If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guessagain.
"Microsoft Defender flags hosts files with Microsoft server redirects as
malicious" The native antivirus client of the Windows 10 operating system, Microsoft Defender, has started to flag the hosts file on the system as malicious if it contains redirects for certain Microsoft servers. The hosts file is a simple plain text designed to redirect connections. Users find it under C:\Windows\System32\drivers\etc\hosts on any system and it is easy enough to redirect requests. It has been used for ages to block known malicious sites or advertisement sites. All you have to do is add redirects in the form of 127.0.0.1 www.microsoft.com to the hosts file to redirect requests to the site "www.microsoft.com" in this case to the local computer. The effect is simple: the request is blocked. __________________________________________________ _______________________ Full article is he https://www.ghacks.net/2020/08/04/mi...-as-malicious/ -- John C. |
Ads |
#2
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
John C. wrote:
"Microsoft Defender flags hosts files with Microsoft server redirects as malicious" The native antivirus client of the Windows 10 operating system, Microsoft Defender, has started to flag the hosts file on the system as malicious if it contains redirects for certain Microsoft servers. The hosts file is a simple plain text designed to redirect connections. Users find it under C:\Windows\System32\drivers\etc\hosts on any system and it is easy enough to redirect requests. It has been used for ages to block known malicious sites or advertisement sites. All you have to do is add redirects in the form of 127.0.0.1 www.microsoft.com to the hosts file to redirect requests to the site "www.microsoft.com" in this case to the local computer. The effect is simple: the request is blocked. __________________________________________________ _______________________ Full article is he https://www.ghacks.net/2020/08/04/mi...-as-malicious/ That's what the PiHole is for :-) An external filtration solution should take care of it. Paul |
#3
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file?Guess again.
Paul wrote:
That's what the PiHole is for :-) I thought Win10 from day one bypassed DNS lookups for the telemetry servers and had hard-coded IP addresses in the code? |
#4
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
Paul wrote:
John C. wrote: "Microsoft Defender flags hosts files with Microsoft server redirects as malicious" https://www.ghacks.net/2020/08/04/mi...r-flags-hosts- files-with-microsoft-server-redirects-as-malicious/ That's what the PiHole is for :-) In Windows 10? An external filtration solution should take care of it. Eh? |
#5
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
"John Nomen" wrote
That's what the PiHole is for :-) | In Windows 10? I'm guessing that was a joke. You'd need to set up a network, add a supported Linux system, then set up PiHole as the DNS server for the whole network. Not an attractive option and not feasible for most. An external filtration solution should take care of it. | Eh? My old router allowed me to block specific IP addresses. Oddly, my new router has less options and doesn't seem to include that one. I think the solution is really to just get off of Win10. There aren't many other options, but privacy on 10 is like putty on a sinking ship. You can go around and patch holes, but the water is coming in over the top. Yesterday I was working on setting up a Surface RT for someone. Not even Win10. 8.1. I sort of knew how bad it was, but it hadn't really sunk in. I'd never actually used such a device. The device is a spyware kiddie tablet (despite having been expensive to buy) that runs a handful of Microsoft programs and wants me to sign up at every turn. (I'm still not sure whether that can even be avoided.) The settings mention things like my "advertising ID"! I can't install software. So the only browser available is IE. It's barely worth having as an emergency device to check email on a trip. For anything else it's useless. And the mousepad repeatedly overreacts to hovers or things that might be similar to a swipe. What a mess! But I'm guessing that's the intended future for even Pro Windows -- service apps, ads and spyware. They'll figure out a way to let you use real software, if you must. But the growing lockdown is really the key to this. The less you can access control over the system, the less you can stop them. Anyone surprised by Win10 tricks has not been paying attention for the past 5 years. The recent Congressional hearings seem to be focussed on monopoly issues, which is fine, but no one's paying attention to the fact that the entire field of computing is being converted into locked down spyware data collectors hosting rental "consumer" services. (Google tablets and iPads seem to be pretty much the same thing. After all, Microsoft don't think these things up on their own.) |
#6
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
In article , Mayayana
wrote: That's what the PiHole is for :-) | In Windows 10? I'm guessing that was a joke. You'd need to set up a network, add a supported Linux system, then set up PiHole as the DNS server for the whole network. Not an attractive option and not feasible for most. actually, it's *very* easy to do on a raspberry pi. it can also be done in a vm or docker container in win10 or any other os. |
#7
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
John C. posted this:
"Microsoft Defender flags hosts files with Microsoft server redirects as malicious" The native antivirus client of the Windows 10 operating system, Microsoft Defender, has started to flag the hosts file on the system as malicious if it contains redirects for certain Microsoft servers. The hosts file is a simple plain text designed to redirect connections. Users find it under C:\Windows\System32\drivers\etc\hosts on any system and it is easy enough to redirect requests. It has been used for ages to block known malicious sites or advertisement sites. All you have to do is add redirects in the form of 127.0.0.1 www.microsoft.com to the hosts file to redirect requests to the site "www.microsoft.com" in this case to the local computer. The effect is simple: the request is blocked. __________________________________________________ _______________________ Full article is he https://www.ghacks.net/2020/08/04/mi...hosts-files-wi th-microsoft-server-redirects-as-malicious/ "Conspiracy