XP's built-in spyware

Hi all,

Does anyone know of a good analysis of Windows XP's
built-in spyware? I am assuming that someone has tried
to figure out what info XP tries to send out, when,
to where etc. using a program like Ethereal as a
starting point.

Thanks.

On 10 Mar 2005, "Yef" <e97y@yahoo.com> wrote in
news:1110463996.993857.122570@l41g2000cwc.googlegr oups.com:

> Does anyone know of a good analysis of Windows XP's
> built-in spyware? I am assuming that someone has tried
> to figure out what info XP tries to send out, when,
> to where etc. using a program like Ethereal as a
> starting point.

a) This newsgroup is about Windows web servers. Your question is off-
topic.

b) What makes you think there is spyware in Windows XP?

In article <Xns961571E1F1DEnilch1@216.196.97.136>,
Nil <rednoise@REMOVETHIScomcast.net> wrote:
:a) This newsgroup is about Windows web servers. Your question is off-
:topic.

Recheck the Newsgroups: header. You will find that the message was
cross-posted, so there is no single 'this' for 'this newsgroup'.

I agree that the message appeared to be off-topic for the newsgroup
comp.infosystems.www.servers.ms-windows but it was on-topic for
"this" newsgroup, comp.security.misc .
--
Warning: potentially contains traces of nuts.

On 10 Mar 2005, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in
news:d0pvgl$8i2$1@canopus.cc.umanitoba.ca:

> Recheck the Newsgroups: header. You will find that the message was
> cross-posted, so there is no single 'this' for 'this newsgroup'.

I realize that. My point is that it didn't need to be cross-posted to
comp.infosystems.www.servers.ms-windows in the first place.

While watching a generic (vanilla) XP machine on a network, I haven't
seen it try to phone home while it sits there idle.

I assume that's what you meant.

Mark Turpin

"mark h turpin @ gmail com" <mark.h.turpin@gmail.com> wrote in message
news:1110491172.307155.213520@g14g2000cwa.googlegr oups.com...
> While watching a generic (vanilla) XP machine on a network, I haven't
> seen it try to phone home while it sits there idle.

hmmm ... I have ... but not really spyware.

The first thing I noticed was it calls a windows time server by default.
You can change the timeserver it looks for, but by default it is
time.windows.com or something like that.

Although it does it at a leisurely pace so I've never caught it,
WindowsUpdate obviously must phone home if you have automatic update turned
on.

Also, it broadcasts to your LAN looking for file shares if you have file and
print server turned on.

So while there are plenty of packets coming out, I haven't noticed anything
particularly nefarious.

On the other hand, almost every piece of application software anymore tries
to call back home for whatever.

...

Nil wrote:

> On 10 Mar 2005, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in
> news:d0pvgl$8i2$1@canopus.cc.umanitoba.ca:
>
>> Recheck the Newsgroups: header. You will find that the message was
>> cross-posted, so there is no single 'this' for 'this newsgroup'.
>
> I realize that. My point is that it didn't need to be cross-posted to
> comp.infosystems.www.servers.ms-windows in the first place.

I disagree. He is asking a question about windows. So back off...

Michael

On Sun, 13 Mar 2005, Michael J. Pelletier wrote:

> Nil wrote:
>
> > On 10 Mar 2005, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in
> > news:d0pvgl$8i2$1@canopus.cc.umanitoba.ca:
> >
> >> Recheck the Newsgroups: header. You will find that the message was
> >> cross-posted, so there is no single 'this' for 'this newsgroup'.
> >
> > I realize that. My point is that it didn't need to be cross-posted to
> > comp.infosystems.www.servers.ms-windows in the first place.
>
> I disagree.

Welcome to usenet. But you're still wrong.

> He is asking a question about windows.

Since when was every question about Windows security of any relevance
to a group on the "WWW servers" hierarchy? (hint: that's a rhetorical
question).

> So back off...

So plonk...

Nil wrote:

> On 10 Mar 2005, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in
> news:d0pvgl$8i2$1@canopus.cc.umanitoba.ca:
>
>
>>Recheck the Newsgroups: header. You will find that the message was
>>cross-posted, so there is no single 'this' for 'this newsgroup'.
>
>
> I realize that. My point is that it didn't need to be cross-posted to
> comp.infosystems.www.servers.ms-windows in the first place.

And neither did your reaction need to be cross-posted to
comp.security.misc...

;-)