That’s because Microsoft quietly changed its Windows Update routine a few months ago. Before the change, the company’s server merely downloaded to your PC a list of all available upgrades. Software on your machine then culled the list, displaying the fixes you didn’t have so that you could choose the ones you wanted. Your PC never sent back any information.
To effect the change, Microsoft programmed the Windows Update routine to upload the Product ID number from your installation of Windows, plus a list of your machine’s hardware, in addition to downloading the list of patches.
At first glance, this isn’t a terrible surprise. I warned nine months ago that SP1 (service pack 1) for Windows XP and SP3 for Windows 2000 contained language in the fine print that says, “Microsoft may automatically check the version of the OS product and/or its components that you are utilising.” So what’s different now, besides the fact that Windows Update actually began doing this?
What’s new is that tecChannel, an IDG online magazine published in Germany, has developed utilities that allow you to see exactly what information Microsoft is collecting about your PC.
In a revealing article by Mike Hartmann, the magazine explains how your PC’s Product ID and the list of its hardware components is assembled and transmitted to Microsoft. Windows Update doesn’t currently create or send a list of installed software, Hartmann says. But, “The server-side filtering could also be abused to determine which software is installed,” he writes. Hartmann speculates that Windows Update’s new capabilities are designed to allow Microsoft to sell update services in the future and deny updates to parties who haven’t paid for a given licence level.
I asked Chris Cannon, a product manager in Microsoft’s Windows Server division, about the change in Windows Update. “In order to provide driver updates, there has to be some knowledge of the hardware,” he says. “Windows Update is a completely voluntary process,” he says, noting that users are never required to run the routine. The operation of Windows Update is also in compliance with the privacy statement posted at Microsoft’s site, he says.
A six-page tecChannel paper is available free on the web. A longer analysis is available for only 1.99 euros. This bargain price includes three small utilities that allow you to watch the action take place.
Next week, I’ll analyse how Windows Update collects information from your PC and how it is uploaded.
Livingston is publisher of BriansBuzz.com. Send letters for publication in Computerworld to Computerworld Letters.