dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to Kill DRM
Re: Microsoft WGA phones home even when told not to
said by Kill DRM :said by dave  :The truth is surely that Microsoft has an interest in deriving a unique id for your system. If you are insinuating that Microsoft's assigning you unique system ID (in addition to the unique product ID) is something bad, please elaborate. Touchy? If I'd meant that, I would have written it.
--
Microsoft Security MVP, 2005-2007. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to dave
said by dave :Lets say your maxtor hd has a recall notice and they share this information with ms and this recall notice effects a given set of serial numbers between x and y. Now ms could update wga so that when you use it wga pops up a alert box. Yes, they could. But Microsoft has never given any indication whatsoever that it wants to be in the business of disseminating 'recall' information for the world's hardware vendors. Thus, this is pure fantasy. The truth is surely that Microsoft has an interest in deriving a unique id for your system. Let's not pretend that it's for the good of your disk drive. Actually i miss read what was said any how. Its not hard drive serial number but volume serial number. Big diffrence hard drive serial number is built in to the drives controller board and does not change. Volume serial number is created at time of format and changes with each format. So it is a moot point any ways. Simply put its a hash and its a bit of info that changes easly so it still cant be use to tie a individual computer to a persons name.
Heres my serial number off my mouse lzk529095386 now who am i? The only name you know me by novaflare only personal information you have on me is in my profile and posting tags.
In the end its the same with wga and ms. They know its the same computer that matches what ever information was sent during registration of the os on install but thats it. It is really simple to keep your name addy and other truely identifing info out of the hand of microsoft you simply do not put it in when registering. Or you use fake for all or part. BTW i changed a few numbers on my mouses serial number for the frum post as im waiting on a rma replacement and they never asked for the mouse bback just said it would be week to 10 days for replacement.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.
Instead only hate exists in those eyes. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to chrome dome
said by chrome dome :
I've heard that Vista was designed (at least in part) by a joint venture between MS and big brother in order to make spying on its users easier. I heard about it on a radio show, so I don't have a link to post. They claim there is a backdoor deliberately put in to Vista so big brother can spy on anyone whenever they want to. Any one hear more about it possibly being true or not?
Yes this is true. The United Building Code now requires two doors for saftey reason unless you own a Mobile. Then replacing windows is optional. In all versions users should still put the lid down after they flush, independent of any joint venture.
I would quote you the regulation but I ran out of paper.
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to Kill DRM
said by Kill DRM :said by AB :BTW, has it ever occurred to anyone that the letters of "Service Pack 2" can be easily rearranged to spell "Vice Pact Workes"? As well as "Swear to Veicck"? "Dark Lord", "Beelzebub", "Satan", "Veicck"-- He goes by many names . . . . You need to actually spell the word "TWO" to include "Dubya" in your list. Changed it.
Who in the hell registered my "DRM Fault" anon name ??!! LMAO!! 
Apparently, it was available. Someone must have liked it! |
|
chrome dome
@bna.com
| reply to Doctor Four
I've heard that Vista was designed (at least in part) by a joint venture between MS and big brother in order to make spying on its users easier. I heard about it on a radio show, so I don't have a link to post. They claim there is a backdoor deliberately put in to Vista so big brother can spy on anyone whenever they want to. Any one hear more about it possibly being true or not? |
|
Kill DRM
@rr.com
| reply to dave
said by dave :The truth is surely that Microsoft has an interest in deriving a unique id for your system. If you are insinuating that Microsoft's assigning you unique system ID (in addition to the unique product ID) is something bad, please elaborate. |
|
Kill DRM
@rr.com
| reply to AB
said by AB :BTW, has it ever occurred to anyone that the letters of "Service Pack 2" can be easily rearranged to spell "Vice Pact Workes"? As well as "Swear to Veicck"? "Dark Lord", "Beelzebub", "Satan", "Veicck"-- He goes by many names . . . . You need to actually spell the word "TWO" to include "Dubya" in your list. Who in the hell registered my "DRM Fault" anon name ??!! |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| reply to novaflare
Lets say your maxtor hd has a recall notice and they share this information with ms and this recall notice effects a given set of serial numbers between x and y. Now ms could update wga so that when you use it wga pops up a alert box. Yes, they could. But Microsoft has never given any indication whatsoever that it wants to be in the business of disseminating 'recall' information for the world's hardware vendors. Thus, this is pure fantasy.
The truth is surely that Microsoft has an interest in deriving a unique id for your system. Let's not pretend that it's for the good of your disk drive.
