Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Data sent to Microsoft by "Windows Update"

From: Dave Farber <dave () farber net>
Date: Thu, 17 Apr 2003 17:35:05 -0400

------ Forwarded Message
From: George Sadowsky <george.sadowsky () internews org>
Date: Thu, 17 Apr 2003 16:56:46 -0400
To: Dave Farber <dave () farber net>
Subject: Data sent to Microsoft by "Windows Update"

Dave,

I may have missed your picking this story up, but if you didn't, it
may be of interest to the IP list.  The summary below was prepared
for our use by my colleague, Robert Horvitz.

George Sadowsky

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.tecchannel.de/betriebssysteme/1126/

Folks, this is a bit off-topic, but it relates
to an important privacy issue.

Mike Hartmann in Germany has written a very
interesting report about the data that Microsoft
extracts from your computer after you activate
the "Automatic Windows Update" option.

The data is sent to Microsoft through an
encrypted channel, but Hartmann figured out how
to find and read the data before it is encrypted.

The first six pages of his report are free in
either English or German at the URL above.  To
get the full article, you are supposed to pay
0.60 euros...but thanks to the fact that someone
in Portugal bought it and put it on a server
which Google indexed, you can read the full
article in English in Google's cache of HTML
conversions from PDF originals:

http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp
/windowsupdate.pdf&hl=en&ie=UTF-8

To summarize, Windows Update sends Microsoft
a complete list of all the hardware devices
installed in your computer - make, model and
driver version.  It also sends a registry
subkey listing the vendor of every software
package installed on your computer.  And
finally, it sends a digitally signed product
code that seems to enable Microsoft to deny
updates to people using pirated copies of
Windows.  The datastream appears to support
additional capabilities that are not yet
activated.

The tools that Hartmann used to analyse Windows
Update can be downloaded from his website for
only 4.90 euros.  But he warns that since these
techniques are now known to Microsoft, "It is
likely that an update, e.g. a new service pack
or a hotfix, will change this behavior and
therefore render the tools unusable."


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: