More Microsoft Nonsense
-
I had some fun with a bit of Microsoft nonsense the other day. I have a rather large hosts file - it's over 600KB. I read something about various devices phoning home to them with every URL visited so I put that address into my hosts file and mapped it to 127.0.0.1. I think it was urs.microsoft.com. Adding that single line to the file triggered the AV program at work and it was deemed to be malicious. At home it triggered a medium level warning when I did a virus scan. I removed that line and it accepted the file with no warnings or notification of any kind. Apparently Microsoft deems it to be an act of malice to block one of their sites and I think that is nonsense.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
-
I had some fun with a bit of Microsoft nonsense the other day. I have a rather large hosts file - it's over 600KB. I read something about various devices phoning home to them with every URL visited so I put that address into my hosts file and mapped it to 127.0.0.1. I think it was urs.microsoft.com. Adding that single line to the file triggered the AV program at work and it was deemed to be malicious. At home it triggered a medium level warning when I did a virus scan. I removed that line and it accepted the file with no warnings or notification of any kind. Apparently Microsoft deems it to be an act of malice to block one of their sites and I think that is nonsense.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
-
I had some fun with a bit of Microsoft nonsense the other day. I have a rather large hosts file - it's over 600KB. I read something about various devices phoning home to them with every URL visited so I put that address into my hosts file and mapped it to 127.0.0.1. I think it was urs.microsoft.com. Adding that single line to the file triggered the AV program at work and it was deemed to be malicious. At home it triggered a medium level warning when I did a virus scan. I removed that line and it accepted the file with no warnings or notification of any kind. Apparently Microsoft deems it to be an act of malice to block one of their sites and I think that is nonsense.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
Maybe you could try setting up a PiHole [Pi-hole – Network-wide Ad Blocking](https://pi-hole.net/), and add the offending address to the blacklist? Or just add the redirect to the hosts file on the system hosting PiHole (PiHole reads the local hosts file and adds entries to it's DNS database)? There's instructions on how to install PiHole inside a docker instance, if you want to go that route. Plus, if you can modify your DHCP server to point to the PiHole for DNS, than every system on your local net gets the ad-blocking goodness. Only downside (?) I've encountered is that PiHole does block google ad services, too, so you can't click on any "sponsored" google link, or the "Shopping" links when doing a google search. Which is occasionally annoying. You can find instructions on how to allow ad services through the PiHole, but I think doing so will allow a number of, possibly unwanted, other ad services through as well
"A little song, a little dance, a little seltzer down your pants" Chuckles the clown
-
I had some fun with a bit of Microsoft nonsense the other day. I have a rather large hosts file - it's over 600KB. I read something about various devices phoning home to them with every URL visited so I put that address into my hosts file and mapped it to 127.0.0.1. I think it was urs.microsoft.com. Adding that single line to the file triggered the AV program at work and it was deemed to be malicious. At home it triggered a medium level warning when I did a virus scan. I removed that line and it accepted the file with no warnings or notification of any kind. Apparently Microsoft deems it to be an act of malice to block one of their sites and I think that is nonsense.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
One type of fishing attack (at one point in time) was to modify your hosts file such that www.realwebsitehere.com redirected to localhost, where the malware had setup a webserver mimicking the real website. Great way to capture logins. Try 0.0.0.0 instead of 127.0.0.1
-
I had some fun with a bit of Microsoft nonsense the other day. I have a rather large hosts file - it's over 600KB. I read something about various devices phoning home to them with every URL visited so I put that address into my hosts file and mapped it to 127.0.0.1. I think it was urs.microsoft.com. Adding that single line to the file triggered the AV program at work and it was deemed to be malicious. At home it triggered a medium level warning when I did a virus scan. I removed that line and it accepted the file with no warnings or notification of any kind. Apparently Microsoft deems it to be an act of malice to block one of their sites and I think that is nonsense.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
I frequently use the tools in Microsoft's OWN sysinternals toolset for performing various operations on my network, and every time I usually have to hit the notification that pops up and "allow" the program before defender squirrels it away to it's vault of the damned never to be seen again. However!!! sysinternals is a walk in the park compared to "NirSoft" NirSoft (https://www.nirsoft.net/) make some absolutely amazing tools, tools that should be in every I.T. engineers bag of tricks when dealing with those folks that forget their passwords and/or routinely screw things up on their windows system, windows defender treats just about every single program in the tool set as malicious. Not only that, but once over it would list all the offending programs in one go, until folks started clicking on "Allow all", so it now lists every one singly and in such rapid succession that you just do not get time to click on the alert, hoist to admin, select "allow" and save, before that entry is "automatically processed" and your moved on to the next alert. It appears also that "Allowing" a file now only stays in place for a limited length of time, so after a while the allowance is lifted and you start the dance all over again. In order for Windows to not destroy my tools collection, I've now started keeping it all on a Linux based SMB share where EVERYTHING is set to read only. Defender goes absolutely nut's when I open that folder now.