Forgot your password?
typodupeerror
Microsoft Privacy

Examining Microsoft Update 805

Posted by michael
from the policy-of-no-privacy dept.
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
This discussion has been archived. No new comments can be posted.

Examining Microsoft Update

Comments Filter:
  • Haha (Score:5, Interesting)

    by mao che minh (611166) on Wednesday February 26, 2003 @10:03AM (#5386402) Journal
    Remember the little "No information is being sent to Microsoft at this time...." message during updates? Wait, why am I laughing?
    • Re:Haha (Score:5, Funny)

      by duckpoopy (585203) on Wednesday February 26, 2003 @10:13AM (#5386502) Journal
      Their defense: The information is sent right before this message appears.
    • Re:Haha (Score:5, Insightful)

      by Ian Wolf (171633) on Wednesday February 26, 2003 @10:13AM (#5386507) Homepage
      A cow-orker of mine actually argued with me one day that "No Information" really meant nothing, nada, zilch was sent back to MS.

      I should have taken him out back and beaten him with a frozen salmon. Hello!? How do they know what patches you need if they can't look at your system and tell their servers what you've already got.

      The fact that the program takes the time to rifle through the system is of no surprise to me. While, I think the practice stinks it hasn't stopped me from using the service though. Given the choice between MS finding my installation of UT2003 or some script kiddie looting my system, I'll choose the former.
      • Re:Haha (Score:5, Insightful)

        by AyeRoxor! (471669) on Wednesday February 26, 2003 @10:17AM (#5386538) Journal
        "I should have taken him out back and beaten him with a frozen salmon. Hello!? How do they know what patches you need if they can't look at your system and tell their servers what you've already got."

        They could send a complete list of available patches to your system and let the client running on your computer pick which ones are neccesary, without microsoft ever knowing what software you have installed. Granted, they could deductively determine what hardware you use based on what patches you then request, but since you can only download patches for microsoft software, the best they could do would be to determine what hardware and microsoft software you currently have installed.
      • Re:Haha (Score:4, Redundant)

        by squiggleslash (241428) on Wednesday February 26, 2003 @10:25AM (#5386620) Homepage Journal
        Hello!? How do they know what patches you need if they can't look at your system and tell their servers what you've already got.
        Quite easily, IF they wanted to be bothered. Instead of the server deciding what to download, you have a program on the computer do it.

        The process would look something like:

        1. Client downloads latest Update Management Software + Config File from server
        2. Client runs Update Management Software.
        3. UMS determines what patches are needed from inbuilt logic and information in configuration file
        4. UMS downloads and applies relevent patches
        The system isn't fool proof. It may be possible for someone operating a system this way to determine what software you're running from the nature of the patches downloaded, especially if all patches are downloaded from one source. This can, to some extent, be reduced by bundling patches together so that someone running one of eight different programs or with one of nine different hardware devices attached, downloads a file with the patches for all problems associated with these eight programs or nine devices. But that requires honesty and integrity on the part of the operator of the Update service.

        The allegation that Microsoft doesn't do this, and lies to users by claiming it does, is quite damning. There's no need for Microsoft to get this information in order to provide the advertised service, and it should be able to stand by its claim that it does not get that information.

        • Re:Haha (Score:3, Interesting)

          by Zocalo (252965)
          Frankly, I've always wondered why they didn't adopt this approach in the first place. Not only would it have avoided all the issues with privacy that people get all worked up about, but has the potential to be extended to third party apps too. All you would need is a local database of vendor/server(s) to tell the local client which server to go to for your updates which could be ammended by any software during it's install process. There is an issue with re-pointing a vendor's update server to another offering a trojan disguised as a patch, so you'd need a security mechanism, but apart from that...

          Hell, since this is Microsoft we're talking about, they could have even *sold* the back-end update server software to the third parties and made a few more dollars for Bill to roll around in.

