Slashdot Mirror
Examining Microsoft Update
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
I mean really, did anyone actually think M$ only collected information about patches? It seems like any chance they get to know more about you, or your "computing habits", they're going to take it.
Remember the little "No information is being sent to Microsoft at this time...." message during updates? Wait, why am I laughing?
Is this not a complete breach of the TOS that Microsoft offers when you sign up for Windows Update?
If not, it's at least a huge breach of trust, and users should not stand for it.
Trying to figure what other companies they should push out of business.
How can we comment, if we can't read the article?
Oh, wait...
This may also be an alterior motive to Microsoft buying Virtual PC from Connectix last week. They want this same data from Mac Users. I imagine if it's not there then it will be added to read all partitions mac/Linux/PC
Knowing what your customers have on their hard drives is sensitive corporate data. Basically, you know the Hot or Not Programs in the industry and then develop programs based on their hard drive residency!
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
According to the EULA for the latest versions of the OS Microsoft has the right to read any data you have stored on a computer which runs the OS.
Theoretically this includes data dumps of hard drive formats which the OS does not even support.
The reason why it sends info about other applications (and third party drivers for that matter) is so that they can attempt to be a single-source vendor of patches if needed.
While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.
Sig (appended to the end of comments you post, 120 chars)
i'll bet it totally gets confused if WinXP iteslf is pirated in the first place =]
along with Office and just about everything on the computer..oh well...I guess the police outside are for me
Here is the rest of the article, in PDF format. I'd suggest grabbing it and mirroring as soon as possible... this one won't hold up too long.
http://home.byu.net/~btc25/WindowsUpdate.pdf
One of the more interesting parts deals with how Microsoft can tell the difference between product keys they generated and those done with a keygen.
I made the same mistake...it is ppv...you can read freely until the heart of the article, then it's 1.99 (euro) for the rest.
Nice claims, but we the free part of the article doesn't show any actual examples of data that's transmitted. At least not data apart from some generic xml tags.
Any easy way to verify this ourself?
I'm suspecting their claim is true, but I'd like to see the data...
Reinout
Reinout van Rees
Although I often semi-sorta-half-hearted-defend Microsoft when people make unsupported categorical statements or otherwise speak mindlessly, I am also willing to speak out against them when they are wrong. As in this instance.
I would have to do some research, but I believe this might violate their own privacy policy. Even if it doesn't, they really have no moral right to send any information about your system without letting you know what it is and giving you a chance to abort the whole thing. Yet I am unsurprised, in fact I expect every big company is doing this kind of thing when they can get away with it.
Not that I am saying "Everyone is doing it, so what is the big deal?" My attitude is more "Let's stop this crap now!"
So I have a suggestion -- someone should start an open source project to create a re-writing proxy for updates that strips out all the stuff Microsoft is sending in the updates, except what is absolutely needed. Make it open enough that we can plug it re-writers for other companies as well.
- -
Are you an SF Fan? Are you a Tru-Fan?
I am shocked - shocked - by this revelation.
I can see a legitimate purpose for it, from a bug-hunting and trouble-shooting standpoint, but I am highly skeptical that these are the only ways that this information is used. For instance, I expect that if MS sees a high number of installs for a particular app, that it might decide to include that app in the "OS", such as a personal firewall, for instance. Oh, wait...they already did.
An interesting compare/conrast to see is what MS license agreement says about this and what their public statements have been.
Also, is there going to be a DMCA action here? Ugh.
GF.
Lots of petrified grits
Come on, be honest. Who's genuinely suprised by this?
Summation 2
Yes, it is pay-per-view beyond a certain point, but the meat of the story is in the stuff sent back to MicroSoft, which they've updated to be free at this link here: http://www.tecchannel.de/betriebssysteme/1126/14.h tml. It seems to be information on hardware in the machine. I'd like to see MicroSoft's response to this.
got the new ultra psyware
Great! Where can I get psyware? I've been looking for a way to get rid of my mouse and keyboard. Dos it allow a USB 2.0 connection to my nervous system, or does it use 1394?
GF.
Lots of petrified grits
Assuming "nothing is sent" is about as smart as checking that "trust everything from microsoft.com" checkbox for the activeX control Windows Update downloads. You'd have to be a quart short of an oil change to do either.
below from the M$ site... they tell you outright that they are collecting this info. What's the big deal?
