Slashdot Mirror
Examining Microsoft Update
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
I mean really, did anyone actually think M$ only collected information about patches? It seems like any chance they get to know more about you, or your "computing habits", they're going to take it.
Remember the little "No information is being sent to Microsoft at this time...." message during updates? Wait, why am I laughing?
Is this not a complete breach of the TOS that Microsoft offers when you sign up for Windows Update?
If not, it's at least a huge breach of trust, and users should not stand for it.
In related news: green mice were found to be green and mice.
Fleur de Sel
Trying to figure what other companies they should push out of business.
How can we comment, if we can't read the article?
Oh, wait...
What, you are suprised?
Welcome to Earth, have a nice stay.
Kent
This may also be an alterior motive to Microsoft buying Virtual PC from Connectix last week. They want this same data from Mac Users. I imagine if it's not there then it will be added to read all partitions mac/Linux/PC
Knowing what your customers have on their hard drives is sensitive corporate data. Basically, you know the Hot or Not Programs in the industry and then develop programs based on their hard drive residency!
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
According to the EULA for the latest versions of the OS Microsoft has the right to read any data you have stored on a computer which runs the OS.
Theoretically this includes data dumps of hard drive formats which the OS does not even support.
until you reach the point where it says from her on out you got to pay us money.
Just got this in the mail, you may want to pass along to tell 'em what you think....?
d @Domain.com
You can have a significant impact on what Microsoft does in the near future by filling out a brief survey.
Microsoft wants to tailor its efforts to address the issues that challenge you every day. To do that, we need your input. Our highest priority is to understand your needs better, and that's why we selected you to receive this survey.
The Gartner Group has conducted extensive research on mid-sized companies across the country and published what they believe are the top priorities for the near future. This is valuable, but we need to know if it reflects your plans. Microsoft wants to give you the tools you really need.
Microsoft will be happy to thank you for taking this survey by entering your name in a drawing for one of 25 brand new copies of Office XP Standard Edition.*
Please click here to input your survey response.
Link is here (update your email in the link): http://reply.mst1.com/link.asp?L=100167&E=email_i
*Limit 1 per customer. Valid only for the original recipient of this email. Response must be received by March 25, 2003.
Enjoy!
"This isn't a study in computer science, its a study in human behavior"
Ok, yes, I forgot to mention this. The second part is... but you can get quite a good idea of what's going on from the first three pages... though I also have to question a group who won't release results unless you pay...
-- Is "Sig" copyrighted by www.sig.com?
the last half with all of the technical details is 1.99 euro. The first half is really enough to get the gist.
"Want in one hand and spit in the other and see which one fills up first." - My Dad
Is this some big suprise to anyone? "This is done without sending any information to Microsoft." Sure...
DISCLAIMER:
I don't believe what I write, and neither should you.
The reason why it sends info about other applications (and third party drivers for that matter) is so that they can attempt to be a single-source vendor of patches if needed.
While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.
Sig (appended to the end of comments you post, 120 chars)
i'll bet it totally gets confused if WinXP iteslf is pirated in the first place =]
along with Office and just about everything on the computer..oh well...I guess the police outside are for me
Here is the rest of the article, in PDF format. I'd suggest grabbing it and mirroring as soon as possible... this one won't hold up too long.
http://home.byu.net/~btc25/WindowsUpdate.pdf
One of the more interesting parts deals with how Microsoft can tell the difference between product keys they generated and those done with a keygen.
I made the same mistake...it is ppv...you can read freely until the heart of the article, then it's 1.99 (euro) for the rest.
you get to the meat of the article, where you will be asked to pay to keep playing.
Nice claims, but we the free part of the article doesn't show any actual examples of data that's transmitted. At least not data apart from some generic xml tags.
Any easy way to verify this ourself?
I'm suspecting their claim is true, but I'd like to see the data...
Reinout
Reinout van Rees
Although I often semi-sorta-half-hearted-defend Microsoft when people make unsupported categorical statements or otherwise speak mindlessly, I am also willing to speak out against them when they are wrong. As in this instance.
I would have to do some research, but I believe this might violate their own privacy policy. Even if it doesn't, they really have no moral right to send any information about your system without letting you know what it is and giving you a chance to abort the whole thing. Yet I am unsurprised, in fact I expect every big company is doing this kind of thing when they can get away with it.
Not that I am saying "Everyone is doing it, so what is the big deal?" My attitude is more "Let's stop this crap now!"
So I have a suggestion -- someone should start an open source project to create a re-writing proxy for updates that strips out all the stuff Microsoft is sending in the updates, except what is absolutely needed. Make it open enough that we can plug it re-writers for other companies as well.
- -
Are you an SF Fan? Are you a Tru-Fan?
I am shocked - shocked - by this revelation.
I can see a legitimate purpose for it, from a bug-hunting and trouble-shooting standpoint, but I am highly skeptical that these are the only ways that this information is used. For instance, I expect that if MS sees a high number of installs for a particular app, that it might decide to include that app in the "OS", such as a personal firewall, for instance. Oh, wait...they already did.
An interesting compare/conrast to see is what MS license agreement says about this and what their public statements have been.
Also, is there going to be a DMCA action here? Ugh.
GF.
Lots of petrified grits
Yes it is, Mikeage. You can only read about three pages then it cuts out on you. Please do a little reading before you post... just try it, perhaps?
suddenly I feel very tired
Tie them to a fence post and teach them a lesson.
http://www.tecchannel.de/betriebssysteme/1126/14.h tml
The detailed article and the programs are pay per view, but if you follow the link you will read 4-page descripton of their findings.
Yeah, you can get a little teaser, I just read it, but to get the complete article along with the tools, you have to pay 1.99 Euro. So yes, it is Pay Per View to get the complete thing, the link is for just a bit of info.
when we accepted the license agreement when installing XP. so as much as i revile the practice, i'm not sure there is anything we can do except start using open software.
smd4985
Come on, be honest. Who's genuinely suprised by this?
Summation 2
Yes it is. mikeage, please do a little thinking before you post... just try it, perhaps? Hint: You get a teaser but then the full article is pay-per-view. But it'd suck to actually visit the site before posting right?
Yes, it is pay-per-view beyond a certain point, but the meat of the story is in the stuff sent back to MicroSoft, which they've updated to be free at this link here: http://www.tecchannel.de/betriebssysteme/1126/14.h tml. It seems to be information on hardware in the machine. I'd like to see MicroSoft's response to this.
I am reading it right now. Click here http://www.tecchannel.de/betriebssysteme/1126/inde x.html and click on [Weiter >>]. It may be a teaser but I have gotten to the end yet.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
This could be useful to build a database of interactions and incompatabilities, but I trust MS only this far: |->-|.
got the new ultra psyware
Great! Where can I get psyware? I've been looking for a way to get rid of my mouse and keyboard. Dos it allow a USB 2.0 connection to my nervous system, or does it use 1394?
GF.
Lots of petrified grits
If in fact a team has deciphered the codes (I can't read the article PPV) does this break actually break any laws and/or license agreements or is it one of those rights we long ago clicked away upon installation? We all feared the worst, well now it has been confirmed - but what are they doing-going to do with all this data? Legal action should be taken if at all possible to answer these questions.
---- The real Slashdot is still here. You just have to browse at -1 to read the comments.
On the last free page:
The following pages are restricted to users of our Premium service. If you are not member you can buy the externer Linkcomplete article as a PDF-file for Euro 1.99. Included you will find a complementary copy of the tools we used to find out what is going on with Windows Update.
So it isn't free.
Consider the daffodil. And while you're doing that, I'll be over here, looking through your stuff.
I don't think the Inquirer did. Certainly Slashdot didn't. The poster probably didn't.
h tml) looks pretty innocuous. Seems to me at least *one* person somewhere could pay the $2 to find out just what exactly all these headlines are about and, perhaps, tell us. (Facts can't be copyrighted.) I betcha it's nothing... a driver listing or something.
The SOAP listing on the site (http://www.tecchannel.de/betriebssysteme/1126/2.
I gathered from the article that the update chooses to use shorthand codes to report the presense of "certain" or "selective" third party products, which I actually find far more disturbing and sinister than the idea of simply blindly dumping out the contents of the "installed software" list. I bet "realplayer" is on that list of target software they look for, and perhaps mozilla and netscape.
Hint: Win95 filename mangling.
Tarsnap: Online backups for the truly paranoid
Assuming "nothing is sent" is about as smart as checking that "trust everything from microsoft.com" checkbox for the activeX control Windows Update downloads. You'd have to be a quart short of an oil change to do either.
below from the M$ site... they tell you outright that they are collecting this info. What's the big deal?
Windows Update Privacy Statement (Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
A good reason for filtering out all addresses related to microsoft.
Or if you have access to any names-server tables, redirect microsoft.com to linux.org
Hans
Note: Windows Update does not collect any form of personally identifiable information from your computer. Read our privacy statement.
Windows Update Privacy Statement (Last Updated 10/15/2002) Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
They've updated the story to give the full info on what gets sent back here: http://www.tecchannel.de/betriebssysteme/1126/14.h tml
Seriously folks, I don't know what kind of information is collected by MS, but I know that there's an option in a system configuration utility called X-Setup which allows one to anonymously connect to the Windows Update site. Does it actually work? I don't know, but on the upside it prevents the "customize Windows Update" feature from saving your settings, which seems promising.
You can be sure that they're not actually doing anything with it. What I mean is, me and the other 20,000,000 people with a pirated copy of Microsoft Office don't have a whole lot to be afraid of. If Microsoft starts using the information to go after these people then they'd have to admit how they got the information in the first place, which would expose this to the whole world (as opposed to just the audience on Slashdot and that German site...).
Karma: pi (Mostly due to circular reasoning in posts).
Nice claims, but we the free part of the article doesn't show any actual examples of data that's transmitted.
WTF WTFA
Does it interact directly with your brain? Or does it just search your memory to see if you remember pirating any Microsoft products?
Using up2date, or browsing the errata site, I can have my computer chock full of updates for software that wasn't created or worked on by RedHat.
I expect most other Linux distributions are the same.
Now, isn't this what we want? Sure, Microsoft has let loose some pretty horrible bugs in their day - but so have other vendors. And, let's face it, browsing 30+ sites to find all your bugfixes is a pain in the ass and a time sink.
If you can get all your updates from one source (like you can for Linux), what's the issue?
> or does it use 1394?
