Microsoft Bypasses HOSTS File
whitehatlurker writes "Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites.
The general feeling in the rest of the thread is that this was to obfuscate these hosts and prevent them from being blocked by malware. However, there are no non-MicroSoft hosts listed, giving a competitive advantage for MicroSoft's anti-malware tools over other brands."
I would have thought that if you cant subvert the HOSTS file then all you have to do is to intercept any DNS lookup of these MS addresses and you would have the same effect.
If you are trying to stop MS software from talking to home, then just use an external firewall.
Michael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
It helps prevent Malware. Sure, MS might have a slim advantage, but it also prevents otherwise botted PCs from accessing MS Updates against things like Blaster. I don't see this as being such a big deal.
Microsoft could also be using this to prevent users from blocking MSN messenger ad servers.
I'm wondering if the behaviour will change if you just go into "services" and disable the DNS client.
I recommend this anyway. In theory it will increase the number of requests your machine does. But in practice it has saved me a lot of "try rebooting" calls.
Anyone out there with XP who can reproduce this?
I've always found the /etc/ to be the funniest part of that path.
/etc/ as the location for the hosts file still remains, along with other little hints -- ftp.exe is almost identical to the BSD FTP utility. BSD also gets properly credited in the XP copyright notice
This is one of the telltale remaints of the BSD-derived TCP/IP stack that NT/XP uses.
Although the stack itself has been heavily modified, using
-- If you try to fail and succeed, which have you done? - Uli's moose
(And my troll is in Haiku)
Windows xp still better
need to run useful software
Mac and Linux are toys
that is not quite right
both the troll and the haiku
are somewhat lacking
but please understand
Mac and Linux are not toys
just other systems
Windows has problems
while it does have more software
it is insecure
please try something else
you might find that you like it
don't stagnate yourself
if end users switch
developers will follow
more software for all
so please help yourself
and help the rest of the world
try something else
if you don't like them
that is your prerogative
simply don't use them
but I'm warning you
going back is much harder
but it is your choice
other OSes
few viruses and malware
true computing bliss
as for poetry
haiku sylable count is
5-7-5
Here's a threaded view of the Full Disclosure thread, rather than the first follow-up post to Dave Korn's OP, which the story submitter seems to have decided would be a better way... http://archives.neohapsis.com/archives/fulldisclos ure/2006-04/thread.html#268
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe