Windows Update is Spying on You!
by Arie Slob
Hello Windows users,
Yes... There's another one of those nice conspiracy theories being fed by some "news" article originally published on a German Web site in February this year.
Under the title "Inside Windows-Update", the article states things like:
"When you connect your computer to Microsoft's website WindowsUpdate.com, you reveal a lot of information about your computer to Microsoft. This article shows bit for bit, which data is transferred to Redmond and what Microsoft could learn from it"
"...GetManifest asks the Microsoft server to return information about available updates. The function requires three arguments - clientInfo, systemInfo, and query. The purpose of the clientInfo parameter seems to be to identify and authenticate the user accessing the Microsoft server. Currently the server is accessible to everybody and the clientInfo argument only contains the generic user identification "IU_Site". However, being able to restrict access to updates based on the identity of a user, e.g. supplying certain updates only to users that have a support contract, seems to have been a requirement during the design of Windows Update, although this feature is not currently used."
Much more information is not freely available; you have to pay $2 for the whole "report", but I'd rather spend that $2 on a beer!
Obviously I think this is a load of BS! Here's what I have to say:
First to this claim:
"However, being able to restrict access to updates based on the identity of a user, e.g. supplying certain updates only to users that have a support contract, seems to have been a requirement during the design of Windows Update, although this feature is not currently used."
This is being used! If you used one of many commonly available Windows XP (volume license) product keys, you will have noticed that you can't upgrade to Windows XP Service Pack 1, and no new updates will be listed on the Windows XP Update site.
I doubt Microsoft will be moving to require home users to pay for a support contract in order to obtain fixes, but yeah, that might be a possibility.
Now to the claims that Windows Update collects hardware and software information from your system when you connect to it...
Windows Update version 2 and 3 indeed worked as described at the beginning of the article "A large banner stating that everything was done 'without sending any information to Microsoft' and the lack of suspicious network activity assured us that Microsoft valued our privacy." (Click here for the current Windows Update Privacy Statement.)
But yes, things have changed. Before Windows Update v4 came out, the complete list of fixes that had to be transferred to the client was well over 400 KB at a certain point. For an average modem user you are starting to look at a download time of some 65-90 seconds. So something had to be done.
This is where Windows Update v4 comes in. It does indeed transfer your hardware specs and installed software list to the Windows Update server. Now, Windows Update can show you a list of updates for your computer. Yes, hardware too, just in case you haven't noticed, Windows Update also offers device drivers for certain hardware. And if a certain incompatibility or problem in a 3rd party software is solved by a Microsoft patch, wouldn't you like it to be offered to you? So far there are around 40 patches for Windows XP to improve 3rd party software compatibility, so it's just going to be too much data if Microsoft (Windows Update) has to send you all that information (like it used to do in older versions of Windows Update).
If this still doesn't convince you there is no devious plan to collect all your installed hardware & software and somehow use it against you one day... who is forcing you to use Windows Update in the first place?
You can get all updates, free of charge, and without sending any information from the Microsoft Download Center. You can search by Product/Technology, and sort results by Date, Title or Popularity. You can subscribe to the free Security Bulletin Notification System For Home Users so you'll be alerted of any security fixes when they are released.
I don't see anything wrong with sending my hardware specs to Microsoft, nor do I bother that they "know" what 3rd party software I use. Don't try to tell me that there's a way they can actually do something with the huge volume of data they would be receiving every single day. But like I told you above, if you want to be "safe", there are ways around Windows Update!
The question as to whether the Windows Update system is an effective or efficient one is a different question altogether...
Flaw in Windows Script Engine Could Allow Code Execution
Microsoft has posted a patch for Microsoft Windows. A flaw exists in the way by which the Windows Script Engine for JScript processes information.
Severity Rating: Critical
Affected Software Versions
- Microsoft Windows 98 / 98 Second Edition
- Microsoft Windows Me
- Microsoft Windows NT 4.0 / NT 4.0 Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
Recent Support BBS Postings
Firewall disabling - Windows XP
Cpu temp? - Hardware
ZoneAlarm Free 3.7.143 Released - Security / Virus
LOGOFF and SHUTDOWN Problems - Windows 2000
Pagefile on drive other than C - Windows XP
Web Site Updates
These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Added: MS PocketPC 2002 Phone Edition -- Part 2
Updated: IRC Networks and Servers
Added: Microsoft Security: Flaw in Windows Script Engine Could Allow Code Execution
Added: Windows Update is Spying on You!
MS PocketPC 2002 Phone Edition
Part 2: Productivity in the workplace.
Read Full Article
Microsoft pulls IE 5.5 SP2
Microsoft quietly removed Internet Explorer 5.5 Service Pack 2 from its download site. Users running older versions of IE 5.5, which shipped with Windows Me, must upgrade to the latest (IE 6 SP1) browser release.
According to a note, Internet Explorer 5.5 Service Pack 2 (SP2) has now entered the Extended Support phase. When a version of Internet Explorer enters the Extended Support phase, this means the browser version will no longer be available to download, but will continue to receive no-charge security updates until the end of the Extended Support period.
For Internet Explorer 5.5 SP2, the end of the no-charge support period is December 31, 2003. Security updates will continue to be available to current Internet Explorer 5.5 SP2 users until the end of this no-charge support period.
Ironically, the older IE 5.01 SP2 is still beimg offered for download
Install and Configure Speech Recognition in Windows XP
If you recently purchased a new computer, the Microsoft speech recognition engine might have been installed by the computer manufacturer. No further installation is necessary. If you installed Microsoft Office XP, or if you purchased a new computer that has Office XP installed, the speech recognition engine is included, but might not be installed.
This step-by-step article describes how to install and configure speech recognition.
Mail Password Recovery (Windows 9x/2000/XP FREE)
Recover forgotten password from ANY POP3 client
Mail Password Recovery allows you to recover your email password for any POP3 account, as long as it is stored in an email program on your computer. You just need to temporarily change the settings in your email program , so that it connects to Mail Password Recovery instead, and your password will be revealed.
Download [808 KB]
Tell a friend about this Newsletter!
Need Help with Windows? Ask questions here!
Our Web Sites
Rose City Software