Microsoft Talks Daily With Your Computer

An anonymous reader writes "Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction." The EULA is suppose to disclose this daily call-in feature. Lauren Weinstein, who is co-founder of People for Internet Responsibility, was one of the first people to notice the daily communications to Microsoft. Report from Yahoo.com"

Minor edit

[Anonymous Coward]

The EULA is suppose to

That should be 'supposed'. What happened to the 'd'?

disclosed this

Oh, there it is.

remote deauthorization

[johnrpenner]

if microsoft can remotely 'unlegitimize' a copy of windows,
couldn't a virus or worm massively remotely cripple loads of machines
by exploiting this...?

Re:remote deauthorization

[Poltras]

Actually it can, quite easily... with administrative rights, it can cripple most of your registry and many drivers/dlls (even those unchecked by Windows) and then reboot the machine :) that would work quite efficiently.

The goal of many viruses is not to destroy stuff, but simple other goals such as:

• Make money over advertisement (adware).
• Botnets, in order to attain other goals (DoS, attacks, etc)
• Get passwords, credit cards number and other information which could be useful.
• Leave a message (think MSBLAST.exe kind). What better way to tell "I <3 you" than with the gift of a virus?

A destroyed installation of Windows does not serve much...

Re:remote deauthorization

[cp.tar]

A destroyed installation of Windows does not serve much...

Well, it could...

Imagine, if you will, how Slashdotters are perceived: mostly Linux-fanatics, Microsoft-haters, bloody communists etc.
Is it not possible that some of us created a virus as a mere propaganda tool to make people turn away from Windows?

It wouldn't be that difficult - just create a tiny program that would check for unpatched and unprotected computers. Nothing virus-like in checking whether certain software is present on one's comput

Re:remote deauthorization

[jimicus]

The question is: if we all really are such anti-social techno creeps, why haven't we done that already?

The answer is: There is a difference between being antisocial and being downright sociopathic.

Also I can't think of anything worse than having to understand Windows sufficiently to write such a worm. Urrgh, I feel dirty even thinking about it. I'm off to take a shower in Jeyes Fluid. (Lysol for you US folks).

Confused

[alexhs]

Then, on a certain date (sadly, 6/6/06, although very symbolic, passed without any such occurence)

Excuse me, in what order did you write that date ?

• American way : June 6th 2006
  
• European way : 6th June 2006
  
• Asian way : 2006 June 6th
  
• Alien way : 6th 2006 June
  

When all numbers are below 12, it's quite hard to get a clue ;)
Is it even 2006 ? 1906 and 1006 fits in too...

Re:Confused

[cp.tar]

Excuse me, in what order did you write that date ?

Alien way : 6th 2006 June

Ah, you have much to learn, young one...

You were hoping to discern my location, political orientation and whatnot based on my date format?

Do you really think I would let on that I'm an alien in such an obvious way?

When you see a flying saucer in front of your house, that's when you'll know we've come for you...

Re:remote deauthorization

[jellomizer]

It has been happening. And still it wont change anything. For a simple reason people will not get fired for choosing Microsoft.
You install Windows it gets hacked or a virus infects the network then that is considered a risk of using a computer. If they installed Linux or some lesser known OS. It gets hacked or a worm hits it or it crashes for some reason even it if it minor, I am sure you will have a serious talking to with your managers at best, and they may possibly fire you especially if you really fought hard to get this platform in.

Re:remote deauthorization

[Poltras]

they could prevent security holes from being patched - making further/future exploits easier to conduct.

That's not to your advantage to do so. A normal way to conduct a successful exploit is to establish a basecamp which can call home and so you can have a certain control (normally done through reverse shell connection or UDP/ping/DNS tunneling to bypass firewalls). Once you have a basecamp, you have no problem getting back on the machine to perform whatever task you want. Then, it is important that you st

Re:remote deauthorization

[Kadin2048]

I can only assume that somewhere in the bowels of the NSA exists an "Office of Cyber-Warfare," and within that office is someone tasked with writing and keeping up-to-date the nastiest, most destructive computer and network worms ever. If there's no explicit law against a particular weapon, I think it's a good assumption to make that the U.S. has one (or three, or five thousand).

That said, I'm not sure if initiating a computer-virus war would really be a good idea. It seems like we're definitely throwing st

Re:remote deauthorization

[IchBinEinPenguin]

I didn't think they needed any help...

Virus scenario

[Anonymous Coward]

A virus could use one of the "Product-Key Changer" scripts (see http://support.microsoft.com/?kbid=328874 [microsoft.com]) to install a pirated product key on every infected computer (whiping all traces of the original key).

This would render millions of genuine installations indistinguishable from pirated installations. What a mess for Microsoft! They would have to immediately "kill forever" the WGA helper, and maybe even remove the WGA check on Windows Update.

