People Companies Advertise Archives Contact Us Jason Dowdell

Main > Archives > 2005 > March > Microsoft Spyware Explained In More Detail

Tuesday, March 15, 2005

Microsoft Spyware Explained In More Detail

The previous post about the possibility of Microsoft spying on users running Windows XP and Windows Media Player was much less descriptive. Hopefully this one will give a little more detail for those of you who'd like to dig a bit deeper and determine whether it's a true violation of privacy or a misinterpretation of the codebase and files of WMP. Either way, you decide, this is out of my realm of expertise.


Hi, my name is Shane, and I found some MS gestappoware coding in a file I had in MS Windows Media Player. It had serveral terms in it, that I thought were "wrong" - in a "join the dots" logic.

DrmDescription
DrmLicense
law_association_area

I found this file when I was doing a search for a long lost document with the word "LAW" in it, and a list came up with a odd funny file that one would not expect to have that name or word in, for example (pretending) jcxk4.cmx (or something), and I have opened (an unopenable file) in notepad or in a hex text editor, and I went "Oh look what MS and it's DRM conjob is pulling..., not only is MS very covertly spying on one's own personal and private life, they are also reporting "what goes on in your personal and private life" to your neighborhood police.

MS also has a thing in Windows Media Player, that marks files and or directories as "_dirty_" using that word....(it's in the code in a file some where with references to the folder, in that format 'I recall'), to designate ones own MP3's (from ones own CD collection) - as being non official "purchased files", and it records that "discernment" as well, for you without your consent....

Here is the guts of the file, with some editing just for objectivity and size....

