When I got last month’s bill from my ISP, I noticed I was charged for “extra usage”. This has never happened before. The difference in my PC is that I intalled XP last month.
Since then, I’ve noticed that while connected - even when idle - the TX/RX light on my DSL modem is always flashing. It goes particularly mental when I’m connected from my user account and then my other half switches to his user account.
So, something is polling the modem, and I’m paying for it. It has to be related to the fact that I’m now using XP. How do I make it stop?
My gut feeling is that you picked up a nasty somwhere in your travels. The first thing I’d do is get a firewall. I personally recommend ZoneAlarm. Next I’d download and run both Adaware and Spybot. Hopefully that will cut down on unwanted traffic.
XP is in constant contact with a server at Microsoft, sending the details of every website you visit, every file you download or open, every task you perform, your passwords and personal details that you fill in on forms, to a database that MS allows exists, but they say they won’t use the information against you or for profit. (Wanna buy a bridge?)
The best thing you could do is wipe the hard drive and put on Windows 2000 Professional.
While XP does seem to want to contact the mother ship periodically (one of these days I’m going to sniff the packets and see exactly what it’s doing) it doesn’t do it often enough to peg the usage of a DSL modem. I second QEDs suggestion that it probably is a bit of spamware, but it could also be a virus. Om addition to zonalarm and adaware, make sure you disable microsoft file and print sharing. Those are easy ways into your computer. Also make sure your administrator password isn’t something that would be easily cracked. If you haven’t already done so, upgrade to service pack 1 since it has a rather important fix for a flaw that allows things like the blaster worm to get into your system.
Anyone who has a decent firewall installed knows that this is simply nonsense, inasmuch as the firewall isn’t detecting this urban-legend “phone home” activity.
I run XP (I love it!) and a cable modem. I had a question about XP, so I called the Cust Serv dept. For those that run anything other than XP, you have to register it. Anyway, when I called, I gave them my home phone number and I was suddenly listening to the confirmation of my home address, phone number and e-mail address. They know everything. But I still love Microsoft.
Point is, if you’re running Microsoft OS, they know everything. But I’m not a fan of NAMBLA, so I couldn’t give a shit is someone monitoring my web surfing.
Hope that helped. I’m off to tell Chile how to start a Utopia, since I know everything.
I agree that the “extra usage” charge indicates that scott evil’s PC may have picked up something nasty.
However, just because your modem light is blinking like mad doesn’t automatically lead to that conclusion. Once you’re on a broadband hookup, it’s not unusual to experience 50-100 ARP (address resolution protocol) “hits” every second. There’s nothing sinister about this activity, which occurs at a low level in the IP stack - it’s just how a network figures out which machine each packet is supposed to be sent to (over-simplifying).
That activity shouldn’t be measured as “usage” by you, however, since it’s just necessary network “chatter.” Your measured usage should only include stuff that you’re actually doing, so those excess charges indicate a deeper problem, as others have indicated.
These urban legends about Windows XP and the “all-knowing, all-seeing evil Microsoft” would be amusing if they weren’t also very tiresome. duffer, when you phoned Microsoft, you wouldn’t even have to give them your phone number for them to know your name and address. After all, “caller ID” that makes that information available to anyone - your phone number can be instantly determined, and that, combined with a commonly-available database, yields the other information.
On the other hand, I seriously doubt that they knew your email address based upon some “spy” software feature. I suspect that you simply had registered some other MS software product in the past, and had given them an email address. Nothing sinister, no magic - they just keep customer info in a database, like any other company.
Early Out, I’m hoping this doesn’t get into a pissing match, I assume you wouldn’t know this (how could you?). I have software I adapted from my sat card burner that I run the phone through to block the number. I didn’t trust the phone company to keep the unlisted number blocked from Caller ID. Hell, AOL had the number right there even though it was supposed to be blocked. (This was temp, had to be an AOLoser for 2 weeks waiting for the cable comp to get the modem up) Anyway, there is no way they had the number on the Caller ID. (shit, where was I going with this?)
But you yourself just said that when you called in to register XP, you told Microsoft what your phone number was. If you had previously registered anything with MS, and had given them that phone number, they’d have all the information you gave them in their customer database. No mystery, here.
If you’re asserting that XP reports all kinds of personal info back to Microsoft, I’m going to have to ask for a CITE.
Argh! I knew I was going to screw that up. Yes, I gave the number when I registered. But like I said, I have the phone running through a sat burner program that I modified to block the number on Caller ID’s. I understand how you’re trying to debunk my assertion, all I can say is trust me, the number does NOT show up anywhere (other than a Federal office maybe)
To be honest, I don’t even know how this got started. Too lazy to reread stuff. shrug But the point is, there is no way anyone can get my number on Caller ID.
xp spyware
You may be interested to know that Microsoft is collecting information about YOU and selling it to companies. XP users have found that a process called inetinfo.exe spawns itself and keeps in constant contact with a server, sa.windows.com. When users have tried to stop the process, it respawns itself, and when deleted, windows rebuilds the file. Packets are sent from the process to sa.windows.com, who knows whats in them, software you have installed, where you’ve been online, what youve bought online? Microsoft is using you to make more money, you are merely a tool to them. Careful people, gates is watching…
This is not an urban legend, it is something which I have personally tested and witnessed. It’s phoning home and you can’t delete the .exe that does it. I can’t prove or disprove what they’re doing with the data that is being gathered, but it is nonetheless happening.
In the broadcast industry, where I am employed as an engineer in a 95% automated facility with hundreds of computers, we refuse to use any version of Windows XP. It is the general concensus among radio engineers who have studied programming and who were in on what computers could do for radio stations from the days of DOS, that XP is unsuitable, period, not only because it is in constant contact with the aforementioned MS server. If we have to buy a new computer, the hard drive is immediately wiped and Win2K Pro is installed.
I scarcely know what to make of this. Not only is there no “inetinfo.exe” process running on my WinXP machine, there is no such executable located anywhere on the PC. My firewall has never detected any such process wanting to send packets out, either.
The comment you’ve quoted is not from a columnist or reporter for the publication it appeared in - it’s just a letter from some reader, known only as “peter.” Not exactly authoritative.
I think your “radio engineers” have bought in to an urban legend, and should talk to some computer techies, instead. For their purposes, of course, Win2k may be a better solution, but, I still maintain that there’s no “spyware” in WinXP. I could still be convinced otherwise, but I’ve never seen any, repeat, any evidence that such is the case.
Since we’re passing off blogspeak as expert testimony, I’ll pass this quote off as gospel. I got this from a “News-Group”…
Windows will try to protect you from yourself in some cases by re-installing files it needs that were deleted. As long as IIS is running, it will re-install inetinfo.exe. Once IIS is gone, it deletes like any other file.
Ah, The_Raven, that explains a great deal! Thanks for that helpful morsel of info.
I’m running WinXP Home, which doesn’t include IIS, even as an option. And someone with XP Pro could easily mistake IIS as some sort of spyware program, if he didn’t know any better. Finally, if a user doesn’t need IIS, uninstalling it would certainly be easier than wiping the hard drive and installing a different O/S, based solely upon misplaced paranoia! It’s like someone wiping WinXP and installing WinMe, just to get rid of the Messenger service.
Others have already said as much, but there was a story on Slashdot a year or so ago about how German hackers had identified that whenever XP does one if its “automatic updates”, it sends a list of all the software on your computer to MS–even software MS has no way to update. Since it does this regularly, MS pretty much knows a lot of what you use your XP computer for. It sent other info as well but the original page was in German and I didn’t follow up on it as (still on 98 at this time) it wasn’t my concern.
~
To further elaborate on inetinfo.exe (IIS Admin Service), it is not installed by the default Windows Installation but, rather, has to be selected by the user.
Also, it’s an optional service available both for WinXP and Win2K. I think the Sys Admins at fishbicycle’s office should should brush up on their mad admin skillz.
The problem with stories like this is that they require you to believe some things that just don’t make much sense:
[ul][li]Microsoft, one of the most-scrutinized companies in the world, the center of attention of various groups within the Dept of Justice and a number of states’ Attornies General, is gathering info that is has no right to be gathering, and only an obscure group of German hackers has discovered this fact.[/li][li]The Windows updating software puts up a message indicating that no personal info is being sent to Microsoft. Despite this disclaimer, which should serve as a challenge to every self-respecting hacker in the world, no one other than these Germans has ever simply grabbed the communication stream that it produces and found anything untoward in it.[/li][li]Microsoft would risk a public relations disaster in order to gather this information. What would they be gathering this information for? What would be worth the risk?[/li][li]Microsoft is incurring the enormous expense of maintaining this information in a database. Again, how could this expense be justified?[/li][li]Maybe MS is gathering this info for marketing or software development purposes. But wouldn’t it be far cheaper and infinitely less risky simply to choose a good statistical sample of WinXP users, and just pay them, say, $500 to let MS run some monitoring software on their PCs for a year to gather that kind of info?[/li][li]Maybe MS is gathering this info to protect its copyrights. Of all the possible explanations, this is the only one that has at least a remote possibility of being true. But with the kinds of validation schemes MS is now using, they don’t really need to surreptitiously gather info about the software on users’ PCs, especially given the public relations risk that kind of activity carries with it.[/ul][/li]Whenever one encounters a conspiracy theory about how “they” are gathering personal information about “us,” whether “they” is some corporation or the government, it pays to stop and think about why “they” would even want the information. What would “they” do with it?
Now, someone is sure to come along and say, “Well, how does the updating software know what updates I need, if it isn’t sending info back to MS?”
The answer, simplified for clarity, is that when you run the updater, it downloads an executable to your PC (or just brings down a quick update to the executable that’s already on there). That executable knows what all the latest versions are. It runs on your PC, and compares its master list to what you’ve got on your PC. At the end of that process, it says, “Ah, this user needs Critical Update X, and Recommended Updates Y and Z.” What it sends back to MS is a little packet of info that says, “Show this user a web page telling him that he needs X, Y, and Z, and lets him download them” (or, in the case of the automatic updater, it just downloads the stuff it’s determined that you need). It doesn’t need to send all the detailed information about your PC to Microsoft. In fact, doing it this way reduces the load on Microsoft’s servers enormously, since all the processing is occurring on your PC, not on one of their machines.
