PDA

View Full Version : Micro$oft sneaking "spyware" into critical updates


Mr. Laz
06-16-2006, 03:28 PM
Microsoft Responds Regarding Windows XP Update vs. Spyware

Greetings. In yesterday's blog posting, I asked the implicit question: "Is Microsoft's update of their 'Genuine Advantage' OS validity verification tool behaving as spyware?"

Within hours of that text becoming widely public, I received e-mail and a call from the director and the senior program manager for Microsoft "Genuine Windows" (their anti-piracy division). We three had a lengthy and friendly chat, and I believe that I can now answer this question. However, as you have probably already guessed, the answer is, "It depends upon your point of view."

And perhaps of more importance, it's not clear that the spyware question alone is really the key issue in this case, since this is all part of a larger MS anti-piracy effort with broader implications for all concerned. In the long run, the real issues are clarity and control, as we shall see.

Microsoft has major piracy problems, on a massive scale -- this we all know. They have been ramping up their infrastructure to prohibit "non-validated" copies of Windows XP from installing non-critical software updates. What many people don't realize is that MS does not consider validation to be a necessarily permanent state. Even after a copy of XP has been validated, MS may choose to "revoke" that validation (via communications with their Windows Update site) at a later date if activation codes are found to be pirated in the future.

Why is the new version of the validity tool trying to communicate with MS at every boot? The MS officials tell me that at this time the connections are to provide an emergency "escape" mechanism to allow MS to disable the validation tool if it were to malfunction.

While most users will routinely accept the tool update from Windows Update, MS considers it to be (for now) an optional upgrade as part of a pilot program, as described in accompanying license information that (as we know) most users will never read. (I should note that while these materials do discuss Internet connections, they do not appear to notify users that the updated tool will make multiple connections to MS at various intervals, even on systems that are already validated.)

I was told that no information is sent from the PC to MS during these connections in their current modality, though MS does receive IP address and date/timestamp data relating to systems' booting and continued operations, which MS would not necessarily otherwise be receiving.

Apparently these transactions will also occur once a day if systems are kept booted, though MS intends to ramp that frequency back (initially I believe to once every two weeks) with an update in the near future. Further down the line, the connections would be used differently, to provide checks against the current validation revocation list at intervals (e.g., every 90 days) via MS, even if the user never accessed the Windows Update site directly.

Can you safely block the tool from communicating with MS using ZoneAlarm or another third-party firewall? The answer appears to be yes. I'm told that if the tool can't communicate with MS, validation checks will be made the next time the system communicates directly with the Windows Update site, in the same manner as has been done up to now since validation began.

We can argue about whether or not the tool's behavior is really spyware -- there are various definitions for spyware, and the question of whether or not you feel that the notice provided at upgrade installation time was sufficient is also directly relevant. I believe that the MS officials I spoke to agree with my assertion that additional clarity and a more "in your face" aspect to these notifications in such cases would be highly desirable.

But this is where an even more important question comes into play. Microsoft (and other software vendors) are moving inexorably toward a more "distributed" computing model where users are really "renting" software services, rather than buying commodity software products. The "rental" model implies long-term vender control over the use and applications of such software, with associated communications between user PCs and vender servers for ongoing authentication and other purposes.

The entire concept of authentication revocation will be utterly foreign to many users, who are used to assuming that once they've bought something that they believe to be legitimate -- and that in fact has initially been verified as legitimate -- it's then theirs forever and can't be disabled or restricted later.

And as we've now seen yet again, the communications issues associated with the rental/service model introduce a range of both real and perceived privacy factors and concerns that we've hardly yet begun to explore in depth as technologists or as a society.

One thing is certain regardless of your point of view -- the sorts of issues that relate to this particular case are but harbingers of what's to come, in terms of capabilities, controversies, risks, and more. The old models are dying, and if we don't get ahead of the curve by understanding and properly framing the new models, we are likely to be very sorry after the fact.

--Lauren--

SLAG
06-16-2006, 03:49 PM
http://en.opensuse.org

No Spyware

Taco John
06-16-2006, 04:04 PM
When things move to the rental aspect, there will be a mass exodus to Linux.

Mr. Laz
06-16-2006, 04:07 PM
When things move to the rental aspect, there will be a mass exodus to Linux.
yep

Count Zarth
06-16-2006, 04:07 PM
When things move to the rental aspect, there will be a mass exodus to Linux.

Huh?

SLAG
06-16-2006, 04:16 PM
Huh?


its ok your too slow to understand

morphius
06-16-2006, 04:37 PM
Huh?
MS keeps leaning towards a leasing scheme for their software, so instead of buying it you pay a monthly fee.

FringeNC
06-16-2006, 04:44 PM
It'd be interesting to know the percentage of home computers that have pirated versions of XP and Office installed. If MS were able to develop a non-hackable activation system, it might be the worst thing that ever happened to them. A retail license for XP and Office is going to cost more than the hardware it runs on in many cases.

Count Zarth
06-16-2006, 04:45 PM
MS keeps leaning towards a leasing scheme for their software, so instead of buying it you pay a monthly fee.

Jesus Christ.

FringeNC
06-16-2006, 04:45 PM
MS keeps leaning towards a leasing scheme for their software, so instead of buying it you pay a monthly fee.

Doesn't Apple essentially do that already with their once-a-year-upgrades?

Count Zarth
06-16-2006, 04:45 PM
If MS were able to develop a non-hackable activation system, it might be the worst thing that ever happened to them.

Nothing will ever be unhackable.

Mr. Laz
06-16-2006, 04:47 PM
It'd be interesting to know the percentage of home computers that have pirated versions of XP and Office installed. If MS were able to develop a non-hackable activation system, it might be the worst thing that ever happened to them. A retail license for XP and Office is going to cost more than the hardware it runs on in many cases.
the fact the microsoft actually expects the home user to buy additional copy of windows for each and every computer they have under the same roof is a complete joke.


they are digging their own hole ...... fug'em

Donger
06-16-2006, 04:49 PM
MS keeps leaning towards a leasing scheme for their software, so instead of buying it you pay a monthly fee.

That's a joke, right?

Mr. Laz
06-16-2006, 04:52 PM
That's a joke, right?
no joke ... they are clearly headed that direction

Baby Lee
06-16-2006, 04:54 PM
While most users will routinely accept the tool update from Windows Update, MS considers it to be (for now) an optional upgrade as part of a pilot program,
This was an optional [yellow shield] upgrade at work until today, then there was an autoupdate, restrart, and the yellow shield disappeared.

morphius
06-16-2006, 04:54 PM
Donger - No, I'm not. Even the article brings it up, "Microsoft (and other software vendors) are moving inexorably toward a more "distributed" computing model where users are really "renting" software services, rather than buying commodity software products.". IBM and others have been doing similar things for years on upper end software, this is just bringing it down to the little guy.

Fringe - In a way I guess, though you are not forced to upgrade I don't believe. Not having owned an apple since an apple II+, I'm no expert there.

Donger
06-16-2006, 04:54 PM
no joke ... they are clearly headed that direction

To even consider that is pretty funny, not to mention arrogant.

Oh, wait a minute.

Baby Lee
06-16-2006, 04:57 PM
Divx

Mr. Laz
06-16-2006, 04:58 PM
To even consider that is pretty funny, not to mention arrogant.

Oh, wait a minute.
forgive me ... but can you explain WTF this post means.


explain it to me as if i were ..... a child ... err a Gochief if you will. :)

Mr. Laz
06-16-2006, 04:59 PM
Divx

the extent of your technical knowledge? :p

Donger
06-16-2006, 05:01 PM
forgive me ... but can you explain WTF this post means.


explain it to me as if i were ..... a child ... err a Gochief if you will. :)

If Microsoft thinks that people are going to pay a monthly fee to use their software, they're nucking futs. I find that both funny and arrogant. But, we're talking MS here, so...

morphius
06-16-2006, 05:04 PM
I did finally make the jump to linux as my workstation at work, and so far have found it pretty usable. I have to say that a n00b wouldn't be able to pick it up though, took some serious searching to find what I needed to allow it to play mp3's, came with the software to do it, I just had to find some oddly labeled library to do it.

The version of Yahoo Messenger you can download is something stupid like 1.1, still works but is that original ugly netscape grey color. It does come with GAIM, which can talk to Yahoo, but sucks ass doing it through our work firewalls.

There are a few other minor announces here and there, but I really do like it, and with the mount -t cifs command I can connect to all of my MS shares.

morphius
fedora core 5

Calcountry
06-16-2006, 05:14 PM
Donger - No, I'm not. Even the article brings it up, "Microsoft (and other software vendors) are moving inexorably toward a more "distributed" computing model where users are really "renting" software services, rather than buying commodity software products.". IBM and others have been doing similar things for years on upper end software, this is just bringing it down to the little guy.

Fringe - In a way I guess, though you are not forced to upgrade I don't believe. Not having owned an apple since an apple II+, I'm no expert there.We have to keep the programmers progamming don't you see. It's not good enough to leave the stuff alone.

