Examining Microsoft Update 805
eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."
Haha (Score:5, Interesting)
Re:Haha (Score:5, Funny)
Re:Haha (Score:5, Insightful)
I should have taken him out back and beaten him with a frozen salmon. Hello!? How do they know what patches you need if they can't look at your system and tell their servers what you've already got.
The fact that the program takes the time to rifle through the system is of no surprise to me. While, I think the practice stinks it hasn't stopped me from using the service though. Given the choice between MS finding my installation of UT2003 or some script kiddie looting my system, I'll choose the former.
Re:Haha (Score:5, Insightful)
They could send a complete list of available patches to your system and let the client running on your computer pick which ones are neccesary, without microsoft ever knowing what software you have installed. Granted, they could deductively determine what hardware you use based on what patches you then request, but since you can only download patches for microsoft software, the best they could do would be to determine what hardware and microsoft software you currently have installed.
Re:Haha (Score:4, Informative)
Comment removed (Score:4, Redundant)
Re:Haha (Score:3, Interesting)
Hell, since this is Microsoft we're talking about, they could have even *sold* the back-end update server software to the third parties and made a few more dollars for Bill to roll around in.
Re:Haha (Score:3, Insightful)
1. Client downloads latest Update Management Software + Config File from server
2. Client runs Update Management Software.
3. UMS determines what patches are needed from inbuilt logic and information in configuration file
4. UMS downloads and applies relevent patches
XEmacs does exactly this! It works pretty well from what I've seen.
Re:Haha (Score:5, Informative)
Microsoft Update no longer says "No information is being sent...", which is what this article is about.
Hey now. (Score:5, Funny)
Now, look here, there's no need to be mean.
-Waldo Jaquith
Re:Haha (Score:3, Interesting)
I strongly suspect that it would be smaller than that of, say, Red Hat's RHN since MS is only worried about the OS and a few of its software titles. RHN on the other hand offers thousands of packages.
And even if the list was quite massive, why would it have to resend everything all the time? Why not send a list of the changes since the last time the user downloaded (the client could say "everything since 2003/01/21 08:45:00" or something similar).
If RHN and other upgrades can download a list of packages, why can't MS? They not smart enough? No, the answer is that they don't get enough "feedback" when they do it that way.
During the beta of Win95 they tried this trick and the press was all over them. They realized they made a mistake introducing such a shocking "big brother" utility at the same time that they were releasing such a major product. Instead, MS is beginning to learn that when it goes to violate people's privacy (and rights), it should do things in small increments:
Re:Haha (Score:3, Insightful)
First, user sends the version number of the patch list present on the user's hardware to MS. The version number represents what hardware/MS software is present, and what patches have been previously applied.
A match is found.
A list of patches is generated, and sent to the user.
MS transmits ONLY the patches that the user's version number indicates is necessary.
User patches.
After successful patch, the version number of the patch list is updated on the user's hard drive.
Operation complete.
So, a massive transmittal of a list of ALL patches is not necessary: only the version number of the patch list needs to be communicated.
The "so much data needs to be sent" argument for MS's snooping presupposes their method of applying patches to be the only one. A little thinking comes up with an alternative.
They snoop because they want to snoop.
Re:Haha (Score:5, Informative)
The more astute amongst you may have noticed that the "No information" message has not been there since Win2kSP3 came out.
Now it says this:
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you.
Which essentially means that so long as they don't take an email address or phone number they can take what they want.
Re:Haha (Score:3, Interesting)
They might not be able to identify you, but they can identify the machine at least for XP. Since XP requires registration, I'd say they know your machine and who paid for XP to go on there.
I wouldn't be surprised if at some later date they claim this is for the catch all 'security reasons.'
Complete Breach of Trust (Score:3, Insightful)
If not, it's at least a huge breach of trust, and users should not stand for it.
Windows Update Privacy Policy (Score:3, Insightful)
Re:Complete Breach of Trust (Score:3, Insightful)
Re:Complete Breach of Trust (Score:5, Insightful)
Sorry, I'm gonna call bullshit on this one. While it's true that people involved in the industry generally know what's up, many people outside of it don't. People who have better things to do than read IT-related media get all of their news about MS from totally mainstream sources in the first place, and lot of people could really give a rat's ass about today's MS article on Yahoo's front page. As far as Joe Sixpack is concerned, it's an IT-related story, and he probably doesn't care what it says. If you are not into the theatre scene, do you read reviews for every play in your area? If you are not interested in business, do you read every story in the business section? Probably not, and my mother doesn't read every store about Microsoft.
Saying that the victim is at fault is not a solution to the problem, and is not an excuse for bad behavior on MS's part.
Re:Complete Breach of Trust (Score:5, Interesting)
Ummm, years ago when I was in high school and working for my mother, we had purchased a software package from a company that wrote medical office management software. I had noticed that all of the manuals were photocopied and we had no original disks for Microsoft software that was included in the package. I called Microsoft about this and they had in our office the *next* day two dudes from Microsoft and an FBI agent asking to examine our computers. We ended up getting screwed because the guy whose software we purchased was smacked hard by M$ as the package we bought went unsupported after that.
Of course this guy was absolutely stealing and should have gotten what he deserved, but my point is simply that, yeah, there are Microsoft agents of a sort and they do show up at your door.
Makes sence (Score:5, Funny)
Re:Makes sence (Score:3, Insightful)
This should not be modded Funny. This is serious.
BillG: Look, everyone has Acrobat Reader, we need to develop XDoc.
Everyone has some SimXXX game, we need to develop Zoo Tychoon.
Business as usual. Take advantage of monopoly position of control. Discover what anyone else might be doing that is popular. Develop a competing product. Give it away, or bundle it into OS.
pay-per-view (Score:5, Funny)
How can we comment, if we can't read the article?
Oh, wait...
Re:pay-per-view (Score:5, Funny)
I wonder what Virtual PC sends ... (Score:4, Insightful)
This may also be an alterior motive to Microsoft buying Virtual PC from Connectix last week. They want this same data from Mac Users. I imagine if it's not there then it will be added to read all partitions mac/Linux/PC
Knowing what your customers have on their hard drives is sensitive corporate data. Basically, you know the Hot or Not Programs in the industry and then develop programs based on their hard drive residency!
How the well would it be able to see the Mac? (Score:3, Informative)
This is akin to saying that VMWare can somehow tell my that I have an SB Live! -- it can't. All it knows is that it has SB16 emulation inside, and that it writes the output of that to
This is pure paranoia talking. Perhaps you should invest in more aluminium for your head.
EULA says they can take what they want (Score:3, Insightful)
Theoretically this includes data dumps of hard drive formats which the OS does not even support.
Re:EULA says they can take what they want (Score:3, Insightful)
I thought this sort of outrage was already covered by the change in TOS brought in by WinXP SP1? (i.e. we will take whatever info we want from your machine, and if we don't like it we'll lock you out.)
Re:EULA says they can take what they want (Score:4, Informative)
Direct from About Windows Update
Windows Update Privacy Statement (Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
* Operating-system version number
* Internet Explorer version number
* Version numbers of other software for which Windows Update provides updates
* Plug and Play ID numbers of hardware devices
* Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
Hardly "We can scan your computer for any information we want, and there's not a damned thing you can do about it!" as you've implied.
Re:EULA says they can take what they want (Score:5, Informative)
Read the parent comment.
This isn't Windows Update he's talking about, it's the EULA for recent versions (XP, IIRC) of Windows.
Re:EULA says they can take what they want (Score:5, Insightful)
Re:EULA says they can take what they want (Score:4, Insightful)
What, did you miss this? (Score:4, Informative)
And I quote:
Full article can be found here [internet.com].
Re:EULA says they can take what they want (Score:4, Insightful)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
If a lawyer writes "this information includes...", then that's exactly what they mean. They don't mean that it is a complete list; there may be other stuff that they're not explicitly telling you about.
Justin.
Re:EULA says they can take what they want (Score:5, Interesting)
In fact using their software (and then accepting the EULA) is like simply close your eyes and pray that the big depredator which is in front of you isn't hungry right now, and will not be all the long time you be there.
/Tin Foil Hat Off (Score:5, Insightful)
While the intentions may not be all that honest, it's not a horrible idea. I've noticed numerous times when running Windows Update that it's offered to upgrade my Cisco Wireless LAN software as well as my Epson print drivers. Kind of nifty and not all that bad, if you ask me.
Re:/Tin Foil Hat Off (Score:5, Insightful)
Re:/Tin Foil Hat Off (Score:5, Interesting)
Yes, as it is for any OS vendor. But so what? How much data to you actually have to send? Not a whole lot - just enough to identify what piece of software it's for and what version it is. If you can't store all of that in, oh say, 20 bytes, then you're screwed in oh-so-many ways. Hint - encode the software identifier in a 32-bit or 64-bit number, and the version string in the remaining bytes.
So, let's say you have 1000 patches available for the OS in question -- and, yes, patches are OS specific and MS has that much info from you already. That's a 20,000 byte download. Even at 14.4k it's only 20 seconds. Big deal.
The system then has to process the list and figure out what it may need, then request additional data for each potential patch... but you're going to have to download that information anyway, and there is minimal additional overhead.
It might take slightly longer, particularly over slow links, but it's a hell of a lot more user and security friendly.
Re:/Tin Foil Hat Off (Score:3, Insightful)
Driver updates? No problem.
SOFTWARE updates? Uh. Problem.
Windows Update is responsible for updating my SYSTEM, thus the term Windows update, not "universal software updator" or some other such silly name.
Besides, last time I let Windows Update update my drivers it replaced my Matrox G400 driver with a French G400 driver that refused to be uninstalled. . . .
but (Score:3, Funny)
along with Office and just about everything on the computer..oh well...I guess the police outside are for me
Re:but (Score:3, Funny)
Check out the rest (Score:5, Informative)
http://home.byu.net/~btc25/WindowsUpdate.pdf [byu.net]
One of the more interesting parts deals with how Microsoft can tell the difference between product keys they generated and those done with a keygen.
Re:Check out the rest (Score:5, Informative)
http://home.byu.net/~btc25/windowsupdate.pdf [byu.net]
Aren't caps great? Heh.
Another PDF mirror (Score:3, Informative)
http://clients.fbagroup.co.uk/slashdot/WindowsUpd
No verification possible... (Score:5, Insightful)
Any easy way to verify this ourself?
I'm suspecting their claim is true, but I'd like to see the data...
Reinout
YES IT DOES! Full example of sent data here: (Score:5, Informative)
And I should be surprised why? Also, a suggestion. (Score:5, Insightful)
I would have to do some research, but I believe this might violate their own privacy policy. Even if it doesn't, they really have no moral right to send any information about your system without letting you know what it is and giving you a chance to abort the whole thing. Yet I am unsurprised, in fact I expect every big company is doing this kind of thing when they can get away with it.
Not that I am saying "Everyone is doing it, so what is the big deal?" My attitude is more "Let's stop this crap now!"
So I have a suggestion -- someone should start an open source project to create a re-writing proxy for updates that strips out all the stuff Microsoft is sending in the updates, except what is absolutely needed. Make it open enough that we can plug it re-writers for other companies as well.
big deal - they've confirmed the M$ privacy stmt. (Score:4, Informative)
Windows Update Privacy Statement (Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
From the Windows Update Privacy Policy (Score:3, Redundant)
Note: Windows Update does not collect any form of personally identifiable information from your computer. Read our privacy statement.
Windows Update Privacy Statement (Last Updated 10/15/2002) Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any personally identifiable information and cannot be used to identify you. Windows Update records the GUID of the computer that attempted the download, the ID of the item that you attempted to download and install, and the configuration information listed above.
XML Schemas available here (Score:5, Informative)
Client Info Schema [windowsupdate.com] and System Info Schema [windowsupdate.com].
They appear to get a copy of your registry, as well as information like processor architecture, manufacturer, printer(s?) etc
No software collected (Score:3, Interesting)
In fact the article says the biggest privacy concern is the hardware list, which doesn't seem that big a deal to me.
Who cares about windows update? (Score:5, Funny)
This is hardly a surprise, and definitely adds a good bit of weight to all those people who call Palladium the death of privacy.
Just my 2.34539 yen worth.
uh-oh. (Score:5, Funny)
If you actually *look* at the information sent... (Score:3, Interesting)
So what's the problem?
Having read the article... (Score:5, Informative)
1. The Windows Update tool sends to Microsoft a complete list of what hardware you have.
2. If the Windows Update server claims to have an update available for product X, the Windows Update tool will check to see if you have product X installed, and report back to Microsoft.
Well, *duh*. The only way to avoid doing this would involve downloading a complete list of all the updates available for every supported piece of hardware or software. Based on the size of the windows HCL, I'd guess that this would require tens of megabytes of bandwidth -- all so that Windows Update could pick out the half dozen entries which are relevant.
