The German computer magazine CT analyzed the new Windows XP WGA Notification feature that is installed during Windows Update on XP systems to find out more about it.
The team decided to cancel the installation and immediately after doing so the firewall reported that update.exe tried to connect to the Internet. This caught their attention of course, and they decided to analyze the data that was sent after the connection was established.
They used Wireshark to analyze the traffic and found out that update.exe sends data to genuine.microsoft.com. Some of the data seems to be encrypted while some was not so that they were able to identify it.
It sends registry information, namely the SusClientID as well as information about the version of the WGA tool, the Windows operating system version, and the language of the operating system. It also sets a cookie which includes a GUID which can possibly be used to identify the computer.
Microsoft confirmed to the magazine that data is always transferred if the WGA Installation process is canceled, but that the data would only be used to optimize the service. The GUID in the cookie would only be used to count all attempts in the most thorough way possible, it would not be used to identify the host.
It is however questionable why Microsoft is not informing the user that data is transferred over the user's Internet connection, and that users can only find out about it if they have properly protected their system with a firewall or other means of security software.
One way to prevent this would be to either configure your firewall to block access to genuine.microsoft.com or add the following entry to your hosts file "127.0.0.1 genuine.microsoft.com". Note that doing so may prevent the download of certain programs that are protected by WGA or require its authentication.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.