Evil MS- Windows 2000 SP3 phoning home?

OS / Drivers / BIOS
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Evil MS- Windows 2000 SP3 phoning home?

Post by Wolfram »

Hi,

has anyone detected if and how Windows 2000 sends the information quoted on the bp6.com news-page to Microsoft?

And, of course... how to disable that ;)

Wolfram

PS: Just installed some basic packet-filter-trash (aka ZoneAlarm) to feel better for now
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Re: Evil MS- Windows 2000 SP3 phoning home?

Post by Derek »

Wolfram wrote:And, of course... how to disable that ;)
Good question.
24seven
IRC Lurker
Posts: 495
Joined: Wed Jul 24, 2002 5:23 pm
Location: Derbyshire UK
Contact:

Just throwing an idea about.

Post by 24seven »

Do you actually have to be connected to the internet to install SP3, i.e. can you download the hole thing, unplug your lan/modem and then install?
Or will it just wait untill you go back online and send the info then?
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Post by Wolfram »

http://www.network-secure.de/System_wua ... 10802.php3

Here it is. For those who don´t understand German: Rename all copies of wuauclt.exe, first in the dll-Cache, then in the system32 folder, then in the service pack folder.

After that, Windows demands the SP3 CD to restore the file. Abort that and ignore the folowing warning ("system might become unstable" etc. -> click "yes").

Done.

According to the site mentioned above, that file is the new update function. The order in which you delete the files is important, because otherwise Windows will restore the file automatically from the dll cache.

Regards,

Wolfram
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek »

Good work Wolfram!
onelegdis
Posts: 274
Joined: Thu Jul 25, 2002 6:52 pm
Location: London UK

Post by onelegdis »

How about XP SP1 ? Does the same apply!
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek »

Yes.

Edit: If you have a pirated serial number you won't be able to access Windows update. (Even with a generated number).
HAL6000
SETI Guru
Posts: 246
Joined: Wed Jul 24, 2002 7:11 pm
Location: Bloomfield, NJ U.S.A.
Contact:

Post by HAL6000 »

Yes you can install 2K SP3 without being connected to the internet.

As I rull for 2K machines I delete the dll cache folder. There is a reg tweak you have to do to keep it from prompting you about restoring files all the times. It's on regedit.com
Homer S.
Posts: 20
Joined: Wed Aug 14, 2002 2:43 am
Location: Italy

Post by Homer S. »

Just for summarizing, since I don't speak any German, is this sequence correct?
  1. disconnect from Internet (if you are connected)
  2. install SP3 and reboot
  3. disable Windows File Protection, if it's enabled (I suppose this is done by setting in the Registry "SFCDisable" = "ffffff9d": found this here) and reboot
  4. rename wuauclt.exe in this order:
    1. C:\WINNT\SYSTEM32\DLLCACHE
    2. C:\WINNT\SYSTEM32
    3. C:\WINNT\ServicePackFiles\I386
  5. reboot
  6. re-connect to Internet (if you need)
Please bear in mind I'm not quite sure so many reboots are needed, but it wouldn't bother me :wink:
Thanks for help.
Homer S.
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Post by Wolfram »

I did _not_ disable the Windows File Protection, just let Windows show me all files/folders (in the folder options), my default setting.

After installing SP3 and rebooting I just picked the copies of wuauclt.exe and renamed them in the given order (just in case I might need it someday). Did this the easy way by using the search function from the start menu.

After a reboot, the old filenames were still gone. I think the Windows File Protection only works if if you do not delete the copy in the dll-Cache first.

Regards,

Wolfram
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Post by Wolfram »

The dllcache folder should be in WINNT(or whatever your Win2000 directory´s name is)/system32.

Regards,

Wolfram
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
HAL6000
SETI Guru
Posts: 246
Joined: Wed Jul 24, 2002 7:11 pm
Location: Bloomfield, NJ U.S.A.
Contact:

Post by HAL6000 »

Just thought I'd tell you guys some things about wuauclt.exe since you seem to be paranoid.

1) If you do not setup the automatic update feature it will never contact a MS server for anything.

2) You can sinple disable the automatic update service in your services.

3) At no point during the servicepack install, if you downloaded the network install, does it contact MS server. If runnign fomr the windowsupdate page it check for the stuff you needs and grabs it just like all the other updates.

