the xt guy Posted September 25, 2009 Share Posted September 25, 2009 (edited) As probably many of you know, XP Sp2 and later has modified dnsapi.dll to deliberately ignore any MS domains in the hosts file. (this does not exist in XP Sp1a or lower; or in any version of Win 2000, 98, etc.) This means your computer can now contact MS stealthily and as many times as it wants, without your permission or control. This to me is totally unacceptable. I've read it is possible to modify dnsapi.dll to reverse this.Is there anyone out there who has successfully does this and would be willing to share details or a modded dnsapi.dll file?Dirty tricks like this are just one of the many reasons I have stayed away from XP (and no, I don't want to debate the merits of why MS did this, I simply want to be able to control my own computer and if MS doesn't like it they can go straight to a certain "very hot place".)In my Win2K system I have about 200 various MS domains in the hosts file. Otherwise my system, and all XP and later systems would contact MS everytime they are booted up and send "data" or "stats" and who knows what else is being sent! I know for example that MS Office routinely sends data to MS about how many documents you have opened. Edited September 25, 2009 by the xt guy Link to comment Share on other sites More sharing options...
caps_buster Posted September 25, 2009 Share Posted September 25, 2009 Interesting. Can I have the list of the M$ domains you choosed to block? Might be interesting in my Win2k SP4 too... thanks! As for the original question - tried checking out the reginst sections in regedit? Usually many weird stuff is hidden there, just check out this:http://www.msfn.org/board/index.php?showtopic=133333 Link to comment Share on other sites More sharing options...
the xt guy Posted September 25, 2009 Author Share Posted September 25, 2009 caps_buster, I've sent you a PM with the info about the MS domains list.The MS entries are hard-coded into the new dnsapi.dll file, which will bypass all other settings on the computer (that's why the dns file needs modified.) Link to comment Share on other sites More sharing options...
the xt guy Posted September 25, 2009 Author Share Posted September 25, 2009 (edited) caps_buster, here is a discussion on a forum topic (2006) covering this same topic:http://www.dslreports.com/forum/remark,15900699the string of URL's is hard coded into XP SP2's dnsapi.dll file, it is not present in XP SP1 or any version of 2K.This is the list of sites coded into the SP2 version of dnsapi,dll:www.msdn.commsdn.comwww.msn.commsn.comgo.microsoft.commsdn.microsoft.comoffice.microsoft.commicrosoftupdate.microsoft.comwustats.microsoft.comsupport.microsoft.comwww.microsoft.commicrosoft.comupdate.microsoft.comdownload.microsoft.commicrosoftupdate.comwindowsupdate.comwindowsupdate.microsoft.comYou will not be able to stop your computer from connecting with these sites unless you have an external router or other hardware that is specifically set to block these domains. Edited September 25, 2009 by the xt guy Link to comment Share on other sites More sharing options...
caps_buster Posted October 2, 2009 Share Posted October 2, 2009 What about disable WFP and use the dnsapi.dll from Win XP SP1.0a ...?I do worry especially about servers with HIGHLY suspicious names on the first sight, like:a00000000000000000000000000000000000000000000000000000000000001.ms.a.microsoft.coma00000000000000000000000000000000000000000000000000000000000002.ms.a.microsoft.coma00000000000000000000000000000000000000000000000000000000000003.ms.a.microsoft.coma000000000000000000000000000000000000000000000000000000000001.ms.a.microsoft.coma00000000000000000000000000000000000000000000000000000000001.ms.a.microsoft.coma00000000000000000000000000000000000000000000000000000000001337.ms.a.microsoft.coma0000000000000000000000000000000000000000000000000000000001.ms.a.microsoft.coma0000000000000000000000001.ms.a.microsoft.coma0000000000000000000000002.ms.a.microsoft.coma0000000000000000001.ms.a.microsoft.coma000000000000000003.ms.a.microsoft.coma000001.ms.a.microsoft.coma102.ms.a.microsoft.comAnd thanks to the xt guy, I include the compete M$ list. Added to my hosts files to prevent unwanted spying from M$. Enjoy!ms_hosts.zip Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now