Such a virus would be a hard lesson to learn for the writers of all kinds of automated "genuine" checks.

Regards,
M.

Re:Minor edit

[RPoet]

The "d" in "supposed" is increasingly seen as redundant when followed by a word starting with a "d"-like sound, such as "to". So "supposed to" becomes "suppose to", because they are phonetically very similar. It's just how it is these days.

Re:Minor edit

[Politburo]

The "d" in "supposed" is increasingly seen as redundant

By who, exactly?

What kind of bullshit excuse is this?

[ScrewMaster]

... quickly shut down in case of a malfunction.

So Genuine Advantage needs to contact the mothership in order to be told that it's broken and needs to terminate?

Please.

Re:What kind of bullshit excuse is this?

[caitsith01]

Whilst I generally agree that it is indeed bullshit, it is possible to imagine the scenario in which, for some reason, there is a bug in Genuine Advantage which leads to a denial of access to the Windows Update service for legitimately registered users.

I have often wondered whether Steam has a similar feature - if Valve goes bankrupt, for instance, does it release you from the (ridiculous) copy protection/licensing arrangements put in place when you install Half Life 2 and other products?

The best way to do any of this would be to simply check if the parent company's server is still there and able to provide authentication/updating. If it is unavailable for some reason the local software should function autonomously, as it always should, but without the need for approval from the parent.

Of course the *real* best solution is to stop trying to monitor usage on a micro-level and just make good products at a reasonable price. As has been demonstrated over and over again, this is the way to stop piracy.

Re:What kind of bullshit excuse is this?

[jb.hl.com]

I have often wondered whether Steam has a similar feature - if Valve goes bankrupt, for instance, does it release you from the (ridiculous) copy protection/licensing arrangements put in place when you install Half Life 2 and other products?

Valve have said that patches would be released to release you from the copy protection in such a situation.

The best way to do any of this would be to simply check if the parent company's server is still there and able to provide authentication/updating. If it is unavailab

Re:What kind of bullshit excuse is this?

[ottothecow]

I hate that tool...it seems like it is the only update that gets pulled down regularily. It pulls itself down and gets installed when I finally relent to it (since I am in no hurry to update it, even though updates come out all of the time) but then it wants me to restart. That's all fine and dandy, I'll let it do its business the next time I feel like restarting.

Oh, whats this? It pops up every 10 minutes asking me to reboot and gives me no option like "remind me tomorrow"

Come on microsoft...dont force me to sit through this shit on nonessential updates

This is why you should have set it to:

[Atario]

"Notify me but don't automatically download or install them". (In Control Panel -> System -> Automatic Updates.)

Then you can pick and choose which updates you want, and when you decline one, it pops up a message in which you can check "Never ask me again".

Too late for those who trusted Microsoft, though...now you have to do a lot of registry tweaks and stuff [blogspot.com].

Re:What kind of bullshit excuse is this?

[rodgster]

OK. I agree It's total BS. Anyone here remember win98 1st ed phone home info disclosure (on connect to windows update)? Oh and they forgot to disclose that in the EULA too.

Same tricks, different year.

However it's not like Redhat's Up2date doesn't phone home daily too. Oh and doesn't it NOT allow you to automagically install patches unless you have current support agreement (which you could rotate between servers if you had one).

I only happen to know because a certain software vendor likes to use RHEL (maybe they're just rolling back prices like walmart).

I guess that's within the rules (but they're still scumbags)?

I run Fedora.

Re:What kind of bullshit excuse is this?

[ScrewMaster]

I think all of this comes under the heading of "yes the technology permits it, but is it something we really should be doing?"

Re:What kind of bullshit excuse is this?

[Anonymous Coward]

I haven't had it happen, but maybe this [vnunet.com] is what you're looking for?

Re:What kind of bullshit excuse is this?

[pro_virus]

My Sygate got the beast on the fly and there wasn't any registry key that started it... So I couldn't block it from starting at each boot. So I simply renamed the file and I have not any trouble since that :D

The file is in the system32 directory and the filename is : "WgaTray.exe". I simply renamed it :"WgaTray.bak" and it left my alone :D

Hope this help. Chow

Re:What kind of bullshit excuse is this?

[SeaFox]

There also appears to be a copy in \system32\dllcache\

I wonder if it gets blocked if I add it to the program list on Windows Firewall and uncheck it.

Re:What kind of bullshit excuse is this?

[JonahDark1]

I'm sorry, but you've completely missed the point. I don't want my computer talking to Microsoft daily. I don't believe Microsoft has any right to know what's going on with my computer. My software is a legal copy and if they want to check that when I download updates, I'll tolerate that, but it shouldn't be sliently calling home.

Re:What kind of bullshit excuse is this?

