 |
• March 19, 2003 •
Yes... There's another one of those nice conspiracy theories being fed by some "news" article originally published on a German Web site in February this year.
Under the title "Inside Windows-Update", the article states things like:
"When you connect your computer to Microsoft's website WindowsUpdate.com, you reveal a lot of information about your computer to Microsoft. This article shows bit for bit, which data is transferred to Redmond and what Microsoft could learn from it"
and
"...GetManifest asks the Microsoft server to return information about available updates. The function requires three arguments - clientInfo, systemInfo, and query. The purpose of the clientInfo parameter seems to be to identify and authenticate the user accessing the Microsoft server. Currently the server is accessible to everybody and the clientInfo argument only contains the generic user identification "IU_Site". However, being able to restrict access to updates based on the identity of a user, e.g. supplying certain updates only to users that have a support contract, seems to have been a requirement during the design of Windows Update, although this feature is not currently used."
Much more information is not freely available; you have to pay $2 for the whole "report", but I'd rather spend that $2 on a beer!
Obviously I think this is a load of BS! Here's what I have to say:
First to this claim:
"However, being able to restrict access to updates based on the identity of a user, e.g. supplying certain updates only to users that have a support contract, seems to have been a requirement during the design of Windows Update, although this feature is not currently used."
This is being used! If you used one of many commonly available Windows XP (volume license) product keys, you will have noticed that you can't upgrade to Windows XP Service Pack 1, and no new updates will be listed on the Windows XP Update site.
I doubt Microsoft will be moving to require home users to pay for a support contract in order to obtain fixes, but yeah, that might be a possibility.
Now to the claims that Windows Update collects hardware and software information from your system when you connect to it...
Windows Update version 2 and 3 indeed worked as described at the beginning of the article "A large banner stating that everything was done 'without sending any information to Microsoft' and the lack of suspicious network activity assured us that Microsoft valued our privacy." (Click here for the current Windows Update Privacy Statement.)
But yes, things have changed. Before Windows Update v4 came out, the complete list of fixes that had to be transferred to the client was well over 400 KB at a certain point. For an average modem user you are starting to look at a download time of some 65-90 seconds. So something had to be done.
This is where Windows Update v4 comes in. It does indeed transfer your hardware specs and installed software list to the Windows Update server. Now, Windows Update can show you a list of updates for your computer. Yes, hardware too, just in case you haven't noticed, Windows Update also offers device drivers for certain hardware. And if a certain incompatibility or problem in a 3rd party software is solved by a Microsoft patch, wouldn't you like it to be offered to you? So far there are around 40 patches for Windows XP to improve 3rd party software compatibility, so it's just going to be too much data if Microsoft (Windows Update) has to send you all that information (like it used to do in older versions of Windows Update).
If this still doesn't convince you there is no devious plan to collect all your installed hardware & software and somehow use it against you one day... who is forcing you to use Windows Update in the first place?
You can get all updates, free of charge, and without sending any information from the Microsoft Download Center. You can search by Product/Technology, and sort results by Date, Title or Popularity. You can subscribe to the free Security Bulletin Notification System For Home Users so you'll be alerted of any security fixes when they are released.
I don't see anything wrong with sending my hardware specs to Microsoft, nor do I bother that they "know" what 3rd party software I use. Don't try to tell me that there's a way they can actually do something with the huge volume of data they would be receiving every single day. But like I told you above, if you want to be "safe", there are ways around Windows Update!
The question as to whether the Windows Update system is an effective or efficient one is a different question altogether...