EULA could still be illegal in spite of agreement (Score:5, Informative)
I did read the EULA of the Dutch version of Win2K SP3 completely and never found any clause that would allow them to download anything off my PC without my consent.
Sadly I'm stuck with Windows since I cant (yet) afford a mac to run Adobe apps on. When oh when will Linux/FreeBSD/X get decent colour management and ports of proper graphics apps like Illustrator, Photoshop and InDesign??? The GIMP is a nice toy, but it's hardly of any use for print production work. And KIllustrator and the like are simply a laugh too for any real work.. The Linux/BSD vs. Windows ratio is now 4:1 in the favor of the free, but I'd like to get rid of Windows altogether. Give me my killer graphics apps!! I'll even pay for them!
Saving up for that Mac in the mean time..
Story is incorrect (Score:5, Informative)
From the Windows Update website privacy statement (Score:5, Informative)
Yes, we don't not track you.
Tell that to the Melissa author, and some number of other people who's GUID was used to identify them. Even if you aren't a criminal, this could be misused in so many ways.
Despite loving many Microsoft products and the line of NT OS'es, I wouldn't trust Microsoft as far as I could throw them.
The Devil Came to Redmond... (Score:5, Funny)
and there he met with Billy G, who was just about to make a deal.
Said the Devil, "Hey Billy, you look bored, would you care to make a bet?"
And Billy he smiled slyly, and said "Dude, there ain't a deal that I've missed yet."
So the Devil took his keyboard and showed Billy his new game,
Saying "I wrote this quick, in VB6, now see if you can do the same."
Billy G, he just smiled his smile, and took the keyboard away,
and said, "Devil, you're behind the times, and you clicked on the EULA,
"Now you've run Windows Update, and your soul belongs to me."
And the Devil knew he'd met his match, so he turned and tried to flee,
But Billy G was much to fast, and he caught the Devil's long black cape,
Saying, "Devil, stay and play a while, we have a whole wide world to rape."
Don't panic, here's a summary (Score:5, Informative)
First of all, the example data [tecchannel.de] sent is available free, as one poster above already listed. There's no software described there other than Windows itself.
Second, the System Info Schema [windowsupdate.com], as posted by another above, is pretty explicit about what registry keys are available to be sent, and it's pretty tame.
Frankly, I have no problem letting them know exactly what hardware I've got running. How can they harm me there? Perhaps a malicious hacker could grab this data and find ways to abuse my network card? Pretty slim.
Call me too open, if you will, but I'd be happy if it would let me know about other MS updates, such as Office, without having to also visit MS' office site. Update those automatically? Never. But it's much less convenient than the Windows Update site.
I greatly doubted that it would be sending large quantities of personal data, because it just doesn't take that long. The ones to worry about are the virus scanners, that take the time to examine every freakin' file.
In summary:
WU doesn't send software list (Score:3, Insightful)
Great, I've added THIS to my registry then (Score:5, Funny)
HKEY_LOCAL_MACHINE\Software\MSKillerVirus\Launc
HKEY_LOCAL_MACHINE\Software\Linux\"format c:\; install Linux"
MadCow.
*ahem* (Score:5, Interesting)
(Last Updated 10/15/2002)
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software for which Windows Update provides updates
Plug and Play ID numbers of hardware devices
Region and Language setting
The configuration information collected is used only to determine the appropriate updates and to generate aggregate statistics. Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information.
Windows Update also collects the Product ID and Product Key to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update. The Product ID and Product Key are not retained beyond the end of the Windows Update session.
Maybe you should verify the information before automatically declaring "Microsoft is evil" to any and all anti-Microsoft posts.
How does this differ from RH Update? (Score:5, Insightful)
Why is it that when Microsoft does this kind of thing, suddenly there's a more sinister motive behind it all?
I don't hear anyone complaining about Redhat's privacy policies...
Re:How does this differ from RH Update? (Score:5, Informative)
The update agent will still work because it polls the servers for which packages are current for your release [2] and compares that list to what you have installed, and the comparison is done locally.
[1] https://rhn.redhat.com/help/basic/register-system
[2] https://rhn.redhat.com/help/basic/up2date-setup.h
People will believe anything (Score:4, Interesting)
Don't believe the alarmist titles to articles. Do you all fall into this trap with the evening news as well? "Tune in for the Radon discover that just might save your familyu's life."
