Examining Microsoft Update

eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."

Surprise, surprise...

[stevenbdjr]

I mean really, did anyone actually think M$ only collected information about patches? It seems like any chance they get to know more about you, or your "computing habits", they're going to take it.

Complete Breach of Trust

[SUB7IME]

Is this not a complete breach of the TOS that Microsoft offers when you sign up for Windows Update?

If not, it's at least a huge breach of trust, and users should not stand for it.

I wonder what Virtual PC sends ...

[adzoox]

I wonder what Virtual PC sends, whether it sends only the info in the Windows Drive image or everything on the Mac.

This may also be an alterior motive to Microsoft buying Virtual PC from Connectix last week. They want this same data from Mac Users. I imagine if it's not there then it will be added to read all partitions mac/Linux/PC

Knowing what your customers have on their hard drives is sensitive corporate data. Basically, you know the Hot or Not Programs in the industry and then develop programs based on their hard drive residency!

EULA says they can take what they want

[RichMan]

According to the EULA for the latest versions of the OS Microsoft has the right to read any data you have stored on a computer which runs the OS.
Theoretically this includes data dumps of hard drive formats which the OS does not even support.

/Tin Foil Hat Off

[GLX]

The reason why it sends info about other applications (and third party drivers for that matter) is so that they can attempt to be a single-source vendor of patches if needed.

While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.

No verification possible...

[Reinout]

Nice claims, but we the free part of the article doesn't show any actual examples of data that's transmitted. At least not data apart from some generic xml tags.

Any easy way to verify this ourself?

I'm suspecting their claim is true, but I'd like to see the data...

Reinout

And I should be surprised why? Also, a suggestion.

[Jack William Bell]

Although I often semi-sorta-half-hearted-defend Microsoft when people make unsupported categorical statements or otherwise speak mindlessly, I am also willing to speak out against them when they are wrong. As in this instance.

I would have to do some research, but I believe this might violate their own privacy policy. Even if it doesn't, they really have no moral right to send any information about your system without letting you know what it is and giving you a chance to abort the whole thing. Yet I am unsurprised, in fact I expect every big company is doing this kind of thing when they can get away with it.

Not that I am saying "Everyone is doing it, so what is the big deal?" My attitude is more "Let's stop this crap now!"

So I have a suggestion -- someone should start an open source project to create a re-writing proxy for updates that strips out all the stuff Microsoft is sending in the updates, except what is absolutely needed. Make it open enough that we can plug it re-writers for other companies as well.

Predictable

[Rik Sweeney]

Come on, be honest. Who's genuinely suprised by this?

Re:EULA says they can take what they want

[Nursie]

Well yeah, they're going to make sure they cover their arses.
I thought this sort of outrage was already covered by the change in TOS brought in by WinXP SP1? (i.e. we will take whatever info we want from your machine, and if we don't like it we'll lock you out.)

Re:Haha

[Ian Wolf]

A cow-orker of mine actually argued with me one day that "No Information" really meant nothing, nada, zilch was sent back to MS.

I should have taken him out back and beaten him with a frozen salmon. Hello!? How do they know what patches you need if they can't look at your system and tell their servers what you've already got.

The fact that the program takes the time to rifle through the system is of no surprise to me. While, I think the practice stinks it hasn't stopped me from using the service though. Given the choice between MS finding my installation of UT2003 or some script kiddie looting my system, I'll choose the former.

Duh

[IAmRenegadeX]

Assuming "nothing is sent" is about as smart as checking that "trust everything from microsoft.com" checkbox for the activeX control Windows Update downloads. You'd have to be a quart short of an oil change to do either.

Re:/Tin Foil Hat Off

[Atzanteol]

But why must this be done on the server, and collected at Microsoft? Can't the client download a list of what MS has for updates, and decide what the local system has?

Re:Haha

[AyeRoxor!]

"I should have taken him out back and beaten him with a frozen salmon. Hello!? How do they know what patches you need if they can't look at your system and tell their servers what you've already got."

They could send a complete list of available patches to your system and let the client running on your computer pick which ones are neccesary, without microsoft ever knowing what software you have installed. Granted, they could deductively determine what hardware you use based on what patches you then request, but since you can only download patches for microsoft software, the best they could do would be to determine what hardware and microsoft software you currently have installed.

Re:/Tin Foil Hat Off

[Com2Kid]

• While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.

Driver updates? No problem.