[ScrappyLaptop]

And luckily, you have that choice, but I am afraid it is you that has missed the point. Microsoft owns that software, not you. You are merely licensed to use it. By agreeing to the EULA and continuing to use Windows, you agree to whatever conditions Microsoft sets forth. The best part of it is that you *pay* for the honor of doing so. If you disagree with Microsoft's actions, you are free to use another operating system or office suite or what have you. I just wonder when that final choice will disappear; imagine if the EULA had a clause that stated, in legalese, "...and I further agree to only run Microsoft Operating Systems on this PC from this point forward". You know, all in the name of allowing Microsoft to provide better support, etc. No reason not to add a clause like that, really...

Re:What kind of bullshit excuse is this?

[Anonymous Coward]

The number of people like you who attribute such unimaginable power to a text file on their screen is mind boggling. According to you, by clicking my mouse button, Microsoft really COULD take my first-born.

Signature? Nope. Pre-sales agreement? Nope. Teeth? HELL no.

No excuses

[Jeppe Salvesen]

Yes. If you fail to read the contracts you agree to, you may very well have your first-born taken away from you.

By denying Microsoft the rights you agreed to granting them, you are indeed in breach of contract. You are not doing what you agreed to do, simply put.

If you have a problem with this stuff - buy a Mac (and read the contract/EULA before you start using it) or run Linux (the same applies here).

Re:What kind of bullshit excuse is this?

[Archtech]

"If you disagree with Microsoft's actions, you are free to use another operating system or office suite or what have you".

And there you have it. As more and more users come to understand the legal facts of the matter, as expounded in this thread, they will have a strong incentive to adopt other operating systems that cost less and impose less unreasonable conditions.

In this context it is interesting to note that the difference between Windows and Linux is steadily being eroded. Indeed, in some ways Linux is distinctly superior; but the key point is that its weaknesses relative to Windows (read: buying objections) are rapidly disappearing. SuSE, to which I am in the process of migrating, is easier to install than Windows; just as efficient; more flexible; and, AFAICS, just as easy to use once you get used to it (which takes a few days). On the plus side, it's far less expensive, offers far better support, and is open and extensible.

Applications used to be a deal-breaker, but I have been using OpenOffice.org recently and it is, if anything, better than Office for my purposes. (Admittedly, I still have Office 97 which is arguably inferior to Office 2003, but why should I shell out big bucks every few years for what is essentially the same product?) Quicken used to be an issue, until Intuit suddenly withdrew from the UK market at the same time as my copy of Quicken mysteriously stopped working. So now there is really no reason why I would prefer Windows to Linux.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:What kind of bullshit excuse is this?

[grolschie]

By agreeing to the EULA and continuing to use Windows, you agree to whatever conditions Microsoft sets forth.

uhh.... wrong! EULAs are not actually legal contracts. They are non binding and non-enforcable. Try again, thanks for playing.

Re:What kind of bullshit excuse is this?

[truthsearch]

Incorrect. The Seventh Circuit found that a shrink wrap license (EULA) is an enforceable software license [bitlaw.com].

Re:What kind of bullshit excuse is this?

[wiredlogic]

The terms of any EULA are not enforceable. It is not a valid contract and has no legal weight whatsoever. You purchased the license fair-and-square when you plonked down hard cash for a copy of Windows offered by some vendor. Once the sale is complete you own that copy of the software and the copyright holder can't impose any additional restricitons upon you.

Re:What kind of bullshit excuse is this?

[Kadin2048]

You own the copy of the media on which the software was delivered to you; you don't own the software itself. You are merely licensed to use it.

Hence, you can resell the media (yours) and the license (yours) but you can't duplicate the software and sell it (not yours!).

It would be interesting to see what Microsoft would do if EULAs were ruled unenforceable; I suspect that they would simply send you out a paper contract in advance of the software, which you would have to read, sign, and return, before they would ship you anything. That's actually SOP for some big enterprise software packages: they don't do their licensing via click-thrus, but rather through contracts signed by the legal parties involved ahead of deployment. Really that's the way it ought to be done -- people would whine about it being an "inconvenience," but at least you could walk away if the agreement looked like crap and not have to worry about getting a refund. I suspect though that at least in some Districts, that EULAs will be found to be quite valid, however, since in theory you can disagree and take the computer/software back for a refund.

Re:What kind of bullshit excuse is this?

[oh_bugger]

According to some comments on a webpage posted earlier in the thread (hunt for it), people have been incorrectly accused of having non-genuine versions of Windows when they actually have completly paid for versions. If this is true then one day turning on their computer to find it's formated and not working will probably piss them off, even more if they realise it was Microsoft that did it. Also someone might deside to write some malware which fools the program into telling Microsoft that the copy of Windows is pirated, a while later Microsoft will go ahead and do the damage for them.

