Slashdot Mirror

← Back to Stories (view on slashdot.org)

wustat/wutrack.windows.com - What are they Used For?

Posted by Cliff on from the I-spy-bill's-secret-little-eye dept.

An Anonymous Coward asks: "On Windows XP today when i ran 'netstat', I noticed an http connection to wustat.windows.com. Several minutes later when i tried again I had an http connection to wutrack.windows.com. A search on google yields few results. Since windows.com is registered to microsoft, it makes me curious to know what wustat and wutrack stand for and what their purpose is. Is it Windows Usage Statistics/Tracking?" Has anyone else seen this on their XP systems?

48 of 106 comments (clear)

  1. Windows Update by SpatchMonkey · · Score: 2, Redundant

    Maybe it stands for Windows Update, were you running that at the time?

  2. Killa bees on a swarm by ObviousGuy · · Score: 5, Informative

    They use that to track how many Wu Tang MP3s you've pirated.

    But seriously folks, that's to track updates for Windows Update. Basically it keeps a line of communication open so that if there is an update on the windows.com website, you will be notified ASAP.

    --
    I have been pwned because my /. password was too easy to guess.
    1. Re:Killa bees on a swarm by linzeal · · Score: 1

      thats the reason obviousguy gets filtered as a friend

      --
      An Education is the Font of All Liberty
    2. Re:Killa bees on a swarm by PD · · Score: 1

      The friend of my friend is my friend. Welcome to my list. You should see my OTHER list. I am trying to build the canonical list of Slashdot trolls in my enemies list.

      --
      If tits were wings it'd be flying around.
    3. Re:Killa bees on a swarm by SpatchMonkey · · Score: 2

      Hey, I'm in your freaks list. Thanks, I didn't realise I was trolling.

    4. Re:Killa bees on a swarm by PD · · Score: 1

      That's probably just because you are user number 300000, and I have to kill you. Sorry, nothing against you, it's the number, you see.

      Seriously, I can't remember why you ended up in the list.

      --
      If tits were wings it'd be flying around.
    5. Re:Killa bees on a swarm by buffy · · Score: 2
      Basically it keeps a line of communication open so that if there is an update on the windows.com website

      That is just silly.

      Ok, I can understand if an occasional connection is made to see if any updates are available, but I really doubt it is as you describe. Just think of it this way, just what kind of machine (or machines) would you need to have on the other end to handle a permanent keep-alive connection from every freaking PC on the planet? That just isn't realistic.

      More likely, the user happened to see the connection open while the agent was talking (or had just completed and the connection was in a TCP CLOSE_WAIT state.)

  3. There's really only one solution to this problem: by hackwrench · · Score: 4, Funny

    Slashdot it!

    and if we're lucky, someone will pop around to see what happened to their server that we can tie up and grill mercilessly

  4. It's Quite Elementary by jcenters · · Score: 5, Funny

    This is all part of Microsoft's plans for world domination. Observe:

    Step 1: Use Windows XP to gather information on and track its users.

    Step 2: Annex the Fatherland.

    Step 3: In a twist of brutal irony, step three is a hostile takeover of Apple.

    Step 4: There is no Step 4.

    Happy Microserfing!

    --

    vi ~/.emacs

    1. Re:It's Quite Elementary by jcenters · · Score: 1

      Actually, I find beer foamy and delicious.

      One last tip: Next time you decide to diss someone on Slashdot, try posting under something besides "Anonymous Coward." Thanks.

      --

      vi ~/.emacs

    2. Re:It's Quite Elementary by GMontag451 · · Score: 2

      I thought Microsoft's plan for world domination was this: 1. Use monoply in technical fields to get into the underpants market 2. ?? 3. World domination.

    3. Re:It's Quite Elementary by josepha48 · · Score: 2

      They already own stock in apple so step 3 is already under way.. passport is where they are collecting info about their users...

      --

      Only 'flamers' flame!

  5. Auto... by nuggetman · · Score: 2, Insightful

    Perhaps it's automatic updates checking the site?

    --
    ...and that's all there is to it.
  6. Windows Update? by SteveX · · Score: 2

    I'd guesss "WU" is more likely "Windows Update" than "Windows Usage"..

    - Steve

  7. Somebody catch this AC... by hackwrench · · Score: 1

    and grill him mercilessly... he's probably form wustat.windows.com.

    Hurry now! Don't dwadle! Don't let him get away!

  8. Re:There's really only one solution to this proble by Jester998 · · Score: 4, Interesting

    Unfortunately, I get a 403 Forbidden when trying to access that site... not even an authentication dialog, it's just denied. Someone should reverse engineer the authentication protocol so that we can REALLY Slashdot it (I would assume that valid traffic consumes more bandwidth than just sending a 403 page...???).

  9. Re:The Immediate Assumption... by billn · · Score: 3, Funny

    It's out of vogue because who says so? If it's no longer the fad, that means it's retro! Just like those of us who still love 80s music, so shall we carry on the tradition of remembering the days MS sucked.. hey, wait..

