Security Tango - Keep Your Computer Clean

Vista is Watching You...
Mon 2 Jul 2007 7:13 PM

We've been through this before, a lot of times. Every time a new version of anything from Microsoft comes out, it's followed closely by the tin-foil hat crowd, screaming that Microsoft is sending back information about us to the Mothership, and we're all doomed to be slaves for our corporate overlords. Doomed, I say!

Well, as Gomer Pyle would say, surprise, surprise! This time, they're right. There are in excess of 20 subsystems inside Vista happily collecting information on you and what you do, and merrily sending that information to Microsoft. And you agreed to it!

Yes, you did. As part of the End-User License Agreement (EULA), to which you agreed before you could install or run Vista, is the following paragraph (in Vista Home Basic and Home Premium, it's paragraph 7B; in Vista Starter, Vista Business, and Vista Ultimate, it's paragraph 9b), under INTERNET-BASED SERVICES:

Use of Information.

Microsoft may use the computer information, error reports, and Malware reports to improve our software and services. We may also share it with others (emphasis mine), such as hardware and software vendors. They may use the information to improve how their products run with Microsoft software.

Yep. By installing any version of Vista, you've given Microsoft the right to rummage around inside your computer and use any information it finds there to whatever purpose it likes, including sharing it with others. Any others. Yes, hardware and software vendors are mentioned, but only as examples. Nothing limits Microsoft to sharing your data only with vendors.

What programs are collecting and sending data to Microsoft? Here's a partial, alphabetically sorted list:

Auto Root Update

Digital Certificates

IPv6 Network Address Translation (NAT) Traversal service (Teredo)

Malicious Software Removal/Clean On Upgrade

Network Connectivity Status Icon

Web Content

Windows Media Digital Rights Management

Windows Media Player

Windows Time Service

Windows Update

So, with whom else might Microsoft be sharing your data? In the EULA, Microsoft references another online document (http://go.microsoft.com/fwlink/?linkid=20615) (which, as with all online documents, can be changed at any time - at the time of this writing, it's in its fourth incarnation). That document, under Uses of Information, references "Additional Information," which contains, in part, the following gem:

Collection and use of your personal information

The personal information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to provide the service(s) or carry out the transaction(s) you have requested or authorized, and may also be used to request additional information on feedback that you provide about the product or service that you are using; to provide important notifications regarding the software; to improve the product or service, for example bug and survey form inquiries; or to provide you with advance notice of events or to tell you about new product releases.

So, basically, you've given Microsoft the right to collect any data on you they like, and share it with whomever they like, for whatever reason they like. And it's all perfectly legal and above-board.

Now, please understand me - there's nothing to prove that Microsoft is actually doing anything with all this information. And if they did, I'm sure it would be strictly within the guidelines of the EULA you agreed to. So there's nothing to worry about. Please disperse quietly and go back to your homes, Citizens. And keep watching the skies!

Back to the blog

All blog contents are published under

, including

The Ask Nick!™ The Ask Nick!™ Security Security Tango™ Tango™ Sponsored by Sponsored by

Tango Links: Home Let's Dance! Good Passwords Nick's Blog Get the CD Definitions Security News Blame, Credits, etc. Windows Links: *Anti-Virus:* McAfee Security Symantec (Norton) CA's eTrust Grisoft's AVG avast! Panda Software *Anti-Malware:* SuperAntiSpyware Malwarebytes *Firewalls:* ZoneAlarm McAfee Firewall Norton Firewall	Vista is Watching You... Mon 2 Jul 2007 7:13 PM We've been through this before, a lot of times. Every time a new version of anything from Microsoft comes out, it's followed closely by the tin-foil hat crowd, screaming that Microsoft is sending back information about us to the Mothership, and we're all doomed to be slaves for our corporate overlords. Doomed, I say! Well, as Gomer Pyle would say, surprise, surprise! This time, they're right. There are in excess of 20 subsystems inside Vista happily collecting information on you and what you do, and merrily sending that information to Microsoft. And you agreed to it! Yes, you did. As part of the End-User License Agreement (EULA), to which you agreed before you could install or run Vista, is the following paragraph (in Vista Home Basic and Home Premium, it's paragraph 7B; in Vista Starter, Vista Business, and Vista Ultimate, it's paragraph 9b), under INTERNET-BASED SERVICES: Use of Information. Microsoft may use the computer information, error reports, and Malware reports to improve our software and services. We may also share it with others (emphasis mine), such as hardware and software vendors. They may use the information to improve how their products run with Microsoft software. Yep. By installing any version of Vista, you've given Microsoft the right to rummage around inside your computer and use any information it finds there to whatever purpose it likes, including sharing it with others. Any others. Yes, hardware and software vendors are mentioned, but only as examples. Nothing limits Microsoft to sharing your data only with vendors. What programs are collecting and sending data to Microsoft? Here's a partial, alphabetically sorted list: Auto Root Update Digital Certificates IPv6 Network Address Translation (NAT) Traversal service (Teredo) Malicious Software Removal/Clean On Upgrade Network Connectivity Status Icon Web Content Windows Media Digital Rights Management Windows Media Player Windows Time Service Windows Update So, with whom else might Microsoft be sharing your data? In the EULA, Microsoft references another online document (http://go.microsoft.com/fwlink/?linkid=20615) (which, as with all online documents, can be changed at any time - at the time of this writing, it's in its fourth incarnation). That document, under Uses of Information, references "Additional Information," which contains, in part, the following gem: Collection and use of your personal information The personal information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to provide the service(s) or carry out the transaction(s) you have requested or authorized, and may also be used to request additional information on feedback that you provide about the product or service that you are using; to provide important notifications regarding the software; to improve the product or service, for example bug and survey form inquiries; or to provide you with advance notice of events or to tell you about new product releases. So, basically, you've given Microsoft the right to collect any data on you they like, and share it with whomever they like, for whatever reason they like. And it's all perfectly legal and above-board. Now, please understand me - there's nothing to prove that Microsoft is actually doing anything with all this information. And if they did, I'm sure it would be strictly within the guidelines of the EULA you agreed to. So there's nothing to worry about. Please disperse quietly and go back to your homes, Citizens. And keep watching the skies! Back to the blog All blog contents are published under , including
Text, "Security Tango," and logo Copyright © 2010 Nick Francesco Hosting provided by CLSS Enterprises, the greatest host on Earth This page has been accessed 352,251* times.*