Whether or not Windows is or isn't the best OS to have, these people chose to pay their money to Microsoft and the excuse "It'll teach some pirates a lesson" is not enough to waste their time and money.

Re:What kind of bullshit excuse is this?

[Anonymous Coward]

Last week my "genuine" copy of Windows was accused of being pirated when I accidentally changed the date on my computer. There was no way to fix it, I spoke with several members of Windows customer support who could not help me and transfered me in a complete circle ending up with the original number that I called. I had to reinstall windows, hoping it would help and that I wouldn't lose everything (since I was prevented from accessing windows during this time). Reinstalling (repairing existing installation) helped but I still got the "not genuine windows" warning until I changed the date back to the correct date.

Thank you, Microsoft! :(

Re:What kind of bullshit excuse is this?

[Zemran]

The skanky copies of XP have a prog that fires randomly generated license codes at the server until it finds one that works. That means that when a skanky copy works a genuine copy ceases to work. It is simply a matter of who gets there first. With all these skanky copies using up so many genuine license codes it is not surprising that so many people are getting pissed off. Despite what the post further down says I have tried this out and found the prog worked well and did not cause any noticable delay. That is not to say that I advocate the use of such progs and in fact I personally would not use XP on a machine that is actually connected to the internet and only use Linux for the net except to try certain things out.

I am running...

[Belial6]

I am running 3 copies of WinXP, and own 5 legal licenses. I still don't want MS invading my privacy. If the only thing your worried about is whether it annoys you or not, you shouldn't mind your neighbor putting a web cam in your shower as long as he covers the little red light.

Re:Your sig--off topic, but it's been driving me n

[ScrewMaster]

It's from the novel "The Great Time Machine Hoax" by Keith Laumer.

Re:Your sig--off topic, but it's been driving me n

[Fulcrum of Evil]

What's with that wheel?

it's been driving me nuts.

Yarr!

Re:What kind of bullshit excuse is this?

[jargoone]

And since I run a legit corporate copy, it's staying blocked.

... but if you ran a stolen corporate copy, you'd unblock it? ;-)

Re:Old News

[Anonymous Coward]

WTF? This isn't old news. Every time I have downloaded this to do installations on the computers we setup at work it says very clearly it performs a "one time check". When did "one time check" become every day? Microsoft is fucking scum.

Marketing opportunity

[zCyl]

And how long until their regular check-in procedure for whether or not your computer is running legal copies of software morphs into a marketing opportunity by linking your ip address to your windows registration for tracking purposes? It would be the ultimate cookie, since it could essentially link every Windows user on the internet to the purchaser of the windows license, no matter where the computer moves to. Companies would leap all over this database in backroom deals, since it could allow advertisers or other companies to know the full identity of users the moment they bring up a page.

Re:Marketing opportunity-- then you hire

[davidsyes]

to make a tool to trash the cookies. Send back spurious, useless, marketer-crashing rubbish that calls their ENTIRE database into question. FUCKEM. With the exception of the copyright works of others, the data on MY computer is MINE. EVEN the fucking so-called copyright-protected cookies. If they generate cookie data with MY surfing habits, and I'm not getting PAID by them to use my info, then I will continue to trash, delete, or block cookies and their entire fucking domains.

I REGULARLY look at who is behind ANY new IP address, and I DO block entire domains. I don't know how many INDIVIDUALS have over 200 sites on their blacklist, but I do. When doubledick (among others), for instance, gets cute and scarfs up chunks if in-between addresses in random domains, I block the sub-domain if it's interfering TOO much with my surfing. But, in battle against some of these fucks, I DO tolerate 10-60 second page loads. I don't block EVERY company out there, just the big, fat-footed ones whom I suspect of mass-selling surfing information.

Thank YOU LINUX/OS devs and W3C: You helped me not have to surf with with ms crap at home.

BTW, IS THERE a cookie-corruption tool that will decrypt them so I can see what it is trying to do? Is there a way to defeat any checksums so that I can insert crap or taint the call-back numbers in the cookies? This would be so I can misdirect them and be part of a cookie-trashing movement. I'm not looking to gain unauthorized ACCESS, I want to DEAUTHORIZED and DESTROY most of the cookies. Not the ones to my e-mail providers, just the ones to sites I don't have any relationships with. I'm SICK of those who say cookies are harmless. Next, we need to root out those 1x1 pixels and taint them, too. Then the crawlers stuff, and whatever else that comes along.

Re:What kind of bullshit excuse is this?

[CleverNickName]

Well if anyone can come up with a unexpected and creative solution to that problem, it's you :)

Yeah, just reverse the polarity on your firewall, and send an inverse tachyon pulse on a rotating Heisenberg frequency spread though port 228.

But that's, like, second semester Academy stuff, so don't be too impressed.

Whoa!

[rahrens]

Just one more reason NOT to use Windows as my operating system!

I'm protected.

[Anonymous Coward]

*wraps computer in tin foil and duct tape*

BRING IT ON!!!

XP Phone Home!

[Anonymous Coward]

XP Phone Home!

Ethereal anyone?

[caryw]

Anyone sniff out the offending packets yet? I'm sure they can't be too hard to identify. Probably simple HTTP posts.

If nobody has I'll sniff anything going to Microsoft's Class B (207.46.*.*) later tonight.
--
From Northern Virginia? Visit Fairfax Underground [fairfaxunderground.com]! (Just added: Fairfax County wiki, need submissions)

Re:Ethereal anyone?

[Crazyscottie]

Or better yet, you can just prevent those packets from ever reaching their destination.

The DOS command route -p add 207.46.0.0 mask 255.255.0.0 [192.168.0.254] (replace the address in brackets with a random address on your current subnet) will permanently route all would-be "phone home" packets to the random address that you specified.
 
... You could also, of course, use a firewall, but where's the fun in that? ;-)

Re:Ethereal anyone?

[Billly Gates]

Its been known for years since NT4 about the Windows Update manager.

I have seen it with the NT Server Network manager (I think that was it?) that sniffed out the packets. I remember reading how to enable your firewall to block it. ITs been awhile since I read about it but its old news.

Ooops!

[kozumik]

I guess they forgot to disclose that in the EULA. Honest mistake, stuff happens. Now let's go back to not worrying about DRM or Net Neutrality because Big Bussiness is looking out for our best interests.

This happened to my moms computer yesterday

[antifoidulus]

My moms computer which was bought from Best Buy and NEVER had windows re-installed on it was determined by Microsoft to be "not genuine". What fucking bullshit, I never was a Microsoft hater before that even though I used OS X, but calling my mom a criminal even though she isnt is just plain fucking bullshit. Microsoft, you made me a hater, though out of principle I refuse to use "M$"

Re:This happened to my moms computer yesterday

[oscartheduck]

Just be aware that there's a piece of malware going around that performs this function also. It looks like a microsoft box, comes up before you sign in and claims that your copy of windows is not genuine.

Re:This happened to my moms computer yesterday

[spectecjr]

This happened to my Uncle's computer yesterday - Uncle Sam that is. The WinBlows PC that is my email machine popped up the "This copy of Windows is not genuine" tag yesterday. This is on a major DoD site that has Everything legit, monitored, and locked up. It locked the system down so that I could not access the system with either the CAC card/PIN method nor the username/password means.

The Genuine Advantage tool doesn't lock your system. It just doesn't let you download cool freebies (at this time).

You got hit by something else. Upthread someone said that there's some spyware which masquerades as the Genuine Advantage system, and *does* lock your system down.

Talks daily to whose computer?

[Entropy]

TFA says "your computer", but aren't all Windows installs "my computer" on the desktop? Shouldn't it say "your my computer"? Or is it "my your computer"?

Ah screw it! And screw Microsoft, too.

Re:Talks daily to whose computer?

[plover]

aren't all Windows installs "my computer" on the desktop?

Not mine. I renamed the icon to be "this".

Re:Talks daily to whose computer?

[Bob Cat - NYMPHS]

Several times, after telling someone to "Click on My Computer", I was put on hold while they ran over to the server, picked up the extension, and then asked me "Where should I click?". I'm not making a joke here. Mod this "Sad".

With Windows, "My Computer" really isn't mine...

[Vorondil28]

Long ago I renamed mine to "Bill's Computer." I just didn't feel like it was mine anymore. ='(

Bug in Windows Update?

[Savage-Rabbit]

TFA says "your computer", but aren't all Windows installs "my computer" on the desktop? Shouldn't it say "your my computer"? Or is it "my your computer"?

I got a totally different result myself. When I ran Windows Update on my parents laptop about an hour ago Windows Update renamed 'My Computer' to 'All your computer are belong to Microsoft' and changed the system name to 'Skynet subnode 3964270017356334576934-X371N02'. Has anybody else experienced this?

OMG! Everyday?!

[__aaclcg7560]

I knew my PC was cheating on me after I got a Mac. But Microsoft...

Re:OMG! Everyday?!

[sconeu]

but beggars can't be choosers.

But buggers can

WgaTray.exe

[Zaffo]

Just the other night my copy of ZoneAlarm was alerting me that this exe was trying to make a shout-out to the Internet. A little searching told me what this was, so I set it to permanently deny the request. Problem solved!

Re:WgaTray.exe

[MikeBabcock]

Don't forget that the Windows firewall software (which will supposedly protect outbound traffic as well as inbound in Vista) allows software to change the rules dynamically and without asking you.

I looked for a very long time on McAfee's site to figure out how the ASAP intranet updating software worked so I could set appropriate firewall rules. Then I noticed that with a fully locked-down PC, it was already receiving said updates and connecting to other locked-down PCs for them.

Great, I thought, the Windows firewall really is useless.

Nice Title...

[imboboage0]

MicroSoft

So why are we talking about their 'tools?'

This is why I've been staying off WindowsUpdate -

[timecop]

I heard horror stories of people with 'acquired' versions of Windows XP who went to the 'new' 'Windows Update' service and ended up with an annoying tray icon constantly reminding them that their version of XP is pirated.

But you know, I havent been to WindowsUpdate in over a year.
I use a great (and free) tool provided by microsoft themselves - called "MBSA" (Microsoft Base Security Analyzer [microsoft.com]) to download and install updates.

With MBSA, I can do a quick install of Windows XP with SP2 integrated in vmware, then run this tool, and find out that (as of yesterday) there are 39 hotfixes needed for vanilla XPSP2 install, and it gives me direct (no WGA crap) links to download these updates. All I have to do then is save them all one by one, integrate them into a XP SP2 iso image, and use this pre-integrated disk to install with.

Since i reinstall windows every few months this is not a problem, and for those who insist on keeping windows machine installed longer, they can simply use MBSA to download incremental updates and install them manually.

Re:This is why I've been staying off WindowsUpdate

[SolarCanine]

With MBSA, I can do a quick install of Windows XP with SP2 integrated in vmware, then run this tool, and find out that (as of yesterday) there are 39 hotfixes needed for vanilla XPSP2 install, and it gives me direct (no WGA crap) links to download these updates. All I have to do then is save them all one by one, integrate them into a XP SP2 iso image, and use this pre-integrated disk to install with.

It's interesting to note that in order to download this, you have to use the Windows Genuine Advantage tool...

Re:This is why I've been staying off WindowsUpdate

[students]

You can integrate most anything into a Windows installer with The Unattended Windows Tutorial [msfn.org].

Re:This is why I've been staying off WindowsUpdate

[Tim C]

So does this allow you to "install" programs into the ISO file

Yes, that's exactly what it's for. I did this when I last upgraded my PC, because I was going SATA RAID, knew that the drivers wouldn't be available on my XP Pro CD (it predates SP1), and couldn't be bothered to buy a floppy drive (I've not had one for years). I integrated the drivers, Service Pack 2 and a few other hotfixes.

Have a look at this article [short-media.com], which details using nLite [nliteos.com] to perform the slipstreaming (note that the link in the article is d

...the hell?

[AWhiteFlame]

Here at Microsoft, we care about the Customer Experience. As a result, we've taken the following measures to make sure your experience is as pleasant and beneficial to you as possible.

- Our new operating system, Windows Vista, requires only the best high-end hardware so that, even on a system well beyond the power you should ever need, you'll still get the true Windows Experience(TM)

- The new Windows Media Player 11 features all-new and exclusive DRM, or Degradation Resistment Technology by Microsoft, which not only provides wonderful sound in the new and improved WMA format, but protects your rights as well.

- Our operating systems now report back with system information and other information which we feel should be collected from your system at any given time to improve your computing experience.

Microsoft: Where do we want to take you today?

Microsoft doesn't talk to my computer.

[Khaed]

I don't have Windows. So Microsoft doesn't talk to my computer. Wouldn't a more accurate title be "Microsoft talks daily to Windows"?

Considering how often Windows is pirated, I can't say this surprises me. Their excuse is stupid. They should just say "Look, we know people pirate. So we're going to check. If you don't like it, tough." Don't hide it. I'm not saying they're right or wrong to do this -- just that they should be up front about it if they are going to.

It won't make a dent in their sales. Whether or not you hate Microsoft, love Linux/Apple, or cling to OS/2 -- Microsoft is currently the top dog. Right or wrong; I'm not taking a stance on that, here. It's going to take a lot more than this to hurt Microsoft's bottom line.

So, you know, just tell us what information you're going to collect.

I have a idea.

[Avillia]

Redirect 207.46.*.* to 255.255.255.255. Only stop doing this when you feel the need to update. Disable automatic updates and all other update services except when you want to update. Problem solved. Really, if people just took the stance of "Why does this thing need to communicate to another computer?" instead of "Why shouldn't I allow this thing to talk to another computer?", 99% of security issues would be complete bork. But, of course, that requires common sense.

Re:I have a idea.

[Schraegstrichpunkt]

Redirect 207.46.*.* to 255.255.255.255.

Why the broadcast address?

Daily conversation transcript intercepted

[Anonymous Coward]

Your Computer: Hey Sweetie!
M$: Hi Schnookums!
Your Computer: Just checking in
M$: I love you honey
Your Computer: Bye Bye Baby
M$: Sweet Dreams
Your Computer: No you hangup
M$: No no you hangup

Learn how to ghost...

[dognuts]

That's why Ghost is such an important tool! 1/Create Ghost image of your OS 2/Go to MS let them install what they want 3/Check for updates & write down KB# but don't install anything 4/Download the KB's you need to your HD 5/Restore the image you made & install the updates you downloaded. Now you have your updates without any MS garbage on your PC. In case you didn't notice media player has been calling home for years & that doesn't seem to bother anyone!

Genuine Infection

[Spy der Mann]

In my blog^H^H^H^Hjournal I stated why Genuine Advantage only benefits spammers and virus writers [slashdot.org]. It's like if Bill Gates was holding the whole internet hostage against viruses and malware.

"Oh, that's a nice drive C you have there. It would be a shame if... something happened to it."

Microsoft could do something much more beneficial to the world if he remotely deactivated all network access in pirated windows- at least we would be safe from unpatched machines spreading viruses and spam.

And the killer ironic remark

[Spy der Mann]

And the unpatched machines happen to be the only ones which do NOT have Genuine Advantage installed.

I estimate...

[God of Lemmings]

90 days for hackers to find an exploit in Wga to subvert microsoft's own servers into spambots.

Microsoft's mouse driver also checks in daily

[eric31415927]

If you ever install the Microsoft mouse driver from the CD that accompanies the mouse, you'll find that it too calls in each day.
Why does a mouse driver need to call in daily?

A better question is: Why install the driver at all?
Pretty well every version of Windows recognizes a Microsoft mouse with no need for drivers from the CD.

Don't set the bar too high, Billy Boy!

[Zero__Kelvin]

"We're looking at ways to communicate that in a more forward manner," he said.

Well considering the current standard is not at all it shouldn't be too hard to communicate it in a "more forward manner." Burying the disclosure in an .exe. somewhere, never to be shown to the average user, will meet their newly established criteria ...

EULA?

[Enrique1218]

Oh, yeah that is a good way to disclose something to the public. You can write in under your plan to assassinate the president and take over the world.

Microsoft needs to get its act together

[I'm Don Giovanni]

Microsoft seems too dense to realize that they've squandered trust, and need to be above reproach like Caesar's wife (see Shakespear's "Julius Caesar" ;-)). That means that they need to make sure to disclose these kinds of things; failure to do so (before a third party does it for them) just makes them all the less trustworthy. This episode demonstrates sheer idiocy on their part.

Patch to disable reporting now available!

[kitzilla]

I've discovered a patch which disables Windows' "phone home" reporting. It's a fairly large download [ubuntu.com], but it seems to work.

Should be illegal.

[arrgster]

If someone had a certain item stolen and then looked in your window and saw that similar item in your house, they do not have the right to break down your door and check the serial # to make sure it isn't theirs. Yet for some reason big software companies have to right to invade my personal property (my computer) to verify that I actually own the software. This totally bypasses our entire legal system and our constitution and I have no idea why they are getting away with it.

Wonder what size their database is now...

[SwedishChef]

with mouse drivers calling daily and now the "genuine advantage" calling in daily you would expect that, by now, MS would have a database bigger than Google's. What are they going to do with this, anyway? BTW: I have a client who was told by Genuine Advantage that he had a pirated version of XP and that he had to pay for a new OS. I left him trying to find his sales receipt from a large, national, computer distributor.

Thank God I've been running Linux since 1993!!!

Re:What's up with the intercapping?

[grub]

Being Slashdot, you have to praise the editors for what they didn't do. In this case they didn't write it as Micro$oft, MicroShaft or MicroShit.

Good job, boys! Have a cookie!

Re:What's up with the intercapping?

[killjoe]

What the??? You are upset because some corporations name was intercapped? Are you going to go into apoplexy every time somebody intercaps some corporations name?

What kind of an insane person cares about that?

Re:What's up with the intercapping?

[drsmithy]

Ms is actively trying to curb this freedom and working in close partnerships with others who want to curb this freedom.

Your paranoia is showing. About the only "freedom" Microsoft is actively trying to curb is the "freedom" to violate copyright[0].

On another point IT is arguably the most imporant industry on the planet. It is literally the glue that holds modern civiliation together. Ms is bad for IT, Ms is bad for civilization.

Maybe if you're a thirteen year old kid who thinks "modern civilisation" eq

Re:Yawn

[sweetooth]

A safety feature that it doesn't need. Genuine Advantage only needs to be checked once. Upon verifying your Windows install it should never communicate with Microsoft unless specifically asked to do so. Doing anything else is highly suspicious and bad form. Failing to put this communication information in the EULA is also bad, but is likely an oversight on someones part so can probably be forgiven, we all make mistakes.

