Feeds

So what info does WinXP really send to MS?

Germany's tecChannel explains

  • alert
  • submit to reddit

3 Big data security analytics techniques

Germany's tecChannel has launched an English-language version of its site, and has celebrated with a seriously trainspotter analysis of the interaction between Windows XP's product activation and Redmond central control. Despite (or possibly because of) Microsoft's insistence that the WPA process is completely harmless and doesn't send the company any of your personal data, the system has since its introduction been the subject of much paranoid speculation.

The Register has not entirely shared this paranoia, although we do worry about why Windows installations seem to have a general compulsion to chatter with remote systems without entirely sharing the experience with us. And we also reckon the real worry is what Microsoft might do if people really started to trust it. However, the good news for now is that tecChannel's investigation indicates that WPA's not a threat to privacy, and shows that it sends the following: Product ID, derived from the product key entered during installation; system locale (IDs you to the nearest country); product code, which is the first five digits of the product key; hardware hash, which is based on the hardware in the local computer, but which does not give Microsoft information on this computer's hardware; data from the WPA.DBL file, if one has been created by a previous installation; and the product key itself.

Microsoft is clearly getting some data from the above, but none of it is personal, and if the company were to use it for any purpose at all other than WPA policing, the fields would be pretty narrow. If the hardware hash did send information on the local configuration it would certainly be useful for development and marketing purposes, but it's been specifically designed not to do this, just to use the hardware purely as a mechanism for generating an anonymous ID (trust us on this being true, explaining how this works is a lengthy process, and anyway, we've forgotten).

Having established that WPA in its current form isn't much of a privacy threat, tecChannel comes up with some tantalising speculation. There's a possible method that could, depending on how the WPA servers deal with the hack, be used to activate on more than one computer using just one key. Also, the COM component supports, among other request types, DROPLIC. "'Dropping a license'", says tecChannel, "might be Microsoft terminology for deactivating an installation of Windows XP with the same product key on another computer." Does this mean the ability to remove XP and install it onto another computer is there in the system already?

Copious details of how tecChannel went about the analysis, together with a download of the tools used (these come with the PDF version of the article, which you have to pay for) can be had here. The German version is here. The new English site has around 30 articles up at the moment, and tecChannel tells us it intends to translate two to three articles from the German site a week for it. ®

SANS - Survey on application security programs

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.