The spying & spending practices of Microsoft.
Has Microsoft learned from its mistakes? (4th revision !)
I used to think Microsoft is arrogant, but I was wrong, they are just stupid and ignorant:
Microsoft does not have the faintest idea of what their customers value and really want in their products, although this is in fact quite obvious!
Windows 98 and later,
Somewhere in the 2nd half of the 1990's I started to wonder about what MSN & IE & XP
with loadqm.exe & loadwc.exe are doing,
when I noticed my internet connection was very slow and my connection monitor showed
things I did not understand. I found that the programs on my daughters pc, loadqm and loadwc,
were receiving enormous amounts of data and I started to wonder if it was some sort of
trojan or virus being active on her machine.
What I did to have the enormous data transfers:
I installed MSN for my 15 year old daughter on her pc, who has quite a lot of friends living
far away from us who she likes being in contact with and MSN is popular among these youngsters.
I later downloaded mmsetup.exe for MSN and installed it. After a bit of internet searching
and my own personal searching, here is what I found:
Loadqm.exe and loadwc.exe are indeed delivered with MSN and other programs
as InternetExplorer IE, Windows XP, Frontpage, Mediaplayer and even more
programs of Microsoft corporation,
which installs these files and add entries in the registry for run at boot !!!
I took MSN as an example to investigate.
If you open the MSN setup program (mmssetup.exe) with WinZip, you will notice
that it contains a file called Qmgr.cab.
Qmgr.cab itself contains QMGR.DLL, QMGRPRXY.DLL, PROGDL.DLL
and LOADQM.EXE. InternetExplorer and some other programs contain LOADWC.EXE.
Loadqm.exe and/or loadwc.exe are loaded into memory
at boot and stay there consistantly
during the whole computer session, taking some of your memory and slowing down your
pc's performance. Check if one or more of these programs are loaded into your pc's memory
by pressing Ctrl+Alt+Del together and check the list that will appear of loaded memory resident programs.
Decide if you want to stop one of these programs running.
Check the Windows "help" or "manual" or "resource kit" or "technet" for more information.
Then I decided to sniff on my network interface to see what it was going on there.
You can understand I feared a virus or trojan. At first I have found nothing really malicious with it.
All it does is contact: 184.108.40.206, windowsupdate.microsoft.com or
update.microsoft.com (HTTP) to get a file called IDENT.CAB which seems to contain
code signing certificates and other MSN (or IE) version information.
(request GET /ident.cab HTTP/1.1). A cookie is involved in that transaction.
(The cookie I found on my machine contains:
microsoft.com/ 1024 4129511424 29591931 2941329312 29455303. Some more cookies were
existing with the 220.127.116.11 IP-address in it and url: svcs.microsoft.com).
It then looks for the drizzle file with: "HEAD /qmgr/rel1083.11/x86/wxp/nl/drizzle.cab HTTP/1.1"
and receives back: "HTTP/1.1 404 Object Not Found"
Apparently, if your MSN is out of date, it makes a standard DNS query to find a download
site and gets the updated MSN version via (in my particular case) it was from the site
a767.ms.akamai.net and/or 18.104.22.168 with the request:
HTTP/1.1" The download now starts and the download is 2 to 5 Mega bytes in size.
(note that I made several sniffings and the download site varies from one time to another).
As you can see the transaction uses information from your pc to know which OS and in
which language the OS is running, and probably more and less trivial info?
The file mmssetup.exe was stored in my Windows\temp directory, (but it can be found in
the temp-directory when windows is setup in a custom way with a different temp-path in the registry).
I kept sniffing until the end of the download and everything stopped after the last packet of the file.
Then the install part of the download got active and installed the update
right after the next boot, bootprocedures extended that way,
it then is quite a wait to get the machine booted.
Then after the second boot it started with the first GET /ident.cab (and got it),
followed by the HEAD "/qmgr/rel1083.11/x86/wxp/nl/drizzle.cab HTTP/1.1" which received back
the "HTTP/1.1 404 Object Found" and stopped at that point which is confirming that it makes
some version checking and stops because my MSN is now up to date.
