DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.
DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.