[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is this true?
At 10:40 PM -0500 11/13/97, moonwolf@earthling.net wrote:
>I just got this post from another list I am on, and though I've
>heard rumors of it before, I never heard quite this story. Can
>anyone here confirm this? It is a major invasion of privacy if
>true.
>
>
>*****
> Not anti-Microsoft, but PRO-DOS.
>Those of us who prefer to work with DOS programs like the fact that
>WE control the program not the program controling us and what is done
>with and to our computers.
> FYI, did you know that if you are running W95 and you use it to dial-up
>the Microsoft Network, that the first thing it does is to transmit to
>Microsoft a complete listing of ALL files on your system.
> If you want to test this, dial them up. But first run a TSR program
>that will record in a Log-file all disk access. After contacting MSN,
>check the Log-file and you'll see that your FAT was transmitted to MSN.
> To this day, no-one has been able to get Microsoft to say WHY they are
>doing this.
>
>
>******
Yes it is true. I can't vouch for the specifics of it
being limited to connecting to MSN, but at least there
is involved the transmission of names and versions of what
is installed on your system, including non-MS products.
to Microsoft.
I had some information on this from two years ago
when W95 came out, and I will have to dig for it.
Ah!! Found it!!
It is called "Inside the Windows 95 Registration Wizard"
dated September 11, 1995, by Andrew Schulman (speaking
at AM this week!), Senior Editor, O'reilly & Associates.
Clip:
"Of special concern is RegWiz's ability to collect information on
applications (both Microsoft and non-Microsoft) that a user has installed on
their hard disk, and to send this information back to Microsoft via the
Microsoft Network (MSN). As explained below, the internal name for this
process is "Product Inventory": it is a feature of the PRODINV.DLL module
included with Win95."
I am struck by the use of the word "feature".
With the list's indulgence I attach it as a text file.
It is not too long, but goes into sufficient detail to
explain it all.
-John Bryan
----------------------------------------------------------------------------
Inside the Windows 95 Registration Wizard
September 11, 1995
by Andrew Schulman
Senior Editor, O'Reilly & Associates
----------------------------------------------------------------------------
Inside the Windows 95 Registration Wozard
The "Online Registration" feature of Microsoft's Windows 95 (Win95), also
known as the "Registration Wizard" (RegWiz), has been the subject of much
rumor and more or less idle speculation.
Of special concern is RegWiz's ability to collect information on
applications (both Microsoft and non-Microsoft) that a user has installed on
their hard disk, and to send this information back to Microsoft via the
Microsoft Network (MSN). As explained below, the internal name for this
process is "Product Inventory": it is a feature of the PRODINV.DLL module
included with Win95.
That Win95 can apparently tell what applications you have installed has
generated numerous angry reactions online. For example, a posting in the
comp.risks newsgroup claims that Win95 "transmits your entire directory
structure in [the background" to MSN. (MSN). Similar claims have appeared on
Microsoft's forums on CompuServe, under headings such as "WIN95: Bye, Bye
Privacy" and "Computer espionage by M$".
Ralph Nader's Consumer Project on Technology has even urged President
Clinton "to prevent federal agencies from buying Windows 95 until the
information gathering features of the 'Registration Wizard' are disabled or
modified" (http://www.essential.org/listproc/tap-info/0169.html - Ralph
Nader on Windows 95).
Microsoft has responded with a white-paper clarification
(http://www.microsoft.com/windows/pr/regwiz.htm - Microsoft white paper
clarification on Windows 95 Online Registration Wizard) which acknowledges
that the Win95 Registration Wizard (RegWiz) collects the names of
applications, but which also points out that the user must explicitly
consent before this information is sent via modem to MSN, and that the
information can be viewed in the file REGINFO.TXT.
While the Microsoft clarification states that RegWiz "is simply an
electronic version of the paper-based registration card," this appears not
to be true. RegWiz's apparent ability to sniff out what applications you
have is not matched by the printed registration card, which merely asks for
general information on the sorts of software you use with your computer
(Reference & Education, Games & Entertainment, Personal Finance/Organizer,
etc.).
To see exactly what happens during Windows 95 "Online Registration," I used
a utility called FILEMON (File Monitor), by Stan Mitchell
(73227.1463@compuserve.com), "Monitoring Windows 95 File Activity in Ring
0," Windows/DOS Developer's Journal, July 1995, pp. 6-24. Mitchell is
writing a book on the Windows 95 file system, to be published by O'Reilly &
Associates in 1996.
FILEMON lets you completely monitor all file-system activity under Windows
95 This makes it perfect for getting to the bottom of the the rumors that
have been circulating about RegWiz.
The bottom line is that RegWiz, far from conducting an indiscriminate search
of a user's hard disk, instead searches for about 100 specific applications,
both from Microsoft and from its competitors.
RegWiz is launched by clicking the "Online Registration" button in
WELCOME.EXE, which is a small program that provides the initial "Welcome to
Windows 95" tips and options. Clicking "Online Registration" launches a
program named \WINDOWS\SYSTEM\REGWIZ.EXE (the full command line is "regwiz
-i Software\Microsoft\Windows\CurrentVersion".
