|
|
Microsoft Bypasses HOSTS File - TechAmok
Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment Dave Korn announced on the Full Disclosure and Bugtraq security lists that
Microsoft is bypassing local lookups for some hosts, meaning that you can't
locally block some sites through your HOSTS file. All of these sites are
MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com
HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com
A quick check suggests that this behavior debuted with XP SP2, and is present on
2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if
someone please would.) Although one could argue that this measure is intended to
thwart attempts to block updating Microsoft products, it's indefensible because:
1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware
technique, a change that causes permanent headaches in situations like yours,
and the potential for negative publicity as a result.
2) As far as I know, their malicious software removal tool didn't exist back
when this behavior was created, so what good was keeping access to Microsoft
open going to do an infected system? What good does it do to install a patch for
a vulnerability that's already been exploited onto the computer of the
archetypal "home user"?
3) Although it falls in line with removing raw sockets and limiting half-open
TCP connections, making these Microsoft hosts and domain unfilterable is even
more egregious because of the implications you mentioned, and because this
behavior was never publicly documented.
4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware
companies whose domains regularly end up in hosts-files would love to be added
to the list, too. (So would everyone else whose software reports "anonymous
usage statistics" and all the other companies making money from web
advertising.*) Going back to #3, it would have been more disruptive but less
controversial if they had removed regard for the hosts-file entirely, or made
the resolver only consult the hosts-file after all else failed, thereby
preventing it from being used for blocking. It's not a great analogy, but this
move is sort of like if they had only blocked raw IP packets headed for a
Microsoft IP address, instead of raw sockets entirely.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Dec,19 2025 The XG27AQWMG Sets a New Standard for 1440p OLED Dec,19 2025 OnePlus 15R Boasts Huge 7,400 mAh Battery Dec,19 2025 Motorola Refreshes moto g power for 2026 Dec,18 2025 NVIDIA GeForce 591.59 WHQL Driver Dec,18 2025 Are We Quitting YouTube Due To DRAM Apocalypse? Dec,16 2025 The Samsung TriFold is AWESOME! Dec,16 2025 $30 vs $30,000 TV Dec,16 2025 Stranger Things 5 - Volume 2 Trailer Dec,14 2025 Google Brings Live Video Sharing to 911 Calls on Android Dec,14 2025 Samsung One UI 8.5 Will Offer New Features Dec,14 2025 Dell AW3225QF Review - 32-inch curved gaming monitor Dec,13 2025 HW News - AMD Says AI Definitely, Absolutely Not A Bubble, New Dec,13 2025 The BEST Smartphones of 2025! Dec,11 2025 10 Atmospheric Games That Might CHANGE YOUR LIFE Dec,11 2025 Samsung Galaxy S26 Ultra - Samsung Isn't Hiding It Anymore Dec,10 2025 AMD Releases Adrenalin Edition 25.12.1 WHQL Drivers Dec,10 2025 S25 Ultra VS 17 Pro Max Dec,09 2025 All You Need Is Kill - Official Trailer Dec,09 2025 Why can’t you be NORMAL?!? Roasting Staff Setups Dec,09 2025 A Ryzen Cooling MONSTER - be quiet Silent Loop 3 Review Dec,07 2025 The Boys - Official Final Season Trailer Dec,06 2025 Unemployed in your 30's Dec,05 2025 Play Store Customers to Receive Automatic Payments from $700 Million Dec,05 2025 Google's Second Release of Android 16 Brings Smart Notifications Dec,05 2025 Netflix To Buy Warner Bros for $82.7 Billion Dec,03 2025 Micron to Exit Crucial Consumer Business, Ending Retail SSD and DRAM Dec,02 2025 Samsung Galaxy Z TriFold Unboxing! Nov,30 2025 Top 5 Best CPUs of 2025 Nov,30 2025 Google Adding AirDrop to Android Nov,29 2025 20 TOP ALIEXPRESS products for BLACK FRIDAY Nov,26 2025 Stop Wasting Money on Premium Monitors Nov,23 2025 The Blackest Friday - Tech News Nov 23 Nov,23 2025 T-Roc: Will this new VW be the best car of 2026? Nov,23 2025 Can I build my own Steam Machine? Nov,22 2025 50 NEXT-LEVEL Gadgets Every Man NEEDS to See Nov,22 2025 RETURN TO SILENT HILL Trailer (2026) Nov,20 2025 I was WRONG about the Porsche 911 GT3 (or was I?) Nov,20 2025 Pi GPT Tool Turns Raspberry Pi into a ChatGPT-Powered Smart Device Nov,17 2025 Rainbow Six Siege X - Official 'Team Rainbow's Last Mission' Nov,17 2025 Stranger Things Seasons 1-4 Recap
>> News Archive <<
| |
|