I know that you guys are smarter than this. Use your brains.
Re:Pay per view? (Score:5, Informative)
Thank You (Score:3, Insightful)
Windows Update has offered me updated device drivers in the past, so I think the inclusion of hardware info could be defended on that basis.
Re:I FAILED IT (Score:3, Funny)
Great! Where can I get psyware? I've been looking for a way to get rid of my mouse and keyboard. Dos it allow a USB 2.0 connection to my nervous system, or does it use 1394?
GF.
Re:I FAILED IT (Score:5, Funny)
I think it uses 1984.
Dear Steven, From Bill Gates (Score:5, Funny)
Dear Steven,
Good point. Your previous Slashdot postings are also good, except for that one about Linux.
Sincerely, Bill G.
Re:Surprise, surprise... (Score:5, Funny)
YOU INSENSITIVE BASTARD! (Score:5, Funny)
Easy Solution (Score:4, Interesting)
Or we could all just get Mac's. I'm almost there, unless someone can put together a KDE or Gnome with some usable functionality (like device management and system configuration in ONE GODDAMMED FUCKING LOCATION).
Apple!!!! Bring OSX to X86 and we will make it worth your while!
Comment removed (Score:5, Informative)
Linkee no workee (Score:5, Insightful)
Life's far too short to use IE.
-B
This is the link (Score:5, Informative)
http://www.microsoft.com/downloads/search.aspx?dis playlang=en [microsoft.com]
-B
Re:Easy Solution (Score:3, Informative)
The point you are forgetting is that Apple makes and sells hardware, and only makes software so that they can sell that hardware. They'll give you the OS for free, as long as you pony up for the box. They have no interest, financially, to port or sell OS 10 to X86.
Re:Easy Solution (Score:3, Informative)
Then why do they charge $120 for existing users (owners) to upgrade to each new point release for OSX?
Re:Easy Solution (Score:3, Insightful)
Re:Easy Solution (Score:3, Informative)
Personally, I find the whole patch thing ridiculous. I tried to stay abreast of the current security patches by subscribing to the security mailing list and making my own decision about whether a patch applies. It's impossible. Every time you think you've gotten it right, there's another patch to figure into the situation. I use Windows Update to find out what updates I need, but since the home connection is ridiculously slow, I just make a list and download the
Re:Surprise, surprise... (Score:5, Insightful)
No they don't. They can just send a list of updates to the client, and the client can display the updates that apply to your computer. This is why Microsoft can claim no information is being sent to their server: because sending information isn't necessary.
This is actually how APT works.
Comment removed (Score:5, Insightful)
Re:Surprise, surprise... (Score:3, Insightful)
I know it's a bit of paranoia, but I'd rather them not know what I've got running at all, but I'll let them know what MS software I have because that's what I'm getting fixes for.
Re: (Score:3, Insightful)
Re:Surprise, surprise... (Score:4, Insightful)
Either 1) privacy is just not a factor for the folks at all or 2) they want the data for other uses. Most likely it's the former, but the fact that the makers of the 95% market share OS don't care enough about privacy to make it even a small concern when designing systems like this is Really Scary, maybe scarier than them purposefully collecting my data, because at least then there's the possibility that they'll be careful with my data once they've got it.
Windows Update is crap (Score:5, Informative)
As explained by Russ Cooper of NTBugTraq in a lengthy rant [ntbugtraq.com] on Tax Day of 2002, Windows Update is a horrible piece of crap. He followed it with another lengthy rant about what he thinks Microsoft should be doing [ntbugtraq.com] instead of Windows Update.
In the meantime, while downloads are large (~1.5MB), the XML package you get for HFNETCHK searches your system for proper file versions and remains the most reliable way to ensure your system is properly patched. Unfortunately, the best tool for checking your patch state (HFNETCHK) doesn't help you download the patches you need. It does identify the MS security alert addressed and even the KB article, but it's not painless. MBSA gets you one step closer by actually having the URL of the KB article, but it's not as painless as downloading updates via Windows Update (when WU properly identifies your patches).
Anybody who's used the atrociously-bad Automatic Update Service will know that it doesn't cover many important software updates and neither does Windows Update. In fact, if you use all three products, you'll frequently find that each product identifies a different set of patches that are required, and usually, none of them list all the patches identified by the others.
