Using the HOSTS file to block Windows 10 telemetry? Microsoft now flags it as a severe security risk
The telemetry features that are built into Windows 10 have people falling into one of a few camps. There are those who don't even know what telemetry is, those who know but don’t care that Microsoft is gathering data from their computer, and those who know what it is and consider it to be a massive invasion of privacy.
For anyone who counts themselves in this last group, there are numerous settings, tools and techniques that can be used to block telemetry in Windows 10. One of the more ingenious is making use of the HOSTS file (used to resolve hostnames), but now Microsoft has updated its Defender tool so this is detected as a "severe" risk, specifically "SettingsModifier:Win32/HostsFileHijack".
See also:
- Get the new Windows 10 Start menu -- and other Insider features -- without being an Insider
- Microsoft releases KB4568831 update to fix printing issues, connectivity problems and more in Windows 10
- Microsoft releases PowerToys v0.20.0 with new Color Picker utility and more
Microsoft's interference with customized HOSTS files was first noted by Günter Born who went on to discuss his findings with Lawrence Abrams from BleepingComputer. It seems that Microsoft has been flagging up HOSTS files as being a risk since the end of July.
While this is not the first time Microsoft has highlighted HOSTS file hijacks, there has been a sudden uptick in the number of people complaining about it. Intrigues, Abrams did a little investigating and concluded:
It seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file.
People who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection.
The problem arises if any of numerous Microsoft hostnames is detected in the HOSTS file, including:
www.microsoft.com
microsoft.com
telemetry.microsoft.com
wns.notify.windows.com.akadns.net
v10-win.vortex.data.microsoft.com.akadns.net
us.vortex-win.data.microsoft.com
us-v10.events.data.microsoft.com
urs.microsoft.com.nsatc.net
watson.telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
vsgallery.com
watson.live.com
watson.microsoft.com
telemetry.remoteapp.windowsazure.com
telemetry.urs.microsoft.com
If you follow Defender's advice to fix the problem, it will result in your HOSTS file being reverted back to default settings. There's nothing to stop you ignoring the warning and continuing to block telemetry in this way, but this recent change is going to catch out a lot of people.
Image credit: Walter Cicchetti / Shutterstock