--
Microsoft Security MVP, 2005-2007. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Razzy
said by Razzy :Yeah ok whatever, Problem is there isn't any. Why do people like to post nonsense? You shouldn't post nonsense either. QUOTE the person you are replying to please. Your comment makes no sense until I scroll way, way back up (not one or two posts but way up) and finally find SUMware' comment. Even after I did that, your reply doesn't make much sense.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
OZO
Premium
join:2003-01-17
| reply to swhx7
said by swhx7 :Running tasks: see image (if anyone can tell me how to get text above an image, please pm) Run: tasklist
--
Keep it simple, it'll become complex by itself... |
|
AB
Premium
join:2006-04-04
Leesburg, VA
1 edit | reply to swhx7
said by swhx7 :Tried the above-described experiment. System: P4 tower, Windows XP Pro SP1, no unusual hardware or software . . . . Ah! But the experiment has been invalidated through the use of the "Waldo's Flypaper" theorem (the opposite of "Occam's Razor"), which states that you don't have SP2 installed, which, as recently as 2004, many people were calling the Devil Himself:
»Re: Vista Bitches and complaints.
BTW, has it ever occurred to anyone that the letters of "Service Pack Two" can be easily rearranged to spell "Vice Pact Workes"? As well as "Swear to Veicck"?
"Dark Lord", "Beelzebub", "Satan", "Veicck"-- He goes by many names . . . .
*Edit- Clarification |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Doctor Four
Windows Genuine Advantage Problems and Solutions
»www.pchell.com/support/windowsge···ge.shtml
Since the above site will tell you how to fix it..if the process for you is broken..it also contains info on what any one can to to not even make it happen And it still surprise me that all the privacy hawks do not have in place those "tricks" to not even let "Microsoft WGA phones home even when told not to" because without them set up..they are vulnerable at every site they visit for more then just an in your face WGA.
I do accept the WGA..but I do it on my own terms. 
Next time you put your bank or credit card in an atm and decide to cancel the process..ask yourself if they already read your card. 
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
| reply to trickyrick
"As for MS doing something with out your consent, Remember you don't own the software your only licensing it. I would more compare it to a rental car, and I believe they can get in to your car if they have cause with out your consent."
Thus proving your not a lawyer and you can't read. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to Doctor Four
said by Doctor Four :According to one of the replies on the latest Microsoft phones home topic on Slashdot, it would be nearly impossible to use Windows Update without some information being sent back to Microsoft. And another reply states that only in the case of pirated software is the information retained. It is otherwise deleted. This is beginning to sound more and more like a case of FUD from Heise Online. Na we could go back to early win 95 meathods. Downloading each individually grab them all and hope to god that one does not break functinality under a given set of conditions.
When windows update sends information to the server and gathers a list of updates any that are known to break somethign on your computer some application for example then it is left out. With out this information you get them all and to hell with it if it busts your favorite cant live with out application.
As drm fault said "Any customer service my supplier of a $140 piece of software wants to provide to me would be most welcome. So, they collect the serial number of the hard drive and your license key ? Oh my god, damn !"
On the surface it would seem that there no need for the hd serial number aka volume serial number. But think about this little what if.
Lets say your maxtor hd has a recall notice and they share this information with ms and this recall notice effects a given set of serial numbers between x and y. Now ms could update wga so that when you use it wga pops up a alert box.
"Alert maxtor has isued a recall notice for your hard drive do to spontaneous failures resulting in loss of data. Click this link to find out more."
Sure they could limit wga to only model number but failures in hardware can happen only in a small number of a given model ibm deskstore any one? or how about the dell laptop batteries that were exploading that only effect about 10k of the batteries out at the time out of a total 100k. In dells cases they followed a better safe than sorry approach and isued a recall for all laptops useing the battery model.
Point is wga doesnt do this yet but it could be made to do so or hell may already have those abilities and just never been used yet do to no recalls on hard drives.
Of all the parts that can blow up on a computer hds are number 1 on the list secound only to maybe powersupplies.
Can and does ms use the serial number to make sure your not installing xp on a dozen comps sure they can and probabbly do. I bet theres a specific tolerance that is built in to wga to prevent false possitives when it comes to faziling a install. Maybe 3 maybe 10 who knows. Sure would be a handy way to spot pirated installs from computer retailers cloneing images including keys to dozens of hds.
When it comes to pirated software we all know full well that pirates have in the past coded in trojans keyloggers proxies full blown ftp servers irc bots for botnets etc all right in to their cracks they pre apply to the pirated software. Totaly undetectable in most cases unless you tend to watch data packets.
Its hard to tell how many pirated copies of xp and other ms oses are acting like a terorist sleeper cell just waiting to be woke up to launch a attack agaisnt a web site or server. We have seen this with many a email worm and other worm types so why now build that in to a pirated os?
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.
Instead only hate exists in those eyes. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to Doctor Four
said by Doctor Four :According to someone who posted this at Slashdot, quote:
"When you start WGA setup and get to the license agreement
page but decided NOT to install the highly controversial
WGA component and cancel the installation, the setup
program will send information stored in your registry and
the fact that you choose not to install WGA back to
Microsoft's servers."