I watch the lan traffic on a machine atwork with a packet sniffer to see if it did anything at all. Like I said before no traffic to MS servers was tried until I setup the autoupdate feature to actually tell it to contact them.
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Post by Wolfram »

Hi HAL,

remember when the 9000 unit told Bowman that everything was fine? :)))

SCNR. Thanks for that interesting information. I would have expected that they sent that information anyway, regardless if you´ve turned on that autoupdate feature or not.

For me, I just noticed that Derek quoted some interesting passages from the new license agreement that indicated that there might be some new spy function in the SP3 update. And then I came across that website that suggested the measurement mentioned above.

I think if MS really was after that information, they would not rely on only one file to ensure they get it. On the other hand, if I was really paranoid I would not trust them only because they do not send any information immediately. They might also do that later.

Indeed, your observation seems to indicate that MS obeys its own rules. On the other hand, I would agree to the theory that privacy is the price for the almost universal availability of information on the internet.

Regards,

Wolfram
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Re: How to make Windows Update work after installed SP3/Win2

Post by Wolfram »

emton wrote:I didn't notice SP3 have such functions. and now it seems windows update doesn't work now. it always shows 00% when Check for updates..
Is there a way to re-enable Windows Update?
?
Hi emton,

do you mean Windows Update doesn´t work after installing SP3 or after disabling wuauclt.exe?

Btw, on my system it still works with SP3 installed and wuauclt.exe removed.

Regards,

Wolfram
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
InactiveX
BeOS Forever
Posts: 1385
Joined: Wed Jul 24, 2002 8:25 am
Location: UK

Post by InactiveX »

m0gely
Posts: 32
Joined: Sat Jul 27, 2002 6:01 pm

Post by m0gely »

The DareDevil wrote:Yes.

Edit: If you have a pirated serial number you won't be able to access Windows update. (Even with a generated number).
This... is not true :P You won't be able to with the popular FCKGW key, but with a generated key, you most certainly can. At least for now :)
- m0gely
http://quake2.telestream.com/
q2 | q3 | counter-strike

-=[ BP6|366's@550@1.95v|512M|30G RAID0|TNT2u|SBLive|Win2K3 ]=-
g0fvt
Posts: 110
Joined: Mon Jul 29, 2002 3:32 pm
Location: Hertfordshire UK

Post by g0fvt »

The fckgw key.... hmm have seen that!... Sources close to me suggest that XP updates fine with keygen generated serials.... (XP Pro corporate)
the_flames
Posts: 106
Joined: Thu Oct 10, 2002 11:50 am
Location: Yorkshire UK
Contact:

Post by the_flames »

The files are replaced by microsfot as soom as you access windows update, so maybe you need to change them for dummy files from somewere ... if you use windows update, I think there is no way to prevent MS spooping :D .
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Post by Wolfram »

I´m afraid even avoiding Windows Update doesn´t guarantee anything ;)

But concerning the wuauclt.exe... if´ve used Windows Update several times since I removed that file, and it hasn´t been restored yet.
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
owned_tm
Posts: 5
Joined: Thu Oct 26, 2006 3:38 am

Post by owned_tm »

Wolfram wrote:http://www.network-secure.de/System_wua ... 10802.php3

Here it is. For those who don´t understand German: Rename all copies of wuauclt.exe, first in the dll-Cache, then in the system32 folder, then in the service pack folder.

After that, Windows demands the SP3 CD to restore the file. Abort that and ignore the folowing warning ("system might become unstable" etc. -> click "yes").

Done.

According to the site mentioned above, that file is the new update function. The order in which you delete the files is important, because otherwise Windows will restore the file automatically from the dll cache.

Regards,

Wolfram


rename to what?????
it will not be use again??
Wolfram
Posts: 401
Joined: Tue Jul 30, 2002 3:19 am
Location: Germany

Post by Wolfram »

owned_tm wrote: rename to what?????
it will not be use again??
You can also delete the file. But I would rename and keep it just in case you might need it someday (which never happened to me).
BP6, RU BIOS, XP SP3, ACPI, 2x366@523(1,95V), Pentalpha HS + 1x 12cm fan @5V, 768MB, Powercolor Geforce 3, RTL8139D NIC, Terratec EWS64L, Samsung M40 80GB (2,5''), LiteOn CDRW
Post Reply