Property Set Property Friendly Name Data Type Cached Size Storage Level
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0xc
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0xd DocPartTitles
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0xe DocManager
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0xf DocCompany
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x8 DocNoteCount
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x9 DocHiddenCount
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x4 DocByteCount
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x5 DocLineCount
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x6 DocParaCount
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x7 DocSlideCount
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x2 DocCategory
d5cdd502-2e9c-101b-9397-08002b2cf9ae 0x3 DocPresentationTarget
d5cdd505-2e9c-101b-9397-08002b2cf9ae _pid_hlinks
d5cdd505-2e9c-101b-9397-08002b2cf9ae email
d5cdd505-2e9c-101b-9397-08002b2cf9ae vendor name
d5cdd505-2e9c-101b-9397-08002b2cf9ae nwversion
d5cdd505-2e9c-101b-9397-08002b2cf9ae company state
d5cdd505-2e9c-101b-9397-08002b2cf9ae purchase order number
d5cdd505-2e9c-101b-9397-08002b2cf9ae purchase order date
d5cdd505-2e9c-101b-9397-08002b2cf9ae _pid_guid
d5cdd505-2e9c-101b-9397-08002b2cf9ae employee number
d5cdd505-2e9c-101b-9397-08002b2cf9ae company fax
d5cdd505-2e9c-101b-9397-08002b2cf9ae customer name
d5cdd505-2e9c-101b-9397-08002b2cf9ae from
d5cdd505-2e9c-101b-9397-08002b2cf9ae sbfm version
d5cdd505-2e9c-101b-9397-08002b2cf9ae lcid
d5cdd505-2e9c-101b-9397-08002b2cf9ae company zip
d5cdd505-2e9c-101b-9397-08002b2cf9ae company address
d5cdd505-2e9c-101b-9397-08002b2cf9ae statement number
d5cdd505-2e9c-101b-9397-08002b2cf9ae total purchase order
d5cdd505-2e9c-101b-9397-08002b2cf9ae company phone
d5cdd505-2e9c-101b-9397-08002b2cf9ae invoice number
d5cdd505-2e9c-101b-9397-08002b2cf9ae total reimbursement/payment
d5cdd505-2e9c-101b-9397-08002b2cf9ae employee name
d5cdd505-2e9c-101b-9397-08002b2cf9ae version
d5cdd505-2e9c-101b-9397-08002b2cf9ae language
d5cdd505-2e9c-101b-9397-08002b2cf9ae to
d5cdd505-2e9c-101b-9397-08002b2cf9ae usedefaultlanguage
d5cdd505-2e9c-101b-9397-08002b2cf9ae total invoice
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x100000b
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x100000a
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000009
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000008
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x100000f
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x100000e
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x100000d
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x100000c
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000003
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000006
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000005
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000004
d5cdd505-2e9c-101b-9397-08002b2cf9ae company city
d5cdd505-2e9c-101b-9397-08002b2cf9ae 0x1000007
d5cdd505-2e9c-101b-9397-08002b2cf9ae microsoft theme
d5cdd505-2e9c-101b-9397-08002b2cf9ae company name
70eb7a10-55d9-11cf-b75b-00aa0051fe20 option.value
70eb7a10-55d9-11cf-b75b-00aa0051fe20 input.alt
70eb7a10-55d9-11cf-b75b-00aa0051fe20 img.alt Img_Alt
56a3372e-ce9c-11d2-9f0e-006097c686f6 0xb MusicGenre
56a3372e-ce9c-11d2-9f0e-006097c686f6 0xc
56a3372e-ce9c-11d2-9f0e-006097c686f6 0x2 MusicArtist
56a3372e-ce9c-11d2-9f0e-006097c686f6 0x4 MusicAlbum
56a3372e-ce9c-11d2-9f0e-006097c686f6 0x5 MusicYear
56a3372e-ce9c-11d2-9f0e-006097c686f6 0x7 MusicTrack
b725f130-47ef-101a-a5f1-02608c9eebac 0x2 Directory
b725f130-47ef-101a-a5f1-02608c9eebac 0x3 ClassId
b725f130-47ef-101a-a5f1-02608c9eebac 0x4
b725f130-47ef-101a-a5f1-02608c9eebac 0x5 VT_UI4 4 Primary
b725f130-47ef-101a-a5f1-02608c9eebac 0x6 VT_UI4 4 Primary
b725f130-47ef-101a-a5f1-02608c9eebac 0x7 VT_UI4 4 Primary
b725f130-47ef-101a-a5f1-02608c9eebac 0x8 FileIndex VT_UI8 8 Primary
b725f130-47ef-101a-a5f1-02608c9eebac 0x9 USN
b725f130-47ef-101a-a5f1-02608c9eebac 0xa Filename
b725f130-47ef-101a-a5f1-02608c9eebac 0xb Path VT_LPWSTR 86 Secondary
b725f130-47ef-101a-a5f1-02608c9eebac 0xc Size VT_I8 8 Secondary
b725f130-47ef-101a-a5f1-02608c9eebac 0xd Attrib VT_UI4 4 Primary
b725f130-47ef-101a-a5f1-02608c9eebac 0xe Write VT_FILETIME 8 Secondary
b725f130-47ef-101a-a5f1-02608c9eebac 0xf Create
b725f130-47ef-101a-a5f1-02608c9eebac 0x10 Access
b725f130-47ef-101a-a5f1-02608c9eebac 0x11
b725f130-47ef-101a-a5f1-02608c9eebac 0x12 AllocSize
b725f130-47ef-101a-a5f1-02608c9eebac 0x14 ShortFilename
6444048f-4c8b-11d1-8b70-080036b11a03 0xc ImageFrameCount
6444048f-4c8b-11d1-8b70-080036b11a03 0xd ImageDimensions
6444048f-4c8b-11d1-8b70-080036b11a03 0x4 ImageCy
6444048f-4c8b-11d1-8b70-080036b11a03 0x5 ImageResolutionX
6444048f-4c8b-11d1-8b70-080036b11a03 0x6 ImageResolutionY
6444048f-4c8b-11d1-8b70-080036b11a03 0x7 ImageBitDepth
6444048f-4c8b-11d1-8b70-080036b11a03 0x3 ImageCx
64440490-4c8b-11d1-8b70-080036b11a03 0x3 AudioTimeLength
64440490-4c8b-11d1-8b70-080036b11a03 0x2 AudioFormat
64440490-4c8b-11d1-8b70-080036b11a03 0x7 AudioChannelCount
64440490-4c8b-11d1-8b70-080036b11a03 0x6 AudioSampleSize
64440490-4c8b-11d1-8b70-080036b11a03 0x5 AudioSampleRate
64440490-4c8b-11d1-8b70-080036b11a03 0x4 AudioAvgDataRate
64440491-4c8b-11d1-8b70-080036b11a03 0xa VideoCompression
64440491-4c8b-11d1-8b70-080036b11a03 0x8 VideoDataRate
64440491-4c8b-11d1-8b70-080036b11a03 0x9 VideoSampleSize
64440491-4c8b-11d1-8b70-080036b11a03 0x2 VideoStreamName
64440491-4c8b-11d1-8b70-080036b11a03 0x6 VideoFrameRate
c82bf597-b831-11d0-b733-00aa00a1ebd2 td.background
c82bf597-b831-11d0-b733-00aa00a1ebd2 th.background
c82bf597-b831-11d0-b733-00aa00a1ebd2 link.href
c82bf597-b831-11d0-b733-00aa00a1ebd2 object.name
c82bf597-b831-11d0-b733-00aa00a1ebd2 body.background
c82bf597-b831-11d0-b733-00aa00a1ebd2 applet.codebase
c82bf597-b831-11d0-b733-00aa00a1ebd2 a.href A_Href
c82bf597-b831-11d0-b733-00aa00a1ebd2 link.stylesheet
c82bf597-b831-11d0-b733-00aa00a1ebd2 meta.url
c82bf597-b831-11d0-b733-00aa00a1ebd2 bgsound.src
c82bf597-b831-11d0-b733-00aa00a1ebd2 link.officechildlist
c82bf597-b831-11d0-b733-00aa00a1ebd2 frame.src
c82bf597-b831-11d0-b733-00aa00a1ebd2 object.codebase
c82bf597-b831-11d0-b733-00aa00a1ebd2 embed.src
c82bf597-b831-11d0-b733-00aa00a1ebd2 style
c82bf597-b831-11d0-b733-00aa00a1ebd2 img.usemap
c82bf597-b831-11d0-b733-00aa00a1ebd2 area.href
c82bf597-b831-11d0-b733-00aa00a1ebd2 script
c82bf597-b831-11d0-b733-00aa00a1ebd2 applet.code
c82bf597-b831-11d0-b733-00aa00a1ebd2 iframe.src
c82bf597-b831-11d0-b733-00aa00a1ebd2 input.src
c82bf597-b831-11d0-b733-00aa00a1ebd2 table.background
c82bf597-b831-11d0-b733-00aa00a1ebd2 img.src
560c36c0-503a-11cf-baa1-00004c752a9a 0x2 Characterization
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x11 DocThumbnail
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x10 DocCharCount
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x13 DocSecurity
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x12 DocAppName
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x9 DocRevNumber
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x8 DocLastAuthor
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0xb DocLastPrinted
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0xa DocEditTime
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0xd DocLastSavedTm
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0xc DocCreatedTm
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0xf DocWordCount
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0xe DocPageCount
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x3 DocSubject
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x2 DocTitle VT_LPWSTR 4 Secondary
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x5 DocKeywords
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x4 DocAuthor
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x7 DocTemplate
f29f85e0-4ff9-1068-ab91-08002b27b3d9 0x6 DocComments
aeac19e4-89ae-4508-b9b7-bb867abee2ed 0x3 DrmDescription
aeac19e4-89ae-4508-b9b7-bb867abee2ed 0x2 DrmLicense
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 classification
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 description
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 microsoft border
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 postcode
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 microsoft theme
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 created
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 pics-label
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 title
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 expires
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 law_association_area
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 originator
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.language
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.date.modified
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 state
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 robots
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 specialisation
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 content-type
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 crc
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.title
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 changedby
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 pragma
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 version
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.creator
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 progid
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 refresh
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 date
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.subject
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.type
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 generator
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.identifier
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 ahead software gmbh
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.rights
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 ms-haid
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 ms.locale
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.date.created
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 language code
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.description
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 documenten
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 rating
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 town
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 copyright
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 content-language
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 doccomm
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 changed
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.format
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 dc.publisher
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 formatter
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 agls.availability
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 meta1
d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 msthemecompatible

