|
|
Microsoft Bypasses HOSTS File - TechAmok
Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment Dave Korn announced on the Full Disclosure and Bugtraq security lists that
Microsoft is bypassing local lookups for some hosts, meaning that you can't
locally block some sites through your HOSTS file. All of these sites are
MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com
HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com
A quick check suggests that this behavior debuted with XP SP2, and is present on
2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if
someone please would.) Although one could argue that this measure is intended to
thwart attempts to block updating Microsoft products, it's indefensible because:
1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware
technique, a change that causes permanent headaches in situations like yours,
and the potential for negative publicity as a result.
2) As far as I know, their malicious software removal tool didn't exist back
when this behavior was created, so what good was keeping access to Microsoft
open going to do an infected system? What good does it do to install a patch for
a vulnerability that's already been exploited onto the computer of the
archetypal "home user"?
3) Although it falls in line with removing raw sockets and limiting half-open
TCP connections, making these Microsoft hosts and domain unfilterable is even
more egregious because of the implications you mentioned, and because this
behavior was never publicly documented.
4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware
companies whose domains regularly end up in hosts-files would love to be added
to the list, too. (So would everyone else whose software reports "anonymous
usage statistics" and all the other companies making money from web
advertising.*) Going back to #3, it would have been more disruptive but less
controversial if they had removed regard for the hosts-file entirely, or made
the resolver only consult the hosts-file after all else failed, thereby
preventing it from being used for blocking. It's not a great analogy, but this
move is sort of like if they had only blocked raw IP packets headed for a
Microsoft IP address, instead of raw sockets entirely.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Mar,05 2026 Spy-Grade 'Coruna' Exploit Kit Now Fuels Mass Crypto Thefts on Mar,05 2026 Google Drops Urgent Chrome Patch: 10 Flaws Fixed in Critical Mar,05 2026 NVIDIA GeForce Hotfix Driver v595.76 is now available Mar,04 2026 Google Slashes App Store Fees and Opens Door to Third-Party Stores Mar,04 2026 Android's New Update Brings New Find My Features Mar,04 2026 Samsung Confirms DRAM Prices Surge Over 100% in Q1 2026 Amid Mar,04 2026 HW News - "Microslop" Censored, NVIDIA Unlaunches Drivers Again, Mar,04 2026 A €55 ITX Case! - DeepCool CH170 DIGITAL Review Mar,04 2026 Critical Flaw in MS-Agent AI Framework Exposes Systems to Remote Mar,04 2026 South Korean Tax Officials Fumble $4.8 Million in Seized Crypto Mar,03 2026 Windows 11 Upgrade Bug 'Deletes the Internet' for Some Users, Mar,03 2026 Open-Source AI 'Hacker' Shannon Explodes to Fame with 96% Exploit Mar,03 2026 Google Drops Massive Android Security Patch: Fixes 129 Flaws Mar,02 2026 Apple Unveils iPhone 17e: MagSafe, A19 Chip, and Double Storage at Mar,02 2026 NVIDIA GeForce 595.71 WHQL Driver Mar,02 2026 Russian-Linked APT28 Exploits Zero-Day in Legacy MSHTML Engine to Mar,02 2026 Honor Unveils Mind-Blowing Robot Phone with Dancing Camera at MWC Mar,02 2026 Resident Evil 9 Requiem - Bonus DLC Mar,01 2026 Microsoft's Copilot Discord Server Locked Amid 'Microslop' Spam Mar,01 2026 Anghami CEO Open-Sources Powerful Real-Time Global War Monitor Mar,01 2026 Chinese Developers Unleash Blazing-Fast Android AI Agent with Mar,01 2026 Claude Surges to #1 on App Store as ChatGPT Faces Boycott Backlash Feb,28 2026 Google Reveals Key New Features of Android 17 Feb,28 2026 OLED Gaming Monitors Are Finally Affordable Feb,28 2026 OpenAI's KYC Partner Exposed in Surveillance Scandal as ChatGPT Feb,28 2026 Pentagon Blacklists Anthropic Over AI Safeguards; OpenAI Secures Feb,27 2026 Have RAM and GPU Prices Peaked? Feb,27 2026 Zoom 'Update' Trap: Fake Site Infects 1,437 Users with Spyware in Feb,27 2026 Stop WASTING Money on Fancy RAM Feb,27 2026 Drunk AI robot Feb,26 2026 AirSnitch Exposes Critical Flaw: Wi-Fi Client Isolation Broken in Feb,26 2026 Revolutionary Ultrasonic Knife Hits Kitchens: C-200 Vibrates for Feb,26 2026 Apple Scores Historic NATO Security Clearance: iPhone and iPad First Feb,26 2026 Kali Linux Goes AI-Powered: Claude Now Runs Your Pen Tests in Plain Feb,26 2026 Resident Evil Requiem - Stunning on PS5 Pro + PS5/Xbox Series X|S Feb,26 2026 Samsung Galaxy S26 Ultra Flexes Hardware Muscle Over iPhone 17 Pro Feb,26 2026 The Galaxy S26 Ultra has a 'wow' feature with video Lock Feb,26 2026 I built the most BORING PC possible... and here is why it's Feb,26 2026 Micron Blasts GDDR7 as Gaming Bottleneck While Nvidia's RTX 50 Feb,26 2026 UK Tightens Grip on Streaming Giants: Age Verification Now Mandatory
>> News Archive <<
| |
|
