On Wed, 23 Oct 2002 15:00:51 EDT, John Stracke
That doesn't necessarily follow. I read a report (*) today that the
EULA for XP/SP1 and 2000/SP3 states that, if you use automatic updates,
you grant MS, and its designated agents, access to your "software
information"--which is vague enough to include any data on your system.
So don't accept the EULA, and don't install SP/1 or SP/3. (Yes, I'm fully
aware that failing to install patches has it's own set of issues, which
I wholeheartedly invite you to discuss with the vendor, in detail).
If you find that you "have to" run software such that you have to ban the
machines from being able to contact the vendor's machines, it may be time to
re-evaluate the choice of software.
And my original point still stands - there's more than one IP address for
the update servers, and if you're trying to block access to them, you'll have
to check the DNS on a regular basis (at least once per TTL). At the moment,
*my* view of 'windowsupdate.microsoft.com' is a CNAME that as of right now
is a CNAME to windowsupdate.microsoft.nsatc.net, which has an IP address
without a PTR entry somewhere in a hotmail.com zone. By the time you read
this, it will likely be elsewhere.
Computer Systems Senior Engineer
Description: PGP signature