Leaderboard

Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a 'Severe' security risk. The HOSTS file is a text file located at C:\Windows\system32\driver\etc\HOSTS and can only be edited by a program with Administrator privileges. This file is used to resolve hostnames to IP addresses without using the Domain Name System (DNS). This file is commonly used to block a computer from accessing a remote site by assigning host to the 127.0.0.1 or 0.0.0.0 IP address. For example, if you add the following line to the Windows HOSTS file, it will block users from accessing www.google.com as your browsers will think you are trying to connect to 127.0.0.1, which is the local computer. 127.0.0.1 www.google.com Microsoft now detects HOSTS files that block Windows telemetry Since the end of July, Windows 10 users began reporting that Windows Defender had started detecting modified HOSTS files as a 'SettingsModifier:Win32/HostsFileHijack' threat. When detected, if a user clicks on the 'See details' option, they will simply be shown that they are affected by a 'Settings Modifier' threat and has 'potentially unwanted behavior,' as shown below. SettingsModifier:Win32/HostsFileHijack detection BleepingComputer first learned about this issue from BornCity, and while Microsoft Defender detecting HOSTS hijacks is not new, it was strange to see so many people suddenly reporting the detection [1, 2, 3, 4, 5]. While a widespread infection hitting many consumers simultaneously in the past is not unheard of, it is quite unusual with the security built into Windows 10 today. This led me to believe it was a false positive or some other non-malicious issue. After playing with generic HOSTS file modifications such as blocking BleepingComputer and other sites, I tried adding a blocklist for Microsoft's telemetry to my HOSTS file. This list adds many Microsoft servers used by the Windows operating system and Microsoft software to send telemetry and user data back to Microsoft. As soon as I saved the HOSTS file, I received the following alert stating that I could not save the file as it "contains a virus or potentially unwanted software." I also received alerts that my computer was infected with 'SettingsModifier:Win32/HostsFileHijack.'' HOSTS file blocked from being saved So it seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file. Users who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection. In our tests, some of the Microsoft hosts detected in the Windows 10 HOSTS file include the following: www.microsoft.com microsoft.com telemetry.microsoft.com wns.notify.windows.com.akadns.net v10-win.vortex.data.microsoft.com.akadns.net us.vortex-win.data.microsoft.com us-v10.events.data.microsoft.com urs.microsoft.com.nsatc.net watson.telemetry.microsoft.com watson.ppe.telemetry.microsoft.com vsgallery.com watson.live.com watson.microsoft.com telemetry.remoteapp.windowsazure.com telemetry.urs.microsoft.com If you decide to clean this threat, Microsoft will restore the HOSTS file back to its default contents. Default Windows 10 HOSTS file Users who intentionally modify their HOSTS file can allow this 'threat,' but it may enable all HOSTS modifications, even malicious ones, going forward. So only allow the threat if you 100% understand the risks involved in doing so. BleepingComputer has reached out to Microsoft with questions regarding this new detection. Via bleepingcomputer.com

Pt Android mai nou e mai ușor să folosești Private DNS și să pui dns de la adguard.

AdAway folosisem pe un android rootat: https://adaway.org/ Si a fost ok si pe windows la un moment dat: https://github.com/logarytm/adaway.py Vad ca e mentinut proiectul cat de cat.

Mark Russinovich Chief Technology Officer, Microsoft Azure Microsoft has invested in the security of open-source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), the GitHub-initiated Open Source Security Coalition (OSSC), and other open-source security efforts to improve the security of open-source software by building a broader community, targeted initiatives, and best practices. Microsoft is proud to be a founding member alongside GitHub, Google, IBM, JPMC, NCC Group, OWASP Foundation, and Red Hat. Open-source software is core to nearly every company’s technology strategy and securing it is an essential part of securing the supply chain for all, including our own. With the ubiquity of open source software, attackers are currently exploiting vulnerabilities across a wide range of critical services and infrastructure, including utilities, medical equipment, transportation, government systems, traditional software, cloud services, hardware, and IoT. Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. Because source code can be copied and cloned, versioning and dependencies are particularly complex. Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process. Microsoft has been involved in several open-source security initiatives over the years and we are looking forward to bringing these together under the umbrella of the OpenSSF. For example, we have been actively working with OSSC in four primary areas: Identifying Security Threats to Open Source Projects Helping developers to better understand the security threats that exist in the open-source software ecosystem and how those threats impact specific open source projects. Security Tooling Providing the best security tools for open source developers, making them universally accessible and creating a space where members can collaborate to improve upon existing security tooling and develop new ones to suit the needs of the broader open source community. Security Best Practices Providing open-source developers with best practice recommendations, and with an easy way to learn and apply them. Additionally, we have been focused on ensuring best practices to be widely distributed to open source developers and will leverage an effective learning platform to do so. Vulnerability Disclosure Creating an open-source software ecosystem where the time to fix a vulnerability and deploy that fix across the ecosystem is measured in minutes, not months. We are looking forward to participating in future OpenSSF efforts including securing critical open source projects (assurance, response), developer identity, and bounty programs for open-source security bugs. We are excited and honored to be advancing the work with the OSSC into the OpenSSF and we look forward to the many improvements that will be developed as a part of this foundation with the open-source community. To learn more and to participate, please join us at: https://openssf.org and on GitHub at https://github.com/ossf. To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Via microsoft.com

Interesant, dar are sens. Multe mizerii ca sa blocheze accesul la anumite site-uri pun in hosts 127.0.0.1, nu e vorba doar de acel telemetry shit. Cat strict despre telemetry, exista metode mai practice, ca oprire a serviciilor sau mai stiu eu ce. Asta cu 127.0.0.1 e un cacat.

@Echo off echo echo Step 1: Delete Updates… echo Delete KB3075249 (telemetry for Win7/8.1) start /w wusa.exe /uninstall /kb:3075249 echo Delete KB3080149 (telemetry for Win7/8.1) start /w wusa.exe /uninstall /kb:3080149 echo Delete KB3021917 (telemetry for Win7) start /w wusa.exe /uninstall /kb:3021917 echo Delete KB3022345 (telemetry) start /w wusa.exe /uninstall /kb:3022345 echo Delete KB3068708 (telemetry) start /w wusa.exe /uninstall /kb:3068708 echo Delete KB3044374 (Get Windows 10 for Win8.1) start /w wusa.exe /uninstall /kb:3044374 echo Delete KB3035583 (Get Windows 10 for Win7sp1/8.1) start /w wusa.exe /uninstall /kb:3035583 echo Delete KB2990214 (Get Windows 10 for Win7 without sp1) start /w wusa.exe /uninstall /kb:2990214 echo Delete KB2990214 (Get Windows 10 for Win7) start /w wusa.exe /uninstall /kb:2990214 echo Delete KB2952664 (Get Windows 10 assistant) start /w wusa.exe /uninstall /kb:2952664 echo Delete KB3075853 (update for “Windows Update” on Win8.1/Server 2012R2) start /w wusa.exe /uninstall /kb:3075853 echo Delete KB3065987 (update for “Windows Update” on Win7/Server 2008R2) start /w wusa.exe /uninstall /kb:3065987 echo Delete KB3050265 (update for “Windows Update” on Win7) start /w wusa.exe /uninstall /kb:3050265 echo Delete KB971033 (license validation) start /w wusa.exe /uninstall /kb:971033 echo Delete KB2902907 (description not available) start /w wusa.exe /uninstall /kb:2902907 echo Delete KB2976987 (description not available) start /w wusa.exe /uninstall /kb:2976987 echo Step 2: Blocking Routes… route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0 route -p add 65.55.108.23 MASK 255.255.255.255 0.0.0.0 route -p add 65.39.117.230 MASK 255.255.255.255 0.0.0.0 route -p add 134.170.30.202 MASK 255.255.255.255 0.0.0.0 route -p add 137.116.81.24 MASK 255.255.255.255 0.0.0.0 route -p add 204.79.197.200 MASK 255.255.255.255 0.0.0.0 route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0 echo Step 3: Disabling tasks… schtasks /Change /TN “\Microsoft\Windows\Application Experience\AitAgent” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Application Experience\ProgramDataUpdater” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Autochk\Proxy” /DISABLE schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\Consolidator” /DISABLE schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask” /DISABLE schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\UsbCeip” /DISABLE schtasks /Change /TN “\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Maintenance\WinSAT” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\ActivateWindowsSearch” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\ConfigureInternetTimeService” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\DispatchRecoveryTasks” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\ehDRMInit” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\InstallPlayReady” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\mcupdate” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURActivate” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURDiscovery” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscovery” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW1” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW2” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrRecoveryTask” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrScheduleTask” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\RegisterSearch” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\ReindexSearchRoot” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” /DISABLE schtasks /Change /TN “\Microsoft\Windows\Media Center\UpdateRecordPath” /DISABLE echo Step 4: Killing Diagtrack-service (if it still exists)… sc stop Diagtrack sc delete Diagtrack echo Final Step: Stop remoteregistry-service (if it still exists)… sc config remoteregistry start= disabled sc stop remoteregistry echo Done — Reboot! [COLOR=#000000]shutdown -r[/COLOR] Windows Script to Remove All Windows 10 Telemetry Updates