Using the HOSTS file to block Windows 10 telemetry? Microsoft now flags it as a severe security risk

Microsoft building in California

The telemetry features that are built into Windows 10 have people falling into one of a few camps. There are those who don't even know what telemetry is, those who know but don’t care that Microsoft is gathering data from their computer, and those who know what it is and consider it to be a massive invasion of privacy.

For anyone who counts themselves in this last group, there are numerous settings, tools and techniques that can be used to block telemetry in Windows 10. One of the more ingenious is making use of the HOSTS file (used to resolve hostnames), but now Microsoft has updated its Defender tool so this is detected as a "severe" risk, specifically "SettingsModifier:Win32/HostsFileHijack".

See also:

Microsoft's interference with customized HOSTS files was first noted by Günter Born who went on to discuss his findings with  Lawrence Abrams from BleepingComputer. It seems that Microsoft has been flagging up HOSTS files as being a risk since the end of July.

While this is not the first time Microsoft has highlighted HOSTS file hijacks, there has been a sudden uptick in the number of people complaining about it. Intrigues, Abrams did a little investigating and concluded:

It seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file.

People who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection.

The problem arises if any of numerous Microsoft hostnames is detected in the HOSTS file, including:

www.microsoft.com

microsoft.com

telemetry.microsoft.com

wns.notify.windows.com.akadns.net

v10-win.vortex.data.microsoft.com.akadns.net

us.vortex-win.data.microsoft.com

us-v10.events.data.microsoft.com

urs.microsoft.com.nsatc.net

watson.telemetry.microsoft.com

watson.ppe.telemetry.microsoft.com

vsgallery.com

watson.live.com

watson.microsoft.com

telemetry.remoteapp.windowsazure.com

telemetry.urs.microsoft.com

If you follow Defender's advice to fix the problem, it will result in your HOSTS file being reverted back to default settings. There's nothing to stop you ignoring the warning and continuing to block telemetry in this way, but this recent change is going to catch out a lot of people.

Image credit: Walter Cicchetti / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.