Can anybody verify this, found on another forum

Make sure you physically disconnect the internet when rebooting after an update!!:

A friend of mine was doing some work in the Windows 7 OS and came across something unexpected...

Basically after digging through the coding & cleaning it up, i found another phone home, but this one only ran when an update was installing & disconnected before the end of the update install.. what scared me was it didnt just send information of the current o/s, but sends information of all apps on system & all usernames & passwords..

Which as you can guess this i cannot work out why its in there... i've checked this against multiple windows 7's & they all seem to do the same thing at the same time.. normally it'd get missed, but i only found it due to the coding doing something weird at that point...

This means every time the system has rebooted during an update it sends out all your private data - even if you don't store passwords it also sends out the contents of the cache so unless you specifically cleaned that it will still have your info. What's more this info is not just sent to MS, but part of the code indicates that after arriving there it gets redirected to an unknown third party address.

This is probably not official coding but is the work of someone within MS who used their position to insert some extra code. Even if it is official, it can easily be accessed by third-party programs (ie viruses) and modified to send the info to a new third party. Such a modification would be virtually undetectable because it runs exclusively under cover of the reboot while your av and firewall are still disabled.

Since it only sends info during the reboot it can be defeated by simply unplugging your internet after the update has finished downloading and keeping it unplugged until after the update is fully installed.


Windows Forum Admin
Staff member
Premium Supporter
Microsoft MVP
This if true is actually pretty scary.. As Gedstar points out what would the purpose be behind this if it isn't a malicious one? I'm going to do some googling and see what turns up..


Windows Forum Admin
Staff member
Premium Supporter
Microsoft MVP
After a lengthy spell googling and trying to think of search keywords the only thing that kept popping up was something called 'WAT'.
Read on:

Windows 7 Phones Home to Check For New Piracy Tactics

Microsoft has announced that an update will soon be released that will change the behavior of WAT (Windows Activation Technologies) in Windows 7. WAT determines whether a copy of Windows is, as Microsoft puts it, "genuine" (they used to call this Windows Genuine Advantage).

After the update is installed, WAT will check with Microsoft every 90 days for information on new activation hacks that Microsoft may have found. Therefore, if you buy a computer with a pirated copy of Windows (or hack activation yourself) and it's not found at first, it may be found later.
If a system is found to be non-genuine it will display dialog boxes informing the user of the situation and giving them information on how they can get genuine. The desktop wallpaper will turn blank with a watermark reminding the user of the problem, and the dialog boxes will reappear periodically. The only updates they will be able to install are important security updates. Microsoft stresses that no user functionality will be lost.
The activation problem from Microsoft's standpoint doesn't come from individuals hacking their own copies of Windows to avoid buying a license. It comes from unscrupulous OEMs, mail-order and storefront computer shops I imagine, that sell Windows systems with hacked versions so that *they* don't have to buy a license. In these cases, the consumer is usually unaware that they are buying pirated software (or maybe they just don't want to know). If you're actually curious about the genuiness of your Windows copy, go to Microsoft's "How to Tell" site.
But this new approach raises the possibility that users won't find out they have a problem until some time after they have been using their computer. Is this unfair to the consumer? Yes, but it's not Microsoft being unfair, it's the OEM. For consumers in this position Microsoft is happy to sell them a real license.
There has been some negative reaction to this move by Microsoft, such as this one by Lauren Weinstein. Weinstein is concerned about false positives, but in the main she argues that the fact that Microsoft is even checking such things on old customers is an offensive intrusion on privacy. Personally, I don't understand her concern. I don't feel violated at all by the check.
The update will be made available today, February 16, at for Windows 7 Home Premium, Professional, Ultimate and Enterprise. Tomorrow it will be available at the Microsoft Download Center, and later in the month it will be available as an "Important" update on Windows Update. As an Important update, most users will, per the default settings, download and install it automatically. But it is not mandatory, you can opt-out, and as long as you haven't been busted by it yet, you can uninstall it.

Windows 7 Phones Home to Check For New Piracy Tactics - Security Watch

For your information, if you read the title of the post you would see that I read this on another forum, I did not say I found any code, this was posted from a user on another forum. I posted what I read, I did not write the topic, just wondered if it was true. I know Microsoft are making changes to WAT, I'm a IT engineer and use fully legit software and keep abreast of all security issues relating to Microsoft products. How can you say it’s Hog Wash when Microsoft products have been compromised on many occasions before? Who’s to say it’s not possible for this to happen? Microsoft do gather information about users, although they say its not personal information they collect but how are we to know any different.


Extraordinary Member
The finger always , quickly, points to malpractice by Microsoft. Many software companies openly state that they will collect information when applying, or supplying, updates. Often you sre asked, during the initial installation, if you wish to participate. This means they have that ability. Whether you consent or not, the ability remains available.
I have beta tested several Microsoft products, since the first Vista effort. This includes their other products, as well as the OS. Nearly always you receive a message, at some stage during the install, as to whether you wish to cooperate in feedback schemes. In fact, in the final stages of the Windows 7 RC, which was available to the public, this was an automatic, hidden, procedure.
I have always consented, in the case of Microsoft, to this. On rare occasions, Microsoft have even asked if they can be privy to something on my computer.
To this day, I have had no problems.
If you products are clean, you need have no fear of such practise. It still remains easy, by many avaialbe methods, either OS related or third party, to conceal or prohibit access to your private material.
I am not a Microsoft "Fanboy", but enjoy the use of their products. I am in a situation where, fortunately, I am able to test many, free of charge. Optimistically, I hope that Microsoft's latest method of cutting back the deadwood, via an update, may help to stabilise the prices of their products for the next few years.
It is fairly obvious, if you are a fequent visitor to sites such as this, that, from the sudden reduction of posts concerning very basic issues with Windows 7, that a lot of users of pirated material have woken up to crippled OS's!

But,having waffled over that, regarding the OP's concerns, I have not googled the remark, but the comment makes no sense. If you have installed the updates, and then disconnect, what on earth is this supposed to achieve? Do you then deprive yourself of internet access? When you reconnect, the code, should there be any, is still waiting to be activated, it would be hard, and not in the ram, which would have cleared on the reboot.

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.