Slashdot Mirror
Examining Microsoft Update
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
Remember the little "No information is being sent to Microsoft at this time...." message during updates? Wait, why am I laughing?
The EULA also says that they can delete what they want (at least what they say that violates DRM, and their sofware is not know to be very intelligent), and have others that says something like they own all what you transmit thru they servers...
In fact using their software (and then accepting the EULA) is like simply close your eyes and pray that the big depredator which is in front of you isn't hungry right now, and will not be all the long time you be there.
The list of patches that Microsoft must have is HUGE
Yes, as it is for any OS vendor. But so what? How much data to you actually have to send? Not a whole lot - just enough to identify what piece of software it's for and what version it is. If you can't store all of that in, oh say, 20 bytes, then you're screwed in oh-so-many ways. Hint - encode the software identifier in a 32-bit or 64-bit number, and the version string in the remaining bytes.
So, let's say you have 1000 patches available for the OS in question -- and, yes, patches are OS specific and MS has that much info from you already. That's a 20,000 byte download. Even at 14.4k it's only 20 seconds. Big deal.
The system then has to process the list and figure out what it may need, then request additional data for each potential patch... but you're going to have to download that information anyway, and there is minimal additional overhead.
It might take slightly longer, particularly over slow links, but it's a hell of a lot more user and security friendly.
Even if the poorly designed manufacturer's website is the only one with the working driver?
I had a bad experience along those lines with the Windows Update site, where a particular sound driver (I forget which, at the moment) from them would not work with my hardware, where the one from the manufacturer's website did.
All I want is a kind word, a warm bed and unlimited power.
Give me a break. Your acting like windows users should be living with a constant fear that Microsoft "agents" will suddenly appear at their front door to give them a beating.
Ummm, years ago when I was in high school and working for my mother, we had purchased a software package from a company that wrote medical office management software. I had noticed that all of the manuals were photocopied and we had no original disks for Microsoft software that was included in the package. I called Microsoft about this and they had in our office the *next* day two dudes from Microsoft and an FBI agent asking to examine our computers. We ended up getting screwed because the guy whose software we purchased was smacked hard by M$ as the package we bought went unsupported after that.
Of course this guy was absolutely stealing and should have gotten what he deserved, but my point is simply that, yeah, there are Microsoft agents of a sort and they do show up at your door.
Visit Jonesblog and say hello.
(Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.
I like my women how I like my sugar.. granulated.
First of all, nowhere in either article does it say that Windows Update is sent info on what software you have installed. The payper view article mentions that it does send hardware info, though. But we knew that via both the EULA, and the fact that this is the intended purpose, to update drivers for hardware and OS patches.
Don't believe the alarmist titles to articles. Do you all fall into this trap with the evening news as well? "Tune in for the Radon discover that just might save your familyu's life."
I know that you guys are smarter than this. Use your brains.
what? what I thought we were in the trust tree in the nest, were we not?