adeptid

I don't know if anyone is aware of this or if it has been brought up here before, and I've not found mention of it from a quick review of this forum so I'll go ahead and cover it.

Everyone by now is pretty familiar with the flaws in Mr. Gates' primary OS programs and the exploitation &/or piracy of them by various nefarious factions of our society.

Mr. Gates is also aware of this as well and has taken precautions to insure that no one runs ("pirates") his OS without having actually purchased it. The first of these precautions was publicly televised in early September, I believe, in the form of a press release wherein the "piracy" issue was brought up and all were advised that as of such date (I think that it was the 10th. of September), Microsoft would conduct a "scan" of the hard drives of all consumers computers when they logged into the Microsoft website for "updates" to determine whether or not the consumer was running an "authorized" version of a "legitimate" copy of the Windows OS program.

Yes, there were several outcries from the populace over "invasion of privacy" issues and "big brother" tactics that went largely unheard or were readily discounted by Microsoft spokespeople who stipulated that the "scans" would be limited to only verifying that the OS "registries" were legitimately "activated" and "registered" with Microsoft and not the contents of the consumers hard drives in their entirety.

This went back and forth for awhile and is, I think, currently tied up in litigation over the legality if such actions by a world wide conglomerate.

Microsoft has, apparently, found a way around this by encrypting code in their CD's that they market for the XP OS that instructs your computer to "disable" it's "firewall" and "antivirus" programs when prompted from an outside source!, thereby leaving our computers devoid of any protection from prying eyes what so ever during this "update" process.

People familiar with Microsoft and the numerous fallacies that plague their OS or are exploited by certain factions (a.k.a., "hackers") in our society can readily recognize the significance of this and the seriousness of the impact that it has on all consumers at large around the world that run the Windows OS.

To see what I'm referring to, simply open the "Run" window on your computer desktop and type in "regedit" and hit "enter" to open the "Registry Editor" that will display the contents of your OS registry. Click on the "+" beside "HKEY_LOCAL_MACHINE" to expand it, then click on the "+" beside "SOFTWARE" to expand that, then the "+" beside "Microsoft", and right click on "Security Center".

You'll then be able to see the commands listed there to "disable" any & all virus/spyware/firewall programs that you may have installed on your computer for protection.

Clicking the "+" beside "Monitoring" will display a list of various virus/spyware/firewall providers that the encrypted code is actively "monitoring" to "disable" when it recieves the command to do so I think.

Now just how underhanded is that?!?

Amir904

use linux

adeptid

Or, "delete" that particular registry "key" whenever you start your computer before you log onto the web as I've found that it reloads itself during startup.

Unfortunately, I've been unable to remove it or disable it completely (I don't know why, perhaps some sub -registry command???), but this seems to prevent it from functioning during my web sessions and saves me the addition expense of purchasing yet another OS (i.e., "Linux").

Churnd

Purchase Linux? Why? It's free.

But if you find a way around that, do share. I'm interested.

WATRD

Perhaps you should do some research on what you are asserting before you post it and come off as some sort of Chicken Little, screaming that the sky is falling and the world is coming to an end...

Were there any actual facts in that cut and paste from some anti-ms conspiracy website, it might be fun to go through them line by line, but instead what you posted is just regurgitated drivel. Your lack of understanding of the facts is only exceeded by your lack of understanding of computer science.

Do a little research, but first, you might want to put on your tinfoil hat and write your own operating system so that you can be safe from MS peeping in through your blinds with their mind reading equipment...

*sigh*

Churnd

Thanks for clearing that up, Rob.

I am curious though... with all the virii and spyware I've been battling as of late, I've seen a few instances on XP where the firewall had been disabled when it was previously enabled and other problems of that sort. I'd really like to figure out what the virus or worm or trojan or whateverthehell is doing to cause this so I can prevent it.

WATRD

Let me clarify a bit. The key referenced does exist, but it has no purpose as a backdoor as the author of that post would lead you to believe.

