It was a rumour a while back that Microsoft was tracking everyone who logged on to the Internet, presumably to further dominate the world with some type of 'big brother' control. Maybe they just want to track down people using 'pirated' MS software. Maybe they just wanted to try it just for fun, (we were all warned about computer geeks... Ed.)We did some digging, and asked some MS certified people what the deal was with this rumour. As can be expected, the denials were deafening. One person scoffed at the idea, pointing out that to log everyone on the net would require more hardware than even MS could possibly own. Another was more guarded, but did admit information could be gleaned from peoples' computers without them knowing. The very idea that they could do this is a little alarmist, and really can only be believed by the very paranoid and the conspiracy theorists, right? Wrong. Well, partly. There have been some interesting accusations toward MS and its apparent surveillance activities. Some of these appear to have substance. About six months ago a problem was acknowledged by Microsoft regarding a privacy issue with the Windows98 registration wizard.
The following is from Microsoft's own site (the address is listed below).

(Please note that all external hyperlinks will open in a new browser window, and by the time you read this some links may no longer be active).

Windows 98 Registration Wizard

Microsoft was notified late Friday about a potential privacy issue with the Windows 98 online registration process. While we are still investigating whether there is in fact an issue, I wanted to provide you with a brief update on the situation.

Microsoft offers customers the option of easily registering Windows 98 online via a feature in Windows 98 called the Registration Wizard. As many of you know, registered customers receive many benefits such as faster product support and notification of product updates.

The Registration Wizard – which was designed with user privacy in mind – allows customers to send hardware configuration information optionally to Microsoft to help speed their time on the phone during a product support call. The Registration Wizard allows customers to review all information that is sent to Microsoft, as well as giving them the option to not send hardware configuration information. Microsoft does not use this hardware information for any marketing or user tracking purposes.

Late Friday it was brought to our attention that the Windows 98 Registration Wizard might inadvertently be sending a specific hardware identifier to Microsoft during user registration, regardless of whether the user chose to send his or her hardware diagnostic information. This Hardware ID is only used by the software system and is not used for customer record keeping purposes. Nonetheless, there are hypothetical scenarios in which this number could be used to learn something about the user’s system without his or her knowledge. (Italics are added by us.......Ed.).

 http://www.microsoft.com/presspass/features/1999/03-08custletter.htm

Fair enough. Seems like an honest mistake anyone could make right? Maybe they don't pay those Microsoft coders enough money. OK, hopefully they got it right in Windows 98 SE. But what about the fact that it sends all that data to MS? They must store it, ostensibly for 'help' purposes (benevolent old Microsoft huh?...... Ed.) One wonders that if they retain it for 'help' purposes the database could easily be used for any other purpose they have in mind, perhaps the 'tracking' and 'marketing' they mention themselves above. Perhaps Microsoft a) think we are all a pack of idiots or, b) think that we love them so much that we could never imagine them doing anything bad. We at SYSK think that with the kind of money and power they wield they think they can do what they like. Who is going to stop them? You? Us? The government? We suspect there is more to this than meets the eye. Consider the following observations.

Ever try to go to microsoft.com with 'warn me before accepting a cookie' enabled on your browser? Get sick of allowing cookies to be sent? What are they all about? At one point we couldn't even access their site without cookies enabled, though this now appears to have been changed. So what are cookies and why do some web pages require them? Cookies are small 'scripts' or pieces of code that are 'planted' in your computer, often without you knowing about it (doesn't that bug you a little?..... Ed.) Web sites, like hotmail.com for example, like you to have cookies enabled so they can plant one in your machine. This enables the site to 'remember' that you have been there and save your login details, or password, for future ease of logging in. Ever been to a page you logged into before and it comes up with; 'Hi yourname, welcome back to Thissite.com?' Now, we don't know about you, but this makes us kind of nervous. Code planted in our machines without us knowing? Remembering vital login details? How far removed from this is a website knowing exactly what browser you use, what your colour preferences are, what resolution you run your screen at, what OS you are using, your processor information, what colour socks you have on (just kidding... Ed. (Brown, right?)), or any number of useful things about your computer, including the computer and company names. In fact, there are programs around that do this. They are called trackers, and tell webmasters all the juicy details about who is visiting their sites, and with what. The site that hosts our domain sends cookies to your computer. Why? We don't know, perhaps for tracking, perhaps for statistics. Mostly, cookies are harmless and unintrusive. But couple this with the rumours you hear about Microsoft and others, and we hear alarm bells going off. So can Microsoft tell what operating system you use? They sure can. Do they know if it is a legal copy? Well, maybe. If your friend loans you a disk, and you use his key to install it on your machine (shame on you ....Ed.), then you both have the same OEM number. If he has registered it with Microsoft, and you tried to register it too, then you will have the same number. This is a no-no. If Microsoft do indeed monitor the web, and you happen to be surfing into microsoft.com at the same time as your friend, isn't it conceivable that they plant a cookie and find that two computers share the same ID? I mean, if they can recall your last visit by remembering login details and other data why not your OEM number? Then it would be a simple matter for them to log all IP addresses and times of all computers with clashing OEM numbers. Any coder worth his/ her salt could write a program to do that in an hour. Then, the guys with dark sunglasses turn up on your doorstep with warrants and sour expressions, taking your computer and ruining an otherwise brilliant future. Well, maybe we are going a little overboard. This doesn't happen, so maybe all our speculation about Microsoft monitoring us is pure fiction. Or is it? Our advice is to buy a copy of all the software you use, then you don't have to worry about those men in black. Ooops, there's someone at the door.........

