The spending & spying of Microsoft

The spying & spending practices of Microsoft.

or:

Has Microsoft learned from its mistakes? (2nd revision)

I used to think Microsoft is arrogant, but I was wrong, they are just stupid and ignorant:

Microsoft does not have the faintest idea of what their customers value and really want in their products, although this is in fact quite obvious!

The Problem:

Somewhere in the 2nd half of the 1990's I started to wonder about what MSN & IE & XP
with loadqm.exe & loadwc.exe are doing,
when I noticed my internet connection was very slow and my connection monitor showed
things I did not understand. I found that the programs on my daughters pc, loadqm and loadwc,
were receiving enormous amounts of data and I started to wonder if it was some sort of
trojan or virus being active on her machine.

What I did to have the enormous data transfers:

I installed MSN for my 15 year old daughter on her pc, who has quite a lot of friends living
far away from us who she likes being in contact with and MSN is popular among these youngsters.
I later downloaded mmsetup.exe for MSN and installed it. After a bit of internet searching
and my own personal searching, here is what I found:

Loadqm.exe and loadwc.exe are indeed delivered with MSN and other programs
as InternetExplorer IE, Windows XP, Frontpage, Mediaplayer and even more
programs of Microsoft corporation,
which installs these files and add entries in the registry for run at boot !!!
I took MSN as an example to investigate.

If you open the MSN setup program (mmssetup.exe) with WinZip, you will notice
that it contains a file called Qmgr.cab.
Qmgr.cab itself contains QMGR.DLL, QMGRPRXY.DLL, PROGDL.DLL
and LOADQM.EXE. InternetExplorer and some other programs contain LOADWC.EXE.

Loadqm.exe and/or loadwc.exe are loaded into memory at boot and stay there consistantly
during the whole computer session, taking some of your memory and slowing down your
pc's performance. Check if one or more of these programs are loaded into your pc's memory
by pressing Ctrl+Alt+Del together and check the list that will appear of loaded memory resident programs.
Decide if you want to stop one of these programs running.
Check the Windows "help" or "manual" or "resource kit" or "technet" for more information.

Then I decided to sniff on my network interface to see what it was going on there.
You can understand I feared a virus or trojan. At first I have found nothing really malicious with it.
All it does is contact: 195.130.132.84, windowsupdate.microsoft.com or
update.microsoft.com (HTTP) to get a file called IDENT.CAB which seems to contain
code signing certificates and other MSN (or IE) version information.
(request GET /ident.cab HTTP/1.1). A cookie is involved in that transaction.
(The cookie I found on my machine contains:
MC1V=3&LV=200111&HASH=136E&GUID=35506E132D3A49E68E78EDBC0EA8795D
microsoft.com/ 1024 4129511424 29591931 2941329312 29455303. Some more cookies were
existing with the 195.130.132.84 IP-address in it and url: svcs.microsoft.com).

It then looks for the drizzle file with: "HEAD /qmgr/rel1083.11/x86/wxp/nl/drizzle.cab HTTP/1.1"
and receives back: "HTTP/1.1 404 Object Not Found"

Apparently, if your MSN is out of date, it makes a standard DNS query to find a download
site and gets the updated MSN version via (in my particular case) it was from the site
a767.ms.akamai.net and/or 195.130.132.84 with the request:
"GET /download/msnmessenger/install/4.5/winxp/nl/mmssetup.exe
HTTP/1.1" The download now starts and the download is 2 to 5 Mega bytes in size.
(note that I made several sniffings and the download site varies from one time to another).
As you can see the transaction uses information from your pc to know which OS and in
which language the OS is running, and probably more and less trivial info?
The file mmssetup.exe was stored in my Windows\temp directory, (but it can be found in
the temp-directory when windows is setup in a custom way with a different temp-path in the registry).
I kept sniffing until the end of the download and everything stopped after the last packet of the file.
Then the install part of the download got active and installed the update
right after the next boot, bootprocedures extended that way,
it then is quite a wait to get the machine booted.

Then after the second boot it started with the first GET /ident.cab (and got it),
followed by the HEAD "/qmgr/rel1083.11/x86/wxp/nl/drizzle.cab HTTP/1.1" which received back
the "HTTP/1.1 404 Object Found" and stopped at that point which is confirming that it makes
some version checking and stops because my MSN is now up to date.

My conclusion is that loadqm & loadwc indeed are a kind of auto-update engine that checks for the latest
version of MSN and IE and they download the update if you are not up to date and this all
happens BEHIND your back, whether you want it or not. I do not think it makes any direct
serious harm to your system at first, although Microsoft collects quite some information from your
system without your knowledge and you not knowing what they do with this information,
on second thought one can imagine harmfull use and/or even misuse of personal data.
I do think it is some sort of spying like spyware does. Fact is that its done without your approval.
This behaviour in itself has lead to serious security issues concerning Microsoft software
in the past years, several security experts like Steve Gibson have pointed out these
security issues to Microsoft. Microsoft did not answer a single question about this issue.
As an example one can ask if it 's "good customer care" when installing Windows XP
and after installation the usual checking for security updates,
finding that 55 (fifty five!) security update files must be downloaded and installed,
let alone the other program and driver updates..... There must be something wrong here.
The fact that Microsoft is not willing to discuss this matter is suspicious in itself.

Besides the fact that Microsoft is collecting information / spying and many people do
not want / know this, Microsoft is apparently not aware of the fact that we have to pay for
every byte that we down- and upload from or to our system. Several Mb's weekly is
quite a bill on yearly basis that we have to pay on behalf of Microsoft practices.
We have to pay for a belief of Microsoft without Microsoft asking us what we think about it.
This is the beginning of companies spending OUR money WITHOUT our knowledge.
I oppose to these practices and have taken precautions to avoid Microsoft and any other
software doing this. Now I have spent my money on buying an internet router rather than
on 100's of Mb's of unwanted software behind my back. You should all be aware of this.

Microsoft is offending my privacy:

1. MSN & IE (& XP) NOT TELLING us in clear language that it installs auto-updates
2. MSN & IE (& XP) auto-downloading the stuff BEHIND our back
3. Why not check, ASK and then (if we accept), download the stuff (or not)
4. A clear option in MSN & IE (& XP) to fully enable and disable this auto-update feature all-together,
    thats what I want!
5. Microsoft is gathering information about us behind our backs.
6. Microsoft, once again, makes decisions for its users without informing or warning them !
    Typical arrogant behaviour of Microsoft !!!
7. Microsoft is spending OUR money and our time, without our knowledge and approval by auto-downloading stuff.
    As if Microsoft is not aware of the fact that we have to pay for downloading and uploading.

Note: DSL routers are quite cheap today and of high quality, they offer more than only routing,
they can make your internet connection safer, so they are really worth consideration.

So you have to keep track of the existance of these files on your system
and get rid of them every time they pop up again as MSN
is programmed in a way that it installs every time at boot these annoying files on your hard disk.
Below I show you how the killing of these files is done.

I made a simple BATCH-file, "deleteqm.bat" that deletes the files Qmgr.cab,
loadqm.exe, loadwc.exe every time at boot, see below for details.

The killing methods:

The batchfile "deleteqm.bat" looks like this. Copy and paste it in Wordpad or any other
text editor and make a call for this file in any BOOTFILE like the "AUTOEXEC.BAT"
file or your "startup" folder of Windows. Below also an example in MS DOS without the
use of an editor.

File creation with editor:

c:
cd \
cd \windows
del loadqm.exe
del loadwc.exe
del qmgr.cab
cd \

DOS file creation without editor:

C:> [ = prompt ]
copy con deleteqm.bat [ = file name ]
c:
cd \
cd \windows
del loadqm.exe
del loadwc.exe
del qmgr.cab
cd \
^Z [ = control key + z key ]

Now the file is created at c:\

Editing the registry (specially for XP users):

To kill the processes that initiate all these annoying downloading activities you can also clean up
the registry of Windows (XP). In XP you can do this in the below screen, but remember this
is not sufficient to get rid of all the MSN annoyances.

