Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Microsoft Bypasses HOSTS File

Posted by CmdrTaco on Sun Apr 16, 2006 11:10 AM
from the they-know-what's-best dept.
whitehatlurker writes "Dave Korn announced on the Full Disclosure and Bugtraq security lists that Microsoft is bypassing local lookups for some hosts, meaning that you can't locally block some sites through your HOSTS file. All of these sites are MicroSoft controlled sites. The general feeling in the rest of the thread is that this was to obfuscate these hosts and prevent them from being blocked by malware. However, there are no non-MicroSoft hosts listed, giving a competitive advantage for MicroSoft's anti-malware tools over other brands."
This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • Not a useful thing for MS to do (Score:5, Interesting)

    by mgv (198488) * <Nospam,01,slash2dot&veltman,org> on Sunday April 16 2006, @11:11AM (#15138285)
    (Last Journal: Sunday January 22 2006, @06:55AM)
    I would have thought that if you cant subvert the HOSTS file then all you have to do is to intercept any DNS lookup of these MS addresses and you would have the same effect.

    If you are trying to stop MS software from talking to home, then just use an external firewall.

    Michael
  • Is this necessarily a bad thing? (Score:5, Interesting)

    by BluhDeBluh (805090) on Sunday April 16 2006, @11:12AM (#15138291)
    It helps prevent Malware. Sure, MS might have a slim advantage, but it also prevents otherwise botted PCs from accessing MS Updates against things like Blaster. I don't see this as being such a big deal.
  • So what? (Score:4, Insightful)

    by nametaken (610866) on Sunday April 16 2006, @11:14AM (#15138306)
    People should know by now, when you go MS, you don't buy the horse, you buy the farm. You wanna segment and pick and choose on the MS platform? Good luck.
  • Ad blocking (Score:5, Interesting)

    by aembleton (324527) <aembleton AT gmail DOT com> on Sunday April 16 2006, @11:16AM (#15138316)
    (http://blerg.net/)
    Microsoft could also be using this to prevent users from blocking MSN messenger ad servers.
  • Permissions? (Score:5, Insightful)

    by tomstdenis (446163) <tomstdenisNO@SPAMgmail.com> on Sunday April 16 2006, @11:19AM (#15138329)
    (http://libtom.org/)
    tom@localhost ~ $ ls -l /etc/hosts
    -rw-r--r-- 1 root root 519 Oct 19 12:13 /etc/hosts

    ....

    Why can't windows just make the host files read only.
    • Re:Permissions? by mikerm19 (Score:1) Sunday April 16 2006, @11:22AM
      • Re:Permissions? (Score:5, Insightful)

        by tomstdenis (446163) <tomstdenisNO@SPAMgmail.com> on Sunday April 16 2006, @11:26AM (#15138377)
        (http://libtom.org/)
        Yes, but the motivation to ignore the hosts file is because of viruses that could overwrite it.

        So ... if a user level virus couldn't write to the host file ...

        Think about it.

        Tom
        [ Parent ]
        • Re:Permissions? by thmnetwork (Score:1) Sunday April 16 2006, @11:36AM
        • Re:Permissions? (Score:5, Insightful)

          by secolactico (519805) on Sunday April 16 2006, @11:41AM (#15138461)
          (Last Journal: Wednesday March 27 2002, @09:26PM)
          So ... if a user level virus couldn't write to the host file ...

          Which leads us back to the primordial Windows security problem: users running with admin priviledges.

          In the example you provided in the previous post, /etc/hosts is writable only by root. If user runs as root all the time, then it's back to square one.

          As far as I know Windows host file is only writable by Administrator level (dunno, I don't have a Windows machine with me right now). Is it otherwise?
          [ Parent ]
          • Re:Permissions? (Score:4, Informative)

            by Foolhardy (664051) <[csmith32] [at] [gmail.com]> on Sunday April 16 2006, @12:43PM (#15138702)
            On Windows Server 2003 SP1:
            C:\WINNT\system32\drivers\etc\hosts
            BUILTIN\Users :R
            BUILTIN\Power Users:R
            BUILTIN\Administrators:F
            NT AUTHORITY\SYSTEM:F
            Normal and power users get read, Administrators and SYSTEM get full control, all inherited from the drivers directory.