REGWIZ.EXE in turn loads a dynamic-link library, \WINDOWS\SYSTEM\PRODINV.DLL
This is the "Product Inventory DLL," normally used for compliance checking
of upgrades to Microsoft Office programs such as WinWord. (In fact,
PRODINV.DLL's internal module name for "COMPLINC," for "compliance
checking.") Of course, when you buy the upgrade edition of something like
WinWord, there needs to be a mechanism to check that in fact you really do
have some previous word processor -- be it a previous version of WinWord, or
a competitor's word processor, such as AmiProc or WordPerfect. So there's an
_encrypted_ database (the reasons for this encryption are discussed below)
inside PRODINV of about 100 or so products, indicating that if a given EXE
of a given size range is found within a given subdirectory, then you've got
a given product, and are entitled to the reduced-price upgrade.
Examining the file PRODINV.DLL turns up some intriguing-sounding strings,
such as "Registry Search", "INI File Search", "Big Search", and "Hard Disk
Search". The DLL exports a function called "RegProductSearch," which is
called by REGWIZ.EXE.
Examining the file REGWIZ.EXE turns up the names of the people who worked on
it:
* - Software development: Tracy Ferrier
* - Program management: David Gonzalez, Peggy Angevine
* - Quality assurance: Sharmilli Ghosh
* - Special thanks to: Evelyn and Lauren
RegWiz will list up to twelve applications that a user owns; these are
stored in the text file REGINFO.TXT and in the registry, and are uploaded
via MSN. The product inventory section of one REGINFO.TXT might look like
this:
Product Inventory 1 = Microsoft Word for Windows
Product Inventory 2 = Personal Oracle 7
Product Inventory 3 = Borland C++ for Windows
Product Inventory 4 = Microsoft Visual C++
Product Inventory 5 = Putt Putt
Product Inventory 6 = Treehouse
Product Inventory 7 = Lotus Notes
Product Inventory 8 = CompuServe
Product Inventory 9 =
Product Inventory 10 =
Product Inventory 11 =
Product Inventory 12 =
It's worth noting that the sample "Product Inventory" screen in Microsoft's
white-paper clarification shows only Microsoft programs. But the upset
generated by RegWiz has been due, of course, to its collection of
information regarding _non-Microsoft_ programs.
The applications in which RegWiz takes an interest are as follows (the names
come directly from the PRODINV product inventory):
Applications Detected by Win95 Registration Wizard:
3-D Dinosaur Adventure Aldus Pagemaker for Windows
Aldus Persuasion America On-line
AmiPro for Windows Approach for Windows
Bookshelf 94 for Windows Borland C++ for Windows
Borland Dbase Borland Delphi
Borland Paradox for DOS Borland Paradox for Windows
CA - Visual Objects Charisma
Charisma for Windows Clipper
Complete Baseball for Windows Comptons Multimedia Encyclopedia
CompuServe Corel Draw for Windows
Crayola Art Studio Creative Writer
Creative Writer - Ghost Mysteries DataEase
DataEase for Windows dBase for Windows
Director's Lab DOS Encarta
Fine Artist Flight Simulator
FoxPro for DOS FoxPro for Windows - Standard
Freddi Fish Gupta SQL Windows
Harvard Graphics Haunted House
Internet In A Box Kid Pix DOS
Kid Pix WIN Lion King Print Studio
Lion King Story Book Lotus 123 for Windows
Lotus Notes Lotus123 for DOS
Mathblaster Episode 1 Mathblaster Episode 2
Microsoft Access Developers Toolkit Microsoft Access for Windows
Microsoft Access Upsizing Tool Microsoft Encarta '95
Microsoft Excel for Windows Microsoft Money
Microsoft Office for Windows Microsoft Powerpoint for Windows
Microsoft Project for Windows Microsoft Publisher
Microsoft Visual Basic Professional Microsoft Visual C++
Microsoft Visual FoxPro for Windows Microsoft Word for DOS
Microsoft Word for Windows Microsoft Works for Windows
Mind Your Money Money
MSB - Human Body MSB - Solar
My First Encyclopedia NCSA Mosaic for Windows
Oregon Trail Oregon Trail 2
Personal Oracle 7 PGA Tour 486
Playroom PowerBuilder Enterprise 4 for NT
PowerBuilder Enterprise 4 for Windows PowerPlus
Print Shop Deluxe for Windows Prodigy
Putt Putt Quattro Pro for DOS
Quattro Pro for Windows Quick C for Windows
Quicken for Windows Rabbit Ears - Leopard
Reader Rabbit 1 Reader Rabbit 2
Relentless Scenes
Spider Man Cartoon Maker SuperBase
Treehouse Turbo Pascal for Windows
Where in Space is Carmen San Diego Where in the USA is Carmen
Where in the World is Carmen San Diego Wine Guide
WordPerfect for DOS WordPerfect for DOS
WordPerfect for Windows
While there are many Microsoft applications listed here, note that there are
also many from other vendors. Some major commercial applications, such as
Lotus Freelance Graphics, do not appear on the list, while many programs for
children, such as Treehouse and Reader Rabbit, are included.