Specially Windows XP with the integrated MSN is a real annoyance to many users.
After having MSN switched off and stopped in the usual XP configuration section as shown above,
you can also get completely rid of Microsoft Messenger and the annoying logos and related MSN stuff,
just follow the steps below:

Goto the Start-button bottom left of your desktop,
goto start/execute, type in the textbox:      [you can also copy and paste from here]

rundll32 advpack.dll,launchinfsection%windir%\inf\msmsgs.inf,blc.remove

After that action:
Start the REGEDIT utility built in Windows (XP).
Search for:

HKEY_LOCAL_MACHINE\software\microsoft\outlook express

Click your RIGHT mouse button on it and in the window that appears choose: "New/DWORD-value".
Call this value:    hide messenger      [=the name that you have to give the value]
After that click on it with your RIGHT mouse button and type a new value in the value section: 2   [value=2]
Click OK.
Leave Regedit the common way so that the registry is saved. Reboot your system.
Microsoft Messenger stuff related to MSN are dead now.

You can also get little utilities from the internet to do the killing job of MSN and autodownload for you:

Look at: http://www.dougknox.com

Are you leaking information on your pc to the internet? Check Steve Gibsons site:
Do the leaktest at: http://www.grc.com and keep your shields up in future!

Note: You should be aware of the recently announced Microsoft intention to make its new OS (next after XP)
autoupdating without the posibility to let the user be able to switch off the autoupdating.

Success & good luck.
Hans. ©PE1MMK®

Questions: hans.hilberink(at)hilberink.nl replace (at) for @, this is to block spam.

Suggestions made by readers of this article:

Rob Thomassen has sent the following valuable addition:

To prevent LoadQM from starting just deselect it on the 'Start-up' tab of 'MSConfig' (Start > Run > 'MSConfig' [Enter]). This will stop Messenger/LoadQM from downloading enormous amounts of data, however it will bring back two minor annoyances:

- if you're connected to the internet by LAN (Cable or DSL modem) but still have a fax/modem installed, Messenger will also try this with the RNAAPP program. I've got the modem unplugged, so I don't know what will happen, but after a few minutes the RNAAPP porgram will temrinate itself.

- instead of downloading the update Messenger will now show a message at the taskbar saying there is an update ...

This all for Win98(SE), but will probalby also work in more or less the same kind of way on higher Win versions.

Also some other suggestions for sites to block (related to Messenger):

- svcs.microsoft.com -> messenger 'services'
- global.msads.net -> the ads that are shown at the bottom of the main Messenger window (it's also bandwith !)
- alerts.msn.com -> I don't want MS to 'alert' me ...
- rad.msn.com -> hmm ... forgot where this one was for ... but hey, Messenger is still working, so why not block it !

The next two block the extra tabs at the Messenger window:

- c.msn.com
- g.msn.com

Final tip: you don't need a router or firewall to block sites (although a firewall is always a good idea ...). In Win98 there is a sample file in the Win dir called HOSTS.SAM. If you remove the .SAM extension you will make this file operational. What it does ? It acts as a sort of Internet phone book. If the IP of some site is listed in here Windows won't ask a DNS but go directly to to the listed IP. If this exists ofcourse. So by adding the following line: "127.0.0.1 global.msads.net" you tell Windows that the MS ads can be found at 127.0.0.1 ... which happens to be your local IP! So no ads, and no bandwith loss anymore ! Ofcourse this also works for "127.0.0.1 ad.doubleclick.net", etc.

John, Nils, Frank have sent the following valuable addition:

- I installed Messenger and the "Zone Alarm" program alerted me to the attempt of QMgr to access the internet.

Some other reasons to object to upgrades we have not asked for:

- the impact of a large download on smaller/older machines (I am running a pentium 150) with small discs (1.2 gig - it used to be
huge!) and a 56k modem connection.

- I never upgrade anything that works when I am in the middle of something with a deadline so I like to choose when - and have the
option to back up etc.

- in any case all installation procedures tell us to terminate all other running programs - I assume there is a reason for this. Would
these background activities give us the chance?

Thank You,

Hans.

2005 postscript

Microsoft has in the release notes of its latest version of its Windows XP-SP2 Operating System, made it very clear that updating though internet is becoming a common practise. I do not know if this is a preferable development. I still have serious questions about this attitude of Microsoft and other companies as you have read above, Microsoft has done nothing to take away conserns of mine and many others.
In practise, Microsoft is having an active account on all your Windows XP (and later OS versions) pc's. Do you allow other companies to have an active account on your pc? Do you leave all your personal information on your pc free available to any company?
So this article stays the same topic as in at the time it was written.

2008-2009 postscript

Times have changed, so this article may have become outdated. But for Microsoft since 2005 not much has changed, Microsoft is still offering huge downloads for its products. Computers with a Microsoft OS and applications of Microsoft installed suffer from the daily active auto update programs running at background, making the computers unusable in some way during minutes to hours. Many reboots are required and time loss for the user is the result.
More operating system designers started to think that this is the way to design.

To my opinion Microsoft is still missing the point. For an example the next little story shows exactly what I mean by this:
In 2008 I decided to upgrade a laptops OS from XP to Vista. The OS-upgrade took many hours. After Vista was running it kept on telling me that all kinds of upgrades were available. So I upgraded and installed over and over again, then SP1 makes its announcement in the upgrade program, telling me that it may take hours to install. Lets go for it I thought and started the SP1 installation. It took almost a working day! But now the remarkable thing happened: after finalizing the installation I had enough and wanted to shut down the laptop, guess what: it started to uninstall the SP1 at shut down without any warning or question, can you imagine that? Now I could start the whole procedure again, what a waste of time.

To my experience Windows XP is still, after 3 SP's and tons of upgrades: unsecure, unstable, sluggish.

Windows Vista is way better, although after 1 SP and tons of upgrades: it is still sluggish and slow and awkward with its UAC.

And both suffer from a continuous stream of updates, that bring little to nothing at all, just a waste of time.

Then there is this other new issue: If you buy a netbook with an Atom cpu, there is not much chance you end up with Windows Vista. You can get a netbook with Windows XP or Linux preinstalled. Why? Well Intel and Microsoft decided it was best for their interests and profits to refuse users preinstalled Vista on netbooks. Only the HP netbook with a VIA cpu has Vista preinstalled. Stupid behaviour of Microsoft and Intel. Windows XP sucks on a netbook, Linux rocks and Vista is way better. Same problem as with Windows Ultimate versions: the best way to pay for a promise Microsoft never fulfills.
Postscript 2009: Levono and MSI produce the first netbooks on the world ignoring the directions of Intel and Microsoft and is offering an Atom equipped netbook with Vista and other features. Congratulations Levono and MSI!

Now, the end of may 2009, Microsoft tries to prevent the making of netbooks with SSD drives. Can you imagine that? Just for their own prophit. No other reason involved than the prophit of the Microsoft company. MSI has made a netbook already with a SSD drive in it The U115, its a great little notebook that works so fine. Buy one to support MSI and let Microsoft know they are WRONG, do not forget to buy it with Linux or install Linux yourself.

To my experience it is not too early to conclude that Microsoft still has learned nothing and still is the worst company on the world that offer poor products for a way too high price, and that my statement at the top of this article still is true and that this article is not outdated:

Microsoft still does not have the faintest idea of what their customers value and really want in their products, although this is in fact quite obvious!

Take a look at what other people think about this issue:

http://windows7sins.org

Sponsor