I know from reading the EULA, and from cases such as Winamp, that
Microsoft have the power to 1) find out what is on my XP machine and
how I use it, and 2) 'maitain' it remotely, as for instance removing
the JVM.
A) Can someone tell me how they do that? Which ports and DLL's do they use?
B) Can I detect when this happens (inbound and outbound)?
C) Can I prevent it from happening (inbound and outbound)? by using an
external (or possibly a non-Microsoft internal) Firewall or like
product?
[I need to allow some applications (such as Mozilla) access to the internet.
I cannot just block all internet access, or I would just unplug the
cable to the modem]
But even if I only run Mozilla, how can I ensure that some hidden
piece of WinXP itself is not talking on the Internet?

Yes, MS can according to the XP EULA do all sorts of stuff to your
computer.  A.  They don't.
B.  Use a firewall that logs, or other network monitoring / sniffing
device (or software)
C.  Yes.  Also by unplugging your computer from the internet, or even
more thorough, the wall.

In general though, unbunch your panties.  You'll live longer.

Get this program , freeware, it will block any and all MS 'spytools'

http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26

I concur with djlarsu.

Your concerns suggest strongly that you should be using personal
firewall software, the most popular of which is Zone Alarm:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zaskulist_download

Keep those panties right where they are! Blatant invasions of privacy
in the name of "helping" you or "updating" you are not something you
should just accept. I don't want my car discussing where I drive, I
don't want my stove reporting what I eat, I don't want my camera
sending off photos without me, and I don't want my computer constantly
discussing what I have and do with unknown persons and programs. I'm
not willing to simply accept "Oh, we won't do anything bad" and you
shouldn't either. By collecting *any* information without your express
consent, they have already violated your privacy, regardless of what
they do with what they  collect. By all means, get your panties in a
bunch about spyware!

- Hammer

To:

Hammer:
My feelings exactly!

Others:
I do use a personal firewall. However I have to tell the firewall to
allow IE or Outlook or Mozilla access to the net. If MS have
incorporated into the XP IP stack certain 'backdoors' a firewall will
not help me.

MS Astroturfers:
Nice try, but I still don't trust you. And my panties are fine.

1) Another solution is to avoid the EULA by avoiding Windows. You can
choose from a wide variety of perfectly reasonable alternatives. The
best known is probably Linux (in various distributions from any many
sources -- Red Hat (Fedora, now), SUSE (now with big co support),
Mandrake are probably best known, Knoppix runs a full distribution
right from the CD without changing anything on your harddrive if you
want to experiment a little, NSA even has a Linux distribution if you
want to go with the very most secure and believe NSA), FreeBSD,
NetBSD, and OpenBSD in various flavors, the MacOS X in by now several
releases, ... BeOS is available in an open source release if I
understand correctly. There are Win emulators available for most of
these, and one or more will let you run the Win applications you just
have to have in a safer and less snoopable environment.

2) Or use something other than IE, to make M$' attempts a bit harder.
And disable all Java, Javascript, ActiveX downloads and all plugins,
whatever browser you use. Do you really know, or have any way of
finding out what any of them ACTUALLY does?

3) An old x86 machine will run one of the 'Linux router' distributions
and you can set to do a proxy interface for the ports and protocols
you need. Set up private IP addrs for the machines you don't want M$
to be able to snoop, and shut down all ports and services you don't
explicitly understand and need. None of, "well I'm not sure what this
is, but I'll leave it open because that's the way things seem to want
to be". Set your firewall to prohibit all outgoing traffic except what
you want to send and tell your browser (a non M$ sort) not to send
anything w/o prior approval.

Legally, you don't have much of a leg to stand on as long as
shrinkwrap licenses are valid and there are no privacy laws with any
teeth. The EU does a little better in this last respect. Move to
France?

Or drop back to something like OS-9 (6809 emulators are available for
MS-DOS and **ixen of various types).

Best wishes to another '9er.

