Updated:02:06 AM EDT Sep 25


this is ggmania.com subsite Microsoft Bypasses HOSTS File - TechAmok

Microsoft Bypasses HOSTS File - [security]
09:35 AM EDT - Apr,17 2006 - post a comment

Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com

HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com

A quick check suggests that this behavior debuted with XP SP2, and is present on 2003 SP1 as well. (I haven't looked at 2003 RTM, but it would be interesting if someone please would.) Although one could argue that this measure is intended to thwart attempts to block updating Microsoft products, it's indefensible because:

1) It's a point-in-time, cat-and-mouse defense against an ephemeral malware technique, a change that causes permanent headaches in situations like yours, and the potential for negative publicity as a result.

2) As far as I know, their malicious software removal tool didn't exist back when this behavior was created, so what good was keeping access to Microsoft open going to do an infected system? What good does it do to install a patch for a vulnerability that's already been exploited onto the computer of the archetypal "home user"?

3) Although it falls in line with removing raw sockets and limiting half-open TCP connections, making these Microsoft hosts and domain unfilterable is even more egregious because of the implications you mentioned, and because this behavior was never publicly documented.

4) Their selectiveness seems unfair. I'm sure all the antivirus/antispyware companies whose domains regularly end up in hosts-files would love to be added to the list, too. (So would everyone else whose software reports "anonymous usage statistics" and all the other companies making money from web advertising.*) Going back to #3, it would have been more disruptive but less controversial if they had removed regard for the hosts-file entirely, or made the resolver only consult the hosts-file after all else failed, thereby preventing it from being used for blocking. It's not a great analogy, but this move is sort of like if they had only blocked raw IP packets headed for a Microsoft IP address, instead of raw sockets entirely.


Add your comment (free registrationrequired)

Short overview of recent news articles

Sep,25 2020 RTX 3080 Users Report Crashes to Desktop While Gaming
Sep,24 2020 Sega developing live-action Yakuza film
Sep,24 2020 Samsung Expands Galaxy S20 Series With More-Affordable Fan Edition
Sep,24 2020 Adobe Acrobat Reader can now Reformat PDFs for Easy Reading on
Sep,24 2020 Nokia Updates Entry-Level Phones
Sep,24 2020 GeForce RTX 3090 is only 10-15% faster than the RTX 3080
Sep,22 2020 Model Builder Builds A Coliseum With 22,000 Dominos
Sep,22 2020 What's Inside $18,000,000 Luxury Doomsday Bunker?
Sep,22 2020 WeChat and TikTok Still Available in US; Future Uncertain
Sep,22 2020 NVIDIA Responds to Criticism Surrounding the RTX 3080 Launch
Sep,20 2020 World's Largest Devil's Toothpaste Explosion
Sep,20 2020 Apple One Bundles Apple Services, Including new Apple Fitness+
Sep,20 2020 Apple Watch SE Starts at $279
Sep,20 2020 Apple Watch Series 6 Measures Blood Oxygen
Sep,18 2020 Life is Strange 2 Episode 1 Now Free
Sep,17 2020 NVIDIA GeForce 456.38 WHQL Released
Sep,17 2020 AMD Releases Radeon Software Adrenalin 20.9.1
Sep,16 2020 Nvidia-Branded CPUs might be a possibility in near future
Sep,16 2020 Private data gone public: Razer leaks 100,000+ gamers info
Sep,15 2020 Crysis Remastered 8K Tech trailer
Sep,15 2020 Star Wars: Squadrons - "Hunted" CG Short
Sep,14 2020 LG Wing Boasts Swivel Screen
Sep,14 2020 NVIDIA to Acquire Arm for $40 Billion
Sep,14 2020 Boundary: Raytracing Benchmark
Sep,13 2020 NVIDIA: GeForce RTX 3080 Reviews Delayed
Sep,12 2020 What If We Detonated All Nuclear Bombs in Space at Once?
Sep,12 2020 WAP Sign Language
Sep,12 2020 Android Go Updated to be More Efficient on More Devices
Sep,12 2020 Bose Intros QC Earbuds with Advanced ANC
Sep,10 2020 NVIDIA GeForce RTX 3080 - Official Unboxing
Sep,10 2020 Dune Official Trailer
Sep,08 2020 Xbox Series S announced, priced at $299
Sep,08 2020 Android 11 Released
Sep,07 2020 i'm thinking of ending things - Official Trailer
Sep,06 2020 Novak Djokovic Defaulted From US Open
Sep,06 2020 Acer Aspire 5 with AMD Ryzen 7 4700U unboxing and first impressions
Sep,06 2020 Honor MagicBook Pro unboxing and first impressions
Sep,05 2020 NVIDIA Marbles at Night tech demo
Sep,04 2020 Facebook Technologies Stops Sales of Oculus VR Headset in Germany
Sep,04 2020 NO TIME TO DIE Trailer (New 2020) James Bond, Daniel Craig
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs