Cancelling WGA Installation sends a report to Microsoft

The German computer magazine CT (English translation using google translate) analyzed the new WGA Notification that is installed during Windows Update. They decided to cancel the installation and immediately after doing so the firewall reported that update.exe tried to connect to the internet. This caught their attention of course and they decided to analyze the data that was send after the connection was established.

They used Wireshark to analyze the traffic and found out that update.exe sends data to genuine.microsoft.com. Some of the data seems to be encrypted while some could be identified. It sends registry information, namely the SusClientID as well as information about the version of the WGA tool, the windows version and the language of the operating system. It also sets a cookie which contains a GUID which could possibly be used to identify the computer.

View: Full Article @ gHacks.net

Report a problem with article
Previous Story

Diskeeper 11 Build 701t

Next Story

Stressed Out Windows: Making Windows Robust

43 Comments

Commenting is disabled on this article.

its not a big deal... google "Windows XP" "belarc advisor current profile" if you care that much about the genuinity of your windows. you'll find a shtload of valid keys.
Besides, WGA only allows you to get extra microsoft updates like ie7 , wmp11 and defender.
The WGA kit is $200. do you really want to pay that much for a crappy browser, and a media player and spyware stopper that match the microsoft brand name?

Quick fix -

|Start|
|Run|
Open:
notepad %windir%system32driversetchosts
[OK]
Add line:
127.0.0.1 microsoft.com
|File|
|Save|

^^ and say goodbye to any updates or other free apps you get from the microsoft site.

genuine.microsoft.com would probably be better to add. This also assumes that the app will take the host file into consideration before forwarding the data -- which it may not.

Well, as I said earlier... I don't mind the WGA system as it's the same as how most other services act...

I don't mind the Police looking at my license plate while I'm driving and checking if my car is stolen... Yes, they do it so they can arrest me, fine... But I look at WGA almost the same way(Without the handcuffs and chains). They're not doing it so they can arrest you, they're just doing it so they can protect their products. It's not really invasive, yes, it can possibly identify you, but so can your registering in the first place. You have that CD Key, it's tied to your hip. "Wooptie Do"

Also, for people saying that a "small amount" of users are using a pirated copy... Don't forget, the US isn't the only country out there. In China around 90% of software there is pirated... That's hardly a "small amount".

Barg.

There will be those that complain about every ping that goes to *.microsoft.com. There will be those that say anything that Microsoft wants to read from their computer is 'ok', as they have "nothing to hide".

My stance is that every unauthorized blurb of personally identifiable bits of information gathered without the user's knowledge is spyware. That is certainly a commonly accepted definition for other 3rd-party apps. The question is, how personal and individual is the encrypted data that is sent? Right now, no one knows, but it doesn't stop the speculation.

If I recall correctly, when I activated XP Microsoft clearly stated that (1) they care about my privacy (aawww!) and more importantly (2) no personally identifiable information would be transmitted.

So, if Microsoft did or plans on submitting personally identifiable information it is basically a breach of contract and they would face a huge lawsuit. I don't think they are that foolish.

As you said though Mark, it's just speculation.

C_Guy said,
If I recall correctly, when I activated XP Microsoft clearly stated that (1) they care about my privacy (aawww! ) and more importantly (2) no personally identifiable information would be transmitted.
Really? In XP?

I'm looking at the XP SP2 EULA right from Microsoft's site, and I see written "concern", but section 2 says,

The Software features described below are enabled by default to connect via the Internet to Microsoft computer systems automatically, without separate notice to you. You consent to the operation of these features, unless you choose to switch them off or not use them. Microsoft does not obtain personal information through any of these features.
Now, they specifically state (for XP, anyhow) the apps that this covers. WGA is not subject to this statement. Also, they say they do "not obtain personal information through any of these features.", but what constitutes as "personal"? Credit card numbers? Unique license key? Hardware hash? Any serial numbers? No explanation, really.

Though they do also link to an online "privacy statement" that I suppose they can change the content of at any time they please. Users can use Archive.org to try to find the applicable statement if they can certify what date they agreed to the EULA.

I trust Microsoft with personal data as much as I do Google. And I don't trust Google very much.

markjensen said,
Really? In XP?

I'm looking at the XP SP2 EULA right from Microsoft's site, and I see written "concern", but section 2 says,

The Software features described below are enabled by default to connect via the Internet to Microsoft computer systems automatically, without separate notice to you. You consent to the operation of these features, unless you choose to switch them off or not use them. Microsoft does not obtain personal information through any of these features.
Now, they specifically state (for XP, anyhow) the apps that this covers. WGA is not subject to this statement. Also, they say they do "not obtain personal information through any of these features.", but what constitutes as "personal"? Credit card numbers? Unique license key? Hardware hash? Any serial numbers? No explanation, really.

Though they do also link to an online "privacy statement" that I suppose they can change the content of at any time they please. Users can use Archive.org to try to find the applicable statement if they can certify what date they agreed to the EULA.

I trust Microsoft with personal data as much as I do Google. And I don't trust Google very much. ;)

So here's what I'm wondering then, if that covers the SP2 EULA, did anyone ever see a EULA for WGA? I don't remember one. I mean it is post SP2 which means that it would need a new EUAL or does it fall under the general EULA still?

big ****ing deal... lay off teh child porn and you shouldn't have to worry... i for one do not care as i have a legit copy... and i smoke LOT'S of weed, do you hear me MS? LOT'S of weed!!!!! <- for the stupid kids

WOW someone gives an EXAMPLE of what could be seen in a hard drive image and you're making them look like child porn viewing pedophiles.

Then you talk about weed and try to explain what weed is and call people stupid kids.

I used to smoke it. I know for a fact it never made me stupid, but looking at your post I'm starting to wonder if I just got lucky because you sound like you have the IQ of a terd.

norseman said,
... and i smoke LOT'S of weed, do you hear me MS? LOT'S of weed!!!!! <- for the stupid kids
If you smoke less of it, you might recall that it isn't "lot's", it is "lots", or "a lot". :P

lol funny responses. What about this new backdoor microsoft has in Vista for the Feds...you are safe if you have bitlocker enabled I think. so much power for one company to wield around.

just a simple block to the firewall
geniune.microsoft.com

if you open the site you get this

Directory Listing Denied
This Virtual Directory does not allow contents to be listed.

Well, this might be a big deal.... since no one really knows, as of yet, what is sent to Microsoft. The bigger picture is that it may be a big concern if this type of technology sends a snapshot of your computer's hard drive image to some authority and you have passwords, banking, emails, or such that they can see.......... not to mention porn

get the picture, here?

barneyt said,
Well, this might be a big deal.... since no one really knows, as of yet, what is sent to Microsoft. The bigger picture is that it may be a big concern if this type of technology sends a snapshot of your computer's hard drive image to some authority and you have passwords, banking, emails, or such that they can see.......... not to mention porn

get the picture, here?

Yeah I'm so sure that in just a couple of MB's at the most that they manage to squeeze in a full image with all of your passwords and details.

If you are going to post something ridiculous, at least make it somewhat possible.

As it is even my wife is laughing at the extreme to which you're taking this FUD.

barneyt said,
Well, this might be a big deal.... since no one really knows, as of yet, what is sent to Microsoft. The bigger picture is that it may be a big concern if this type of technology sends a snapshot of your computer's hard drive image to some authority and you have passwords, banking, emails, or such that they can see.......... not to mention porn

get the picture, here?

Yeah I'm sure thats what Microsoft needs, your porn and emails. Bill Gates personally sits there and wades through it

Morpheus Phreak said,

Yeah I'm so sure that in just a couple of MB's at the most that they manage to squeeze in a full image with all of your passwords and details.

If you are going to post something ridiculous, at least make it somewhat possible.

As it is even my wife is laughing at the extreme to which you're taking this FUD.

No reason to post an ugly comment like this.... I am simply pointing out that these unknown transmissions, done with out the user's knowledge is just another example of spyware......... (as MarkJensen stated below). I said nothing about Microsoft using this. However, there are plenty of others who could employ this technology for their own desires. There is a bigger picture here.

barneyt said,

No reason to post an ugly comment like this.... I am simply pointing out that these unknown transmissions, done with out the user's knowledge is just another example of spyware......... (as MarkJensen stated below). I said nothing about Microsoft using this. However, there are plenty of others who could employ this technology for their own desires. There is a bigger picture here.

Actually, if it weren't for the fact that you'd see a spike in processor usage, the ability to take a catalog of your software and licenses would be possible. This being said, this could be done to see what software a user is running and wether or not it was legit. At least for MS products. The reg keys could be checked against their databases and they could then see if you were running pirated MS products. They could also get your name, if you gave your real name, computer name and, a hardware report from this as well. Saved to a txt file it wouldn't be all that large, but you'd see the network spike for a sec while it sent. Most users wouldn't notice because to send a .txt that's only a few 100kb in size wouldn't make a noticeable spike. The fact is that MS lied to us again. They said, "we collect no identifying information from you." This was one reason why people were ok with updating the MS OS'es from the net. Personally, I check each and every file on Windows Update and select only what I need, not, what MS thinks I need. Does this mean I know better than MS? No. It means I know more about my machine than MS and I'd personally like to keep it that way. I own it, they don't and until a law is passed that states that a corporation is allowed to control property owned by a person, it's gonna stay that way.

lol I love these responses.

ooo Microsoft takes a report of whether your windows is genuine or not, big deal. If you aren't using a pirated copy you have nothing to worry about it.

Get over yourself.

Are you OK with the police putting up video camera inside everyones homes (including yours) so they can catch people doing drugs more easily? I'm assuming you don't do any hard drugs, so you're OK with this. Right?

idbuythatforadollar said,
Are you OK with the police putting up video camera inside everyones homes (including yours) so they can catch people doing drugs more easily? I'm assuming you don't do any hard drugs, so you're OK with this. Right?

That's hardly the same.

Microsoft doesn't spy on what you do using your comupter, they just check if Windows are genuine.

The same situation would be if the police would invent some sort of a scanner which would detect drugs in people's homes. Since I don't use drugs, I WOULD be OK with that.

I agree, if your Windows installation is legit, you've got nothing to worry about. Heck, I never even noticed the WGA.

PiKoViT said,

That's hardly the same.

Microsoft doesn't spy on what you do using your comupter, they just check if Windows are genuine.

The same situation would be if the police would invent some sort of a scanner which would detect drugs in people's homes. Since I don't use drugs, I WOULD be OK with that.

I agree, if your Windows installation is legit, you've got nothing to worry about. Heck, I never even noticed the WGA.

I'm glad you've accepted the new police-state policy of scanning your house. Now phase 2 is to insert a rectal probe inside of you and have it painfully jiggle a few times each day to extract a blood sample just to make sure you aren't taking drugs outside of your already-scanned home. Thank you for your cooperation, together we will violate everyone for everyone's own benefit!

Cool. So now stop sending out any mail in envelopes. You've nothing to hide so why bother with envelopes? May as well call the bank too and ask then to send your bank statements without any envelope. According to your logic, we can all be trusted with one each others data so what's it matter if the postman knows your account details? But wait, you say, MS are not looking at bank details. The point is that you don't have the first clue of what they are receiving and looking at!

The "nothing to hide" argument is so old and so damned flawed it's laughable. It completely misses the point of a personal right to privacy and a right to be informed when an action you are about to commit to may invade that right to privacy.

No I think you're the one that needs to get over yourself and stop thinking that you know everything.

You're missing the point or completely ignoring it.

update.exe contacts genuine.microsoft.com and uses a cookie with a GUID that can be used to identify that system.

Since WGA has been around, Microsoft has said it can't be used to identify your system. This is proof that it indeed can do it and most likely does. If they weren't sending out info to identify your system they wouldn't need that cookie for anything.

Do you get the point now or are you going to come back and twist some words around and start a different argument?

The simple FACT is that Microsoft is spying on all it's customers that use WGA when they've said they don't do it. They're getting caught in a lie.

WGA is a joke and always has been. Genuine users really don't actually need it installed. There's ways around it that you don't even need cracks for.

What's getting really old is all the genuine users out there being reported as non-genuine because WGA doesn't even work right. Microsoft should really just scrap WGA. It's done nothing but cause issues for MANY genuine users that it was meant to stop.

idbuythatforadollar said,
Are you OK with the police putting up video camera inside everyones homes (including yours) so they can catch people doing drugs more easily? I'm assuming you don't do any hard drugs, so you're OK with this. Right?

No, I'm not okay with the Police sticking a camera in my house to watch what I'm doing ...

However, I -AM- okay with the Police looking at my license plate while I'm driving and checking if my car is stolen.

I look at WGA the same way. Except for running the plates on the Highway... They're being checked on the Information Super-Highway.

it's about time microsoft should stop demanding the updates and it's getting time people need to look into the updates which they get. I also look which updates are given from MS and I only install which I think is necessary...

I control my own pc not Microsoft.

Sooner the better to bin WGA.

I have said many times, it makes me feel like I am a criminal.

I know also it connects to the net as I see it in my lists that allow connections via my firewall.

Well there you go. All those times MS claim "no information to identify you will be sent". Naughty naughty MS. This will only make people mis-trust you more.

I beleive if you have a genuine OS on your PC MS should not be allowed to keep pestering you with various WGA. I bought it, now beleive me the first time I tell you!!!

Well, they wouldn't change WGA and keep doing it over and over if it wasn't cracked all the time. If the first version was left alone, then maybe they'd just run it once. I don't know, but that's what i'd like to think anyways.

GP007 said,
Well, they wouldn't change WGA and keep doing it over and over if it wasn't cracked all the time. If the first version was left alone, then maybe they'd just run it once. I don't know, but that's what i'd like to think anyways.

But they are changing it all the time because of a minority of users who have a cracked version of XP. The majority of users are legit...as told by the insane amounts of profits MS make each year.

This WGA is a joke. As soon as it is created within 1 hours it is usually cracked...so what's the point in MS even trying?

Why should the majority of users be made to feel like a thief?

axious said,

But they are changing it all the time because of a minority of users who have a cracked version of XP. The majority of users are legit...as told by the insane amounts of profits MS make each year.

This WGA is a joke. As soon as it is created within 1 hours it is usually cracked...so what's the point in MS even trying?

Why should the majority of users be made to feel like a thief?

They're not made to feel like thiefs ... its no different than a Security Guard looking at you as you leave a store ...

SimpleRules said,
They're not made to feel like thiefs ... its no different than a Security Guard looking at you as you leave a store ...

But if you've been going to the same store for 20 years with the same security guard, then they all of a sudden decide that you need to be completely searched one day, and everyday following, I'm sure you'd feel a little uneasy.

Brutimus said,

But if you've been going to the same store for 20 years with the same security guard, then they all of a sudden decide that you need to be completely searched one day, and everyday following, I'm sure you'd feel a little uneasy.


But you wouldn't feel uneasy, if you don't know you're virtually strip searched everytime. Bet you didn't knew this was happening before this news was posted
Besides this "call back to home" is happening if you decide to cancel a WGA update, the fact you or anybody else for that matter cancelled a setup at a point when the genuinity of their Windows is about to be determined provides a just cause to do it! I have in the past, used non-genuine Windows if you must know where I'm coming from.

The only way for this to stop or to try and stop Microsoft from doing this is to take Microsoft to court. In a way Microsoft is Slandering Legal users and Slandering is a Crime..