Windows Update Privacy Statement (Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Note: Windows Update does not collect any form of personally identifiable information from your computer. Read our privacy statement.
Windows Update Privacy Statement (Last Updated 10/15/2002) Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
They've updated the story to give the full info on what gets sent back here: http://www.tecchannel.de/betriebssysteme/1126/14.h tml
> or does it use 1394?
I think it uses 1984.
Client Info Schema and System Info Schema.
They appear to get a copy of your registry, as well as information like processor architecture, manufacturer, printer(s?) etc
In fact the article says the biggest privacy concern is the hardware list, which doesn't seem that big a deal to me.
http://clients.fbagroup.co.uk/slashdot/WindowsUpd
What I want to know is why fricking Windows Media Player tries to "Phone home" all the time? That thing is harder to get rid of than the clap, and about half as useful. I have my firewall specifically tuned to stomp on it every time it opens its digital mouth.
This is hardly a surprise, and definitely adds a good bit of weight to all those people who call Palladium the death of privacy.
Just my 2.34539 yen worth.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
You mean they can see my Kenny G. pr0n screensaver?!?!?!?
Got sushi? The Sushi FAQ
... you'll see that - contrary to the Inquirer story - it doesn't include anything about 'installed software', with the exception of device drivers. No applications, no utilities - nothing that MS is likely to want to compete with, and indeed nothing that MS doesn't overtly mention in its own privacy policy.
So what's the problem?
I have to say that it's not nearly as scary as advertised. There are two complaints:
1. The Windows Update tool sends to Microsoft a complete list of what hardware you have.
2. If the Windows Update server claims to have an update available for product X, the Windows Update tool will check to see if you have product X installed, and report back to Microsoft.
Well, *duh*. The only way to avoid doing this would involve downloading a complete list of all the updates available for every supported piece of hardware or software. Based on the size of the windows HCL, I'd guess that this would require tens of megabytes of bandwidth -- all so that Windows Update could pick out the half dozen entries which are relevant.
Tarsnap: Online backups for the truly paranoid
Dear Steven,
Good point. Your previous Slashdot postings are also good, except for that one about Linux.
Sincerely, Bill G.
According to a WHOIS, that site is registered to a MarketSmart Technologies in Florida... ...I'd be a bit wary of giving out your info.
Thanks for posting a link to this information. Based on what is here, I see no reason to panic. First, it doesn't appear that any information is sent which would identify the machine the information came from. All they get is, "There is a macine somewhere with a Lite-On CDR in it."
Windows Update has offered me updated device drivers in the past, so I think the inclusion of hardware info could be defended on that basis.
Personally, I like the way cvsup works. You ask for what you need and a file list. Or so it seems.
cvsup is far more invasive than Windows Update. When you run cvsup, it sends a list of all your files (in the relevant directory, of course) to the server. The server then looks at the list you're sending it and decides what you need to have updated.
Tarsnap: Online backups for the truly paranoid
Has anybody actually read the policy? If you read it it doesn't really sound like they've done anything they said they wouldn't.
Just thought I'd point out that there is already an open source solution you can use to avoid this invasion of privacy, its called linux.
Just had to say that, but on a more serious note, I use Red Hat Network to keep a few Red Hat Linux boxes updated with current patches and it does much the same thing. But there is a big difference.
When you register a box it tells you exactly what information will be sent to RHN about software on your box and allows you to opt out.
The benefit here is two fold in that RHN only sends you updates for the software that is installed on your system and you get updates for any software package that Red Hat supports beyond patches for just the kernel.
What I'm not sure of is if they track all applications you've installed even if they don't support them. Although I still wouldn't be concerned because they tell you up front what information you will be sending to them and you can say NO.
burnin
OK, so they don't collect information that can personally identify you as the "owner" of software(s) X. It's all about the fact that they are getting a survey of what's out there. How many users have software x, legally or not.
I don't mind tivo using my info to better programming ala the neilson ratings. BUT I do have a problem with Microsoft using my data (without asking) to adjust their business plans and/or methods of sales, tracking, schemes, etc.
ie "Software maker X has sold 500K copies, BUT our windowsupdate show's that there are 600k copies being use...."
Here in Holland (I don't know the laws in the rest of the world too well) any contract that you sign which contains clauses that are illegal, is null and void. Any statement of MS having the right to download anything off MY computer would seem to me totally illegal and would probably void the whole EULA. ;-)
I did read the EULA of the Dutch version of Win2K SP3 completely and never found any clause that would allow them to download anything off my PC without my consent.
Sadly I'm stuck with Windows since I cant (yet) afford a mac to run Adobe apps on. When oh when will Linux/FreeBSD/X get decent colour management and ports of proper graphics apps like Illustrator, Photoshop and InDesign??? The GIMP is a nice toy, but it's hardly of any use for print production work. And KIllustrator and the like are simply a laugh too for any real work.. The Linux/BSD vs. Windows ratio is now 4:1 in the favor of the free, but I'd like to get rid of Windows altogether. Give me my killer graphics apps!! I'll even pay for them!
Saving up for that Mac in the mean time..
Learn from the mistakes of others. There isn't enough time to make them all yourself.
According to the (full) article, Windows Update sends a list of hardware installed on your system, but not a list of software. Version numbers for Windows stuff, like IE, are sent, but not any info about other software on your compouter.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
Yes, we don't not track you.
Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways.
Despite loving many Microsoft products and the line of NT OS'es, I wouldn't trust Microsoft as far as I could throw them.
You cow-orker was right.
Now, look here, there's no need to be mean.
-Waldo Jaquith
Yeah ... Can you say "spammer troll"?
Bleh. Just contact Microsoft directly at:
http://support.microsoft.com/default.aspx?scid=fh; EN-US;FEEDBACK
-/-
Mikey-San
Mikey-San
Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
Why doesn't some enterprising individual simply monitor Microsoft's various OS's for updates and then link to the downloadables? Of course, it would be possible for MS to remove downloadables but then this really causes frustration for those who are maintaining systems that cannot access windowsupdate.com. I'm not sure that they could do it - they'd have to install spyware in the actual patches. But then we could configure the firewall to block everything MS.
Or we could all just get Mac's. I'm almost there, unless someone can put together a KDE or Gnome with some usable functionality (like device management and system configuration in ONE GODDAMMED FUCKING LOCATION).
Apple!!!! Bring OSX to X86 and we will make it worth your while!
Life is the leading cause of death in America.
I am running Win 3.11 with IE 6.0 and what you're suggesting will interfere with my support!
They could do it all client-side, keeping the data store and package list avaliable locally.
Portage (I assume) doesn't tell gentoo home base what packages I have installed, but it knows which ones I need all the same.
I think a lot of people don't want anyone to know that they use "borrowed" versions of software that they should have payed for. They see that MS might be able to check what they are running and if its being run illegally so instead of thinking I guess the free ride might be over soon. they immediately go into defensive mode, claiming that MS is the devil and that only a "monopoly like them" would ever consider doing this.
You know what? I don't care if they can check to see what I have running on my computer. If I use an updating service made by Microsoft for products made by Microsoft, I almost automatically assume they are getting just about every piece of info off of my computer that they can get. As long as its not anything important (like e-mail, names, credit card numbers, etc) I could care less, I have nothing to hide. If MS wants to see how many people use a certain piece of software, all the power to them.
I guess it all comes down to reading the fine print and knowing that most of the time, the company is looking out for the company, not the customer.
I'm not saying MS should get away with everything it wants to do, but I do think its funny that people are surprised that a service that gets information about your computer actually gets information about your computer.
And I quote:
Full article can be found here.
Comment removed based on user account deletion
It's not not THAT enquirer.
No, most other platforms do everything client side. The updater says 'give me a list of all available updates', and then the updater does the filtering client side. Only the release number overall of the OS is known.
Sure, updates downloaded from MS sites could be tracked easily anyway, each download request could be associated with IP and such. But if non-MS programs are being probed, then they are wrongly exploiting the updater.
XML is like violence. If it doesn't solve the problem, use more.
Comment removed based on user account deletion
The Devil came to Redmond, looking for some souls to steal,
and there he met with Billy G, who was just about to make a deal.
Said the Devil, "Hey Billy, you look bored, would you care to make a bet?"
And Billy he smiled slyly, and said "Dude, there ain't a deal that I've missed yet."
So the Devil took his keyboard and showed Billy his new game,
Saying "I wrote this quick, in VB6, now see if you can do the same."
