sa.windows.com?!

[MickKi]

Hi,

I've noticed that when I do a search for a file on Windows Explorer (on my
C:\ drive) it tries to communicate using TCP with sa.windows.com on port
80. It seems that Explorer tries to communicate when I open a Search
window, when I make an entry in the search field and when the search
completes.

Who wants to know what files I am searching for, on *my* machine and
whether I found them? Is this a legitimate program function?

Any suggestions?

Regards,

Mick

 

[David H. Lipman]

OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: DNS1.CP.MSFT.NET
NameServer: DNS2.CP.MSFT.NET
NameServer: DNS1.TK.MSFT.NET
NameServer: DNS1.DC.MSFT.NET
NameServer: DNS1.SJ.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2002-12-05

TechHandle: ZM39-ARIN
TechName: Microsoft
TechPhone: +1-425-936-4200
TechEmail: (e-mail address removed)

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: (e-mail address removed)

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2003-12-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.




| Hi,
|
| I've noticed that when I do a search for a file on Windows Explorer (on my
| C:\ drive) it tries to communicate using TCP with sa.windows.com on port
| 80. It seems that Explorer tries to communicate when I open a Search
| window, when I make an entry in the search field and when the search
| completes.
|
| Who wants to know what files I am searching for, on *my* machine and
| whether I found them? Is this a legitimate program function?
|
| Any suggestions?
|
| Regards,
|
| Mick
| --
| Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

 

[MickKi]

Thanks David,

OrgName: Microsoft Corp

[snip]

Yes, of course, but don't we have the right to use our machines as we
desire (inc. the odd search for a system file) *without* reporting it to
Redmond? If they are dying to find out, shouldn't they ask for it
formally? I admit that I have not read closely the small print, other than
the disclaimer that whatever M$ have sold me may not do what I expect it
to do, or what they say it should do! Go figure . . .

Regards,

Mick

 

[David H. Lipman]

How do you think the PC knows there are Critical Updates ?

It communicates back with its home and determines if, based upon your setup, there are
updates that your PC needs.

Dave



| Thanks David,
|
| On Sun, 07 Dec 2003 18:24:50 GMT, David H. Lipman
|
| > OrgName: Microsoft Corp
|
| [snip]
|
| Yes, of course, but don't we have the right to use our machines as we
| desire (inc. the odd search for a system file) *without* reporting it to
| Redmond? If they are dying to find out, shouldn't they ask for it
| formally? I admit that I have not read closely the small print, other than
| the disclaimer that whatever M$ have sold me may not do what I expect it
| to do, or what they say it should do! Go figure . . .
|
| Regards,
|
| Mick
| --
| Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

 

[James Egan]

How do you think the PC knows there are Critical Updates ?

It communicates back with its home and determines if, based upon your setup, there are
updates that your PC needs.

Since when did searching for files on your local hard disk trigger a
windows update?


Jim.

 

[David H. Lipman]

James:

You are correct. However, that was what the OP might have "interpreted" and is not
necessarily what happened. It could be a mere coincidence. One way to find out is to use
TCPView (http://www.sysinternals.com/) and see what program actually opened port 80. It
couldn't have tried to connect to search.msn.com as that has a different IP.

Do you a better idea James ?

Dave



| On Sun, 07 Dec 2003 19:01:31 GMT, "David H. Lipman"
|
| >How do you think the PC knows there are Critical Updates ?
| >
| >It communicates back with its home and determines if, based upon your setup, there are
| >updates that your PC needs.
|
| Since when did searching for files on your local hard disk trigger a
| windows update?
|
|
| Jim.
|

 

[MickKi]

Hi,

On Sun, 07 Dec 2003 19:58:36 GMT, David H. Lipman

[snip]>

Dave



| On Sun, 07 Dec 2003 19:01:31 GMT, "David H. Lipman"
|
| >How do you think the PC knows there are Critical Updates ?
| >
| >It communicates back with its home and determines if, based upon your
setup, there are
| >updates that your PC needs.

The Windoze Updates affair happens through svchost.exe also using TCP to
207.46.249.57 and wustat.windows.com both on port 80. It's triggered by
the OS rather than the explorer interface AFAIK.

| Since when did searching for files on your local hard disk trigger a
| windows update?

Well, *never*? ;o)

If I remember correctly the Windoze Explorer always sought access to the
Internet. Unless triggered by a deliberate action of mine (i.e. because I
launched a certain application), I used to block it using the firewall.
I've now confirmed that it does so specifically when I do a search
recently (say less than a week ago) after I've installed Safety System
Monitor.

Regards,

Mick

 

[James Egan]

If I remember correctly the Windoze Explorer always sought access to the
Internet. Unless triggered by a deliberate action of mine (i.e. because I
launched a certain application), I used to block it using the firewall.
I've now confirmed that it does so specifically when I do a search
recently (say less than a week ago) after I've installed Safety System
Monitor.

I've seen zonealarm ask for permission for windows explorer to access
the Internet before but I've never seen it linked to searching disks.


Jim.

 

[James Egan]

You are correct. However, that was what the OP might have "interpreted" and is not
necessarily what happened. It could be a mere coincidence. One way to find out is to use
TCPView (http://www.sysinternals.com/) and see what program actually opened port 80. It
couldn't have tried to connect to search.msn.com as that has a different IP.

Do you a better idea James ?

The System Safety Monitor he is using seems quite a good package for
this purpose judging from its write up.


Jim.

 

[David W. Hodgins]

Yes, of course, but don't we have the right to use our machines as we
desire (inc. the odd search for a system file) *without* reporting it to

You haven't read up on "trusted computing" yet, have you? See
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Redmond? If they are dying to find out, shouldn't they ask for it
formally? I admit that I have not read closely the small print, other than

Probably only one in a thousand might agree. They don't want their users
to think, about what they could do, with such access and control.

the disclaimer that whatever M$ have sold me may not do what I expect it

~~~~
licensed, not sold

to do, or what they say it should do! Go figure . . .

They don't say, what it does, so how can it be doing something other then
what they say.

If you'd like to see M$'s privacy stmt regarding the "search companion",
see http://sa.windows.com/privacy/

Regards, Dave Hodgins

 

[MickKi]

Thanks!

You haven't read up on "trusted computing" yet, have you? See
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Wow! I had no idea . . . thank you for letting me know (Linux here I come!
;-)

If you'd like to see M$'s privacy stmt regarding the "search companion",
see http://sa.windows.com/privacy/

Yes I know, but since I don't trust their 'innocuous' spyware I had mine
switched to "classic".

Regards,

Mick