That was already noted. The point is that some people have noticed windows attempting to talk to mpa.microsoft.com with bios modded isntallations and two of us reported that we do not see that with genuine retail key activations. The reason it says 127.0.0.1 is they at some point put mpa.microsoft.com in there host file so it stands to reason they know what the host file does. There is an old thread where some of this was discussed previously.
So since we have determined that Microsoft is trying to phone home, has anyone had anything other than the localhost IP address, and also, should we edit the hosts file to prevent the phone home? BIOS mod or loader...any difference in how it should be handled?
the question one may ask: is Microsoft using "hackers" techniques to piggy back legit internet apps to call home - by passing local host and 3rd party firewall rules? It has been a long time suspected that Microsoft is using "hackers" exploits for "keeping tabs" on users rather than fixing them.
Crazy stuff. Just ran both -bf and -bfo on mine and no connections to anything but the Adobe Update server heh. This is running Firefox with an Enterprise install and a legit MAK key.. Can MS really tell if your BIOS has been messed with remotely? Although now that I think of it.. I have a Dell Latitude D830 and the last bios rev for download from Dell is A08.. For the hell of it I installed the SLIC modded bios from here and it bumped it up to A09.. I guess if they new the exact model of pc they were scanning they could go compare that stuff but that seems like a ridiculous amount of work..
I would say it doesn't really matter if the system has been modified or not, the Office Genuine Advantage applet (and maybe the WGA equivalent for Windows 7) will always *occasionally* phone home to check the status of the license. (like many other software vendors in the Windows world also do...) What you see here is that, since the IP of their servers has been redirected to your machine (using the hosts file for instance), the applets are unable to validate the license and keep retrying until they achieve the proper reply from the remote server (which they won't, since the IP isn't resolving to their server but rather your own machine). It really isn't something new per se, we have had to deal with those ever since the first WGA applet came out in Windows XP. If you are really paranoid about this, you either should get a better firewall (one which checks OLE interactions) and deal with the effort of keeping track of every single trick those apps may do or, just go the easy route, switch the riddled software to something which doesn't have those checks at all. (it's not like we don't have some choice nowadays.. -- and paying for this riddled products just encourages the makers to keep their practices) Majority of the cases, you will be just fine.
All Clear I solved the mystery. And it was so simple that i could slap myself for not getting it sooner. Heres the story: After setting Comodos Defense+ to the sharpest settings possible (so aggressive in fact that i even locked myself out of the system at one point) i could still not figure out how it could be that both FF and TB would establish conns to mpa. I had Comodo check each and everything from InterprocessMemoryAccess to EventHooks to LoopbackNetworking but still the connections would be made without any notification whatsoever. Since i know that Comodo is actually reliable in this regard i eventually concluded that there has to be something else going on. So after 30 minutes of resultless trying to catch the responsible process i went on to check the hosts file itself since it seemed to be the most logical candidate in this case. When i opened it i immediately noticed that the mpa address happened to be the first entry in the list. I thought this has to be more than just a coincidence, so i took the entire hosts file out of the etc folder, shut down the LAN connection and restarted it. And sure enough when i started FF and TB without the hosts file being present the 'remote' address would no longer be mpa, but the name of my machine instead. Of course by then i knew what was going on, but to be totally sure i changed the first entry in the hosts file from mpa to activate before i put it back in the etc folder. And yes, you guessed it, when i started FF and TB the alleged 'remote' address was now activate.microsoft.com. So what happens here is obviously this: When you re-route any addresses to your loopback then the loopbacks name will be changed from your machines own name to the name of the first entry that points to 127.0.0.1 in your hosts file. Programs that connect to the loopback would then appear to be connecting to that address when in actuality it is still connecting to your own machine. So no executable-hijacking or phoning-home going on, its simply a (admittedly somewhat confusing) imperfection in the way how this stuff is being handled. Still it was good to check this out since it could just as well have been something bad. And in that case im sure everyone would have wanted to know.
if this is collected = ■BIOS name, revision number, and revision date. all bios dated prior to 2009 wont stand a chance with adding 2.1 dont change orginal bios date ?
Possibly. But you have to also consider is it going to be worth the effort/cost for them to implement. For now, sure they can probably track it but if only a few funky bioses show up here and there on their lists, it won't be worth the cost of implementing a blacklist. If modded bioes become widespread, then yeah, they probably will blacklist by bios. But this also means OEMs gonna have to be submitting updated bios all the time because MS don't wanna risk shutting out many puters with legit bios just because OEM forget to send in update. As mentioned in another thread I can't find ATM, it's to risky for MS from a PR point of view unless it becomes a major issue. And IMHO, i would agree with that sentiment. .
I just looked into this and what I found was I did not have mpa.microsoft.com in my host file and doing a netstat I had no instance of this connection. So then I added it to my host file and like a charm it was in my netstat. Nothing to worry about. It only tries to phone home when you send it to local host.
Glad that you are all sorted now OMG you people are paranoid... If my memory serves me correctly once you have bought your motherboard the Bios is your's you own it , A bit like owning a Game's DVD. Motherboard manufacturers would be inundated with OEM partners sending boards back if microsoft interfered with Bios's Microsoft have already admitted that they cannot stop every mad scientist out there "which basicly means that there is nothing that they can do It's down to the MB manufacturers " I can see what will happen soon that the bios will be ROM only and no flashing it will be tied to the Motherboard - if you want the next latest thing you will have to perches a new motherboard " now that would be a bummer "
This of course is very real possibility, especialy since there are already a number of projects out there trying to develope something better than the legacy bios models that have been around for years. But also, MS may not want to be the one to try and force the issue of hardware sales on people. They were already slapped around a few times for trying that with Vista, hehe .