SOFTWARE updates? Uh. Problem.

Windows Update is responsible for updating my SYSTEM, thus the term Windows update, not "universal software updator" or some other such silly name.

Besides, last time I let Windows Update update my drivers it replaced my Matrox G400 driver with a French G400 driver that refused to be uninstalled. . . .

Re:EULA says they can take what they want

[malfunct]

I'm not defending microsoft here but nothing in the blurb that you posted says that MS won't collect the list of software on the machine. To play devils advocate its pretty easy to say that the installed software is part of the configuration information on the machine. Further it makes some sense how this is useful in picking which patches are presented to you. If there is a patch in windows update that fixes a bug that affects 1 software package in the world that 1% of users use then wouldn't it be useful to scan to see if that is installed and only present the patch to the 1% of users that need it. Especially given that many bug fixes cause bugs in other software that relies on the broken behavior or some kludgy work around.

Re:Surprise, surprise...

[wilstephens]

The manufacture's website was in Japanese only, and I had no idea how to navigate let alone install a Japanese application.

And, yes, I am lazy. How did you know?

Re:Surprise, surprise...

[Anonymous Coward]

Microsoft needs to collect this information for driver updates and other *useful* updates.

No they don't. They can just send a list of updates to the client, and the client can display the updates that apply to your computer. This is why Microsoft can claim no information is being sent to their server: because sending information isn't necessary.

This is actually how APT works.

Re:EULA says they can take what they want

[mrpuffypants]

notice, however, that it says it includes that information...that can very well just be a part of what they are collecting, and the only part they are telling you about.

Re:Surprise, surprise...

[Ian Wolf]

If I tell windows to look for the drivers for a particular device than by all means probe the device for information about it. How does scanning all installed applications aid in this endeavor?

If the reasoning was to better detect and avoid application conflicts I would possibly agree with this method, but the software clearly doesn't do that.

Re:Complete Breach of Trust

[Sloppy]

Breach of trust? What trust?! Saying Microsoft breached your trust, is like somone who starts smoking this year, saying he didn't know it was bad for him. "The tobacco companies tricked me! Boo hoo!"

This isn't just some random company that nobody has ever heard of, with a clean slate. It's 2003. When people deal with Microsoft they know what they're getting into, regardless of what Microsoft says.

When it comes to Windows users, I really do blame the victim. There's a point where a reputation becomes so soiled, so repeated, and so publically, that it really is either dishonest or stupifyingly negligent for someone to say they didn't know. There just aren't any rocks in the world that are big enough for someone to live under and not hear about Microsoft.

Re:Surprise, surprise...

[Ballsy]

Never confuse "Lazy_ass_user computing" with "computing for people who have better things to do with their time than fuck around searching for drivers on some poorly designed manufacturer website".

Re:Tell MS What you think, apparently...

[Landen]

According to a WHOIS, that site is registered to a MarketSmart Technologies in Florida... ...I'd be a bit wary of giving out your info.

Re:Haha

[adamfranco]

Well, most of the Linux package/RPM managers allow you to accomplish the same sort of updates without sending out all of your system information. They also seem to work quite well (although I have only used aptget/synaptic and RedCarpet). Just tell the client everything availible. Hell, then we could even CHOOSE what we wanted to update, or just click "everything" to get all new updates.

Thank You

[mikey504]

Thanks for posting a link to this information. Based on what is here, I see no reason to panic. First, it doesn't appear that any information is sent which would identify the machine the information came from. All they get is, "There is a macine somewhere with a Lite-On CDR in it."

Windows Update has offered me updated device drivers in the past, so I think the inclusion of hardware info could be defended on that basis.

Privacy and Trustworthy computing

[Anonymous Coward]

With all they speel about trustworthy computing, then getting busted doing something like this....let's ponder that thought for a minute.

Ok, done. No wonder I use Linux and Mac

Windows Update Privacy Policy

[jamesbulman]

Has anybody actually read the policy [microsoft.com]? If you read it it doesn't really sound like they've done anything they said they wouldn't.

Re:Haha

[zjbs14]

So, in addition to downloading a list of all possible patches for all possible applications and all possible hardware configurations (pretty big list), it also has to download some sort of ruleset that goes around all of those to actually figure out locally what udpates are available and necessary. That's a lot of bandwidth.

Windows Update can be used for non-MS software, hence the need to send some info about non-MS software. And as you pointed out, they could "guess" most of the information that's being sent anyway.