            You're absolutely right about the root problem as running everything as admin. Almost all the malware that I've seen fails miserably unless run as admin, and that which does run can't infect the entire system. I guess the users that know enough to run as a normal user are the same ones that avoid that crap in the first place.
            [ Parent ]
        • Re:Permissions? by 1u3hr (Score:2) Sunday April 16 2006, @11:50AM
        • Re:Permissions? (Score:5, Funny)

          by Homology (639438) on Sunday April 16 2006, @11:57AM (#15138534)
          So ... if a user level virus couldn't write to the host file ...

          Think about it.

          Dear Tom,
          this is Slashdot and the term "think" does not apply.

          [ Parent ]
        • Re:Permissions? by fermion (Score:3) Sunday April 16 2006, @12:03PM
        • Re:Permissions? by Omaze (Score:2) Sunday April 16 2006, @01:27PM
        • 1 reply beneath your current threshold.
    • Re:Permissions? (Score:5, Insightful)

      by v1 (525388) on Sunday April 16 2006, @11:27AM (#15138378)
      (http://vftp.net/ | Last Journal: Saturday December 09 2006, @09:52PM)
      Windows security is as effective as a screen door on a submarine.

      It'd take the malware makers about an hour to find any of the what, probably 80 holes that would let them go around such windows security. A back-and-forth battle like that could easily go on for months if not years. In unix, security and permissions are the foundation, on top of which everything is built. In windows, security is a hack that was added on later with no due consideration during the initial design phase of windows. It's no wonder it's next to impossible to get it to work the way you want it to.

      When you are designing security, the sad truth of it is, the user is the enemy. There's no nicer way to look at it. So it takes a great deal of care to design a security system that can withstand the assult of a user while at the same time being functional and serving the user. It's too late for windows to make those design considerations. They have errored on the side of functionality and sacrificed the security of the system. There is no fixing that.
      [ Parent ]
    • Re:Permissions? by dioscaido (Score:2) Sunday April 16 2006, @11:35AM
    • Re:Permissions? (Score:5, Insightful)

      by saleenS281 (859657) on Sunday April 16 2006, @11:54AM (#15138524)
      (http://www.liquidshells.net/)
      funny, I see write access by root there. And last I checked, when malware *owns* windows, it's local root, which means the permissions you speak of would amount to absolutely nothing... And btw, you can make it read only to normal users, but again, this would accomplish nothing.
      [ Parent ]
    • Re:Permissions? by spongman (Score:1) Sunday April 16 2006, @03:22PM
    • Re:Permissions? by Tim C (Score:2) Sunday April 16 2006, @04:50PM
    • Re:Permissions? by drsmithy (Score:2) Sunday April 16 2006, @06:28PM
    • Re:Permissions? by Allador (Score:1) Tuesday April 18 2006, @09:42AM
    • 2 replies beneath your current threshold.
  • Well, lucky I've got that brand new tinfoil-hat!
  • Potentially unfair... (Score:5, Insightful)

    by Maul (83993) on Sunday April 16 2006, @11:22AM (#15138351)
    (Last Journal: Tuesday March 09 2004, @01:55AM)
    The main problem is not that you can't block MS addresses, it is that MS is only preventing their addresses from being blocked. Since they are now getting into the security business, this gives them what could be seen as an unfair advantage.

    Let us say that Joe User gets a piece of Malware, so he decides to visit a security company to find a solution to his problem. However, the malware has modified his hosts file to block security company web pages from being accessed, which is extremely typical. Joe User is not experienced enough to even know there is a hosts file that he could change back.

    Joe User's first attempt would likely be to norton.com, symantec.com (both go to Symantec's main page), or mcafee.com, since these names are pretty much synonymous with antivirus software. However, all of those are blocked and he can't access them.

    However, if he goes to microsoft.com, he can go there since the hosts file is subverted in the OS. Since he can't spend the time to figure out why he can't access the others, he purchases Microsoft's AV solution.
  • Yet Another Band-Aid? (Score:5, Insightful)

    by displaced80 (660282) on Sunday April 16 2006, @11:23AM (#15138360)
    Hmm. This seems a bit ass-backwards to me.

    Rather than having to ignore the HOSTS file because it may be malicious, shouldn't the solution be to prevent HOSTS from getting mangled in the first place?

    (oh, and on an unrelated note: why on earth is the Win32 HOSTS file buried away under C:\Windows\System32\Drivers\etc\? I mean.... 'drivers'?!!? Bizarre.

  • MSN (Score:2, Insightful)

    by Joe U (443617) on Sunday April 16 2006, @11:24AM (#15138362)
    (http://slashdot.org/ | Last Journal: Monday August 20, @10:21AM)
    The only thing that troubles me is the inclusion of MSN.com in the list.

    The other hosts are used in Microsoft's patch distribution network and honestly is not something the average user would ever need to block. It is, however, something a virus/spyware program would love to block. So, if you want to block those hosts, buy a firewall, they're down to about $20.

    As for MSN, my only guess is that they don't want to block updates for MSN messenger.

    What we have to remember is that these sites are required to fix a broken system, so I don't view this as just an advantage for MS antispyware.
    • Re:MSN by mrraven (Score:3) Sunday April 16 2006, @12:21PM
      • Re:MSN by techno-vampire (Score:2) Sunday April 16 2006, @02:00PM
        • Re:MSN by mrraven (Score:1) Sunday April 16 2006, @03:17PM
    • Re:MSN by Ksigpaul (Score:1) Sunday April 16 2006, @01:53PM
      • Re:MSN by pembo13 (Score:1) Sunday April 16 2006, @11:13PM
    • Re:MSN by Locutus (Score:2) Sunday April 16 2006, @02:44PM
    • Re:MSN by ClamIAm (Score:1) Sunday April 16 2006, @03:08PM
      • Re:MSN by ClamIAm (Score:1) Monday April 17 2006, @05:46PM
      • 1 reply beneath your current threshold.
  • by Jose (15075) on Sunday April 16 2006, @11:24AM (#15138366)
    (http://jeke.fdns.net)
    so...how is this a competitive advantage? why can't the competitors just use IP addresses instead of DNS?
  • Smart move from M$ (Score:3, Insightful)

    by Fantasio (800086) on Sunday April 16 2006, @11:31AM (#15138400)
    How long before somebody poisons these adresses in the DNS servers ?

    An automatic update of WMP and your PC gets owned, and nothing can be done to prevent it!

  • Would be ok... (Score:3, Insightful)

    by thefogger (455551) on Sunday April 16 2006, @11:32AM (#15138403)
    ...if Microsoft had documented this behavior. Yet still, I fail to see what the big deal is. So you can't force an IP address to a domain with hosts.txt for some sites that microsoft controls. If you need to do that, for example for some corporate filter or updating solution, you could just modify your own dns server. Home users on the other hand get more reliable access to windows update, which is very important. Otherwise it would be trivial for malware to block the computer from recieving updates, and the automatic updates would silently fail.

    Cheers, Fogger
  • Route to null (Score:5, Informative)

    by PlusFiveTroll (754249) on Sunday April 16 2006, @11:32AM (#15138406)
    (http://www.hificans.com/)
    If the adware can change your hosts file then this is pretty useless anyway. Now all the software has to do is run a script that does the following

    nslookup whatever.microsofts.domains
    takes the list of return addresses and
    route ADD destination MASK mask INVALID INVALID INVALID foreach

    and your traffic to MS wont even leave the network card.
  • Interference with my sig! (Score:4, Funny)

    by Teun (17872) on Sunday April 16 2006, @11:32AM (#15138410)
    (http://www.xs4all.nl/~dverbeek)
    How nasty of MS to interfere with my sig!
    Now I'll have to include a disclaimer...

    Just another reason to continue using a more robust system :)

  • Sensationalism (Score:3, Insightful)

    by Anonymous Coward on Sunday April 16 2006, @11:45AM (#15138478)
    Who cares?

    Nothing prevents you from not using the operating system's resolver. Its trivial to implement your OWN DNS client in your programs, bypassing any HOSTS settings and other DNS resolver issues.

    I've never seen so many people who were so clueless and misinformed about the technical issues involved here.
  • by PepeGSay (847429) on Sunday April 16 2006, @11:48AM (#15138496)
    If they removed other sites from the host file then there would be an article on Slashdot about how XYZ site can't be blocked in the host file and about how that is some nefarious evil plot by Microsoft. Microsoft did just what they should logically do: Removed their own sites from host lookups.
  • The problems with this (Score:2, Insightful)

    by bobbutts (927504) <bobbutts@gmail.com> on Sunday April 16 2006, @11:50AM (#15138512)
    The real problem with this is that: 1. It wasn't documented, so people had to discover this non-intuitive exception. 2. It defeats the purpose of the hosts file. Had they also included the other AV vendors in the list and made the function public it may have seemed like a practical band aid to the hosts file hijacking problem. Instead they made it M$ only and hid it so it looks slimy. The issue is being addressed is also PEBKAC related.. If Windows users weren't logged in as admin the hosts file would be off limits.
  • How come the Department of Justice, supposedly "closely monitoring" Microsoft's monopoly abuse, isn't stopping this? How come Microsoft isn't afraid to pull this Internet bundling stunt, illegally leveraging its monopoly, after the "landmark decision" against them 6 years ago?
  • How is that news anyway :)
  • FUD flying low again (Score:3, Insightful)

    by Opportunist (166417) on Sunday April 16 2006, @11:58AM (#15138538)
    "Safeguarding" your hosts file against tampering is pointless. Yes, a few trojans toy with it. The ONLY place that's ever redirected afaik is updates.microsoft.com.

    So this is going to be celebrated as the hack against malware that keeps you from updating. Ohhhh great. Ok, next move from the malware writers is simply to keep a thread running that checks if something is coming in from the "unwanted" sites. If so, it's deleted before execution. Problem solved.

    There is no techical solution for social problems.
  • how long? (Score:2)

    by MrP- (45616) <rob@@@elitemrp...net> on Sunday April 16 2006, @12:06PM (#15138571)
    (http://elitemrp.net/)
    how long has this been going on? i know about a year ago when that virus that targeted windowsupdate came out, dns for windowsupdate.mirosoft.com wasnt working so I used the host file to force the domains to resolve and get to windows update.. so back then using windows update domains in the host file worked fine.
    • Re:how long? by tigrezno (Score:1) Sunday April 16 2006, @12:10PM
  • So whats the big deal (Score:2, Informative)

    by poind3xt3r (890661) on Sunday April 16 2006, @12:31PM (#15138655)
    If you want to bypass the hosts file all you need to do is connect by using the IP address as opposed to the DNS name. Sure it seems a bit more complicated or problematic (incase DNS->IP pointing changes) but Im sure all malware programs would rather specify an IP instead of DNS. I would if I was creating a malware program :-)
  • Completely irrelevant (Score:1, Insightful)

    by mstefan (635858) on Sunday April 16 2006, @12:34PM (#15138673)
    It's trivial to directly perform a DNS query. Any third-party application (including malware) can do exactly the same thing Microsoft is doing, there's no "secret sauce" here that's only available to the coders in Redmond.
  • by puzzled (12525) on Sunday April 16 2006, @01:49PM (#15138938)
    (Last Journal: Monday February 20 2006, @09:53AM)


    ip route [offending block] Null0
    router ospf 1
    redistribute static subnets route-map MSFT-GO-AWAY-NO

    route-map MSFT-GO-AWAY-NO
        mat ip addr prefix-list LOSER-MONOPOLIST

    ip prefix-list LOSER-MONOPOLIST permit [offending block]

        From memory, but should work under IOS. You have to be root on my desktop to change /etc/hosts, so I don't think about this stuff all that much.

  • Lawsuit (Score:1)

    by Zorix (968629) on Sunday April 16 2006, @01:53PM (#15138969)
    (http://www.zorix.us/)
    Let's see what companies like Syamntec and McAfee will do now. Can't forget the EU either.
    • 1 reply beneath your current threshold.
  • by suv4x4 (956391) on Sunday April 16 2006, @02:11PM (#15139054)
    Making it harder for malware to abuse our computers, or make sure that if not everybody can bypass hosts, then none can, so that we're all screwed. Think about it.
  • The thing that really makes me want to stay away from Microsoft software (and proprietary software in general, though Microsoft seems particularly prone to it) is exactly this sort of behavior. For a long time I've had the sentiment that Unix was more secureable than Windows (securable, not secure-out-of-the-box, since neither of them is that), precisely because I find it much easier to look at a Unix system (particularly one which I have the full sources to) and understand what it is doing than I do when using a Windows system.

    I assume this is actually undocumented behaviour, since I haven't seen anyone claim to have known about it before now, nor can I find any references on MSDN about it. Having unintuitive and undocumented behaviour is exactly the sort of thing that makes it very hard to gain a correct mental model of how a system behaves, and if you don't even understand how the system works I don't see how one can secure or troubleshoot the system in a way that isn't essentially "shotgun debugging".

