On Wed, 23 Oct 2002 15:00:51 EDT, John Stracke <jstracke@centivinc.com> said: > That doesn't necessarily follow. I read a report (*) today that the > EULA for XP/SP1 and 2000/SP3 states that, if you use automatic updates, > you grant MS, and its designated agents, access to your "software > information"--which is vague enough to include any data on your system. So don't accept the EULA, and don't install SP/1 or SP/3. (Yes, I'm fully aware that failing to install patches has it's own set of issues, which I wholeheartedly invite you to discuss with the vendor, in detail). If you find that you "have to" run software such that you have to ban the machines from being able to contact the vendor's machines, it may be time to re-evaluate the choice of software. And my original point still stands - there's more than one IP address for the update servers, and if you're trying to block access to them, you'll have to check the DNS on a regular basis (at least once per TTL). At the moment, *my* view of 'windowsupdate.microsoft.com' is a CNAME that as of right now is a CNAME to windowsupdate.microsoft.nsatc.net, which has an IP address without a PTR entry somewhere in a hotmail.com zone. By the time you read this, it will likely be elsewhere. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00136.pgp
Description: PGP signature