spyware in windows xp

[markwolfe Veteran]

Very good point. I wonder if they keep track of all of the searches that are made on their search engine.

Apparently, they do keep records of who searches for what...

http://www.google-watch.org/

(Yes, this is a bit off-topic, as the thread is for Eeeevil Microsoft, not Eeeeevil Google) ;)

[John Veteran]

Dxdiag tries to connect to the internet every time I try to load it, even with that option disabled. Maybe it is just a fluke to me?

what server does it try to connect to?

[PseudoRandomDragon]

You miss the point. Google is different because it is a web page, not a program on your computer. Google would fall onto a different catagory (being a web page) for what they do with what you search.

Pfft, if it were a company like ZoneLabs or Blizzard, or Mozilla doing this, people like you would be all over their arses.

The good thing is, in terms of phone home/spyware, I haven't seen anything truly outright.

[el22]

Google is different because it is a web page, not a program on your computer. Google would fall onto a different catagory (being a web page) for what they do with what you search.

MSKB's database is a webpage. Accessed via a software that makes the search. Google toolbar's just the same.

Plus, why would you care if MS recorded what you searched for in MShelp :rolleyes: ?

Mozilla doing this, people like you would be all over their arses

Well, now that you say it, Mozilla attaches a special query string to every google search made from their toolbar (without telling me so before). And I don't complain at all, because that's not spyware.

[PseudoRandomDragon]

Sigh.... im not going to bother explaining it. If you don't get it, you don't get it.

[John Veteran]

:D please do explain! it seems he's proved you wrong and your response is "if you don't get it, you don't get it"...

i would like to mention that microsoft does keep track of what is searched for, but not neccessarilly who searched for it... they then compile the search queries and use this data to improve their search engine. goole does this, as does every other major search engine i know of.

and pseudo, what URL does dxdiag contact? you still haven't answered this...

[PseudoRandomDragon]

He wants to engage in a argument over what spyware is to throw this all off-topic. Suddenly what you search for being tracked and sent to a server by a program on your computer does not constitute as spyware.

Dxdiag doesn't contact a URL, it contacts an IP address. It happens every so often that I run it, but as I said before, I think it is a fluke.

[John Veteran]

well unless you intend to download the entire KB database, i don't see another way of getting updated results :huh: why don't i download the entire google database, so they can't know what i'm searching for? :wacko:

if you think it's a fluke, ok.

[el22]

He wants to engage in a argument over what spyware is to throw this all off-topic.

Right :rolleyes:

Conspiracy theories anyone? ;)

well unless you intend to download the entire KB database, i don't see another way of getting updated results? why don't i download the entire google database, so they can't know what i'm searching for?

Exactly that's my point

Suddenly what you search for being tracked and sent to a server by a program on your computer does not constitute as spyware.

Omg... It's not spyware! You are asking MS, "hey, MSKB, do you have anything about [insert_keywords_here] in your archives?", it's obvious they are going to know what you searched because YOU did it. Those Men in Black gadgets don't work with search engines' logs.

Altavista, Yahoo, Google and all the major search engines have been giving stats on what their top search keywords are for years. Nobody complains about this because THAT'S COMPLETELY LEGAL. It's in the terms of use/privacy policy of the websites and (in this case) software.

Edited February 13, 2004 by el22

[PseudoRandomDragon]

The fact that it is legal means almost nothing. A lot of what spying companies do online is perfectly legal.... unfortunately.

I am also still wondering about this Application Layer Gateway Service thing. Theeldergeek says this:

"Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall."

Does this mean it listens for connections until someone decides to install a plugin? Is it worse than that? Is it nothing to worry about at all? The implications given by Theeldergeek are disturbing.

Edited February 14, 2004 by PseudoRandomDragon

[el22]

The fact that it is legal means almost nothing. A lot of what spying companies do online is perfectly legal.... unfortunately.

Indeed.

But to assume Microsoft would include spyware in their help system (again, why would they want to know what you search in MShelp if not to have statistics about which articles are the most viewed, etc.) is pointless IMO. If they really wanted to spy you, they would hardcode a service in the OS without even showing it to you, instead of having 513513646 different components that, according to some people, "spy" on you.

[John Veteran]

Application Layer Gateway Service

Service Name: ALG

Executable Name: ALG.EXE

Log On As: LocalService

Description: This subcomponent of the Internet Connection Sharing (ICS) / Internet Connection Firewall (ICF) service provides support for independent software vendors (ISVs) to write protocol plug-ins that allow their proprietary network protocols to pass through the firewall and work behind ICS. Application Layer Gateway plug-ins have the power to open ports and change data (such as ports and IP addresses) embedded in packets. File Transfer Protocol (FTP) is the only network protocol that has a plug-in shipping with Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition.

The service listens for outgoing FTP traffic from an FTP client. It extracts the port that the FTP client is expecting to receive data from and creates an appropriate dynamic port mapping for the FTP data channel

If this service is disabled, the Internet Connection Firewall and Internet Connection Sharing service will not start. The ALG service will start when set to manual if the Internet Connection Firewall and Internet Connection Sharing service is started.

Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition.

Installed through: Default operating system installation

Startup type: Manual

Service status: Stopped

This service depends on the following system components:

None

The following system components depend on this service:

Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)

IP Port Numbers used:

TCP: 21, dynamically allocated

source: http://www.microsoft.com/technet/treeview/...an/svrxpser.asp

basically, it sounds like it automatically opens/closes ports when ICF is enabled. i guess this service exists as a way for someone to run their own network protocol through ICF... which would make sense from "Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall". from the information here, i don't see how/why this would be contacting any website, let alone microsoft's... however, i doubt this information will satisfy PseudoRandomDragon, because i'm not sure i'm satisfied myself :laugh: :/ but it definitely helps :yes:

[Bold_Fortune]

You might want to look into index.dat files and there relationship with Explorer, I.E and outlook. If you have been using outlook any mail you think you have deleted is contained in a temp file and referenced by a index.dat file, same with sites viewed with I.E. You cannot find these files with explorer as they are hidden from the system. Google for index.dat for a solution. Just for shock value my friend found over a gig of data held in these temp files, this included parts of movies, etc

There is a program you can purchase of the web that will clean your system. Its name escapes me atm

There's always been a lot of talk about index.dat files containing all this information.

They do...until you clear their information. You can delete them with spider166, and then they will replace themselves anew. I've seen people make them read only files in safemade and then try to clear their contents.

But I think the plain, simple truth about index.dat files and their contents can be viewed with your own eyes.

First download this simple application: http://www.softwarepatch.com/software/indexdat.html

Now click on its the Index.dat tab to veiw your index.dat file contents.

Now, open Internet Properties. Click on "Delete Files". Now go back and look at the Index.dat tab of the little program.

So where'd all the Index.dat file information go? Must have been cleared.

[markwolfe Veteran]

Indeed.

But to assume Microsoft would include spyware in their help system (again, why would they want to know what you search in MShelp if not to have statistics about which articles are the most viewed, etc.) is pointless IMO. If they really wanted to spy you, they would hardcode a service in the OS without even showing it to you, instead of having 513513646 different components that, according to some people, "spy" on you.

Actually, I think that Microsoft (or any company) would WANT to know what pages were accessed and veiwed. Perhaps even what screens were followed-up with in an effort to solve a problem.

They (Microsoft, or any other company) would use this information to make their help pages BETTER, so that relevant information would show up high on their list of displayed results. It woudl also give them good demographics on which types of faults seem to go together on systems - perhaps using this information to find the "root cause" of a systemic problem to find and kill the bug that caused it.

Could this be considered "spying"? Perhaps by some, and it would be hard to argue that it wasn't (unless thedefintion of 'spying' is the same between the individuals). Is it being used for nefarious purposes? I highly doubt it. This type of information (KB searches) is useful for legitimate purposes of product improvement. Plus, the option to participate or not is available (even if not immediately obvious).

Mark

[Night Prowler]

uhh tons! microsoft monitors the porn you download how many times you hit ctrl-alt-del man you should not use computers anymore

I agree, anyone this paranoid should not be using a computer. Please take an ax or an appropriate severing device and cut your internet connection. Better yet cut the power cord, better yet use a sledge hammer and pulverize the thing so you won?t be tempted to turn it back on, or do that just to give yourself peace of mind that it's not sending our sub limitable messages to you while you sleep. I know this is one of the things Microsoft has incorporated into it OS.

[PseudoRandomDragon]

I am not satisfied with the information, but I would deny it server rights even if it was trusted. A program listening on a port is more likely to be exploited with a vulnerability.

What defines "legitimate purposes" exactly. I have seen that term thrown around by a lot of the really bad companies and even by our government. Fortunately, Microsoft, when it comes to error reporting, gives you the choice to not report errors should you come to the decision that it is not legitimate. Do the errors you get count as personal information? That is sort of a grey area. On one hand they are just errors. On the other hand they can reveal the programs you run and possibly other information. It is because of that that counting error reporting as spyware is something that I can't do.

[helmers]

More interesting would be "how long does MS keep the information it gets from Windowsupdate" for example? Because even if there is no PERSONALLY identifiable data, it can see a lot about your hardware, and combined with your IP-address it can be used to track your location.

I think that the problem isn't "what is sent" but "how does/can Microsoft use it", and not to mention the above question.

[John Veteran]

More interesting would be "how long does MS keep the information it gets from Windowsupdate" for example? Because even if there is no PERSONALLY identifiable data, it can see a lot about your hardware, and combined with your IP-address it can be used to track your location.

I think that the problem isn't "what is sent" but "how does/can Microsoft use it", and not to mention the above question.

Let's expand that, ALL sites you visit are given your IP address... Turn the question around, "what does/can Neowin do with your IP address?" What about eBay, PayPal, Google?

[markwolfe Veteran]

More interesting would be "how long does MS keep the information it gets from Windowsupdate" for example? Because even if there is no PERSONALLY identifiable data, it can see a lot about your hardware, and combined with your IP-address it can be used to track your location.

I think that the problem isn't "what is sent" but "how does/can Microsoft use it", and not to mention the above question.

Doesn't Microsoft send an application that runs locally on your box and compares it to a list of available updates to determine what updates are needed?

If so, then all of the "personal information" stays local to your machine... (of course, they can SPY on what you download!) :rolleyes:

[Frank]

(of course, they can SPY on what you download!) :rolleyes:

OMG! They know that my IP address downloaded SP1!!!! AHHH!!!! :pinch:

[f8tal]

The only thing I ever heard of was in SP1 it was an ALEXA...run spybot it picks it up and removes it. There are quite a few non-essential programs, error reporting, windows messenger, etc. You may use these though...

check out: http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

to see what processes you're running.

very handy link man, thx :D

[mv520]

XP corp. edition is not for home users. It is for Large Companys.

i use at home :)

[JohnO]

who doesnt?

[John Veteran]

People who don't like the idea of pirating software...

[PseudoRandomDragon]

Shhhhhhhh. :shifty: :whistle: