Forgot your password?
typodupeerror
Privacy Microsoft

Vista is Watching You 458

Posted by CmdrTaco
from the also-up-is-higher-than-down dept.
greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."
This discussion has been archived. No new comments can be posted.

Vista is Watching You

Comments Filter:
  • by jonnythan (79727) on Monday July 02, 2007 @10:43AM (#19717301) Homepage
    It's a little OT, but truth is an absolute defense to slander. Slander is, by definition, untrue.
  • by j.sanchez1 (1030764) on Monday July 02, 2007 @10:50AM (#19717397)
    It's just: Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo).

    And Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program Properties--Compatibility Tab, Program Compatibility Wizard, Properties, Registration, Rights Management Services (RMS) Client, Update Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting are the main features and services in Windows Vista that collect and transmit user data to Microsoft.
  • by Actually, I do RTFA (1058596) on Monday July 02, 2007 @10:53AM (#19717435)

    Sorry, I left out: Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program PropertiesCompatibility Tab, Program Compatibility Wizard, Properties, Registration, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail), Windows Problem Reporting, Windows Defender, Support Services, and Internet Explorer 7.

    "This extensive enumeration is not a complete illustration of all the sources in Windows Vista that Microsoft uses to gather end user data"

  • by KenRH (265139) on Monday July 02, 2007 @10:57AM (#19717481)

    It should be interesting how this clashes with China's own obsessive need to control people's PCs.

    Kina as many other Asian nations is moving towards Linux. They don't want to pay M$-tax and they espesialy don't want MS or NSA spying on them.

  • by LordEd (840443) on Monday July 02, 2007 @10:59AM (#19717521)
    Sarcastic Microsoft bash aside, all of the listed services are those that require connection to an external source. The "windows time service" makes me a bit suspicious that the author just picked everything that made any form of network communication without regard to information sent/received.

    On Windows time service [microsoft.com]:

    The following list describes various aspects of Windows Time Service data that is sent to and from the Internet and how the exchange of information takes place:

      Port: NTP uses User Datagram Protocol (UDP) port 123 on time servers. If this port is not open to the Internet, you cannot synchronize your server to Internet NTP servers.

      Protocol: The service on Windows Vista implements NTP to communicate with other computers on the network.


    The NTP Protocol is described here [wikipedia.org]. I can't verify that they haven't implemented the evil NTP protocol (not running Vista), but I don't see why i should trust the author after listing this one.
  • by kryten_nl (863119) on Monday July 02, 2007 @11:12AM (#19717693)
    http://games.cedega.com/gamesdb/ [cedega.com] check it out, add it as a bookmark.
  • Re:doubt it (Score:4, Informative)

    by SatanicPuppy (611928) * <Satanicpuppy&gmail,com> on Monday July 02, 2007 @11:15AM (#19717717) Journal
    They already do that with the "Report this bug to Microsoft?" screens that pop up in XP every time a program crashes...And frankly, I SHOULD be able to opt out if I choose to do so. Hell, they should want me to be able to opt out, so if I do something and crash a program, I don't send them weird data.

    The OP is right; this is a precursor to a subscription based OS; that's microsoft's dream, where everyone just pays the OS tax on a monthly/yearly basis, and gets "free" upgrades on a once-a-decade cycle.
  • by brunascle (994197) on Monday July 02, 2007 @11:18AM (#19717773)

    It's really all come down to games for me. If my games would all run on Linux I'd be there tomorrow.
    this is the reason my desktop is still XP also. it's become not much more than a gaming console. but you'd be surprised how many good, native linux games there are. i was (recently). check out the linux gamers live cd [linux-gamers.net].
  • by plague3106 (71849) on Monday July 02, 2007 @11:25AM (#19717843)
    Exactly. Its a blanket catch all so that they have their asses covered. Each of those features sends certain amounts of data to performs its function.

    For those wondering why the Games folder sends data, its to get the rating for the game and download additional information about the game (like the box art). There are many personalization features in Vista, and they're actually pretty cool.
  • by Dan Ost (415913) on Monday July 02, 2007 @11:39AM (#19718035)
    Such traffic can always be blocked at an external firewall. Even the most basic router will let you blacklist IPs/domains. Short of colluding with router makers, there is nothing Microsoft can do about this.
  • by lessermilton (863868) on Monday July 02, 2007 @11:39AM (#19718047) Homepage
    Rather than using DNS - put a *nix box between your XP and M$ - voila, instant access, and I'm sure there are plenty of packet sniffers out there...
  • Re:doubt it (Score:3, Informative)

    by Jaknet (944488) on Monday July 02, 2007 @11:47AM (#19718129)
    If you want to remove the "report this to microsoft". Then right click My Computer > Properties, select the Advanced tab, select the Settings button (third one down under Startup and Recovery) and un-tick the send an Admin alert. Also on the "error reporting" button at the bottom of the Advanced tab, just select the "disable error reporting, but notify when critical errors occur"

    Cannot remember off the top of my head which one stops the "report to Microsoft" pop-ups, but with both you can rest easy and not get the annoying pop-ups each time. Hope this helps
  • by Skiron (735617) on Monday July 02, 2007 @11:50AM (#19718179) Homepage
    ... is that any Microsoft system is NOT owned by the 'buyer'- it is Microsofts' as they are licensing it to the 'users'. Microsoft can do what they wish as owners of said software. So I can't see what people get bothered about, really - what do you expect from something you do not and cannot ever, ever own, no matter how much you think you do (or even how much you spend on it too).
  • by zerofoo (262795) on Monday July 02, 2007 @11:52AM (#19718221)
    The Gramm-Leach-Bliley Act otherwise known as GLBA controls how businesses collect, use, and distribute non-public information, and provides for penalties for the misuse of that information. Having managed IT for a bank, I can tell you that this act is serious stuff.

    Microsoft's attorneys are not stupid. They know if they collect non-public information, they are bound by GLBA to protect that information. That includes audits of any systems that store or transmit that information.

    It would cost Microsoft way more money to collect non-public information from its users than it could make by using or selling that information. Also, it would expose Microsoft's products to outside auditor scrutiny, possibly even requiring the source code of its products to be inspected.

    For these reasons, Microsoft does not want to collect non-public information from its users.

    -ted
  • by pandrijeczko (588093) on Monday July 02, 2007 @12:13PM (#19718525)
    In fact, I'd bet there's MORE applications on Linux that send your private information back to some web server somewhere, just because Linux sockets are easier to write for than their Windows cousins and so Linux has and will always have a lead over networking for developers.

    Let's assume for one moment that what you are saying is correct (although I don't believe for one moment that it is), then since these are independent applications, then it's very easy to disable or uninstall them if you don't like them phoning home. So, pray tell, how would you do this in Windows where the "phoning home" is being done by a stealth application that's running as part of the intrinsic underlying OS.

    Also, you're turning this into a "Windows vs Linux" discussion which is an overly simplistic viewpoint. Open Source applications are subject to constant peer review meaning that any suspicious "phoning home" would be rapidly identified and brought out into public attention. I can't comment on YaST as I don't use SuSE Linux but I suspect, as a commercial entity, they are interested in user information but since there are a myriad of Open Source applications that run on Windows also, this is more a case of Open vs Closed Source, not Windows vs Linux.

    So, you might charaterize things less harshly as follows : Linux tries to let you keep your personal information private but all of your work product is public, and Windows keeps all of your work product private but your personal information is public.

    Sorry, but that's utter trash. Aside from stability, "free beer" and customisability, the main reason I use Linux as my primary OS choice is that it allows *ME* to take responsibility for protecting *MY* information and does not allow me to dump that responsibility into the hands of some private entity.

    I am one of the first people to volunteer to take part in surveys and information gathering excercises because when I am *ASKED* to provide information and have the choice of what information to and not to provide, it can be very useful to someone who is designing or marketting a product or service. But I am *NOT* going to let someone just take that information - and if that means never using Vista then so be it...

  • by Anonymous Brave Guy (457657) on Monday July 02, 2007 @12:24PM (#19718693)

    The point being made earlier in the thread was that this doesn't always work, because the IP addresses for certain services (Windows Update is one, IIRC) are hard-coded and the hosts file is never checked by Windows when resolving these addresses.

  • by Anonymous Coward on Monday July 02, 2007 @12:29PM (#19718765)
    > to be taxed for the data collection/transmit.

    TRANSMIT is a verb. You were looking for the noun, TRANSMISSION.

  • HP drivers are pathetic. The printer driver for my printer is a 600mb minimum install (the 'enhanced' software is another 500mb). Every 3 or 4 minutes a console window flashes on the screen - their phone home software is a console app and they haven't even bothered to hide the window.

    Oh and that's just for the printer.. the scanner part of the driver is nonfunctional on vista (despite the driver being the latest vista driver), and the whole thing won't install on OSX (a small (for them) 250mb driver) because they stopped supporting it after 10.4.2 and it's hardcoded to reject a version higher than that.

    For a while now I've been telling people to avoid HP like the plague because their drivers are is spyware infested bug ridden crap.
  • by DigitalReverend (901909) on Monday July 02, 2007 @12:35PM (#19718843)
    He works in an FDA regulated environment, not works for the FDA. There are several companies that are heavily regulated by the FDA. I used to work for a pharmaceutical research company and almost every piece of software requires some kind of validation in order to protect no only the the pharmaceutical companies, but also the patients as well.

      While most IT environments can install Patches and Service Packs and Updates at will, this is not the case for FDA regulated companies. The update or patch will be installed on a system that has no access to any real data, each step of the installation is documented down to each mouse click complete with screen shots, then the installation is performed following that document by a person who didn't write the initial instructions, and they will then take screen shots of their installation. Then once it has passed the installation steps, then there are instructions written up for each thing that needs to be tested and validated, that is also complete with screen shots, and each mouse click and keyboard entry. Those instructions are sent to someone else who goes through each step, and takes screen shots along the way, and if that passes, it can then go on to production where the installation is performed, with screen shots, and a final series of tests, with screen shot is also done. All the documents are printed out as the FDA hasn't completely allowed electronic storage.

    So where the normal IT guy clicks download/install and maybe makes a log of it. A simple windows update in an FDA regulated environment will produce a mountain of paperwork. If anything along the line has the potential of revealing any confidential information against FDA regulations, then the software will be rejected. Vista at this point has been rejected so far.
  • by weicco (645927) on Monday July 02, 2007 @02:50PM (#19720491)

    But, seriously, why the cloak-and-dagger approach? Just tell the user "Vista is now gonna send MS the following information about your system, anonymized so it can't be tracked, and we want it to see what hardware platforms our system should run best on. Thanks for your co-op."

    Well how about reading Windows Update Privacy Statement from here http://technet2.microsoft.com/windowsserver/en/lib rary/3998fef5-4e07-4128-881d-754375b679121033.mspx ?mfr=true [microsoft.com] or updated version from Windows Update site from here http://www.update.microsoft.com/microsoftupdate/v6 /default.aspx?ln=en-us [microsoft.com]. And if you are paranoid enough, just add TCP dump to somewhere on your network to see what's really submitted, don't know if it's encrypted though.

  • by Dude McDude (938516) on Monday July 02, 2007 @04:59PM (#19722075)
  • by Joe U (443617) on Tuesday July 03, 2007 @12:14AM (#19726449) Homepage Journal
    Activation - Annoying anti-piracy check. This is the worst of the group, because it can't be turned off.
    Customer Experience Improvement Program (CEIP) - Optional feedback program.
    Device Manager & Driver Protection & Dynamic Update - Gives you an option to scan for updated drivers.
    Event Viewer - Optional, If you click the 'get more information' it sends a query for, (get this) more information.
    File Association Web Service - Same as above.
    Games Folder - Downloads pictures and ratings for your games.
    Error Reporting for Handwriting Recognition - Optional error reporting..
    Input Method Editor (IME) - I assume it's looking for new language packs.
    Installation Improvement Program - Optional error reporting.
    Internet Printing - Not sure on this one, I assume it's a driver check. Unless they're talking about the Internet printing service that prints your photos. If so, then duh, grow up.
    Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Peer Name Resolution Service - Read how these servcices work, they require an Internet server.
    Parental Controls - I believe it's tied to the phishing filter.
    Plug and Play, Plug and Play Extensions, Program Compatibility Assistant,Program Properties--Compatibility Tab, Program Compatibility Wizard, Properties, - Driver updates, compatibility updates.
    Registration - Marketing, optional
    Rights Management Services (RMS) Client - DRM as bad as activation
    Update Root Certificates - Automatic updates for SSL certs.
    Windows Control Panel - Not sure which panel
    Windows Help - Optional Online help
    Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) - Well duh, hotmail calls microsoft?
    Windows Problem Reporting - Optional error reporting.

    With the exception of Activation and the RMS client, both of which are useless, these are useful Internet services, feel free to turn them off or actually answer NO, when asked.

    Stop making this into a 'oooh, they're spying on me'. They're spying the same way Slashdot is spying on you when you post a message.

A motion to adjourn is always in order.

Working...