Baby Lee
06-16-2006, 05:16 PM
the extent of your technical knowledge? :p
Actually, it was a reference to marketing knowledge.

http://hometheater.about.com/library/weekly/aa062199.htm

Valiant
06-16-2006, 05:45 PM
It'd be interesting to know the percentage of home computers that have pirated versions of XP and Office installed. If MS were able to develop a non-hackable activation system, it might be the worst thing that ever happened to them. A retail license for XP and Office is going to cost more than the hardware it runs on in many cases.


People buy windows???

SLAG
06-16-2006, 05:49 PM
People buy windows???

heh

i spent $3 on a copy of windows XP

In a Jordainian Bootleg store

they are all over the place

not a real item to be found

Mr. Laz
06-16-2006, 05:56 PM
If Microsoft thinks that people are going to pay a monthly fee to use their software, they're nucking futs. I find that both funny and arrogant. But, we're talking MS here, so...
got it... that's what i figured, just wanted verification. :thumb:

PastorMikH
06-16-2006, 09:29 PM
Microsoft Responds Regarding Windows XP Update vs. Spyware


Microsoft has major piracy problems, on a massive scale -- this we all know.





Maybe if they dropped their price a lot people wouldn't pirate it. Seriously, I can MAYBE see the price for a full install, but why not let a person buy the upgrade at a LOT LOWER price? I personally have 4 computers. 3 of them are HPs and thus came with an OS (one was 98 though). The other one has a copy that could probably be considered illegal since it was for another computer other than the one I have it on (especially since when I try to update to SP2 it shuts the computer down and I have to reformat the HD).

Or how about selling the license to an individual rather than to a system? That way the person can install it on several computers to help justify the price they are asking.

AT LEAST be willing to buy back the old OSs that we no longer need when we update. (I'd be tickled pink to be able to get a $75 refund towards the purchase of Win XP by trading in an old Win ME version.

I know Microsoft has to be giving HUGE discounts to HP, Dell, and others as the computer upgrade I just put together cost me $250 and I re-used all drives and most of the expansion cards. I can get a low-end Dell or HP for around $300. I KNOW that 1/2 of their price isn't the OS and software that comes loaded.

C'Mon Microsoft, if you don't want people wrongfully using your software, try making it a bit more affordable.

Adept Havelock
06-16-2006, 09:39 PM
C'Mon Microsoft, if you don't want people wrongfully using your software, try making it a bit more affordable.

Why should they when 1)They can pull something like this, and 2)Have 90% or so of the computing world by the scrotum?

Guru
06-16-2006, 09:49 PM
They keep giving me a reason to hate them more every day.

Simplex3
06-16-2006, 10:23 PM
Every dumbass move like this they make just makes all my *nix knowledge more valuable.

C'mon, MS!

KILLER_CLOWN
06-16-2006, 11:14 PM
I'm ready to make the leap back to Dos, hell i had far less problems with it than i do XP. I admit i haven't used linux much, but with my uber leet dos knowledge and superior typing skillz mee dooz itz.

Count Zarth
06-17-2006, 03:37 AM
AT LEAST be willing to buy back the old OSs that we no longer need when we update. (I'd be tickled pink to be able to get a $75 refund towards the purchase of Win XP by trading in an old Win ME version.


You can't be serious. You might as well take a dump in their hand and ask for $75.

PastorMikH
06-17-2006, 08:41 AM
You can't be serious. You might as well take a dump in their hand and ask for $75.





The dump would probaby be worth more than ME was when it was new.


Saaaay, that's about what Microsoft did when they gave us ME for $150 bucks a pop wasn't it?

morphius
06-17-2006, 09:45 AM
The dump would probaby be worth more than ME was when it was new.


Saaaay, that's about what Microsoft did when they gave us ME for $150 bucks a pop wasn't it?
Thats why they normally sell an upgrade version and a full version of the OS, though I don't know if they did that with XP or not.

penguinz
06-17-2006, 09:58 AM
I did finally make the jump to linux as my workstation at work, and so far have found it pretty usable. I have to say that a n00b wouldn't be able to pick it up though, took some serious searching to find what I needed to allow it to play mp3's, came with the software to do it, I just had to find some oddly labeled library to do it.

The version of Yahoo Messenger you can download is something stupid like 1.1, still works but is that original ugly netscape grey color. It does come with GAIM, which can talk to Yahoo, but sucks ass doing it through our work firewalls.

There are a few other minor announces here and there, but I really do like it, and with the mount -t cifs command I can connect to all of my MS shares.

morphius
fedora core 5
LAME

morphius
06-17-2006, 10:10 AM
LAME
Oh, I knew LAME, what took me a bit was gstreamer-plugins-ugly...