How Windows 7 Knows About Your Internet Connection

An anonymous reader writes "In Windows 7, any time you connect to a network, Windows tells you if you have full internet access or just a local network connection. It also knows if a WiFi access point requires in-browser authentication. How? It turns out, a service automatically requests a file from a Microsoft website every time you connect to any network, and the result of this attempt tells it whether the connection is successful. This feature is useful, but some may have privacy concerns with sending their IP address to Microsoft (which the site logs, according to documentation) every single time they connect to the internet. As it turns out, not only can you disable the service, you can even tell it to check your own server instead."

The relevant bits

It is possible to disable NCSI by a registry setting if you don’t want Microsoft to be able to check your internet connection.

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
* Under the Internet key, double-click EnableActiveProbing, and then in Value data, type: 0.The default for this value is 1. Setting the value to 0 prevents NCSI from connecting to a site on the Internet during checks for connectivity.

Re:The relevant bits

[Noughmad]

It is possible to disable NCSI by a registry setting if you don’t want Microsoft to be able to check your internet connection.

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
* Under the Internet key, double-click EnableActiveProbing, and then in Value data, type: 0.The default for this value is 1. Setting the value to 0 prevents NCSI from connecting to a site on the Internet during checks for connectivity.

Oh, the user-friendlyness of Windows. Everything is so simple on Windows, while I imagine that on Linux (if it had such a feature), you would need to edit a text file with comments in it. Horrible.

Re:The relevant bits

[clang_jangle]

Because remembering to type "man" in front of the program name to discover what files configure it is just so horribly difficult. And then typing "vim .config", dear lord the TORTURE .!

Frankly, what CLI phobia tells the world is that *you* think you're an idiot.

Re:The relevant bits

[hairyfeet]

Oh please! I can make that into a little .reg file and go "See this thing? Go clicky clicky and reboot" and its done, period, the end. Just because YOU don't know how to make a .reg file doesn't mean the giant clusterfuck that is Linux CLI (seriously even OS fricking 2 has a solid API by now, having drivers break every time Torlvalds gets a bug up his ass is inexcusable) is in ANY way shape or form comparable.

I get can have a machine spend years without needing a SINGLE line of CLI, ever. Can YOU do that? Try this experiment if you think Linux is ready for the desktop: Remove ALL shells. C'mon, Linux is modular, yes? Then remove the shell or mod them down so you can NOT use them! I bet the machine won't even make 6 months, and you sure as hell won't be updating the thing, because without CLI Linux falls down like a house of cards.

Just face the fact that Linux is a SERVER OS, with millions being spent on SERVER tools, and the GUI is an afterthought at best. Sound breaks? Bash, Wireless fucks up? Bash. Video problems? Bash. Hell the answer to EVERY question in Linux is bash. Which is fine if you're an admin, CS grad, or geek with more time than money. For everyone else? News Flash: They ain't touched a CLI in 10 years and they sure as hell ain't about to start now. You show them a command prompt and they think "rinky dink Mickey Mouse OS" and frankly they are right. You should NEVER need CLI on a modern OS. The fact that Linux can't live without it just shows how far behind it is in the desktop arena. Embedded and server its great, desktop is shit.

Re:The relevant bits

[obarthelemy]

I'll bite

A) Windows
A1- Here's the doc
A2- type regedit
A3- change the key as indicated
Done !

B) Linux
B1- look for the doc
B2- open a terminal
B3- sudo
B3b- type in credentials
B4- open the file
B5- edit as per doc, being careful of where you add your line, misspellings

that's already a few more steps and more possible mistakes... but now the real fun begins:

B6- find out the doc was only good for Horny Huckster (which is 9.7), you have 10.5 (which is ... Priapic Prong ? maybe), look again
B7- don't find any doc you're 100% sure is germane to your setup/issue
B8- try a few, fail
B9- ask on the forums
B10- get shot down as a noob who can't even search for an answer nor ask a question right, 'coz everybody knows the right term is NCSI.

I'm exaggerating a bit, but this happens more often than not, and is the main reason why I'm still using windows. Linux mostly works out of the box, but any issue is hard to find docs or support for. In my experience, issues no longer happen as early (drivers are OK, installs have been auto-completing for me for a couple of years), but more advanced stuff is still very badly documented nor version-ed.

