...and now Apple has altered the deal and we must pray they do not alter it further. Disgusting. Predictable, expected, unsurprising -- but still disgusting.
For don't forget MS Windows has a 'dial-home-to-Microsoft' link that's hard coded within Windows itself. It bypasses the hosts file altogether, and if I recall correctly, it's been in Windows since XP.
The only solution stop the 'talk-home' connection would be to find the destination IPs numbers and then key them into your external router for blocking.
Sorry WarOnPrivacy, Windows does bypass 3rd-party firewalls and has done so since at least XP onwards (however, I am uncertain if this was the case with Windows 2000).
Microsoft has programmed into Windows dozens of addresses that 'dial home' to Microsoft's servers. As you will be aware, many of these addresses change with the various versions of Windows. Normal program switches can block some of these addresses whilst others are hidden from normal view, but with a little judicious snooping, we can find most of hidden ones and successfully block them with the hosts file.
However, we cannot block all of them, and this has been the case since Windows XP. From my understanding, which I learned from various security experts around 15 or more years ago at the time when the Microsoft 'exploit' was first discovered, Microsoft hard-coded certain dial-home links for the specific purpose of determining which and how many copies of Windows were pirated. (This seemed to have been the consequence of the widespread pirating of certain corporate copies of Windows 2000.)
Whilst the user many have thought he'd secured every talk-home to Microsoft loophole and was safe, nevertheless MS still knew that his O/S was a pirate version. Unlike other activation links that announced an 'illegal copy' status to the user, these links only advised Microsoft of the fact—if you like, there're part of Microsoft's secret surveillance system. Essentially, Microsoft has deliberately sabotaged the DNS client's hosts table lookup functionality by bypassing it with hard coding.
It seems that in recent years, Microsoft has developed this secret system to an even finer art, as these days it gathers much more information other than whether the O/S has been pirated or not.
With having the handle WarOnPrivacy, I gather you're more than just interested in securing your Windows in the usual ways. If I were you, I'd do what I'm doing here and that's to research the details further and then publicize the fact. As will now be obvious, this is not something that Microsoft wants broadcast to the world.
Below are a few links about the matter with a few comments from some of the sites:
https://slashdot.org/story/06/04/16/1351217/Microsoft-Bypass...
https://bugtraq.securityfocus.narkive.com/a2fZWlAb/microsoft...
" Hey, guess what I just found out: Microsoft have deliberately sabotaged their DNS client's hosts table lookup functionality. Normally you can override DNS lookup by specifying a hostname and IP directly in the hosts file, which is searched before any query is issued to your dns server; this technique is often used to block ads, spyware and phone-homes by aliasing the host to be blocked to 127.0.0.1 in your hosts file."
https://www.theregister.com/2015/09/01/microsoft_backports_d...
"All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools. This data can include how long you use apps, and which features you use the most, snapshots of memory to investigate crashes, and so on."
Please feel free to post info about actual firewalls, info that isn't about DNS/Hosts.
2. The 'dial-home' mentioned bypasses Windows's firewall.
3. External monitoring has shown that it does bypass firewalls (however, I cannot say whether that's all of them). So does security software such as LoJack (but that's somewhat unusual).
4. This includes ones with kernel drivers.
5. As the code is written to be invisible to other processes, firewall writers would either have to reverse engineer MS's code to stop it or know certain proprietary details about it. I doubt if any legit/reputable developer would risk using info gained from RE (certainty not to stop it functioning as MS intended). Nevertheless, some MS parteners know about it for obvious reasons.
6. From various news reports several weeks ago, it seems that XP's source code has leaked. That means if you are keen enough you can find the 'offending' code and verify the matter for yourself one way or the other (at least as far as XP goes). If you don't, then sooner or later l'm sure others will do so.
If I and others who share this understanding are way off beam, which I doubt having seen evidence, then please let us all know about it in a HN post.