très instructif...

Windows XP Update May Be Classified As "Spyware"

Greetings. There have been some murmurs about this in other forums, but since I've now independently verified I figured I'd better report here.

A recent Microsoft update to Windows XP, which modifies the tool that verifies the "validity" of XP installations to insure that they are not illicit, may itself be considered to be spyware under commonly accepted definitions.

The new version of the "Microsoft Genuine Advantage" tool reportedly will repeatedly nag users of systems it declares to be invalid, and will then apparently deny such users various "non-critical" updates. Apparently various parties have already found ways to bypass this tool, though the effects of this on later updating capabilities remain to be seen.

However, I've noted a much more serious issue on local XP systems, all of which are legit and pass the MS validity tests with flying colors. It appears that even on such systems, the MS tool will now attempt to contact Microsoft over the Internet every time that you boot. At least, I'm seeing these contacts on every boot after the tool update so far, and I've allowed them to proceed to completion each time. Perhaps it stops after some number of boots, but there's no indication of such a limit so far. The connections occur even if you do not have Windows "automatic update" enabled.

I do not know what data is being sent to MS or is being received during these connections. I cannot locate any information in the MS descriptions to indicate that the tool would notify MS each time I booted a valid system. I fail to see where Microsoft has a "need to know" for this data after a system's validity has already been established, and there may clearly be organizations with security concerns regarding the communication of boot-time information.

I'll leave it to the spyware experts to make a formal determination as to whether this behavior actually qualifies the tool as spyware.

For now, you can block the tool's connection attempts via firewalls such as ZoneAlarm, though the long-term ramifications of doing this are unclear. I do not know if it's possible to block this behavior using the internal XP firewall system.

This situation is potentially a very disturbing development.

Blog Update (June 6, 2006): Please see this entry for a discussion of Microsoft's response regarding this issue.
.

Relevant Pages

  • Re: Xnews and NZB files
    ... having spent HOURS helping friends pull spyware off their ... > that beneath all the crap that Microsoft puts in XP, ... Hardly a week goes by that you don't hear of a new security hole ... Windows XP has added a bunch of silly user interface ...
    (news.software.readers)
  • Re: Newest updates causing me a lot of problems
    ... I won't be back to Microsoft forums again. ... I will take your advice, for which I thank you. ... WgaTray.exe is Microsoft spyware. ... If you have your Windows disk, pop the DVD into your DVD drive and Windows ...
    (microsoft.public.windowsupdate)
  • Re: Runner Error/Windows XP
    ... is whether or not multiple spyware scanning ... the McAfee Firewall, ensuring that the built-in firewall was enabled, and I ... >> Windows XP, I suggest you clean up your system first. ... I am not going to say Microsoft ...
    (microsoft.public.windowsxp.newusers)
  • Re: home network
    ... running XP home edition connected to the internet by asdl broadband ... windows 98 2nd edition all fully licensed. ... RG45 connections apart from unlicensed win98 which was connected by ... they cant seem to goto microsoft web sites at all.On my sons machine ...
    (alt.os.windows-xp)
  • Re: my desktop has been taken over
    ... > it a genuine microsoft response for me to fix my system. ... Hi, Ash. ... a lot of spyware on your system. ... make sure you've visited Windows ...
    (microsoft.public.security.virus)