April 12th, 2002, 09:09 AM
Trustworthy Computing my Ass!
I spotted this on TheRegister, full article can be found here
I'm again unsuprised that m$ is doing odd things under your very nose.
Win-XP Search Assistant silently downloads files
By Thomas C Greene in Washington
Posted: 11/04/2002 at 20:47 GMT
Just over a week ago, while searching for a file on a Windows-XP machine, I was surprised to see the Search Assistant attempting to activate my Internet connection. It puzzled me because I wasn't searching the Internet, only my local drive. I was busy with other things at the time, but I made a mental note to look into it soon, which I promptly forgot to do.
This morning, Reg reader Jody Melbourne rattled my cage, fresh from having made the same discovery. He'd noticed that the Assistant was establishing a connection with a machine at Microsoft.
"I did not give Microsoft permission to know what files I am searching for on my local hard-drive," Jody wrote.
Indeed, and neither had I. So I connected an XP box to my ISP, started a packet sniffer, and launched the Search Assistant. Sure enough, it immediately connected to http://sa.windows.com/ and fetched a number of files. But it didn't attempt to send any data to the site, beyond comparing my locally-stored versions of those files to the ones on the server.
But when I performed an Internet search, the Assistant sent my search terms to the Microsoft site, and also dropped a session cookie on my machine.
One of the files the Assistant fetches is the MS Search Companion privacy statement. This is done for P3P compliance. According to the statement, MS doesn't collect information about local searches. "No information is ever collected by Search Companion when you search your local system, LAN, or intranet for any reason."
I certainly didn't pick up anything to contradict that. But there is some obvious collecting when SA is used to search the Internet.
"When you search the Internet using the Search Companion, the following information is collected regarding your use of the service: your IP address, the text of your Internet search query, grammatical information about the query, the list of tasks which the Search Companion Web service recommends, and any tasks you select from the recommendation list."
"Search Companion does not record your choice of Internet search engine, and does not collect or request any personal or demographic information. Information collected by the Search Companion cannot be used to identify you individually, and is never used in conjunction with other data sources that may contain personal data."
Hopefully there aren't too many loopholes in that, though I rather think the user's IP can be considered personally identifying. However, MS tells us that the policy statement is out of date. IPs were logged for testing purposes during the XP beta period; but since the product launch, there has been no IP logging.
In addition to the privacy statement, the remaining files fetched are XSL (Extensible Stylesheet Language) stylesheets:
Users curious to know exactly what they contain can quite easily locate them on their local machine and have a peek. According to MS, they're simply used to maintain up-to-date associations between file extensions and file types, to make searching more productive.
I'm not acquainted with XSL, so I'm in no position to affirm that or to argue with it, but I'd be pleased to hear from readers who can shed additional light on the subject.
For now it appears that there's nothing here for users to worry about. But there is a question about MS playing fast and loose with people's Internet connections. Certainly, the minute one ventures onto the Web, one starts bleeding information all over the place, fetching images and ads and taking cookies from secondary and tertiary sources too numerous to mention.
But when we run an application for some local business like a file search, we don't expect it to connect silently to the Net, even for a good reason. When we discover something like this, it feels like someone else is in control of our computer, and that is definitely not a good feeling.
If Trustworthy Computing is going to mean anything, it's going to have to mean that actions like file downloads aren't going to happen without the user's knowledge and consent. A simple popup asking if one wants the latest XSL files with the options to decline, to be asked each time, or to grant permission to go ahead without further consultation is all that would be needed. ®
[glowpurple]M$ = Untrustworthy Computing[/glowpurple]
April 12th, 2002, 09:37 AM
To step out of the anti-microsoft mindset for a minute. I could almost see why they would do such a thing. They are 'simply' taking R&D to the extreme's. They want to keep ppl using windows, so they must see how user's ALL user's interact with their computer, to make it 'more' friendly.
Now to step back into normal mode.
God. I hate all this so-called friendly CRAP! Poofy looking windows, and animated animals, are not what i call, helping the user. Actually, the user does not need this so-called help from the operating system, they need education on how to use the computer.
April 12th, 2002, 11:39 AM
Totally agreed with gstudios.
I think the so called media should warn the public about this kind of stuff going on MS OS's and not (only) those stories when a script kiddy plays with tools they download, they start telling that crap about "hackers" taking down sites....
I'm no expert in the matter but, I know how the media can influence large amounts of people while they are being influenced by the large companys, politicians, etc the guys with the power and the big bucks....
All of this really sucks....
Ain't this a "beutifull" world to live in... bah!
April 12th, 2002, 01:36 PM
Ummm, this isn't surprising or unexpected. Microsoft admitted long ago that XP would constantly update itself. Like they said, it doesn't send any information on a local search, only internet search. They also admitted a LONG time ago that they collected information on internet searches. So does just about every search engine.
Oh well, that took a lot out of me. Guess I am done defending microsoft for the year. Just remember, 98 doesn't send info on a search at all. Neither does Linux
\"Ignorance is bliss....
but only for your enemy\"
April 12th, 2002, 02:47 PM
Slashdot also mentions this article, the full discussion (Slashdot's) can be found...
Well worth a look, the arguments stay the same, yes M$ have *****ed up, no M$ are doing nothing wrong (with potentially linking individual users with search queries).
An interesting read regardless.
I think the lesson to be learned is...
Read the Licence agreements (the devil is always in the detail!)
[glowpurple]M$ = Untrustworthy Computing![/glowpurple]
April 12th, 2002, 03:58 PM
1st things to do when Installing XP:
1) KILL THE DOG!
2) Remove anoying Task's.
3) Set to Classic Mode
4) Turn of ALL sound's
5) Plug all the holes
XP is nice and stable, but Anoying as hell when it come's t o some thing's...like every time something crashes. it Ask's if you wan't to send info, can't they make it learn the I DON'T wan't to send any thing!?
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
April 12th, 2002, 06:52 PM
XP nice and stable? I crashed it within 10 minutes of it being installed. And i wasnt even trying too! I gave it a second chance, a third chance, and a fourth chance. Stable my ass.
April 12th, 2002, 09:46 PM
I've crashed Mandrake 8.1 several times... Absolute hang. Had to use reset...
Though not as often as windows.
I'm sticking with 98 for the very reason that it isn't chock-full of 'enhancements' that I really am not directly told about nor need.
[HvC]Terr: L33T Technical Proficiency