ED#118 : Spyware In Microsoft Windows 7
We just learned some troubling news about the recently-released anti-hack update for Windows 7 as well as the upcoming Microsoft Windows 7 Service Pack 1. From what we understand, this could also involve new updates for Windows Vista and Windows XP.
First of all, the new Windows 7 anti-hack update does more than just scan for anti-activation exploits. It also performs a simple heuristic-based scan of all storage media (hard disk drives, flash drives, etc.) in the system to detect potential "terrorism-related" materials. From the documents we have seen, this is how it works :
The anti-hack update will scan for anti-activation exploits, as it's meant to do.
However, it will remain in the background even after the computer has been verified to be using a genuine copy of Windows 7.
The update waits until the computer is "locked" by the user, or idle (no key presses or mouse movements) for at least 15 minutes.
It then initiates a heuristic-based scan of all storage media, pausing whenever interrupted by the user unlocking the computer, or activity like a key press or mouse movement.
If potential "terrorism-related" materials are found, the update transmits an encrypted alert including details on the materials found as well as system information, user details, and of course, the IP address.
If there is no Internet connectivity, the update will store the information and send it out once connectivity is re-established.
According to the document, the heuristic-based scan is a very simple one and is only intended to flag potential computers used by terrorists and collect information for further processing. It is not stated where the alerts ultimately go to, but they are most likely going to the NSA. It is also not stated whether the update will only scan the drives once, or do it on a regular basis.
For legal reasons, Microsoft has intentionally made this update optional, which is why it is not automatically selected when you check for new updates. By selecting the update, you would have agreed in principle to allow Microsoft to scan your computer. We highly recommend that you do NOT to install this update, even if you have a genuine Windows 7 licence. To learn more about this update, take a look at our article, Microsoft Silently Rolls Out Anti-Hack Update For Windows 7.
As far as we know, there is no way to know if the update has sent out, or is sending out, information on your computer. To be safe, just don't install the update. Unfortunately, we suspect that it is just a matter of time before your computer gets scanned. Why? Read on to find out...
Support Tech ARP!