wustat/wutrack.windows.com - What are they Used For?

An Anonymous Coward asks: "On Windows XP today when i ran 'netstat', I noticed an http connection to wustat.windows.com. Several minutes later when i tried again I had an http connection to wutrack.windows.com. A search on google yields few results. Since windows.com is registered to microsoft, it makes me curious to know what wustat and wutrack stand for and what their purpose is. Is it Windows Usage Statistics/Tracking?" Has anyone else seen this on their XP systems?

Windows Update

[SpatchMonkey]

Maybe it stands for Windows Update, were you running that at the time?

Killa bees on a swarm

[ObviousGuy]

They use that to track how many Wu Tang MP3s you've pirated.

But seriously folks, that's to track updates for Windows Update. Basically it keeps a line of communication open so that if there is an update on the windows.com website, you will be notified ASAP.

Re:Killa bees on a swarm

[SpatchMonkey]

Hey, I'm in your freaks list. Thanks, I didn't realise I was trolling.

Re:Killa bees on a swarm

[buffy]

Basically it keeps a line of communication open so that if there is an update on the windows.com website

That is just silly.

Ok, I can understand if an occasional connection is made to see if any updates are available, but I really doubt it is as you describe. Just think of it this way, just what kind of machine (or machines) would you need to have on the other end to handle a permanent keep-alive connection from every freaking PC on the planet? That just isn't realistic.

More likely, the user happened to see the connection open while the agent was talking (or had just completed and the connection was in a TCP CLOSE_WAIT state.)

There's really only one solution to this problem:

[hackwrench]

Slashdot it!

and if we're lucky, someone will pop around to see what happened to their server that we can tie up and grill mercilessly

It's Quite Elementary

[jcenters]

This is all part of Microsoft's plans for world domination. Observe:

Step 1: Use Windows XP to gather information on and track its users.

Step 2: Annex the Fatherland.

Step 3: In a twist of brutal irony, step three is a hostile takeover of Apple.

Step 4: There is no Step 4.

Happy Microserfing!

Re:It's Quite Elementary

[GMontag451]

I thought Microsoft's plan for world domination was this: 1. Use monoply in technical fields to get into the underpants market 2. ?? 3. World domination.

Re:It's Quite Elementary

[josepha48]

They already own stock in apple so step 3 is already under way.. passport is where they are collecting info about their users...

Auto...

[nuggetman]

Perhaps it's automatic updates checking the site?

Windows Update?

[SteveX]

I'd guesss "WU" is more likely "Windows Update" than "Windows Usage"..

- Steve

Re:There's really only one solution to this proble

[Jester998]

Unfortunately, I get a 403 Forbidden when trying to access that site... not even an authentication dialog, it's just denied. Someone should reverse engineer the authentication protocol so that we can REALLY Slashdot it (I would assume that valid traffic consumes more bandwidth than just sending a 403 page...???).

Re:The Immediate Assumption...

[billn]

It's out of vogue because who says so? If it's no longer the fad, that means it's retro! Just like those of us who still love 80s music, so shall we carry on the tradition of remembering the days MS sucked.. hey, wait..

Does it happen with windows update disabled?

[hawkstone]

Just curious -- there are radio buttons under the Windows Update setting that let you choose from "whenver you feel like it, oh mighty XP" or "not on your life; I update myself". If you have it set to check it automatically own its own, it could very well do it on many of your random connections to the 'net, several times a day.

If you disable it, does this still happen?

In fact, is this reproducible enough that it happens whenver you run netstat?

Re:Does it happen with windows update disabled?

[Zocalo]

You may not have actually disabled it then, because my first reaction when playing with XP was to switch this off. Since then neither my personal nor perimeter firewalls have recorded any attempts at access by Windows Update apart from when I've been updating manually.

In fact, looking at my current rules, I'm actually blocking very little of Windows' guts from seeing the web, yet not seeing any traffic. I've got rules for LSASS.EXE, SERVICES.EXE and Microsoft-DS (are of which are not enabled - I must have figured out how to turn them off), SVCHOST.EXE is allowed to perform DNS resolution, and that's it. I get prompts everytime an unknown/unrecorded app tries to access non-local IPs, and Microsoft's apps don't make

I have to admit, despite the rumours to the contrary, I think that Microsoft has probably cleaned up its act for real.

Re:Does it happen with windows update disabled?

[Zocalo]

I'm not trying to be paranoid too bad here but...

Hey, it's Microsoft *and* the Internet - you can't be too paranoid! You're correct in the assumption that I'm using a personal firewall app (Tiny Personal Firewall v2 infact), but I also have a hardware perimeter firewall to verify things with and it's all hunky dory.

As an aside, I'm still using v2 of Tiny PF, because I thought v3 was horrendously complex to get running smoothly. Has anyone out there persevered and come to the conclusion it's worth the effort, because on paper it seems like quite a good system?

unsecure HTTP for Windows Update?

[slashkitty]

This would be rather timely if the XP had the same problem that OS X has with an unsecured HTTP software update method.

Has any one w/ XP snooped the software update?

Microsoft deserves serious criticism:

[Futurepower(R)]

Microsoft deserves serious criticism:

Windows XP Shows the Direction Microsoft is Going.

Break It and Find Out

[yancey]

Edit the C:\WINNT\System32\drivers\etc\hosts file so that the line reads thusly...

127.0.0.1 localhost wutrack.windows.com wustat.windows.com ... and then see what breaks.. or doesn't.

disable it.

[Neck_of_the_Woods]

To turn off automatic updates for your computer:
Click Start, click Control Panel, and then double-click System.

Click the Automatic Updates tab, and then click Turn off automatic updating. I want to update my computer manually.

Re:disable it.

[Neck_of_the_Woods]

Also if you wondering the reg edit is:

HKey_LOCAL_Machine\software\microsoft\windows\cu rr entversion\WindowsUpdate\

Change the following:

AUOptions - Data: (1)
AUState - Data: (7)

Enjoy,

Nothing sinister here

[jquirke]

Do you think that if this was something dodgey going on it would show up in WinXP's netstat command?

I don't think so.

Better Still

[DrSkwid]

route it to a proper machine and log what comes out

I stand behind everything I said.

[Futurepower(R)]

I stand behind everything I said. I did a scan of my article with a search program and found that I said nothing about QuickEdit. This was a mistake, there is a bug in QuickEdit that I forgot to mention. I have corrected the mistake, and updated the web page; Windows XP is buggier than I had said.

Perhaps you confused QuickEdit with Fast Paste mode. I had discussed fast paste mode:

"The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this."

This issue was confirmed in writing by a Microsoft employee, speaking officially.

START.EXE operates exactly as I said.

Perhaps you were just acting out your anger.

Windows Update and Firewall programs.

[Domini]

This is probably just the windows update, and can be disabled.

If you are a paranoid individual, then try installing a firewall app... something like "AT Guard". Besides stopping windows from wasting your badwidth, it will also protect you from instruders, worms etc...