I think it uses 1984.
yeah, use the google UP command, then you'll get a file list, then -click- it.... It is something like Window~1.pdf
\
The file is there.
Didn't this issue first come up with windows update? The fact it sends the registry across to MS even though it doesn't need the registry? What is it, 4.. 5 years ago we cried foul?
Personally, I like the way cvsup works. You ask for what you need and a file list. Or so it seems.
-
ping -f 255.255.255.255 # if only
hehe in the true spirt of a slashdotter you didnt read very far....once you get to the juicy part you have to pay!!!
"The following pages are restricted to users of our Premium service. If you are not member you can buy the complete article as a PDF-file for Euro 1.99. Included you will find a complementary copy of the tools we used to find out what is going on with Windows Update"
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Client Info Schema and System Info Schema.
They appear to get a copy of your registry, as well as information like processor architecture, manufacturer, printer(s?) etc
In fact the article says the biggest privacy concern is the hardware list, which doesn't seem that big a deal to me.
"Evil! Pure and simple from the eighth dimension!"
The rest of the article (available in a link in a earlier comment) reveals that it sends:
- a list of hardware devices
- it can detect what software you're running by listing it as a "product category" - ie. the server sends down a list of available products and the client says "give me the updates for Windows XP, Windows XP Home, IE6" Potentially this could be used to see what you've got installed by setting up a "product category" for any product they want (ie. "Mozilla").
Of course, the easy explanation is that sending down a list of *all* available Microsoft updates (especially if they expand Windows Update to include all server products, office products, developer products, etc etc etc) to anyone who runs Windows Update (or Automatic Update) would get a bit prohibitive. Or it's a insidious plot to find out what software people are running.
http://clients.fbagroup.co.uk/slashdot/WindowsUpd
What I want to know is why fricking Windows Media Player tries to "Phone home" all the time? That thing is harder to get rid of than the clap, and about half as useful. I have my firewall specifically tuned to stomp on it every time it opens its digital mouth.
This is hardly a surprise, and definitely adds a good bit of weight to all those people who call Palladium the death of privacy.
Just my 2.34539 yen worth.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
...How do we defeat it? What address is it sending the stolen data to? How can we block the transmission? How can we replace the stolen data with random gibberish?
Microsoft changed the TOS for the entire Win Update site about 6 months ago and on Win ME as well as Win2K you no longer see that piece about not sending info back home to Fuhrer Gates. I doubt this is limited to Win XP.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
Who all is willing to join... I know I am... maybe even the company I work for.
You mean they can see my Kenny G. pr0n screensaver?!?!?!?
Got sushi? The Sushi FAQ
Windows Update Issues
... you'll see that - contrary to the Inquirer story - it doesn't include anything about 'installed software', with the exception of device drivers. No applications, no utilities - nothing that MS is likely to want to compete with, and indeed nothing that MS doesn't overtly mention in its own privacy policy.
So what's the problem?
I have to say that it's not nearly as scary as advertised. There are two complaints:
1. The Windows Update tool sends to Microsoft a complete list of what hardware you have.
2. If the Windows Update server claims to have an update available for product X, the Windows Update tool will check to see if you have product X installed, and report back to Microsoft.
Well, *duh*. The only way to avoid doing this would involve downloading a complete list of all the updates available for every supported piece of hardware or software. Based on the size of the windows HCL, I'd guess that this would require tens of megabytes of bandwidth -- all so that Windows Update could pick out the half dozen entries which are relevant.
Tarsnap: Online backups for the truly paranoid
I highly doubt it. Microsoft is a company that is playing outside the boundaries of the game, and unfortunately our DOJ has shown several times that they will not stand up to them. This has got to stop.
~ now you know
You could just not go to their update site. Then they wouldn't have your information, or you could relize that they are just using this info for marketting purposes or possibly to send you drivers for your new netgear wireless or what not.
Anonymous Cowards - Oh God, How I hate you
We are being led to believe that Microsoft is collecting data from its updater, and the news group that broke the story is the Inquirer?
Have I lost my mind here? Why are we looking to them. The Sun, maybe, but the Inquirer? Hell, I'd even read the Daily Star- they have stories on Nostradamus predicting Linus and even Saddam.
They stuck me in an institution, said it was the only solution, to...protect me from the enemy, myself
Where can I get psyware?
What about iPsyware? Bill Cosby in a "switcher" ad.
GF.
Lots of petrified grits
Since they've so nicely released that information, can we get some nice Open Source Alternative to the Windows Update? The file format is all there. Any takers?
Do not confuse duty with what other people expect of you; they are utterly different.Duty is a debt you owe to yourself.
Dear Steven,
Good point. Your previous Slashdot postings are also good, except for that one about Linux.
Sincerely, Bill G.
Seems to me this may be a DCMA violation. If not what if I had a program named: This important information is Copyright 2003 by PhipleTroenix, would I be able to get a subpoena to find my copyrighted info in M$'s database?
The implemenation of this hack is left to the reader as an exersise.
When VPNs are outlawed, only outlaws have VPNs.
Didn't you know this is a M$ hating site. You said something that can not be seen as directly hating microsoft. I am sure both you and I will suddenly get flamed and modded down as trolls. When in reality we should be pissed at the company, making us pay to read a news story, that essentially tells us exactly what Redmond told us in the privacy policy.
Anonymous Cowards - Oh God, How I hate you
Thanks for posting a link to this information. Based on what is here, I see no reason to panic. First, it doesn't appear that any information is sent which would identify the machine the information came from. All they get is, "There is a macine somewhere with a Lite-On CDR in it."
Windows Update has offered me updated device drivers in the past, so I think the inclusion of hardware info could be defended on that basis.
HIPAA Regulations are violated if a patient's data is ever accessed by someone that is not authorized by the PATIENT.
Is patient authorization required to use and disclose protected health information for research?
Generally, a research participant must execute a written authorization to use his/her protected health information for research. There are 3 exceptions to this general rule:
1. IRB Waiver: The researcher can seek a waiver of the authorization requirement from the IRB. The IRB only can approve a waiver if it will pose no more than a "minimal risk" to the privacy of individuals and the research cannot practicably be conducted without the waiver.
2. Preparatory Review: The researcher must represent that the uses and disclosures are necessary for the research and no protected health information will be removed from the covered entity providing the information.
3. Decedent Research: The researcher must represent that the access is necessary for research and that the use or disclosure is solely for the purpose of reviewing the protected health information of the deceased.
What happens if we violate the Privacy Regulations?
Violating the Privacy Regulations may result in harm to patients and to the University's reputation. Patients do not have a private right of action in federal court under the HIPAA Privacy Regulations, but may be able to initiate breach of confidentiality lawsuits under state law. Violations of the HIPAA Privacy Regulations can result in the following civil and criminal penalties:
Civil penalties - $100 per violation not to exceed $25,000 per person in a calendar year for multiple violations of the same requirement
Criminal penalties - (a) Wrongful disclosure - $50,000 fine/1 year imprisonment, or both; (b) Offense under false pretenses - $100,000 fine/5 years imprisonment, or both; (c) Offense with intent to sell information - $250,000 fine/10 years imprisonment, or both.
In addition, employees that violate the Privacy Regulations and/or the University's Privacy Policies will be subject to sanctions, up to and including termination of employment or abrogation of tenure.
I do not fear computers. I fear the lack of them. Isaac Asimov (1920 - 1992)
In order to work out what needs updating a check has to be made between what is on your system and the available versions. This can be done either by sending all of the available version information down to your machine all of the time, or by sending information to the update server. The former is less intrusive but more costly in terms of bandwidth, the latter is more efficient.
Sending information about third-party products allows for MS to act as a single source of updates, which is quite good from a usability point of view.
If the information is used solely for the advertised use, checking for updates, then there is no issue here. If they use it for license checking then it's not a problem unless you've illegal software. If they use it for profiling/marketing then's it's an invasion of privacy.
BTW. Apple recently announced that they were considering opening up the OS X software update feature to third-parties. Expect complaints from the recent Apple switches as soon as this happens.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
One, a majority of Windows Users like what Windows Update does for them. Hell, I as an IT Administrator (who also manages several Linux servers) like what it does for me. I spend enough of my life as it is reinstalling Windows due to system failures, upgrades, employee arrivals and departures...there just really are more interesting things to do in life than browse Microsoft's site for patch updates. Really. Windows Update and Office Update probably halve or third the time I have to spend per box to make them as secure as I'm going to bother with.
Two, Microsoft is just doing what all companies have figured out works - mentally tire out the masses. If you start Windows Update three years ago, and say that no personal information is sent, you can have a debate about what 'personal information' means, and you can even slowly ratchet up how much is sent.
Great. But who's going to object? Shareholders, who at best can create non-binding resolutions to change policy in the company? Whether personal information is taken by force or otherwise doesn't matter to them. They want higher stock prices.
Executives and whistleblowers in the office? We have to define what 'personal information' means again.
That leaves customers. And even if your local news does a big 'expose'!' on how Microsoft lies to you about what information is sent to them, how long can people stay mad? An evening? A week? People can't keep enough rage bottled up to do anything about these things. People aren't being denied the right to vote, they're just being lied to. And we know how people rationalize politicians doing that to them already.
Personally, if Microsoft just tells me (and they do) what they're taking from the computer, great. But the fact is, even if they were copying the whole contents of my hard disk, my choices would be not to use Windows Update at all and waste a lot of my life staring at the Microsoft Developer's Connection, or to use it anyway. (Linux, not having, say, Visio, is not an option for my company). And most people just don't care, so they will no matter how onerous the terms...until it gets as bad as 'Your personal data is being transmitted and archived to Microsoft'.
What if your personal data was sent and temporarily cached, for virus scanning, even with the best intentions? Some might STILL sign up. Give it thought...
With all they speel about trustworthy computing, then getting busted doing something like this....let's ponder that thought for a minute.
Ok, done. No wonder I use Linux and Mac
Has anybody actually read the policy? If you read it it doesn't really sound like they've done anything they said they wouldn't.
OK, Windows Update = SUSPISCIOUS However, you can still download their Service Packs as stand-alone installations from microsoft.com. From their main page, go to your corresponding "product family" and proceed to its "downloads" section and choose your needed service pack/s. I have not done this in a while, therefore my understanding of it may not be correct.
Where are the karma whores when you need em? ;-)
I've just read the mirrored PDF to the end (try it sometime...) and the article itself says that the process does *not* get a list of all software but *may* if M$ decide blah, blah..
