Re: Another Microsoft SPYWARE Attack !! Backup Utility tried to send TWO updates to Windows update

From: Shenan T. Stanley (newshelper_at_hushmail.com)
Date: 07/11/03 

Date: Thu, 10 Jul 2003 17:50:46 -0500

Jonmith <> wrote:
> Is Windows just Spyware or what? Since I've installed my firewall,
> I've noticed that many programs are sending usage information to
> Windows Update. Today I ran the backup utility and it fired off two
> communications to Windows Update, see information below. I suppose
> this has been happening all along, but I've only noticed it since
> blocking outgoing TCP with McAfee firewall (good program by the
> way). Anyone know if this is standard practice by Microsoft? Do
> they routinely collect usage information via this kind of embedded
> spyware?
>
> McAfee Firewall alerted on an attempt by the program "Microsoft Volume
> Shadow Copy Service" located in C:\WINDOWS\SYSTEM32\VSSVC.EXE, to
> communicate in a way that was disallowed by the program's filtering
> rules. The data
> direction was outbound. The IP protocol type was TCP/IP. The remote
> port was 443 [HTTPS]. The domain name was
> v4.windowsupdate.microsoft.com. The IP address was 207.46.134.126.
> The user's response to the alert was to deny the communication this
> time.
>
> AND
>
> McAfee Firewall alerted on an attempt by the program "Ms DTC console
> program v03.01.00.4414" located in C:\WINDOWS\SYSTEM32\MSDTC.EXE, to
> communicate in a way that was disallowed by the program's filtering
> rules. The data
> direction was outbound. The IP protocol type was TCP/IP. The remote
> port was 443 [HTTPS]. The domain name was
> v4.windowsupdate.microsoft.com. The IP address was 207.46.134.126.
> The user's response to the alert was to deny the communication this
> time.
>
> Anyone know about this? Is it happening to any of you?

So you ran something and it checked for updates...
OK.... 

-- 
Shenan Stanley
"Just trying to help"
-------------------------
How to use XPs Help and Support
http://tinyurl.com/fltf
How to Use the Microsoft Product Support Newsgroups
http://tinyurl.com/fkja
How to use Google
http://www.google.com/help/basics.html
http://tinyurl.com/fkmc
-------------------------

Relevant Pages

  • Another Microsoft SPYWARE Attack !! Backup Utility tried to send TWO updates to Windows update
    ... Since I've installed my firewall, ... noticed that many programs are sending usage information to Windows Update. ... communicate in a way that was disallowed by the program's filtering rules. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Firewall protection with XP
    ... says "my network won't communicate" the first answer is "turn off Windows ... When they call and say my messenger service won't work, ... that the firewall blocks. ...
    (alt.internet.wireless)
  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is secedit.exe left by a hacker?
    ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
    (microsoft.public.win2000.security)
  • Re: Is secedit.exe left by a hacker?
    ... >> tested on port 445. ... >> I have a Linksys router that I use as a firewall to my ... >investigate the files on your computer - antivirus with ... >windows and everything else. ...
    (microsoft.public.win2000.security)