Attempting to answer whether MS is snooping

Windows Secrets




TOP STORY

Attempting to answer whether MS is snooping

By Susan Bradley on September 30, 2015 in Top Story

Microsoft has recently released updates to Windows 7 that allow it to gather more information about our PCs.

But is the company really tracking what we do on our systems? And can this data gathering be turned off?

Sending system stats back to ground control

During the development of a new OS, it’s common for the beta software to include code that records system activity. That information is then use to find bugs, compatibility issues, and performance problems so they can be fixed before the OS is officially released. In fact, many forms of shipped software — productivity suites, browsers, utilities, and so forth — on PCs, Macs, and Android devices continue to send back crash reports for bug fixes.

For many years, Windows has included a feedback system — once called Dr. Watson — for automated troubleshooting. The system is a two-way connection; when appropriate, fixes can be automatically sent back to PCs.

But in 2013, security vendor Websense took Microsoft’s reporting system to task. It noted in a blog post that the recorded data was sent in the clear — and that hackers could steal personal information by snooping the transmissions between PCs and Microsoft. That leaked information could be used to attack systems.

Websense strongly recommended that system tracking be turned off.

That recommendation might have been a bit excessive. Stealing telemetry data would require a “man in the middle” attack, which would mean that the hackers already had a foothold on the target networks or Internet connections.

Fast forward to Windows 10: Microsoft has increased the amount of information it collects for diagnosing problems with Windows and applications. But whether this is good or bad is not easily answered. If it results in better patch quality and faster responses from Microsoft, I’m all for it. On the other hand, I’m deeply concerned about the lack of transparency — what specifically is collected and how, exactly, is it used?

In this Big Data, post-Snowden era, we need to take the methodical erosion of our privacy very seriously. The information we willingly hand over, along with the data that’s collected behind the scenes, both benefits us and targets us — and the balance is rapidly tipping toward the latter.

Given the heated discussions about Windows telemetry, I sent myself on a quest: Could I determine what information Microsoft gleans from a typical Windows 7 system with the new telemetry updates installed? (I was more interested in the changes in Win7 than what’s built into Win10.)

In a classic case of good news/bad news, the answer was no. Presumably stung by the criticisms of Dr. Watson, Microsoft now transmits all diagnostic traffic from PCs to company servers via encrypted, Secure Socket Layer connections.

On a test PC, I tried viewing telemetry connections with the popular networking analysis tool, Wireshark (site). But Microsoft’s security measures kept me from making any sense of what was traveling from my machine to Microsoft servers. So I’m still in the dark about what the company is collecting — but then so are potential hackers, I assume.

Backporting Win10 telemetry tools to Win7/8.1

What Microsoft built into Windows 10 from the start, it recently added to our Win7 and Win8.1 systems via a series of updates. (That’s caused quite a tizzy in the blogosphere, with most of the “discussions” based on conjecture and hearsay.) For example, optional KBs 3075249, 3080149 and 3068708 give Win7 and Win8.1 data-gathering capabilities similar to Win10’s.

If you have automatic updating turned off (as I have frequently recommended) you can ignore or hide those updates. But Microsoft has a habit of changing the status of some optional updates, moving them to the Important section in Windows Update and setting them as prechecked.

An alternative to constantly checking these “optional” telemetry updates is to turn off the telemetry services altogether. Windows Secret’s sister publication — Windows IT Pro — provides advanced-user instructions for disabling the Windows Tracking Service; see the Sept. 9 article, “How to: Turn off telemetry in Windows 7, 8, and Windows 10.” This technique will ensure you don’t have to hide future telemetry updates.

But, again, there’s a potential price to pay: Turning off telemetry in Windows could slow the pace of operating-system fixes. Moreover, this trick doesn’t necessarily turn off all system tracking.

Other attempts to track telemetry transmissions

Another way to block Internet connections is the HOST-file technique (more info), which works for Win7 and Win8.1. However, on Windows 10, some users tried that trick to block telemetry communications, but, as noted on several websites — including an Aug. 31 Ars Technica story — Microsoft’s telemetry system simply ignores the HOST-file method. In a big change from Win7, you must take ownership of the HOST file in order to make changes in the new OS.

