 3080 Reviews Delayed Sep,12 2020 What If We Detonated All Nuclear Bombs in Space at Once? Sep,12 2020 WAP Sign Language Sep,12 2020 Android Go Updated to be More Efficient on More Devices Sep,12 2020 Bose Intros QC Earbuds with Advanced ANC Sep,10 2020 NVIDIA GeForce RTX 3080 - Official Unboxing Sep,10 2020 Dune Official Trailer Sep,08 2020 Xbox Series S announced, priced at $299 Sep,08 2020 Android 11 Released Sep,07 2020 i'm thinking of ending things - Official Trailer Sep,06 2020 Novak Djokovic Defaulted From US Open Sep,06 2020 Acer Aspire 5 with AMD Ryzen 7 4700U unboxing and first impressions Sep,06 2020 Honor MagicBook Pro unboxing and first impressions Sep,05 2020 NVIDIA Marbles at Night tech demo Sep,04 2020 Facebook Technologies Stops Sales of Oculus VR Headset in Germany Sep,04 2020 NO TIME TO DIE Trailer (New 2020) James Bond, Daniel Craig
>> News Archive <<
| |
|