        • Re:Haha (Score:3, Insightful)

          by pmz (462998)
          The process would look something like:

          1. Client downloads latest Update Management Software + Config File from server
          2. Client runs Update Management Software.
          3. UMS determines what patches are needed from inbuilt logic and information in configuration file
          4. UMS downloads and applies relevent patches


          XEmacs does exactly this! It works pretty well from what I've seen.
      • Re:Haha (Score:5, Informative)

        by Gunzour (79584) <<slashdot> <at> <tycoononline.com>> on Wednesday February 26, 2003 @10:27AM (#5386632) Homepage Journal
        You cow-orker was right. When Microsoft Update said "No information is being sent to Microsoft", no information -- at all -- was being sent to Microsoft. The update server sent your computer a list of available updates, and code ran on your computer which determined which ones were necessary.

        Microsoft Update no longer says "No information is being sent...", which is what this article is about.
    • Re:Haha (Score:5, Informative)

      by skinfitz (564041) on Wednesday February 26, 2003 @10:29AM (#5386663) Journal
      Remember the little "No information is being sent to Microsoft at this time...."

      The more astute amongst you may have noticed that the "No information" message has not been there since Win2kSP3 came out.

      Now it says this:

      Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you.

      Which essentially means that so long as they don't take an email address or phone number they can take what they want.
      • Re:Haha (Score:3, Interesting)

        by sckeener (137243)
        None of this configuration information can be used to identify you.

        They might not be able to identify you, but they can identify the machine at least for XP. Since XP requires registration, I'd say they know your machine and who paid for XP to go on there.

        I wouldn't be surprised if at some later date they claim this is for the catch all 'security reasons.'
  • by SUB7IME (604466) on Wednesday February 26, 2003 @10:04AM (#5386408)
    Is this not a complete breach of the TOS that Microsoft offers when you sign up for Windows Update?

    If not, it's at least a huge breach of trust, and users should not stand for it.
    • Has anybody actually read the policy [microsoft.com]? If you read it it doesn't really sound like they've done anything they said they wouldn't.
    • Microsoft merely states that they do not send any PERSONAL information. As I see it, having them receive an inventory of what is installed on the machines helps greatly with statistical analysis for errata. If they send data about whats installed but you're anonymous, what difference does it make? Its not like they're tracking webclicks or personal information.
  • Makes sence (Score:5, Funny)

    by Anonymous Coward on Wednesday February 26, 2003 @10:04AM (#5386411)
    Trying to figure what other companies they should push out of business.
    • Re:Makes sence (Score:3, Insightful)

      by ReelOddeeo (115880)
      Trying to figure what other companies they should push out of business.

      This should not be modded Funny. This is serious.

      BillG: Look, everyone has Acrobat Reader, we need to develop XDoc.
      Everyone has some SimXXX game, we need to develop Zoo Tychoon.

      Business as usual. Take advantage of monopoly position of control. Discover what anyone else might be doing that is popular. Develop a competing product. Give it away, or bundle it into OS.
  • by sys49152 (100346) on Wednesday February 26, 2003 @10:05AM (#5386418)
    The original article is, unfortunately, pay-per-view.

    How can we comment, if we can't read the article?

    Oh, wait...

  • by adzoox (615327) on Wednesday February 26, 2003 @10:05AM (#5386423) Journal
    I wonder what Virtual PC sends, whether it sends only the info in the Windows Drive image or everything on the Mac.

    This may also be an alterior motive to Microsoft buying Virtual PC from Connectix last week. They want this same data from Mac Users. I imagine if it's not there then it will be added to read all partitions mac/Linux/PC

    Knowing what your customers have on their hard drives is sensitive corporate data. Basically, you know the Hot or Not Programs in the industry and then develop programs based on their hard drive residency!

    • This is a Virtualized PC -- all it sees are the hardware components emulated by the host operating system.

      This is akin to saying that VMWare can somehow tell my that I have an SB Live! -- it can't. All it knows is that it has SB16 emulation inside, and that it writes the output of that to /dev/dsp.

      This is pure paranoia talking. Perhaps you should invest in more aluminium for your head.
  • by RichMan (8097) on Wednesday February 26, 2003 @10:06AM (#5386428)
    According to the EULA for the latest versions of the OS Microsoft has the right to read any data you have stored on a computer which runs the OS.
    Theoretically this includes data dumps of hard drive formats which the OS does not even support.
    • Well yeah, they're going to make sure they cover their arses.
      I thought this sort of outrage was already covered by the change in TOS brought in by WinXP SP1? (i.e. we will take whatever info we want from your machine, and if we don't like it we'll lock you out.)
    • by Ezrem (559493) on Wednesday February 26, 2003 @10:12AM (#5386494) Homepage
      And where did you find that piece of info?

      Direct from About Windows Update :

      Windows Update Privacy Statement (Last Updated 10/15/2002)
      Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

      * Operating-system version number
      * Internet Explorer version number
      * Version numbers of other software for which Windows Update provides updates
      * Plug and Play ID numbers of hardware devices
      * Region and Language setting
      The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.

      Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.

      To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.

      Hardly "We can scan your computer for any information we want, and there's not a damned thing you can do about it!" as you've implied.
      • by leviramsey (248057) on Wednesday February 26, 2003 @10:20AM (#5386565) Journal

        Read the parent comment.

        This isn't Windows Update he's talking about, it's the EULA for recent versions (XP, IIRC) of Windows.

      • by malfunct (120790) on Wednesday February 26, 2003 @10:26AM (#5386625) Homepage
        I'm not defending microsoft here but nothing in the blurb that you posted says that MS won't collect the list of software on the machine. To play devils advocate its pretty easy to say that the installed software is part of the configuration information on the machine. Further it makes some sense how this is useful in picking which patches are presented to you. If there is a patch in windows update that fixes a bug that affects 1 software package in the world that 1% of users use then wouldn't it be useful to scan to see if that is installed and only present the patch to the 1% of users that need it. Especially given that many bug fixes cause bugs in other software that relies on the broken behavior or some kludgy work around.
      • by mrpuffypants (444598) <{mrpuffypants} {at} {gmail.com}> on Wednesday February 26, 2003 @10:28AM (#5386651)
        notice, however, that it says it includes that information...that can very well just be a part of what they are collecting, and the only part they are telling you about.
      • by sammy baby (14909) on Wednesday February 26, 2003 @11:14AM (#5387038) Journal

        And I quote:

        Warby -- who is the chief information officer at Seattle Metropolitan Credit Union -- believes that the terms for the end user license agreement (EULA) for Microsoft's Windows 2000 Service Pack 3 (SP3) and XP Service Pack 1, might well put the credit union in violation of new federal privacy laws... To use the "auto update" feature, according to the Microsoft Windows 2000 SP3 license, "it is necessary to use certain computer system, hardware, and software information..." By using these features, users authorize Microsoft or its designated agent to access and utilize the necessary information for updating purposes."

        Full article can be found here [internet.com].

      • by aug24 (38229) on Wednesday February 26, 2003 @11:28AM (#5387181) Homepage
        Clearly YANAL (You are not a lawyer)!

        Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

        If a lawyer writes "this information includes...", then that's exactly what they mean. They don't mean that it is a complete list; there may be other stuff that they're not explicitly telling you about.

        Justin.

    • by gmuslera (3436) on Wednesday February 26, 2003 @10:14AM (#5386515) Homepage Journal
      The EULA also says that they can delete what they want (at least what they say that violates DRM, and their sofware is not know to be very intelligent), and have others that says something like they own all what you transmit thru they servers...

      In fact using their software (and then accepting the EULA) is like simply close your eyes and pray that the big depredator which is in front of you isn't hungry right now, and will not be all the long time you be there.
  • /Tin Foil Hat Off (Score:5, Insightful)

    by GLX (514482) on Wednesday February 26, 2003 @10:07AM (#5386442) Homepage
    The reason why it sends info about other applications (and third party drivers for that matter) is so that they can attempt to be a single-source vendor of patches if needed.

    While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.
    • by Atzanteol (99067) on Wednesday February 26, 2003 @10:15AM (#5386526) Homepage
      But why must this be done on the server, and collected at Microsoft? Can't the client download a list of what MS has for updates, and decide what the local system has?
    • by Com2Kid (142006)
      • While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.


