Security for Home and SOHO Computer Users
Windows Update and other info traps

The Register states, "According to tecChannel, the information sent to Microsoft includes details of all the software installed in a machine, not only Microsoft applications."

NoW the other side of coin. It is stated by Shacknews that Windows Update has the capability to send software data but only sends hardware info back to Microsoft, at this time.

So Microsoft could know about every piece of software on your computer. Let's say you are diligent about security and take precautions; but, in this case, you've let the cat into the barn. Now, this does have interesting implications. Three guesses (does DRM mean anything to you?). So now Microsoft could know you have Turbo-tax or Star Office (oops, I mean MS Office) and Kazaa (blasphemy) and others. When the time comes, it will be so easy to target your computer. Microsoft does not admit to this, in my opinion, possible theft of information. It is nobody's business what software you have on your own computer, right? However, your privacy is being eroded daily.

On a slightly different note, let's say you are very aware and careful about the traps and vulnerabilities regarding surfing the internet. For those who aren't, there are explanations elsewhere at this site. Let me ask the question. Do you also use Windows Media Player, Shockwave Flash, Quicktime, Real One or other Real Networks software, or other net-capable surfing programs? If your answer is "yes", what do you think happens behind the scenes when you use them on the internet? Don't know?

Well, lots of information about you and your surfing habits are sent back to "big momma". Needless to say, most of these programs require cookies (what a surprise) and Javascript (surprise again). You are wide open. All of the above mentioned software has had at least one serious vulnerability exposed within the last three months. Isn't that reassuring? However, some programs send back very detailed info about you. Can you hide? No - The programs are going direct, not through a proxy (if you use one for normal browser surfing) so your IP address is exposed and used directly. If you are using NAT at least there is a very small measure of protection.

Just surfing to some of these sites is dangerous, from a security point of view. For instance, Real Networks tries to get all sorts of info from your computer, browser and plugins, including, it would seem, serial/reg numbers. Have a look at this screen cap (270k) of  their broken javascript web page. While you're at it, have a look at their nice cookie message (133k), oh yes. If you look back at the javascript example you will see mention of a cookie, and some of its content.

Surfing the internet means losing your privacy - unless you are extremely careful.

So, what is the answer? Well, one which comes to mind is using a 2nd computer just for general internet use. No work software on it or anything else. Enter garbage names and email addresses and have a ball. At least there is very little chance of identifing info being leaked out through the internet. If you do online banking or other secure transactions, then use your secure computer.

Another thought for folks with small home networks. Because WinXP likes to use TCP/IP so much for networking, and because it is difficult to setup proper filters for the computer for the Internet, and because XP want to share everything, a protocol which doesn't involve TCP might be good. Something like Netbeui (instruction link here or from MS here) or IPX. (Here is a blurb from MS, a good article about IPX is here, and then read this. Here is another excellent 2 page article on IPX). You'll hear positive and negative comments about each I'm sure. But, how much do you want to accidentally leak? The best part of Netbeui is that you don't need an IP address like you do with TCP/IP. Don't forget to use a router, which acts like a firewall, as well as, a firewall on each computer. If the router documentation says now you don't need a firewall, don't believe it. You still do.