<<< Date Index >>>     <<< Thread Index >>>

[IP] Windows XP update may be classified as "spyware"





Begin forwarded message:

From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: June 6, 2006 1:15:05 AM EDT
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxx
Subject: Windows XP update may be classified as "spyware"


Dave,

There have been some murmurs about this in other forums, but since
I've now independently verified I figured I'd better report here.

A recent Microsoft update to Windows XP, which modifies the tool
that verifies the "validity" of XP installations to insure that they
are not illicit, may itself be considered to be spyware under
commonly accepted definitions.

The new version of the "Microsoft Genuine Advantage" tool
reportedly will repeatedly nag users of systems it declares
to be invalid, and will then apparently deny such users various
"non-critical" updates.  Apparently various parties have already
found ways to bypass this tool, though the effects of this on
later updating capabilities remain to be seen.

However, I've noted a much more serious issue on local XP
systems, all of which are legit and pass the MS validity tests with
flying colors.  It appears that even on such systems, the MS tool
will now attempt to contact Microsoft over the Internet *every time
you boot*.  At least, I'm seeing these contacts on every boot after
the tool update so far, and I've allowed them to proceed to completion
each time.  Perhaps it stops after some number of boots, but there's
no indication of such a limit so far.  The connections occur even if
you do not have Windows "automatic update" enabled.

I do not know what data is being sent to MS or is being received
during these connections.  I cannot locate any information in the MS
descriptions to indicate that the tool would notify MS each time I
booted a valid system.  I fail to see where Microsoft has a "need to
know" for this data after a system's validity has already been
established, and there may clearly be organizations with security
concerns regarding the communication of boot-time information.

I'll leave it to the spyware experts to make a formal determination
as to whether this behavior actually qualifies the tool as spyware.

For now, you can block the tool's connection attempts via firewalls
such as ZoneAlarm, though the long-term ramifications of doing this
are unclear.  I do not know if it's possible to block this behavior
using the internal XP firewall system.

This situation is potentially a very disturbing development.

--Lauren--
Lauren Weinstein
lauren@xxxxxxxxxx or lauren@xxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com





-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/