      Driver updates? No problem.

      SOFTWARE updates? Uh. Problem.

      Windows Update is responsible for updating my SYSTEM, thus the term Windows update, not "universal software updator" or some other such silly name.

      Besides, last time I let Windows Update update my drivers it replaced my Matrox G400 driver with a French G400 driver that refused to be uninstalled. . . .
  • but (Score:3, Funny)

    by mrpuffypants (444598) <{mrpuffypants} {at} {gmail.com}> on Wednesday February 26, 2003 @10:08AM (#5386444)
    i'll bet it totally gets confused if WinXP iteslf is pirated in the first place =]

    along with Office and just about everything on the computer..oh well...I guess the police outside are for me
  • Check out the rest (Score:5, Informative)

    by joshmathis (15461) on Wednesday February 26, 2003 @10:08AM (#5386446) Homepage
    Here is the rest of the article, in PDF format. I'd suggest grabbing it and mirroring as soon as possible... this one won't hold up too long.

    http://home.byu.net/~btc25/WindowsUpdate.pdf [byu.net]

    One of the more interesting parts deals with how Microsoft can tell the difference between product keys they generated and those done with a keygen.
  • by Reinout (4282) <reinout@vanrees. o r g> on Wednesday February 26, 2003 @10:08AM (#5386454) Homepage
    Nice claims, but we the free part of the article doesn't show any actual examples of data that's transmitted. At least not data apart from some generic xml tags.

    Any easy way to verify this ourself?

    I'm suspecting their claim is true, but I'd like to see the data...

    Reinout
  • by Jack William Bell (84469) on Wednesday February 26, 2003 @10:08AM (#5386456) Homepage Journal
    Although I often semi-sorta-half-hearted-defend Microsoft when people make unsupported categorical statements or otherwise speak mindlessly, I am also willing to speak out against them when they are wrong. As in this instance.

    I would have to do some research, but I believe this might violate their own privacy policy. Even if it doesn't, they really have no moral right to send any information about your system without letting you know what it is and giving you a chance to abort the whole thing. Yet I am unsurprised, in fact I expect every big company is doing this kind of thing when they can get away with it.

    Not that I am saying "Everyone is doing it, so what is the big deal?" My attitude is more "Let's stop this crap now!"

    So I have a suggestion -- someone should start an open source project to create a re-writing proxy for updates that strips out all the stuff Microsoft is sending in the updates, except what is absolutely needed. Make it open enough that we can plug it re-writers for other companies as well.
  • by erik1474 (566010) on Wednesday February 26, 2003 @10:15AM (#5386521)
    below from the M$ site... they tell you outright that they are collecting this info. What's the big deal?

    Windows Update Privacy Statement (Last Updated 10/15/2002)

    Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

    Operating-system version number
    Internet Explorer version number
    Version numbers of other software for which Windows Update provides updates
    Plug and Play ID numbers of hardware devices
    Region and Language setting

    The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
  • by neile (139369) on Wednesday February 26, 2003 @10:16AM (#5386529)

    Note: Windows Update does not collect any form of personally identifiable information from your computer. Read our privacy statement.

    Windows Update Privacy Statement (Last Updated 10/15/2002) Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

    • Operating-system version number
    • Internet Explorer version number
    • Version numbers of other software for which
    • Windows Update provides updates
    • Plug and Play ID numbers of hardware devices
    • Region and Language setting

    The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.

    Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.

    To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.

  • by cobyrne (118270) on Wednesday February 26, 2003 @10:20AM (#5386563) Homepage

    Client Info Schema [windowsupdate.com] and System Info Schema [windowsupdate.com].

    They appear to get a copy of your registry, as well as information like processor architecture, manufacturer, printer(s?) etc

  • by IamTheRealMike (537420) <mike@plan99.net> on Wednesday February 26, 2003 @10:21AM (#5386569) Homepage
    No, sorry, Microsoft doesn't collect lists of softare, not even the article says that. What it does say is that if they wanted to, they could locate what software you have by looking for registry keys or files specific to that app.