Consider also that a few months back someone found (one wonders how people find out these things...Ed.) that all documents created with Office 97, be it spreadsheets, word documents or whatever, contained a 30 digit individual serial number, which could be tracked by someone who knew what to look for. This presents some serious security issues, especially where someone may want to remain anonymous. More on this interesting phenomenon was found in a newsletter called CrackTalk, published by Terry Blount. We recommend that you subscribe to this excellent source of information. Here is an extract from the 18 march 99 issue.

Crack Talk 3-18-99

Windows 98 uses RegWiz to process your product registration form and submit it to a Microsoft server over the Internet. Two identification numbers are generated based on your PC configuration and the data you enter during registration. The first number, called the hardware identification number (HWID), can in most cases uniquely identify your computer. A second number, called the Microsoft ID (MSID), uniquely identifies a user and is placed in a browser cookie for access to services on Microsoft's Web site.

 http://www.winmag.com/news/1999/0301/0312a.htm

Microsoft Office software inserts IDs into each document a user creates. When Windows 98 users register the software Microsoft records the numbers that go with the user's name, address, phone number, and so forth. If you have registered Windows, the information you sent to Microsoft (name, address, telephone number) will be stored in your register and you can run regedit.exe and view it at this location:

HKEY_LOCAL_MACHINE\\Software\\Microsoft\\User Information

If you want to disable Microsoft's ability to track you when you visit web sites that are setup to transfer your unique numbers to a Microsoft database, you have to clean up your system. First, run the following command to disable REGWIZ so it cannot be used.

regsvr32.exe -u c:\\windows\\system\\regwizc.dll

You should see this message if you click on Start / Run ...then copy and paste that command then execute it:

DllUnrigsterdServer in c:\\windows\\system\\regwizc.dll succeeded.

Next, you can click Start / Run and execute regedit.exe and when it loads press F3 and type in MSID. When it finds the key just press the del key to delete it, then do the same for HWID. Next, you should also delete your browser's cookies files to remove any id number that has already been stored there. There is also a program called Gideon that will allow you to change or remove these ID numbers. I don't think the program removes the id numbers already stored in your browsers cookie file... but it can replace the GUID on all Office files in a given directory or drive. (Note: You may have to repeat this when you create new documents. I could not find info about how to prevent the numbers from going into new documents.)

 http://www.vecdev.com/guideon.html

My research into all this has lead me to the conclusion that it's NOT a good idea to use Microsoft Office to write a document that you rather not be traced back to you.

This extract was written by Terry Blount, editor of the excellent CrackTalk newsletter. You can subscribe to CrackTalk here , it is well worth your while.

So there we have it. You will have to make up your own mind about Microsoft's intrusion into our lives. Friends of ours over at www.egressive.com recommend throwing Windows out the window and using Linux. We cant help but agree sometimes. At least Linux wont try to give us all a serial number so we can be tracked by some evil master computer..... or will it?

Tried Linux? Read more about this slick operating system here.

If you know of any other security issues with any operating system (even Mac OS, though we all hear it is perfect... Ed.). then please submit them here and receive the admiration of all your friends, and maybe the men in black too.  

Secrets You Should Know. This site is intended for entertainment purposes only.