Re:Yawn

[Agent Green]

Microsoft doesn't really give a shit about the single-use, single-pc key so much. The whole crux of the Genuine Advantage thing is to keep an eye on the corporate volume licensing keys.

If a corp. license gets out into the wild, it's going to spread like mad (duh). With all those updated PCs phoning home on a daily basis, Microsoft should be quick to get wise to whose key just slipped out and put the kibosh on it.

How many people had the FCKGW key before that got pulled in SP1? :)

Re:Yawn

[collectivescott]

Regarding point 1: My copy of windows checks time.nist.gov, not microsoft. In addition, however, I was asked before this function was enabled, and I can disable it at will.

Regarding point 2: Where is the safety switch for internet explorer? I'm sure IE causes way more "computer explosions" than genuine advantage.

Let's be honest here. A phone-home capability in genuine advantage is suspicious, given the function of the genuine advantage program. It makes people running pirated versions of windows especially nervous. The bottom line is, if it isn't a spy tool, there ought to be an option to disable it. If it is a spy tool, get it the fuck off my computer. Period.

Re:Yawn

[StikyPad]

It makes people running pirated versions of windows especially nervous.

Boo hoo.. poor people running pirated copies.

If they're too stupid/lazy/cocky to keep themselves isolated by a good firewall, then I have no sympathy.

There are plenty of valid reasons why this "feature," or at least the lack of disclosure, is immoral. Protecting piracy is not one of them.

Re:Yawn

[the_Bionic_lemming]

I can disable it at will.

Me too. there are three services that windows requires to get the free updates. They demand one of them is set to launch "automatic".

I reenable the services, and get the updates - I then disable the services and guess what?

No phoning home.

Automatic Updates (allows the site to find, download and install high-priority updates for your computer)
Background Intelligent Transfer Service (BITS) (helps updates download more quickly and without problems if the download process is interrupted)
Event Log (keeps a record of updating activities to help with troubleshooting, if needed)

make them manual -

Automatic Updates is the one that phones home.

It's trivially easy to shut off.

Re:Yawn

[MarcQuadra]

Microsoft wants a safety switch in case this tool starts causing PCs around the world to explode. Thus the program checks with Microsoft once a day to see if it should shut itself off.

Good, I've been building our 2006-07 academic year image on XP and this tool has twice kicked-in and called my legit-via-volume-key XP image a fraud. I eventually figured out that I had to be less millitant about deleting miscellaneous files before syspreping the beast, but I can certainly see some malware out there deliberate

Re:Yawn

[tacocat]

Well, for one. How does legal software become illegal? You only need to check once.

This is a simple enough program that there shouldn't ever be a need for a safety switch, and since it only runs the one time, there's no need for it.

And Microsoft has established a history of doing this kind of crap in the past. Is there any reason why anyone should expect them to behave differently today? Seriously. Is there anything which Microsoft has experienced which might give them pause to consider this behaviour as potentially improper?

Re:Yawn

[shaitand]

Okay, since genuine advantage only needs to verify my system ONCE and then never execute again, why does it need to check daily to see if it is going to cause my computer to explode and how does this protect me since the app is already functioning if it is able to phone home?

I think I would rather maintain control of what software runs on my computer, responsiblity for deciding whether I believe it will make anything explode, and retain the right to the final call over whether I will do something about it.

Re:Thank God!

[Pantero Blanco]

The last copy of Windows that I owned was "genuine", as well. I still dropped them once they started trying to push DRM and activation on me with XP.

Re:So what?

[BFaucet]

A) They didn't tell anyone the software would do this.

B) We are supposed to trust MS that this thing is only asking MS if it needs to be shut off? What the hell kind of reason is that to phone home?

C) Why the hell does this software need to be running all the time? It's taking resources doing nothing but asking MS if it should be shut off?! Why can't it be started up and shut off only when needed?

D) There have been false reports of pirated software. Will this software one day just decide you're using a pirated version and kill your machine? Some people depend on their computers to feed themselves. If this software screws up and kills a machine and the owner has several days of downtime who's going to compensate them?

E) If you really think MS (or any large corporation for that matter) is above abusing phone home programs you got blinders on. Why should we trust large companies with our private informaton while not trusting actual people with our social security number?

F) The reason megacorps and the people who run them are so successful is always a combination of luck, smarts, and ability to stab people in the back and laugh about it. I'm not saying large corporations should be ended, but they should be approached with caution. They will try to get away with whatever the hell they can. It's the consumer's job to keep them in check... Well it's the goverment's job too, but they seem to be doing a shit job to say the least.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:at least they don't steal user files

[dtfinch]

And Google Toolbar with pagerank checking enabled tells Google every url you ever visit.