Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Update observations

microsoft.public.microsoft_update_catalog






Speedup My PC
Reply
  #1 (permalink)  
Old 10-04-2007
Rob Harmer
 

Posts: n/a
Update observations
The Update catalog routine has been set to capture pirated MS versions so
you must log on and validate your PC condition using PID/GUID and encrypted
data that is sent back via telemetry means to MS servers for validation.
Doesn't sound unreasonable, does it.

BUT, wait until the source code for Software License Protection Services is
released by Microsoft (it was due for release in Oct 07) to ISVs to allow
them to activate and update software, similar to WGA/OGA, gather statistics
and "turn on and off features" on your PC without your consent!

Forget about saying you control the system, the recent Microsoft Stealth
Updates saga (9 executable files installed without your consent - even at
sites where Updates was turned OFF!) has disproved that theory! (and now at
some sites XP cannot be restored without tweaking the registry due to one of
these files installed.)

The real issue of course is the source code could deliver the payload
mechanisms for the less savoury (hackers and crackers) to have a back door
entry to your systems and it could be embedded within the code and you won't
know.

This could border on the issue of potential subversive activity should a
malicious software vendor attempt to use the turn on/turn off features
outlined here.

To get the context right, read this article 1st,
http://www.microsoft.com/presspass/f...pservices.mspx
and http://www.softwarepotential.com/ Within the SLP services offering by
Microsoft are silent/stealth features that can stay silent and be turned on
and turned off by the ISV to monitor activity, gather statistics, or disable
or introduce functionality.

then read this article http://www.technologynewsdaily.com/node/8123

Allowing these silent features to be widely used, is no different to what
Media Monitor did, the features are there, ready for some dumb ISV or a
hacker/cracker to cotton onto and manipulate. This fly's in the face of IT
security principles and management of IT assets.

In essence with the source code hooks in there, there is no control left to
an entity and the software can be used for subversive activities.

and then finally put it all into perspective with
http://www.pcprofile.com/Microsoft_Stealth_Updates.pdf that outlines the
risks that are coming as a result of Microsoft's approach to piracy
solutions.

Microsoft needs to rethink this approach and make sure that a lot more
security is afforded to systems than to allow this approach in the name of
":marketing" (statistical gathering) and sharing activation mechanisms
(allowing turn on turn off features) to stop piracy!

If you want every other software vendor to follow suit then accept the
status quo, otherwise speak up and voice an opinion.

This sort of activity (source code with hidden features) is in total breach
of IT security and data protection principles.

Rob Harmer
PCProfile
Adelaide
South Australia
___________________________________________

Reply With Quote
Sponsored Links
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote Password Guessing - Concerns, Observations, Recommendations, (Wed, Aug 1st) Steve Security News 0 08-01-2007 13:22
Politically Incorrect Observations About Human Nature Steve General Technology News 0 07-08-2007 04:49
RE: first vista observations jessicaelake microsoft.public.windows.vista.general 0 05-19-2007 22:37
Astronomers Again Baffled by Solar Observations Steve General Technology News 0 05-05-2007 11:30
Off the wire: HIPAA training observations Steve Security News 0 03-02-2007 11:21




All times are GMT +1. The time now is 07:33.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120