Vista is Watching You

greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."

Egomanical monitoring of the populace?

[LoadWB]

Is this another example of Bill Gate's Microsoft micromanagement leaking out into the general public, or is this truly a way for Microsoft to help fool-proof Windows operations?

If this is nothing more than a way for Microsoft to ensure that Windows operates properly and to find potential issues, data collection should be an option. A lot of power users won't want it, and a lot of paranoid public won't either.

Of course, what choice do they have if they want/need to run Windows? If enough of the system monitors your usage and activity, not using those services pretty much makes your computer a brick.

Aside from privacy concerns, how much storage space and processing power is being used for this endeavor? Couldn't all that be put to much better use?

Re:Egomanical monitoring of the populace?

[brunascle]

Of course, what choice do they have if they want/need to run Windows? If enough of the system monitors your usage and activity, not using those services pretty much makes your computer a brick.

if the OS can function without an internet connection, it damn well better be able to function on a firewall that blocks access to MS servers.

Re:Egomanical monitoring of the populace?

[B'Trey]

it damn well better be able to function on a firewall that blocks access to MS servers.

Has anyone done any network captures to see what sites are being contacted? Is blocking *.microsoft.com sufficient? Is there a list of IPs that can be blocked?

Re:Egomanical monitoring of the populace?

[click2005]

In XP, Microsoft hard coded the IP addresses of various servers into libraries and software so it bypasses any attempt to use DNS resolution to block it. I'd bet in Vista there is something worse. Maybe thats why they were working on some kind of BitTorrent/P2P protocol. Route the data through other people's machines to get around blocking.

Ah! The irony!

[c0l0]

In the article, there's a Vista technology referred to as "Rights Management Services (RMS) Client" - I guess I'm not the only one who's midldy amused about the acronym used for that service ;-)
What's especially delicate about it is that the service's name uses the term "Rights", where many who are in favour of digital freedom would probably deem "Restrictions" a much better fit.

I bet if Richard Stallman were dead by now (please note that I'm glad and happy that he's alive and kickin'!), there'd be a chance he'd be rotating in his grave at high speeds because of this.

I work in an FDA-regulated environment,...

[Yewbert]

... and this kind of undisclosed(?) sneaky communication has to be considered a security risk from our side, and one which may very possibly invalidate the state of validation (in, again, the FDA-regulated sense) of numerous production-related systems that might eventually run on Vista platforms. We're testing Vista now, and as soon as I get my hands on a copy, I'm gonna poke arounnd and try to figure out what data is sent where, what happens if you cleverly block it, what options there are to just shut these features the f*** off, and many et ceteras,...

Anonymous?

[MontyApollo]

Seems like they would want to keep this data anonymous as much as possible too, or it would seem like they would have an endless barage of subpoenas for civil lawsuits like divorces, where one spouse wants evidence that the other was cheating.

Have we learned nothing?

[kebes]

The privacy concerns are obvious. I, for one, do not want to agree to having all kinds of (largely unspecified) information transmitted to Microsoft.

But even putting that aside for a moment. Assume that Microsoft is a friendly company and that you are confident they will never use this information "against you." Even in that case, this is a really bad idea. Why? Because security works best when you *minimize* the avenues of attack. By sending this information to Microsoft HQ, your OS opens itself to new attacks. On the one hand you have the possibility of MS's servers being hacked, and your information stolen (or the transmission being intercepted and copied). But much worse, this transmission functionality can be co-opted by malware or viruses.

Every functionality you include in the OS is a functionality that "the enemy" (malware, viruses, crackers, etc.) can (and will) use against you. In particular, every network-enabled program is a potential security breach. Hence, we should always be disabling as many services (especially network services) as possible. By having all kinds of code that is constantly communicating outside the machine (with no notification to the user), built into services that the user cannot sensibly disable, you are leaving a tempting target for "the enemy" to find vulnerabilities.

Add to this the fact that it makes it harder on network admins to pick out suspicious traffic. If all these Vista installs are constantly sending out packets of information, how can the sysadmin tell when one of those machines has been taken over, and that "phone MS HQ" service is now sending nefarious packets?

Is Vista a product, or a service?

[Morgaine]

I expect that the majority of people believe that they're buying a product when they purchase Vista, or when they purchase a PC with Vista pre-installed. That presumption may be entirely wrong though.

Certainly from Microsoft's point of view, and in view of their total focus on WGA, you've agreed to a single-payment licensing deal. EULAs may not be valid in some jurisdictions, but that doesn't seem to concern them. You live within their worldview, or else ... or else nothing, that's the only option. In fact then, you haven't purchased a product at all, but a service without any agreed terms.

Likewise, from the content providers' point of view, your PC and its software certainly doesn't belong to you, which implies that you haven't purchased Vista as a product. Instead, it's just a delivery vehicle for their content, and Microsoft is the guarantor of DRM safety to ensure that this is so. The fact that you've paid for your hardware and software as if it were yours seems to have escaped both content providers and Microsoft alike.

Perhaps in the future, people who are not technical will not own computers at all, but only rent content delivery vehicles?

That's where Vista seems to be heading ... although Microsoft probably wants you to continue purchasing without owning.

Re:This is my single biggest push to free software

[Ephemeriis]

This "phone home" crap is the single biggest thing that is driving me to consider open-source alternative operating systems and software.

I got sent out on a call last week... Their complaint was that the PC was running fairly slow and that it kept asking to connect to the Internet (yes, the poor souls were still on dial-up). I honestly expected to find an assortment of spyware/malware on the machine. Instead, I found a pile of legitimate software was trying to phone home.

Just about any HP camera/printer/scanner will install an update utility. Java has a updater that runs in the background. Real Player, Adobe Reader, Flash Player, Quicktime, and assorted Sonic software all have their own background updaters.