Billy G, he just smiled his smile, and took the keyboard away,
and said, "Devil, you're behind the times, and you clicked on the EULA,
"Now you've run Windows Update, and your soul belongs to me."
And the Devil knew he'd met his match, so he turned and tried to flee,
But Billy G was much to fast, and he caught the Devil's long black cape,
Saying, "Devil, stay and play a while, we have a whole wide world to rape."
Sig for sale or rent. One previous user. Inquire within.
First of all, the example data sent is available free, as one poster above already listed. There's no software described there other than Windows itself.
Second, the System Info Schema, as posted by another above, is pretty explicit about what registry keys are available to be sent, and it's pretty tame.
Frankly, I have no problem letting them know exactly what hardware I've got running. How can they harm me there? Perhaps a malicious hacker could grab this data and find ways to abuse my network card? Pretty slim.
Call me too open, if you will, but I'd be happy if it would let me know about other MS updates, such as Office, without having to also visit MS' office site. Update those automatically? Never. But it's much less convenient than the Windows Update site.
I greatly doubted that it would be sending large quantities of personal data, because it just doesn't take that long. The ones to worry about are the virus scanners, that take the time to examine every freakin' file.
In summary:
Design for Use, not Construction!
Comment removed based on user account deletion
There are a lot of people in this thread that realize that WU does NOT send a list of all software installed, but they are being drowned out by the highly rated comments about the evils of MS. The "software list" is actually a list of drivers installed, which is fine, because MS will post updated drivers for you to download. It should also be noted that one of the articles posted is from the Inquirer, the same people who predicted hell on earth in y2k, and believe in tinfoil hats.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
HKEY_LOCAL_MACHINE\Software\IllegalMicrosoftStuff\ BillGatesVISAnumber\8605412399653153
h Da te\2003.06.21
.... hey, why not have some fun with it? q:]
HKEY_LOCAL_MACHINE\Software\MSKillerVirus\Launc
HKEY_LOCAL_MACHINE\Software\Linux\"format c:\; install Linux"
MadCow.
I used to have a sig, but I set it free and it never came back.
(Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.
I like my women how I like my sugar.. granulated.
Really. Run Windows Update right after a new Windows installation, without other programs installed; therefore, no interesting information for Microsoft (other than Notepad and Paint being installed).
After that, subscribe to one or two good security mailing lists and never use Windows Update again (you will probably find out faster about new vulnerabilities anyway), and download the appropriate patches directly from Microsoft's web site, by following the security advisories.
Agreed, it's a little extra work, but as far as I care, it's worth it.
>This has got to stop.
Why do you say that it has "got to stop?"
Do you thing the DOJ consists of a group of people who took power via a coup d'ètat? Or do you concede that the Department consists of individuals who have been appointed by elected executives and confirmed by an elected Congress?
Whether the current government is a true expression of the will of the American people, or the current government is a result of our apathy (even antipathy) toward the democratic process and the political party structure, it is not reasonable to wait until a crisis at the Federal level to take action.
"Something" can be done. In twelve years or less, the Federal government will be largely composed of individuals who are at this moment seeking State and local office. If you have not developed a relationship with these politicians or their parties NOW, while they are accessible, and if you have not participated in the process of putting them in office by CAMPAIGNING and VOTING, you may find yourself in precisely the same position a decade from now, claiming to be powerless to affect the process, and demanding that "something" be done.
Something *is* done, and the people who make a priority of participation in the political process of this country are the people who shape government. Whether you choose to participate or not, you are still part of the process.
Apathy elects our leaders.
-fb Everything not expressly forbidden is now mandatory.
I use the Update Agent in RedHat almost on a daily basis - the RH Network knows absolutely everything about my setup (programs, modules, etc.) right down to what version of the Kernel I'm running - that way they can inform me of vulnerabilities and problems that I'm probably susceptible to as soon as there's an update available...it's a "good thing".
Why is it that when Microsoft does this kind of thing, suddenly there's a more sinister motive behind it all?
I don't hear anyone complaining about Redhat's privacy policies...