    --
    - billn
  10. Does it happen with windows update disabled? by hawkstone · · Score: 4, Interesting

    Just curious -- there are radio buttons under the Windows Update setting that let you choose from "whenver you feel like it, oh mighty XP" or "not on your life; I update myself". If you have it set to check it automatically own its own, it could very well do it on many of your random connections to the 'net, several times a day.

    If you disable it, does this still happen?

    In fact, is this reproducible enough that it happens whenver you run netstat?

    1. Re:Does it happen with windows update disabled? by napoleonin · · Score: 1
      I have Windows Update disabled, and I don't see it happening:

      Active Connections

      Proto Local Address Foreign Address State
      TCP bl-rh-bwaskiew:4145 msgr-cs70.msgr.hotmail.com:1863 ESTABLISHED
      TCP bl-rh-bwaskiew:4201 images2.slashdot.org:http TIME_WAIT

    2. Re:Does it happen with windows update disabled? by revlee · · Score: 1

      Yes, it still does. I've set Windows Update to never check and then disabled the service, but some component is still trying to phone home twice every hour. I finally resorted to blocking microsoft.com and windows.com at my firewall.

    3. Re:Does it happen with windows update disabled? by Zocalo · · Score: 2
      You may not have actually disabled it then, because my first reaction when playing with XP was to switch this off. Since then neither my personal nor perimeter firewalls have recorded any attempts at access by Windows Update apart from when I've been updating manually.

      In fact, looking at my current rules, I'm actually blocking very little of Windows' guts from seeing the web, yet not seeing any traffic. I've got rules for LSASS.EXE, SERVICES.EXE and Microsoft-DS (are of which are not enabled - I must have figured out how to turn them off), SVCHOST.EXE is allowed to perform DNS resolution, and that's it. I get prompts everytime an unknown/unrecorded app tries to access non-local IPs, and Microsoft's apps don't make

      I have to admit, despite the rumours to the contrary, I think that Microsoft has probably cleaned up its act for real.

      --
      UNIX? They're not even circumcised! Savages!
    4. Re:Does it happen with windows update disabled? by Strog · · Score: 1

      I'm not trying to be paranoid too bad here but...

      It sounds like you are using an app on the windows box to do your firewall connections. It would be fairly trivial for Microsoft to make some connections without the software being aware. This would be real easy to do with existing products out there or possibly even have the vendor ignore those specific connections.

      I'm not necessarily saying that is happening but that it is possible. If an external firewall says there are connections and software says there isn't then I'm going to believe the external one. I'm going to capture some packets and just see what is on the wire to find out for myself. I might just have to tighten up my outbound rules when I put XP on my testing partition.

    5. Re:Does it happen with windows update disabled? by Baikala · · Score: 1

      Does any one knows there should be so many instances of SVCHOST.EXE running in W2K pro and XP? Isn't it multithreded or what? Are there one per each service?

      --
      16,777,216 comments ought to be enough for any forum!
    6. Re:Does it happen with windows update disabled? by Zocalo · · Score: 2
      I'm not trying to be paranoid too bad here but...

      Hey, it's Microsoft *and* the Internet - you can't be too paranoid! You're correct in the assumption that I'm using a personal firewall app (Tiny Personal Firewall v2 infact), but I also have a hardware perimeter firewall to verify things with and it's all hunky dory.

      As an aside, I'm still using v2 of Tiny PF, because I thought v3 was horrendously complex to get running smoothly. Has anyone out there persevered and come to the conclusion it's worth the effort, because on paper it seems like quite a good system?

      --
      UNIX? They're not even circumcised! Savages!
  11. *Looks at the topic by hackwrench · · Score: 1

    Making on topic jokes are never out of fashion

  12. unsecure HTTP for Windows Update? by slashkitty · · Score: 3, Interesting
    This would be rather timely if the XP had the same problem that OS X has with an unsecured HTTP software update method.

    Has any one w/ XP snooped the software update?

    --
    -- these are only opinions and they might not be mine.
  13. Microsoft deserves serious criticism: by Futurepower(R) · · Score: 4, Informative

    Microsoft deserves serious criticism:

    Windows XP Shows the Direction Microsoft is Going.

    1. Re:Microsoft deserves serious criticism: by majorero · · Score: 1

      Not to defend MS, but... I quickly scanned your little article. Half the statements you make are outright false. For example, quick edit mode for CMD boxes is disabled by default now in WinXP, but not removed. START.EXE continues to function exactly as designed, you just need the right command line parameters. Perhaps you should have researched this yourself first, instead of just spewing drivel.

    2. Re:Microsoft deserves serious criticism: by zero_offset · · Score: 1

      And you deserve to be moderated "Offtopic".

      --

      Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005

  14. Break It and Find Out by yancey · · Score: 4, Interesting

    Edit the C:\WINNT\System32\drivers\etc\hosts file so that the line reads thusly...

    127.0.0.1 localhost wutrack.windows.com wustat.windows.com ... and then see what breaks.. or doesn't.

    --
    Ouch! The truth hurts!
    1. Re:Break It and Find Out by alonsoac · · Score: 1

      But it probably wouldn't break anything as the program that uses these conections should be built in such a way that not getting a connection would not cause any errors or problems. So this test would probably be useless.

