RE: windows update reporting info back to MS? (and .NET fw SP1)

From: Amer Karim (amerk@telus.net)
Date: 08/07/02


From: "Amer Karim" <amerk@telus.net>
To: <focus-ms@securityfocus.com>
Date: Wed, 7 Aug 2002 11:30:59 -0700

In fact I believe that you don't need to enable them at all - the Automatic
update and BITS only apply to the automatic updates and aren't necessary for
manual updates. The remote registry service isn't necessary for either. I
have all three disabled on my systems.

Just be aware that on a W2K server, you'll need to enable the Remote
Registry service in order to configure certain components, i.e. RRAS, but
you can disable it after you're done.

Regards,
Amer Karim
Nautilis Information Systems
Pager: 604-645-7729
e-mail: amerk@nautilis-sys.com

Confidentiality Notice

The information contained in this communication is confidential and/or
proprietary business or technical data. If you are not the inteded
recipient, you are hereby notified that any dissemination, copying or
distribution of this communication, or the taking of any action in reliance
on the contents of this communication, is strictly prohibited. If you
received this communication in error, please immediately notify us by return
message, and delete or destroy all copies of this communication.

-----Original Message-----
From: Paris E. Stone [mailto:paris@archerintegration.com]
Sent: August 7, 2002 09:02
To: focus-ms@securityfocus.com
Subject: RE: windows update reporting info back to MS? (and .NET fw SP1)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How to overcome the "New" Windows Update.

Stop 3 services:

Automatic Update
Background Intelligent Transfer Service
Remote Registry

Change their type from Automatic / Manual to Disabled.

Turn them on only when you want to update.

- -----Original Message-----
From: Javier Sanchez (Information Systems) [mailto:javier@msmc.com]
Sent: Thursday, August 01, 2002 11:24 AM
To: Douglas R. Wilson; focus-ms@securityfocus.com
Subject: RE: windows update reporting info back to MS? (and .NET fw
SP1)

Unfortunately, you're probably right.

With the latest version of Windows Update (essentially a mandatory
download and now part of SP3) you consent to sending the following
information to Microsoft:

* Operating-system version number and Product Identification number
* Internet Explorer version number
* Version numbers of other software
* Plug and Play ID numbers of hardware devices

This is stated in the "Windows Update Privacy Statement" which you
can
read at <http://v4.windowsupdate.microsoft.com/en/about.asp?> You
can
also follow the "About Windows Update" link off the WindowsUpdate
page.
Don't bother trying to right-click, they've made sure to disable
that.

I haven't bothered trying to sniff that packets to see precisely what
"Other Software" they're looking at. I'll just assume that "Other"
software means "Other MICROSOFT Software, such as Office"... Maybe if
I
keep telling myself that, one day I'll believe it.
Has anyone taken the time to sniff and see what's going on?

- -Javier I. Sanchez

- -----Original Message-----
From: Douglas R. Wilson [mailto:dallendoug@dallenhome.org]
Sent: Thursday, August 01, 2002 9:28 AM
To: focus-ms@securityfocus.com
Subject: windows update reporting info back to MS? (and .NET fw SP1)

I put the .NET framework on workstation for test purposes yesterday
before leaving work, and didn't put SP1 (for .NET) on it. This
morning,
the automatic update had already downloaded the patch, and prompted
to
apply it. (I have my windows update client set to download, but not
to
install unless I approve).

I went ahead, and ran the install. A few seconds in, I noticed sudden
network activity, and the install sat there for a moment. Not enough
data transfer seemed to be going on for it to be a download (and, in
theory, the patch should have already been downloaded), but I pulled
up
the following with netstat:

 TCP MYHOSTNAME:1802 wustat.windows.com:http ESTABLISHED

Being paranoid, doesn't this look like windows update is reporting
back
to microsoft? (windows.com is owned by MS and redirects to
microsoft.com
if you go the plain www.windows.com domain). In theory, I forget the
official WU blurb, but isn't "no information returned to microsoft
about
your computer"?

Does anyone else know anything about this? (pardon me if this is
something blatantly obvious and/or discussed -- I have had my head in
projects for a bit).

TIA,

Doug

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: http://www.parisstone.com/

iQA+AwUBPVFEd/2j5dDsq7N3EQIknACg9EQIqGLEx5zqkn6YFTPoDzvAZl0AmNUJ
ErxySotw4dwETM/6l30GE+g=
=vWE4
-----END PGP SIGNATURE-----



Relevant Pages

  • RE: svchost.exe is making me crazy.
    ... When you run Windows Update to scan for updates that use Windows ... i checked my windows update history and found that the last automatic update ... nass.....something happened in that last automatic download and install ... if i download hijack this, and get a report on my computer, will you be able ...
    (microsoft.public.windowsxp.accessibility)
  • Re: SP2 Joke? or What?
    ... A limited number of computers should start receiving SP-2 assuming ... Click Automatic Update tab ... >I have been anticipating the release to Windows Update as well. ... >> and being redirected back to Microsoft to download the so called: ...
    (microsoft.public.windowsupdate)
  • Re: Error 0x80070020
    ... Then download and save KB927891 if it has not been installed. ... do not run them while the browser is open or the Automatic Update service is running. ... Now install WindowsUpdateAgent30-x86.exe ... You receive a "0x80070020 The process cannot access the file because it is being used by another process" error message when you try to download an update from Windows Update or from Microsoft Update ...
    (microsoft.public.windowsupdate)
  • Re: Strange object in Icon Tray?!
    ... It's the Windows Update icon, ... It sounds like you are set up on Automatic Update to ... automatically download and install updates. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Auto Updates wont Download or install
    ... "Download and prompt me to install" option is ran in a Local User context ... versus the Automatic Update schedule option which uses the Local System ...
    (microsoft.public.windowsupdate)