    My $.02
  • rest of the FD thread (Score:3, Interesting)

    Here's a threaded view of the Full Disclosure thread, rather than the first follow-up post to Dave Korn's OP, which the story submitter seems to have decided would be a better way... http://archives.neohapsis.com/archives/fulldisclos ure/2006-04/thread.html#268 [neohapsis.com]
  • This is normal (Score:1)

    by Gerzel (240421) <gwsears&unity,ncsu,edu> on Sunday April 16 2006, @04:44PM (#15139605)
    (Last Journal: Monday May 07 2007, @06:51AM)
    Microsoft just felt threatened by Google starting to wear the evil dress. So to make up for it MS has shown off some evil it has been keeping on a back burner.
  • by grudgelord (963249) on Sunday April 16 2006, @04:54PM (#15139637)
    Some time back I was doing some work for a particularly draconian client who wanted all web traffic restricted to pre-approved sites for all users at his business. I repeatedly suggested that we go with a server based solution but he was convinced that Content Advisor would solve the problem. He failed to realize that CA is a very poor tool for this as it just doesn't work well for several hundred workstations nor does it have a centralized administration point. But he was convinced that he knew more about the topic, "It'll work fine, just go ahead and do it." So...

    He wanted anything not explicitly approved by him to be blacklisted and specifically named msn.com and a few other popular office time-waster sites (yahoo, etc.). It was through this process that I discovered that neither content advisor nor manipulation of the hosts file will block msn.com or other Microsoft sites. As MS has never made it public knowledge that you cannot block these sites in this manner I ended up looking rather foolish when I couldn't black-list. I had guessed at that time what was actually happening but I had no proof of documentation on which to fall back.

    At least I reduced the list propagation time by setting up the list on one machine and pushing the registry to the remainder but the damn thing never did work right, it was such a hack job and I'm ashamed of it when I look back in retrospect. I wish they'd let me do it right.

    If MS had disclosed this change (along with the Content Advisor change) I wouldn't have felt so foolish.
  • Pah (Score:2)

    by James Youngman (3732) on Sunday April 16 2006, @05:21PM (#15139720)
    (http://excession.spiral-arm.org/jay/)
    If you don't like the way that Microsoft software works, use something else already. Sheesh.
  • Apple seems to do the same with OS X (Score:1, Informative)

    by Anonymous Coward on Sunday April 16 2006, @05:32PM (#15139750)
    Oddly enough, I just noticed this today with OS X.

    Try creating a host entry over configuration.apple.com on 10.4.6.
  • they dont care (Score:1)

    by MERVERNATOR (589408) on Sunday April 16 2006, @06:04PM (#15139823)
    I highly doubt they care as much about using this to stop malware as they say,.. but rather use it as a way to control product activations from being redirected.
  • Well (Score:2)

    by TCM (130219) on Sunday April 16 2006, @07:30PM (#15140102)
    I don't know if it's been said already, but using the hosts file to reliably "block" anything is a very stupid idea to begin with.

    The hosts file is there to provide name-to-address translation for crucial hosts which might be needed before DNS is available. It has no features like pattern matching or blocking by address range, because that's entirely out of its scope.

    Another side effect of abusing the hosts file is ambiguous errors. Because access to ad servers in the hosts file is not "blocked" but rather redirected to 127.0.0.1, you are twisting semantics about why this or that URL doesn't work now.

    If you need to block networks/URLs by pattern and for HTTP only, you should use a proxy like squid.

    I won't even begin to rant how using the hosts file for more than 1 computer is phenomenally stupid. Seriously, the guy who came up with this abuse should be severely beaten over with a cluestick.

    </rant>
    • Re:Well by TCM (Score:3) Sunday April 16 2006, @08:55PM
    • Re:Well by TheDarkener (Score:2) Monday April 17 2006, @11:11AM
  • From the Fine Article:

    I'm gobsmacked by this: corrupting the resolver is little short of an intentional dns poisoning attack. It's as if internet explorer had special code in it to see if you were doing an internet search for 'microsoft products' and then altered the results to only return favourable reviews that microsoft wanted you to see.

    Actually, it's exactly like that. Special cases, which can be added or subtracted on Windoze update, can effectively censor the internet for you. Imagine they intermittently broke connections to sites they did not like. The user would never know, the site would be blamed and abandoned. That nasty and it's exactly what M$ likes to do to their perceived competition.

  • by kmeister62 (699493) on Sunday April 16 2006, @08:01PM (#15140208)
    I wonder what version of DNS code MS uses. I find it rather interesting that the HOSTS file in MS Windows is located in ../etc/ directory.
  • So what? (Score:2)

    by Eskarel (565631) on Sunday April 16 2006, @08:17PM (#15140259)
    So they set up windows so it always does a DNS lookup on microsoft sites? So bloody what?

    They aren't spying on you any more than they already were. They're ensuring that you can always get to their sites for patches and support. They aren't doing it for anyone elses sites because it's not their business to do that.

