Examining Microsoft Update 805
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
Haha (Score:5, Interesting)
Is this surprising? (Score:2, Interesting)
I can see a legitimate purpose for it, from a bug-hunting and trouble-shooting standpoint, but I am highly skeptical that these are the only ways that this information is used. For instance, I expect that if MS sees a high number of installs for a particular app, that it might decide to include that app in the "OS", such as a personal firewall, for instance. Oh, wait...they already did.
An interesting compare/conrast to see is what MS license agreement says about this and what their public statements have been.
Also, is there going to be a DMCA action here? Ugh.
GF.
Re:EULA says they can take what they want (Score:5, Interesting)
In fact using their software (and then accepting the EULA) is like simply close your eyes and pray that the big depredator which is in front of you isn't hungry right now, and will not be all the long time you be there.
No software collected (Score:3, Interesting)
In fact the article says the biggest privacy concern is the hardware list, which doesn't seem that big a deal to me.
No worries... (Score:2, Interesting)
Solution...
Block ALL outbound requests to MS at the router. (Home network)
There are several IP ranges that I have blocked.
This prevents any 'phone home' connections from any MS OS thats running.
Its easy enough to manually lift the blocks when downloading patches.
I never use Windoze Update.. It doesent work with Mozilla anyway
If you actually *look* at the information sent... (Score:3, Interesting)
So what's the problem?
Re:/Tin Foil Hat Off (Score:2, Interesting)
What a mistake. When I rebooted I started getting error messages and it threw me into generic VGA. I had to then dig out the disks that came with the thing and re-install the driver.
Since then, I've avoided this like the plague. Sorry, I'll update any non-ms software myself, thanks. Windowsupdate is convenient given the number of "security updates". It saves me from having to keep track of what I've installed on my machines and it is fairly painless to go out there a couple times a month to see what is available.
But it also encourages the mindset that you should install software updates just because, well, it updates you to the latest version. Updating windows with all the latest security patches, fine. Updating IE or media player just because there is a new version? No thanks.
Same goes for drivers and non-ms software. I'll grant that it would be convenient to see that there are updates and then be able to install right there (remember Oil Change?), but I personally don't need to always need to keep my apps and drivers "up to date", especially if they are working fine otherwise.
Two things. (Score:1, Interesting)
Two, Microsoft is just doing what all companies have figured out works - mentally tire out the masses. If you start Windows Update three years ago, and say that no personal information is sent, you can have a debate about what 'personal information' means, and you can even slowly ratchet up how much is sent.
Great. But who's going to object? Shareholders, who at best can create non-binding resolutions to change policy in the company? Whether personal information is taken by force or otherwise doesn't matter to them. They want higher stock prices.
Executives and whistleblowers in the office? We have to define what 'personal information' means again.
That leaves customers. And even if your local news does a big 'expose'!' on how Microsoft lies to you about what information is sent to them, how long can people stay mad? An evening? A week? People can't keep enough rage bottled up to do anything about these things. People aren't being denied the right to vote, they're just being lied to. And we know how people rationalize politicians doing that to them already.
Personally, if Microsoft just tells me (and they do) what they're taking from the computer, great. But the fact is, even if they were copying the whole contents of my hard disk, my choices would be not to use Windows Update at all and waste a lot of my life staring at the Microsoft Developer's Connection, or to use it anyway. (Linux, not having, say, Visio, is not an option for my company). And most people just don't care, so they will no matter how onerous the terms...until it gets as bad as 'Your personal data is being transmitted and archived to Microsoft'.
What if your personal data was sent and temporarily cached, for virus scanning, even with the best intentions? Some might STILL sign up. Give it thought...
Re:Not news.. but a nice update. (Score:3, Interesting)
cvsup is far more invasive than Windows Update. When you run cvsup, it sends a list of all your files (in the relevant directory, of course) to the server. The server then looks at the list you're sending it and decides what you need to have updated.
Re:Haha (Score:3, Interesting)
Hell, since this is Microsoft we're talking about, they could have even *sold* the back-end update server software to the third parties and made a few more dollars for Bill to roll around in.
Re:/Tin Foil Hat Off (Score:5, Interesting)
Yes, as it is for any OS vendor. But so what? How much data to you actually have to send? Not a whole lot - just enough to identify what piece of software it's for and what version it is. If you can't store all of that in, oh say, 20 bytes, then you're screwed in oh-so-many ways. Hint - encode the software identifier in a 32-bit or 64-bit number, and the version string in the remaining bytes.