Nothing to see here other than dotters frothing
Just thought I'd point out that there is already an open source solution you can use to avoid this invasion of privacy, its called linux.
Just had to say that, but on a more serious note, I use Red Hat Network to keep a few Red Hat Linux boxes updated with current patches and it does much the same thing. But there is a big difference.
When you register a box it tells you exactly what information will be sent to RHN about software on your box and allows you to opt out.
The benefit here is two fold in that RHN only sends you updates for the software that is installed on your system and you get updates for any software package that Red Hat supports beyond patches for just the kernel.
What I'm not sure of is if they track all applications you've installed even if they don't support them. Although I still wouldn't be concerned because they tell you up front what information you will be sending to them and you can say NO.
burnin
I smell nothing but Hype .. SPIN to sell pay per view articles. ... right?
I sincerely doubt this information can and ever will be properlly validated.
and even if it can, so what? you all pay for your software
Really? Microsoft provides updates for ALL software? Every program ever made?
Wow.
Andrew Borntreger
Champion of cinematic disasters
That's one way to avoid a severe Slashdotting! No Slashdotters will pay to read an article that they probably wouldn't read for free, anyway.
OK, so they don't collect information that can personally identify you as the "owner" of software(s) X. It's all about the fact that they are getting a survey of what's out there. How many users have software x, legally or not.
I don't mind tivo using my info to better programming ala the neilson ratings. BUT I do have a problem with Microsoft using my data (without asking) to adjust their business plans and/or methods of sales, tracking, schemes, etc.
ie "Software maker X has sold 500K copies, BUT our windowsupdate show's that there are 600k copies being use...."
Here in Holland (I don't know the laws in the rest of the world too well) any contract that you sign which contains clauses that are illegal, is null and void. Any statement of MS having the right to download anything off MY computer would seem to me totally illegal and would probably void the whole EULA. ;-)
I did read the EULA of the Dutch version of Win2K SP3 completely and never found any clause that would allow them to download anything off my PC without my consent.
Sadly I'm stuck with Windows since I cant (yet) afford a mac to run Adobe apps on. When oh when will Linux/FreeBSD/X get decent colour management and ports of proper graphics apps like Illustrator, Photoshop and InDesign??? The GIMP is a nice toy, but it's hardly of any use for print production work. And KIllustrator and the like are simply a laugh too for any real work.. The Linux/BSD vs. Windows ratio is now 4:1 in the favor of the free, but I'd like to get rid of Windows altogether. Give me my killer graphics apps!! I'll even pay for them!
Saving up for that Mac in the mean time..
Learn from the mistakes of others. There isn't enough time to make them all yourself.
If you have version 1087 of the patch list on the local system, you don't have to download all of version 1088: just the differences between 1087 and 1088.
This is not rocket science, when was diff(1) invented?
Keep clicking on the "Weiter" link and you can read the rest of the article.
So the service which updates your software needs to know what what software you've got. Big deal. Come back to me when you've *any* evidence that microsoft are abusing this information in any way at all.
Sig is taking a break!
"Version numbers of other software for which Windows Update provides updates "
Did it say that they provide all updates for all software?? No, it states that it checks versions of other software for which it also provides updates too, gfx drivers, sound drivers etc Microsoft did not create you can ALSO update from them as I assume the companys give the code to Microsoft to make it easy for people to update. I use FreeBSD ports to get packages for my systems, I dont assume that FreeBSD coders created them all.
Laptop Reviews
According to the (full) article, Windows Update sends a list of hardware installed on your system, but not a list of software. Version numbers for Windows stuff, like IE, are sent, but not any info about other software on your compouter.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
Yes, we don't not track you.
Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways.
Despite loving many Microsoft products and the line of NT OS'es, I wouldn't trust Microsoft as far as I could throw them.
Nice suggestion, so why don't YOU start working on it? Ideas are like assholes... yadda yadda
Get off your ass and write it, instead of offering suggestions like the hundreds of other sheep who do, and never get anything done.
The majority of the world is not going to be aware that Microsoft is "Evil" or at least that they are intruding on personal privacy. Microsoft knows this, thats why they let sites like Slashdot live, because it gives those of us who are in-the-know a place to rant and feel like we're doing something about all the Intellectual Property and Privacy B.S. thats taking place. We rant among ourselves, and the rest of the world is oblivious.. and Microsoft continues to make money off the oblivious.
Microsoft isn't going to get nervous, and things woun't change for the better until someone makes a movie about this whole mess. That way, not just us 'smart' people will know whats going on, but the knowledge and severity of whats going on will actually be accessible to those who aren't very 'smart' (aware of the computer industry and current intellectual property issues, and how they affect everyone).
If the information is dumbed down and put into a drama, then hundreds of thousands of people would be aware of issues we've all been worrying about and fighting for for years, and it would happen over night.
~ M. Knight Shyamalan, do you read Slashdot?
"You do not associate with us because we are different. We do not associate with you because you are stupid."
Why not have a local copy of the list, and when updates come just send the diff(1) between the server and local copy.
This is what diff, RCS, CVS and FreeBSD (with CVSup) have been doing for years. You don't have to download FreeBSD's entire source tree when you want to update/rebuild it -- just the differences between your copy and the one in the repository.
And even if it's multi-megabytes, you bzip2 it and you can get awesome compression ratios: especially if the data is stored in an open format like ASCII (oh wait, this is MS, binary everything).
for which Windows Update provides updates
Windows Update only provides driver updates and updates to MS software, if it sends anything else, it's against their privacy statement (which I didn't expect them to follow anyway).
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
You cow-orker was right.
Now, look here, there's no need to be mean.
-Waldo Jaquith
"The details that we have documented in this article match the vague information provided by Microsoft."
Sounds like they already told you what they were going to do.
Basically, I completely back this. Much in the way that Redhat scans my computer to tell me what packages I have installed and then tells me what I need to download for updates, this scans the HW and SW I have installed and tells me about updates.
Windows Update Privacy Statement (Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
Based on this it would seem MS can indeed collect information on whatever they want from your HD, but supposedly it cannot be used to identify you. Well we'll see when the MIB come knocking at your door ;)
Hold up, wait a minute, let me put some pimpin in it
You're forgetting this is the crowd that regularly posts copyrighted stories to Slashdot. Enought that it gets mentioned in the FAQ, AND the self-same that thinks nothing of P2Ping a CD that they don't own, among other things. So why be surprised now?
really what else would they take from your computer? user activity? the amount of files you have? that e-mail you sent about not having a life? do you really care? what do you have on your computer that you dont want ms to know about? there isnt a utility in windows to help you keep track of your check book bank acounts, check book or credit card numbers. so what does it matteR! even if they got everything off your computer would they have anything worth looking at?
Why doesn't some enterprising individual simply monitor Microsoft's various OS's for updates and then link to the downloadables? Of course, it would be possible for MS to remove downloadables but then this really causes frustration for those who are maintaining systems that cannot access windowsupdate.com. I'm not sure that they could do it - they'd have to install spyware in the actual patches. But then we could configure the firewall to block everything MS.
Or we could all just get Mac's. I'm almost there, unless someone can put together a KDE or Gnome with some usable functionality (like device management and system configuration in ONE GODDAMMED FUCKING LOCATION).
Apple!!!! Bring OSX to X86 and we will make it worth your while!
Life is the leading cause of death in America.
How could the Windows Update say that it does not send any information to M$, when they would need some small amount of info to determine what was on your computer, so they can tell you what updates you need to install.
If you ever used the WindowsUpdate, once you've download something from it and installed it, you can not select it again (short of reformatting your HD and installing the OS again). So I thought it must keep some record on their server to know what you have downloaded from WU. But, if you take into account that you just installed a fresh OS, how does WU know what OS you are running. It does not let you select on the website, so how does it determine what OS is installed on your computer.
That is just my two bit statement. *Prays he does not get mock, flamed, etc*
---------
The Galatic Freedom Force marches on! Defend!
GNU/Linux=OpenSource=Freedom
The site is in Germany, the DMCA is only powerful in the US (thank goodnes).
Hmm... Should have phrased it more carefully to avoid the flamage...
Two reasons: (1) Don't have the time. (2) It isn't an itch that I need to scratch right now.
I was only offering what I saw as an interesting suggestion for a way to fix Microsoft's (and others) boats on this. Your mileage may vary.
Oh, and just to keep the flamage going, you suck and your little dog too.
- -
Are you an SF Fan? Are you a Tru-Fan?
I am running Win 3.11 with IE 6.0 and what you're suggesting will interfere with my support!
I think a lot of people don't want anyone to know that they use "borrowed" versions of software that they should have payed for. They see that MS might be able to check what they are running and if its being run illegally so instead of thinking I guess the free ride might be over soon. they immediately go into defensive mode, claiming that MS is the devil and that only a "monopoly like them" would ever consider doing this.
You know what? I don't care if they can check to see what I have running on my computer. If I use an updating service made by Microsoft for products made by Microsoft, I almost automatically assume they are getting just about every piece of info off of my computer that they can get. As long as its not anything important (like e-mail, names, credit card numbers, etc) I could care less, I have nothing to hide. If MS wants to see how many people use a certain piece of software, all the power to them.
I guess it all comes down to reading the fine print and knowing that most of the time, the company is looking out for the company, not the customer.
I'm not saying MS should get away with everything it wants to do, but I do think its funny that people are surprised that a service that gets information about your computer actually gets information about your computer.
He could buy any old hardware and simply use microsoftupdate.com
Oh hey, he did!
And I quote:
Full article can be found here.
If no identifiable information is sent, then who cares? So they know that X number of computers has WarCraft III, does it really matter?
I was thinking that there should be an OSS project that sends updates with whatever you define. It would be much more fun:
OS: Windows Shitacular
.
.
.
Word Processing: Open Office, ha ha fuck you
Web Browser: Standard Compliant, i.e. not IE
MediaPlayer: BillGatese.cx
Oh, the fun we could have.
My beliefs do not require that you agree with them.
Has anyone checked Mac OSX's communications with home base for similar things?
Yes, I know you probably want to mod me a troll for flagrantly questioning dear old Apple's motives, but Apple Corporate isn't *really* that much nicer than Microsoft. It's quite possible that Apple's doing the same - or worse. I just want to know.
Anybody?
Comment removed based on user account deletion
How about using that data for trending and spam. They should already have that data from the purchase orders etc. etc...no need to get it again. my 2 cents. ------------------- rob www.robtimko.com
It's not not THAT enquirer.
