Windows bypassing Hosts

I have received several emails from users concerned that Windows is bypassing the Hosts file.

It is true that Windows allows some Microsoft sites even if they are blocked in the Hosts file.
After some internet research and forensics on my own computer I have found a list of hostnames
hard coded into the dnsapi.dll in the System32 directory.

On my computer these hostnames are:

www.msdn.com
msdn.com
www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
support.microsoft.com
www.microsoft.com
microsoft.com
update.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.microsoft.com
* office.microsoft.com
* microsoftupdate.microsoft.com
* wustats.microsoft.com
* windowsupdate.com

The starred hostnames are still blocked if in the Hosts file.

All other hostnames being blocked in my Hosts file that I tested were still being blocked.

Personally I do not see this as a major concern just yet as only a few Microsoft sites bypass
the Hosts.

5
Leave a Reply

avatar
2 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
  Subscribe  
newest oldest
Notify of
Alan
Guest
Alan

Can the dnsapi.dll be patched, i.e the strings removed?

Nightwalker
Guest
Nightwalker

I’m pretty unhappy about the way microsoft did this, very sneaky.
I guess they did it to track illegal copies of Windows?