So, let's say you have 1000 patches available for the OS in question -- and, yes, patches are OS specific and MS has that much info from you already. That's a 20,000 byte download. Even at 14.4k it's only 20 seconds. Big deal.
The system then has to process the list and figure out what it may need, then request additional data for each potential patch... but you're going to have to download that information anyway, and there is minimal additional overhead.
It might take slightly longer, particularly over slow links, but it's a hell of a lot more user and security friendly.
Errrm (Score:1, Interesting)
Nothing to see here other than dotters frothing
Regardless of how much we all rant (Score:1, Interesting)
Microsoft isn't going to get nervous, and things woun't change for the better until someone makes a movie about this whole mess. That way, not just us 'smart' people will know whats going on, but the knowledge and severity of whats going on will actually be accessible to those who aren't very 'smart' (aware of the computer industry and current intellectual property issues, and how they affect everyone).
If the information is dumbed down and put into a drama, then hundreds of thousands of people would be aware of issues we've all been worrying about and fighting for for years, and it would happen over night.
~ M. Knight Shyamalan, do you read Slashdot?
Easy Solution (Score:4, Interesting)
Or we could all just get Mac's. I'm almost there, unless someone can put together a KDE or Gnome with some usable functionality (like device management and system configuration in ONE GODDAMMED FUCKING LOCATION).
Apple!!!! Bring OSX to X86 and we will make it worth your while!
Re:Surprise, surprise... (Score:5, Interesting)
I had a bad experience along those lines with the Windows Update site, where a particular sound driver (I forget which, at the moment) from them would not work with my hardware, where the one from the manufacturer's website did.
Re:Always wondered About That... (Score:3, Interesting)
Portage (I assume) doesn't tell gentoo home base what packages I have installed, but it knows which ones I need all the same.
Re:Haha (Score:2, Interesting)
The message reads: "Note Windows Update does not collect any form of personally identifiable information from your computer"
I think that it used to say something like: "No information will be sent to Microsoft"....
Their privacy policy [microsoft.com] states that they check your system for a valid Windows license.
Re:No worries... (Score:2, Interesting)
What addresses do you block? Did you get them all?
.. get
the hint.. You'll never get them all..
M$ has IP addresses all over the place, including net blocks assigned for various different countries?
Here is a list of M$ net blocks just in the America's
Microsoft Corp MICROSOFT (NET-131-107-0-0-1) 131.107.0.0 - 131.107.255.255
Microsoft Corp MSOFT-190-20 (NET-4-42-190-0-1) 4.42.190.0 - 4.42.190.7
Microsoft Corp MICROSOF25-160-112 (NET-12-111-160-112-1) 12.111.160.112 - 12.111.160.119
Microsoft Corp WLCO-TWC1057147-MICROSOFT (NET-64-200-211-16-1) 64.200.211.16 - 64.200.211.31
Microsoft Corp NETBLK-MSOFT-NET (NET-198-105-232-0-1) 198.105.232.0 - 198.105.235.255
Microsoft Corp MSOFT-2 (NET-198-105-233-0-1) 198.105.233.0 - 198.105.233.255
