firewall how to block webTrends
- I have found by using netstat that when you connect to microsoft.com another connection is also made to webTrends for data collection. Microsoft is not alone in using this technology other sites use it to. For anybody like me who does not want to lend my bandwidth for data collection the windows firewall can be set to block this.
To do so you need to open the firewall settings and enter advanced settings. You need to be an administrator for this.
Now click on outbound rules. Then at the right click on new rule. select custom and then next.
select all programs then next. Now in the protocol drop down choose TCP and leave the ports at all ports then click next.
In the remote IP address select these ip addresses then click add.
You now need to add the address range so select this address range and enter from 208.92.236.0 to 208.92.239.255
click ok and then next. now select block the connection then next, select all domains then next.
Give the rule a name and finish.
This will stop stats being supplied to webTrends
all the best
malc
All Replies
- Hi Malc greetings,
yeah i long time ago i have noticed that by typing ipconfig /displaydns then it will show the cache records ...but honestly i didnt know what was the deal with web trends....
my doubt/question is :
by blocking this range could that also block other important or future web sites that i might wish to visit?
thanks in advance,
RR - Hi
The website range is registered entirely to webtrends so should not affect any future browsing other than to stop IE8 opening another TCP connection to webtrends.
This is my problem with this. I have no problem with the collection of data that does not reveal any personal details but the way it is collected by using internet explorer to open another TCP connection to webtrends. This in my opinion amounts to browser hijacking or phishing or whatever you want to call it. The fact that is allowed and done by Microsoft makes it even worst. They have told us that IE8 is the most secure internet explorer yet but they allow it to be compromised like this. The only way I know of blocking it is to refuse access to the site that is being set up by firewall. This leads to the other problem in that windows firewall still allows all outgoing connections by default. Someone said on these forums that that does not matter because you just need to be aware of what you download and put on your PC. Clearly it does matter but even in this case it would not be stopped because MIcrosoft has allowed a pathway to hijack the browser of IE8 that would allow this connection through any firewall.
all the best
malc - Hello Malc,
ur solution didnt work here,it still caches the dns record and even the connection gets estabilished ,now i dunno if it estabilishes and then cut off quickly or if its the normal behaviour...
anyways will be expecting ur opinion!
Kind regards,
RR - Hi
Blocking the address range in windows firewall seems to have stopped it on my machine. The address mine was connecting to was 208.92.236.184.
I catch it quite often without the address blocked but not at all when it is blocked. But perhaps it is happening fast like you say. I am finding it very difficult getting information on this but I will keep looking.
malc - RR
You are right blocking in the firewall does not stop it appearing in the dns but is it actually getting connected. The 2 sites involved are
m.webtrends.com
microsoft.webtrends.akadns.net
I do know that if you use the local host file and redirect requests to these sites to 127.0.0.1 the local host then they will never connect again.
malc - Hi again
I have contacted webtrends and it is related to Microsofts website. They tell me that it is a tracking cookie or if cookies are disabled then a gift file is picked up from Microsofts site that creates the second connection.
Nice one Microsoft so now explain yourselves. What data are you reaping with your browser hijack. I know you say no personal data is used but an IP address is personal to me.
Tell us exactly what data.
I spent an hour on the phone with your customer services trying to sort this out and they say they did not know anything about it. I am thinking of billing you for the phone call.
malc - Hello
I have found how this is done if anyone is interested. On www.microsoft.com looking at the http at the bottom of the page they set up a 1X1 pixel GIF image that is stored on the server of webtrends (a web bug). This as to be downloaded from webtrends server thus opening a TCP connection to it. This allows webtrends to retieve your information (no cookies needed for this).
I think this form of collection creates a security issue and have complained to Microsoft.
malc - Hi
I found this whilst investigating windows 7 security. I am now convinced that its nothing to do with windows 7 itself but with other parts of MIcrosoft. As this forum is for windows 7 can a moderator now close this thread for me.
Thankyou
malc