Open Source solution already in place.

[burnin1965]

Just thought I'd point out that there is already an open source solution you can use to avoid this invasion of privacy, its called linux.

Just had to say that, but on a more serious note, I use Red Hat Network to keep a few Red Hat Linux boxes updated with current patches and it does much the same thing. But there is a big difference.

When you register a box it tells you exactly what information will be sent to RHN about software on your box and allows you to opt out.

The benefit here is two fold in that RHN only sends you updates for the software that is installed on your system and you get updates for any software package that Red Hat supports beyond patches for just the kernel.

What I'm not sure of is if they track all applications you've installed even if they don't support them. Although I still wouldn't be concerned because they tell you up front what information you will be sending to them and you can say NO.

burnin

It's not the personal identification....

[ayeco]

OK, so they don't collect information that can personally identify you as the "owner" of software(s) X. It's all about the fact that they are getting a survey of what's out there. How many users have software x, legally or not.

I don't mind tivo using my info to better programming ala the neilson ratings. BUT I do have a problem with Microsoft using my data (without asking) to adjust their business plans and/or methods of sales, tracking, schemes, etc.

ie "Software maker X has sold 500K copies, BUT our windowsupdate show's that there are 600k copies being use...."

Re:Surprise, surprise...

[Tellarin]

so this person with a so precious time should think twice before buying products from a company with such a "poorly designed website" or that don't ship a version of the drive with the product

Re:Check out the rest

[Anonymous Coward]

Great, and by infringing on the copyright of another news site who tried to make some money and actually reports on news noone else does you are doing noone a service, jerk.

Why "I" think a lot of people are pissed at this..

[Goronmon]

I think a lot of people don't want anyone to know that they use "borrowed" versions of software that they should have payed for. They see that MS might be able to check what they are running and if its being run illegally so instead of thinking I guess the free ride might be over soon. they immediately go into defensive mode, claiming that MS is the devil and that only a "monopoly like them" would ever consider doing this.

You know what? I don't care if they can check to see what I have running on my computer. If I use an updating service made by Microsoft for products made by Microsoft, I almost automatically assume they are getting just about every piece of info off of my computer that they can get. As long as its not anything important (like e-mail, names, credit card numbers, etc) I could care less, I have nothing to hide. If MS wants to see how many people use a certain piece of software, all the power to them.

I guess it all comes down to reading the fine print and knowing that most of the time, the company is looking out for the company, not the customer.

I'm not saying MS should get away with everything it wants to do, but I do think its funny that people are surprised that a service that gets information about your computer actually gets information about your computer.

Or

[Anonymous Coward]

He could buy any old hardware and simply use microsoftupdate.com

Oh hey, he did!

Re:Haha

[Muddle]

What download?
A download is a file that you have and can keep so you don't have to download it the next time your system crashes.
There is no way to keep the update, patch, or driver now so how is that a download.
Sure one can go to the corporate site and download update's however not all patches and updates are made available there.
One used to be able to go to the Temporary Internet File folder and copy and paste the file to another folder however one cannot even do that now.
It's remote installation but it is not a download in any way shape or form as the files are not saved to disk for future use.
For example the hoops one has had to jump through to install the latest secure version of MSJava left a bad taste in my mouth so I downloaded Sun Java and now use it.
Microsoft stated that one should remove them from trusted sites status due to a problem with COM and certificates which to my knowledge still hasn't been properly fixed. Anyone with Active X enabled in Internet Zone is an Idiot and Microsofts Windows Update does not work without these settings. This lead's me to belive that it was one more attempt to ruin Sun.

Re:Complete Breach of Trust

[teeker]

This isn't just some random company that nobody has ever heard of, with a clean slate. It's 2003. When people deal with Microsoft they know what they're getting into, regardless of what Microsoft says.

Sorry, I'm gonna call bullshit on this one. While it's true that people involved in the industry generally know what's up, many people outside of it don't. People who have better things to do than read IT-related media get all of their news about MS from totally mainstream sources in the first place, and lot of people could really give a rat's ass about today's MS article on Yahoo's front page. As far as Joe Sixpack is concerned, it's an IT-related story, and he probably doesn't care what it says. If you are not into the theatre scene, do you read reviews for every play in your area? If you are not interested in business, do you read every story in the business section? Probably not, and my mother doesn't read every store about Microsoft.