"The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software."
So now that we know what is sent out, how long until someone figures out how to make it so you can choose which information is sent out?
Comment removed based on user account deletion
No wonder Microsoft is rushing to support TCPA/Palladium. This sort of reverse engineering approach will no longer be possible! No more annoying articles :-)
Althought it does sound fishy, they still didn't report exactly what information was being sent, just that it COULD be sent.
I'm putting together an effort to run commercials to hopefully educate the people that aren't "in the know" about Microsoft. Probably won't be cheap, but as soon as I get a firm couple of story lines down, and pricing figured out, I'm planning on doing some fund raising.
What do you all think?
Let's see, they hooked up a packet analyzer, examined SSL trafic - yup look's like a DMCA violation to me! Somebody is in deep doo-doo.
(For the ironc impared - this is irony.)
Unfortunately, I did not pay and cannot view, but I was curious if something like this might violate license agreements of third parties who's software may be installed on the machine. If so, is it the end user's fault for not protecting the data better or Microsoft's fault for violating the user's trust?
:-)
I trust I'll get sound legal advice.
Edd
My guess is that it's more like a partnership with other vendors (Adobe and AutoDesk leap to mind) who are especially paranoid about piracy, and think it would be really cool if the OS would tattle on everyone using their software.
Would be very simple to compare product keys and serial numbers to a registered-user database for all partners' products. Then any user not in the database is automatically flagged as BSA fodder.
~REZ~ #43301. Who'd fake being me anyway?
Looking at the tecCHANNEL article, on the last page prior to 'premium-land', they mention that they are using SOAP to wrap around an RPC. Now, I know that Microsoft has a wonderful record of carefully planning for and preventing remote exploits, so I suppose it is all conjecture; but I do have to wonder just how carefully they are validating their input. After all, it is an understandable mistake to expect at first blush that they are controlling both ends of the communication, so why bother to check for malformed and dangerous input. Especially since users will never see either side of this communication - only the end result.
I suppose it is possible that .NET makes all of this process totally safe from typos, implimentation errors and design flaws.
You know, there *are* such things as application specific OS patches for various poorly-written applications that MS provides.
The Devil came to Redmond, looking for some souls to steal,
and there he met with Billy G, who was just about to make a deal.
Said the Devil, "Hey Billy, you look bored, would you care to make a bet?"
And Billy he smiled slyly, and said "Dude, there ain't a deal that I've missed yet."
So the Devil took his keyboard and showed Billy his new game,
Saying "I wrote this quick, in VB6, now see if you can do the same."
Billy G, he just smiled his smile, and took the keyboard away,
and said, "Devil, you're behind the times, and you clicked on the EULA,
"Now you've run Windows Update, and your soul belongs to me."
And the Devil knew he'd met his match, so he turned and tried to flee,
But Billy G was much to fast, and he caught the Devil's long black cape,
Saying, "Devil, stay and play a while, we have a whole wide world to rape."
Sig for sale or rent. One previous user. Inquire within.
First of all, the example data sent is available free, as one poster above already listed. There's no software described there other than Windows itself.
Second, the System Info Schema, as posted by another above, is pretty explicit about what registry keys are available to be sent, and it's pretty tame.
Frankly, I have no problem letting them know exactly what hardware I've got running. How can they harm me there? Perhaps a malicious hacker could grab this data and find ways to abuse my network card? Pretty slim.
Call me too open, if you will, but I'd be happy if it would let me know about other MS updates, such as Office, without having to also visit MS' office site. Update those automatically? Never. But it's much less convenient than the Windows Update site.
I greatly doubted that it would be sending large quantities of personal data, because it just doesn't take that long. The ones to worry about are the virus scanners, that take the time to examine every freakin' file.
In summary:
Design for Use, not Construction!
Comment removed based on user account deletion
I think not. It works fine wthout any kind of login or credit card info.
They called this Trustworthy Computing? :)
-EB
-EB
Do you ever walk alone like a drifter in the dark?
Comment removed based on user account deletion
There are a lot of people in this thread that realize that WU does NOT send a list of all software installed, but they are being drowned out by the highly rated comments about the evils of MS. The "software list" is actually a list of drivers installed, which is fine, because MS will post updated drivers for you to download. It should also be noted that one of the articles posted is from the Inquirer, the same people who predicted hell on earth in y2k, and believe in tinfoil hats.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
I didn't mean to flame. It just touches a sore spot when people say "Someone should write...". Despite being a good idea, it is just that, just a good idea.
This type of push model where information regarding the available updates is pushed down to the server is actually quite viable. I've dealt with two companies who used this approach and both companies claimed patents in this area. I wouldn't be suprised if Microsoft chose to ignore privacy concerns in order to avoid patent licensing fees.
Just pulled up WXP, IE6, and hit Tools\WinUpdate, and got this message from the site:
"Sorry, we were unable to service your request. As an option, you may visit any of the pages below for information about Microsoft services and products."
First time I've seen that. I wonder if MS saw this thread and pulled WinUpdate so they could make sure the privacy messages and Eula have their legal asses are covered.
Flying is easy, just throw yourself at the ground and miss. -Douglas Adams
HKEY_LOCAL_MACHINE\Software\IllegalMicrosoftStuff\ BillGatesVISAnumber\8605412399653153
h Da te\2003.06.21
.... hey, why not have some fun with it? q:]
HKEY_LOCAL_MACHINE\Software\MSKillerVirus\Launc
HKEY_LOCAL_MACHINE\Software\Linux\"format c:\; install Linux"
MadCow.
I used to have a sig, but I set it free and it never came back.
He actually meant to say 'cowporker'.
http://www.cryptome.org/
The fact that M$ is now admitting that they are collecting specific data from your machine, makes me wonder if they are doing that - plus maybe a little more?
Clearly, I'm on the verge of paranoia here, but imagine those of us who use MS Money and who use Windows Update. Now reckon how valuable it would be for M$ to query the net worth of all of these users.
I'm not saying I suspect this, but it wouldn't suprise me (like this acticle doesn't suprise me) if they did start doing it.
Well, whenever anyone confirms the veracity of something M$ says, I think it counts as news... ;)
why is it so awful that microsoft knows that besides windows version x, you have installed office version y and versions z and w from some other programs?
p x?displaylang=en
Nobody forces you to use windows update anyways.
You can download all the patches by hand from http://download.microsoft.com/downloads/search.as
and install them manually instead using windows update if you really are so paranoid about microsoft spying on you
(Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.
I like my women how I like my sugar.. granulated.
i submitted this same story yesterday and it was rejected. i'm not moaning (well, just a little ;) ) but why was it deemed worthy today and not tomorrow ?
o-s
Really. Run Windows Update right after a new Windows installation, without other programs installed; therefore, no interesting information for Microsoft (other than Notepad and Paint being installed).
After that, subscribe to one or two good security mailing lists and never use Windows Update again (you will probably find out faster about new vulnerabilities anyway), and download the appropriate patches directly from Microsoft's web site, by following the security advisories.
Agreed, it's a little extra work, but as far as I care, it's worth it.
Reminds me of Casablanca.
"I am shocked - shocked - to find gambling going on in this casino!"
I use the Update Agent in RedHat almost on a daily basis - the RH Network knows absolutely everything about my setup (programs, modules, etc.) right down to what version of the Kernel I'm running - that way they can inform me of vulnerabilities and problems that I'm probably susceptible to as soon as there's an update available...it's a "good thing".
Why is it that when Microsoft does this kind of thing, suddenly there's a more sinister motive behind it all?
I don't hear anyone complaining about Redhat's privacy policies...
I wonder, is microsoft using their autoupdate site to spike or sabotage their updates on old products to force the users to purchase newer upgrades? I am an avid (and registered) user of windows 98 2nd ED for 2 of my machines. The others run BSD, RH Linux, and Solaris, it seems like the more i update from the original install the worse it operates, on both machines, new and old. I figured it was my own machine until i reinstalled the entire os and performed an internet upgrade. Now the explorer locks up after upgrading a clean install but not before. The entire pc gets unstable after upgrading and I am concerned that they are sabotaging the upgrades to create instability to force me to buy their new XP. I WILL NOT BUY OR UPGRADE TO XP! This is insane, I wouldn't run Windows at all if all the darn games that I play worked on other OS's. Just my 2 cents. Hey, and let me know if they are sabotaging their upgrades or its just me.
Life's far too short to use IE.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Well I can see you're milking the situation for all it's worth. You might want to moo-ve to another topic, before this gets under everyone's hide. I'll be moseying right along to another thread, and let this one curdle in peace.
When TurboTax forcibly installed IE5.5 on my system (which is a whole 'nuther rant) at first I shrugged and figured since I don't use IE anyway, it could stay.
When I finally got DUN fixed (which it had FUBAR'd) and went back online, in less than 10 seconds, ZoneAlarm blocked this probe:
FWIN,2002/04/13,18:47:40 -8:00 GMT,207.46.203.94:28801,67.219.145.160:2364,TCP
207.46.203.94 is owned by Microsoft (check the whois yourself if you don't believe me). Would someone like to explain what business M$ had dinging *me*, how M$ got my current IP address (67.etc) in the first place, and why they were trying to peer into that port?? (Note: at the time, *nothing* else that does online access was running besides DUN.)
This led to IE5.5 being IEradicated. End of problem.
~REZ~ #43301. Who'd fake being me anyway?
http://www.microsoft.com/downloads/search.aspx?dis playlang=en
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you.
Which essentially means that so long as they don't take an email address or phone number they can take what they want.
Fool me once, shame on you. Fool me twice, shame on me. If M$ software was required to run your computer or it ran your computer better than other software or there were no free alternatives available, putting up with M$ terms might be understandable. As it is free software runs your computer better than M$'s pricey junk. Why, oh why, does anyone continue to trust the beast?
Friends don't help friends install M$ junk.
There is more to the world than Linus and his dark master Stallman.
Comment removed based on user account deletion
I have Kivio, and I am free from having to deal with an obviously predatory monopoly, and am even free to use GNOME or FVWM or whatever if I want to!
(I'm assuming it's a typo, because I have no idea what "alterior" means).
As precious as information on Mac users software installations may be, I think it's a bit paranoid to think that MS is going to buy Virtual PC for something like this...
I mean, follow the logic:
- Spend a considerable amount of money to get software technology from Connectix.
- Substantially alter Virtual PC to force it to use Windows Update to send all the data they want on the Mac software.
