-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 18 April 2003 9:36 am, LinuxWorld999 wrote:

On Friday 18 April 2003 17:17, Chris Howells wrote:

...

On Friday 18 April 2003 16:59, Fred A. Miller wrote:

...

http://www.zdnet.com/anchordesk/stories/story/0,10738,2913402,00.html

I don't particularly care about anti-MS stuff, why do you post it here? <snip>

This is not anti-MS, rather what MS is upto.

This one is a close call: yes, it does describe a change to the "auto update" feature in that the phrase "we do this without transmitting any data to microsoft servers" is no longer true -- the justification is bandwidth and anti-piracy measures, the conspiracy theorists see it as a way to limit "who gets an update" [which I don't see as particularly bad, but read on...] Further, this can be misused to gather information not pertinient to performing an "update". Overall, I'd say the tone leans toward the conspiracy types, hence it is easy to view it as "anti-microsoft". But if you look closely at what is being reported, it does make some sense to be doing this [unfortunately the "conspiracy" types ultimately win because (a) this won't work in the long run, and (b) it is too easily perverted into collecting data that microsoft could use to deny updates for reasons not related to legitimate ownership] A large part of the article deals with the process used to encrypt 78 bytes of data. It turns out the encrypted data consists of three parts: a timestamp [trivial] 10 digits of "a" product ID a hash of the product code & ID basically, items 2 & 3 guarantee that a legitimate copy of whatever product is being updated really is a legitimate copy and not a pirated [blacklisted] or "made up" [pirate ID generated] code. The implication being that the microsoft server can compare this data to a database of known good ID's and simply not offer updates to suspected pirates [this in itself isn't necessarilly bad -- after all, windows isn't "open source", so there is no reason to expect "updates" to be distributed absolutely free, now is there?] Unfortuneately, this is trivially easy to get around. the "pirates" could use an honestly legitimate copy to retrieve actual updates and then pass them along to their "customers" -- microsoft would be none the wiser in this respect. The unfortunate side effect of being able to limit updates based on who you claim to be is, "what happens when microsoft is wrong?" Say for instance a bug in MSSQL causes data corruption and YOUR record falls into the "blacklist" bin because of it -- how much "hassle" are you willing to go through to get microsoft to repair their data? ===== The rest of the article talks about what information is sent back to microsoft "in the clear", and appearently (at this time) this consists of hardware and software installed -- the presumed justification being to conserve bandwidth [which may be true -- "broadband" seems universal to those that have it ;) ] but the "dark side" of this is that microsoft could put data into their "this is what we support" database for non-microsoft products, and the update process will now report back on other [presumed competitive] products installed in your system. Whether or not microsoft would use this as a basis to deny updates remains to be seen. - -- Yet another Blog: http://osnut.homelinux.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://osnut.homelinux.net/TomEmerson.asc iD8DBQE+oDYrV/YHUqq2SwsRAqpvAJ9rWrHic/djZzlhR6VIPEYCvwW/vwCfViMx xxkMD915EekJZo6U1N4sJuk= =TGum -----END PGP SIGNATURE-----