Saying that the victim is at fault is not a solution to the problem, and is not an excuse for bad behavior on MS's part.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Haha

[Malc]

What about IP address? That can be used to identify you. That'll be in the IIS logs for sure.

Re:Surprise, surprise...

[japhmi]

But why send a complete list of all of the programs on the computer? Why not send "Windows 98 SE, IE 6.0," and a few things that windows update can actually help with, and not that I am using the WordPerfect suite and not MSOffice (quick, apply the "SlowWordPerfect() operation! and the MakeMozillaCrawl() one two!)

I know it's a bit of paranoia, but I'd rather them not know what I've got running at all, but I'll let them know what MS software I have because that's what I'm getting fixes for.

Re:EULA says they can take what they want

[aug24]

Clearly YANAL (You are not a lawyer)!

Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:

If a lawyer writes "this information includes...", then that's exactly what they mean. They don't mean that it is a complete list; there may be other stuff that they're not explicitly telling you about.

Justin.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Complete Breach of Trust

[kevlar]

Microsoft merely states that they do not send any PERSONAL information. As I see it, having them receive an inventory of what is installed on the machines helps greatly with statistical analysis for errata. If they send data about whats installed but you're anonymous, what difference does it make? Its not like they're tracking webclicks or personal information.

WU doesn't send software list

[phasm42]

There are a lot of people in this thread that realize that WU does NOT send a list of all software installed, but they are being drowned out by the highly rated comments about the evils of MS. The "software list" is actually a list of drivers installed, which is fine, because MS will post updated drivers for you to download. It should also be noted that one of the articles posted is from the Inquirer, the same people who predicted hell on earth in y2k, and believe in tinfoil hats.

Re:Mac OS X?

[Anonymous Coward]

This type of push model where information regarding the available updates is pushed down to the server is actually quite viable. I've dealt with two companies who used this approach and both companies claimed patents in this area. I wouldn't be suprised if Microsoft chose to ignore privacy concerns in order to avoid patent licensing fees.

Re:Haha

[pmz]

The process would look something like:

1. Client downloads latest Update Management Software + Config File from server
2. Client runs Update Management Software.
3. UMS determines what patches are needed from inbuilt logic and information in configuration file
4. UMS downloads and applies relevent patches


XEmacs does exactly this! It works pretty well from what I've seen.

Re:Complete Breach of Trust

[Twanfox]

Whatever happened to needing a court order in order to search your premisis (or in this case, inventory). Now, I know this is voluntary, but should said company say no, what exactally would Microsoft do? Could they prove sufficient suspicion that there was piracy going on?

Or in simpler terms, do software companies have the right to order you to provide on request an inventory and proof of purchase for their products at any time, without just reason to suspect otherwise, and on their own recognizance?

Re:Am I the only one who is not surprised by this?

[fishbowl]

>This has got to stop.

Why do you say that it has "got to stop?"

Do you thing the DOJ consists of a group of people who took power via a coup d'ètat? Or do you concede that the Department consists of individuals who have been appointed by elected executives and confirmed by an elected Congress?

Whether the current government is a true expression of the will of the American people, or the current government is a result of our apathy (even antipathy) toward the democratic process and the political party structure, it is not reasonable to wait until a crisis at the Federal level to take action.

"Something" can be done. In twelve years or less, the Federal government will be largely composed of individuals who are at this moment seeking State and local office. If you have not developed a relationship with these politicians or their parties NOW, while they are accessible, and if you have not participated in the process of putting them in office by CAMPAIGNING and VOTING, you may find yourself in precisely the same position a decade from now, claiming to be powerless to affect the process, and demanding that "something" be done.

Something *is* done, and the people who make a priority of participation in the political process of this country are the people who shape government. Whether you choose to participate or not, you are still part of the process.

Apathy elects our leaders.

How does this differ from RH Update?

[Canabinol]

I use the Update Agent in RedHat almost on a daily basis - the RH Network knows absolutely everything about my setup (programs, modules, etc.) right down to what version of the Kernel I'm running - that way they can inform me of vulnerabilities and problems that I'm probably susceptible to as soon as there's an update available...it's a "good thing".

Why is it that when Microsoft does this kind of thing, suddenly there's a more sinister motive behind it all?

I don't hear anyone complaining about Redhat's privacy policies...

Re:Surprise, surprise...

[Anonymous Coward]

I remember seeing that, when you update, it EXPLICITLY says it gets the updates WITHOUT sending data to MS.

