Search Assistant downloads files from Microsoft

[Quaoar]

crossposted:
microsoft.public.windowsxp.general,
microsoft.public.windows.inetexplorer.ie6.browser

So much for Trustworthy Computing!

http://www.theregus.com/content/4/24611.html

Win-XP Search Assistant silently downloads files
By Thomas C Greene in Washington

[Begin Fair Use Quote]

....So I connected an XP box to my ISP, started a packet sniffer, and
launched the Search Assistant. Sure enough, it immediately connected to
http://sa.windows.com/ and fetched a number of files. But it didn't
attempt to send any data to the site, beyond comparing my locally-stored
versions of those files to the ones on the server.

But when I performed an Internet search, the Assistant sent my search
terms to the Microsoft site, and also dropped a session cookie on my
machine.

[End Fair Use Quote]

Today, it's just your IP address and search terms. Tomorrow...?

Q

 

[Mike Kolitz]

An how would you suggest that you search the internet if the search server
doesn't know your search terms?

 

[Quaoar]

crossposted:
microsoft.public.windowsxp.general,
microsoft.public.windows.inetexplorer.ie6.browser

So much for Trustworthy Computing!

http://www.theregus.com/content/4/24611.html

Win-XP Search Assistant silently downloads files
By Thomas C Greene in Washington

[Begin Fair Use Quote]

...So I connected an XP box to my ISP, started a packet sniffer, and
launched the Search Assistant. Sure enough, it immediately connected
to http://sa.windows.com/ and fetched a number of files. But it
didn't attempt to send any data to the site, beyond comparing my
locally-stored versions of those files to the ones on the server.

But when I performed an Internet search, the Assistant sent my search
terms to the Microsoft site, and also dropped a session cookie on my
machine.

[End Fair Use Quote]

Today, it's just your IP address and search terms. Tomorrow...?

Every website you visit logs your IP address. Many sites drop cookies
as well. That's no big deal. If your worried about your IP address
being logged or shown to websites, then why did you post here? You're
IP is
12.252.56.240. Easy to find and log if needed. Also if you read the
rest of the article it says they didn't see any evidence that it sent
anything besides IP and a search listing. The search listing is just
so you can search the net at the same time if needed. Also that
article is over a year and a half old. Who knows what happens now.
And last if you protect your computer correctly with an outbound
blocking firewall, which everyone should have, then you could just
deny it access and never worry about it again. I don't see the point
of this article or post, except to bash ms. I'm not saying their
trustworthy computing policy works, is right, or even exists, I'm
just saying, IMHO, the article doesn't tell me anything I don't
already know and just makes people worry about something that doesn't
need to be worried about.

My only interest is the concept of Full Disclosure. I don't give a
rat's ass about the details of this disclosure. I do care about what
Microsoft's "Trustworthy Computing" initiative is intended to do.
"Trustworthy" cuts both ways, and it would have been nice of Microsoft
to have fully disclosed the file downloads to its licensees somewhere
near the shrink-wrap. Having failed to disclose, one can obviously ask
what MS intends in other areas without disclosure. So far, TC seems to
mean that you and I are going to eventually be boxed into a fully
secured computer whose permissions will be under the control of
Microsoft and its partners.

Q