Interesting People mailing list archives
more on Windows XP update may be classified as "spyware"
From: David Farber <dave () farber net>
Date: Wed, 7 Jun 2006 02:26:24 -0400
Begin forwarded message: From: Bob Rosenberg <bob () bobrosenberg phoenix az us> Date: June 7, 2006 12:13:42 AM EDT To: lauren () vortex com, dave () farber net Subject: RE: Windows XP update may be classified as "spyware" Lauren & DaveIf memory serves [a debateable proposition], at the time of the initial release of XP, M$ openly publicized that XP phones home on every boot.
That's a primary reason why I refuse to move beyond W2K. Of course, there is always Linux - with Win4Lin whenever I need to use Windows for some purpose.
Cordially,
Bob Rosenberg
P.O. Box 33023
Phoenix, AZ 85067-3023
LandLine: (602)274-3012
Mobile: (602)206-2856
bob () bobrosenberg phoenix az us
**********************************************
“Education's purpose is to replace an empty mind with an open one.”
Malcolm Forbes
**********************************************
Begin forwarded message:
From: Lauren Weinstein <lauren () vortex com>
Date: June 6, 2006 1:15:05 AM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Windows XP update may be classified as "spyware"
Dave,
There have been some murmurs about this in other forums, but since
I've now independently verified I figured I'd better report here.
A recent Microsoft update to Windows XP, which modifies the tool
that verifies the "validity" of XP installations to insure that they
are not illicit, may itself be considered to be spyware under
commonly accepted definitions.
The new version of the "Microsoft Genuine Advantage" tool
reportedly will repeatedly nag users of systems it declares
to be invalid, and will then apparently deny such users various
"non-critical" updates. Apparently various parties have already
found ways to bypass this tool, though the effects of this on
later updating capabilities remain to be seen.
However, I've noted a much more serious issue on local XP
systems, all of which are legit and pass the MS validity tests with
flying colors. It appears that even on such systems, the MS tool
will now attempt to contact Microsoft over the Internet *every time
you boot*. At least, I'm seeing these contacts on every boot after
the tool update so far, and I've allowed them to proceed to completion
each time. Perhaps it stops after some number of boots, but there's
no indication of such a limit so far. The connections occur even if
you do not have Windows "automatic update" enabled.
I do not know what data is being sent to MS or is being received
during these connections. I cannot locate any information in the MS
descriptions to indicate that the tool would notify MS each time I
booted a valid system. I fail to see where Microsoft has a "need to
know" for this data after a system's validity has already been
established, and there may clearly be organizations with security
concerns regarding the communication of boot-time information.
I'll leave it to the spyware experts to make a formal determination
as to whether this behavior actually qualifies the tool as spyware.
For now, you can block the tool's connection attempts via firewalls
such as ZoneAlarm, though the long-term ramifications of doing this
are unclear. I do not know if it's possible to block this behavior
using the internal XP firewall system.
This situation is potentially a very disturbing development.
--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
- International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Windows XP update may be classified as "spyware" David Farber (Jun 06)