-
April 17th, 2006, 02:39 PM
#1
Microsoft bypasses HOSTS file.
Yep, seems that they don't want you blocking MS sites. They site the reason as protection and security but if one reads into this, there seems to be many more implications. Here are the hosts that they will not allow you to bypass via host files. Again, it's from BugTraq and I have not had time to verify each one.
This info came from BugTraq:
DomainScreenList:
windowsupdate.microsoft.com
windowsupdate.com
microsoftupdate.com
download.microsoft.com
update.microsoft.com
HostsScreenList:
microsoft.com
www.microsoft.com
support.microsoft.com
wustats.microsoft.com
microsoftupdate.microsoft.com
office.microsoft.com
msdn.microsoft.com
go.microsoft.com
msn.com
www.msn.com
msdn.com
www.msdn.com
A quick check suggests that this behavior debuted with XP SP2, and is
present on 2003 SP1 as well. (I haven't looked at 2003 RTM, but it
would be interesting if someone please would.)
--Th13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 17th, 2006, 03:16 PM
#2
Ummm... off the cuff, I can live with the autoupdate side of the bypass. On the other hand, I could surmise that there is an existing monitoring function embedded into the other programs and this becomes a sort of "Big Brother"-ish, with me as the littah brah! That is the uncomfortable side.
If the reason is for protection and security, the question form would be "for whom?" If everytime I go online those programs submit integrity check reports and I get a feedback on what the status of my OS programs are (i.e., if there is a clean bill of health or not), then maybe I'd let the "umbilical cord" alone (unless I decide to switch OS). By the way things go, however, it looks like a silent transmitter sending periodic bursts of messages reporting on what I am doing with what or which.
Problem is, for a newbie like me, I can only grumble. A possible solution is to look at the firewall and check if it is possible to implement a sieve-like method with regard to outgoing and incoming traffic being executed by which program. This is rather tedious, though, and I doubt if the firewalls would work on these files as well.
... that's my layman's take of it.
Si vis pacem, para bellum!
-
April 17th, 2006, 03:26 PM
#3
It seems like a good thing to me, it will obviously stop malicious software from blocking/redirecting the update site, which has to be a good thing!
Think I would do the same thing if I was Billy G!
-
April 17th, 2006, 03:59 PM
#4
On reading through %WINDIR%\system32\dnsapi.dll with 'strings', I find
the following hostnames listed. I assume they are all also singled out
for special treatment
http://www.securityfocus.com/archive.../30/0/threaded
It seems the addresses are written into the dll. It's an amateur
hack to get ahead of page hijackers that edit the hosts file.
What they need to do is get rid of ActiveX, instead of experimenting
like this. What happens when the malware replaces that dll with
their own corrupted version. As long as the OS permits anyone
out there to edit/replace your system files through ActiveX,
it'll only be a temporary fix.
I came in to the world with nothing. I still have most of it.
-
April 17th, 2006, 06:25 PM
#5
ActiveX - That is soooo old school.
COM technology is what they're calling it nowadays. =p
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
April 18th, 2006, 12:04 AM
#6
As long as the OS permits anyone out there to edit/replace your system files through ActiveX
+
Code:
C:\WINDOWS\system32>cacls dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
BUILTIN\Users:R
BUILTIN\Power Users:R
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
looks like the attempted introduction of fear uncertainty and doubt.
the only way activex can edit or replace this file is if you are AT LEAST using activex as an administrative user. in this instance to claim activex is the problem would be akin to a doctor diagnosing an er patient with attention deficit hyperactivity disorder when that patient is under the influence of cocaine. often times when you remove the big problems the small ones go away.
-
April 18th, 2006, 05:35 AM
#7
using activex as an administrative user
And we know that nobody is doing that! LOL
I came in to the world with nothing. I still have most of it.
-
April 18th, 2006, 10:18 PM
#8
Just checked a Windows 2000 Pro install (fully patched) and it's not in there.
Interesting.
-
April 19th, 2006, 08:41 AM
#9
Junior Member
I wonder what longhorn ahhh I mean Vista is going to have in it's bag of tricks?
If Knownledge is power,then would total knowledge be total power and who would be a god or a lesser?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|