Microsoft Corp MSOFT-4 (NET-198-105-235-0-1) 198.105.235.0 - 198.105.235.255
Microsoft Corp MSOFT-3 (NET-198-105-234-0-1) 198.105.234.0 - 198.105.234.255
Microsoft Corp MSOFT-1 (NET-198-105-232-0-2) 198.105.232.0 - 198.105.232.255
Microsoft Corp MICROSOFT-1 (NET-199-103-90-0-1) 199.103.90.0 - 199.103.91.255
Microsoft Corp MICROSOFT-C1 (NET-199-103-122-0-1) 199.103.122.0 - 199.103.122.255
Microsoft Corp MICROSOFT17 (NET-199-6-92-0-1) 199.6.92.0 - 199.6.94.255
Microsoft Corp MICROSOFT-2 (NET-204-79-7-0-1) 204.79.7.0 - 204.79.7.255
Microsoft Corp MICROSOFT-NET1 (NET-204-79-27-0-1) 204.79.27.0 - 204.79.27.255
Microsoft Corp MGCNET (NET-199-60-28-0-1) 199.60.28.0 - 199.60.28.255
Microsoft Corp MICROSOFT2 (NET-198-180-74-0-1) 198.180.74.0 - 198.180.75.255
Microsoft Corp MICROSOFT3 (NET-198-180-95-0-1) 198.180.95.0 - 198.180.97.255
Microsoft Corp MICROSOFT8 (NET-204-79-101-0-1) 204.79.101.0 - 204.79.101.255
Microsoft Corp MICROSOFT9 (NET-204-79-135-0-1) 204.79.135.0 - 204.79.135.255
Microsoft Corp MICROSOFT10 (NET-204-79-179-0-1) 204.79.179.0 - 204.79.179.255
Microsoft Corp MICROSOFT11 (NET-204-79-180-0-1) 204.79.180.0 - 204.79.181.255
Microsoft Corp MICROSOFT12 (NET-204-79-188-0-1) 204.79.188.0 - 204.79.188.255
Microsoft Corp MICROSOFT13 (NET-204-79-195-0-1) 204.79.195.0 - 204.79.197.255
Microsoft Corp MICROSOFT15 (NET-204-140-77-0-1) 204.140.77.0 - 204.140.77.255
Microsoft Corp MICROSOFT16 (NET-204-140-80-0-1) 204.140.80.0 - 204.140.83.255
Microsoft Corp MICROSOFT18 (NET-192-237-67-0-1) 192.237.67.0 - 192.237.67.255
Microsoft Corp MICROSOFT19 (NET-198-137-97-0-1) 198.137.97.0 - 198.137.97.255
Microsoft Corp MICROSOFT19-NET58 (NET-204-231-58-0-1) 204.231.58.0 - 204.231.58.255
Microsoft Corp MICROSOFT20 (NET-204-231-76-0-1) 204.231.76.0 - 204.231.76.255
Microsoft Corp MICROSOFT26 (NET-204-231-192-0-1) 204.231.192.0 - 204.231.192.255
Microsoft Corp MICROSOFT27 (NET-204-231-194-0-1) 204.231.194.0 - 204.231.223.255
Microsoft Corp MICROSOFT28 (NET-204-231-236-0-1) 204.231.236.0 - 204.231.236.255
Microsoft Corp MICROSOFT29 (NET-205-248-10-0-1) 205.248.10.0 - 205.248.15.255
Microsoft Corp MICROSOFT30 (NET-205-248-41-0-1) 205.248.41.0 - 205.248.43.255
Microsoft Corp MICROSOFT31 (NET-205-248-50-0-1) 205.248.50.0 - 205.248.51.255
Microsoft Corp MICROSOFT32 (NET-205-248-61-0-1) 205.248.61.0 - 205.248.63.255
Microsoft Corp MICROSOFT33 (NET-205-248-80-0-1) 205.248.80.0 - 205.248.129.255
Microsoft Corp MICROSOFT34 (NET-205-248-72-0-1) 205.248.72.0 - 205.248.72.255
Microsoft Corp MICROSOFT35 (NET-205-248-212-0-1) 205.248.212.0 - 205.248.215.255
Microsoft Corp MICROSOFT36 (NET-205-248-228-0-1) 205.248.228.0 - 205.248.228.255
Microsoft Corp MICROSOFT37 (NET-205-248-235-0-1) 205.248.235.0 - 205.248.235.255
Microsoft Corp SPRINT-CDA33F (NET-205-163-63-0-1) 205.163.63.0 - 205.163.63.255
Microsoft Corp SPRINT-CDA33E (NET-205-163-62-0-1) 205.163.62.0 - 205.163.62.255
Microsoft Corp SPRINT-CDA39F (NET-205-163-144-0-1) 205.163.144.0 - 205.163.159.255
Microsoft Corp MICROSOFT44 (NET-205-248-243-0-1) 205.248.243.0 - 205.248.244.255
Microsoft Corp SOCRATIC (NET-207-78-80-0-1) 207.78.80.0 - 207.78.80.255
Microsoft Corp DAVELADD (NET-207-78-81-0-1) 207.78.81.0 - 207.78.81.255
