Author Topic: Interesting tad bit - MS Windows Genuine Advantage Phones Home Every day (Read 29740 times)

thunder7 · « **on:** June 09, 2006, 06:06 AM »

Microsoft Windows Genuine Advantage Phones Home Every day
http://www.dailytech.com/article.aspx?newsid=2766

I just do not like them on my PC

Josh · « **Reply #1 on:** June 09, 2006, 08:25 AM »

I dont consider this a very big issue at all. The only information given is a hash of the key you are using, and your ip address, nothing personally identifiable. I see people all the time complain about an ip address being transmitted, yet they dont seem to realize that its given out EVERY DAY on EVERY SITE you visit on the web. Just by visiting a website, about a dozen or so (on the average) web servers get your ip address because you download ads from them. Did you accept an agreement to let them load the ads and get your ip? no. Isnt that considered the same behavior microsoft is using here? The only function it phones home for is to check to see if several failed attempts to validate have been detected from your ip address (since some businesses proxy out 1 IP) and gives microsoft a way to disable WGA on that pc so that the issue can be investigated by the sys admins.

Again, this is nothing major, but instead provides a way for microsoft to help a company if there becomes an issue with WGA inside their corporation.

f0dder · « **Reply #2 on:** June 09, 2006, 08:34 AM »

I don't like WGA at all, and I don't like the call-home feature either. I think I'll set up some traffic blocking on the companys PIX501 router/firewall

mrainey · « **Reply #3 on:** June 09, 2006, 08:55 AM »

I don't know much about all this. I was under the impression that my firewall (ZA Free) would notify me if an unauthorized program tried to phone home. I checked, ZA is set to ask permission first before allowing WGA to send information.

It's obviously not that simple, is it?

f0dder · « **Reply #4 on:** June 09, 2006, 08:58 AM »

Sounds interesting, mrainey. I wonder if it goes through some nasty hoops to avoid firewalls, or if it only phones home under certain conditions.

Whatever it is, blocking at a hardware firewall network perimeter works

Carol Haynes · « **Reply #5 on:** June 09, 2006, 09:11 AM »

It is listed in my firewall apps as WGATRAY.EXE

thunder7 · « **Reply #6 on:** June 09, 2006, 11:24 AM »

Well i look at it this way, "If i wanted ET to Phone." Id call.
I do not want it calling or telling M$ nothing.
Without my direct permission.
That is my right!.

That is your Right as well. If you want them snooping on your PC that is your right.

And as my Right, I do not want them snooping.Period

Josh · « **Reply #7 on:** June 09, 2006, 12:36 PM »

Well i look at it this way, "If i wanted ET to Phone." Id call.
I do not want it calling or telling M$ nothing.
Without my direct permission.
That is my right!.

That is your Right as well. If you want them snooping on your PC that is your right.

And as my Right, I do not want them snooping.Period
-thunder7 (June 09, 2006, 11:24 AM)

What snooping are they doing exactly? They specifically tell you what information is sent in the EULA. They retain your IP and a hash of your product key. Again, I restate, what is the harm in sending an IP address and product key hash? They cant track you down from it, they wont be able to disable your windows installation based on this information, all they can do is (if you are running ingenuine windows) stop you from using MS Update and the MS Download center for certain things. What many fail to realize is that you give your IP out involuntarily every day when you visit websites that either, link to off-domain images or files, or when you visit a website with 3rd party advertisements. Either way, you didnt say "The server's that this site links to can have my IP address and know I've visited this website". To me, the tracking, via url and file access, is far more of a privacy violation. So again, I fail to see what snooping they are doing when they specifically tell you what they are doing in their license agreement that YOU AGREE TO WHEN YOU INSTALL WGA. If you dont want WGA, then you cant use windows update (but you can still get critical updates via auto-update, which microsoft has stated they wont prevent). WGA (in my eyes), shouldnt be an issue if you are running a legit copy of windows. I've only seen people who are running pirated keys and some business customers actually be legitly upset about this.

Again, just as with other sites, I see people yelling and throwing (not at dc.com, but other sites are far more juvenille about this topic, betanews.com for example) a fit over an IP address and a product key hash being sent and then claiming a privacy violation. I fail to see how this is so, if you agreed to let MS install it at windows update.

thunder7 · « **Reply #8 on:** June 09, 2006, 04:16 PM »

I have a legit copy of windows.

My Girlfriend works as a PC Tech, so I have the newest version of Windows XP on my new machine. If you remember though the "Root-kits" every body thought Sony a big and respected Name Brand (was bending us all over the barrel). If it was not for http://www.sysinternals.com/ No-one would be the wiser either.

You do not know All the back doors Microsoft has into a OS. No one but M$ does.
But again if it was not for hackers and other knowledgeable people we would never know what Swiss Cheese of a OS Windows really is.

So When ET is Phoning home what bits and bytes is it telling Home about you and your data, do you think you are safe.
You are not!.

With a router and firewall maybe.
Do you think though that if you really ponder long enough about an OS do you think there are back doors unknown??.
Paranoid, hell yeah,...

My info is my business.
Is not your info data (and dirty Landry your business-what you do on your PC) your business?

Josh · « **Reply #9 on:** June 09, 2006, 04:25 PM »

ok, You keep saying that there are all of these backdoors into windows. Please, name one that you have seen or read about or that has even affected you. Windows has so many exploits because hackers want to exploit what is in the MAJORITY OF USE, so they find exploits in windows, since 90% of the users utilize it. I guarantee you that if linux, or mac osx, were in the majority, you would find the same problem. As it is, linux has new exploits found every day, I get a list of them and the list is larger than any windows vulnerability listing I've seen. .

Also, again, you keep saying windows is telling MS about what data is on your system, do you have proof of this? They admitted that they send a PRODUCT KEY HASH and your IP ADDRESS, which isnt hard to obtain at all, heck you give it to many advertising companies simply by loading webpages. So again, please, provide me proof that microsoft is sending more than they claim, show me a backdoor. I've heard these claims before and you know what, they are all unsubstantiated.

Carol Haynes · « **Reply #10 on:** June 09, 2006, 04:36 PM »

Try some of these links for stuff on MS Backdoors ...

http://www.google.co...icrosoft%20Backdoors

I have no proof that MS has backdoors into their software but I would be very surprised if there weren't some! I've seen 'War Games' ...

Josh · « **Reply #11 on:** June 09, 2006, 04:52 PM »

Yes, that was a rumor started by an news reporter after the law officials overseas tried to get MS to PUT a backdoor in vista to decrypt bitlocker volumes. Microsoft has already acknowledged that no backdoor would be provided.

Carol Haynes · « **Reply #12 on:** June 10, 2006, 06:26 AM »

Yes, that was a rumor started by an news reporter after the law officials overseas tried to get MS to PUT a backdoor in vista to decrypt bitlocker volumes. Microsoft has already acknowledged that no backdoor would be provided.
-Josh (June 09, 2006, 04:52 PM)

Well none that they will admit to publicly

If it ever became public knowledge that MS had backdoors into Windows the business world would leave like lemmings - doesn't mean that there aren't backdoors that are only suspected though!

There have been plenty of exmaples of backdoors left in systems by developers as insurance against dismissal that have then caused fun and games when the inevitable happens.

Can't help wondering whether a lot of the potential security problems are purely bad programming or whether some of them were deliberate and now attributed to programming issues.

thunder7 · « **Reply #13 on:** June 10, 2006, 07:17 AM »

If it ever became public knowledge that MS had backdoors into Windows the business world would leave like lemmings - doesn't mean that there aren't backdoors that are only suspected though!

There have been plenty of examples of backdoors left in systems by developers as insurance against dismissal that have then caused fun and games when the inevitable happens.

Can't help wondering whether a lot of the potential security problems are purely bad programming or whether some of them were deliberate and now attributed to programming issues.

If it ever became public knowledge that MS had backdoors into Windows the business world would leave like lemmings Well being Windows is the only OS that so far can handle our digi cams,and other hardware.
It is kind of hard to leave. For example: I am just now figuring out cmd lines. I may have been on the net for 12 years. There is much I do not know yet. That is why I am here to learn, because I do not know everything!.

I just know Windows 95,98,98SE, Windows ME I am slowly learning Windows XP Pro

Can't help wondering whether a lot of the potential security problems are purely bad programming or whether some of them were deliberate and now attributed to programming issues Well that is why coders have beta testers as myself to test there programs. I know a few programmers with a million, billion lines of code there are error's (Windows Many Errors).

There are many back doors, weather we choose to believe this or not.

Josh · « **Reply #14 on:** June 10, 2006, 09:03 AM »

There are backdoors in that microsoft didnt account for the various possibilities or buffer overflow/underflows. This will hopefully be fixed with Windows vista's new networking stack and memory management code. But, as for intentional backdoors, I dont think microsoft would be stupid enough to leave one in there, especially being that 55% of the win2k source code leaked a few years ago. Someone is probably still analyzing that. Dont you think we would have heard something by now?

app103 · « **Reply #15 on:** June 10, 2006, 10:29 AM »

If you dont want WGA, then you cant use windows update (but you can still get critical updates via auto-update, which microsoft has stated they wont prevent).
-Josh (June 09, 2006, 12:36 PM)

They are now forcing WGA for autoupdaters too. You can no longer download automatic updates without receiving WGA as your next update. You can download updates after that even if your pc doesn't pass the test, but you will have nags telling you that your OS isn't 'genuine'. I know quite a few people running pirated versions of XP that have had a problem with this recently. Most rolling back to Win2k or moving to linux because of it. (I guess the nags are working?)

Without WGA installed there are no more updates for any XP users.

My past experiences about a year ago with blocking certain Microsoft IP's has resulted in some odd things...mainly related to receiving updates.

In order to download updates from the Windows Update site, you can't block a specific server that it will do a time check with. You will get an error about your clock being wrong and Windows Update will refuse to work properly.

I thought this was kind of odd, but when I unblocked all Microsoft IP's Windows Update site began working properly again.

I tried to unblock them one at a time to find the right combo but that only fixed the problem temporarily, as they keep changing the server they use for the time check. I had to unblock them all eventually.

I can be the paranoid type sometimes and didn't think my OS needed to phone home without me knowing about it or agreeing to it or knowing what for.

I have come across a few things in the past to justify this blocking behavior. Namely the spyware that used to be included with MSN Messenger that they at first claimed wasn't part of their product, that would reinstall itself every time you ran MSN if you tried to disable it. They have since removed this from MSN. (do some research on the history of the mysterious loadqm.exe)

Also there have been some reports/rumors about the WMF exploit being something deliberately written into the WMF specifications by Microsoft in case they ever needed to use it as a backdoor to force install anything they needed/wanted to on a user's pc...by just displaying a graphic on their site...or as an ad on another site....or by other means of getting you to view the graphic.

The fact that some 9x versions of windows are affected by this and Microsoft refuses to issue an update to fix it before the end of life & end of updates this month kind of bothers me. We have been waiting since January for an official fix. Do they have some nasty stuff planned for 9x users to get them to upgrade against their will? Or are they just being lazy? Or by not patching it, do they think older machines will suddenly be able to run a newer version of windows and they can make some more money? I don't know but I am patched against the problem on my WinME machine despite their lack of fix for it.

Now about IP's....Your IP is like the house number on your front door. Just knowing it doesn't give someone a way in. And hiding it is like trying to take the numbers off your door in order to hide your house. It's silly and can have some negative results. Imagine doing that in real life and then ordering a pizza or calling a taxi.

Everything you do online is tied to your IP. Without it you get no web pages...no antivirus updates, nothing. All servers you connect to from the time you log in online till the time you go offline will get your IP...and even more info...like what operating system you use...or what browser you are using and the version of it. If you don't like it, the only solution is to pull the plug on your connection and not have an IP.

There are the paranoid types that think knowing someone's IP means they can crack into your computer. It's not as simple as that. It would be like saying that your house can get robbed if you put a number on the front door and keep the place securely locked but by removing it and leaving the front door unlocked it will somehow save you from being robbed. (It's not the house number that is the problem here.)

But everyday I saw people in my chatroom that were very paranoid about others knowing their IP. We openly displayed it when you entered the room for the purposes of being able to block gross misbehavers and identify impersonators of people we know....and to be able to report peddlers of child pornography to the proper authorities (yes we have seen a few of these in the room)

I have also seen some idiots trying to scare people with the "I got your IP" line, perpetuating that kind of paranoia. So much that I started displaying mine as part of my username in the room just to prove a point. I think quite a few of my admins did too to prove the same point. (one of the guys in the room displayed 127.0.0.1 as part of his username for many years as a joke about us doing it, even after we stopped). We all did notice one strange effect by displaying our IP's so openly...we all got fewer port scans showing up in our firewall logs.

Carol Haynes · « **Reply #16 on:** June 10, 2006, 10:49 AM »

WGA stops you downloading updates but not installing them. If you have access to a legitimate copy of Windows with WGA then you can simply download all the patches manually and move them any other computers you like.

