Inside Windows-Update

von Mike Hartmann

Basic observations

Windows Update consists of a few HTML pages with a large amount of embedded Javascript code and a COM component. These building blocks are downloaded when a user opens the Windows Update URL

http://v4.windowsupdate.microsoft.com/default.asp

in Internet Explorer. The main task of the Javascript code, which is easy to analyze because its source code can be examined, is to interact with the user. The more interesting functionality is unfortunately hidden inside the COM component.

Encrypted: A network sniffer doesn't help finding out, what information is transmitted to Microsoft.

When the user selects to list the available updates, Windows Update does not only transfer data from the Microsoft server to the user's computer. A few kilobytes of data are also transfered in the opposite direction from the user's computer to the Microsoft server. This is what we are interested in, but unfortunately the data is transmitted through an encrypted SSL connection and therefore cannot be examined with a network packet analyzer.

Auf der nächsten Seite: A black box approach

Vorherige Seite

Seite 2 von 16

Nächste Seite

Inside Windows-Update
- Basic observations
- A black box approach
- The communication protocol
- Parameter: query
- Parameter: systemInfo

- The PID attribute
- The COM component
- GetSystemSpec
- The utility control.exe
- Conclusions
- Update: Sample HW-Config

Windows, update, microsoft, privacy

Inside Windows Product Activation
The current public discussion of Windows Product Activation (WPA) is characterized by uncertainty and speculation. In this ...

Bisherige Bewertungen

Wie bewerte ich?

Inside Windows-Update

Basic observations