- Sell this new version of Virtual PC to Mac users.
- Get interesting information from a subset of Virtual PC users (the ones that get the new version or upgrade), who are a small subset of Mac users, who are a relatively tiny subset of computer users.
- Profit?
It seems like too much work for peanuts.
Consider the alternative:
- Alter the new version of Internet Explorer for Mac, software they already have complete control and knowledge of, so that it has to use Windows Update to get patches and security fixes, and checks often and automatically by default (for all I know, it might do this already).
- Provide the corresponding Windows Update client for the Mac.
- Get interesting information from all Mac users using a recent version of Internet Explorer, i.e.: most Mac users.
- Profit.
Freedom is the freedom to say 2+2=4, everything else follows...
Anyone has an idea what could be achieved by sending fake information ?
No bull.
Infuriate left and right
This is a Virtualized PC -- all it sees are the hardware components emulated by the host operating system.
/dev/dsp.
This is akin to saying that VMWare can somehow tell my that I have an SB Live! -- it can't. All it knows is that it has SB16 emulation inside, and that it writes the output of that to
This is pure paranoia talking. Perhaps you should invest in more aluminium for your head.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Two obvious problems that I see:
... Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information."
..." this statement doesn't _exclude_ anything. It just guarantees that they collect the reasonable looking list of information. If they stated "This information is restricted to: ..." I'd feel a lot better.
.com's selling user lists for spam. Better not to allow anyone to have data that's easily abused than to rely on their future goodwill.
1) "None of this configuration information can be used to identify you.
This is technically true, but not meaningful. That is, they ship back the PC's GUID, which doesn't directly contain your identity. However, they also collect the same GUID on OS registration, where they also collect your name, address, e-mail address, and so on, so they could easily match the configuration data to your registration data.
2) "This information includes:
"The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics."
This is a statement of MS' intent, but since they're allowed to change their usage policies retroactively, with no notice to users (yay US "privacy" laws) this could change. Look at all of the
Enable 3D printed prosthetics!
Back in the DOS days, I once installed MS Flight Simulator on a friend's laptop (running Windows 3.1) in order to see how bad the ghosting on the laptop screen would be when running games. I copied the files manually, under DOS, using COPY, so that I wouldn't affect the laptops' configuration, and so that I could completely uninstall the program after I was done. Having done that, I started Win 3.1, and went to create a .pif (program informtion file) for the launcher icon. Lo and behold, the dialog box was completely filled out, non standard path and everything, ready to go. It was damn spooky. AFAIK, the only way this could have happened, was if windows looked through the disk for friendly .exe files on startup.
After that experience, my expectation is that MS software keeps very close watch on friendly and, likely, "unfriendly" software on your computer.
Anyone remember the AARD code?
Call this flamebait if you want to; but if you like your privacy, your best option is not to run Windows in the first place. Granted, MS' behavior here is sleazy. . . but that's nothing new from Microsoft. And if Microsoft can't get to your data, someone else can probably get to it through one of Microsoft's myriad security holes.
This is kinda a non-issue. Yeah, it's despicable; but it's kinda like a weatherman saying there's a 100% chance of rain while it's pouring out, and you mutter to yourself, "You don't say. . !"
!#@%*)anks for hanging up the phone, dear.
Damn it, if Microsoft is going to collect information on software on my machine, the least that the bastards could do is give me the latest patches for Age of Empires II and Age of Mythology. Geez!
Now I have to go download them myself. Thanks a lot, Microsoft.
First of all, nowhere in either article does it say that Windows Update is sent info on what software you have installed. The payper view article mentions that it does send hardware info, though. But we knew that via both the EULA, and the fact that this is the intended purpose, to update drivers for hardware and OS patches.
Don't believe the alarmist titles to articles. Do you all fall into this trap with the evening news as well? "Tune in for the Radon discover that just might save your familyu's life."
I know that you guys are smarter than this. Use your brains.
what? what I thought we were in the trust tree in the nest, were we not?
As explained by Russ Cooper of NTBugTraq in a lengthy rant on Tax Day of 2002, Windows Update is a horrible piece of crap. He followed it with another lengthy rant about what he thinks Microsoft should be doing instead of Windows Update.
In the meantime, while downloads are large (~1.5MB), the XML package you get for HFNETCHK searches your system for proper file versions and remains the most reliable way to ensure your system is properly patched. Unfortunately, the best tool for checking your patch state (HFNETCHK) doesn't help you download the patches you need. It does identify the MS security alert addressed and even the KB article, but it's not painless. MBSA gets you one step closer by actually having the URL of the KB article, but it's not as painless as downloading updates via Windows Update (when WU properly identifies your patches).
Anybody who's used the atrociously-bad Automatic Update Service will know that it doesn't cover many important software updates and neither does Windows Update. In fact, if you use all three products, you'll frequently find that each product identifies a different set of patches that are required, and usually, none of them list all the patches identified by the others.
What I've found is that HFNETCHK actually identifies truly critical patches, while Windows Update improperly identifies non-critical updates as being critical. For instance, it tells you that installing Internet Explorer 6.0 SP1 is critical (even when you're running a fully-patched IE 5.5SP2) or even worse, it tells you that a patch meant to improve functionality of using a non-IE default browser is critical.
Sorry, but as much as I hate MS and as much as I prefer Mozilla to IE for my own browsing needs (and even though it works better), I don't make it my default browser anywhere, especially on servers, so this update is hardly critical.
In short, while sysadmins at least have a chance to stay fully-patched these days--unlike the days before Code Red--MS still has incredibly shoddy patch management tools, incredibly inconsistent patch installation mechanisms and still takes liberties with customer data it shouldn't need to take.
If Microsoft ever gets serious about patch management, they'll have a common tool that sysadmins can use to patch any and all of their MS software with a common interface and no unnecessary transmission of system-specific data to MS. Is that too much to ask? Apparently.
I think I speak for everyone when I say "Huh?"
.sig.
I think I speak for everyone when I say that obviously the "Learn Perl" is a
MORTAR COMBAT!
I pity the red 'lectroid who modded my post down.
0
+1 funny
-1 overrated
Damn you John Whorfin!
Actually no.
[Local RPM db]-[cached copy of mirror RPM db]=List of RPM's that need updating[1].
Much more efficient from the server standpoint.
[1] The pendatic are going to point out that there's a bit more to it than that. Hint:think dependencies.
Yeah, but if someone hacked Cryptome?
That's true because the information can't be used to insure software compatibility. If Microsoft designed modular code the information would be useful. If the software Microsoft was learning about was free or open, it could also be true. Unfortunatly, Microsoft spagetti codes things like reading floppies through the GUI so that DLLs must be replaced by third party software. Because that third party software is closed source, there is no way for M$ to make sure their, "updates" won't break that code. So, in an absence of benificial uses of the information, we are left with malice. Microsoft will use the information to put their competitors at a disadvantage. Microsoft will know, before their competitors do, how many people are using certian code. When the market for a certian type of code is large enough, they can take it over by feeding DLLs that they know will break the their new adversary. They won't say it that way, bue everyone knows it's true so the advantage exists even if they don't use it.
This was the predicted use of the software update and others have reported it working this way before. I remember reading a post here about a lab that quit using the update program when it wholesale broke unix interfacing software. With the information decoded, we can see the mechanism but we already knew what the black box was doing.
Behold the ugly! It's the logical conclusion of the sick and paranoid thinking that goes into closed source comercial software.
Friends don't help friends install M$ junk.
hiss
Why did my TV suddenly decide that I wanted to see three specials about Michael Jackson every week?
:)
Don't worry about it. I don't have a Tivo, but my TV seems to have done the same too
Why do you think MS created registry files, when the same thing can be done easier and more flexibly by other methodes. Did'nt anyone read the evidence and findings of fact from the Caldera vs. Microsoft case. Service packs have been a means to introduce de-optimized versions of APIs used by software that MS wants to replace, either their own, or a competitors. MS application installs also replace APIs that competitor software uses with sick versions of those APIs. Registry files provide one stop shopping for much of the info needed to do this.
// People still use modems?
Are you drunk?
How the hell you gonna connect to the net otherwise?
Not everybody can affort to connect on a T1 once
they're out of college or university.
First, this story essentially states that MS can get whatever information they want. This http://yro.slashdot.org/article.pl?sid=03/02/25/20 57236&mode=thread&tid=109&tid=111&tid= 123 Slashdot.org story states that MS is trying to change Washington state spam laws.
Taken together, this means that MS can harvest information about competing products I am using, get my email address from Outlook, and then SPAM me with "special offers" for their products. Does this sound bad?
Don't get me wrong, I am a Windows user and developer, but this is plain insane. Maybe I should become a MS basher, they make an easy target.
peptidbond
peptidbond I was crazy once....
Now add in the fact (from a previous /. article) that MS is trying to change anti-spam laws to make thenselves exempt. (They already prevent me from adding them to my spam filter on Hotmail.) How long before we start getting "Size Matters! Enlarge Your Hard Drive!" spam from Microsoft???
Your Servant, B. Baggins
Keep an archive of all service packs for your OS
I installed all my best software on an ext3 partition!
Ha! Take that Mr. Gates!
Of course now they will probable start including ext3 drivers in the next Windoze.
Power tends to corrupt, and absolute power corrupts absolutely.
"Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways."
Found on the 'Net: "David L. Smith was not caught on the basis of the GUID, he was caught because the feds were able to trace the point of insertion of the virus into alt.sex from the ISP he used, then from the connection logs down to the phone number used to connect to the service. The GUID had nothing to do with it. There was also no indication that he used pirated software, just that he or someone had used a previously written virus and modified it into Melissa, passing on the unique GUID of the original document/macro author."
Just wanted to set that straight.
Windows 2000 Pro EULA (English text only):
Microsoft Windows 2000 Professional Licensed
Copies: 1
END-USER LICENSE AGREEMENT
IMPORTANT-READ CAREFULLY: This End-User License Agreement ("EULA") is a legal agreement between you (either an individual or a single entity) and Microsoft Corporation for the Microsoft software product identified above, which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("Product"). An amendment or addendum to this EULA may accompany the Product. YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA BY INSTALLING, COPYING, OR OTHERWISE USING THE PRODUCT. IF YOU DO NOT AGREE, DO NOT INSTALL OR USE THE PRODUCT; YOU MAY RETURN IT TO YOUR PLACE OF PURCHASE FOR A FULL REFUND.
