[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is this true?

  At 10:40 PM -0500 11/13/97, moonwolf@earthling.net wrote:
  >I just got this post from another list I am on, and though I've
  >heard rumors of it before, I never heard quite this story.  Can
  >anyone here confirm this?  It is a major invasion of privacy if
  > Not anti-Microsoft, but PRO-DOS.
  >Those of us who prefer to work with DOS programs like the fact that
  >WE control the program not the program controling us and what is done
  >with and to our computers.
  > FYI, did you know that if you are running W95 and you use it to dial-up
  >the Microsoft Network, that the first thing it does is to transmit to
  >Microsoft a complete listing of ALL files on your system.
  > If you want to test this, dial them up. But first run a TSR program
  >that will record in a Log-file all disk access. After contacting MSN,
  >check the Log-file and you'll see that your FAT was transmitted to MSN.
  > To this day, no-one has been able to get Microsoft to say WHY they are
  >doing this.
  Yes it is true.  I can't vouch for the specifics of it
  being limited to connecting to MSN, but at least there
  is involved the transmission of names and versions of what
  is installed on your system, including non-MS products.
  to Microsoft.
  I had some information on this from two years ago
  when W95 came out, and I will have to dig for it.
  Ah!!  Found it!!
  It is called "Inside the Windows 95 Registration Wizard"
  dated September 11, 1995, by Andrew Schulman (speaking
  at AM this week!), Senior Editor, O'reilly & Associates.
  "Of special concern is RegWiz's ability to collect information on
  applications (both Microsoft and non-Microsoft) that a user has installed on
  their hard disk, and to send this information back to Microsoft via the
  Microsoft Network (MSN). As explained below, the internal name for this
  process is "Product Inventory": it is a feature of the PRODINV.DLL module
  included with Win95."
  I am struck by the use of the word "feature".
  With the list's indulgence I attach it as a text file.
  It is not too long, but goes into sufficient detail to
  explain it all.
  -John Bryan
---------------------------------------------------------------------------- Inside the Windows 95 Registration Wizard September 11, 1995 by Andrew Schulman Senior Editor, O'Reilly & Associates ---------------------------------------------------------------------------- Inside the Windows 95 Registration Wozard The "Online Registration" feature of Microsoft's Windows 95 (Win95), also known as the "Registration Wizard" (RegWiz), has been the subject of much rumor and more or less idle speculation. Of special concern is RegWiz's ability to collect information on applications (both Microsoft and non-Microsoft) that a user has installed on their hard disk, and to send this information back to Microsoft via the Microsoft Network (MSN). As explained below, the internal name for this process is "Product Inventory": it is a feature of the PRODINV.DLL module included with Win95. That Win95 can apparently tell what applications you have installed has generated numerous angry reactions online. For example, a posting in the comp.risks newsgroup claims that Win95 "transmits your entire directory structure in [the background" to MSN. (MSN). Similar claims have appeared on Microsoft's forums on CompuServe, under headings such as "WIN95: Bye, Bye Privacy" and "Computer espionage by M$". Ralph Nader's Consumer Project on Technology has even urged President Clinton "to prevent federal agencies from buying Windows 95 until the information gathering features of the 'Registration Wizard' are disabled or modified" (http://www.essential.org/listproc/tap-info/0169.html - Ralph Nader on Windows 95). Microsoft has responded with a white-paper clarification (http://www.microsoft.com/windows/pr/regwiz.htm - Microsoft white paper clarification on Windows 95 Online Registration Wizard) which acknowledges that the Win95 Registration Wizard (RegWiz) collects the names of applications, but which also points out that the user must explicitly consent before this information is sent via modem to MSN, and that the information can be viewed in the file REGINFO.TXT. While the Microsoft clarification states that RegWiz "is simply an electronic version of the paper-based registration card," this appears not to be true. RegWiz's apparent ability to sniff out what applications you have is not matched by the printed registration card, which merely asks for general information on the sorts of software you use with your computer (Reference & Education, Games & Entertainment, Personal Finance/Organizer, etc.). To see exactly what happens during Windows 95 "Online Registration," I used a utility called