Example of cases this happened to me over the last year:
clean up the grub2 boot menu. Couldn't do it in the end, still had 3 choices for Windows (only 1 installed), one for my unbootable data partition... did find where to get rid of older linux kernels
setup RDP server
get rsync to work for NTFS to NTFS backups

goodbye karma ....

Re:The relevant bits

[Runaway1956]

Alright, I give up, you win. Linux i indeed a server operating system. And, the primary server I'm interested in is the Xserver. It fits beautifully onto my desktop screen, where I can play games, watch flash video in full screen, listen to music, browse the intartubez, do some serious computing, and read geeknewz.

WAKE UP PEOPLE!!! LINUX IS A SERVER OS!!!

Re:The relevant bits

[oakgrove]

My issue with the registry is it's lack of comments and relatively non-intuitive naming scheme. Even gconf-editor in gnome which reminds me a lot of regedit has comments. When I want to configure something textually, I just go to my home directory in the file manager, and look around for a file that is named something similar to the program I want to configure excepting being preceded with a "dot", i.e., a dot file and that's it. Just edit that file. It will probably be liberally commented so it's really not that hard to figure out what you're doing. For system wide config, look in the /etc directory. Same deal just without the dots.

Re:The relevant bits

[bennettp]

Sound breaks? Bash, Wireless fucks up? Bash. Video problems? Bash. Hell the answer to EVERY question in Linux is bash.

Life getting you down? Bash.
Boss riding your ass? Bash.
Spouse getting on your nerves? Bash.
Co-worker won't shut up about pet llama? Bash.

Hell. The answer to EVERYTHING is Bash!

Re:The relevant bits

[3vi1]

>> Oh please! I can make that into a little .reg file and go "See this thing? Go clicky clicky and reboot"

The fact that you instinctively think such a thing needs a reboot proves how well Windows has conditioned you to accept your Stockholm Syndrome..

BTW, the people in Linux that are going to the shell are doing power-user stuff (like Windows users who take advantage of powershell). You can get by without it: my kids and my parents have used Linux for years and have never *ever* used the shell. Swear To God (I keep them on stable releases, and there are no viruses to screw up their wireless, video, etc.).

How many Linux powered devices (ex. Android, Tivo, etc) are there in the world where the user has never touched a shell? Use of a shell all depends on how much you want to bend a system to your will. Microsoft didn't add powershell to Windows because shells are pointless.

Re:The relevant bits

[Xtifr]

I get can have a machine spend years without needing a SINGLE line of CLI, ever. Can YOU do that?

My brother's logged over two years running Ubuntu without ever going near the shell, so, yes. Nor, before you ask, have I been forced to come over and do CLI-based maintenance for him. He did the whole thing, from installation on, by himself with no CLI involved at any point.

Remove ALL shells.

And it won't boot--init runs shell scripts (as does cron). But that's different from the user not running a CLI. On any vaguely modern Linux, the user is "forced" to use the CLI about as often as a windows user is "forced" to use regedit, but, unlike regedit, the CLI is actually useful, fast, and efficient if you do decide to learn to use it.

Re:The relevant bits

[Dhalka226]

I'm not saying there are no problems with linux, or that it is more user-friendly than Windows in this (or any other) case, but you're hardly treating the situations equally.

For example:

Open doc versus find the doc. System-level configuration options tend to be quite well documented. How are you magically going to know where the documentation for an obscure feature is in Windows but have to look it up in linux? What the hell would you even search for? "My Windows machine seems to be pinging the Internet randomly and I want it to stop?"

Apparently "open terminal" deserves its own step, yet we're magically typing regedit. Where do we do that? Equality dictates there should be AT LEAST one more step in the Windows instructions at this stage, to open Start Menu -> Run or Ctrl-R (I think, anyway).

If you're allowed to edit system-level properties in Windows without Administrator credentials, you have an entirely different problem or, more likely, you're running as one constantly. If it's the latter, consistency once again dictates you've added an unnecessary step in the linux instructions. You're free to run linux as root if you want to vastly increase your chances of getting owned, just like you're free to do so with Windows.

b3 (sudo) and b4 (open the file) are one in the same instruction. You'll do sudo /path/to/config.file which will simultaneously get your appropriate privileges and open the file. You can have B3b if you want, subject to the above.

"Change the key as indicated" is pretty much no different than "edit as per the doc," even though you try to make it seem as if it is. In either case you're looking at documentation, finding the appropriate configuration value and changing its value. You may or may not have to add the line; if it's a feature defaulting to on, as is the situation in Windows, it will almost certainly be there. Likewise, where you add the key almost never matters other than for organizational purposes. And you have to be careful of typos either way. If the value in Windows is 0 or 1 it's likely to be the same in linux. You can fuck typing it up as easily on one system as the other.

In other words, if you're not deliberately trying to make Windows seem superior by fabricating the scenario to be simpler for Windows than linux, the steps are pretty much identical. You need to make sure the have appropriate privileges. You need to know what to edit, whether that is a key buried in the registry or a confgiruation file buried in a directory tree. You have to actually edit it, and you have to not fuck it up while you do so.

And that's without even touching the rest of your "steps," which even you admit are exaggerated.

I don't care what operating system you use; I'm not a zealout either way. I used linux for years. My PC primarily runs Windows (it has a linux distribution on a second partition that has gone from Red Hat to Gentoo to Kubuntu over the years, but it hasn't been used in several years now). I'm typing this reply on a Mac. But if you're going to make comparisons, let's be intellectually honest and make valid ones.

Re:The relevant bits

[WeatherGod]

I'll bite

A) Windows A1- look for the doc A2.1- click the "run command" taskbar item A2- type regedit A2.2- supply credentials (assuming proper security setup) A3- change the key as indicated Done !

B) Linux B1- look for the doc B2- open a terminal B3- sudo B3b- type in credentials B4- open the file B5- edit as per doc, being careful of where you add your line, misspellings

that's already a few more steps and more possible mistakes... but now the real fun begins:

Additions mine... Let's be fair when discussing these comparisons. First off, you have to find the documentation regardless of a windows or Linux system. You can't just say that someone will hand you the docs in one situation but you have to hunt in another. Next, opening a terminal is just as easy as clicking (or having a keyboard shortcut), and in windows, you also have to click somewhere to enter the regedit command. I would also hope your system is set properly that modifying the registry requires authentication.

Next, you talk about making sure you place some particular option in exactly the right place with the right value. First, most configuration files don't care about order. Many follow the .ini approach. Second, good configuration files should come loaded with comments and examples. For example, the apache and sendmail configs are chock full of information. Personally, I have found the descriptions in regedit to be fairly limited.

Don't get me wrong, there are definite benefits to a centralized registry system, but I think that there are pros and cons to both approaches, and I lean towards the linux approach.

B6- find out the doc was only good for Horny Huckster (which is 9.7), you have 10.5 (which is ... Priapic Prong ? maybe), look again B7- don't find any doc you're 100% sure is germane to your setup/issue

Lastly, while documentation for open source projects can definitely be a weakness, (although programs on windows aren't completely immune to this criticism) getting the wrong version of the docs is a pebkac issue. If the man pages don't have the info you need, the distro should have the docs available for your version, or the project's website should have the docs for your version. Checking the docs' version should always be the first step.

Re:The relevant bits

[ToasterMonkey]

My issue with the registry is it's lack of comments and relatively non-intuitive naming scheme. Even gconf-editor in gnome which reminds me a lot of regedit has comments. When I want to configure something textually, I just go to my home directory in the file manager, and look around for a file that is named something similar to the program I want to configure excepting being preceded with a "dot", i.e., a dot file and that's it. Just edit that file. It will probably be liberally commented so it's really not that hard to figure out what you're doing. For system wide config, look in the /etc directory. Same deal just without the dots.

Making it more user friendly is sort of against the whole point. It's an interface designed for programatic manipulation, like XML for example.

Your problems should be addressed with online documentation in the application layer, not in the backend configuration store which should be clean and concise for programatic access. The behavior of a setting will depend on the version of application code you're running, and face it, the documentation you get is going to be targeted at developers wherever you actually find it, because these interfaces are not designed for end users.