1. GRANT OF LICENSE. Microsoft grants you the following rights provided that you comply with all terms and conditions of this EULA:
* Installation and use. You may install, use, access, display and run one copy of the Product on a single computer, such as a workstation, terminal or other device ("Workstation Computer"). A "License Pack" allows you to install, use, access, display and run additional copies of the Product up to the number of "Licensed Copies" specified above. The Product may not be used by more than two (2) processors at any one time on any single Workstation Computer. You may permit a maximum of ten (10) computers or other electronic devices (each a "Device")to connect to the Workstation Computer to utilize the services of the Product solely for file and print services, internet information services, and remote access (including connection sharing and telephony services). The ten connection maximum includes any indirect connections made through "multiplexing" or other software or hardware which pools or aggregates connections. You may not use the Product to permit any Device to use, access, display or run other executable software residing on the Workstation Computer, nor may you permit any Device to display the Product's user interface, unless the Device has a separate license for the Product.
* Storage/Network Use. You may also store or install a copy of the Product on a storage device, such as a network server, used only to install or run the Product on your other Workstation Computers over an internal network; however, you must acquire and dedicate an additional license for each separate Workstation Computer on or from which the Product is installed, used, accessed, displayed or run. A license for the Product may not be shared or used concurrently on different Workstation Computers.
* Reservation of Rights. Microsoft reserves all rights not expressly granted to you in this EULA.
2. UPGRADES. To use a Product identified as an upgrade, you must first be licensed for the product identified by Microsoft as eligible for the upgrade. After upgrading, you may no longer use the product that formed the basis for your upgrade eligibility.
3. ADDITIONAL SOFTWARE. This EULA applies to updates or supplements to the original Product provided by Microsoft, unless we provide other terms along with the update or supplement.
4. TRANSFER-Internal. You may move the Product to a different Workstation Computer. Transfer to Third Party. The initial user of the Product may make a one-time transfer of the Product to another end user. The transfer has to include all component parts, media, printed materials, this EULA, and if applicable, the Certificate of Authenticity. The transfer may not be an indirect transfer, such as a consignment. Prior to the transfer, the end user receiving the transferred Product must agree to all the EULA terms. No Rental. You may not rent, lease, or lend the Product.
5. LIMITATION ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You may not reverse engineer, decompile, or disassemble the Product, except and only to the extent that it is expressly permitted by applicable law notwithstanding this limitation.
6. TERMINATION. Without prejudice to any other rights, Microsoft may cancel this EULA if you do not abide by the terms and conditions of this EULA, in which case you must destroy all copies of the Product and all of its component parts.
7. CONSENT TO USE OF DATA. You agree that Microsoft and its affiliates may collect and use technical information you provide as a part of support services related to the Product. Microsoft agrees not to use this information in a form that personally identifies you.
8. NOT FOR RESALE SOFTWARE. Product identified as "Not for Resale" or "NFR," may not be resold, transferred or used for any purpose other than demonstration, test or evaluation.
9. ACADEMIC EDITION SOFTWARE. To use Product identified as "Academic Edition" or "AE," you must be a "Qualified Educational User." For qualification-related questions, please contact the Microsoft Sales Information Center/One Microsoft Way/Redmond, WA 98052-6399 or the Microsoft subsidiary serving your country.
10. EXPORT RESTRICTIONS. Export-Restricted Encryption. If the Product is identified as "North America Only Version," the following terms apply: The Product contains strong encryption and cannot be exported outside of the United States (including Puerto Rico, Guam and all other territories, dependencies and possessions of the United States) or Canada without a U.S. Commerce Department export license or an applicable license exception. You agree that you will not directly or indirectly export or re-export the Product (or portions thereof), other than to Canada, without first obtaining an export license or determining that a license exception is applicable. For additional information see . Exportable Encryption. If the Product is not identified as "North America Only Version," the following terms apply: You agree that you will not export or re-export the Product (or portions thereof) to any country, person or entity subject to U.S. export restrictions. You specifically agree not to export or re-export the Product (or portions thereof): (i) to any country subject to a U.S. embargo or trade restriction; (ii) to any person or entity who you know or have reason to know will utilize the Product (or portions thereof) in the production of nuclear, chemical or biological weapons; or (iii) to any person or entity who has been denied export privileges by the U.S. government. For additional information see .
11. LIMITED WARRANTY FOR SOFTWARE PRODUCTS ACQUIRED IN THE US AND CANADA. Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt. If an implied warranty or condition is created by your state/jurisdiction and federal or state/provincial law prohibits disclaimer of it, you also have an implied warranty or condition, BUT ONLY AS TO DEFECTS DISCOVERED DURING THE PERIOD OF THIS LIMITED WARRANTY (NINETY DAYS). AS TO ANY DEFECTS DISCOVERED AFTER THE NINETY (90) DAY PERIOD, THERE IS NO WARRANTY OR CONDITION OF ANY KIND. Some states/jurisdictions do not allow limitations on how long an implied warranty or condition lasts, so the above limitation may not apply to you. Any supplements or updates to the Product, including without limitation, any (if any) service packs or hot fixes provided to you after the expiration of the ninety day Limited Warranty period are not covered by any warranty or condition, express, implied or statutory. LIMITATION ON REMEDIES; NO CONSEQUENTIAL OR OTHER DAMAGES. Your exclusive remedy for any breach of this Limited Warranty is as set forth below. Except for any refund elected by Microsoft, YOU ARE NOT ENTITLED TO ANY DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, if the Product does not meet Microsoft's Limited Warranty, and, to the maximum extent allowed by applicable law, even if any remedy fails of its essential purpose. The terms of Section 13 below ("Exclusion of Incidental, Consequential and Certain Other Damages") are also incorporated into this Limited Warranty. Some states/jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you. This Limited Warranty gives you specific legal rights. You may have others which vary from state/jurisdiction to state/jurisdiction. YOUR EXCLUSIVE REMEDY. Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option from time to time exercised subject to applicable law, (a) return of the price paid (if any) for the Product, or (b) repair or replacement of the Product, that does not meet this Limited Warranty and that is returned to Microsoft with a copy of your receipt. You will receive the remedy elected by Microsoft without charge, except that you are responsible for any expenses you may incur (e.g. cost of shipping the Product to Microsoft). This Limited Warranty is void if failure of the Product has resulted from accident, abuse, misapplication, abnormal use or a virus. Any replacement Product will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside the United States or Canada, neither these remedies nor any product support services offered by Microsoft are available without proof of purchase from an authorized international source. To exercise your remedy, contact: Microsoft, Attn. Microsoft Sales Information Center/One Microsoft Way/Redmond, WA 98052-6399, or the Microsoft subsidiary serving your country.
LIMITED WARRANTY FOR SOFTWARE PRODUCTS ACQUIRED OUTSIDE THE US AND CANADA. FOR THE LIMITED WARRANTIES AND SPECIAL PROVISIONS PERTAINING TO YOUR PARTICULAR JURISDICTION, PLEASE REFER TO YOUR WARRANTY BOOKLET INCLUDED WITH THIS PACKAGE OR PROVIDED WITH THE SOFTWARE PRODUCT PRINTED MATERIALS.
12. DISCLAIMER OF WARRANTIES. The Limited Warranty that appears above is the only express warranty made to you and is provided in lieu of any other express warranties (if any) created by any documentation or packaging. Except for the Limited Warranty and to the maximum extent permitted by applicable law, Microsoft and its suppliers provide the Product and support services (if any) AS IS AND WITH ALL FAULTS, and hereby disclaim all other warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, all with regard to the Product, and the provision of or failure to provide support services. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE PRODUCT. 13. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE PRODUCT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
14. LIMITATION OF LIABILITY AND REMEDIES. Notwithstanding any damages that you might incur for any reason whatsoever (including, without limitation, all damages referenced above and all direct or general damages), the entire liability of Microsoft and any of its suppliers under any provision of this EULA and your exclusive remedy for all of the foregoing (except for any remedy of repair or replacement elected by Microsoft with respect to any breach of the Limited Warranty) shall be limited to the greater of the amount actually paid by you for the Product or U.S.$5.00. The foregoing limitations, exclusions and disclaimers (including Sections 11, 12 and 13 above) shall apply to the maximum extent permitted by applicable law, even if any remedy fails its essential purpose. 15. NOTE ON JAVA SUPPORT. THE PRODUCT MAY CONTAIN SUPPORT FOR PROGRAMS WRITTEN IN JAVA. JAVA TECHNOLOGY IS NOT FAULT TOLERANT AND IS NOT DESIGNED,MANUFACTURED, OR INTENDED FOR USE OR RESALE AS ONLINE CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF JAVA TECHNOLOGY COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE. Sun Microsystems, Inc. has contractually obligated Microsoft to make this disclaimer.
16. U.S. GOVERNMENT LICENSE RIGHTS. All Product provided to the U.S. Government pursuant to solicitations issued on or after December 1, 1995 is provided with the commercial license rights and restrictions described elsewhere herein. All Product provided to the U.S. Government pursuant to solicitations issued prior to December 1, 1995 is provided with "Restricted Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227-7013 (OCT 1988), as applicable.
17. APPLICABLE LAW. If you acquired this Product in the United States, this EULA is governed by the laws of the State of Washington. If you acquired this Product in Canada, unless expressly prohibited by local law, this EULA is governed by the laws in force in the Province of Ontario, Canada; and, in respect of any dispute which may arise hereunder, you consent to the jurisdiction of the federal and provincial courts sitting in Toronto, Ontario. If this Product was acquired outside the United States, then local law may apply.
18. ENTIRE AGREEMENT. This EULA (including any addendum or amendment to this EULA which is included with the Product) are the entire agreement between you and Microsoft relating to the Product and the support services (if any) and they supersede all prior or contemporaneous oral or written communications, proposals and representations with respect to the Product or any other subject matter covered by this EULA. To the extent the terms of any Microsoft policies or programs for support services conflict with the terms of this EULA, the terms of this EULA shall control.
19. The Product is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Product. The Product is licensed, not sold.
And even if it's multi-megabytes, you bzip2 it and you can get awesome compression ratios: especially if the data is stored in an open format like ASCII (oh wait, this is MS, binary everything).
Computers read binary. Humans read ASCII. If you're creating a file that will be read by a computer, write it in binary. If you're creating one that will be read by a huamn, write it in ASCII.
Got it? Good. Hopefully you won't be writing woefully inefficient software any more because you app spends all of its time parsing text files instead of doing real work.