theories"... "Conspiracy theories"... Everywhere "Conspiracy theories"... While working (or playing) in Windows 10 go through Start Settings Update & Security Windows Security Virus & threat protection select Manage settings under Exclusions, select Add or remove exclusions select Add an exclusion select from files, folders, file types, or process Navigate to the targeted desired exclusion... To wit: C:\Windows\System32\Drivers\etc\hosts Bahdda bing; bahdda bume! While Democrats, Liberals, Anarchists, Socialists, Hollywood Elitists, and our decadent Fake News Media will likely bemoan about this being unconstitutional and a betrayal of our oath of office, or violation of the TOS, or "putting your own interests above the interests of our country", you can safely ignore the rhetorical din and proceed like a rational, reasonable human being with a core set of human values which are not muddled by a Freudian level of 'Trump Derangement Syndrome' which is alternately directed at Microsoft and/or Windows as a self-inflicted substitute object from an inculcated, imprinted, and ingrained habitual paradigm... Hope this helps. -- I AM Bucky Breeder, (*(^; Resolve conflicts the American way : Rock - Paper - Scissors - Bitch on the Interwebs .... and I approve this message! |
#8
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file?Guess again.
Andy Burns wrote:
Paul wrote: That's what the PiHole is for :-) I thought Win10 from day one bypassed DNS lookups for the telemetry servers and had hard-coded IP addresses in the code? Sure. This WD thing is just belt and suspenders, because even before WD developed this new habit, the HOSTS file would not actually be blocking vortex or any of its friends. And while there was the threat of Microsoft using "raw IP", I don't know if anyone has observed this (a "response" by the OS under threat of blockade) and documented it. Maybe they did and I've just forgotten. I have seen (in TCPView) Windows 10 using IPs that don't have a reverse lookup, but that could be just as much a DNS problem on my end as anything else. And that was on a system where no attempt was made to block anything. ******* That's why I made the comment about PiHole. Just like Ripley and "Nuke it from orbit. It's the only way to be sure", if you want to be absolutely sure of your blockade, implement it externally. You can't trust the OS, further than you can throw it. When you use GPEDIT, and use the two controls to disable Windows Defender, well, guess what ? It's still doing ****. It just doesn't use cycles (it's careful to not climb too high in the Task Manager display). And if you really don't like this OS, why use it ? I keep this OS as a pet. It's not a daily driver. And it sure makes a mess as a pet. The other day, I took a short nap while an experiment was running. When I got back, I discovered the machine had rebooted (it wanted to install an update and it was quite insistent), and my experiment was ruined. Like any pet, you have to expect a little poo on the carpet every once in a while. I had a backup and that's why I didn't take a 2x4 to my pet. And it wasn't a Macrium backup. It was something which was inherently a backup and wasn't intended as a backup, and I used it as a backup. Then I ran a verify to make sure I didn't screw up, and the MD5 sums came back the same, so all was forgiven. Paul |
#9
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
"John C." wrote:
"Microsoft Defender flags hosts files with Microsoft server redirects as malicious" The native antivirus client of the Windows 10 operating system, Microsoft Defender, has started to flag the hosts file on the system as malicious if it contains redirects for certain Microsoft servers. The hosts file is a simple plain text designed to redirect connections. Users find it under C:\Windows\System32\drivers\etc\hosts on any system and it is easy enough to redirect requests. It has been used for ages to block known malicious sites or advertisement sites. All you have to do is add redirects in the form of 127.0.0.1 www.microsoft.com to the hosts file to redirect requests to the site "www.microsoft.com" in this case to the local computer. The effect is simple: the request is blocked. __________________________________________________ _______________________ Full article is he https://www.ghacks.net/2020/08/04/mi...-as-malicious/ There are embedded IP addresses in Windows for Microsoft servers that never have to go through a lookup (in a hosts file or via DNS). Lookups are only needed when a hostname is given (which humans prefer) to convert to an IP address (what computers demand). ANY process that uses an IP address circumvents any lookups. Rare few users lockdown their hosts file. That means malware can add, delete, or modify its entries. Instead of redirecting (back to localhost which is an old trick but still requires lookups), why not use a 3rd party firewall that lets you block connects to specific hosts, domains, or IP addresses. Some anti-virus software (e.g., Avast) and routers have a URL block feature, too. Instead of redirecting, do blocking. |
#10
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
Mayayana wrote:
John Nomen wrote Paul wrote: That's what the PiHole is for :-) In Windows 10? I'm guessing that was a joke. Ah, a Linux joke. You'd need to set up a network, add a supported Linux system, then set up PiHole as the DNS server for the whole network. Not an attractive option and not feasible for most. Not for me unless led by the hand An external filtration solution should take care of it. Eh? I think the solution is really to just get off of Win10. There aren't many other options, but privacy on 10 is like putty on a sinking ship. You can go around and patch holes, but the water is coming in over the top. I do feel like ditching Windows 10. I liked XP, and 7 was ok, but this one frustrates and annoys me at every turn. Its latest wheeze is tell me to activate Windows which I have paid for it, already actvated it and used for some weeks. My firewall told me that SLUI wanted to 'phone out. Aha, I thought, that's something to do with Activation, so I denied it: I don't want Microsoft continually checking whether I've paid for it. Sure enough, a couple of days later comes the watermark: "Activate Windows". I've been through all the hoops, telephoned, but nothing doing. It won't let me re-enter my valid product key because some- one is already using it! |
#11
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file? Guess again.