Personally I think WGA is a bigger security risk and won't prohibit piracy. I guess that a lot of patches will appear on P2P networks and cracker sites to avoid WGA and then God alone knows what will be in those payloads! The nasties probably won't just affect the idots downloading them that way but have a knock on effect to the rest of us with new viruses/trojans getting into other people's systems.

Josh · « **Reply #17 on:** June 10, 2006, 11:59 AM »

app103: i must say that is a very well written reply.

In response to you win9x issues, Since Win98 and WinME have reached their end of lifecycle, there will be no more patches for either OS. This is a good thing, in my eyes, since win9x/me were based on an inferior code base. Security wasnt put into mind when designing these os's. Windows NT/2K/XP were built on an entirely different codebase and as such, had a different goal in mind. Now, the WMF bug was code left over from back when the internet was as known, and as such, microsoft didnt add checks for possible buffer overflow/underruns. That is why that exploit became so widespread, because it was designed to work a specific way on an OS that wasnt designed for widespread net use.

f0dder · « **Reply #18 on:** June 10, 2006, 03:02 PM »

I'm with Josh here.

Microsoft wouldn't intentionally put a backdoor in windows, it would be too much outrage if it was discovered. And with the 55% win2k source leak and even more of the NT4 source, well, it would have been found out.

As for the WMF problem, I really doubt it was planted intentionally. It looks more like a careless reuse of code to me. Of course nutjobs like Steve Gibson claim otherwise, but they're nutjobs after all.

As for WGA, the data it sends back is "like, whatever". But I don't like any kind of "call back home", whether it sends sensitive data or not. It's simply uncalled for, and while you might say "but it doesn't send any personal info" is a slope of acceptance that'll quickly lead us to a nasty Big Brother situation.

app103 · « **Reply #19 on:** June 10, 2006, 03:14 PM »

app103: i must say that is a very well written reply.

In response to you win9x issues, Since Win98 and WinME have reached their end of lifecycle, there will be no more patches for either OS. This is a good thing, in my eyes, since win9x/me were based on an inferior code base. Security wasnt put into mind when designing these os's. Windows NT/2K/XP were built on an entirely different codebase and as such, had a different goal in mind.
-Josh (June 10, 2006, 11:59 AM)

That doesn't mean that suddenly there will be drivers for all my old hardware that will work with an OS other than Win95/98/ME. (as is the case with my P1)

And don't confuse security with stability, which was the major difference between the 2 code bases.(how it handles memory use) The security differences are from the desk chair point of view, as NT allows you to limit what someone sitting in your chair can do. This was to prevent employee tampering. Something you shouldn't have to worry about at home if you supervise your children like you should be doing.

My choice as a home user was influenced by the sales pitch I was given that said that WinME was better for home use than Win2k, because Win2k was meant for business use where people didn't play games. I was even told that Win2k was deliberately made bad for games, in order to discourage people from playing games when they should be working. This was the sales pitch for WinME and ultimately why I ended up with it on my P3, instead of Win2k like my father had on an identical PC bought at the same time as mine. They could have made a bit more money if they told us the truth, as I would have wanted Win2k instead.

And Microsoft knew that the WMF issue needed to be fixed back in January, and they did fix it for an OS that is just as old as my WinME. (Win2k) End of updates wasn't supposed to happen till June. They still owe us this update as far as I am concerned.

And personally I feel as if they owe WinME users, in particular, updates for as long as they are still supplying updates for Win2k, since the ages of both OS's are the same.

And IE 6 users of all versions of Windows... except 9x... will still get their holes patched. That means that they still plan on supporting IE 6. There should be patches for all versions of Windows that IE 6 can possibly be run on till they decide to no longer support it on any version of Windows....like they did with IE 5. They patched that on all Windows versions till they decided not to patch it on any version. They didn't single out anybody based on OS.

WinME users have always been handed the short end of the stick and cheated by Microsoft. If they were not going to give us what we were due, the least they could have done was give us the option of some steep discounts on an upgrade version of Windows that they planned on really supporting or refund us some of the money we shelled out for WinME...a long time ago.

