On Jul 1, 3:15 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx> wrote:
> > [ Rex Ballard ] wrote:
> Well, it *used* to be your computer. The hardware is yours, but it functions
> according to same secret code that you bought a licence to rent.
The computer hardware is yours, but the copyright to Windows is owned
by Microsoft. You are granted a license to USE Windows on a specific
computer under particular terms. If those terms are violated, your
license can be revoked.
If Microsoft revokes your license, you can still use the hardware, but
you must either purchase a new copy of Windows (Full Edition), or you
must install another operating system such as Linux.
When a Microsoft corporate customer installs the corporate image of
Windows on a desktop, this terminates the OEM license. When the
corporations disposes of the computer, the must remove all Microsoft
software, including Windows, before turning it over to the recycler.
If the machine is fast enough to run the latest version of Windows, it
might be refurbished, and donated to a non-profit organization or
school system, who can get Windows as a tax deductible donation worth
about $400 (MSRP).
If the machine is to slow or too low on memory to run the full suite
of the latest versions of Windows, Office, and Visual Studio, then
it's usually shipped to other countries, such as India, South America,
Africa, China, Southeast Asia, or Eastern Europ, where it is
reconfigured to run Linux and donated or sold for the equivalent of
about 4 hours pay at median wage.
Microsoft often offers these countries copies of the newest Microsoft
software, but since the machines being sent there would run painfully
slow, if at all, with Windows, most of the machines continue to be
used as Linux machines.
> > O, well, yes; I remember I saw kernel32 of Win98 phoning home (asking
> > permission to connect) after I installed the Seygate Presonal Firewall.
> > When I discussed it with people who call them self security experts,
> > they told me it was a /false positive/. My only reaction was "Yeah,
> > right" :-)
>
> This was probably the first instance where 'phone home' was identified.
Actually, Windows 95 also did this. The issue was also discussed on
COLA. The phenomenon was discovered when Linux was used as a Firewall/
Modem between the PC and the dial-up internet. It wasn't hard to see
PC dialing home, the content was encrypted and encoded, but the IP
addresses weren't hard to discover. Some rather large streams were
being sent to Microsoft the first time Windows discovered an Internet
connection.
Microsoft may have used this capability to monitor progress of IE vs
Netscape and Java, and to identify new critical markets, such as Music/
Audio, Video, and Instant Messaging. When ICQ started becoming
popular, Microsoft's Phone Home alerted them, and in Windows 95B, they
introduced a very user-friendly chat product - which used MSN access.
> I wonder if they keep lively datacentres at Redmond with over a decade of log
> files.
Probably not. It's a bit like the cameras in ATMs. They take 10
frames/second and can store up to a month's worth of data, but if
there are no criminal actions related to the ATM after a few month,
the files can be erased.
Microsoft is more interested in capturing statistics and identifying
critical trends. They are also interested in finding out where
customers are having problems. Why did a computer crash, why did the
screen lock up, or why did the application crash or hang.
There are some indications that Microsoft may have had the ability to
read e-mails, examine confidential files, and provide this information
to law enforcement agents as an "unpaid informant" making an
"anonymous tip". There are also indications that someone used similar
technology to access private and confidential files of several key
officials, including Ken Star, the Special Prosecutor investigating
Bill Clinton. The information captured from these computers was
eventually leaked on the MSNBC BBS, and then became national news.
There does not seem to be any direct evidence that a top Microsoft
executive personally authorized the hacking of these computers, and
the subsequent release of the information on the BBS site. It was
probably just a coincidence that MSNBC was the first to get these
reports on their BBS. It may be that similar "crackpot posts" were
posted to other sites, but were just written off as "not newsworthy".
It was MSNBC's coverage of them that made it newsworthy.
> All these processes are secretive in nature, so there's probably no
> disposal/retention policy either. Knowing that the US government has enough
> authority and power to collect data from search engines, this makes you think,
> doesn't it?
Keep in mind that ActiveX controls need to be signed by a trusted
certificate authority (CA), and Microsoft is pre-programmed in as a
trusted CA. This means that Microsoft can inject an ActiveX control
at any time without your knowing it. There was a very disturbing
demonstration of what you could do with ActiveX controls almost
immediately after Internet Explorer 4.0 was released. The information
was originally published to warn system administrators of a huge
potential security threat, and to help them prevent exposure as well
as detect when they might have been hacked. Microsoft's response was
to get a court injunction against these sites, forcing them to remove
these "How to Hack Windows NT" sites, or at least the offending web
pages.
The demonstrations showed how a simple program accessed via IE4 could
create a file, hide a file, execute a hidden file, delete a file, or
send a file as e-mail, or send a file as an HTTP Post request. It
even showed how you could wipe a disk so clean that it couldn't even
be formatted by Windows.
Later, similar ActiveX demonstrations showed how to turn on the
microphone on a laptop or desktop without the user's knowledge, how to
turn o a web cam without the user's knowledge (turning of the "camera
on" light with the camera active), and how to record the keystrokes
entered into a keyboard. All without the user's knowledge.
|
|