Bucky Breeder wrote:
"Conspiracy theories"... "Conspiracy theories"... Everywhere "Conspiracy theories"... I don't think you can deny that Windows 10 is spyware and a forensic tool. A few years ago, Ira Rubenstein, a Microsoft attorney, wrote: "Any time that you're developing a new product, you will be working closely with the NSA." With Windows 10, Microsoft has gone overboard. While working (or playing) in Windows 10 go through Start Settings Update & Security Windows Security Virus & threat protection select Manage settings under Exclusions, select Add or remove exclusions select Add an exclusion select from files, folders, file types, or process Navigate to [...] C:\Windows\System32\Drivers\etc\hosts Hope this helps. Done, thank you. But how long before Microsoft 'fixes' that? |
#12
|
|||
|
|||
Think you're going to block W10 telemetry with your hosts file?Guess again.
John Nomen wrote:
Mayayana wrote: John Nomen wrote Paul wrote: That's what the PiHole is for :-) In Windows 10? I'm guessing that was a joke. Ah, a Linux joke. You'd need to set up a network, add a supported Linux system, then set up PiHole as the DNS server for the whole network. Not an attractive option and not feasible for most. Not for me unless led by the hand An external filtration solution should take care of it. Eh? I think the solution is really to just get off of Win10. There aren't many other options, but privacy on 10 is like putty on a sinking ship. You can go around and patch holes, but the water is coming in over the top. I do feel like ditching Windows 10. I liked XP, and 7 was ok, but this one frustrates and annoys me at every turn. Its latest wheeze is tell me to activate Windows which I have paid for it, already actvated it and used for some weeks. My firewall told me that SLUI wanted to 'phone out. Aha, I thought, that's something to do with Activation, so I denied it: I don't want Microsoft continually checking whether I've paid for it. Sure enough, a couple of days later comes the watermark: "Activate Windows". I've been through all the hoops, telephoned, but nothing doing. It won't let me re-enter my valid product key because some- one is already using it! https://www.itprotoday.com/mobile-ma...-phone-command slui X 1 - Show activation status 2 - Activation via the Internet 3 - Prompt for a new key 4 - Launch activation via phone 5 - Prompt for activation and show all methods except Internet 6 - Launch activation wizard 7 - Prompt for activation emulating last day to activate Support by phone is available for activation issues. A touchtone phone is required for the 56 digit challenge-response key entry, then the system should (eventually) revert to a human operator, assuming you're in the right country for the phone number it used. It should geolocate, give a number suitable for that country, an operator in that country picks up and so on. If you used a VPN to carry out this procedure, you're not going to get help. https://www.sevenforums.com/tutorial...s-7-phone.html Option 4 here is similar, but some of the instructions in the Win7 one may be used if you need that human operator to come on the line later. https://www.tenforums.com/tutorials/...a.html#option4 I've had to use the 56 digit challenge and 56 digit response method on the laptop, when reinstalling Retail Windows 7 in place of Acer Windows 7 and using the COA sticker key provided for the purpose. And that succeeded so no human was needed. In the days of POTS phones, the CallID seen at the MSFT end was part of assuring the key wasn't stolen and used in some other country. I don't expect in your case for it to work, but getting a human to generate an activation code manually, may work. The operator on the MSFT end, should be able to see your hardware hash hasn't changed, for the key you're using, and then there's no reason not to generate an activation code. (Which could be 56 digits as well for all I know.) Checking your NIC MAC value, should be sufficient for them to see it's the same machine. On a laptop, it would be pretty hard to tip over the hardware hash. You could change from a 2-core to a 4-core processor, by buying a replacement on the Internet and installing it. Changing the memory from 4GB to 8GB, that change should not cost enough demerits to break anything. The NIC MAC value (in hardware), counts for a lot. In the past, there was at least one motherboard that was malleable enough, you could change the declared MAC value, and then your goose is cooked. If you did that for some reason, you would tell the human operator "it's a replacement motherboard after a hardware failure", rather than explaining you were a hacker in need of a hobby. You're following this procedure to get to the right person to fix this. I don't expect the challenge-response to work. But it should make the phone ring on their end, for the free help. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|