And I know there are plenty of people that would agree with me on that. Plenty of WinME users feel as though that was the OS that should have been the first OS in history to be recalled, like you recall a bad car or dangerous toy or some other seriously defective merchandise.

btw...have you noticed that most of the major exploits that have been publicized the last few years have been for NT based versions of Windows while 9x has been IMMUNE to them? (sasser & blaster are the first 2 to come to mind) So much for NT being 'more secure'.

f0dder · « **Reply #20 on:** June 10, 2006, 03:27 PM »

btw...have you noticed that most of the major exploits that have been publicized the last few years have been for NT based versions of Windows while 9x has been IMMUNE to them? (sasser & blaster are the first 2 to come to mind) So much for NT being 'more secure'.
-app103 (June 10, 2006, 03:14 PM)

The NT kernel is a lot more secure than the 9x "kernel", and more stable as well. The security problems come from all the usermode crudd added by the incompetent codemonkeys at MS... it's a shame such a nice kernel is tainted by such lousy code for much of the rest of the OS

app103 · « **Reply #21 on:** June 10, 2006, 03:46 PM »

btw...have you noticed that most of the major exploits that have been publicized the last few years have been for NT based versions of Windows while 9x has been IMMUNE to them? (sasser & blaster are the first 2 to come to mind) So much for NT being 'more secure'.
-app103 (June 10, 2006, 03:14 PM)

The NT kernel is a lot more secure than the 9x "kernel", and more stable as well. The security problems come from all the usermode crudd added by the incompetent codemonkeys at MS... it's a shame such a nice kernel is tainted by such lousy code for much of the rest of the OS

-f0dder (June 10, 2006, 03:27 PM)

I thought I was poking fun at it. (reason for the

face)

I have been known to make the joke, that if you don't already have all the security software you are going to need in order to safely go get all your updates for 2k/XP, online, then you better install 9x and go get them first.

And while I mean it as a joke, the sad thing is that it's true.

You'd be safer with 9x than running without a firewall & antivirus while you make your way to download an antivirus and real firewall and then hitting Windows Update to download the necessary patches & service packs to protect you.

They say 20 minutes is all that an unprotected copy of 2k/XP needs to end up compromised. I think it's longer for 9x. We can at least get our updates installed without being hit before the download is complete.

f0dder · « **Reply #22 on:** June 10, 2006, 03:50 PM »

Yup, an unpatched XP or 2k box will unfortunately get hammered *very* quickly. It's amazing that people are still routinely probing wide IP ranges to try and infect people...

Josh · « **Reply #23 on:** June 10, 2006, 04:25 PM »

I will post further on your latest reply app, I have to go setup a tent with my wife, but I wanted to hit on the Sasser/Blaster worms that you point out. Those holes were in the RPC code, this has since been patched. Since win9x doesnt have these facilities, of course it is immune. Also, people dont target machines that arent in the majority. Win9x/ME users are the minority. Windows XP is far more targetted since it has wider adaptation.

The NT kernel is far more stable and far more secure than the 9x kernel, that has been proven time and time again. I remember having to reinstall win98 every 3-4 months due to some driver or rogue app that would crash it. In XP and 2k, I have driver rollback, I have system restore, I have a better memory management system. With windows vista, you will see a memory management system that covers the user in case of undiscovered or unpatched buffer exploits (the most common security hole in windows) thanks to the NX coding instruction. IE6 (GOLD RELEASE) support for win9x will cease after July of this year ( http://support.micro...t.com/gp/lifesupsps/ ). So no, they wont receive patches, only win2k/xp will. This is good because the old 9x code bases need to be retired since the XP codebase is proven to be far more stable. While there are more exploits, how many have you been hit by? The only one I was hit by was blaster, and that was an easy patch. Anyways, case and point, 9x is far less used than XP/2K, which is why XP/2K are targetted.

thunder7 · « **Reply #24 on:** June 11, 2006, 12:58 AM »

Josh no disrespect
However if you really think about it Windows XP Pro holes in it, "Like pouring water into a barrel watching to see where it leaks, wait it will.
I mean no disrespect.

However if WXP was this safe virus's would have nothing to latch on, and hacker would not be able to hack us, etc etc.
A friend of mine said once Oh you mean like my Apple.
I have never been rich enough to afford an Apple so I can not say.

However being Bill Gates Helped Steve Jobs and wow low and behold, Apple can now run Windows XP hmmm,...Intresting. Now why would you want to run XP if Apple is so good.
Because you can one friend of mine said.
Yeah ok!. I can understand, however is that Apple still as safe?

Any Apple users out running a dual OS (Apple & WXP) ???

I really can not believe Windows is so safe.
Because nothing is ever 100% safe.

Not routers not firewalls.
Not Windows XP Pro