TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
> According to present Microsoft licensing, they think they have a right to
know what
> is on your computer "to be sure you're not running unlicensed software
products"
> to paraphrase. In addition, according to some people who have claimed to have
> analyzed the byte stream when they have the "auto update" "feature" enabled,
> Microsoft may already be taking advantage of that "right." (This was
> introduced in the Windows 2000 Service Pack 3 and exists in all XP licenses
as well).
Could you point out EXACTLY where it says this in the MS EULA.
Windows Update is committed to protecting your privacy. To provide
you with the appropriate list of updates, Windows Update must collect
a certain amount of information from your computer. This information
includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software
Plug and Play ID numbers of hardware devices
Windows Update does not collect your name, address, e-mail address,
or any other form of personally identifiable information. The
information collected is used only for the period of time that you
are visiting the site, and is not saved.
To provide you with the best possible service, Windows Update also
tracks and records whether the download and installation of specific
updates succeeded or failed. Windows Update records the ID of the
item that you attempted to download and install, and information
about your operating system version and Internet Explorer version.
The information that is stored cannot be associated with anything
that is unique or personally identifiable about you or your computer.
------------------------------------------------------------------------
I see nothing sinister in that. If they don't know who you are, then how could
ANY information about your machine lead them to you and what you have
installed?
> For corporations or other organizations with a tight information security
need,
> this is *not* a minor matter. For example, there have been some rather
serious
> questions raised about this by IT directors in the healthcare industry, since
> HIPAA regulations say that sharing information covered under that law is
> subject to both civil and criminal penalties. While Microsoft may be
relatively
> benign, there is simply no guarantee or limit to the information they may
> extract in this manner.
This HIPAA regulations state that sharing CONFIDENTIAL information with third
parties must be secured and encryption used in transmission. HIPAA mandates
that organizations dealing with sensitive and confidential information, namely
patient data, must use certain measures to secure that data. Updating a PC
with patches does not transmit ANY patient or confidential data, therefore
there isn't any security risk.
> FYI, this is a real concern not only in the healthcare field but for defense
> contractors and others whose computers contain highly sensitive information.
> Besides, experience teaches that if such a facility exists in Windows, it can
> likely be exploited by people more sinister than Microsoft (can anybody say
"Swen"??).
Yes. This is true. This is why Microsoft created a Software Update Services
that can be run internally and secured.
SUS Allows a company to centralize and secure the deployment of security
patches. A central, internal machine downloads a catalog of all the patches for
Windows products. Then, workstations and servers within the domain download
their updates - automatically - from the secured, internal machine. No
workstation level information is shared with MS EVER.
I've deployed about a dozen of these systems. They work very well. If you're
concerned about it, encourage your IT department to look into deploying an SUS
infrastructure. And make sure they do it right and secure access SPECIFICALLY
to the right domains.
> Please, therefore, try to be understanding that it may not be that an IT
organization is
> "anal" at all, but merely competent.
The disallowing windows update makes some sense - IF the organization has a
controlled patching process. If they don't, then disabling update does not make
a lot of sense. But, then again - not having control over the infrastructure
doesn't either.
The way to have stopped Swen would have been to have good antivirus and keep
those signatures updated (incidentally, most AV companies also collect
information about OS and other software installed.)
Andrew Plato
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
NEED TO PUBLISH YOUR FRAMEMAKER CONTENT ONLINE?
?Mustang? (code name) is a NEW online publishing tool for FrameMaker that
lets you easily single-source content to Web, intranets, and online Help.
The interface is designed for FrameMaker users, so there is little or no
learning curve and no macro language required! See a live demo that
will take your breath away: http://www.ehelp.com/techwr-l3
---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