I wonder, is microsoft using their autoupdate site to spike or sabotage their updates on old products to force the users to purchase newer upgrades? I am an avid (and registered) user of windows 98 2nd ED for 2 of my machines. The others run BSD, RH Linux, and Solaris, it seems like the more i update from the original install the worse it operates, on both machines, new and old. I figured it was my own machine until i reinstalled the entire os and performed an internet upgrade. Now the explorer locks up after upgrading a clean install but not before. The entire pc gets unstable after upgrading and I am concerned that they are sabotaging the upgrades to create instability to force me to buy their new XP. I WILL NOT BUY OR UPGRADE TO XP! This is insane, I wouldn't run Windows at all if all the darn games that I play worked on other OS's. Just my 2 cents. Hey, and let me know if they are sabotaging their upgrades or its just me.
Life's far too short to use IE.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
http://www.microsoft.com/downloads/search.aspx?dis playlang=en
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Anyone has an idea what could be achieved by sending fake information ?
This is a Virtualized PC -- all it sees are the hardware components emulated by the host operating system.
/dev/dsp.
This is akin to saying that VMWare can somehow tell my that I have an SB Live! -- it can't. All it knows is that it has SB16 emulation inside, and that it writes the output of that to
This is pure paranoia talking. Perhaps you should invest in more aluminium for your head.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
First of all, nowhere in either article does it say that Windows Update is sent info on what software you have installed. The payper view article mentions that it does send hardware info, though. But we knew that via both the EULA, and the fact that this is the intended purpose, to update drivers for hardware and OS patches.
Don't believe the alarmist titles to articles. Do you all fall into this trap with the evening news as well? "Tune in for the Radon discover that just might save your familyu's life."
I know that you guys are smarter than this. Use your brains.
what? what I thought we were in the trust tree in the nest, were we not?
As explained by Russ Cooper of NTBugTraq in a lengthy rant on Tax Day of 2002, Windows Update is a horrible piece of crap. He followed it with another lengthy rant about what he thinks Microsoft should be doing instead of Windows Update.
In the meantime, while downloads are large (~1.5MB), the XML package you get for HFNETCHK searches your system for proper file versions and remains the most reliable way to ensure your system is properly patched. Unfortunately, the best tool for checking your patch state (HFNETCHK) doesn't help you download the patches you need. It does identify the MS security alert addressed and even the KB article, but it's not painless. MBSA gets you one step closer by actually having the URL of the KB article, but it's not as painless as downloading updates via Windows Update (when WU properly identifies your patches).
Anybody who's used the atrociously-bad Automatic Update Service will know that it doesn't cover many important software updates and neither does Windows Update. In fact, if you use all three products, you'll frequently find that each product identifies a different set of patches that are required, and usually, none of them list all the patches identified by the others.
What I've found is that HFNETCHK actually identifies truly critical patches, while Windows Update improperly identifies non-critical updates as being critical. For instance, it tells you that installing Internet Explorer 6.0 SP1 is critical (even when you're running a fully-patched IE 5.5SP2) or even worse, it tells you that a patch meant to improve functionality of using a non-IE default browser is critical.
Sorry, but as much as I hate MS and as much as I prefer Mozilla to IE for my own browsing needs (and even though it works better), I don't make it my default browser anywhere, especially on servers, so this update is hardly critical.
In short, while sysadmins at least have a chance to stay fully-patched these days--unlike the days before Code Red--MS still has incredibly shoddy patch management tools, incredibly inconsistent patch installation mechanisms and still takes liberties with customer data it shouldn't need to take.
If Microsoft ever gets serious about patch management, they'll have a common tool that sysadmins can use to patch any and all of their MS software with a common interface and no unnecessary transmission of system-specific data to MS. Is that too much to ask? Apparently.
Keep an archive of all service packs for your OS
I installed all my best software on an ext3 partition!
Ha! Take that Mr. Gates!
Of course now they will probable start including ext3 drivers in the next Windoze.
Power tends to corrupt, and absolute power corrupts absolutely.
"Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways."
Found on the 'Net: "David L. Smith was not caught on the basis of the GUID, he was caught because the feds were able to trace the point of insertion of the virus into alt.sex from the ISP he used, then from the connection logs down to the phone number used to connect to the service. The GUID had nothing to do with it. There was also no indication that he used pirated software, just that he or someone had used a previously written virus and modified it into Melissa, passing on the unique GUID of the original document/macro author."
Just wanted to set that straight.
