The Resident Geek: Tech Advice for Your Time, Tasks & Toys

I’m NOT in favor of software piracy. If you use software, you should pay for it, and I think software companies should use appropriate means to protect themselves. That said, Microsoft’s latest move in this arena is totally unacceptable. I’m talking about KB949810, pushed out in the latest raft of Windows updates in the USA.

The software installed by KB949810  has only one purpose: to collect personally identifiable information about you and your computer and send it to Microsoft. It does this over and over, and Microsoft does not support uninstalling it.

No, I’m not kidding.

The Tipoff

The first thing you should notice is that you have to accept an EULA for this update. That was what tipped me off. One of these updates was not like the others. I’m a little nerdy, and more than a little cautious, so I read the terms. Of course, I don’t have anything to fear from piracy checks… or do I? The terms of this update made me, a legal customer, VERY nervous; and, I won’t be installing the update any time soon. Here are the things I found that should concern you too.

Geographic and Other Personal Information

6. Computer Information. This supplement uses Internet protocols to send to Microsoft computer information, such as your Microsoft Office product key, IP address, hard drive serial number, PC manufacturer, Microsoft Office version, Microsoft Office product ID, PC BIOS information, user locale setting, language version of Microsoft Office, validation result, and whether the installation of this supplement was successful. Certain geographic information derived from your IP address, which Microsoft does not use to identify you, is retained in association with this computer information.

For those that don’t know, it is possible to “derive geographic information” which is accurate down to a few meters. Pure IP based geolocation is not this accurate, but if you combine wi-fi and/or GPS information it can easily become this accurate.

I’d also like to know why Microsoft thinks they need my HD serial number, or my BIOS information. To what end?

Without question this information identifies you and your location exactly. Notice also the use of the words “such as” which leaves everything open to gather whatever other information Microsoft wanted but didn’t specifically mention.

Updates Itself without Asking

3.a. To enable the validation checks, this supplement may from time to time require updates or additional downloads of its validation or licensing functions. The updates or downloads are required for the proper functioning of this supplement and may be downloaded and installed without further notice to you. These updates and downloads may be delivered to you through the Microsoft Update service (if you use the service) or through other means.

Automatic updates, cool. No, not so cool. This software is already highly invasive and sends a disturbing amount of information to Microsoft, regardless of the fact that I’m not a pirate. Now even more invasive updates could be installed without my permission, using any update method. No Microsoft. Not cool.

No Uninstalling?

2. PURPOSE OF SUPPLEMENT. THIS SUPPLEMENT UPDATES MICROSOFT OFFICE AND IS DESIGNED TO NOTIFY YOU IF YOU ARE USING AN IMPROPERLY LICENSED COPY OF MICROSOFT OFFICE XP, MICROSOFT OFFICE 2003, AND/OR MICROSOFT OFFICE 2007. TO EFFECTIVELY ENCOURAGE THE USE OF PROPERLY LICENSED SOFTWARE, MICROSOFT DOES NOT SUPPORT ITS UNINSTALLATION.

Are you KIDDING ME?!?!?! What if it messes up my computer? (And it can! see this support question.) What if I didn’t read the terms carefully, read a blog about it somewhere, and no longer want it? What if a WGA bug incorrectly flags me as a pirate? (Yup, that’s happened too, and not just occasionally. Google for WGA failure.)

Spyware, Pure and Simple

Microsoft claims that the personally identifiable information will not be used to identify or contact you, but why gather it then, or if it gets sent, why store it? They also claim that the purpose of the update is only to help customers know whether they are running genuine software, but again, if so, why collect and store such specific information?

I’m strongly in favor of reasonable measures to prevent software piracy, same as I’m in favor of passwords on user accounts and locks on doors. This, however, this is not a reasonable measure to prevent piracy.

This is spyware, pure and simple.

What to Do?

Get the Word Out

To dispell darkness, shine light on it. Get the truth out and encourage Microsoft to respond to it clearly, in the open. Tweet and retweet with the hashtags #spyware and #microsoft. Get it out on your social networks.

Removing the Update

Once before, for 24 hours, Microsoft “accidentally” pushed this update out to English speaking Windows Server users, so we can learn things from that incident. If you’ve already installed KB949810, word on the street points to a couple of solutions:

DISCLAIMER: WE HAVE NOT TESTED THESE SOLUTIONS OURSELVES. USE CAUTION AND BACK UP YOUR SYSTEM FIRST. USE AT YOUR OWN RISK.

1) A system rollback will supposedly reverse this update.

2) This CMD prompt will supposedly uninstall the update:

MsiExec.exe /uninstall {B148AB4B-C8FA-474B-B981-F2943C5B5BCD}

Let us know your experience. Did you get this update too? This will help us determine the full extent of the new push.

And don’t forget to get the word out using the social networks listed below!