Slashdot Mirror


Microsoft Bypasses HOSTS File

whitehatlurker writes "Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites. The general feeling in the rest of the thread is that this was to obfuscate these hosts and prevent them from being blocked by malware. However, there are no non-MicroSoft hosts listed, giving a competitive advantage for MicroSoft's anti-malware tools over other brands."

5 of 459 comments (clear)

  1. It's a Big Deal because... by TubeSteak · · Score: 5, Insightful
    As mentioned in TFA's thread:
    2) As far as I know, their malicious software removal tool didn't exist back when this behavior was created, so what good was keeping access to Microsoft open going to do an infected system? What good does it do to install a patch for a vulnerability that's already been exploited onto the computer of the archetypal "home user"?
    MS hardcoded this in with WinXP SP2 & Win2k3 SP1.

    Why? Maybe someone will get a comment from MS.

    The point is that mucking around with the inner workings of the OS is BAD, unless it is documented appropriately. Now, documentation doesn't make it good, but if they're departing from the expected behavior, they should let people know.
    --
    [Fuck Beta]
    o0t!
  2. Potentially unfair... by Maul · · Score: 5, Insightful

    The main problem is not that you can't block MS addresses, it is that MS is only preventing their addresses from being blocked. Since they are now getting into the security business, this gives them what could be seen as an unfair advantage.

    Let us say that Joe User gets a piece of Malware, so he decides to visit a security company to find a solution to his problem. However, the malware has modified his hosts file to block security company web pages from being accessed, which is extremely typical. Joe User is not experienced enough to even know there is a hosts file that he could change back.

    Joe User's first attempt would likely be to norton.com, symantec.com (both go to Symantec's main page), or mcafee.com, since these names are pretty much synonymous with antivirus software. However, all of those are blocked and he can't access them.

    However, if he goes to microsoft.com, he can go there since the hosts file is subverted in the OS. Since he can't spend the time to figure out why he can't access the others, he purchases Microsoft's AV solution.

    --

    "You spoony bard!" -Tellah

  3. Monopolies by Tony · · Score: 5, Insightful

    A court of law has determined that Microsoft is a monopoly. One of the anti-trust regulations specifies that you cannot use your monopoly power to force your way into another market; that was the heart of the conviction against Microsoft in the Netscape case. Microsoft used their monopoly to oust Netscape as the dominant browser by bundling, which is illegal.

    Now they are using that same monopoly power to take over the anti-malware market.

    I'm rather ambivilent about this. On one hand, it is just one more case of Microsoft waiting for a market to mature, then forcing their way into it. On the other hand, this market wouldn't exist if it wasn't for their own shoddy products, so it's really Microsoft's reponsibility to fix it. However, malware protection software isn't the correct answer, it's just the most expedient, with a potential for additional profit.

    All-in-all, it's just Microsoft's usual game: own the system, rig the system, use that to take over another system. Keep secrets, and act all coy when your secrets are discovered.

    --
    Microsoft is to software what Budweiser is to beer.
  4. Re:Permissions? by saleenS281 · · Score: 5, Insightful

    funny, I see write access by root there. And last I checked, when malware *owns* windows, it's local root, which means the permissions you speak of would amount to absolutely nothing... And btw, you can make it read only to normal users, but again, this would accomplish nothing.

  5. Re:Is this necessarily a bad thing? by quarkscat · · Score: 5, Insightful

    Absolutely, yes, it is a bad thing.

    Microsoft has:
            instituted not only License 6, but also "phone home" validation. At any time, MS may
            decide to shut down any business worldwide that uses their products, at their (or a
            malviolent government's) discretion;

            embraced and extended(tm) LDAP with kerberos authentication that is not industry-
            standard or cross-platform compatible;

            embraced and extended(tm) web browser standards that have made Internet and
            platform security a nightmare;

            implimented a software firewall (XP SP2) that doesn't actually control/restrict all
            incoming and outgoing packets, making the use of a third party (H/W?) firewall
            less redundant and more actually necessary;

            stripped nearly all OS improvements out of their upcoming flagship OS, excepting
            Digital Rights Restrictions -- which may also remotely disable or remove products
            and/or services which they choose to disallow for any reason.

    Bypassing DNS and the hosts file on the OS platform is their "camel's nose under the
    tent flap" for future modifications to the network stack, all in the name of their brand
    of "security", which is (frankly) appalling. Given Microsoft's current product direction,
    it is not outside the realm of possibility that the future average computer user's
    experience will be some cross between a WebTV and an XBox.