Slashdot Mirror


Microsoft Bypasses HOSTS File

whitehatlurker writes "Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites. The general feeling in the rest of the thread is that this was to obfuscate these hosts and prevent them from being blocked by malware. However, there are no non-MicroSoft hosts listed, giving a competitive advantage for MicroSoft's anti-malware tools over other brands."

3 of 459 comments (clear)

  1. Not a useful thing for MS to do by mgv · · Score: 5, Interesting

    I would have thought that if you cant subvert the HOSTS file then all you have to do is to intercept any DNS lookup of these MS addresses and you would have the same effect.

    If you are trying to stop MS software from talking to home, then just use an external firewall.

    Michael

    --
    There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
  2. Is this necessarily a bad thing? by BluhDeBluh · · Score: 5, Interesting

    It helps prevent Malware. Sure, MS might have a slim advantage, but it also prevents otherwise botted PCs from accessing MS Updates against things like Blaster. I don't see this as being such a big deal.

  3. Ad blocking by aembleton · · Score: 5, Interesting

    Microsoft could also be using this to prevent users from blocking MSN messenger ad servers.