What I've found is that HFNETCHK actually identifies truly critical patches, while Windows Update improperly identifies non-critical updates as being critical. For instance, it tells you that installing Internet Explorer 6.0 SP1 is critical (even when you're running a fully-patched IE 5.5SP2) or even worse, it tells you that a patch meant to improve functionality of using a non-IE default browser is critical.
Sorry, but as much as I hate MS and as much as I prefer Mozilla to IE for my own browsing needs (and even though it works better), I don't make it my default browser anywhere, especially on servers, so this update is hardly critical.
In short, while sysadmins at least have a chance to stay fully-patched these days--unlike the days before Code Red--MS still has incredibly shoddy patch management tools, incredibly inconsistent patch installation mechanisms and still takes liberties with customer data it shouldn't need to take.
If Microsoft ever gets serious about patch management, they'll have a common tool that sysadmins can use to patch any and all of their MS software with a common interface and no unnecessary transmission of system-specific data to MS. Is that too much to ask? Apparently.
Re:Surprise, surprise... (Score:5, Insightful)
If the reasoning was to better detect and avoid application conflicts I would possibly agree with this method, but the software clearly doesn't do that.
Re:Surprise, surprise... (Score:3, Interesting)
Microsoft doesn't offer updates for SQL Server or Office, or Photoshop for that matter, via WindowsUpdate. So why do they need that information to NOT supply updates for those programs?
Re:Surprise, surprise... (Score:3, Insightful)
And, yes, I am lazy. How did you know?
Re:Surprise, surprise... (Score:3, Informative)
Re:Surprise, surprise... (Score:5, Insightful)
Re:Surprise, surprise... (Score:5, Insightful)
so this person with a so precious time should think twice before buying products from a company with such a "poorly designed website" or that don't ship a version of the drive with the product
Re:Surprise, surprise... (Score:5, Interesting)
I had a bad experience along those lines with the Windows Update site, where a particular sound driver (I forget which, at the moment) from them would not work with my hardware, where the one from the manufacturer's website did.
Re:Surprise, surprise... (Score:3, Interesting)
Secondly, there's no way I can believe that ms would acquire your data and subsequently throw it away. None. They are gathering stats and keeping them.
Re:Surprise, surprise... (Score:3, Insightful)
Well heck, the article being pay per view almost nobody in the thread is likely to have read it. Why bother to read the article?
There are a bunch of Win98 programs which are known not to work properly under XP. Every so often Microsoft issues a set of patches that allow these to work properly.
Re:Not news.. but a nice update. (Score:3, Interesting)
cvsup is far more invasive than Windows Update. When you run cvsup, it sends a list of all your files (in the relevant directory, of course) to the server. The server then looks at the list you're sending it and decides what you need to have updated.
Re:Always wondered About That... (Score:3, Interesting)
Portage (I assume) doesn't tell gentoo home base what packages I have installed, but it knows which ones I need all the same.
Re:Inquirer? (Score:3, Informative)
Re:The article says MS tells you this beforehand (Score:3, Informative)
Sure, updates downloaded from MS sites could be tracked easily anyway, each download request could be associated with IP and such. But if non-MS programs are being probed, then they are wrongly exploiting the updater.
Re:Am I the only one who is not surprised by this? (Score:3, Insightful)
Why do you say that it has "got to stop?"
Do you thing the DOJ consists of a group of people who took power via a coup d'ètat? Or do you concede that the Department consists of individuals who have been appointed by elected executives and confirmed by an elected Congress?
Whether the current government is a true expression of the will of the American people, or the current government is a result of our apathy (even antipathy) toward the democratic process and the political party structure, it is not reasonable to wait until a crisis at the Federal level to take action.
"Something" can be done. In twelve years or less, the Federal government will be largely composed of individuals who are at this moment seeking State and local office. If you have not developed a relationship with these politicians or their parties NOW, while they are accessible, and if you have not participated in the process of putting them in office by CAMPAIGNING and VOTING, you may find yourself in precisely the same position a decade from now, claiming to be powerless to affect the process, and demanding that "something" be done.
Something *is* done, and the people who make a priority of participation in the political process of this country are the people who shape government. Whether you choose to participate or not, you are still part of the process.
Apathy elects our leaders.