My friend, Virtual PC does run BeOS. However, that said, there is a major bug. I can do everything with it, except type; it hangs on keyboard input. That said, I get a 16 bit 1200 x 1600 display for BeOS with the ability to run any application natively installed on the OS, plus some downloads which I used shared disks to transfer into Be.
couldn't they sue you under the DMCA for that?
When I finally got DUN fixed (which it had FUBAR'd) and went back online, in less than 10 seconds, ZoneAlarm blocked this probe:
Well, DUH. You were using Dial-up Networking! You got assigned an IP that had been in use right before you dialed in! And obviously, the previous owner of that IP had some contact with a Microsoft site. Therefore you got a TCP packet that were destined to the last owner of that IP.
No conspiracy here. Move on, time to remove your tin foil hat.
Sheesh...
It's "lazy" admins that are the bane of the 'net; code red, lion, nimda, slammer, etc.
As for lazy users, well, you're the ones partly responsible for crap like melissa and the one worm that mails random documents to random email addresses.
Go, you!
They're as cheap as the rest of us :p
In case Slashdot readers have not been paying attention, Microsoft now promotes trustworthy computing. Trust is a two-way relationship; therefore, now that we are able to compute with MS products in confidence, it stands to reason that the same level of trust extends from Microsoft to users. The writer of this article evidently has not kept up with recent news.
It's only funny until someone gets hurt. Then, it's hilarious.
Perhaps the same way Debian does: Debian sends you a list of available packages, and your local apt client decides which to install. And if you install through a web cache, the Debian servers never even get to see what packages you download.
And, in any case, they never need to send information about software they clearly don't have patches for (like Mozilla or Java).
Microsoft receives this information because they want to spy on their users and have the best marketing and user info to beat their competitors, not because they have to. Or maybe they receive this information because their technical imagination is as limited as yours.
I noticed a few odd things while I was working with the microsoft windows media asf protocol. For example when you connect with mplayer version 6.4.etc it sends, among other things, a http var labeled xClientGUID and looks something like this:(my key has been obviously removed)
X X}
xClientGUID={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
A quick search through the registry resulted in nothing for this key. Perhaps it's kept somewhere else or encrypted.
I realize this is a little offtopic, but I thought it might be interesting.
-asm
Comment removed based on user account deletion
Take a look at the up2date program...same basic functionality...sends a list of ALL of your RPMs to RedHat. How is this any different?
You can opt-out of sending the list of RPMs to the Red Hat Network, and it won't influence the update process. The option is big and clear, it's not hidden or anything.
But of course, excuse me for stealing from you the pleasure of badmouthing Red Hat.
You might as well add, in a quiet whisper, but is not limited to to the end of that one. It was written by lawyers after all, and should be taken literally. Now, if they were serious about privacy, and said This information consists of or something to that effect...
"Hot lesbian witches! It's fucking genius!"
I see this as a method to send false informaiton. Now that people understand what is happenning, can MS trust the information they are getting?
People could write perl scripts to connect, pretend to be a Windows box and send false into during the "update".
Worse yet a software company could up it's numbers and gain MS special attension and become aquired.
But, more than likely it would be a movie studio using the MS media player to pump up it's numbers.
Or, who knows. This might be a good way to setup a man-in-the-middle attack and preform a "special" update to Windows?
Time will tell.
-- James Dornan
-- Prepared at the direction of, or to be sent to Legal Counsel, in anticipation of litigation. Attorney Client Pri
that they're a bit disappointed with the quality and quantity of your porn. The guys in the mail room were counting on your having some good shit. Please try harder next time. We're all in this together kid.
Oh, yeah, and the DA would like to have a word with you about a couple of the images you did have. I'm not sure why. Maybe he's just a rotweiller fancier.
KFG
Check out the update re: media player. MS has the ability to track all media played on Media Player. So, a record of all your porn could be stored in Redmond, along with your IP address, date/time, etc. They might not get your name, but it wouldn't be that hard to track you down. How long until the government subpoenas MS for porn records? What happens if you happen to watch a porno mpg that contains, unbeknownst to you, a 17 year old? Hmmm......
"Would it kill you to put down the toilet seat?" -- Maya Angelou
No M$ would never, never abuse the user's confidence, or violate confidentiality.... no, no they wouldn't. Speaking of the oxymoronic combo of using the word "trustworthy" and Microsoft in the same phrase, exactly how fast can pigs really fly?
Have they actually stated this? I would love to see something in print. Quite deceptive - not surprising to us, but people outside of /. tend to like examples.
-Looking for a job as a materials chemist or multivariat
So, that means that MS has the largest db of pr0n titles ever!
"We shall party like the Greeks of old! You know the ones I mean." - HedonismBot
Comment removed based on user account deletion
First, the client would be a one-time install. No biggie there. Next, text is pretty small. I mean, you have to review the patches yourself anyway (please tell me you don't allow MS to decide what gets "updated"...). I can read pretty fast, but not as fast as my modem can d/l text. So I don't think the bandwidth is a problem.
And I would still rather have this client-side. They can deduce all they want, but they won't have things like reg codes, CD keys, etc, which I bet they collect. And I bet they also collect PCI serials. So, if they ever decided to bust you, they'll have all your hardware ID's and software codes. Yay!
-Looking for a job as a materials chemist or multivariat
Comment removed based on user account deletion
In a response to Smith published at his Website, Microsoft states it doesn't use the information at all.
If MS doesn't use the information, then why collect it in the first place? What a load of...
oh wait, working for microsoft.
I'm seriously, you guys. I'm dead tired of all the underhanded ways that go on on the internet. Its bedlam out here. Vagabond justice chasing the olive branch of the mighty dollar for all. I just clicked on 'Read More...' part and up came this story with a box-shaped ad for none-other than microsoft right in the middle of the page. Whaaaa-the-hell? granted it was internet explorer. So I goto Mozilla, no-ad. wait, then I do it again (on Mozilla) there it is again,
cept this time its for IBM. whashfck!?
I know there's adware and all of that, but when is this going to stop?
"Its very difficult to coerce or punish anyone over a TCP/IP connection." - Eric S. Raymond
Trying to figure what other companies they should push out of business.
This is competitve intelligence. My coffee maker reported back what brand toaster I have, or the fact that I have a toaster.
Maybe M$ wants to know what companies to aquire, or what competitive software to build, or what PROTOCOLS TO BREAK.
Open source development is my way of competing with the low-cost programmers in India...
I wouldn't be surprised if MS stooped so low, but I've updated several flavors and ran a sniffer and unless I'm missing something it doesn't appear that all my programs are being inventoried.
Of course not. Millions of people have the same exact software loadout I have. Right down to 45 different forms of the DeCSS source code as: an mp3 song, a graphic, in C, in Java, in Befunge, as a jpeg of me wearing it on a t-shirt... Well, with the exception of that last one, my permutation of software is pretty unique.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Windows 2000 SP 2 doesn't have those nasty EULAs in them. And that's what my systems run. I also still run MediaPlayer 6 for the same reasons.
I use Win2K because everything I run needs Windows. I don't use XP because I do not like the invasive EULAs and I think it is a bloated pile of useless eye-candy.
Boobies never hurt anyone. - Sherry Glaser.
Cool. I'll just write some programs that have very insulting names. I bet I could find a way to exploit this somehow. Not in a mean, hurt the world way, but mean, teach the nosey cat to stop snooping where he doesn't belong way.
It was all so damn obvious!!!
I looked down on WU with scorn from day one! I used it...what else did I have? It was a bad situation, to say the least!
Since then I have discovered the joys of RedHat 8.0 and I steer well clear of all this.
HOWEVER...
Why would Microsoft need this data? There is nothing they can physically do with what I have installed. It can't help piracy by any means...no illegal programs are stupid enough to be shoved into the A/RP menus. Name and address...possibly. Marketing love addresses, possibly email ones (MSN Hotmail spam....?). But then, what can we expect? We naturally hold a deep mistrust of big corps, and a behemoth like MS will arouse suspicion...and this is a goldmine for those that hold such a mistrust.
On a lighter note, SUE EM!!!!! =D
If you're happy and you know it read my blog
Does that mean if Windows Update provides updates for Appleworks (updates that don't necessarily work), they can go collect version numbers for Appleworks?
They want a monopoly on spam and they want a monopoly on updates.
Nice.
What about RedHat up2date ? How does it work and what does it send ?
The companion article states, In a response to Smith published at his Website, Microsoft states it doesn't use the information at all.
Well, then, why is it being sent?
Comment removed based on user account deletion
IE does the same thing every time it is started up. You just have to be quick enough to see it in older versions (5.5 and lower). As for newer versions, don't know if you could see it, but if I were ms, I'd make some changes to the source so you couldn't even see it to start with, and so it would bypass any firewalls. Trivial with access to the source.
a way to block a specific program from acessing the net? I know you can block IP address, but if I don't know what a particular program is talking to, I can't block it.
I know I could look at my log, then determine the address, but that would be after a connection has been made and the program might change addresses.
The Kruger Dunning explains most post on
"This information includes..." means just that.
It may include a great deal more.
Certainly the information they do collect is quite
sufficient to identify many users beyond a reasonable
doubt, contrary to their explicit claim that no
personal identifying information is transferred.
-I like my women like I like my tea: green-
This is no different than the typical CD player/MP3 ripper which queries the CDDB to find out the title of the CD and the name of the tracks. No big deal.
port 28801 is used for the MS game Crimson Skies. (Never heard of it myself either.) From what I understand, it is on the MSN Zone.
Huh? Many of the software packages I use are configured via plaintext files and perform extremely well, and are very easy to maintain in an enterprise enviroment.
So my concern is with repsect to the intregitty of the fly-by-night free software. Specifically does my debian/testing system send back my playist from gqmpeg and my viewing habit from galeon?
Should I change to OS-X??
Thanks
concerned linux user.
Someone needs to install their own programs, such as:
"M$ BiTeZ.exe"
"Suck it, Bill.exe"
"Stop SpYiNG.exe"
"Linux R0xx0rz.exe"
etc.
The original "discovery" was made by Louis Solomon of SteelBytes Software
He posted it to ntbugtraq on Monday Feb 24th
Here is the original post, where it describes the issue in a clear fashion, and does point out that Microsoft do tell you exactly what information they gather, however most people are unaware of this as they don't read the EULA - like me
kai
Specialist Mac support for creative pros, Melbourne
Dont forget XML!