My conclusion is that loadqm & loadwc indeed are a kind of auto-update engine that checks for the latest
version of MSN and IE and they download the update if you are not up to date and this all
happens BEHIND your back, whether you want it or not. I do not think it makes any direct
serious harm to your system at first, although Microsoft collects quite some information from your
system without your knowledge and you not knowing what they do with this information,
on second thought one can imagine harmfull use and/or even misuse of personal data.
I do think it is some sort of spying like spyware does. Fact is that its done without your approval.
This behaviour in itself has lead to serious security issues concerning Microsoft software
in the past years, several security experts like Steve Gibson have pointed out these
security issues to Microsoft. Microsoft did not answer a single question about this issue.
As an example one can ask if it 's "good customer care" when installing Windows XP
and after installation the usual checking for security updates,
finding that 55 (fifty five!) security update files must be downloaded and installed,
let alone the other program and driver updates..... There must be something wrong here.
The fact that Microsoft is not willing to discuss this matter is suspicious in itself.
Besides the fact that Microsoft is collecting information / spying and many people do
not want / know this, Microsoft is apparently not aware of the fact that we have to pay for
every byte that we down- and upload from or to our system. Several Mb's weekly is
quite a bill on yearly basis that we have to pay on behalf of Microsoft practices.
We have to pay for a belief of Microsoft without Microsoft asking us what we think about it.
This is the beginning of companies spending OUR money WITHOUT our knowledge.
I oppose to these practices and have taken precautions to avoid Microsoft and any other
software doing this. Now I have spent my money on buying an internet router rather than
on 100's of Mb's of unwanted software behind my back. You should all be aware of this.
Microsoft is offending my privacy:
1. MSN & IE (& XP) NOT TELLING us in clear language that it installs auto-updates
2. MSN & IE (& XP) auto-downloading the stuff BEHIND our back
3. Why not check, ASK and then (if we accept), download the stuff (or not)
4. A clear option in MSN & IE (& XP) to fully enable and disable this auto-update feature all-together,
thats what I want!
5. Microsoft is gathering information about us behind our backs.
6. Microsoft, once again, makes decisions for its users without informing or warning them !
Typical arrogant behaviour of Microsoft !!!
7. Microsoft is spending OUR money and our time, without our knowledge and approval by auto-downloading stuff.
As if Microsoft is not aware of the fact that we have to pay for downloading and uploading.
Note: DSL routers are quite
cheap today and of high quality, they offer more than only routing,
they can make your internet connection safer, so they are really worth consideration.
My internet router now blocks the spying & spending practices
of Microsoft as you can see below in the routers logfile:
17|Tue Sep 3 20:26:19 2002 |192.168.0.4 | FORWARD |www.stat.unimaas.nl
33|Tue Sep 3 19:07:32 2002 |192.168.0.5 | FORWARD |www.hilberink.nl
36|Tue Sep 3 18:58:07 2002 |192.168.0.5 | FORWARD |www.google.com
41|Tue Sep 3 18:42:18 2002 |192.168.0.2 | BLOCK |www.msn.com
26|Tue Sep 3 18:25:10 2002 |192.168.0.3 | BLOCK |22.214.171.124 (Microsoft)
14|Tue Sep 3 16:55:50 2002 |192.168.0.4 | BLOCK |svcs.microsoft.com
12|Tue Sep 3 15:21:48 2002 |192.168.0.3 | BLOCK |www.update.microsoft.com
Microsoft has made these download-executables quite persistant in their behaviour, since
I blocked the sites of Microsoft, (and I think you should do so too), loadqm.exe/loadwc.exe keeps
on trying to contact these sites (and try to start a download) with a persistance of a whole evening, several
hundreds of tries, causing quite some network load on my LAN as one can see in the logfiles of my router.
Below I show you a part of this logfile made by my router.
51|Tue Sep 3 17:19:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
52|Tue Sep 3 17:20:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
53|Tue Sep 3 17:23:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
55|Tue Sep 3 17:24:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
56|Tue Sep 3 17:25:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
57|Tue Sep 3 17:26:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
58|Tue Sep 3 17:26:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
59|Tue Sep 3 17:27:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
60|Tue Sep 3 17:28:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
61|Tue Sep 3 17:29:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
62|Tue Sep 3 17:30:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
63|Tue Sep 3 17:31:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
64|Tue Sep 3 17:32:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
67|Tue Sep 3 17:33:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
68|Tue Sep 3 17:34:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
69|Tue Sep 3 17:35:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
71|Tue Sep 3 17:37:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
72|Tue Sep 3 17:38:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
73|Tue Sep 3 17:39:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
74|Tue Sep 3 17:40:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
75|Tue Sep 3 17:41:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
76|Tue Sep 3 17:42:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
78|Tue Sep 3 17:43:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
79|Tue Sep 3 17:44:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
80|Tue Sep 3 17:45:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
81|Tue Sep 3 17:46:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
82|Tue Sep 3 17:47:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
84|Tue Sep 3 17:48:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
85|Tue Sep 3 17:49:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
86|Tue Sep 3 17:50:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
88|Tue Sep 3 17:51:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
89|Tue Sep 3 17:52:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
90|Tue Sep 3 17:53:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
91|Tue Sep 3 17:54:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
92|Tue Sep 3 17:55:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
93|Tue Sep 3 17:56:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
95|Tue Sep 3 17:57:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
96|Tue Sep 3 17:58:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
97|Tue Sep 3 17:59:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
98|Tue Sep 3 18:02:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
99|Tue Sep 3 18:03:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
101|Tue Sep 3 18:05:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
102|Tue Sep 3 18:06:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
103|Tue Sep 3 18:07:58 2002 |192.168.0.5 | BLOCK svcs.microsoft.com
So you have to keep track of the existance of these files on your system
and get rid of them every time they pop up again as MSN
is programmed in a way that it installs every time at boot these annoying files on your hard disk.
Below I show you how the killing of these files is done.
I made a simple BATCH-file, "deleteqm.bat" that deletes the files Qmgr.cab,
loadqm.exe, loadwc.exe every time at boot, see below for details.
The killing methods:
The batchfile "deleteqm.bat" looks like this. Copy and paste it in Wordpad or any other
text editor and make a call for this file in any BOOTFILE like the "AUTOEXEC.BAT"
file or your "startup" folder of Windows. Below also an example in MS DOS without the
use of an editor.
File creation with editor:
DOS file creation without editor:
C:> [ = prompt ]
copy con deleteqm.bat [ = file name ]
^Z [ = control key + z key ]
Now the file is created at c:\
Editing the registry (specially for XP users):
To kill the processes that initiate all these annoying
downloading activities you can also clean up
the registry of Windows (XP). In XP you can do this in the below screen, but remember this
is not sufficient to get rid of all the MSN annoyances.
Specially Windows XP with the integrated MSN is a real
annoyance to many users.
After having MSN switched off and stopped in the usual XP configuration section as shown above,
you can also get completely rid of Microsoft Messenger and the annoying logos and related MSN stuff,
just follow the steps below:
Goto the Start-button bottom left of your desktop,
goto start/execute, type in the textbox: [you can also copy and paste from here]
After that action:
Start the REGEDIT utility built in Windows (XP).
Click your RIGHT mouse button on it and in the window that appears choose: "New/DWORD-value".
Call this value: hide messenger [=the name that you have to give the value]
After that click on it with your RIGHT mouse button and type a new value in the value section: 2 [value=2]
Leave Regedit the common way so that the registry is saved. Reboot your system.
Microsoft Messenger stuff related to MSN are dead now.
You can also get little utilities from the internet to do the killing job of MSN and autodownload for you:
Look at: http://www.dougknox.com
Are you leaking information on your pc to the internet? Check
Steve Gibsons site:
Do the leaktest at: http://www.grc.com and keep your shields up in future!
Note: You should be aware of the
recently announced Microsoft intention to make its new OS (next after XP)
autoupdating without the posibility to let the user be able to switch off the autoupdating.
Success & good luck.
Questions: hans.hilberink(atà)hilberink.nl replace (at) for @, this is to block spam.
Suggestions made by
readers of this article:
Rob Thomassen has sent the following valuable addition:
To prevent LoadQM from starting just deselect it on the 'Start-up' tab of 'MSConfig' (Start > Run > 'MSConfig' [Enter]). This will stop Messenger/LoadQM from downloading enormous amounts of data, however it will bring back two minor annoyances:
- if you're connected to the internet by LAN (Cable or DSL modem) but still have a fax/modem installed, Messenger will also try this with the RNAAPP program. I've got the modem unplugged, so I don't know what will happen, but after a few minutes the RNAAPP porgram will temrinate itself.
