Bugtraq mailing list archives
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
From: "Geo." <geoincidents () nls net>
Date: Thu, 20 Apr 2006 08:18:40 -0400
MSN and MSDN. It is to keep hosts file entries from taking users to phishing sites where they may enter credentials that could be stolen.
So you agree with me, that it's more for passport functionality than to allow trojaned users to get to windows update.
It's not Microsoft's job to protect Symantec customers.
No it's not, it's Microsoft's job to protect windows users, millions of who use NortonAV. But it would seem that MS is more interested in protecting their user tracking information than the users.
Because "hosts" is a simple text file that is designed to be edited and maintained by the administrator of the machine.
It would be trivial to create a hosts editing GUI interface that could manage a protected hosts file. Does anyone but me long for the days of the NT team where they wouldn't do something if they couldn't do it right? I mean what's next, they going to modify firewall settings if the user has locked out features that are required for windowsupdate or passport to work?
This is really simple. MyDoom altered the hosts file so people couldn't
hit
go.microsoft.com, so they added an exception list for their sites.
The right way to fix it would have been to ask the user before bypassing hosts since by your own statements hosts is a file for the administrator to manage. Perhaps the admin put MS sites in hosts files to keep his users from updating components on their own?
The reason it wasn't documented was so that malware authors wouldn't know
to
bypass it, but now some do. Oh well, worked for a while.
Oh please lets not justify sneaky stuff that affects a users security settings by saying it had to be done sneaky so the hackers wouldn't know, the hackers figure this stuff out in seconds. Just mark this as a stupid idea and add a popup before it bypasses values in the hosts file so the user is allowed to permit or deny it. Had they done that I would have defended their actions, it's when they mess with a users security without asking that I find it inappropriate behavior for a company like MS. Geo.
Current thread:
- RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Derek Soeder (Apr 14)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 17)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Ansgar -59cobalt- Wiechers (Apr 18)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Paul Wouters (Apr 19)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo. (Apr 19)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo. (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 25)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 17)
- <Possible follow-ups>
- Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup john (Apr 19)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)