My friend, Virtual PC does run BeOS. However, that said, there is a major bug. I can do everything with it, except type; it hangs on keyboard input. That said, I get a 16 bit 1200 x 1600 display for BeOS with the ability to run any application natively installed on the OS, plus some downloads which I used shared disks to transfer into Be.
In case Slashdot readers have not been paying attention, Microsoft now promotes trustworthy computing. Trust is a two-way relationship; therefore, now that we are able to compute with MS products in confidence, it stands to reason that the same level of trust extends from Microsoft to users. The writer of this article evidently has not kept up with recent news.
It's only funny until someone gets hurt. Then, it's hilarious.
Have they actually stated this? I would love to see something in print. Quite deceptive - not surprising to us, but people outside of /. tend to like examples.
-Looking for a job as a materials chemist or multivariat
First, the client would be a one-time install. No biggie there. Next, text is pretty small. I mean, you have to review the patches yourself anyway (please tell me you don't allow MS to decide what gets "updated"...). I can read pretty fast, but not as fast as my modem can d/l text. So I don't think the bandwidth is a problem.
And I would still rather have this client-side. They can deduce all they want, but they won't have things like reg codes, CD keys, etc, which I bet they collect. And I bet they also collect PCI serials. So, if they ever decided to bust you, they'll have all your hardware ID's and software codes. Yay!
-Looking for a job as a materials chemist or multivariat
No he couldn't. The chances of getting drivers for any given piece of hardware from windowsupdate.com are incredibly slim. Among all the PCs in my household, only my main computer even has a single component detected by windowsupdate (my nforce sound, oddly enough).
It's been a long time.
Windows 2000 SP 2 doesn't have those nasty EULAs in them. And that's what my systems run. I also still run MediaPlayer 6 for the same reasons.
I use Win2K because everything I run needs Windows. I don't use XP because I do not like the invasive EULAs and I think it is a bloated pile of useless eye-candy.
Boobies never hurt anyone. - Sherry Glaser.
Comment removed based on user account deletion
This is no different than the typical CD player/MP3 ripper which queries the CDDB to find out the title of the CD and the name of the tracks. No big deal.
The original "discovery" was made by Louis Solomon of SteelBytes Software
He posted it to ntbugtraq on Monday Feb 24th
Here is the original post, where it describes the issue in a clear fashion, and does point out that Microsoft do tell you exactly what information they gather, however most people are unaware of this as they don't read the EULA - like me
kai
Specialist Mac support for creative pros, Melbourne
Yes... Before you do that, you might want to consider how embarrasing it might be when people find out you've been watching Debbie Does Dallas on your office PC.
Oh Mr. Jones, blackmail is such an ugly word...
And will you be buying another thousand Office licenses? Wonderful! So nice to do business with you Mr. Jones...
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
/. paranoia strikes again. All this information is available in the Windows Update Privacy Statement. I guess it's good that someone bothered to verify, but this "scoop" is not much of a shocker.
I really like the way Sun handles patches, they have a much more intelligent system that doesn't rely on invading your privacy. Here's how it works:
1. You download the patchdiag.xref file from Sunsolve. This file is updated daily and contains a list of all patches available for all versions of Solaris. It's currently about 1.4 megabytes in size. You only need to download this once, throw it up on an NFS server and all of your Solaris hosts can use it.
2. You execute a Perl script called patchk.pl that compares your currently installed patches with what's available for your OS and generates an HTML page that is automatically opened in Netscape. The HTML page simply lists every patch you need and has check-boxes, a lot like Windows Update.
3. Check all the boxes for patches you need and click a button at the bottom of the page and Sunsolve generates a tarball of all your patches for you.
4. Download tarball and install from single user mode.
That is the proper way to do it, and it seems like Windows Update used to do that in previous versions but the xref file got to be too big for every single client to download every time. MS should provide an xref file that Windows administrators can download and run Windows Update across their enterprise using the xref file, not sending any information to Microsoft.
Sun has been selling systems to three letter governement agencies for quite some time that would never even consider purchasing a product that "phoned-home". If Microsoft wants to play in that ball-game they need to pull their head out of their ass and provide real enterprise level patch management.
P.S. The ability to roll-back a failed Windows Update would be nice too...
"When the president does it, that means it's not illegal." - Richard M. Nixon
I treid to get Adware to remove Windows but it didn't work.
http://www.lavasoftusa.com/