Yes... Before you do that, you might want to consider how embarrasing it might be when people find out you've been watching Debbie Does Dallas on your office PC.
Oh Mr. Jones, blackmail is such an ugly word...
And will you be buying another thousand Office licenses? Wonderful! So nice to do business with you Mr. Jones...
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
/. paranoia strikes again. All this information is available in the Windows Update Privacy Statement. I guess it's good that someone bothered to verify, but this "scoop" is not much of a shocker.
You're right. I got this mixed up with the article mentioned just before that discusses the issues with Windows Update.
It's Clark Kent, you piece of shiznit
kthxbye eat a bag of hell
How can you prove this? All you've shown from the data is that Microsoft has a lot of market share, Mac has very little, and Linux has even less as determined by this company.
How in the world can you claim that it's because we haven't standardized on Gnome or KDE? Hell, you can't because Mac has a far more standard (and superior) UI than Windows, and it's stil way below on those figures. There's far more to this than you could even think to touch on with just the Gnome and KDE split. Correlation is not causation. Come back when you've got something better.
"I may not have morals, but I have standards."
Is anyone who is complaining about this NOT doing so because they are running a pirated copy of Windows and are now pissed off because there is now a to get aught???
I really like the way Sun handles patches, they have a much more intelligent system that doesn't rely on invading your privacy. Here's how it works:
1. You download the patchdiag.xref file from Sunsolve. This file is updated daily and contains a list of all patches available for all versions of Solaris. It's currently about 1.4 megabytes in size. You only need to download this once, throw it up on an NFS server and all of your Solaris hosts can use it.
2. You execute a Perl script called patchk.pl that compares your currently installed patches with what's available for your OS and generates an HTML page that is automatically opened in Netscape. The HTML page simply lists every patch you need and has check-boxes, a lot like Windows Update.
3. Check all the boxes for patches you need and click a button at the bottom of the page and Sunsolve generates a tarball of all your patches for you.
4. Download tarball and install from single user mode.
That is the proper way to do it, and it seems like Windows Update used to do that in previous versions but the xref file got to be too big for every single client to download every time. MS should provide an xref file that Windows administrators can download and run Windows Update across their enterprise using the xref file, not sending any information to Microsoft.
Sun has been selling systems to three letter governement agencies for quite some time that would never even consider purchasing a product that "phoned-home". If Microsoft wants to play in that ball-game they need to pull their head out of their ass and provide real enterprise level patch management.
P.S. The ability to roll-back a failed Windows Update would be nice too...
"When the president does it, that means it's not illegal." - Richard M. Nixon
Privacy policy? Windows Update says, when it generates the list of updates, that it doesn't send any data back to MS (at least it did ~1.5 years ago).
They that quote Benjamin Franklin on liberty and safety deserve neither.
naaah ...TOO easy
Next time , consider using the PREVIEW button!
Comment removed based on user account deletion
Finally and most importantly, run ZoneAlarm. This makes it extremely easy to stop hidden windows components from phoning home, and you might just be surprised when you find out what else it's stopping. For example, my HP keyboard driver was trying to contact HP for god-knows-what-reason.
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
It is impossible for a man to learn what he thinks he already knows. - Epictetus
True. And I have far more ideas than I have time to do anything about them --.meaning that I lots of what you call 'just that'.
And if I had some time, first thing I would do is move my blog off of my Slashdot journal. It isn't like I don't have a server of my own...
- -
Are you an SF Fan? Are you a Tru-Fan?
Windows Update blocked invalid XP keys. And, since XP is always connected to MS in some sick way, they switched windows update for WIN2k as well, since it has most of the GUID stuff that XP standardized on. Its all about control baby. Making sure that you're a good boy, toeing the line and following the rules. Welcome to Amerika.
troll? I was being serious. They do provide third party driver updates and that is convienent.
Sheesh, some moderators.
Finkployd
I treid to get Adware to remove Windows but it didn't work.
http://www.lavasoftusa.com/
M$ have been dodgy since their inception and nothing they do will ever shock me any more, whether strictly 'legit' (like buying out new technologies and grafting a cumbersome, useless and clunky M$ front end on it to the point where it's usability is negated) or totally dodgy (90% of their activities - hehe). The point I want to make is this - if the software was written properly in the first place, there'd be no need for Windoze Update and the multitude of patches to fix serious security holes et al... isn't it time to look elsewhere for your computing kicks? Spread the message - be deviant in your useage whatever the hardware/software configuration. The more people (users who know nothing of the IT sector must still get sick of WinUpdate's constanr demands) who realise how shoddy this ParaDOS (a paradoxical OS - it's an Operating System that doesn't really Operate) is then the more of them might start to actively seek alternatives... we hope :)
I used Opera (running on Win98SE).
My message said:
"You must be running a Microsoft Windows operating
system in order to use Windows Update."
SO, no IE, no Windows
"it doesn't include anything about 'installed software', with the exception of device drivers."
And this is not "software"? correct me if I am wrong but isn't a device driver commonly or uncommonly considered "software"? I can write a device driver which in 99 % of cases could allow or NOT allow this information to sent.
I may be drunk but scanning my machine to see what software I have DOES make it possible to uniquely identify me.... what the fsck use is a MAC address on my network card used for anyway?
lemme guess to make sure I am who/what I say I am?
And to start another thread I am a pirate I believe that the software I have "paid" for whatever reason or cost is just that a tool that is used to create something else. I legally purchase a toolset that includes a hammer and nails then the company that "owns the patent/copyright" thereby owns a finished product that I developed/created using their hammer and nails have a right to "confisicate" r.e. use for their own uses doesn't seem right to me but the usual IANAL applies here.
P.S. AFAIK once is it is on YOUR hard-drive it is your data and no one has any business "inspecting it"
which would also explain why microsoft would be wanting to become exempt from the anti-spam law. windows just becomes spyware for microsoft to further advertise directly to their customers.
I know you are psychotic, but please make an effort.
I just had a look to see what Apple's SoftwareUpdate does.
Unlike Windows, there is no decoding required, everything is sent in human readable XML. With the help of tcpdump, you can see exactly what is going on.
First it does:
GETHost: swscan.apple.com:80
This returns a list of things to scan for. It then does the scanning and posts the results to:
POSTHost: swquery.apple.com
In the list of things to scan for, the only obvious 3rd party things are
Although it is sending info to Apple, it looks like it is only sending information it really needs in order to choose updates. Of course there's nothing stopping them changing this at any time. Then again I trust Apple more than I'd trust Microsoft with this sort of information.
God damn, your life must suck.
No, no, no. Try reading what I wrote. The 67.etc. was *my* IP (a normal IP address from the UUnet POP that I was using at the time). 207.46.etc belongs to M$. Go look it up at whois.arin.net. M$ dinged ME, not the other way around. NO browser was running, either (I never use IE online regardless).
And this had NEVER happened before IE5.5 was installed. (I checked my ZA logs all the way back, just making sure.) -- I recognised the IP address reported by ZA as belonging to M$, and that's what got my attention.
~REZ~ #43301. Who'd fake being me anyway?
Thanks for the info -- I'd hunted around and couldn't find any reference to port 28801 other than the whole 28nnn range being "unassigned".
Never been near the MSN Zone myself, nor heard of any such game. Pretty weird!
~REZ~ #43301. Who'd fake being me anyway?
If you want to get serious about patch management (and download privacy) on MS systems (client or server), get Software Update Server from MS and quit bitching here! They're really trying to catch up and I think they're making some progress. Not to say more is needed, but they sure are making RedCarpet look more like the cobbled-together mess it is. I'm all for bashing MS for things that truly suck, but, let's face it... managing updates for that kind of user base with that vast of a set of S/W offerings has got to be a bitch!
Can I bum a sig? I left mine at the office.
You don't get the point, do you? 67.etc was your ip, but it belonged to someone else a few minutes before that. They were probably disconnected while surfing on Microsoft's webpages, and when you came and took over that IP, Microsoft tried to contact the previous connected person, but got you instead.
True CHAOS, not to worry...
MS has been springing up left and right with all kinds of x86 hardware besides just mice and game controllers. Of particular note is their foray into producing networking gear, which, IIRC, seems to be the type of device driver I find most often available when updating my work systems from WU. Coincidence?
I would say "I think not", but if I did and if Descartes were right, I would then vanish into a puff of smoke.
Can I bum a sig? I left mine at the office.
207.46.203.94 is not a webserver as such (no content). Try it yourself. Right now it comes up no-connect, but at the time it produced some peculiar error message (which unfortunately I didn't save), of the sort you get when you hit some server that's not expected to be seen by the public.
And [checking logs] *I* had that same 67.etc IP "a few minutes previous", and hadn't been anywhere near microsoft.com. [Was real common with that POP to get the same IP over and over even on dialup.]
~REZ~ #43301. Who'd fake being me anyway?
Then again, maybe I'm the troll and you know full well what would happen if you divulged enough info for MS to identify you.
Can I bum a sig? I left mine at the office.
I remember: when using FoxPro 2.x (the MSDOS version), if you created a shortcut to the main executable Windows automatically set the "fox head" icon + other parameters for your ".lnk" (this was in Windows 9x). This behaviour was present with the Borland C and Pascal compilers.
You can check all the "preconfigured" apps (those which will get their personalised icons from Windows) by opening the file moricons.dll in your Windows folder with a resource editor. Or by creating a random shortcut, choosing "Change Icon..." and browsing for the moricons.dll file.
HAHAHA! You guys are morons.
You believe everything The Inquirer prints, I guess? If so, we are all aliens and John F. Kennedy is living large with Elvis somewhere in upstate New York with a half-giant/half-alien baby.
Come on. Post news from creditable sources -- not this Inquirer crap.
Then why does it also send a unique identifier for your WMP installation?
How much of my computer information is really going to be that much different from the next bums anyway? And why should I care that M$ knows I've installed photoshop, a borland compiler, and a copy of age of empires II that I decided not to register? They don't got nothin on me.
As for MPlayer, you can disable the Media Player setting for reporting back to M$... but since M$ doesn't spam you with advertisements there's no reason to really care.
Of course, the argument changes if you're a stingy bandwidth-nazi.
gorgo: *lol* :) :>
joey: what's so funny?
shh, joey is losing all sanity from lack of sleep
'yes joey, very funny'
Humor him
-- Seen on #Debian
- this post brought to you by the Automated Last Post Generator...