    I just really don't see what the big deal on this is, your average user will never use the hosts file, and you need to get to Microsoft sites to patch and maintain your microsoft system. If you don't want to deal with Microsoft don't use their OS, they're not doing anything particularly wrong here.

    • Re:So what? by angrykeyboarder (Score:1) Sunday April 16 2006, @11:48PM
  • by shanman (56664) on Monday April 17 2006, @12:00AM (#15140821)
    (http://www.shanman.net)
    I tried a few on the localhost line. DNSAPI seems to honor them.

    For example:

    127.0.0.1 localhost www.microsoft.com

    PING www.microsoft.com resolves to 127.0.0.1 (and succeeds ;)

    and http://www.microsoft.com/ [microsoft.com] fails (resolvs to 127.0.0.1 then redirs to a search)

    Move it to it's own line, and the "trigger" kicks in.

    I'm running WXP SP2 (w/ all the latest patches)
  • Just look Here for more info:

    http://msdn.microsoft.com/library/default.asp?url= /library/en-us/dns/dns/dnsquery.asp [microsoft.com]

    Also you can defeat a Host file by simply changing the priority of lookups using the registry, more here:

    http://www.dslreports.com/forum/remark,15900699~da ys=9999~start=20#15902844 [dslreports.com]

  • by ignavus (213578) on Monday April 17 2006, @01:22AM (#15140979)
    They may well over-rule the HOST file ... but *I* administer the firewall, the router and the DNS server.

    What's that URL you want to look up?

    Where do you want to have that packet sent? Oh, THAT IP, huh? Sure, I will.

    Bwahahaha!
  • Use Treewalk DNS instead (Score:3, Informative)

    by Quizo69 (659678) on Monday April 17 2006, @02:47AM (#15141085)
    (http://www.visceralpsyche.com/)
    Here' a simple solution to the Microsoft controlled DNS HOSTS file:

    http://treewalkdns.com/ [treewalkdns.com]

    Allows you to bypass Windows' own DNS server and gives you the useful feature of making DNS queries much quicker than resolving to your ISP all the time, among other benefits.

    Very easy to install for Joe User and just as easy to uninstall.

    HTH
  • by bedammit (678849) on Monday April 17 2006, @04:57AM (#15141222)
    Spyware using an LSP can circumvent this I'm sure. see this link on coding an LSP http://www.microsoft.com/msj/0599/LayeredService/L ayeredService.aspx [microsoft.com]
  • cooool (Score:1)

    by suezz (804747) on Monday April 17 2006, @08:00AM (#15141504)
    this is the just an example of what drm and trusted computing that your wonderful senators are pushing for.

    this is just the beginning folks - be ready for the rest with vista - drm and trusted computing are so cool - now you will get spam from only companies that pay microsoft more money to send spam.

    here is a solution to this problem - buy linux and you will be in control of your own computer.
  • Here Microsoft adds features to one of their products to increase security and the effectiveness of their antispyware products, and we call them evil. THIS IS A GOOD THING. They didn't extend this feature to their direct competitors - big deal? Guess what? That's what competitive marketplaces are all about.

    What would you rather they did? I mean they could've not added these features - would that be better? They're NOT going to offer to extend these protections to their competitors - that's less evil to consumers but more evil to shareholders - what could they have done that would be less evil?
  • it can just get the dns server ips through iphlpapi and talk to them directly.

    so no real competitive advantage
  • M$ Modus (Score:1)

    by SirLanse (625210) <swwg69 AT yahoo DOT com> on Monday April 17 2006, @01:18PM (#15143571)
    They have a way to make things work that is undocumented.
    This works better than anybody else's methods.
    When someone else starts to use it,
    M$ changes it.
    It is undocumented, so it is ok to chang it, WITHOUT NOTICE.
    The other company's stuff crashes.
    M$ Profit!!
    -- They did this to WordPerfect and Lotus, now only Office survives.

  • What about ipsec? (Score:2)

    by Kazoo the Clown (644526) on Monday April 17 2006, @03:35PM (#15144514)

    If they also bypass ipsec that could mean real trouble. The organization I work for has told the employees not to upgrade to XP SP2 due to software incompatibility issues (I had to anyway, as I'm running SQL Server 2005 & VS 2005 which required SP2, and I'm not sure just what's supposed to be incompatible with what).

    If an organization chose to try to use ipsec to distribute blocking filters as part of their security policy and MS bypassed them, I'd think there'd be some issues with that...