Given that RegWiz ships this information over the Microsoft Network (MSN),
it's interesting to note that RegWiz is checking for the major online
services that compete with MSN, such as America On-line, CompuServe, and
Prodigy. Two Internet-related products, NCSA Mosaic for Windows and Internet
in a Box, appear on the list, but Netscape does not.
Most striking, of course, is the presence of many non-Microsoft productivity
applications, such as AmiPro for Windows, Borland Dbase, Borland Paradox,
Gupta SQL Windows, Lotus Notes, Lotus 123, Personal Oracle 7, Quattro Pro,
and WordPerfect.
Is all this a cause for concern? After all, as Microsoft points out, the
user must explicitly allow RegWiz to upload this information to Microsoft.
The user can choose not to run Online Registration at all. They can, without
any harm to Win95, delete REGWIZ.EXE and even WELCOME.EXE.
But what is a Microsoft Office upgrade mechanism doing as part of the
operating system's online registration? Why is the operating system being
used to collect customer lists and/or statistical information on
applications that compete with those from Microsoft? The Registration Wizard
appears to be yet another case in which Microsoft has blurred distinction
(whatever distinction remains) between its applications and operating-system
divisions. Were I a Microsoft competitor whose product appeared in the
encrypted PRODINV database, I wouldn't be particularly happy with Microsoft
acquiring (for free) a good chunk of my customer list, via online
registration for Windows 95, which is supposed to be a platform supporting
my product.
So, it's not really an invasion of privacy issue, but is very possibly an
anti-competitive problem: Microsoft is using its control over the operating
system to gain information about applications that compete with its own
applications.
How does PRODINV determine that you have one or more of the products in its
encrypted database? Running the FILEMON utility alongside RegWiz revealed
that a large number of directory names were being checked. The output from
FILEMON looks like this (... indicates that lines removed for brevity):
Extract from FILEMON Output
031 Open [c1065964 {c104ca54 C:\WIN95\WELCOME.EXE
....
060 Open [c10658b4 {c104ca54 C:\WIN95\SYSTEM\REGWIZ.EXE
....
098 Open [c10646d0 {c104ca54 C:\WIN95\SYSTEM\PRODINV.DLL
....
175 e GetAttrib {c104ca54 C:\ACCESS
176 e GetAttrib {c104ca54 C:\MSOFFICE\ACCESS
177 e GetAttrib {c104ca54 C:\WORLDMPC
178 e GetAttrib {c104ca54 C:\SPACE
179 e GetAttrib {c104ca54 C:\CAVO
180 e GetAttrib {c104ca54 C:\DBASEWIN\BIN
181 e GetAttrib {c104ca54 C:\DELPHI
182 e GetAttrib {c104ca54 C:\DELPHI\BIN
183 e GetAttrib {c104ca54 C:\DISNEY\LKASB
184 e GetAttrib {c104ca54 C:\LKSTUDIO
185 e GetAttrib {c104ca54 C:\MYMWIN2
186 e GetAttrib {c104ca54 C:\ORAWIN\BIN
187 e GetAttrib {c104ca54 C:\PB4
188 e GetAttrib {c104ca54 C:\PB4NT
189 e GetAttrib {c104ca54 C:\TLCARR1
....
251 e GetAttrib {c104cc68 E:\AOL20
252 e GetAttrib {c104cc68 E:\WAOL
253 e GetAttrib {c104cc68 E:\BC4
254 e GetAttrib {c104cc68 E:\CSERVE
000 e GetAttrib {c104cc68 E:\AMIPRO
001 e GetAttrib {c104cc68 E:\PRODIGY
002 e GetAttrib {c104cc68 E:\ALDUS
003 e GetAttrib {c104cc68 E:\IBOX
004 e GetAttrib {c104cc68 E:\DBASE
....
107 e GetAttrib {c104cc68 E:\KAATREE
108 e GetAttrib {c104cc68 E:\TREEHSE
Simplifying the FILEMON output, here is a complete list of the directories
for which RegWiz (actually, the ProdInv "product inventory" module)
searches:
Directories Scanned by Win95 Registration Wizard
\123R4D \123R4W \ACCESS \ALDUS
\AMIPRO \AOL20 \APPROACH \BASEBALL
\BC4 \BS \CAVO \CHARISMA
\CIE \CLIPPER5\BIN \CLIPPER5\LIB \CRAYOLA
\CSERVE \DBASE \DBASEWIN\BIN \DEASE
\DELPHI \DELPHI\BIN \DEWIN \DINO3D
\DISNEY\LKASB \ENCARTA \EXCEL \FLTSIM5
\FOXPRO2 \FOXPROW \FPW26 \GUPTA
\HG \HG3 \HGW \IBOX
\KA\SPIDERCM \KAATREE \KIDPIX \LKSTUDIO