The Security Center was turned on in XP by SP2. All that registry key does is keep track of the settings within Security Center, in the same way that there is a key that keeps track of the last position and size that Notepad was used in.

As far as checking that your Windows is genuine when using Windows Update, that part is true. Windows Update does a check now for "WGA" or Windows Genuine Advantage". It doesn't search your hard drive, read your mind or anything else. In fact, in keeping with Windows Update policies, it doesn't even upload anything, all the checking is done on your machine with a downloaded Active X control. Read the WU privacy statement for more info...

I really like how the original poster put the word legitimate in quotes... it's pretty simple, either you bought your copy of Windows or you stole it, like anything else that is for sale. If you don't like the idea that MSFT sells it's products, then don't buy them and go completely open source.

As far as your firewall being disabled, that is worth looking into. It's certainly not MSFT who will go out of their way to get you to ENABLE it...

adeptid

Uh, wow! Ok, WATRD, my "research" is derived from nationally advertised news clips on CNN, CNBC, CNBW, FNC, WNBC, NBC, ABC, CBS, WGN, MTV, G4, etc., etc., and the information that I found by following the simple commands:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Security/Security Center>Monitoring
Perhaps if you were to do the same "research" for yourself you, too, would then see it and then not be so prompt to offer such belittling commentary to someone, a "noob" at that, who was just trying to offer some helpful advice to those here.

Did'nt I read something in the "Rules" about not "attacking members", as I feel your post was to me, an attack, when all I'm doing is trying to help.

PS. Chicken "who"?

adeptid

WATRD, sir, to clarify:

Should you actually bother to "research" this issue you will find the following displayed in white letters on your screen:

AntiVirusDisableNotify 0x00000000 (0)
AntiVirusOverride 0x00000001 (1)
FirewallDisableNotify 0x00000000 (0)
FirewallOverride 0x00000000 (0)
FirstRunDisabled 0x00000000 (1)
UpdatesDisableNotify 0x00000000 (0)

Now while I don't see anything in there about "mind reading" or "tin foil hats", I definitely see the words "Disable" and "Override" being used in referenced in regards to my firewall and antivirus programs, as well as their ability to conduct a "FirstRun" or "Update" even..., uh, sir.

WATRD

Great! Those news organizations have wonderful websites. Point me to the stories that support your position and I will read them.

This actually an area that I know a bit about. Take a look at my location and profile and see if you can figure out why that might be...

The rule against flaming is designed to prevent personal attacks, it's not there for you to hide behind. When you come on here, make wild accusations with no substance and no substantiation, then someone calls you on it, it is not appropriate to then hide behind a rule you are selectively choosing to invoke. I could easily argue that the original post was an unprovoked and unsubstantiated attack on MSFT. Why is that any different? It is your position I am attacking, not you...

Back up your position with some facts, then it might actually prove to be useful.

adeptid

See my above post, sir.

WATRD

That is a record of whether the user/admin on the box has disabled or overridden those features. Did you even read the part where I mentioned that and compared to the setting recorded in the registry by notepad? HUNDREDS of items are recorded in the Windows registry. Try doing a search on "Disable", registry wide and you will see many, many examples.

adeptid

So, you are employed by Microsoft??
If that is the case, then I applaud your protecting your interests by sticking up for your employer, however, that still does'nt make you or them right. (Sorry, could'nt tell much from clicking on your pic other than you are in WA and are a/the chief member of WATRD).
Additionally, I did'nt get the info about the MS hard drive scans off of the net, I got them from watching the news on the television, but I can probally do a search of one of the online news channel sites and come up with the info for you..., be back in a bit.

Scottiac

Gentle sirs,

The key does in fact exist. Security Center does have the ability to interact with several antivirus packages, by design, and with the active cooperation of those vendors. Reference:
http://www.microsoft.com/windowsxp/u...eavalerts.mspx for a little insight on the details there.

Examples of the AV packages that interact with Security Center (and therefore may be featured in registry keys so Security Center can do it's job when necessary) can be seen here:
http://www.microsoft.com/athome/secu...-us/flist.mspx

I realize that it is popular to demonize MS, Mr. Gates, and Windows flavors everywhere, but the assertion provided in the original post does not in fact present a conclusive argument that MS disables "rival" AV software as a matter of course.

The existence of a setting with no information as to how that setting is used by the internal software is fairly useless.

In fact, given the technical acumen available to the AV vendors (some of the sharper tools in the shed), they'd be the first to know if MS had an institutional disable on their software as a feature of the OS. And they'd scream bloody blue murder, which they haven't.

I find that a fairly convincing argument that such a feature is not an attribute of the MS Security Center component.

Both of ya need to cool your jets a little bit. While I think the tone of both of your streams were equivalent in vitriol, neither is ideal for a convincing argument (particularly if you are trying to be convincing to innocent bystanders! ).

WATRD

adeptid

The beauty of you you tilting at windmills in this thread is that, having read this forum for a while, I know most of the folks here are smart enough to not be taken in by your panic attack. Most of them have a strong enough knowledge to know that because the word "disable" is listed in the registry, that doesn't make it a secret way for MSFT to invade their systems.

I am so looking forward to you presenting some actual "evidence" to support your position. Who I work for doesn't make me right, but the fact that I have knowledge of the technology we are discussing and you are only repeating conspiracy theories certainly sheds some light on the situation.

WATRD

Perhaps, but it gets me worked up when someone offers up some completely baseless, black helicopter theory without any supporting evidence, particularly on a subject that I know a great deal about and is very near and dear to my heart.

Were I to not counter that, those "innocent bystanders" would hear only the baseless accusation. But, point taken. I will sit back and await some factual support...

Scottiac

I agree with your intent, I was merely commenting on the word choices, I think. You were perfectly correct to comment, and your unique knowledge makes you eminently qualified to do so. And honestly, I and the rest of the community, are glad you did. It just seemed that the discussion was starting to degenerate into name calling instead of a technical exchange of valid information. (This is for both of you, not targetted to either one). But I'm no moderator, and am oh so happy for it! So, having thrown my two cents in, I'm done!

Churnd

[hillbilly]Yeah, y'all behave yo'selves or I's gon' get me a switch.[/hillbilly]

Seriously though, let's make this a learning experience and not a battle of the wits. I, for one, am very intrigued.

adeptid

Ok, I'm back and I've found what you wanted WATRD, non-to surprisingly right there in your neck of the woods and not at all too far from your front door either in Redmon, WA.

When you want to get to the bottom of things it is always best to get it from the "horses mouth" is one of the best "lessons of life" that one can learn and so, from the "horse", I submit the following:

"Windows Genuine Advantage 1.0 Goes Live: Global anti-piracy initiative ensures software authenticity, performance & support while providing ongoing system improvements".

I found this article @:

http://www.microsoft.com/presspass/p...-25WGA1PR.mspx

Is this supportive enough to validate my so-called "conspiracy" theorising??

And thanks Scottiac for the support..., I called no names here.

adeptid

No, no, not the switches (quick memories of a very dysfunctional childhood flash before my eyes and quickly recede)

I, too, am intrigued by this find as in my job as a design engineer it is often necessary to exchange ideas and thoughts across the web with other like-minded individuals and the security of those exchanges is always an issue due to the potential for corporate espionage and other such issues.

Unfortunately though, Churnd, I've just discovered that the key automatically resets itself as soon as I close out the registry back to "My Computer" and that I can only delete it to a message that shows a sheet of torn paper with the lower case letters "ab" on it in red listed as "(Default)" under the header "Name", with a "Type" given as "REG_SZ" and a "Date" of "(valuenotset)", i.e.:

Name Type Date
ab (Default) REG_SZ (valuenotset)

(I hope that this will be displayed as I've typed it so that you'll be able to see it as I do)

Perhaps if I were to "set" a "value" for it, I would then be able to delete it???
The input of you computer geniuses would be greatly appreciated here.