Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×

Microsoft Bypasses HOSTS File 459

whitehatlurker writes "Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites. The general feeling in the rest of the thread is that this was to obfuscate these hosts and prevent them from being blocked by malware. However, there are no non-MicroSoft hosts listed, giving a competitive advantage for MicroSoft's anti-malware tools over other brands."
This discussion has been archived. No new comments can be posted.

Microsoft Bypasses HOSTS File

Comments Filter:
  • I would have thought that if you cant subvert the HOSTS file then all you have to do is to intercept any DNS lookup of these MS addresses and you would have the same effect.

    If you are trying to stop MS software from talking to home, then just use an external firewall.

    Michael
    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Sunday April 16, 2006 @11:46AM (#15138484)
      I'm wondering if the behaviour will change if you just go into "services" and disable the DNS client.

      I recommend this anyway. In theory it will increase the number of requests your machine does. But in practice it has saved me a lot of "try rebooting" calls.

      Anyone out there with XP who can reproduce this?
      • by pla ( 258480 ) on Sunday April 16, 2006 @05:14PM (#15139709) Journal
        Anyone out there with XP who can reproduce this?

        Good idea, but no luck. Same result, though with one slight difference which might prove useful as a workaround - The first attempt timed out, meaning it really performs the query rather than having a hardcoded list of IP mappings. So if you ran a cacheing DNS proxy on your machine (ie, exactly what the built-in DNS service does, but one not containing a built-in Microsoft hack), pointed your machine's DNS to itself, and tell the proxy to use a bogus address for the sites in question, that should successfully block them.

        Better to do this at the firewall, though (a real external hardware firewall, not Microsoft's "trust us, this works" crap).
        • So if you ran a cacheing DNS proxy on your machine

          Just an update - I just set up exactly such a proxy (DNRD) on my masq'ing gateway, and it works like a charm. So MS hasn't done anything too sophisticated to get around blacklisting them, just enough to count as a nuissance.
    • It turns out to be easier to subvert the hosts file than to intercept DNS lookup. There's a really easy way to replace the hosts file from an activex script. How you would subvert DNS from the same point of attack is unclear.
    • by whoever57 ( 658626 ) on Sunday April 16, 2006 @12:56PM (#15138751) Journal
      What is there to stop a virus making edits to the dll binary? Changing the strings that presently correspond to the IP addresses of MS domains to some random, invalid address?
      • by x0n ( 120596 ) on Sunday April 16, 2006 @01:41PM (#15138900) Homepage Journal
        >What is there to stop a virus making edits to the dll binary? Changing the strings that presently
        >correspond to the IP addresses of MS domains to some random, invalid address?

        Yes, there is a mechanism built into Windows which uses digital signatures and a watchdog to prevent accidental (or deliberate) changes to sensitive DLLs. Any binary changes to any file will invalidate the signature on the DLL. This is more effective than tripwire or other such things whereby a checksum is held in another location since the DLL itself is signed using a PK and cannot be re-signed to hide the changes.

        Windows File Protection: http://support.microsoft.com/?kbid=222193 [microsoft.com]

        - Oisin
        • Except it's not very effective, is it? Is there anything stopping a system-level process (eg, malware) from grabbing the window handle and sending the appropriate keystrokes to dismiss the prompt? I haven't tested it myself, but I've used that technique successfully for the "unsigned driver" warnings. WFP lets you keep the unsigned driver/DLL with no further warnings if you press two buttons.
    • What it means is that if a rootkit alters the internal IP tables for a Microsoft address, most virus checkers won't pick up on it (the Hosts file will be untouched) and it will be impossible for the user to override the problem in order to get to Microsoft's website to download the necessary patches.
  • by BluhDeBluh ( 805090 ) on Sunday April 16, 2006 @11:12AM (#15138291)
    It helps prevent Malware. Sure, MS might have a slim advantage, but it also prevents otherwise botted PCs from accessing MS Updates against things like Blaster. I don't see this as being such a big deal.
    • by TubeSteak ( 669689 ) on Sunday April 16, 2006 @11:20AM (#15138335) Journal
      As mentioned in TFA's thread:
      2) As far as I know, their malicious software removal tool didn't exist back when this behavior was created, so what good was keeping access to Microsoft open going to do an infected system? What good does it do to install a patch for a vulnerability that's already been exploited onto the computer of the archetypal "home user"?
      MS hardcoded this in with WinXP SP2 & Win2k3 SP1.

      Why? Maybe someone will get a comment from MS.

      The point is that mucking around with the inner workings of the OS is BAD, unless it is documented appropriately. Now, documentation doesn't make it good, but if they're departing from the expected behavior, they should let people know.
      • The point is that mucking around with the inner workings of the OS is BAD

        Stated like you control and/or own the OS running on your machine. This is just another example showing how Microsoft feels they should be the ones to control your system. There are many examples of this. Patches for applications that change things in the core operating system are common. Why a patch for office should change things in the OS never made any sense. But then Micrsoft knows best.
    • by Morvandium ( 534213 ) on Sunday April 16, 2006 @11:22AM (#15138346)
      I agree. In addition, as much as I may think they should include other sites on that list, those other sites do not play into what MicroSoft sees as the "integrity" of their product. They're not out to make sure that you can get the latest update of Apache or OpenOffice or whatever; they want to make sure that you can update Windows to the latest version (one that might actually stop the malware they're trying to protect from) or get to a place where you can ask MicroSoft a question (which they may or may not answer, and if they do, the answer to which may or may not be helpful), or, heaven forbid, get to a place where you can order a new MicroSoft product (probably because you haven't realized it will have similar flaws to your current and older MS products).
      • Integrity (Score:2, Interesting)

        by Tony ( 765 )
        . . . those other sites do not play into what MicroSoft sees as the "integrity" of their product.

        Which integrity might that be? The same integrity that allows malware to infect a machine to the point where it can poison the hosts file? The same integrity that spawned the anti-malware business in the first place?

        Yeah. Microsoft is big on integrity, both moral and technical.
      • > as the "integrity" of their product.
        I would assume that helps with product verification/activation. Without it would be simpler to mimic much of windows update with a localhost sever, and point back to your PC. With this in, you would probably need a second PC, and a external non microsoft based dns server.

        I would more quiclkly give msft credit for protecting profit, than protecting from malware.
    • What this is just replacing the hosts file with something more obscure, the malware writers will simply learn how to modify it to do what they want. Meanwhile, you will have a false sense of security.
    • by quarkscat ( 697644 ) on Sunday April 16, 2006 @11:57AM (#15138532)
      Absolutely, yes, it is a bad thing.

      Microsoft has:
              instituted not only License 6, but also "phone home" validation. At any time, MS may
              decide to shut down any business worldwide that uses their products, at their (or a
              malviolent government's) discretion;

              embraced and extended(tm) LDAP with kerberos authentication that is not industry-
              standard or cross-platform compatible;

              embraced and extended(tm) web browser standards that have made Internet and
              platform security a nightmare;

              implimented a software firewall (XP SP2) that doesn't actually control/restrict all
              incoming and outgoing packets, making the use of a third party (H/W?) firewall
              less redundant and more actually necessary;

              stripped nearly all OS improvements out of their upcoming flagship OS, excepting
              Digital Rights Restrictions -- which may also remotely disable or remove products
              and/or services which they choose to disallow for any reason.

      Bypassing DNS and the hosts file on the OS platform is their "camel's nose under the
      tent flap" for future modifications to the network stack, all in the name of their brand
      of "security", which is (frankly) appalling. Given Microsoft's current product direction,
      it is not outside the realm of possibility that the future average computer user's
      experience will be some cross between a WebTV and an XBox.
    • The problem I have is that it's My PC! It is not Microsoft's (as much as they want to believe it) or Sony's or Star Forces, but Mine. I am sick to death of companies trying to protect me from ME and preventing me from using my devices as I want. Try and put a good Cisco WiFi card in the mini-pci slot of a HP, Compaq, or IBM laptop. "Unauthorized wireless network card detected. System halted..." Try using a car charger for any RAZR phone on a Verizon RAZR phone. "Unauthorized Charger." When you sell me
    • Yes it is. So far the only thing I've used my hosts file for is to block web ad servers such as googlesyndication.com. I'm guessing that now if I used a Microsoft operating system, I would be unable to block Microsoft adverts. Sound bad yet?
  • So what? (Score:4, Insightful)

    by nametaken ( 610866 ) on Sunday April 16, 2006 @11:14AM (#15138306)
    People should know by now, when you go MS, you don't buy the horse, you buy the farm. You wanna segment and pick and choose on the MS platform? Good luck.
    • Re:So what? (Score:5, Funny)

      by Aaden42 ( 198257 ) on Sunday April 16, 2006 @11:44AM (#15138472) Homepage
      No, no... You just *license* the farm. MS still owns it. For a nominal fee, they'll let you step in the cow pies every second Tuesday.
      • Haha... point taken!

        I've often noticed that products that address issues similar to ones address in MS software find themselves fighting an uphill battle. Take the suggestion in the original post... MS has an immediate competative advantage by leveraging a feature built into the OS that can ONLY benefit other MS products. We've seen the same thing happen in other markets too, of course. Not least of which was with IE.

  • Ad blocking (Score:5, Interesting)

    by aembleton ( 324527 ) <aembleton@gmai[ ]om ['l.c' in gap]> on Sunday April 16, 2006 @11:16AM (#15138316) Homepage
    Microsoft could also be using this to prevent users from blocking MSN messenger ad servers.
    • Re:Ad blocking (Score:2, Interesting)

      by MT628496 ( 959515 )
      I don't really think so. The types of people who run adblocking software are usually more technically advanced. Chances are that they won't be going to things like msn.com anyway and if they have to go to windows update, they'll be going whether there are ads or not.

      Doesn't the adblock firefox extension just not display the images from certain hosts? Programs that block ads by editing the hosts file remove things before they even get to adblock. I suppose that's the real reason that I don't really think
    • why not just block them at the router level? or am I missing something obvious?

  • Permissions? (Score:5, Insightful)

    by tomstdenis ( 446163 ) <tomstdenis AT gmail DOT com> on Sunday April 16, 2006 @11:19AM (#15138329) Homepage
    tom@localhost ~ $ ls -l /etc/hosts
    -rw-r--r-- 1 root root 519 Oct 19 12:13 /etc/hosts

    ....

    Why can't windows just make the host files read only.
    • Re:Permissions? (Score:5, Insightful)

      by v1 ( 525388 ) on Sunday April 16, 2006 @11:27AM (#15138378) Homepage Journal
      Windows security is as effective as a screen door on a submarine.

      It'd take the malware makers about an hour to find any of the what, probably 80 holes that would let them go around such windows security. A back-and-forth battle like that could easily go on for months if not years. In unix, security and permissions are the foundation, on top of which everything is built. In windows, security is a hack that was added on later with no due consideration during the initial design phase of windows. It's no wonder it's next to impossible to get it to work the way you want it to.

      When you are designing security, the sad truth of it is, the user is the enemy. There's no nicer way to look at it. So it takes a great deal of care to design a security system that can withstand the assult of a user while at the same time being functional and serving the user. It's too late for windows to make those design considerations. They have errored on the side of functionality and sacrificed the security of the system. There is no fixing that.
      • Re:Permissions? (Score:3, Insightful)

        by Teancum ( 67324 )
        Of course this is also following the assumption that the administrator of the systems you are talking about are also not the users who are on the computer systems.

        The whole admin/user philosophy is based on the religion called the "High Priesthood of the Computer Temple", where you have to make special requests to a special unique class of individuals who control computer resources.

        As for PC operating systems, in particular Microsoft OS platforms, they were designed for independent system operations where t
        • Modern Unix-like systems (Linux, *BSD, Mac OS X) use a hybrid model, where the user is asked to authenticate before a potentially dangerous action is completed. This is not coincidentally the model MS seems to want to follow for future versions of Windows.

          It's been hashed over several times before on /., maybe do a search.
        • Re:Permissions? (Score:3, Insightful)

          by Alioth ( 221270 )
          In the single user, single tasking non-networked PC world of the 1980s, the idea of the user always being the administrator was fine and not harmless. However, you can't take this model into the networked multi-user world and expect it to work. If Microsoft expects its software to work in the networked world, they must drop their single user single tasking philosophy.
      • In unix, security and permissions are the foundation, on top of which everything is built. In windows, security is a hack that was added on later with no due consideration during the initial design phase of windows. It's no wonder it's next to impossible to get it to work the way you want it to.

        In Unix, "root process can change the hosts file" would be rejected as NOTABUG, and the user would be told to use better security practices.

        In Windows where Microsoft is in the awkward position of trying to protect t
      • > In unix, security and permissions are the foundation, on top of which everything is built. In windows, security is a hack that was added on later with no due consideration during the initial design phase of windows.

        You might want to look into the history of root before deciding that only on Windows was multi-user added on later.