Though I never believed it, I couldn't prove it. Now, it looks like a class action lawsuit is the next step! WOO! I am glad to be a 'doze user now!

Re:Surprise, surprise...

[Hal Roberts]

There are still solutions that allow no meaningful information to be sent. For example, why not have the client just ask for new updates since a given date and cache the rest? That took me all of about 15 seconds to think up and would result in far less bandwidth use than sending the user every upgrade applicable to her system every time she connects.

Either 1) privacy is just not a factor for the folks at all or 2) they want the data for other uses. Most likely it's the former, but the fact that the makers of the 95% market share OS don't care enough about privacy to make it even a small concern when designing systems like this is Really Scary, maybe scarier than them purposefully collecting my data, because at least then there's the possibility that they'll be careful with my data once they've got it.

Linkee no workee

[Wee]

Try going to that link with Opera. Even Opera in Windows. You get a nice message needing to install IE "in order to use Windows Update". Can't view their web page or get a list of updates with any other browser apparently. So much for HTML being the lingua franca of the Internet.

Life's far too short to use IE.

-B

Re:Makes sence

[ReelOddeeo]

Trying to figure what other companies they should push out of business.

This should not be modded Funny. This is serious.

BillG: Look, everyone has Acrobat Reader, we need to develop XDoc.
Everyone has some SimXXX game, we need to develop Zoo Tychoon.

Business as usual. Take advantage of monopoly position of control. Discover what anyone else might be doing that is popular. Develop a competing product. Give it away, or bundle it into OS.

Re:Easy Solution

[chefren]

A GUI in the Linux kernel tree? That would be like..windows. It's the distros that are the operating systems, Linux is just the kernel. In order to have, say KDE in the kernel tree you would also need to have all libraries and other packages you need to run it in the tree as well, like glibc, X and a big bunch of other things. An entire desktop distro in fact. Bury that idea in your back yard, right next to those irritating ex-neighbors of yours (joke). I give thumbs up for more desktop cooperation between distros, though.

This isn't new.

[Anonymous Coward]

Back in the DOS days, I once installed MS Flight Simulator on a friend's laptop (running Windows 3.1) in order to see how bad the ghosting on the laptop screen would be when running games. I copied the files manually, under DOS, using COPY, so that I wouldn't affect the laptops' configuration, and so that I could completely uninstall the program after I was done. Having done that, I started Win 3.1, and went to create a .pif (program informtion file) for the launcher icon. Lo and behold, the dialog box was completely filled out, non standard path and everything, ready to go. It was damn spooky. AFAIK, the only way this could have happened, was if windows looked through the disk for friendly .exe files on startup.

After that experience, my expectation is that MS software keeps very close watch on friendly and, likely, "unfriendly" software on your computer.

Anyone remember the AARD code?

Re:Surprise, surprise...

[Zeinfeld]

Very profound statement with out any proof or attempt to back it up.

Well heck, the article being pay per view almost nobody in the thread is likely to have read it. Why bother to read the article?

There are a bunch of Win98 programs which are known not to work properly under XP. Every so often Microsoft issues a set of patches that allow these to work properly.

Re:Haha

[Catbeller]

Solution:

First, user sends the version number of the patch list present on the user's hardware to MS. The version number represents what hardware/MS software is present, and what patches have been previously applied.

A match is found.

A list of patches is generated, and sent to the user.

MS transmits ONLY the patches that the user's version number indicates is necessary.

User patches.

After successful patch, the version number of the patch list is updated on the user's hard drive.
Operation complete.

So, a massive transmittal of a list of ALL patches is not necessary: only the version number of the patch list needs to be communicated.

The "so much data needs to be sent" argument for MS's snooping presupposes their method of applying patches to be the only one. A little thinking comes up with an alternative.

They snoop because they want to snoop.

Keep an archive

[PW2]

Keep an archive of all service packs for your OS

Re:From the Windows Update website privacy stateme

[fudgefactor7]

"Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways."

Found on the 'Net: "David L. Smith was not caught on the basis of the GUID, he was caught because the feds were able to trace the point of insertion of the virus into alt.sex from the ISP he used, then from the connection logs down to the phone number used to connect to the service. The GUID had nothing to do with it. There was also no indication that he used pirated software, just that he or someone had used a previously written virus and modified it into Melissa, passing on the unique GUID of the original document/macro author."

Just wanted to set that straight.

Re:How does this differ from RH Update?