If a program leaves end users to deal directly with configuration data, it is just broke. For every XML/registry complaint I hear, I can find one application that _fails_ at usability.

Re:The relevant bits

[DrBoumBoum]

And then you have to use vi, which is in itself a whole different world of pain. Good luck! ^Z^Z Shit how does this fucker work?! ^C quit exit ESC ** CARRIER LOST%%:.,*$£$$$

Re:The relevant bits

[MightyMartian]

Not to mention you can't do search-and-replaces, pipe the registry through other utilities to make more advanced changes, easily back up and restore major changes and actually view an entire app or daemon's config in a single plane as opposed to annoying trees that only obfuscate and complicate config changes.

I realize the registry can store binary blobs, but I'd argue that the file system is a much more efficient place to store such data, which is why I'm general not in favor of large binary blobs in any kind of database.

The registry is a very typical of the Microsoft way of doing things; overly complex with way too much stuffed into it that could be done better in other ways. I absolute hate the difficulty of backing up and restoring registry sections, particularly since .reg files are essentially merged into the existence structure, rather than replacing it.

Re:The relevant bits

[oakgrove]

Making it more user friendly is sort of against the whole point. It's an interface designed for programatic manipulation, like XML for example.

That should only be true if I never have to access the registry at all. This story is about a configuration that can only be changed by editing the registry or clicking on a .reg file that directly manipulates said registry. Your point falls flat.

Re:The relevant bits

[internettoughguy]

Saying the windows registry is a "central mechanism for configuring OS directives", is like saying that dumping all your papers in the middle of your office floor is a centralized filing system.

Re:The relevant bits

[NatasRevol]

System Restore is a tool that says Windows fucks up a lot and needs a lot of help.

Re:The relevant bits

[Culture20]

Son, vi is the VIsual version of ed, the line EDitor. Try editing files with ed for a while and you'll think vi is so user friendly that you'll play first person shooters with hjkl.

Re:The relevant bits

[Fwipp]

You need Google to figure out what file might have the proper setting under Linux, but you know
"REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet /v EnableActiveProbing /t REG_DWORD /d 0" without looking it up?

Worse on Apple

It's even worse on iPad ::

Even with push notification/email/find my ipad feature turned off, it still try to connect to any known WIFI network or 3G network behind your back. (Ever wonder why you always get your wifi connection instantly right after waking it up?) You can't disable it unless you put it on an airplane mode.

Microsoft is still a bit better than Apple here. With Microsoft you can change the ping URL, the same can't be said for iPad.

iPad is the ultimate spyware.

Re:Worse on Apple

[theurge14]

So what you're saying is the iPad will search for a Wi-Fi network when you have Wi-Fi enabled, and it will stop searching for one when you turn Wi-Fi off and/or Airplane Mode on?

What exactly is the problem?

Re:Worse on Apple

So it connects to the Wifi networks you've previously setup - and you can easily tell it not to on a per-network basis. You can also easily turn off Wifi and/or 3G, independent of Airplane mode. What exactly is the problem here? You've described how pretty much every Wifi-enabled device works.

This article is about something else - not how Microsoft connects to Wifi routers, but how it decides if you have an "Internet connection" or not - in other words, does the router you're connected to actually provide access to the public Internet. I don't find a big problem with how Microsoft does this - it's fairly convenient, and for those of us who don't want this it's possible to deactivate it.

Re:Worse on Apple

Sorry, I wasn't clear enough.

When all the whizzbang feature turned off and iPad is sleeping, I do not expect it to even attempt to connect to anything. In case of iPad, it does. Not only that, it also ping some IP address that resolves to *.apple.com regularly. My router log & wireshark confirms that.

iPad/iPhone also have similar feature with MSFT feature mentioned in the article. After you get DHCP lease from your wifi network, iDevices won't consider itself connected to wifi network until it can ping a server (apple.com?) on the internet. A wifi (fan) icon won't appear until then. If it encounters a captive portal, then a portal is popped up automatically.

The bottom line is that Apple is using the same technology mentioned in the article PLUS pinging Apple regularly behind your back.