    Haven't tried it yet, but may get around to it sooner or later...

  • Re:Hm? (Score:1)

    by FudRucker (866063) on Sunday April 16 2006, @11:39AM (#15138451)
    what a gentle euphemism...
    [ Parent ]
  • Monopolies (Score:5, Insightful)

    by Tony (765) on Sunday April 16 2006, @11:46AM (#15138489)
    (http://zoeshire.com/ | Last Journal: Thursday October 31 2002, @05:12PM)
    A court of law has determined that Microsoft is a monopoly. One of the anti-trust regulations specifies that you cannot use your monopoly power to force your way into another market; that was the heart of the conviction against Microsoft in the Netscape case. Microsoft used their monopoly to oust Netscape as the dominant browser by bundling, which is illegal.

    Now they are using that same monopoly power to take over the anti-malware market.

    I'm rather ambivilent about this. On one hand, it is just one more case of Microsoft waiting for a market to mature, then forcing their way into it. On the other hand, this market wouldn't exist if it wasn't for their own shoddy products, so it's really Microsoft's reponsibility to fix it. However, malware protection software isn't the correct answer, it's just the most expedient, with a potential for additional profit.

    All-in-all, it's just Microsoft's usual game: own the system, rig the system, use that to take over another system. Keep secrets, and act all coy when your secrets are discovered.
    [ Parent ]
    • Sensationalist FUD by Kiaser Wilhelm II (Score:2) Sunday April 16 2006, @12:10PM
    • Re:Monopolies by idesofmarch (Score:2) Sunday April 16 2006, @12:11PM
      • Re:Monopolies by Changa_MC (Score:1) Sunday April 16 2006, @02:02PM
        • Re:Monopolies by drsmithy (Score:2) Sunday April 16 2006, @07:00PM
          • Re:Monopolies by Changa_MC (Score:1) Thursday April 27 2006, @05:21PM
      • Re:Monopolies by 99BottlesOfBeerInMyF (Score:2) Sunday April 16 2006, @02:09PM
      • Re:Monopolies by dryeo (Score:2) Sunday April 16 2006, @02:15PM
      • Re:Monopolies (Score:4, Insightful)

        by toddestan (632714) on Sunday April 16 2006, @03:58PM (#15139472)
        How did Microsoft financially benefit from Internet Explorer's dominance? IE is and always has been a free product. More relevant to this topic

        Back in the day, Netscape was developing web applications. This was kind of scary for Microsoft, as this shifted the focus away from the operating system and to the browser. Back then, Netscape ran on almost everything (Windows, Mac, Linux, BSD, OS/2, etc), and if in the future the user did all their work under web applicatons, then suddenly the underlying OS would become less important. Why spring for a Windows license to run Netscape when you could download Linux for free?

        So Microsoft's response was Internet Explorer. At first it seemed that Microsoft was going with the Netscape route of supporting multiple platforms, but they quickly killed off everything but IE for Windows (Except for the Mac version, which lingered on quite a bit longer before finally getting axed). From there they made their browser not quite standards compliant (but close enough to get people to switch to it), and created ActiveX. They then integrated all of this into Windows and their respective server software. This made it easy for people to create Web applications and content that only worked properly under Internet Explorer for Windows, and many of these ended up being made - particularly for company intranets. At first, this seemed great for companies that basically ran Windows everywhere, but it also locked them into Microsoft's software. This is likely one of the reasons why Windows is still so dominant on the desktop, and is also one of the main reasons why in the bizarro-land of slashdot circa April, 2006, Mac users are so excited about running Windows on their Apple machines.

        Of course, the threat of Web applications is coming around again, with open standards like XML threating to make your choice of OS less revelevent, and even your choice of browser unimportant (so long as it supports the open standards). I'm not sure what Microsoft has in store for this round (if anything), as IE7 seems to be too little, too late - and the popularity of Linux and OSX growing.

