Remember how your mother used to say, “Wear clean underwear because you might get hit by a bus”? Nowadays she might say, “Clean your PC before you run Windows Update.”
That’s because Microsoft quietly changed its Windows Update routine a few months ago. Before the change, the company’s server merely downloaded to your PC a list of all available upgrades. Software on your machine then culled the list, displaying the fixes you didn’t have so that you could choose the ones you wanted. Your PC never sent back any information.
To effect the change, Microsoft programmed the Windows Update routine to upload the Product ID number from your installation of Windows, plus a list of your machine’s hardware, in addition to downloading the list of patches.
At first glance, this isn’t a terrible surprise. I warned nine months ago that SP1 (Service Pack 1) for Windows XP and SP3 for Windows 2000 contained language in the fine print that says, “Microsoft may automatically check the version of the OS Product and/or its components that you are utilising.” So what’s different now, besides the fact that Windows Update actually began doing this?
What’s new is that tecChannel, an IDG online magazine published in Germany, has developed utilities that allow you to see exactly what information Microsoft is collecting about your PC.
In a revealing article by Mike Hartmann, the magazine explains how your PC’s Product ID and the list of its hardware components is assembled and transmitted to Microsoft.
Windows Update did not currently create or send a list of installed software, Hartmann said.
However, he wrote: “The server-side filtering could also be abused to determine which software is installed.”
Hartmann speculated that Windows Update’s new capabilities were designed to allow Microsoft to sell update services in the future and deny updates to parties who had not paid for a given license level.
I asked Chris Cannon, a product manager in Washington-based Microsoft’s Windows Server division, about the change in Windows Update.
“In order to provide driver updates, there has to be some knowledge of the hardware,” he said. “Windows Update is a completely voluntary process,” he added, noting that users are never required to run the routine.
The operation of Windows Update was also in compliance with the privacy statement posted at Microsoft’s site, he said.
A six-page tecChannelpaper is available free on the Web. The English version of the article is available at http://www.tecchannel.de/betriebssysteme/1126.