On Thu, Apr 13, 2006 at 06:29:15PM +0100, Dave Korn wrote: > > Hey, guess what I just found out: Microsoft have deliberately sabotaged > their DNS client's hosts table lookup functionality. > (...) I'd try to block (Windows Media Player) it in my hosts file. > Microsoft DNS client special-cases 'go.microsoft.com' and refuses to look > it up in the hosts file. > I'm running fully up-to-date Windows XP SP2. I don't have any pfw > software that could conceivably be interfering, and the windows firewall is > running with more-or-less the default settings (I've only added a couple of > exceptions, no other changes). I don't think this is a false positive. > > On reading through %WINDIR%\system32\dnsapi.dll with 'strings', I find the > following hostnames listed. I assume they are all also singled out for > special treatment:- > > www.msdn.com > msdn.com > www.msn.com > msn.com > go.microsoft.com > msdn.microsoft.com > office.microsoft.com > microsoftupdate.microsoft.com > wustats.microsoft.com > support.microsoft.com > www.microsoft.com > microsoft.com > update.microsoft.com > download.microsoft.com > microsoftupdate.com > windowsupdate.com > windowsupdate.microsoft.com > > [ I've verified that the same behaviour occurs for office.microsoft.com, > exactly as for go.microsoft.com, but haven't tried any of the others yet. > I'd bet real money on it, though. ] What's your point? It's not like it's the first piece of software ever to bypass the hosts file, is it? And if you're a software giant, that's easy to do at a lower level. Blacklisting IP addresses by /etc/hosts or equivalent is an extremely broken way of blocking, anyway; and vague hacks like that need not be supported. Use a real, non-host-based firewall. Of course, you might wish to stop certain software from phoning home. Fine, but use something that works - MS is evil in many ways, but not because this particular hack happens not to work. Switching to OSS quite nicely solves all these problems, though. Joachim