FILEMON (File Monitor), by Stan Mitchell (73227.1463@compuserve.com), "Monitoring Windows 95 File Activity in Ring 0," Windows/DOS Developer's Journal, July 1995, pp. 6-24. Mitchell is writing a book on the Windows 95 file system, to be published by O'Reilly & Associates in 1996. FILEMON lets you completely monitor all file-system activity under Windows 95 This makes it perfect for getting to the bottom of the the rumors that have been circulating about RegWiz. The bottom line is that RegWiz, far from conducting an indiscriminate search of a user's hard disk, instead searches for about 100 specific applications, both from Microsoft and from its competitors. RegWiz is launched by clicking the "Online Registration" button in WELCOME.EXE, which is a small program that provides the initial "Welcome to Windows 95" tips and options. Clicking "Online Registration" launches a program named \WINDOWS\SYSTEM\REGWIZ.EXE (the full command line is "regwiz -i Software\Microsoft\Windows\CurrentVersion". REGWIZ.EXE in turn loads a dynamic-link library, \WINDOWS\SYSTEM\PRODINV.DLL This is the "Product Inventory DLL," normally used for compliance checking of upgrades to Microsoft Office programs such as WinWord. (In fact, PRODINV.DLL's internal module name for "COMPLINC," for "compliance checking.") Of course, when you buy the upgrade edition of something like WinWord, there needs to be a mechanism to check that in fact you really do have some previous word processor -- be it a previous version of WinWord, or a competitor's word processor, such as AmiProc or WordPerfect. So there's an _encrypted_ database (the reasons for this encryption are discussed below) inside PRODINV of about 100 or so products, indicating that if a given EXE of a given size range is found within a given subdirectory, then you've got a given product, and are entitled to the reduced-price upgrade. Examining the file PRODINV.DLL turns up some intriguing-sounding strings, such as "Registry Search", "INI File Search", "Big Search", and "Hard Disk Search". The DLL exports a function called "RegProductSearch," which is called by REGWIZ.EXE. Examining the file REGWIZ.EXE turns up the names of the people who worked on it: * - Software development: Tracy Ferrier * - Program management: David Gonzalez, Peggy Angevine * - Quality assurance: Sharmilli Ghosh * - Special thanks to: Evelyn and Lauren RegWiz will list up to twelve applications that a user owns; these are stored in the text file REGINFO.TXT and in the registry, and are uploaded via MSN. The product inventory section of one REGINFO.TXT might look like this: Product Inventory 1 = Microsoft Word for Windows Product Inventory 2 = Personal Oracle 7 Product Inventory 3 = Borland C++ for Windows Product Inventory 4 = Microsoft Visual C++ Product Inventory 5 = Putt Putt Product Inventory 6 = Treehouse Product Inventory 7 = Lotus Notes Product Inventory 8 = CompuServe Product Inventory 9 = Product Inventory 10 = Product Inventory 11 = Product Inventory 12 = It's worth noting that the sample "Product Inventory" screen in Microsoft's white-paper clarification shows only Microsoft programs. But the upset generated by RegWiz has been due, of course, to its collection of information regarding _non-Microsoft_ programs. The applications in which RegWiz takes an interest are as follows (the names come directly from the PRODINV product inventory): Applications Detected by Win95 Registration Wizard: 3-D Dinosaur Adventure Aldus Pagemaker for Windows Aldus Persuasion America On-line AmiPro for Windows Approach for Windows Bookshelf 94 for Windows Borland C++ for Windows Borland Dbase Borland Delphi Borland Paradox for DOS Borland Paradox for Windows CA - Visual Objects Charisma Charisma for Windows Clipper Complete Baseball for Windows Comptons Multimedia Encyclopedia CompuServe Corel Draw for Windows Crayola Art Studio Creative Writer Creative Writer - Ghost Mysteries DataEase DataEase for Windows dBase for Windows Director's Lab DOS Encarta Fine Artist Flight Simulator FoxPro for DOS FoxPro for Windows - Standard Freddi Fish Gupta SQL Windows Harvard Graphics Haunted House Internet In A Box Kid Pix DOS Kid Pix WIN Lion King Print Studio Lion King Story Book Lotus 123 for Windows Lotus Notes Lotus123 for DOS Mathblaster Episode 1 Mathblaster Episode 2 Microsoft Access Developers Toolkit Microsoft Access for Windows Microsoft Access Upsizing Tool Microsoft Encarta '95 Microsoft Excel for Windows Microsoft Money Microsoft Office for Windows Microsoft Powerpoint for Windows Microsoft Project for Windows Microsoft Publisher Microsoft Visual Basic Professional Microsoft Visual C++ Microsoft Visual FoxPro for Windows Microsoft Word for DOS Microsoft Word for Windows Microsoft Works for Windows Mind Your Money Money MSB - Human Body