    In fact the article says the biggest privacy concern is the hardware list, which doesn't seem that big a deal to me.

  • by SatanicPuppy (611928) <`Satanicpuppy' `at' `gmail.com'> on Wednesday February 26, 2003 @10:24AM (#5386602) Journal
    What I want to know is why fricking Windows Media Player tries to "Phone home" all the time? That thing is harder to get rid of than the clap, and about half as useful. I have my firewall specifically tuned to stomp on it every time it opens its digital mouth.

    This is hardly a surprise, and definitely adds a good bit of weight to all those people who call Palladium the death of privacy.

    Just my 2.34539 yen worth.
  • uh-oh. (Score:5, Funny)

    by war3rd (650566) on Wednesday February 26, 2003 @10:26AM (#5386622) Homepage
    You mean they can see my Kenny G. pr0n screensaver?!?!?!?
  • by Anonymous Coward on Wednesday February 26, 2003 @10:26AM (#5386631)
    ... you'll see that - contrary to the Inquirer story - it doesn't include anything about 'installed software', with the exception of device drivers. No applications, no utilities - nothing that MS is likely to want to compete with, and indeed nothing that MS doesn't overtly mention in its own privacy policy.

    So what's the problem?
  • by cperciva (102828) on Wednesday February 26, 2003 @10:27AM (#5386639) Homepage
    I have to say that it's not nearly as scary as advertised. There are two complaints:
    1. The Windows Update tool sends to Microsoft a complete list of what hardware you have.
    2. If the Windows Update server claims to have an update available for product X, the Windows Update tool will check to see if you have product X installed, and report back to Microsoft.

    Well, *duh*. The only way to avoid doing this would involve downloading a complete list of all the updates available for every supported piece of hardware or software. Based on the size of the windows HCL, I'd guess that this would require tens of megabytes of bandwidth -- all so that Windows Update could pick out the half dozen entries which are relevant.
  • by Beetjebrak (545819) on Wednesday February 26, 2003 @10:42AM (#5386764) Homepage
    Here in Holland (I don't know the laws in the rest of the world too well) any contract that you sign which contains clauses that are illegal, is null and void. Any statement of MS having the right to download anything off MY computer would seem to me totally illegal and would probably void the whole EULA.
    I did read the EULA of the Dutch version of Win2K SP3 completely and never found any clause that would allow them to download anything off my PC without my consent.
    Sadly I'm stuck with Windows since I cant (yet) afford a mac to run Adobe apps on. When oh when will Linux/FreeBSD/X get decent colour management and ports of proper graphics apps like Illustrator, Photoshop and InDesign??? The GIMP is a nice toy, but it's hardly of any use for print production work. And KIllustrator and the like are simply a laugh too for any real work.. The Linux/BSD vs. Windows ratio is now 4:1 in the favor of the free, but I'd like to get rid of Windows altogether. Give me my killer graphics apps!! I'll even pay for them! ;-)
    Saving up for that Mac in the mean time..
  • Story is incorrect (Score:5, Informative)

    by doug363 (256267) on Wednesday February 26, 2003 @10:49AM (#5386817)
    According to the (full) article, Windows Update sends a list of hardware installed on your system, but not a list of software. Version numbers for Windows stuff, like IE, are sent, but not any info about other software on your compouter.
  • by greygent (523713) on Wednesday February 26, 2003 @10:51AM (#5386826) Homepage
    To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.

    Yes, we don't not track you.

    Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways.

    Despite loving many Microsoft products and the line of NT OS'es, I wouldn't trust Microsoft as far as I could throw them.
  • by ites (600337) on Wednesday February 26, 2003 @11:27AM (#5387163) Journal
    The Devil came to Redmond, looking for some souls to steal,
    and there he met with Billy G, who was just about to make a deal.
    Said the Devil, "Hey Billy, you look bored, would you care to make a bet?"
    And Billy he smiled slyly, and said "Dude, there ain't a deal that I've missed yet."
    So the Devil took his keyboard and showed Billy his new game,
    Saying "I wrote this quick, in VB6, now see if you can do the same."
    Billy G, he just smiled his smile, and took the keyboard away,
    and said, "Devil, you're behind the times, and you clicked on the EULA,
    "Now you've run Windows Update, and your soul belongs to me."
    And the Devil knew he'd met his match, so he turned and tried to flee,
    But Billy G was much to fast, and he caught the Devil's long black cape,
    Saying, "Devil, stay and play a while, we have a whole wide world to rape."
  • by unfortunateson (527551) on Wednesday February 26, 2003 @11:28AM (#5387177) Journal

    First of all, the example data [tecchannel.de] sent is available free, as one poster above already listed. There's no software described there other than Windows itself.