Re:Worse on Apple

[FlashBIOS]

I don't think you had all the things shut off that you think you did. For example, did you turn off Ping (Apple's social network wannabe, not anything ICMP related)?

http://www.geek.com/articles/apple/how-to-shut-off-ping-and-increase-battery-life-with-ios-4-3-20110321/

There's many of these first-party services, and countless third-party that could be involved. I won't pretend to like it (I don't at all, I too want my devices to fully sleep). But I also won't pretend that it is worse. Especially as a ping (ICMP this time) is unable to transmit anything remotely close to what Microsoft's HTTP method of checking network availability could.

I use a similar shellscript

[GameboyRMH]

On my N900 I made a similar shellscript that outputs to a desktop widget. It tries to fetch Google.com using the domain name and via a static IP, and based on that it can tell me if the connection's totally dead, uses a captive portal, has bad DNS, or if it's a good working connection. Very handy for mooching off unsecured and public wifi. I just click a widget and know all about the connection I'm on.

This is a good thing

[artor3]

Seriously, I know it's hip to hate MS, but why pretend that this is spyware? It's a very nice feature. Whenever I'm traveling and trying to connect to my company VPN from a hotel or airport or restaurant or whatever, it lets me know immediately if I need to open my browser to do so. Back in the XP days, I would just spend a few minutes wondering if I mistyped the WPA key before figuring it out.

It's not like there's any personal info being transmitted. All they know is that a computer running W7 has connected to the internet with a given IP address. Not exactly the most useful information. The logs are probably only kept to help them debug the service.

You laugh at people who get tricked by those "Your computer may be broadcasting an IP address!" malware banners. Why complain about this?

Re:So what...

[causality]

http://discussions.apple.com/thread.jspa?messageID=9752344&tstart=0#9752344
http://www.apple.com/library/test/success.html

those who have privacy concerns for this , no doubt happily use an iphone all day long....

They can't possibly just have a privacy concern you either agree with, disagree with, or don't care about. No, no, no that's not how we do things around here. There has to be something wrong with them too. We're trying to imply that there has to be some flaw, something wrong with someone who takes a pro-privacy position.

Your suggestion that they'd happily use another device with privacy concerns of its own would mean they're hypocrites. Yes, that will do. We'll matter-of-factly portray pro-privacy as the position of hypocrites. The very best thing about this is that it's all about emotional appeal so it's difficult to reason against it.

So difficult, in fact, that sooner or later you'll start sincerely spewing the same bullshit yourself. 'Course you won't have much time left for actually explaining why you disagree with a pro-privacy position, but for you I suppose that has its advantages. Ad hominems are great fun, aren't they?

Re:Windows

[SpectreBlofeld]

Are you serious? All you have to do is look at his posting history to determine that he is in fact probably *not* an astroturfing shill. Paranoid much?

That said, I thought this was obvious. The very first time I got that 'no Internet access' message, I reasoned that Windows had to determine this by connecting to a known server, certainly a Microsoft one. It's the same troubleshooting step that I take myself when diagnosing a connection failure - I login to the router and use its tools to ping google or something (to eliminate computer configuration problems).

This shouldn't be surprising, or particularly important.

privacy concerns? they know your IP from updates

[Joe+The+Dragon]

privacy concerns? they know your IP from windows update!

Re:First thing I do when I bootup

[RoFLKOPTr]

- open task manager - goto processes - kill any programs that I don't need (like Compaq Assistant, Adobe Launcher, etc) - kill any services I don't need - make explorer High priority

It frees RAM and makes the computer run faster (less hard drive swapping). Hopefully this internet "IP recorder" service is one of those things I kill off. Although now that I know how to do it permanently, I'll do that instead.

Spoiling mod points to call you an idiot.

Start > Run > MSCONFIG

Turn off the programs and services you don't need so you don't HAVE to kill them every time you boot up, and making Explorer high priority isn't going to really do much for you.

This "IP recorder" thing is just your computer testing for an active internet connection by actually running a real DNS query and actually contacting a real server somewhere rather than assuming your internet works because the interface is up.

Re:privacy concerns? they know your IP from update

[atomicbutterfly]

Shush! Don't inject logic into the discussion - let the zealots show the world how paranoia and hate infects the Linux world. After a while you realize why ordinary people don't want to use Linux if there's a risk of becoming one of these losers.