        So in conclusion, Internet Explorer wasn't so much about crushing Netscape Navigator, as it was about crushing Web applications that could run everywhere.
        [ Parent ]
      • 1 reply beneath your current threshold.
    • Re:Monopolies by TubeSteak (Score:2) Sunday April 16 2006, @12:13PM
    • Re:Monopolies by TheNetAvenger (Score:2) Sunday April 16 2006, @02:15PM
      • Re:Monopolies by TheNetAvenger (Score:2) Sunday April 16 2006, @11:44PM
      • 1 reply beneath your current threshold.
    • Re:Monopolies by frostoftheblack (Score:1) Sunday April 16 2006, @05:13PM
    • Not just a monopoly by KwKSilver (Score:2) Sunday April 16 2006, @06:13PM
    • Re:Monopolies by Kaenneth (Score:2) Monday April 17 2006, @03:15AM
  • At most it makes it slightly harder to do. They have to do some browser/IP stack hijacking instead. With browser hijacking they could then also get rid of the SSL certificate warnings, maybe.
    [ Parent ]
  • Re:They control the haiku (Score:4, Interesting)

    by Psykechan (255694) on Sunday April 16 2006, @01:35PM (#15138871)
    (And my troll is in Haiku)

    Windows xp still better
    need to run useful software
    Mac and Linux are toys


    that is not quite right
    both the troll and the haiku
    are somewhat lacking

    but please understand
    Mac and Linux are not toys
    just other systems

    Windows has problems
    while it does have more software
    it is insecure

    please try something else
    you might find that you like it
    don't stagnate yourself

    if end users switch
    developers will follow
    more software for all

    so please help yourself
    and help the rest of the world
    try something else

    if you don't like them
    that is your prerogative
    simply don't use them

    but I'm warning you
    going back is much harder
    but it is your choice

    other OSes
    few viruses and malware
    true computing bliss

    as for poetry
    haiku sylable count is
    5-7-5
    [ Parent ]
    • 1 reply beneath your current threshold.
  • Re:WHY? (Score:5, Funny)

    by Mister Transistor (259842) on Sunday April 16 2006, @01:41PM (#15138897)
    (Last Journal: Sunday March 02 2003, @12:09PM)
    IIRC, it's a hangover from Windows 3.1 or maybe Win95.
    [ Parent ]
  • by caffeination (947825) on Sunday April 16 2006, @01:41PM (#15138898)
    Yes, Microsoft gives itself way too much control over their customers. But Apple isn't a better choice in this respect.
    [ Parent ]
  • Re:Uh, what?! (Score:2)

    by Scooter (8281) <<ten.9ecrof.avoncinna> <ta> <newo>> on Sunday April 16 2006, @07:54PM (#15140183)
    Couple of reasons:-

    Your argument assumes a one to one relationship between hostname and IP address. There just aren't enough addresses in a 4 byte address range (actually a lot less in practice) for every server, and every client to have it's own address. Many web servers host multiple web sites under different hostnames, in different domains, on the same IP address. You need to to use the hostname for these sites as that's how the server determines which of the many sites it hosts to give you.

    Take my site - http://www.muttsnutts.com/ [muttsnutts.com] It's hosted on my ISP's web server along with hundreds of others. Lookup the address:-

      ANSWER SECTION:
    www.muttsnutts.com. 14400 IN A 84.92.1.5

    Then try http://84.92.1.5/ [84.92.1.5] - you get the default site.

    Second, the reverse may be true - try doing a dig or nslookup of www.google.com - you'll get different addresses every time (or the same ones in a different order):-

      ANSWER SECTION:
    www.google.com. 278479 IN CNAME www.l.google.com.
    www.l.google.com. 30 IN A 216.239.59.147
    www.l.google.com. 30 IN A 216.239.59.99
    www.l.google.com. 30 IN A 216.239.59.103
    www.l.google.com. 30 IN A 216.239.59.104

      ANSWER SECTION:
    www.google.com. 278492 IN CNAME www.l.google.com.
    www.l.google.com. 43 IN A 216.239.59.99
    www.l.google.com. 43 IN A 216.239.59.103
    www.l.google.com. 43 IN A 216.239.59.104
    www.l.google.com. 43 IN A 216.239.59.147

    Granted, Microsoft could engineer their sites so that the IP address would work, but this places some severe restrictions on their web server farm's scale. As a couple of other posters mentioned - you could block the traffic in the routing table anyway, or just buy an external firewall and block the traffic there.

    I don't like the smell of this - especially as they didn't document it. It may seem harmless enough, or even beneficial, but is the first step onto a slippery slope. You probably agree to it in the EULA when you install though.
    [ Parent ]
    • Re:Uh, what?! by Kiaser Wilhelm II (Score:2) Sunday April 16 2006, @09:09PM
      • Re:Uh, what?! by Scooter (Score:2) Monday April 17 2006, @04:58AM
    • Re:Uh, what?! by Scooter (Score:2) Monday April 17 2006, @01:33PM
    • 2 replies beneath your current threshold.
  • 14 replies beneath your current threshold.