[gtaluvit]

Because RedHat is free. People need to pay and have a valid license for Windows. Since I'm betting (just an assumption) half the people whining about the update issue have a pirated version of XP or 2K, this poses a threat to them.

On the flip side though, imagine if Redhat's DB was compromised. You'd have an accurate listing of every RedHat box out there, their IP, and what versions of software they were running. Thats a goldmine for a script kiddie.

Re:Surprise, surprise...

[Anonymous Coward]

Yeah, right. What if you buy a year old device, which doesn't come with drivers for XP? What if the drivers get updated? I don't expect to see updated drivers on WU, and when they do show up, theu usually do more harm than good. Also, one of my machines keeps coming up with a VIA chipset update on WU, but when I try to install it, it craps out/fails, and I can't make it go away. It's nice that MS has new drivers for me, but WU is a shoddy service (or as shoddy as any Taiwanese HW manufacturer's site).

Re:How does this differ from RH Update?

[brettlbecker]

Jesus man, how can you compare them? Did you not notice at all that when you registered for RH update you can PICK AND CHOOSE SPECIFICALLY WHICH PACKAGES YOU WANT TO REGISTER? If you don't want them to know which kernel you have, UNCHECK IT.

This is such a ridiculous non-issue that completely misses the point. If what this article says turns out to be true, it means that MS is spying on you and offering you NO CHOICE to avoid that spying. On TOP of charging an arm and a leg for PROPRIETARY, SECURITY-FUCKED software.

Another difference is that if you downloaded Red Hat Linux, you got all the software on there from Red Hat. If you add third-party software, it will only register with Red Hat if Red Hat releases a version of it. This is not the case, if this article is correct, with Microsoft. It will record your software whether it can be updated by MS or not. And that is pointless, unless there is a sinister motive.

B

Re:How does this differ from RH Update?

[StormReaver]

Red Hat's practices are different from Microsoft's practices, even when the components of the practices are identical, because Red Hat does not have a long history of happily abusing its customers.

Microsoft's entire corporate psyche is built around cultivating that abuse. Bill Gates has, on numerous occasions, stated that Microsoft's main competitor is its own customer base. Unless you've been living under a large rock for the last ten years, you're well aware of how Microsoft treats its competitors (and not coincidentally, its "partners").

Microsoft's known street-thug behavioral history should be enough to send shivers down your spine whenever anyone there has network access to your computer in any form whatsoever.

Re:Easy Solution

[swordboy]

A GUI in the Linux kernel tree? That would be like..windows

We could only hope... [onestat.com]

Face it - the desktop needs to get rid of all that cruft and get some standards before it can become mainstream. Although it is a nice thing to have, this variety hinders standards, therby keeping both users and developers away.

True?

[siskbc]

Have they actually stated this? I would love to see something in print. Quite deceptive - not surprising to us, but people outside of /. tend to like examples.

Re:Or

[Sj0]

No he couldn't. The chances of getting drivers for any given piece of hardware from windowsupdate.com are incredibly slim. Among all the PCs in my household, only my main computer even has a single component detected by windowsupdate (my nforce sound, oddly enough).

That's why I don't use XP.

[RatBastard]

Windows 2000 SP 2 doesn't have those nasty EULAs in them. And that's what my systems run. I also still run MediaPlayer 6 for the same reasons.

I use Win2K because everything I run needs Windows. I don't use XP because I do not like the invasive EULAs and I think it is a bloated pile of useless eye-candy.

Re:Along those lines...

[ShawnDoc]

As the article states, the DVD's "Unique ID" is sent to MS and looked up in a database of DVD's. This info is then sent to MediaPlayer and stored so the next time the DVD in inserted it will pull up the name and track info.

This is no different than the typical CD player/MP3 ripper which queries the CDDB to find out the title of the CD and the name of the tracks. No big deal.

Re:Haha

[zurab]

So, in addition to downloading a list of all possible patches for all possible applications and all possible hardware configurations (pretty big list), it also has to download some sort of ruleset that goes around all of those to actually figure out locally what udpates are available and necessary. That's a lot of bandwidth.

Actually, no need to download all patches and updates, just metadata about them. Client OS then can easily determine what updates it needs and present a choice to the user. It is actually less bandwidth this way because you don't have to transmit the information about your complete system, including 3rd party apps to MS. MS will only provide metadata about *updates*, not a metadata of a complete system.

In any case, this metadata transmission is not substantial, much less so if compression is used.