Re:WHAT!

[The+MAZZTer]

On the other hand, it's a built-in way for you to track your laptop if it's ever stolen...

Privacy conerns?

I'm all for privacy, but what is the concern with this feature? Nobody has said that it includes any identifying information in the request, so the only thing Microsoft knows is that someone behind that IP is running Windows. They can't track you (there's no way of knowing that a request the next day from a different location is from the same copy of Windows) and there's no way to map a request to a particular person or computer, so I'm struggling to think of any way the data could be used maliciously.

Mod Parent FUD.

[VortexCortex]

My Grandma uses Linux. I installed it for her, yes, but I wouldn't expect her to install Windows or any OS for that matter. I didn't have to touch the CLI to install it. I enabled auto-updates, showed her how to "open the Internet", and where the "app store" is. It's been 2 years. She "accidentally" upgraded to the next LTS release by herself, with no CLI -- A single button click...

My Brother, Uncle & Aunt all use Windows. In the same space of time, They've each gotten infected with malware at least twice, some more than others. Two of them have shelled out cold hard cash for Win7 because "it's more secure than Vista", had to take the computer to a technician to do the "upgrade" for them, and both of them have been infected with malware on for Win7.

Grandma tried to use my Uncle's computer -- She said, "Can you make the mouse less shaky, dear, I have shaky hands and I end up making the files disappear" (she means accidentally dragging them into adjacent folders) -- Gnome has drag & drop threshold... My Uncle's OS's window manager doesn't... her response: "Well, just turn it off and on again and go into the Linux." -- She was a bit upset that my Uncle B. didn't have "the Linux"... "Well why don't you have it? It doesn't cost anything, and the whole screen can zoom in when it's hard for me to read..."

She has a point -- it is free, why not have a dual boot just in case the other OS gets hosed?

My 75 year old neighbor started using Linux last year. He couldn't use a CLI to save his life. Same story as my Grandma -- Now they call me to shoot the shit, not guiltily ask me to remove malware -- My brother and uncle have both asked me to install Linux on their computers at the father's day family get together.

Please -- Stop spreading FUD. If these barely computer literate people can use Linux just as well as they can use Windows, I don't see what all the fuss is about.

Re:Mod Parent FUD.

[westyvw]

I dont know what planet you are on, seriously. Did you just Gentoo or something? My family use linux, the kids have always had it, the eldest always had a choice of windows or linux, but got sick of me having to fix windows, and the wireless never worked right.
My friends use Linux, or dual boot. Its always, and I mean always, windows that I have to support. For the past 4 or so years the Linux boxes just work. I dont mess with them, they install software, play games, do their homework, take their pictures, make videos whatever. Sound, Video, and Wireless work. I just got a new laptop, I came home to see my sig other printing. I asked her how was it to set up the printer. She said, I dunno, I just plugged it in. (usb, she doesnt even know what its called). The was no driver to get, no setup nothing. It just worked.
Yes there are issues in free software world, but less then in windows in my experience, and everybody I know who gets used to it and really doesnt miss windows at all.

Re:Windows

[RightSaidFred99]

I always wonder when one of you idiots is going to pounce on some pro-Linux post and accuse the poster of being a shill so everyone can see how perceptively cynical you are. I expect I'll be waiting a while.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Don't Firebox and Thunderbird call home?

[PhrstBrn]

The distros turn this behavior off. On Debian and Ubuntu, Firefox, Thunderbird, and VLC have their self-autoupdate disabled (and is non-trivial to enable). If you download the standalone binary and install it yourself, it has the autoupdate feature turned on. Same for Windows.

All 3 programs have a checkbox to turn that feature off if you really think it's intrusive to your privacy.

Re:privacy concerns? they know your IP from update

[canajin56]

And also, since Windows XP, Windows has come with an NTP client on by default, set to their time server. So they've been "spying" on your IP address for a long time!

Useful for stolen laptop recovery

If you customized the url to your own personal server this could be very helpful in tracking down a stolen laptop.

Re:Windows

[RightSaidFred99]

You do know there are companies that sell Linux products, including Linux support, right? You can shill anything that makes someone money. Shit, you can shill free stuff you developed for ego gratification if you really want.