Vista is Watching You

greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."

Egomanical monitoring of the populace?

[LoadWB]

Is this another example of Bill Gate's Microsoft micromanagement leaking out into the general public, or is this truly a way for Microsoft to help fool-proof Windows operations?

If this is nothing more than a way for Microsoft to ensure that Windows operates properly and to find potential issues, data collection should be an option. A lot of power users won't want it, and a lot of paranoid public won't either.

Of course, what choice do they have if they want/need to run Windows? If enough of the system monitors your usage and activity, not using those services pretty much makes your computer a brick.

Aside from privacy concerns, how much storage space and processing power is being used for this endeavor? Couldn't all that be put to much better use?

If only they told me,

[sumi-manga]

like Google does, maybe I wouldn't be microwaving genuine Vista Ultimate DVDs into petrol...

Re:Egomanical monitoring of the populace?

[brunascle]

Of course, what choice do they have if they want/need to run Windows? If enough of the system monitors your usage and activity, not using those services pretty much makes your computer a brick.

if the OS can function without an internet connection, it damn well better be able to function on a firewall that blocks access to MS servers.

Ah! The irony!

[c0l0]

In the article, there's a Vista technology referred to as "Rights Management Services (RMS) Client" - I guess I'm not the only one who's midldy amused about the acronym used for that service ;-)
What's especially delicate about it is that the service's name uses the term "Rights", where many who are in favour of digital freedom would probably deem "Restrictions" a much better fit.

I bet if Richard Stallman were dead by now (please note that I'm glad and happy that he's alive and kickin'!), there'd be a chance he'd be rotating in his grave at high speeds because of this.

I work in an FDA-regulated environment,...

[Yewbert]

... and this kind of undisclosed(?) sneaky communication has to be considered a security risk from our side, and one which may very possibly invalidate the state of validation (in, again, the FDA-regulated sense) of numerous production-related systems that might eventually run on Vista platforms. We're testing Vista now, and as soon as I get my hands on a copy, I'm gonna poke arounnd and try to figure out what data is sent where, what happens if you cleverly block it, what options there are to just shut these features the f*** off, and many et ceteras,...

Anonymous?

[MontyApollo]

Seems like they would want to keep this data anonymous as much as possible too, or it would seem like they would have an endless barage of subpoenas for civil lawsuits like divorces, where one spouse wants evidence that the other was cheating.

Have we learned nothing?

[kebes]

The privacy concerns are obvious. I, for one, do not want to agree to having all kinds of (largely unspecified) information transmitted to Microsoft.

But even putting that aside for a moment. Assume that Microsoft is a friendly company and that you are confident they will never use this information "against you." Even in that case, this is a really bad idea. Why? Because security works best when you *minimize* the avenues of attack. By sending this information to Microsoft HQ, your OS opens itself to new attacks. On the one hand you have the possibility of MS's servers being hacked, and your information stolen (or the transmission being intercepted and copied). But much worse, this transmission functionality can be co-opted by malware or viruses.

Every functionality you include in the OS is a functionality that "the enemy" (malware, viruses, crackers, etc.) can (and will) use against you. In particular, every network-enabled program is a potential security breach. Hence, we should always be disabling as many services (especially network services) as possible. By having all kinds of code that is constantly communicating outside the machine (with no notification to the user), built into services that the user cannot sensibly disable, you are leaving a tempting target for "the enemy" to find vulnerabilities.

Add to this the fact that it makes it harder on network admins to pick out suspicious traffic. If all these Vista installs are constantly sending out packets of information, how can the sysadmin tell when one of those machines has been taken over, and that "phone MS HQ" service is now sending nefarious packets?

Spyware?

[CaptainPatent]

Isn't it ironic that the very company charging insane amounts for a "safe and secure" OS is essentially using spyware embedded in the system itself when the average user shells out a decent amount of money to prevent spyware programs?

If there wasn't enough of them already, add this to the stack of reasons not to use Vista.

Is Vista a product, or a service?

[Morgaine]

I expect that the majority of people believe that they're buying a product when they purchase Vista, or when they purchase a PC with Vista pre-installed. That presumption may be entirely wrong though.

Certainly from Microsoft's point of view, and in view of their total focus on WGA, you've agreed to a single-payment licensing deal. EULAs may not be valid in some jurisdictions, but that doesn't seem to concern them. You live within their worldview, or else ... or else nothing, that's the only option. In fact then, you haven't purchased a product at all, but a service without any agreed terms.

Likewise, from the content providers' point of view, your PC and its software certainly doesn't belong to you, which implies that you haven't purchased Vista as a product. Instead, it's just a delivery vehicle for their content, and Microsoft is the guarantor of DRM safety to ensure that this is so. The fact that you've paid for your hardware and software as if it were yours seems to have escaped both content providers and Microsoft alike.

Perhaps in the future, people who are not technical will not own computers at all, but only rent content delivery vehicles?

That's where Vista seems to be heading ... although Microsoft probably wants you to continue purchasing without owning.

Re:Egomanical monitoring of the populace?

[B'Trey]

it damn well better be able to function on a firewall that blocks access to MS servers.

Has anyone done any network captures to see what sites are being contacted? Is blocking *.microsoft.com sufficient? Is there a list of IPs that can be blocked?

Re:Egomanical monitoring of the populace?

[click2005]

In XP, Microsoft hard coded the IP addresses of various servers into libraries and software so it bypasses any attempt to use DNS resolution to block it. I'd bet in Vista there is something worse. Maybe thats why they were working on some kind of BitTorrent/P2P protocol. Route the data through other people's machines to get around blocking.

Old News

[jc42]

I remember back in the early 1990s, when the first network software for Microsoft systems started coming out, I read a report from some engineers who had been using it in their lab. They noticed that their modem's lights would flicker during times that the machine was "idle". So they hooked up a line monitor, and studied the activity.

It turned out that some software inside the machine was making connections to Microsoft sites, and passing information about the contents of the disk over the line.

So MS has been doing this for 15 years or so. Even back then, they knew how to make this "service" unobtrusive. It didn't show as a running program, and it apparently didn't run when other software was using the line. It was just a quiet, hidden, background task that continuously reported on your data to its master.

Nobody who has been paying attention should find it at all surprising that, in 2007, this is still happening. If you are running Microsoft software, you should assume that, unless you know otherwise, that Microsoft has full access to everything in your machine.

Re:Egomanical monitoring of the populace?

[B'Trey]

I wouldn't be at all surprised if there's some sort of attempt but, to the best of my knowledge, there's no way for Microsoft to bypass the access list on a router or firewall sitting between the machine and the Internet. But I also wouldn't be surprised if, if one IP can't get through, the machine will try several others, including ones that aren't assigned to the microsoft.com domain. Thus my asking if anyone had done any network captures to see where the packets are actually going. I'm not running Vista, so I can't do it myself.

Re:This is my single biggest push to free software

[farmer11]

Sure. But Open Source software is not going to uphold your freedoms, only Free Software will. Any freedoms that Open Source software gives you is just incidental to the development methodology used. They will be the first to go when sacrificed for some technical merit.

Here's an amusing quote by RMS about Free Softare and Open Source from here [gnu.org],

The GNU GPL is used by developers with various views, but it was written to serve the ethical goals of the free software movement. Says Stallman, "The GNU GPL makes sense in terms of its purpose: freedom and social solidarity. Trying to understand it in terms of the goals and values of open source is like trying understand a CD drive's retractable drawer as a cupholder. You can use it for that, but that is not what it was designed for."

Re:This is my single biggest push to free software

[Ephemeriis]

This "phone home" crap is the single biggest thing that is driving me to consider open-source alternative operating systems and software.

I got sent out on a call last week... Their complaint was that the PC was running fairly slow and that it kept asking to connect to the Internet (yes, the poor souls were still on dial-up). I honestly expected to find an assortment of spyware/malware on the machine. Instead, I found a pile of legitimate software was trying to phone home.

Just about any HP camera/printer/scanner will install an update utility. Java has a updater that runs in the background. Real Player, Adobe Reader, Flash Player, Quicktime, and assorted Sonic software all have their own background updaters.

Re:Egomanical monitoring of the populace?

[wellingj]

Application yes.... Operating System...?
I'd draw the line right there...

If MS actually asked "do you want to use the net to get feature x, y or z?"
I might bite on that as ok... but who knows what kind of information they are gathering.
But if I had bought Vista I would demand to know what I paid for and why MS thinks it is.
so damned important they not tell their customers...

Re:Egomanical monitoring of the populace?

[TheLinuxSRC]

Go to the American Registry for Internet Numbers [arin.net] and search for "Microsoft". You will see pages similar to the following:

Microsoft Corp MICROSOFT (NET-131-107-0-0-1) 131.107.0.0 - 131.107.255.255
Microsoft Corp MICROSOFT-VEXCEL (NET-192-92-90-0-1) 192.92.90.0 - 192.92.90.255
Microsoft Corp NETBLK-MSOFT-NET (NET-198-105-232-0-1) 198.105.232.0 - 198.105.235.255
Microsoft Corp MICROSOFT-1 (NET-199-103-90-0-1) 199.103.90.0 - 199.103.91.255
Microsoft Corp MICROSOFT-CORP-MSN-3 (NET-199-103-122-0-1) 199.103.122.0 - 199.103.122.255
Microsoft Corp MICROSOFT17 (NET-199-6-92-0-1) 199.6.92.0 - 199.6.94.255
Microsoft Corp MICROSOFT-2 (NET-204-79-7-0-1) 204.79.7.0 - 204.79.7.255
Microsoft Corp MICROSOFT-NET1 (NET-204-79-27-0-1) 204.79.27.0 - 204.79.27.255
Microsoft Corp MICROSOFT-CORP-MSN-1 (NET-199-60-28-0-1) 199.60.28.0 - 199.60.28.255
Microsoft Corp MICROSOFT2 (NET-198-180-74-0-1) 198.180.74.0 - 198.180.75.255
Microsoft Corp MICROSOFT3 (NET-198-180-95-0-1) 198.180.95.0 - 198.180.97.255
Microsoft Corp MICROSOFT8 (NET-204-79-101-0-1) 204.79.101.0 - 204.79.101.255
Microsoft Corp MICROSOFT-HK (NET-204-79-135-0-1) 204.79.135.0 - 204.79.135.255
Microsoft Corp MICROSOFT-PLACEWARE-1 (NET-204-79-179-0-1) 204.79.179.0 - 204.79.179.255

Now, just simply block *all* access to those IPs. Of course... there goes your automatic updates as well.

Re:doubt it

[DogDude]

I don't participate in beta testing programs without being compensated for my time and resources.

Wow. Snooty. What software do you use that's perfect?

Re:This is my single biggest push to free software

[Dunkirk]

Don't say that the performance of Windows-based games takes a hit on Linux. I've run Linux on the desktop for 12 years. Every few months, I get the bug to "try it again." The last time I did so, I pirated -- yes, pirated -- I've bought it 3 times, and never gotten it to actually play the games I wanted to play -- Cedega, and took it for a drive. On both Counter Strike and Battlefield 2, the game played BETTER under Linux than it did under Windows. BF2 was appreciably better. However, two things kept me from switching. For CS:S, it was horribly long load times. I don't know what it was about Steam, but it would take several minutes to finally load up. BF2 was different. PunkBuster is NOT SUPPORTED under Cedega. What's so pathetic is that PunkBuster (and Valve's VAC) are apparently not preventing cheating. Our clan kicks people out of our servers all the time for hacking. Yet it keeps me from playing online under Linux. Other than that, Wine is letting the software actually run faster on the same hardware. YMMV.

Note that Crossover is promising select games will work under their new version, like Steam and WoW. I'm thinking about buying this again for Outlook functionality at work. (Evolution's Exchange plugin isn't working with meeting invitations, but I'm WAY off the subject now.) CodeWeavers is saying that their NEXT version will support PunkBuster. That would be cool, as it would remove the main barrier to playing games on Linux at this point.

Speaking of which, because of my older hardware not being able to play some of the new games, I just reinstalled Quake 3. I'm on Gentoo, and that was a simple process. I just put my discs in my drives, and did an ``emerge +cdinstall''. However, PunkBuster needed to update, and it wouldn't do it automatically. I found out how to force this, and did so in the main installation directory, but the game still wouldn't let me play online (it kept kicking me into observer mode). I finally figured out that I needed to run the update utility in my ~/.q3a/pb directory. So, I'm just leaving a googleable memory trail here. ;-)

Windows is not the only one...

[sam0737]

and I would say Linux would phone home a lot too...

Let's say Firefox:
It phone home and a) checks for update, b) checks for plugins update, c) checks for phishing.

Even apt-get would:
Contact and download the catalog, I didn't check but believe by only downloading the difference, the other peer could easily guess how old my catalog is.

And the list just go on with many other softwares.

The difference is, you can always verify the source with open source software, which I believe 0.1% user, at most, might actually do. You can always assume Microsoft is doing bad thing with its phone home feature, but if you are that paranoid, you better setup an independent machine for going online, or a proxy machine to route and only route those absolutely necessary traffic.

Re:doubt it

[Nazlfrag]

Sure they send your IP address and your browser details, and all file name extensions, all URLs visited w/Parental Controls enabled, all PnP devices installed (so your complete hardware specs), your Games folder(?!) etc. I'm not sure what else gets sent but from the list they provided I'm sure there's plenty more.

Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program Properties--Compatibility Tab, Program Compatibility Wizard, Properties, Registration, Rights Management Services (RMS) Client, Update Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting are the main features and services in Windows Vista that collect and transmit user data to Microsoft.

Looks like a lot more data than an IP address.