Microsoft Corp RSEGAL (NET-207-78-82-0-1) 207.78.82.0 - 207.78.82.255
Microsoft Corp UU-207-18-117 (NET-207-18-117-0-1) 207.18.117.0 - 207.18.117.255
Microsoft Corp UU-208-194-139 (NET-208-194-139-0-1) 208.194.139.0 - 208.194.139.255
Microsoft Corp MICROSOFT48 (NET-207-117-3-0-1) 207.117.3.0 - 207.117.3.255
Microsoft Corp UU-208-204-49-128-B (NET-208-204-49-128-1) 208.204.49.128 - 208.204.49.255
Microsoft Corp MICROSOFT50 (NET-207-209-68-0-1) 207.209.68.0 - 207.209.68.255
Microsoft Corp CW-208-139-27-B (NET-208-139-27-0-1) 208.139.27.0 - 208.139.27.255
Microsoft Corp MICROSOFT55 (NET-209-28-213-0-1) 209.28.213.0 - 209.28.213.255
Microsoft Corp SPRINT-CC5F6F (NET-204-95-96-0-1) 204.95.96.0 - 204.95.111.255
Microsoft Corp UU-208-205-26 (NET-208-205-26-0-1) 208.205.26.0 - 208.205.26.255
Microsoft Corp UU-208-222-172 (NET-208-222-172-0-1) 208.222.172.0 - 208.222.172.255
Microsoft Corp CYBR-LCCLAB (NET-207-158-93-192-1) 207.158.93.192 - 207.158.93.223
Microsoft Corp UU-208-229-100-D1 (NET-208-229-100-0-1) 208.229.100.0 - 208.229.101.255
Microsoft Corp MSBPN-2 (NET-207-240-123-192-1) 207.240.123.192 - 207.240.123.223
Microsoft Corp MICROUSI (NET-208-155-183-0-1) 208.155.183.0 - 208.155.183.255
Microsoft Corp UU-208-241-9-224 (NET-208-241-9-224-1) 208.241.9.224 - 208.241.9.239
Microsoft Corp UU-208-241-19 (NET-208-241-19-0-1) 208.241.19.0 - 208.241.19.15
Microsoft Corp UU-208-241-19-16 (NET-208-241-19-16-1) 208.241.19.16 - 208.241.19.31
Microsoft Corp SPRINT-D01ACD (NET-208-26-205-0-1) 208.26.205.0 - 208.26.205.255
Microsoft Corp UU-208-245-16 (NET-208-245-16-0-1) 208.245.16.0 - 208.245.16.31
Microsoft Corp UU-208-244-108-D2 (NET-208-244-108-0-1) 208.244.108.0 - 208.244.108.15
Microsoft Corp MICROSOFTDENVER (NET-204-133-231-0-1) 204.133.231.0 - 204.133.231.255
Microsoft Corp UU-208-249-17-160 (NET-208-249-17-160-1) 208.249.17.160 - 208.249.17.175
Microsoft Corp UU-208-224-200-64 (NET-208-224-200-64-1) 208.224.200.64 - 208.224.200.95
Microsoft Corp MICROSOFTG1-COM (NET-216-72-96-0-1) 216.72.96.0 - 216.72.99.255
Microsoft Corp UU-63-69-245 (NET-63-69-245-0-1) 63.69.245.0 - 63.69.245.255
Microsoft Corp UU-208-217-184-D1 (NET-208-217-184-0-1) 208.217.184.0 - 208.217.187.255
Microsoft Corp EACT-CUST-JLEZNEK (NET-207-229-166-152-1) 207.229.166.152 - 207.229.166.159
Microsoft Corp UU-63-75-193-72 (NET-63-75-193-72-1) 63.75.193.72 - 63.75.193.79
Microsoft Corp SPRINT-CC5F95-8 (NET-204-95-149-0-1) 204.95.149.0 - 204.95.149.255
Microsoft Corp NET-CSAMSI (NET-209-192-213-72-1) 209.192.213.72 - 209.192.213.79
Microsoft Corp MICROSOFT56 (NET-206-73-118-0-1) 206.73.118.0 - 206.73.118.255
Microsoft Corp MICROSOFT57 (NET-206-73-203-0-1) 206.73.203.0 - 206.73.203.255
Microsoft Corp USW-MICROSOFT (NET-63-225-190-216-1) 63.225.190.216 - 63.225.190.223
Microsoft Corp MICROSOFT58 (NET-206-73-31-0-1) 206.73.31.0 - 206.73.31.255
Microsoft Corp QWEST-208-45-54-16 (NET-208-45-54-16-1) 208.45.54.16 - 208.45.54.23
Microsoft Corp QWEST-208-45-54-8 (NET-208-45-54-8-1) 208.45.54.8 - 208.45.54.15
Microsoft Corp SPRINT-3FA132 (NET-63-161-50-128-1) 63.161.50.128 - 63.161.50.255
Microsoft Corp SPRINT-3FA132-6 (NET-63-161-50-0-1) 63.161.50.0 - 63.161.50.127
Microsoft Corp MICROSOFT-8-18 (NET-207-240-8-224-1) 207.240.8.224 - 207.240.8.239