- instead of downloading the update Messenger will now show a message at the taskbar saying there is an update ...
This all for Win98(SE), but will probalby also work in more or less the same kind of way on higher Win versions.
Also some other suggestions for sites to block (related to Messenger):
- svcs.microsoft.com -> messenger 'services'
- global.msads.net -> the ads that are shown at the bottom of the main Messenger window (it's also bandwith !)
- alerts.msn.com -> I don't want MS to 'alert' me ...
- rad.msn.com -> hmm ... forgot where this one was for ... but hey, Messenger is still working, so why not block it !
The next two block the extra tabs at the Messenger window:
Final tip: you don't need a router or firewall to block sites (although a firewall is always a good idea ...). In Win98 there is a sample file in the Win dir called HOSTS.SAM. If you remove the .SAM extension you will make this file operational. What it does ? It acts as a sort of Internet phone book. If the IP of some site is listed in here Windows won't ask a DNS but go directly to to the listed IP. If this exists ofcourse. So by adding the following line: "127.0.0.1 global.msads.net" you tell Windows that the MS ads can be found at 127.0.0.1 ... which happens to be your local IP! So no ads, and no bandwith loss anymore ! Ofcourse this also works for "127.0.0.1 ad.doubleclick.net", etc.
John, Nils, Frank have sent the following valuable addition:
- I installed Messenger and the "Zone Alarm" program alerted me to the
attempt of QMgr to access the internet.
Some other reasons to object to upgrades we have not asked for:
- the impact of a large download on smaller/older machines (I am running a pentium 150) with small discs (1.2 gig - it used to be
huge!) and a 56k modem connection.
- I never upgrade anything that works when I am in the middle of something with a deadline so I like to choose when - and have the
option to back up etc.
- in any case all installation procedures tell us to terminate all other running programs - I assume there is a reason for this. Would
these background activities give us the chance?
Windows XP and Vista
Microsoft has in the release notes of its latest version of
its Windows XP-SP2 Operating System, made it very clear that updating though
internet is becoming a common practise. I do not know if this is a preferable
development. I still have serious questions about this attitude of
Microsoft and other companies as you have read above, Microsoft has done nothing
to take away conserns of mine and many others.
In practise, Microsoft is having an active account on all your Windows XP (and later OS versions) pc's. Do you allow other companies to have an active account on your pc? Do you leave all your personal information on your pc free available to any company?
So this article stays the same topic as in at the time it was written.
Times have changed, so this article may have become outdated.
But for Microsoft since 2005 not much has changed, Microsoft is still offering
huge downloads for its products. Computers with a Microsoft OS and applications
of Microsoft installed suffer from the daily active auto update programs running
at background, making the computers unusable in some way during minutes to
hours. Many reboots are required and time loss for the user is the result.
More operating system designers started to think that this is the way to design.
To my opinion Microsoft is still missing the point. For an example the next little story shows exactly what I mean by this:
In 2008 I decided to upgrade a laptops OS from XP to Vista. The OS-upgrade took many hours. After Vista was running it kept on telling me that all kinds of upgrades were available. So I upgraded and installed over and over again, then SP1 makes its announcement in the upgrade program, telling me that it may take hours to install. Lets go for it I thought and started the SP1 installation. It took almost a working day! But now the remarkable thing happened: after finalizing the installation I had enough and wanted to shut down the laptop, guess what: it started to uninstall the SP1 at shut down without any warning or question, can you imagine that? Now I could start the whole procedure again, what a waste of time.
To my experience Windows XP is still, after 3 SP's and tons of upgrades: unsecure, unstable, sluggish.
Windows Vista is way better, although after 1 SP and tons of upgrades: it is still sluggish and slow and awkward with its UAC. Same goes for Windows 7.
And both suffer from a continuous stream of updates, that bring little to nothing at all, just a waste of time. Some weeks ago I had my new netbook installed with Windows 7 Ultimate: 338 updates! it took a day.
Then there is this other new issue: If you buy a netbook with
an Atom cpu, there is not much chance you end up with Windows Vista. You can get
a netbook with Windows XP or Linux preinstalled. Why? Well Intel and Microsoft
decided it was best for their interests and profits to refuse users preinstalled
Vista on netbooks. Only the HP netbook with a VIA cpu has Vista preinstalled.
Stupid behaviour of Microsoft and Intel. Windows XP sucks on a netbook, Linux
rocks and Windows 7 Ultimate is better, but version 'Starter' is awkward and the
tons and tons of updates are annoying. Same problem as with Windows Ultimate versions:
the best way to pay for a promise Microsoft never fulfills.
Postscript 2009: Levono, Asus and MSI produce the first netbooks on the world ignoring the directions of Intel and Microsoft and is offering an Atom equipped netbook with Vista and other features. Congratulations Levono, Asus and MSI!
Now, the end of may 2009, Microsoft tries to prevent the making of netbooks with SSD drives. Can you imagine that? Just for their own prophit. No other reason involved than the prophit of the Microsoft company. MSI has made a netbook already with a SSD drive in it The U115, its a great little notebook that works so fine. Buy one to support MSI and let Microsoft know they are WRONG, do not forget to buy it with Linux or install Linux yourself.
To my experience it is not too early to conclude that Microsoft still has learned nothing and still is the worst company on the world that offer poor products for a way too high price, and that my statement at the top of this article still is true and that this article is not outdated:
Microsoft still does not have the faintest idea of
what their customers value and really want in their products, although this is
in fact quite obvious!
This article is now (2014) part of the history of MS Windows, but still a nice read.
The todays common practise software update culture is part of our daily pc use?
The above was what I thought in 2013, until Windows 8 was released: Windows 8 is again an example of the stupidity of Microsoft, what a failure is that!!! Even after the release of Windows 8.1, I am still completely surprised!
Windows 8 is the biggest failure since the issue of the monthly updates of Windows! It has 2 two user interfaces that are sitting in eachothers way, its a complete mockup, unbelievable Microsoft did this! Unable to find my way in a more easy way than in Windows 7. Windows 8 is the most childish OS Microsoft ever issued. No user control, no easy way to handle, no improvement of Windows 7.
Windows 8 is full of hidden advertising without the users approval. Windows 8 is a complete privacy disaster!!!
All the things you do not want are in Windows 8, and I was hoping that it would be an improvement comparing to Windows 7. NO WAY!!! ITS A DISASTER.
Downloading over 220 updates after installing it takes 2, yes TWO DAYS to install!!! and then it tells me there are still 5 updates again waiting to install!!!
So now again this article is still not OUTDATED.
READ AND WONDER:
Monday june 1st 2015 and later: this article is still not OUTDATED. I did not believe what I saw:
Now I have to waste my time again to remove a Microsoft program that I did not ask for.
Incredible that Microsoft installs Windows 10 without asking, downloading 4 Gb to my laptop, blocking my internet connection, exeeding my max. download, slowing down my internet connection & laptop and after that taking many hours to do the actual installation, that does not work well after all: How stupid can you be........... Microsoft is the most stupid company I know.
I installed Windows 10 as curious as I am: the free version and later a version I had to pay for with more options built-in, after using both: I think its the most sloppy OS I have ever seen: sloppy, slow, inaccurate, a mess of apps, security issues, privacy issues.
And then I experienced people came to me for help with their computers: Microsoft is uploading Windows 10 without asking the user for permission, many people were not amused they had a extra windows icon on their screen and a slow pc and wanted to get rid of it. So I had to help many users of Windows 7 or 8 to get this uggly GWX icon & program & big download away. This is typical Microsoft way of pushing people into their money making concept all over the world: let people believe its free and better for them, while in fact its nothing of that at all: its only better for Microsoft.
Be aware of this:
Quote: From "early next year 2016",
Microsoft will change the status of the free Windows 10 upgrade so it is
classified as a Recommended Update.
Given that most home machines are set up to install Recommended Updates automatically, the change to Windows 10's update status will lead to most
Windows 7 and 8.1 machines beginning the upgrade.
BTW: This is prohibited by law in many countries. and then:
I just don't want Windows 10, is that so bad?
NO this article is NOT outdated after so many years.
Time to install Linux!