        Root is a design fault, it is not even necessary.

    • Uhm they do. The hosts file has the exact same privileges as what you list (Administrator full access, Read-only for everyone else). The wrinkle in that is that almost everyone runs as Administrator. Very dumb.
    • Re:Permissions? (Score:5, Insightful)

      by saleenS281 ( 859657 ) on Sunday April 16, 2006 @11:54AM (#15138524) Homepage
      funny, I see write access by root there. And last I checked, when malware *owns* windows, it's local root, which means the permissions you speak of would amount to absolutely nothing... And btw, you can make it read only to normal users, but again, this would accomplish nothing.
  • by Maul ( 83993 ) on Sunday April 16, 2006 @11:22AM (#15138351) Journal
    The main problem is not that you can't block MS addresses, it is that MS is only preventing their addresses from being blocked. Since they are now getting into the security business, this gives them what could be seen as an unfair advantage.

    Let us say that Joe User gets a piece of Malware, so he decides to visit a security company to find a solution to his problem. However, the malware has modified his hosts file to block security company web pages from being accessed, which is extremely typical. Joe User is not experienced enough to even know there is a hosts file that he could change back.

    Joe User's first attempt would likely be to norton.com, symantec.com (both go to Symantec's main page), or mcafee.com, since these names are pretty much synonymous with antivirus software. However, all of those are blocked and he can't access them.

    However, if he goes to microsoft.com, he can go there since the hosts file is subverted in the OS. Since he can't spend the time to figure out why he can't access the others, he purchases Microsoft's AV solution.
    • Shocked!!! Shocked I say!!! How can you make such slanderous, conspiracy-theory-laden accusations against such a generous, benevolent entity as MicroSoft?
      </sarcasm>

      I barely managed to type that with my bladder intact.
    • but couldn't it be a disadvantage as well? The hosts file is pretty easy to clean up, you just need a file editor, but as soon as someone has found out how to change this "hidden setting" pointing to the microsoft servers, it will be pretty hard to repair it again. I think in the end, this non-solution will backfire on microsoft.
    • Yes but (Score:2, Interesting)

      by backslashdot ( 95548 )
      You know, I would bet money that were Apple doing this, people would claim it's just vertical market integration .. why should they make things easy for spyware vendors etc.

      Apple won't allow others to create DRM enabled files that play on the iPod. Other mp3 players are prevented from being able to play songs bought on iTunes (unless you go the roundabout, dubiously legal (read the contract), route of ripping to CD and then copying the mp3's on there). This is all considered "fair" and a brilliant example o
    • Let us say that Joe User gets a piece of Malware, so he decides to visit a security company to find a solution to his problem. However, the malware has modified his hosts file to block security company web pages from being accessed, which is extremely typical. Joe User is not experienced enough to even know there is a hosts file that he could change back

      This is why antivirus/antispyware software should check for updates by IP address. If it can't find the update servers, only then should it do a DNS looku

  • by displaced80 ( 660282 ) on Sunday April 16, 2006 @11:23AM (#15138360)
    Hmm. This seems a bit ass-backwards to me.

    Rather than having to ignore the HOSTS file because it may be malicious, shouldn't the solution be to prevent HOSTS from getting mangled in the first place?

    (oh, and on an unrelated note: why on earth is the Win32 HOSTS file buried away under C:\Windows\System32\Drivers\etc\? I mean.... 'drivers'?!!? Bizarre.

    • by idesofmarch ( 730937 ) on Sunday April 16, 2006 @11:29AM (#15138389)
      The solution exists. Running as standard user in Windows XP will prevent changes to the hosts file.
      • by mpapet ( 761907 )
        If only most applications could run properly with user-level permissions.

        I admin a tiny number of desktops and not one of them worked with user-level permissions.
        -Mysterious errors
        -Application functions that simply did not work.

        These are *very* generic XPSP2/Win2k desktops with Office 2K/2003.

        Initially, I was not deterred. With every hurdle crossed with ugly hacks, there was yet another error with no documented solution.

        Someone posted a link to NIST(?) documentation that I eventually used. It's by far the
    • by moosesocks ( 264553 ) on Sunday April 16, 2006 @12:06PM (#15138573) Homepage
      I've always found the /etc/ to be the funniest part of that path.

      This is one of the telltale remaints of the BSD-derived [kuro5hin.org] TCP/IP stack that NT/XP uses.