» yro.slashdot.org/yro/07/03/07/162203.shtmlI knew there was a good reason for my refusing the download of this. It appears to send some kind of unique ID to Microsoft. Of corse it sends a unique id thats pretty obviously how it works. The id is your cd key or a hash of hardware and cd key similar to activation. Not like they can tell that the id belongs to doctor four and not novaflare.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.
Instead only hate exists in those eyes. |
|
fatness
subtle
Janitor
join:2000-11-17
fishing
·EarthLink
Host:
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help?
Rants, Raves, and ..
| reply to fatness
»blogs.msdn.com/wga/archive/2007/···try.aspx
quote:
here an example of the actual XML that is returned when a user cancels an installation. We’ve also added a data type and detailed description of each field. This XML schema is common to a number of products so some fields are not used in this case.
--
Sure, that'll work.. |
|
Razzy
join:2002-10-29 | reply to SUMware
Yeah ok whatever,
Problem is there isn't any.
Why do people like to post nonsense? |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| reply to swhx7
Tried the above-described experiment.
System: P4 tower, Windows XP Pro SP1, no unusual hardware or software
Services:
Automatic and started: Event Log; Plug and Play; Print Spooler; Remote Procedure Call (RPC); Server; TrueVector Internet Monitor [= Zone Alarm]; Windows Audio; Windows Management Instrumentation; Workstation; ;
Manual and started: Network Connections; Network Location Awareness (NLA)
All others manual or disabled, and not running.
Running tasks: see image (if anyone can tell me how to get text above an image, please pm)
Zone Alarm settings: Nothing is allowed internet access without asking permission.
Patches selected for this experiment (all are version for XP SP1):
ms06-024, for Windows Media Player 10
ms06-042, cumulative update for IE6 SP1
ms06-055, VML fix, rev. 2006.10
ms06-061, XML fix
ms06-063, server service fix, revised
Procedure:
1. gather info and installers; logged on as admin
2. clear router log
3. shut down all network-accessing programs on all computers on lan, except browser to access router config
3. set router to log all traffic in & outbound; then close browser
5. install all 5 selected patches (opting for "do not restart now" when prompted for reboot)
6. reboot the XP; log on as administrator again and wait for userinit.exe to finish
7. check firewall log in router
Results:
* Zone Alarm did not alert on anything.
* log:
Fri, 2007-03-09 05:25:16 - UDP packet - Source:204.16.211.8,57052,WAN - Destination:[wan ip],1026,LAN [Drop] - [Inbound Default rule match]
Fri, 2007-03-09 05:25:16 - UDP packet - Source:204.16.211.8,57052,WAN - Destination:[wan ip],1027,LAN [Drop] - [Inbound Default rule match]
Fri, 2007-03-09 05:26:37 - UDP packet - Source:60.11.125.52,45190,WAN - Destination:[wan ip],1027,LAN [Drop] - [Inbound Default rule match]
Just the usual messenger spam.
Of course this does not rule out anything that may happen with other patches or on other configurations, etc. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to Doctor Four
The behavior that this thread started out being about, namely WGA installations "phoning home" even if aborted, rightly offends people because it betrays reasonable expectations. And before the Microsoft fans start braying about licence terms and such, yes I'm sure Microsoft has granted itself permission to do that and much more, somewhere in its morass of one-sided, non-negotiable fine print. That does not reduce the sleaze factor.
On the followup story, that MS grabs similar datasets on every transaction in MS Update, upon reflection I think this should not surprise anyone, and does not violate reasonable expectations. If you use that service you're giving Microsoft's Active X controls plenary power over your computer. I choose not to do that, but millions don't mind and that's fine.
On the question that mele and i wondered about, whether the standalone patch installers do anything sneaky, there were some clues in the slashdot thread - reports of firewalls flagging phone-home attemts (as well as other interesting information).
To pursue it further one would have to set up a second pc with packet capture and analysis. I plan to do that sometime when I have time, because I've become increasingly curious about this sort of thing, and whenever there's a discussion like this no one has a first-hand report. Unfortunately it won't happen in time for this thread.
Finally, i will try the low-budget version relying on router logs tonight. My router has a checkbox in the log config to log "All incoming and outgoing traffic", so i'll shut down all known network-using programs, turn on this router feature, install a few MS patches and see what happens. I have a backlog of not-yet-installed patches in the security series (msyy-nnn, year and serial number), so I'll select some that look harmless and try it and post here again. |
|
msare
@ntli.net | reply to PeeWee
So MS use my connection without my express permission, the connection I pay for, taking and using something without permission....
THEFT and PIRACY......... |
|
