Slashdot Mirror
Examining Microsoft Update
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
Yes it is, Mikeage. You can only read about three pages then it cuts out on you. Please do a little reading before you post... just try it, perhaps?
suddenly I feel very tired
Note: Windows Update does not collect any form of personally identifiable information from your computer. Read our privacy statement.
Windows Update Privacy Statement (Last Updated 10/15/2002) Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
The process would look something like:
- Client downloads latest Update Management Software + Config File from server
- Client runs Update Management Software.
- UMS determines what patches are needed from inbuilt logic and information in configuration file
- UMS downloads and applies relevent patches
The system isn't fool proof. It may be possible for someone operating a system this way to determine what software you're running from the nature of the patches downloaded, especially if all patches are downloaded from one source. This can, to some extent, be reduced by bundling patches together so that someone running one of eight different programs or with one of nine different hardware devices attached, downloads a file with the patches for all problems associated with these eight programs or nine devices. But that requires honesty and integrity on the part of the operator of the Update service.The allegation that Microsoft doesn't do this, and lies to users by claiming it does, is quite damning. There's no need for Microsoft to get this information in order to provide the advertised service, and it should be able to stand by its claim that it does not get that information.
You are not alone. This is not normal. None of this is normal.
You just pirated a copyrighted, (Euro$)1.99 document onto /. ???
Are you freakin' CRAZY? I don't see a GPL anywhere on that site, dumbass!