      Although the stack itself has been heavily modified, using /etc/ as the location for the hosts file still remains, along with other little hints -- ftp.exe is almost identical to the BSD FTP utility. BSD also gets properly credited in the XP copyright notice [microsoft.com]
      • This is one of the telltale remaints of the BSD-derived TCP/IP stack that NT/XP uses.

        I think they're actually unrelated - and I don't think Microsoft has used a bsd derived TCP/IP stack since NT4.

        Although the stack itself has been heavily modified, using /etc/ as the location for the hosts file still remains, along with other little hints -- ftp.exe is almost identical to the BSD FTP utility. BSD also gets properly credited in the XP copyright notice

        I'm actually pretty sure its there for the half-assed posi
    • If the malware has enough permission to overwrite your HOSTS file.... what's stopping it from disabling Windows File Protection before unloading dnsapi.dll & patching it?

      Admittedly, Windows won't like you even trying to unload the dll, but if you can manage it, it'll be a 1 time reboot. After that, you're home free.
    • Windows has no effective security model. Users run as admin, so when they run spyware, the spyware runs as admin. Nothing is really protected from an admin, on windows most users basically run as root. So, there's really no way to protect an important part of windows OS except through obscurity. (yes, we all love it, "security through obscurity"!) The hosts file unfortunately is a well known weakness in the OS, so there's no hiding it. And since it's windows, there's no protecting it. So MS has to try
  • MSN (Score:2, Insightful)

    by Joe U ( 443617 )
    The only thing that troubles me is the inclusion of MSN.com in the list.

    The other hosts are used in Microsoft's patch distribution network and honestly is not something the average user would ever need to block. It is, however, something a virus/spyware program would love to block. So, if you want to block those hosts, buy a firewall, they're down to about $20.

    As for MSN, my only guess is that they don't want to block updates for MSN messenger.

    What we have to remember is that these sites are required to fix
    • Re:MSN (Score:3, Informative)

      by mrraven ( 129238 )
      20 dollars, try free, like AVG. AVG is pretty nice it operates in stealth mode so your computers ports are invisible to probes and alerts you when any new program tries tries to phone home. And no I'm not affiliated or invested in AVG in any way I just think it's cool they make a good firewall available for free.
      Yes it's propitiatory and closed source but at least free as in beer, shrug.
      Anyway I only run Windows in a virtual pc. sandbox so it won't infect my real O.S.
  • so...how is this a competitive advantage? why can't the competitors just use IP addresses instead of DNS?
  • Smart move from M$ (Score:3, Insightful)

    by Fantasio ( 800086 ) on Sunday April 16, 2006 @11:31AM (#15138400)
    How long before somebody poisons these adresses in the DNS servers ?

    An automatic update of WMP and your PC gets owned, and nothing can be done to prevent it!

    • by gclef ( 96311 )
      Patches from MS are cryptographically signed. You need to do more than just poison teh DNS for these hosts. You need to either steal MS' private signing key or break RSA.

      Let me know if you manage the second one.
      • by HermanAB ( 661181 )
        You don't need to break RSA - just replace the DLL that handles RSA with one that does nothing. Remember the PC is compromised - so the virus/spyware maker can do that and I think they have done it in the past.
  • Would be ok... (Score:3, Insightful)

    by thefogger ( 455551 ) on Sunday April 16, 2006 @11:32AM (#15138403)
    ...if Microsoft had documented this behavior. Yet still, I fail to see what the big deal is. So you can't force an IP address to a domain with hosts.txt for some sites that microsoft controls. If you need to do that, for example for some corporate filter or updating solution, you could just modify your own dns server. Home users on the other hand get more reliable access to windows update, which is very important. Otherwise it would be trivial for malware to block the computer from recieving updates, and the automatic updates would silently fail.

    Cheers, Fogger
  • Route to null (Score:5, Informative)

    by PlusFiveTroll ( 754249 ) on Sunday April 16, 2006 @11:32AM (#15138406) Homepage
    If the adware can change your hosts file then this is pretty useless anyway. Now all the software has to do is run a script that does the following

    nslookup whatever.microsofts.domains
    takes the list of return addresses and
    route ADD destination MASK mask INVALID INVALID INVALID foreach

    and your traffic to MS wont even leave the network card.
  • by Teun ( 17872 ) on Sunday April 16, 2006 @11:32AM (#15138410)
    How nasty of MS to interfere with my sig!
    Now I'll have to include a disclaimer...

    Just another reason to continue using a more robust system :)

  • Sensationalism (Score:3, Insightful)

    by Anonymous Coward on Sunday April 16, 2006 @11:45AM (#15138478)
    Who cares?

    Nothing prevents you from not using the operating system's resolver. Its trivial to implement your OWN DNS client in your programs, bypassing any HOSTS settings and other DNS resolver issues.

    I've never seen so many people who were so clueless and misinformed about the technical issues involved here.
  • If they removed other sites from the host file then there would be an article on Slashdot about how XYZ site can't be blocked in the host file and about how that is some nefarious evil plot by Microsoft. Microsoft did just what they should logically do: Removed their own sites from host lookups.
  • The real problem with this is that: 1. It wasn't documented, so people had to discover this non-intuitive exception. 2. It defeats the purpose of the hosts file. Had they also included the other AV vendors in the list and made the function public it may have seemed like a practical band aid to the hosts file hijacking problem. Instead they made it M$ only and hid it so it looks slimy. The issue is being addressed is also PEBKAC related.. If Windows users weren't logged in as admin the hosts file would be
    • If Windows users weren't logged in as admin the hosts file would be off limits.

      Problem is, Even Windows has problems with the limited user accounts. I tried setting up internet connection sharing, and I can't even connect to my ISP using a limited account.
  • How come the Department of Justice, supposedly "closely monitoring" Microsoft's monopoly abuse, isn't stopping this? How come Microsoft isn't afraid to pull this Internet bundling stunt, illegally leveraging its monopoly, after the "landmark decision" against them 6 years ago?
    • Because a decision does not guarantee enforcement.
    • Maby because it's not illegal?
    • This isn't something that is going to set off the radar in terms of monopoly practices. This is basically a way to help ensure that their product stays up to date. As anyone who has installed from an unpatched version of windows can attest to, you are racing against the clock to get everything updated and firewalled. A smart user will have their updates and firewall in place before they connect to the Internet, but well, not everyone is a smart user.

      Does this give Microsoft an advantage? Eh, maybe, but
  • by Opportunist ( 166417 ) on Sunday April 16, 2006 @11:58AM (#15138538)
    "Safeguarding" your hosts file against tampering is pointless. Yes, a few trojans toy with it. The ONLY place that's ever redirected afaik is updates.microsoft.com.

    So this is going to be celebrated as the hack against malware that keeps you from updating. Ohhhh great. Ok, next move from the malware writers is simply to keep a thread running that checks if something is coming in from the "unwanted" sites. If so, it's deleted before execution. Problem solved.

    There is no techical solution for social problems.
  • Comment removed based on user account deletion
  • If you want to bypass the hosts file all you need to do is connect by using the IP address as opposed to the DNS name. Sure it seems a bit more complicated or problematic (incase DNS->IP pointing changes) but Im sure all malware programs would rather specify an IP instead of DNS. I would if I was creating a malware program :-)
  • by Cally ( 10873 ) on Sunday April 16, 2006 @04:31PM (#15139569) Homepage
    Here's a threaded view of the Full Disclosure thread, rather than the first follow-up post to Dave Korn's OP, which the story submitter seems to have decided would be a better way... http://archives.neohapsis.com/archives/fulldisclos ure/2006-04/thread.html#268 [neohapsis.com]
  • by ZOverLord ( 902034 ) on Monday April 17, 2006 @12:49AM (#15140909) Homepage Journal
    Just look Here for more info:

    http://msdn.microsoft.com/library/default.asp?url= /library/en-us/dns/dns/dnsquery.asp [microsoft.com]

    Also you can defeat a Host file by simply changing the priority of lookups using the registry, more here:

    http://www.dslreports.com/forum/remark,15900699~da ys=9999~start=20#15902844 [dslreports.com]

  • by Quizo69 ( 659678 ) on Monday April 17, 2006 @02:47AM (#15141085) Homepage
    Here' a simple solution to the Microsoft controlled DNS HOSTS file:

    http://treewalkdns.com/ [treewalkdns.com]

    Allows you to bypass Windows' own DNS server and gives you the useful feature of making DNS queries much quicker than resolving to your ISP all the time, among other benefits.

    Very easy to install for Joe User and just as easy to uninstall.

    HTH

If all else fails, lower your standards.

Working...