  15. disable it. by Neck_of_the_Woods · · Score: 4, Informative


    To turn off automatic updates for your computer:
    Click Start, click Control Panel, and then double-click System.

    Click the Automatic Updates tab, and then click Turn off automatic updating. I want to update my computer manually.

    --
    Neck_of_the_Woods
    #/usr/local/surf/glassy/overhead
    1. Re:disable it. by Neck_of_the_Woods · · Score: 3, Interesting


      Also if you wondering the reg edit is:

      HKey_LOCAL_Machine\software\microsoft\windows\cu rr entversion\WindowsUpdate\

      Change the following:

      AUOptions - Data: (1)
      AUState - Data: (7)

      Enjoy,

      --
      Neck_of_the_Woods
      #/usr/local/surf/glassy/overhead
  16. Nothing sinister here by jquirke · · Score: 2

    Do you think that if this was something dodgey going on it would show up in WinXP's netstat command?

    I don't think so.

  17. Re:Silence... by hackwrench · · Score: 1

    I might, but then I'd get no response.

  18. WU by alpha264 · · Score: 1, Informative

    I would imagine since Windows Update is always running (At least by default) and checks for updates occasionally, that's what you're seeing.

    Just go into your "System" settings in the control panel, and then to the "Automatic Updates" tab and uncheck the box (Or change the settings to whatever suits your preferences)

    This hardly seems like an interesting Ask Slashdot. For the first time in my years as a reader, this story smells a bit like aluminum foil on the head type knee-jerk paranoia.

  19. Authentication != Authorizaiton by Crutcher · · Score: 1

    You cannot bring a common language dictionary into a discusion based upon technical jargon. Authentication and Authorization have very distinct, and _different_ meanings, in the dialect of english used for discussions in the world of software security. The meanings do not vary, but are constant in just about all the literature in the security field.

    I suggest you read some of it.

    --

    -- Crutcher --
    #include <disclaimer.h>
  20. Better Still by DrSkwid · · Score: 4, Interesting

    route it to a proper machine and log what comes out

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    1. Re:Better Still by Strog · · Score: 1

      Be careful. That sounds like reverse engineering. You don't want to step into DCMA territory. For everyone outside of its grasp, hack away.

    2. Re:Better Still by DrSkwid · · Score: 1

      Reverse engineering for compatibility

      Besides I dont remember going into a contract that my DNS queries would yield the same results as microsoft's.

      host files are great, more fun than firewalling

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    3. Re:Better Still by Strog · · Score: 1

      Not really serious about that.

      Host files, firewall, etc. as long as it doesn't make it out to the place it was intending.

    4. Re:Better Still by DrSkwid · · Score: 1

      aye, but there is a scope for reuse

      for instance when one presses "search" from the internet explorer toolbar a panel opens on the left with the page :

      http://ie.search.msn.com/en-gb/srchasst/srchasst .h tm

      So at our company I put ie.search.msn.com in the local DNS and routed it to *our* webserver.

      Thus we get a company themed search page with useful links tailored to each user or dept (based on cookies and/or IP). Even on new installs and laptops.

      I use the technique to replace banner ads with our own banners. Seeing Dave's face when he got a "Get Back to Work Dave" animated gif banner when he visited slashdot was a peach. I'd re-routed images.slashdot.org to a local address and used the IP to choose the banner.

      plenty of fun but productive too

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  21. That's nice... by hackwrench · · Score: 1

    Got anything else to say?

  22. active update? by Komarosu · · Score: 1

    Anyone looked recenty on Windows Update and what there downloading? iirc they have released a new version of Critical Update check, which checks and background downloads updates...ever thought it might be to track changes on Windows Update? To clear this up probably the best way is to sniff a connection going to these sites, ive already added these sites to my snort sniffer on my firewall...lets see what it turns up eh?

    --

    "What do you mean you have no ice? Do you expect me to drink this coffee hot?" - Random Customer, Clerks
  23. Re:images.slashdot.org .. What is it used for? by NorthDude · · Score: 1

    was obviously a joke...

    --


    I'd rather be sailing...
  24. I stand behind everything I said. by Futurepower(R) · · Score: 2


    I stand behind everything I said. I did a scan of my article with a search program and found that I said nothing about QuickEdit. This was a mistake, there is a bug in QuickEdit that I forgot to mention. I have corrected the mistake, and updated the web page; Windows XP is buggier than I had said.

    Perhaps you confused QuickEdit with Fast Paste mode. I had discussed fast paste mode:

    "The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this."

    This issue was confirmed in writing by a Microsoft employee, speaking officially.

    START.EXE operates exactly as I said.

    Perhaps you were just acting out your anger.

  25. Re:images.slashdot.org .. What is it used for? by NorthDude · · Score: 1

    I was telling roly's that the AC was joking...

    --


    I'd rather be sailing...
  26. Windows Update and Firewall programs. by Domini · · Score: 2

    This is probably just the windows update, and can be disabled.

    If you are a paranoid individual, then try installing a firewall app... something like "AT Guard". Besides stopping windows from wasting your badwidth, it will also protect you from instruders, worms etc...