Re: How to stop MS from breaking in?????

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/06/03 

Date: Thu, 6 Nov 2003 07:07:02 -0700

Hi,

I replied to your other newer thread on the WU/Bits
behavior conrol issue.

On the default behaviors of XP in initiating contact to
external servers, many would fully agree with you.
However, the MS lawyers will point out that you did
either explicitly or implicitly agree to the licence, that
you can read in file EULA.txt, and so agreed to having
your system updated. That is a lawyer answer.

The reality is, and this may help you appreciate the
rock-and-the-hard-place scenario somewhat, people
often would not enable this, or become aware that they
should, but without it enabled MS has no way of trying
to help their less-informed customers maintain patched,
healthy systems. So, the question may be cast as, is it
better to seem invasive or to let millions of machines
not be serviced ? The middle ground solution seems
to have been to seem invasive but to go out of the way
in both design/architecting this (and to point this out in
the PR information about this) to make it so that it is not
uninvited and it is not dealing with any identifiable
information moving up to the servers (info only flows
down to the machines for the autoupdate capability).

Now, it only remains to determine just what is actually
triggering the communication. Candidates are WUAU
(as this does use the service wrapper), timesync (wrong
port), calling to the Search Assistant (an option in the
Explorer options), behaviors from Office products that
might be installed, Windows Messenger, MSN if it is
installed, etc. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
<anonymous@discussions.microsoft.com> wrote in message
news:083f01c3a419$457b1de0$a301280a@phx.gbl...
> Hi Roger,
>
> Thanks much for taking the time to try to help me. It is
> very much appreciated. Can you tell me how I can
> configure my machine so that it does not ask for any
> updates or BITS (I don't know what this is). Thanks again.
>
> As for my own feelings on this matter, please be assured
> that I (personally) never asked for a connection from my
> machine to a MS server. However, MS did program its
> software so that this was "automatic" and I was not given
> the option to say "no". So be it. I wish there was a
> question asked by Windows XP which I could reply "no" to.
> This would save me lots of time. For me, this is like
> someone entering into my home and inviting other guests
> in without my permission - and leaving the door open for
> other unwelcome guests. Please take this as my own
> personal feedback for what it is worth. Again, thanks for
> you assistance.
>
> Rich
> >-----Original Message-----
> >I see nothing indicating UDP, and "GHP Firewall" is
> >misinterpreting this.  GHP is something running (probably
> >a couple instances of it) on your machine.  One of the
> apps
> >hosted in GHP has contacted MS and your ZA is blocking
> >the reply.  Configure your machine.  It is possible to
> make
> >it so that it does not originate any communications
> outbound
> >(yes, even those that ZA does to ZoneLabs).
> >
> >This is not an MS server trying to crack through your
> firewall,
> >it is just a process on some server trying to fulfill
> something
> >your machine has asked for.  It is offering you
> something for
> >free, from which you may benefit, that you have not taken
> >control over your machine to stop from being requested,
> and
> >you are not happy ?
> >
> >One possibility is the Window Update capability, as it
> runs
> >in one of these GHPs as does BITS that is used to dribble
> >down the software updates.  Have you configured it to not
> >check for updates (not recommended) ?
> >
> >-- 
> >Roger Abell
> >Microsoft MVP (Windows Server System: Security)
> >MCSE (W2k3,W2k,Nt4)  MCDBA
> >"Rich" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:008c01c3a3d0$830f5110$a601280a@phx.gbl...
> >> Hi,
> >>
> >> Thanks much for taking the time to try to help me.
> >>
> >> It looks like UDP Incoming from a GHP Firewall from
> >> Microsoft. Here is the relevant log information from
> >> ZoneAlarm. Any assistance would be greatly appreciated
> >> since it is very uncomfortable to have a remote machine
> >> from Microsoft that keeps trying to break into my
> >> machine.
> >>
> >> Thanks again,
> >> Rich
> >>
> >> ACCESS,2003/11/04,17:31:48 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.34:Port
> >> 3544).,N/A,N/A
> >> ACCESS,2003/11/04,17:32:24 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.35:Port
> >> 3544).,N/A,N/A
> >> ACCESS,2003/11/04,18:32:34 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.35:Port
> >> 3544).,N/A,N/A
> >> FWIN,2003/11/04,19:00:12 -6:00
> >> GMT,207.46.228.33:3544,192.168.0.2:1179,UDP
> >> ACCESS,2003/11/04,19:00:36 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.33:Port
> >> 3544).,N/A,N/A
> >> ACCESS,2003/11/04,20:00:42 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.33:Port
> >> 3544).,N/A,N/A
> >> ACCESS,2003/11/04,20:14:34 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.35:Port
> >> 3544).,N/A,N/A
> >> ACCESS,2003/11/04,21:14:54 -6:00 GMT,Generic Host
> Process
> >> for Win32 Services was blocked from accepting a
> >> connection from the Internet (207.46.228.35:Port
> >> 3544).,N/A,N/A
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... Anyway the Server Ipconfig /all is this... ... Server Local Area Connection: ... Les Connor [SBS Community Member - SBS MVP] ... First Page of the Internet Connection Wizard, ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN breaks after installing patches
    ... Now I understand that you are using the PPPoE connection and no router is ... a virtual network adapter will be ... 825763 How to configure Internet access in Windows Small Business Server ... Run the Change Server IP Address to change the internal IP address. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... I checked the binding order and the Server Local area connection is at the top. ... I should have been more clear about internet connection.. ... I wonder if I may have missed a firewall setting on the router as well. ...
    (microsoft.public.windows.server.sbs)
  • Re: Non-domain connection problem
    ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... I hard coded the DNS server to a known DNS on the internet: ... Again this had no effect on the ability to connect to the internet. ...
    (microsoft.public.windows.server.sbs)