Microsoft Corp NETCOM-MICROSOFT-1 (NET-209-146-250-128-1) 209.146.250.128 - 209.146.250.159
Microsoft Corp QWEST-208-45-89-248A (NET-208-45-89-248-1) 208.45.89.248 - 208.45.89.255
Microsoft Corp UU-63-95-95 (NET-63-95-95-0-1) 63.95.95.0 - 63.95.95.255
Microsoft Corp QWEST-63-236-136-0A (NET-63-236-136-0-1) 63.236.136.0 - 63.236.136.7
Microsoft Corp 2ALP-2000020201 (NET-209-100-205-32-1) 209.100.205.32 - 209.100.205.39
Microsoft Corp MICROSOFT-BBLK (NET-157-54-0-0-1) 157.54.0.0 - 157.60.255.255
Microsoft Corp MICROSOFT62 (NET-206-182-236-0-1) 206.182.236.0 - 206.182.236.255
Microsoft Corp MICROSOFT61 (NET-206-182-69-0-1) 206.182.69.0 - 206.182.69.255
Microsoft Corp MICROSOFT63 (NET-206-182-240-0-1) 206.182.240.0 - 206.182.240.255
Microsoft Corp MICROSOFT64 (NET-206-182-241-0-1) 206.182.241.0 - 206.182.241.255
Microsoft Corp MICROSOFT66 (NET-206-182-251-0-1) 206.182.251.0 - 206.182.251.255
Microsoft Corp MICROSOFT65 (NET-206-182-247-0-1) 206.182.247.0 - 206.182.247.255
Microsoft Corp MICROSOFT59 (NET-206-73-67-0-1) 206.73.67.0 - 206.73.67.255
Microsoft Corp MICROSOFT60 (NET-206-73-68-0-1) 206.73.68.0 - 206.73.68.255
Microsoft Corp QWEST-63-236-198-64 (NET-63-236-198-64-1) 63.236.198.64 - 63.236.198.71
Microsoft Corp ERMS-6799349 (NET-165-121-253-232-1) 165.121.253.232 - 165.121.253.239
Microsoft Corp QWEST-63-236-170-64 (NET-63-236-170-64-1) 63.236.170.64 - 63.236.170.71
Microsoft Corp QWEST-63-236-186-56 (NET-63-236-186-56-1) 63.236.186.56 - 63.236.186.63
Microsoft Corp QWEST-63-236-186-64 (NET-63-236-186-64-1) 63.236.186.64 - 63.236.186.71
Microsoft Corp QWEST-63-236-187-104 (NET-63-236-187-104-1) 63.236.187.104 - 63.236.187.111
Microsoft Corp QWEST-63-236-187-128 (NET-63-236-187-128-1) 63.236.187.128 - 63.236.187.135
Microsoft Corp QWEST-63-236-187-160 (NET-63-236-187-160-1) 63.236.187.160 - 63.236.187.167
Microsoft Corp UU-65-194-210-224 (NET-65-194-210-224-1) 65.194.210.224 - 65.194.210.255
Microsoft Corp CW-NETBLK-MICROSOF4 (NET-206-26-43-0-1) 206.26.43.0 - 206.26.43.255
Microsoft Corp FON-3338832128690 (NET-199-2-137-0-1) 199.2.137.0 - 199.2.137.255
Microsoft Corp CUST-86-24614 (NET-216-222-104-224-1) 216.222.104.224 - 216.222.104.239
Microsoft Corp ERSD-8883923 (NET-66-47-55-16-1) 66.47.55.16 - 66.47.55.23
Microsoft Corp UU-63-104-216-D2 (NET-63-104-216-0-1) 63.104.216.0 - 63.104.216.127
Microsoft Corp QWEST-63-151-87-64 (NET-63-151-87-64-1) 63.151.87.64 - 63.151.87.71
Microsoft Corp HP-64-77-82-96 (NET-64-77-82-96-1) 64.77.82.96 - 64.77.82.103
Microsoft Corp HP-64-77-93-80 (NET-64-77-93-80-1) 64.77.93.80 - 64.77.93.95
Microsoft Corp MICROSOFT-1BLK (NET-65-52-0-0-1) 65.52.0.0 - 65.55.255.255
Microsoft Corp MICROSOFT-GLOBAL-NET (NET-207-46-0-0-1) 207.46.0.0 - 207.46.255.255
Microsoft Corp MICROSOFT (NET-131-107-0-0-1) 131.107.0.0 - 131.107.255.255
Microsoft Corp MICROSOFT-CORP-MSN-BLK (NET-207-68-128-0-1) 207.68.128.0 - 207.68.207.255
Microsoft Corp FON-343451648081865 (NET-204-182-144-0-1) 204.182.144.0 - 204.182.159.255
Microsoft Corp FON-346312755281299 (NET-206-107-34-0-1) 206.107.34.0 - 206.107.34.255
Microsoft Corp FON-34550983681918 (NET-205-240-158-0-1) 205.240.158.0 - 205.240.159.255
Microsoft Corp EPOCH4804-1020470011 (NET-216-132-41-224-1) 216.132.41.224 - 216.132.41.239
Microsoft Corp MICROSOFT14 (NET-204-79-252-0-1) 204.79.252.0 - 204.79.252.255
Microsoft UUHIL-BLK1-C155-112 (NET-209-154-155-112-1) 209.154.155.112 - 209.154.155.119
Microsoft DSLNET-20010319-00205 (NET-65-84-146-232-1) 65.84.146.232 - 65.84.146.239
Microsoft SBCIS-101411-164355 (NET-65-68-62-152-1) 65.68.62.152 - 65.68.62.159
MICROSOFT SPEK-531-0 (NET-66-92-59-0-1) 66.92.59.0 - 66.92.59.15
MICROSOFT SBC067039208168020503 (NET-67-39-208-168-1) 67.39.208.168 - 67.39.208.175
Microsoft UU-65-242-67 (NET-65-242-67-0-1) 65.242.67.0 - 65.242.67.255
Microsoft SBC063194155144021023 (NET-63-194-155-144-1) 63.194.155.144 - 63.194.155.151
Microsoft SBC066136085192030113 (NET-66-136-85-192-1) 66.136.85.192 - 66.136.85.199
MICROSOFT MFN-T280-64-124-184-72-29 (NET-64-124-184-72-1) 64.124.184.72 - 64.124.184.79
MICROSOFT MFN-E125-64-124-128-56-29 (NET-64-124-128-56-1) 64.124.128.56 - 64.124.128.63
MICROSOFT MFN-B458-208-185-230-16-29 (NET-208-185-230-16-1) 208.185.230.16 - 208.185.230.23
MICROSOFT MFN-E125-64-124-128-40-29 (NET-64-124-128-40-1) 64.124.128.40 - 64.124.128.47
MICROSOFT MFN-T133-216-200-206-0-24 (NET-216-200-206-0-1) 216.200.206.0 - 216.200.206.255
Microsoft DIRECP-NET1-206-71-11 (NET-206-71-119-0-1) 206.71.119.0 - 206.71.119.255
Microsoft DIRECP-NET1-117 (NET-206-71-117-0-1) 206.71.117.0 - 206.71.117.255
Microsoft DIRECP-NET1-118 (NET-206-71-118-0-1) 206.71.118.0 - 206.71.118.255
Microsoft Corporation SBC067112255144030130 (NET-67-112-255-144-1) 67.112.255.144 - 67.112.255.151
MICROSOFT CROP SBC067039081152020503 (NET-67-39-81-152-1) 67.39.81.152 - 67.39.81.159
Microsoft de Panama S.A. 208-166-39-16-CAWP (NET-208-166-39-16-1) 208.166.39.16 - 208.166.39.31
Microsoft License PNAP-LAX-MSLI-RM-03 (NET-64-94-106-16-1) 64.94.106.16 - 64.94.106.31
Microsoft License PNAP-LAX-MSLI-RM-02 (NET-216-52-232-80-1) 216.52.232.80 - 216.52.232.95
Microsoft License PNAP-SFJ-MSLI-RM-01 (NET-216-52-28-0-1) 216.52.28.0 - 216.52.28.255
Microsoft Licensing SBC067120132160020815 (NET-67-120-132-160-1) 67.120.132.160 - 67.120.132.167
Microsoft Licensing SBC067120132152020815 (NET-67-120-132-152-1) 67.120.132.152 - 67.120.132.159
Microsoft Licensing SBC067120132136020815 (NET-67-120-132-136-1) 67.120.132.136 - 67.120.132.143
Microsoft Licensing SBC067120132128020815 (NET-67-120-132-128-1) 67.120.132.128 - 67.120.132.135
Microsoft Licensing SBC067120132208020816 (NET-67-120-132-208-1) 67.120.132.208 - 67.120.132.223
Microsoft Licensing SBC067120132192020816 (NET-67-120-132-192-1) 67.120.132.192 - 67.120.132.207
Microsoft Licensing Inc SBC067118043224020730 (NET-67-118-43-224-1) 67.118.43.224 - 67.118.43.231
Re:Complete Breach of Trust (Score:5, Interesting)
Ummm, years ago when I was in high school and working for my mother, we had purchased a software package from a company that wrote medical office management software. I had noticed that all of the manuals were photocopied and we had no original disks for Microsoft software that was included in the package. I called Microsoft about this and they had in our office the *next* day two dudes from Microsoft and an FBI agent asking to examine our computers. We ended up getting screwed because the guy whose software we purchased was smacked hard by M$ as the package we bought went unsupported after that.