    Second, the System Info Schema [windowsupdate.com], as posted by another above, is pretty explicit about what registry keys are available to be sent, and it's pretty tame.

    Frankly, I have no problem letting them know exactly what hardware I've got running. How can they harm me there? Perhaps a malicious hacker could grab this data and find ways to abuse my network card? Pretty slim.

    Call me too open, if you will, but I'd be happy if it would let me know about other MS updates, such as Office, without having to also visit MS' office site. Update those automatically? Never. But it's much less convenient than the Windows Update site.

    I greatly doubted that it would be sending large quantities of personal data, because it just doesn't take that long. The ones to worry about are the virus scanners, that take the time to examine every freakin' file.

    In summary:

    • They're not sending your entire hard drive
    • They're not sending your entire registry
    • They're not sending a full software inventory
    • They're probably gathering a little more than they need
    • They're probably not doing anything with it (yet)
  • by phasm42 (588479) on Wednesday February 26, 2003 @11:43AM (#5387278)
    There are a lot of people in this thread that realize that WU does NOT send a list of all software installed, but they are being drowned out by the highly rated comments about the evils of MS. The "software list" is actually a list of drivers installed, which is fine, because MS will post updated drivers for you to download. It should also be noted that one of the articles posted is from the Inquirer, the same people who predicted hell on earth in y2k, and believe in tinfoil hats.
  • by MadCow42 (243108) on Wednesday February 26, 2003 @11:48AM (#5387336) Homepage
    HKEY_LOCAL_MACHINE\Software\IllegalMicrosoftStuff\ BillGatesVISAnumber\8605412399653153

    HKEY_LOCAL_MACHINE\Software\MSKillerVirus\Launch Da te\2003.06.21

    HKEY_LOCAL_MACHINE\Software\Linux\"format c:\; install Linux" .... hey, why not have some fun with it? q:]

    MadCow.
  • *ahem* (Score:5, Interesting)

    by vmfedor (586158) on Wednesday February 26, 2003 @11:57AM (#5387434)
    Windows Update Privacy Statement
    (Last Updated 10/15/2002)
    Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

    Operating-system version number
    Internet Explorer version number
    Version numbers of other software for which Windows Update provides updates
    Plug and Play ID numbers of hardware devices
    Region and Language setting

    The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.

    Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.

    Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.

  • by Canabinol (184830) on Wednesday February 26, 2003 @12:07PM (#5387524)
    I use the Update Agent in RedHat almost on a daily basis - the RH Network knows absolutely everything about my setup (programs, modules, etc.) right down to what version of the Kernel I'm running - that way they can inform me of vulnerabilities and problems that I'm probably susceptible to as soon as there's an update available...it's a "good thing".

    Why is it that when Microsoft does this kind of thing, suddenly there's a more sinister motive behind it all?

    I don't hear anyone complaining about Redhat's privacy policies...
  • by EggMan2000 (308859) on Wednesday February 26, 2003 @12:37PM (#5387752) Homepage Journal
    First of all, nowhere in either article does it say that Windows Update is sent info on what software you have installed. The payper view article mentions that it does send hardware info, though. But we knew that via both the EULA, and the fact that this is the intended purpose, to update drivers for hardware and OS patches.

    Don't believe the alarmist titles to articles. Do you all fall into this trap with the evening news as well? "Tune in for the Radon discover that just might save your familyu's life."

    I know that you guys are smarter than this. Use your brains.

Unix is the worst operating system; except for all others. -- Berry Kercheval

Working...