10-17-2003, 05:01 AM
|
#1 (permalink)
|
|
Follower of Ner'Zhul
|
Windows Update gathering info about you
Mods please do your thing if this has been posted before (it's pretty old but I just ran across it).
Does anyone have anything more on this?
http://www.geek.com/news/geeknews/20...0226018826.htm
Quote:
Windows Update sending private data to MS
The heading on the page says it's not sending any data to Microsoft, but the researchers at tecChannel have found otherwise ... and are prepared to prove it.
--------------------------------------------------------------------------------
posted 9:43am EST Wed Feb 26 2003 - submitted by J. Eric Smith
NEWS
The difficulty of keeping up with the endless flow of patches and fixes coming from Microsoft has long been a reason for the poor security administration worldwide of its products. To address this concern, Microsoft rolled out its Windows Update service several years ago to much fanfare. Finally, ordinary users could go to a single Web page and it would download all the patches and install them automatically. What could be better?
Privacy advocates took issue, though, with the possibility for sensitive data to be passed to Microsoft during the update procedure. Microsoft's verbage on the update site indicates that no personal data is being sent to Microsoft, but German researchers at tecChannel were a bit perplexed at the amount of data flowing not into your computer from Microsoft, but out of it to Microsoft. So, they analyzed the packets to see what was going on.
As it turns out, packet analysis is useless, as the stream is encrypted via Secure Sockets Layer (SSL). However, using an undocumented Windows feature, tecChannel was able to get around this and view the raw data. The results were alarming. Embedded in the data stream were lists of what software you have installed on your PC--and not just Microsoft products. Apparently the folks in Redmond can find out just what you've got installed on your PC, all without you ever knowing about it or explicitly consenting to it.
You can head over to tecChanel.de for the full story (subscription required).
ERIC'S OPINION
You know, if Microsoft didn't have such a reputation as a ruthless, aggressive, domineering, exploitive company then perhaps such revelations as this wouldn't be so damning. But Microsoft is what it is, and its reputation is well deserved based on years of this type of conduct. While I'm sure Redmond will defend this type of behavior with some sort of legal wrangling buried deep in the EULA, the truth of the matter is it is once again treading quite heavily on the hallowed grounds of user privacy. Where I come from, we call this "stubborn arrogance." I'm not sure what they call it in Redmond.
There could be a very legitimate reason why WindowsUpdate is gathering this information. Application compatibility would be the first one I would suspect. After all, nobody wants to auto-install a patch that breaks an important piece of software. But if the reason is legitimate, why is Microsoft hiding behind the words on the WindowsUpdate home page, the ones that state no information is being sent to Microsoft? This is clearly not the case.
Conspiracy theorists among us might say that Redmond is amassing a database of who's using what, and could use that to target potential trends and competitors in the software industry. The potential for something like this is disturbing to say the least, so disturbing that I'm surprised Microsoft is being so brazen about this. Then again, this is Microsoft, and being brazen and arrogant is something it seems to have redefined for our time.
|
__________________
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.
- Nathaniel Borenstein
Last edited by RelaX; 10-17-2003 at 12:51 PM..
|
|
|