Of course this guy was absolutely stealing and should have gotten what he deserved, but my point is simply that, yeah, there are Microsoft agents of a sort and they do show up at your door.
Re:Complete Breach of Trust (Score:2, Interesting)
When it comes to Windows users, I really do blame the victim. There's a point where a reputation becomes so soiled, so repeated, and so publically, that it really is either dishonest or stupifyingly negligent for someone to say they didn't know. There just aren't any rocks in the world that are big enough for someone to live under and not hear about Microsoft.
Would you mind pointing out some of those instances where Microsoft abused the privacy of their customers? Given your claims of the prevalence of such information, I'm really eager to listen to the examples you surely will be able to give. Undercutting Netscape and extending Java don't count, by the way, and only the fervently anti-Microsoft can't see the grayness in those areas (i.e. Microsoft is hardly the villain).
For all of the "I told you so!" rhetoric in here (hardly surprizing), I personally find Microsoft to be one of the most trustworthy companies when it comes to privacy: They have gone far above and beyond the call of duty time and time again to put the privacy of their customers ahead of the value of the information. If, indeed, this is sending information on other products installed I would bet a pretty good penny (two pennies in fact!) that it is entirely unintentional.
Re:Haha (Score:3, Interesting)
They might not be able to identify you, but they can identify the machine at least for XP. Since XP requires registration, I'd say they know your machine and who paid for XP to go on there.
I wouldn't be surprised if at some later date they claim this is for the catch all 'security reasons.'
Re:Complete Breach of Trust (Score:2, Interesting)
BSA/Microsoft accuses you of being a pirate of the high seas, and demands license proof. Microsoft puts up $LARGE_SUM to a trusted authoritive third party. Audit ensues, licensing is verified.
If you are stealing software, BSA/Microsoft gets $LARGE_SUM back, and the entity stealing the software has to pay $FINES, $LICENSES, or $OUT_OF_COURT_SETTLEMENT.
If your licenses are in order, or you are using GNU/Linux, BSA/Microsoft's $LARGE_SUM is awarded to you, covering your work disruptions, legal fees, and more.
This is how it works at the local track if you think one of your competitors has modified thier engine outside of the class specifications. You pony up for the accusation and get rewarded if it's true, and take a loss if it's not.
*ahem* (Score:5, Interesting)
(Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.
Re:Surprise, surprise... (Score:3, Interesting)
Secondly, there's no way I can believe that ms would acquire your data and subsequently throw it away. None. They are gathering stats and keeping them.
Microsoft profiting from Autoupdate site? (Score:2, Interesting)
Re:Complete Breach of Trust (Score:2, Interesting)
Re:Haha (Score:3, Interesting)
I strongly suspect that it would be smaller than that of, say, Red Hat's RHN since MS is only worried about the OS and a few of its software titles. RHN on the other hand offers thousands of packages.
And even if the list was quite massive, why would it have to resend everything all the time? Why not send a list of the changes since the last time the user downloaded (the client could say "everything since 2003/01/21 08:45:00" or something similar).
If RHN and other upgrades can download a list of packages, why can't MS? They not smart enough? No, the answer is that they don't get enough "feedback" when they do it that way.
During the beta of Win95 they tried this trick and the press was all over them. They realized they made a mistake introducing such a shocking "big brother" utility at the same time that they were releasing such a major product. Instead, MS is beginning to learn that when it goes to violate people's privacy (and rights), it should do things in small increments:
Why doesn't it update other MS ware? (Score:2, Interesting)
Now I have to go download them myself. Thanks a lot, Microsoft.
People will believe anything (Score:4, Interesting)
Don't believe the alarmist titles to articles. Do you all fall into this trap with the evening news as well? "Tune in for the Radon discover that just might save your familyu's life."
I know that you guys are smarter than this. Use your brains.
Re:Surprise, surprise... (Score:3, Interesting)
Microsoft doesn't offer updates for SQL Server or Office, or Photoshop for that matter, via WindowsUpdate. So why do they need that information to NOT supply updates for those programs?
BeOS (Score:2, Interesting)
Re:Haha (Score:3, Interesting)
$ sudo apt-get update
$ sudo apt-get upgrade
(The last step can replaced with apt-get dist-upgrade if you're doing some serious stuff.)
Da-dum, da-dum and wait a little while the packages download from Your Local Mirror and watch nifty little statistics on how many files you've got installed..
To keep on topic (for a split second), no personal identifiable information is sent to anybody (perhaps except for my IP address and some FTP-commands).
I know, I know, I dont't get any system-specific optimizations. But who can afford the time to compile stuff (other than kernels) these days? This is a 400MHz compter! It can barely compile my kernels (wich, BTW, are nicely fitted as a Debian package to install). Of course, if you've got the spare cycles, there's always source available for you.
But it must be noted that since people's saying so much nice about Gentoo, I've got to try it. I don't doubt it rocks a bit.
Well, wasn't that a rant! (-8
Re:Surprise, surprise... (Score:3, Interesting)
Comment removed (Score:3, Interesting)
Re:Who cares about windows update? (Score:1, Interesting)
If anyone knows where it connects to for updates please post it, thanks !
Do other companies do this?? (Score:1, Interesting)
So my concern is with repsect to the intregitty of the fly-by-night free software. Specifically does my debian/testing system send back my playist from gqmpeg and my viewing habit from galeon?
Should I change to OS-X??
Thanks
concerned linux user.
Re:No software collected (Score:3, Interesting)
How do you know this?
I hope you don't mean "because ZoneAlarm hasn't picked up anything weird"
Have you run an external packet sniffer on your net connection?
Please do not think any utility run on Windows cannot be bypassed by a few lines of code in kernelspace.
You needed to hack it to know this? (Score:2, Interesting)
Sun has a much better way of doing it... (Score:3, Interesting)
1. You download the patchdiag.xref file from Sunsolve. This file is updated daily and contains a list of all patches available for all versions of Solaris. It's currently about 1.4 megabytes in size. You only need to download this once, throw it up on an NFS server and all of your Solaris hosts can use it.
2. You execute a Perl script called patchk.pl that compares your currently installed patches with what's available for your OS and generates an HTML page that is automatically opened in Netscape. The HTML page simply lists every patch you need and has check-boxes, a lot like Windows Update.
3. Check all the boxes for patches you need and click a button at the bottom of the page and Sunsolve generates a tarball of all your patches for you.
4. Download tarball and install from single user mode.
That is the proper way to do it, and it seems like Windows Update used to do that in previous versions but the xref file got to be too big for every single client to download every time. MS should provide an xref file that Windows administrators can download and run Windows Update across their enterprise using the xref file, not sending any information to Microsoft.
Sun has been selling systems to three letter governement agencies for quite some time that would never even consider purchasing a product that "phoned-home". If Microsoft wants to play in that ball-game they need to pull their head out of their ass and provide real enterprise level patch management.
P.S. The ability to roll-back a failed Windows Update would be nice too...