Vista is Watching You 458
greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."
Egomanical monitoring of the populace? (Score:5, Interesting)
If this is nothing more than a way for Microsoft to ensure that Windows operates properly and to find potential issues, data collection should be an option. A lot of power users won't want it, and a lot of paranoid public won't either.
Of course, what choice do they have if they want/need to run Windows? If enough of the system monitors your usage and activity, not using those services pretty much makes your computer a brick.
Aside from privacy concerns, how much storage space and processing power is being used for this endeavor? Couldn't all that be put to much better use?
If only they told me, (Score:2, Interesting)
Re:Egomanical monitoring of the populace? (Score:5, Interesting)
Ah! The irony! (Score:5, Interesting)
What's especially delicate about it is that the service's name uses the term "Rights", where many who are in favour of digital freedom would probably deem "Restrictions" a much better fit.
I bet if Richard Stallman were dead by now (please note that I'm glad and happy that he's alive and kickin'!), there'd be a chance he'd be rotating in his grave at high speeds because of this.
I work in an FDA-regulated environment,... (Score:5, Interesting)
Anonymous? (Score:5, Interesting)
Have we learned nothing? (Score:5, Interesting)
But even putting that aside for a moment. Assume that Microsoft is a friendly company and that you are confident they will never use this information "against you." Even in that case, this is a really bad idea. Why? Because security works best when you *minimize* the avenues of attack. By sending this information to Microsoft HQ, your OS opens itself to new attacks. On the one hand you have the possibility of MS's servers being hacked, and your information stolen (or the transmission being intercepted and copied). But much worse, this transmission functionality can be co-opted by malware or viruses.
Every functionality you include in the OS is a functionality that "the enemy" (malware, viruses, crackers, etc.) can (and will) use against you. In particular, every network-enabled program is a potential security breach. Hence, we should always be disabling as many services (especially network services) as possible. By having all kinds of code that is constantly communicating outside the machine (with no notification to the user), built into services that the user cannot sensibly disable, you are leaving a tempting target for "the enemy" to find vulnerabilities.
Add to this the fact that it makes it harder on network admins to pick out suspicious traffic. If all these Vista installs are constantly sending out packets of information, how can the sysadmin tell when one of those machines has been taken over, and that "phone MS HQ" service is now sending nefarious packets?
Spyware? (Score:2, Interesting)
If there wasn't enough of them already, add this to the stack of reasons not to use Vista.
Is Vista a product, or a service? (Score:5, Interesting)
Certainly from Microsoft's point of view, and in view of their total focus on WGA, you've agreed to a single-payment licensing deal. EULAs may not be valid in some jurisdictions, but that doesn't seem to concern them. You live within their worldview, or else
Likewise, from the content providers' point of view, your PC and its software certainly doesn't belong to you, which implies that you haven't purchased Vista as a product. Instead, it's just a delivery vehicle for their content, and Microsoft is the guarantor of DRM safety to ensure that this is so. The fact that you've paid for your hardware and software as if it were yours seems to have escaped both content providers and Microsoft alike.
Perhaps in the future, people who are not technical will not own computers at all, but only rent content delivery vehicles?
That's where Vista seems to be heading
Re:Egomanical monitoring of the populace? (Score:5, Interesting)
Has anyone done any network captures to see what sites are being contacted? Is blocking *.microsoft.com sufficient? Is there a list of IPs that can be blocked?
Re:Egomanical monitoring of the populace? (Score:5, Interesting)
Old News (Score:1, Interesting)
It turned out that some software inside the machine was making connections to Microsoft sites, and passing information about the contents of the disk over the line.
So MS has been doing this for 15 years or so. Even back then, they knew how to make this "service" unobtrusive. It didn't show as a running program, and it apparently didn't run when other software was using the line. It was just a quiet, hidden, background task that continuously reported on your data to its master.
Nobody who has been paying attention should find it at all surprising that, in 2007, this is still happening. If you are running Microsoft software, you should assume that, unless you know otherwise, that Microsoft has full access to everything in your machine.
Re:Egomanical monitoring of the populace? (Score:3, Interesting)
Re:This is my single biggest push to free software (Score:2, Interesting)
Sure. But Open Source software is not going to uphold your freedoms, only Free Software will. Any freedoms that Open Source software gives you is just incidental to the development methodology used. They will be the first to go when sacrificed for some technical merit.
Here's an amusing quote by RMS about Free Softare and Open Source from here [gnu.org],
Re:This is my single biggest push to free software (Score:5, Interesting)
Just about any HP camera/printer/scanner will install an update utility. Java has a updater that runs in the background. Real Player, Adobe Reader, Flash Player, Quicktime, and assorted Sonic software all have their own background updaters.
Re:Egomanical monitoring of the populace? (Score:3, Interesting)
I'd draw the line right there...
If MS actually asked "do you want to use the net to get feature x, y or z?"
I might bite on that as ok... but who knows what kind of information they are gathering.
But if I had bought Vista I would demand to know what I paid for and why MS thinks it is.
so damned important they not tell their customers...
Re:Egomanical monitoring of the populace? (Score:3, Interesting)
Now, just simply block *all* access to those IPs. Of course... there goes your automatic updates as well.
Re:doubt it (Score:2, Interesting)
Wow. Snooty. What software do you use that's perfect?
Re:This is my single biggest push to free software (Score:3, Interesting)
Note that Crossover is promising select games will work under their new version, like Steam and WoW. I'm thinking about buying this again for Outlook functionality at work. (Evolution's Exchange plugin isn't working with meeting invitations, but I'm WAY off the subject now.) CodeWeavers is saying that their NEXT version will support PunkBuster. That would be cool, as it would remove the main barrier to playing games on Linux at this point.
Speaking of which, because of my older hardware not being able to play some of the new games, I just reinstalled Quake 3. I'm on Gentoo, and that was a simple process. I just put my discs in my drives, and did an ``emerge +cdinstall''. However, PunkBuster needed to update, and it wouldn't do it automatically. I found out how to force this, and did so in the main installation directory, but the game still wouldn't let me play online (it kept kicking me into observer mode). I finally figured out that I needed to run the update utility in my ~/.q3a/pb directory. So, I'm just leaving a googleable memory trail here.
Windows is not the only one... (Score:2, Interesting)
Let's say Firefox:
It phone home and a) checks for update, b) checks for plugins update, c) checks for phishing.
Even apt-get would:
Contact and download the catalog, I didn't check but believe by only downloading the difference, the other peer could easily guess how old my catalog is.
And the list just go on with many other softwares.
The difference is, you can always verify the source with open source software, which I believe 0.1% user, at most, might actually do. You can always assume Microsoft is doing bad thing with its phone home feature, but if you are that paranoid, you better setup an independent machine for going online, or a proxy machine to route and only route those absolutely necessary traffic.
Re:doubt it (Score:3, Interesting)
Looks like a lot more data than an IP address.