Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Microsoft

wustat/wutrack.windows.com - What are they Used For? 106

Posted by Cliff from the I-spy-bill's-secret-little-eye dept.
An Anonymous Coward asks: "On Windows XP today when i ran 'netstat', I noticed an http connection to wustat.windows.com. Several minutes later when i tried again I had an http connection to wutrack.windows.com. A search on google yields few results. Since windows.com is registered to microsoft, it makes me curious to know what wustat and wutrack stand for and what their purpose is. Is it Windows Usage Statistics/Tracking?" Has anyone else seen this on their XP systems?
This discussion has been archived. No new comments can be posted.

wustat/wutrack.windows.com - What are they Used For? More

wustat/wutrack.windows.com - What are they Used For?

Comments Filter:

  • Windows Update (Score:2, Redundant)

    by SpatchMonkey ( 300000 )
    Maybe it stands for Windows Update, were you running that at the time?

  • Killa bees on a swarm (Score:5, Informative)

    by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Monday July 08, 2002 @09:24PM (#3846356) Homepage Journal
    They use that to track how many Wu Tang MP3s you've pirated.

    But seriously folks, that's to track updates for Windows Update. Basically it keeps a line of communication open so that if there is an update on the windows.com website, you will be notified ASAP.
    • Basically it keeps a line of communication open so that if there is an update on the windows.com website

      That is just silly.

      Ok, I can understand if an occasional connection is made to see if any updates are available, but I really doubt it is as you describe. Just think of it this way, just what kind of machine (or machines) would you need to have on the other end to handle a permanent keep-alive connection from every freaking PC on the planet? That just isn't realistic.

      More likely, the user happened to see the connection open while the agent was talking (or had just completed and the connection was in a TCP CLOSE_WAIT state.)

  • Slashdot it! [windows.com]

    and if we're lucky, someone will pop around to see what happened to their server that we can tie up and grill mercilessly

  • It's Quite Elementary (Score:5, Funny)

    by jcenters ( 570494 ) on Monday July 08, 2002 @09:28PM (#3846369) Homepage
    This is all part of Microsoft's plans for world domination. Observe:

    Step 1: Use Windows XP to gather information on and track its users.

    Step 2: Annex the Fatherland.

    Step 3: In a twist of brutal irony, step three is a hostile takeover of Apple.

    Step 4: There is no Step 4.

    Happy Microserfing!

  • Auto... (Score:2, Insightful)

    by nuggetman ( 242645 )
    Perhaps it's automatic updates checking the site?
  • I'd guesss "WU" is more likely "Windows Update" than "Windows Usage"..

    - Steve

  • Does it happen with windows update disabled? (Score:4, Interesting)

    by hawkstone ( 233083 ) on Monday July 08, 2002 @09:48PM (#3846476)
    Just curious -- there are radio buttons under the Windows Update setting that let you choose from "whenver you feel like it, oh mighty XP" or "not on your life; I update myself". If you have it set to check it automatically own its own, it could very well do it on many of your random connections to the 'net, several times a day.

    If you disable it, does this still happen?

    In fact, is this reproducible enough that it happens whenver you run netstat?
    • I have Windows Update disabled, and I don't see it happening:

      Active Connections

      Proto Local Address Foreign Address State
      TCP bl-rh-bwaskiew:4145 msgr-cs70.msgr.hotmail.com:1863 ESTABLISHED
      TCP bl-rh-bwaskiew:4201 images2.slashdot.org:http TIME_WAIT

    • Yes, it still does. I've set Windows Update to never check and then disabled the service, but some component is still trying to phone home twice every hour. I finally resorted to blocking microsoft.com and windows.com at my firewall.
      • You may not have actually disabled it then, because my first reaction when playing with XP was to switch this off. Since then neither my personal nor perimeter firewalls have recorded any attempts at access by Windows Update apart from when I've been updating manually.

        In fact, looking at my current rules, I'm actually blocking very little of Windows' guts from seeing the web, yet not seeing any traffic. I've got rules for LSASS.EXE, SERVICES.EXE and Microsoft-DS (are of which are not enabled - I must have figured out how to turn them off), SVCHOST.EXE is allowed to perform DNS resolution, and that's it. I get prompts everytime an unknown/unrecorded app tries to access non-local IPs, and Microsoft's apps don't make

        I have to admit, despite the rumours to the contrary, I think that Microsoft has probably cleaned up its act for real.

        • I'm not trying to be paranoid too bad here but...

          It sounds like you are using an app on the windows box to do your firewall connections. It would be fairly trivial for Microsoft to make some connections without the software being aware. This would be real easy to do with existing products out there or possibly even have the vendor ignore those specific connections.

          I'm not necessarily saying that is happening but that it is possible. If an external firewall says there are connections and software says there isn't then I'm going to believe the external one. I'm going to capture some packets and just see what is on the wire to find out for myself. I might just have to tighten up my outbound rules when I put XP on my testing partition.
          • I'm not trying to be paranoid too bad here but...

            Hey, it's Microsoft *and* the Internet - you can't be too paranoid! You're correct in the assumption that I'm using a personal firewall app (Tiny Personal Firewall v2 [tinysoftware.com] infact), but I also have a hardware perimeter firewall to verify things with and it's all hunky dory.

            As an aside, I'm still using v2 of Tiny PF, because I thought v3 was horrendously complex to get running smoothly. Has anyone out there persevered and come to the conclusion it's worth the effort, because on paper it seems like quite a good system?

        • Does any one knows there should be so many instances of SVCHOST.EXE running in W2K pro and XP? Isn't it multithreded or what? Are there one per each service?

  • unsecure HTTP for Windows Update? (Score:3, Interesting)

    by slashkitty ( 21637 ) on Monday July 08, 2002 @09:53PM (#3846500) Homepage
    This would be rather timely if the XP had the same problem that OS X has with an unsecured HTTP software update method.

    Has any one w/ XP snooped the software update?

  • Break It and Find Out (Score:4, Interesting)

    by yancey ( 136972 ) on Monday July 08, 2002 @10:03PM (#3846546)
    Edit the C:\WINNT\System32\drivers\etc\hosts file so that the line reads thusly...

    127.0.0.1 localhost wutrack.windows.com wustat.windows.com ... and then see what breaks.. or doesn't.

    • But it probably wouldn't break anything as the program that uses these conections should be built in such a way that not getting a connection would not cause any errors or problems. So this test would probably be useless.

    • Better Still (Score:4, Interesting)

      by DrSkwid ( 118965 ) on Tuesday July 09, 2002 @03:00AM (#3847804) Journal
      route it to a proper machine and log what comes out
      • Be careful. That sounds like reverse engineering. You don't want to step into DCMA territory. For everyone outside of its grasp, hack away.
        • Reverse engineering for compatibility

          Besides I dont remember going into a contract that my DNS queries would yield the same results as microsoft's.

          host files are great, more fun than firewalling

          • Not really serious about that.

            Host files, firewall, etc. as long as it doesn't make it out to the place it was intending.
            • aye, but there is a scope for reuse

              for instance when one presses "search" from the internet explorer toolbar a panel opens on the left with the page :

              http://ie.search.msn.com/en-gb/srchasst/srchasst .h tm

              So at our company I put ie.search.msn.com in the local DNS and routed it to *our* webserver.

              Thus we get a company themed search page with useful links tailored to each user or dept (based on cookies and/or IP). Even on new installs and laptops.

              I use the technique to replace banner ads with our own banners. Seeing Dave's face when he got a "Get Back to Work Dave" animated gif banner when he visited slashdot was a peach. I'd re-routed images.slashdot.org to a local address and used the IP to choose the banner.

              plenty of fun but productive too

  • disable it. (Score:4, Informative)

    by Neck_of_the_Woods ( 305788 ) on Monday July 08, 2002 @10:05PM (#3846553) Journal

    To turn off automatic updates for your computer:
    Click Start, click Control Panel, and then double-click System.

    Click the Automatic Updates tab, and then click Turn off automatic updating. I want to update my computer manually.


    • Also if you wondering the reg edit is:

      HKey_LOCAL_Machine\software\microsoft\windows\cu rr entversion\WindowsUpdate\

      Change the following:

      AUOptions - Data: (1)
      AUState - Data: (7)

      Enjoy,

  • Do you think that if this was something dodgey going on it would show up in WinXP's netstat command?

    I don't think so.

  • WU (Score:1, Informative)

    by alpha264 ( 120832 )
    I would imagine since Windows Update is always running (At least by default) and checks for updates occasionally, that's what you're seeing.

    Just go into your "System" settings in the control panel, and then to the "Automatic Updates" tab and uncheck the box (Or change the settings to whatever suits your preferences)

    This hardly seems like an interesting Ask Slashdot. For the first time in my years as a reader, this story smells a bit like aluminum foil on the head type knee-jerk paranoia.
  • Anyone looked recenty on Windows Update and what there downloading? iirc they have released a new version of Critical Update check, which checks and background downloads updates...ever thought it might be to track changes on Windows Update? To clear this up probably the best way is to sniff a connection going to these sites, ive already added these sites to my snort sniffer on my firewall...lets see what it turns up eh?
  • This is probably just the windows update, and can be disabled.

    If you are a paranoid individual, then try installing a firewall app... something like "AT Guard". Besides stopping windows from wasting your badwidth, it will also protect you from instruders, worms etc...

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close