Slashdot Mirror

← Back to Stories (view on slashdot.org)

Examining Microsoft Update

Posted by michael on from the policy-of-no-privacy dept.

eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."

3 of 773 comments (clear)

  1. Haha by mao+che+minh · · Score: 5, Interesting

    Remember the little "No information is being sent to Microsoft at this time...." message during updates? Wait, why am I laughing?

  2. Re:/Tin Foil Hat Off by Zathrus · · Score: 5, Interesting

    The list of patches that Microsoft must have is HUGE

    Yes, as it is for any OS vendor. But so what? How much data to you actually have to send? Not a whole lot - just enough to identify what piece of software it's for and what version it is. If you can't store all of that in, oh say, 20 bytes, then you're screwed in oh-so-many ways. Hint - encode the software identifier in a 32-bit or 64-bit number, and the version string in the remaining bytes.

    So, let's say you have 1000 patches available for the OS in question -- and, yes, patches are OS specific and MS has that much info from you already. That's a 20,000 byte download. Even at 14.4k it's only 20 seconds. Big deal.

    The system then has to process the list and figure out what it may need, then request additional data for each potential patch... but you're going to have to download that information anyway, and there is minimal additional overhead.

    It might take slightly longer, particularly over slow links, but it's a hell of a lot more user and security friendly.

  3. *ahem* by vmfedor · · Score: 5, Interesting
    Windows Update Privacy Statement
    (Last Updated 10/15/2002)
    Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

    Operating-system version number
    Internet Explorer version number
    Version numbers of other software for which Windows Update provides updates
    Plug and Play ID numbers of hardware devices
    Region and Language setting

    The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.

    Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.

    Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.

    --

    I like my women how I like my sugar.. granulated.