Hi-wwg
Yeah, OS9-6809 was a lot of fun. Lots of advanced features that are
only now being implemented routinely in OS's even Linux, 20+ years
later. Memory modules, loadable and unloadable drivers, record locking
file systems, etc.
And all in 8 bits too. I had a lot of fun writing the very first OS9
'freeware', XCOM9 and other stuff.

Re the XP choices. I know most of that, and I am slowly and painfully
making the transition to Linux. But it aint easy and it aint cheap.
The distros are full of bugs, and the level of support is nowhere near
what the OSS advocates would have you believe it is.
I try to explain to them that not every driver wants to be a mechanic,
and not every user wants to be a sysadmin or kernel hacker, but they
don't get the message.
As for 'alternatives to windows programs' what would you use as an
alternative to Adobe GoLive? or the sound edititing software from
SoundForge or Magix ACL?
I am not going to try to get WINE or LINDOWS running on top of LINUX
so I can run GoLive on top of that. It would use up way to much of my
time to debug THAT configuration.
-----
I dont use IE anymore, but if MS have code in the OS that is TCP/IP
aware, and is a sort of 'back orrifice' then eschewing IE, and even
putting in a firewall like MacAffee will not help. That is why I would
like to know if anyone has details on how this is done. Which ports
does it use? Which DLL does it use?
etc. MS claim that IE is wired in to the OS, so even if I do not use
IE, it does not mean the 'guts' of IE are not installed and running.
-----

pgmr6809, 

I just noticed your reaction to my comment. Sorry it's taken so long.
I regret to say that I must disagree with you in some respects. It is
not possible, at the current state of the computer software/hardware
art, to avoid system administration. Someone must mind these machines,
for we don't know how to build ones that don't need minding.
Accordingly, your lament that 'OSS is not so carefree ...' is
misplaced. Even if you don't want to be a mechanic (in some sense)
there is no way to free you (or someone) from having to do so; unless
you believe in fairies or some such. M$ has been teaching a very
sleazy lesson (albeit one commercially motivated -- I'm not a fan of
the hidden conspiracies account) that 'everything's easy if only you
do it our way'. Well if they aren't able to deliver, we (you and I and
Fred over there) have been so secuded by the idea that we look
somewhere else to find a proper vendor of all that wonderful stuff M$
(and the others, they're not uniquely at fault here, just the most
successfull wool pullers) has been promising. It's a thoroughly
noxious chain of consequence taking advantage of our willingness to
believe in the Wizard (or Oz or Redmond, doesn't much matter), and
unwillingness to take heed of those who tell us not to pay any
attention to the fellow behind the curtain over there.

There is no way to prevent M$ or any vendor from doing stuff behind
your back, ie shipping off information you didn't want to give up.
Given the steagnographic possibilities, even byte by byte inspection
of everything output onto the net from your machine will not be
sufficient. OSS does at least offer the possibility (to the
'mechanics' only, I'm afraid) of checking the softwae at the most
fundamental level and so dodging the most egregious of the
surreptitious information suckers.

I think the lesson from all of this for those who want to get
something done albeit more securely than the stuff being loudly touted
seems to be able to manage, is to lower expectations, drop back from
the bleeding edge of the state of the art, plug one's ears against the
commercial Sirens, and act as intelligently as you can manage. If you
don't need to enable some IP service on your machine, disable it. Stay
away from software (and software producers) with dismal security
records and whose EULA's claim the world at your potential expense. If
you put security high (or even first) there are some things you Should
Not Be Doing (ftp servers, running IE or any IE code, ...). I see no
way out of this, regrettably.

OSS is not a panacea, just the best our species can do at present. And
it is not effortless, but the idea that there is anything out there
even remotely approaching effortless is a will-o-the-wisp which is
overwhelmingly likely to cause heartache, privacy loss, and, most
likely, considerable lossage as it becomes necessary to do over what
there wasn't time or inclination to do as well as possible the first
time.

Not a cheery prospect, which I personally regret. But then I've been
taken in by the hair restoration quacks over and over again, so who am
I to talk?

Best wishes.