I can see that without getting hysterical, and less some 400+? plain code lines, that it has fairly deep range of data records on everything to do with the music, and the purchase, and the purchaser and so forth, which is all in one sense, good, to automate and record keep for ones own life but I am thinking, the issue of including the "law enforcement area" and "changed" and lots of other stuff on ones system that MS hides and uses to keep tabs on you, well... I think

a) it's hard to not roll in the shit without the mark of the beast beaing spread all over your personal and internet habits and activites, and

b) cross referencing this information with all that MS puts in it's operating systems and other organisations / agencies and so forth, it paints a pretty draconian and covert picture, when;

One just purchases software to perform a job, and not to spy on oneself; which rates on about -10 for Microsofts credibility, much like hiring a maid and she plants a spycam in your toilet, or a worker who comes to work for you, and she just steals company secrets.....

And it's not right, it goes beyond simple "service" and "function" to theft of data and band width, and it's an invasion of privacy.

I hope this "new revelation" spreads around the world like a pox on MS's face.

So there you have it.....

F--- MS.

Regards Shane.

By Jason Dowdell at 09:08 PM | Comments (2)

(2) Thoughts on Microsoft Spyware Explained In More Detail

These kinds of posts irritate me.
Your post is just plain ignorance.
A simple Google search on "d1b5d3f0-c0b3-11cf-9a92-00a0c908dbf1 ms.locale" for example will quickly return results that show this is simply the Indexing Service filtering the file. It doesn't report to Microsoft, and you can turn it off. Read up this stuff before you start crying:
http://msdn2.microsoft.com/en-us/library/ms692560.aspx

Comments by Peter : Wednesday, December 20, 2006 at 05:02 PM

Sorry Peter, I think you are the one who is ignorant. along with half of America. Get a grip. Shane has it pegged and it isnt paranoia. this has been coming down the path for awhile, and unfortunately only a few have the sense to see it.
We dont want to hear you crying when you figure it out that Big brother really is watching.

Comments by cheri raye : Saturday, May 12, 2007 at 11:23 PM

Post a Comment











Subscribe to Marketing Shift PostsSubscribe to The MarketingShift Feed