MSB - Solar My First Encyclopedia NCSA Mosaic for Windows Oregon Trail Oregon Trail 2 Personal Oracle 7 PGA Tour 486 Playroom PowerBuilder Enterprise 4 for NT PowerBuilder Enterprise 4 for Windows PowerPlus Print Shop Deluxe for Windows Prodigy Putt Putt Quattro Pro for DOS Quattro Pro for Windows Quick C for Windows Quicken for Windows Rabbit Ears - Leopard Reader Rabbit 1 Reader Rabbit 2 Relentless Scenes Spider Man Cartoon Maker SuperBase Treehouse Turbo Pascal for Windows Where in Space is Carmen San Diego Where in the USA is Carmen Where in the World is Carmen San Diego Wine Guide WordPerfect for DOS WordPerfect for DOS WordPerfect for Windows While there are many Microsoft applications listed here, note that there are also many from other vendors. Some major commercial applications, such as Lotus Freelance Graphics, do not appear on the list, while many programs for children, such as Treehouse and Reader Rabbit, are included. Given that RegWiz ships this information over the Microsoft Network (MSN), it's interesting to note that RegWiz is checking for the major online services that compete with MSN, such as America On-line, CompuServe, and Prodigy. Two Internet-related products, NCSA Mosaic for Windows and Internet in a Box, appear on the list, but Netscape does not. Most striking, of course, is the presence of many non-Microsoft productivity applications, such as AmiPro for Windows, Borland Dbase, Borland Paradox, Gupta SQL Windows, Lotus Notes, Lotus 123, Personal Oracle 7, Quattro Pro, and WordPerfect. Is all this a cause for concern? After all, as Microsoft points out, the user must explicitly allow RegWiz to upload this information to Microsoft. The user can choose not to run Online Registration at all. They can, without any harm to Win95, delete REGWIZ.EXE and even WELCOME.EXE. But what is a Microsoft Office upgrade mechanism doing as part of the operating system's online registration? Why is the operating system being used to collect customer lists and/or statistical information on applications that compete with those from Microsoft? The Registration Wizard appears to be yet another case in which Microsoft has blurred distinction (whatever distinction remains) between its applications and operating-system divisions. Were I a Microsoft competitor whose product appeared in the encrypted PRODINV database, I wouldn't be particularly happy with Microsoft acquiring (for free) a good chunk of my customer list, via online registration for Windows 95, which is supposed to be a platform supporting my product. So, it's not really an invasion of privacy issue, but is very possibly an anti-competitive problem: Microsoft is using its control over the operating system to gain information about applications that compete with its own applications. How does PRODINV determine that you have one or more of the products in its encrypted database? Running the FILEMON utility alongside RegWiz revealed that a large number of directory names were being checked. The output from FILEMON looks like this (... indicates that lines removed for brevity): Extract from FILEMON Output 031 Open [c1065964 {c104ca54 C:\WIN95\WELCOME.EXE .... 060 Open [c10658b4 {c104ca54 C:\WIN95\SYSTEM\REGWIZ.EXE .... 098 Open [c10646d0 {c104ca54 C:\WIN95\SYSTEM\PRODINV.DLL .... 175 e GetAttrib {c104ca54 C:\ACCESS 176 e GetAttrib {c104ca54 C:\MSOFFICE\ACCESS 177 e GetAttrib {c104ca54 C:\WORLDMPC 178 e GetAttrib {c104ca54 C:\SPACE 179 e GetAttrib {c104ca54 C:\CAVO 180 e GetAttrib {c104ca54 C:\DBASEWIN\BIN 181 e GetAttrib {c104ca54 C:\DELPHI 182 e GetAttrib {c104ca54 C:\DELPHI\BIN 183 e GetAttrib {c104ca54 C:\DISNEY\LKASB 184 e GetAttrib {c104ca54 C:\LKSTUDIO 185 e GetAttrib {c104ca54 C:\MYMWIN2 186 e GetAttrib {c104ca54 C:\ORAWIN\BIN 187 e GetAttrib {c104ca54 C:\PB4 188 e GetAttrib {c104ca54 C:\PB4NT 189 e GetAttrib {c104ca54 C:\TLCARR1 .... 251 e GetAttrib {c104cc68 E:\AOL20 252 e GetAttrib {c104cc68 E:\WAOL 253 e GetAttrib {c104cc68 E:\BC4 254 e GetAttrib {c104cc68 E:\CSERVE 000 e GetAttrib {c104cc68 E:\AMIPRO 001 e GetAttrib {c104cc68 E:\PRODIGY 002 e GetAttrib {c104cc68 E:\ALDUS 003 e GetAttrib {c104cc68 E:\IBOX 004 e GetAttrib {c104cc68 E:\DBASE .... 107 e GetAttrib {c104cc68 E:\KAATREE 108 e GetAttrib {c104cc68 E:\TREEHSE Simplifying the FILEMON output, here is a complete list of the directories for which RegWiz (actually, the ProdInv "product inventory" module) searches: Directories Scanned by Win95 Registration Wizard \123R4D \123R4W \ACCESS \ALDUS \AMIPRO \AOL20 \APPROACH \BASEBALL \BC4 \BS \CAVO \CHARISMA \CIE \CLIPPER5\BIN \CLIPPER5\LIB \CRAYOLA \CSERVE \DBASE \DBASEWIN\BIN \DEASE \DELPHI \DELPHI\BIN \DEWIN \DINO3D \DISNEY\LKASB \ENCARTA \EXCEL \FLTSIM5 \FOXPRO2 \FOXPROW \FPW26 \GUPTA \HG \HG3 \HGW \IBOX \KA\SPIDERCM \KAATREE \KIDPIX \LKSTUDIO