Interesting People mailing list archives
more on Windows XP update may be classified as "spyware"
From: David Farber <dave () farber net>
Date: Wed, 7 Jun 2006 02:26:24 -0400
Begin forwarded message: From: Bob Rosenberg <bob () bobrosenberg phoenix az us> Date: June 7, 2006 12:13:42 AM EDT To: lauren () vortex com, dave () farber net Subject: RE: Windows XP update may be classified as "spyware" Lauren & DaveIf memory serves [a debateable proposition], at the time of the initial release of XP, M$ openly publicized that XP phones home on every boot.
That's a primary reason why I refuse to move beyond W2K. Of course, there is always Linux - with Win4Lin whenever I need to use Windows for some purpose.
Cordially, Bob Rosenberg P.O. Box 33023 Phoenix, AZ 85067-3023 LandLine: (602)274-3012 Mobile: (602)206-2856 bob () bobrosenberg phoenix az us ********************************************** “Education's purpose is to replace an empty mind with an open one.” Malcolm Forbes ********************************************** Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: June 6, 2006 1:15:05 AM EDT To: dave () farber net Cc: lauren () vortex com Subject: Windows XP update may be classified as "spyware" Dave, There have been some murmurs about this in other forums, but since I've now independently verified I figured I'd better report here. A recent Microsoft update to Windows XP, which modifies the tool that verifies the "validity" of XP installations to insure that they are not illicit, may itself be considered to be spyware under commonly accepted definitions. The new version of the "Microsoft Genuine Advantage" tool reportedly will repeatedly nag users of systems it declares to be invalid, and will then apparently deny such users various "non-critical" updates. Apparently various parties have already found ways to bypass this tool, though the effects of this on later updating capabilities remain to be seen. However, I've noted a much more serious issue on local XP systems, all of which are legit and pass the MS validity tests with flying colors. It appears that even on such systems, the MS tool will now attempt to contact Microsoft over the Internet *every time you boot*. At least, I'm seeing these contacts on every boot after the tool update so far, and I've allowed them to proceed to completion each time. Perhaps it stops after some number of boots, but there's no indication of such a limit so far. The connections occur even if you do not have Windows "automatic update" enabled. I do not know what data is being sent to MS or is being received during these connections. I cannot locate any information in the MS descriptions to indicate that the tool would notify MS each time I booted a valid system. I fail to see where Microsoft has a "need to know" for this data after a system's validity has already been established, and there may clearly be organizations with security concerns regarding the communication of boot-time information. I'll leave it to the spyware experts to make a formal determination as to whether this behavior actually qualifies the tool as spyware. For now, you can block the tool's connection attempts via firewalls such as ZoneAlarm, though the long-term ramifications of doing this are unclear. I do not know if it's possible to block this behavior using the internal XP firewall system. This situation is potentially a very disturbing development. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Windows XP update may be classified as "spyware" David Farber (Jun 06)