Results 1 to 10 of 10

Thread: Windows Update sending private data to MS

  1. #1
    Banned
    Join Date
    Jul 2005
    Posts
    511

    Windows Update sending private data to MS

    "Windows Update sending private data to MS" quote:
    As it turns out, packet analysis is useless, as the stream is encrypted via Secure Sockets Layer (SSL). However, using an undocumented Windows feature, tecChannel was able to get around this and view the raw data. The results were alarming. Embedded in the data stream were lists of what software you have installed on your PC--and not just Microsoft products. Apparently the folks in Redmond can find out just what you've got installed on your PC, all without you ever knowing about it or explicitly consenting to it.
    Microsoft hasn't responded to this article yet.

    Apparantly, your privacy is in danger here...

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    That might not be as sinister as you think...............to apply selective updates you would need to know what you were supporting?

    As long as there is no personal identification data involved, does it really matter?


  3. #3
    Banned
    Join Date
    Jul 2005
    Posts
    511
    I wonder about that too. But if you installed Windows then you've probably registered your version too with Microsoft, providing name, address and email address to them. This information is related to the registration code of your Windows version and that code is most likely included too. So yes, it is possible that personal information is involved in this all.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Katja I take your point, however I ask you this:

    Given that a lot of machines are supplied by OEMs with the software pre-installed, I wonder just how many "Dell preferred customers" there are? not to mention stuff made by local computer shops.

    I can assure you that there is no requirement to register with MS.

    The same would apply to all the second user stuff out there, particularly ex-corporate.


  5. #5
    Banned
    Join Date
    Jul 2005
    Posts
    511
    Well, I myself happen to own a Dell and I vaguely remember providing registration information when I started my computer the first time. Later on, I installed XP over the old W2000 that was on it and provided more information. I also used MSN Messenger on my system for which I subscribed to MS, again providing more personal information. And I installed MS Office on my system too, which liked to know some information about me. At least they know the static IP number that I have and even that could be used to get more information about me, as the RIAA has proven in their 'John Doe' cases against P2P traders.

    You are right. I agree with you too. Of course you don't have to provide them your personal information but it does become pretty difficult to stay anonimous on your own system.

    I myself am not too worried, though. All the software I use has been paid for. And neither is my computer part of some corporate system. I just feel uncomfortable by the thought of Microsoft spying upon the software that I have installed on my system. As if someone is peeking while I'm under the shower or whatever. I tend to like my privacy.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Another thought, this is the way Windows has worked since Win95 at least?

    The registry, file associations, access paths etc.................I guess the information could well be "dumped" rather than deliberately solicited?

    Anyway, a lot would depend on how MS parsed the data. I cannot believe that in an organisation that size there would not be a "mole", disgruntled employee, ex-employee who would not have "blown the whistle" by now?


  7. #7
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    bleh..if you think this is a new thing you're wrong. This is no revelation. Microsoft has been doing it for years. Redhat does it for RHN as well. BFD if you ask me.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    For the Dells, at registration prompt, it tries to dial out on a modem, not the best way, so you select register later, and I have owned a few Dell's (lately not too proud of that now thanks to this stuff Spyware

    But each time I have opted to register later,(everybody registers their software later right?) and to date (since 2002) I have yet to register my OEM's to Microsoft, the only way MS knows I have it's OS is through the validation tool it now employes to weed out the pirated copies.
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #9
    Didn't this kind of stuff come up with previous versions of windows? even before windows update? For some odd reason I think i remember something like MS Media Player (early early version) phoning home for no reason.

    I wasn't able to quickly google what i'm thinking of, but here's one thing that popped up in a top 10:

    http://wired-vig.wired.com/news/tech...,18405,00.html

    Seems microsoft's been up to this stuff for awhile now. I know there's more, its just digging up 8 year old articles that are awashed in spyware this, spyware that, and stupid crap about retrieving DVD information. I'll see if I can dig up more, but Microsoft is big on the whole sending packets home concept. They've just gotten smarter about it.

  10. #10
    We were/are looking at deploying a WSUS staging server in our gateway environment that downloads patches from Windows/Microsoft Update and then our internal WSUS servers obtain patches from there.

    When we were investigating this, we asked our Microsoft account manager exactly what information the Microsoft Update Server stored. The attached PDF shows the response received from Microsoft.

    The Windows Update Privacy statement here says how they will use data they collect:
    http://update.microsoft.com/windowsu....aspx?ln=en-us

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •