Samstag, 17. Januar 2009

Don't be evil: GoogleUpdater.exe

I just sniffed a bit my internet traffic, because one update application did not work. I did nothing except lauching the update application while using Packetyzer to monitor all network traffic.

I found some HTTP-Traffic between my computer and "74.125.43.113" (which is "clients.l.google.com") in my captures log. Yes, i tried Google Chrome on my Computer and i have Google Earth installed - the usual Google Apps. So Google installed a litte background process named "Google Updater". (Press Ctrl+Shift+Esc to open the "Windows Task Manager", click on "Processes" and probably you'll find GoogleUpdater.exe.)

Here are parts from the logs:

Packetyzer Trace:


[...]
Internet Protocol, Src: XXX (192.168.2.XXX), Dst: clients.l.google.com (74.125.43.113)
[...]
Transmission Control Protocol, Src Port: 1628 (1628), Dst Port: http (80), Seq: 1, Ack: 1, Len: 437
[...]
Hypertext Transfer Protocol
GET /service/check2?appid=%7BXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXXX%7D&appversion=1.2.133.33&applang=&machine=0&version=1.2.133.33&machineid=%7BXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX%7D&userid=%7BXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXXX%7D&osversion=5.1&servicepack=Service%20Pack%203 HTTP/1.1
User-Agent: Google Update/1.2.133.33;winhttp\r\n
Host: cr-tools.clients.google.com\r\n
Connection: Keep-Alive\r\n
Cache-Control: no-cache\r\n
Pragma: no-cache\r\n
\r\n
Request: True



And this is the informationen, google updater tranferes to google (probably every hour or so):
  • Installed Application (Which app is installed, which version). This is all google needs to know, if you app needs an update!!!
  • Machine-ID - google recognized your computer
  • User-ID - google regognized the user in front of the computer (i guess "which user is logged in?")
  • OS informationen - i have installed Windows XP ("osversion=5.1") with SP3 ("servicepack=...")
Google can track when my computer is online! Google even recognizes me.

Now "google" ;-) a bit for GoogleUpdater.exe and i learned: Googleupdater is inserted in a AutoStart-Liste from windows as well as in the taskplaner. So it's not really easy to get rid of google update, you'll have to find a proper tutorial and remove the software from multiple places.... like a virus...

Google is a great company ... but they have somthing around them, that frightens me....

P.S.: yes, i know - blogger.com belongs to google...