My attempts at Windows 7 telemetry analysis were based on steps posted by software developer Rob Seder, who was investigating his Win10 machine. Following his instructions, I used Wireshark to log transmissions from Win7 to the following websites:

• vortex-win.data.microsoft.com
• settings-win.data.microsoft.com
• cs1.wpc.v0cdn.net
• df.telemetry.microsoft.com
• i1.services.social.microsoft.com
• i1.services.social.microsoft.com.nsatc.net
• oca.telemetry.microsoft.com
• oca.telemetry.microsoft.com.nsatc.net
• pre.footprintpredict.com
• reports.wes.df.telemetry.microsoft.com
• sqm.telemetry.microsoft.com
• sqm.telemetry.microsoft.com.nsatc.net
• statsfe1.ws.microsoft.com
• telecommand.telemetry.microsoft.com
• telecommand.telemetry.microsoft.com.nsatc.net
• telemetry.appex.bing.net
• telemetry.urs.microsoft.com
• vortex-sandbox.data.microsoft.com
• vortex-win.data.microsoft.com
• vortex.data.microsoft.com

Although most of the urls in that list appear to be subdomains of Microsoft, a few, such as pre.footprintpredict.com,are related to the Bing search engine, as noted on the VirusTotal website.

An even longer list of MS telemetry-related urls, posted on the MajorGeeks site, includes domain names such asakadns.net, which is attached to the Akamai content delivery network service. Large companies such as Microsoft often offload some Web duties to services that specialize in secure content delivery over the Internet.

I left Wireshark running overnight. In the morning, it was clear that the Windows telemetry system hadn’t “phoned home” often. And, again, the information sent to Microsoft was mostly unreadable by the network-analysis software (see Figure 1).

Figure 1. The results of my Wireshark analysis of Windows telemetry data

The ‘Everyone does it, so it’s okay’ argument

Read the privacy policies of nearly every major Web service, and you might want to return to paper cups and string for your daily transmissions. Microsoft’s privacy policy raises numerous concerns, but in truth it’s not any worse thanGoogle’s or Apple’s policies. They all say that they give you control over your privacy, but none say what they collect in any detail or in a way that the average human can interpret.

That’s not really acceptable. Most of us are willing to provide personal information to Web services — for mapping, searching, sharing, and so forth — for a better computing experience. But what happens to that information, now that it resides on Internet servers? Many users assume it’s deleted when we no longer need it; but, in fact, we simply don’t know. And that’s what we should be most concerned about — the lack of transparency.

The difficult decisions for personal privacy

I started this investigation to see whether I could determine exactly what information Microsoft is gathering from my systems. I was pleased that this telemetry data is now protected — but I was also disappointed that I couldn’t answer my primary question: Is Microsoft snooping on us?

Based on Microsoft’s privacy policy and a recent Blogging Windows post by Windows honcho Terry Meyerson, I’m fairly comfortable that the telemetry information won’t be used for truly malicious intent; hackers can’t access and use the information to wage attacks on our systems.

But there’s also the “Big Data” aspect. Will that data make its way to other massive services and get combined with other sources of information about us? I recently attended a technology conference that discussed Big Data services, and I came away both impressed and worried.

Still, as noted in a recent ZDNet article, if you’ve gone through Win10’s numerous privacy settings and you’re still uncomfortable about what the company does with your data, the alternative is to not upgrade to the new OS — or use “Chrome OS, iOS, Android, or any other system that’s tied closely into the cloud.”

I’m not ready to chuck those platforms, and I assume you aren’t either. But that doesn’t mean we should blindly accept vendors’ data-gathering practices.

On Windows 7 and 8.1 systems, you have fewer privacy options. Here, I recommend disabling the Windows telemetry service. Neither OS will see significant enhancements, so we’re mostly concerned with all-important security updates.

Open the start menu and click Administrative Tools/Services (or Control Panel/Administrative Tools/Services). Scroll down the list of services until you find Diagnostic Tracking Service. Click it and stop the service, then click OK. Now right-click the service and open Properties. Change Startup type from Automatic to Disabled (see Figure 2) and then click OK. (Note: If you don’t see the service, it’s probably because you’re behind a domain and didn’t get optional updates KB 3075249, KB 3080149, and KB 3068708 installed, install that service.)

Figure 2. You can reduce the data your Win7 or Win8.1 system sends back to Microsoft by disabling Windows' Diagnostic Tracking Service.

I’m keeping the service disabled on my Win7 (and probably my Win10 systems, too), until I find out exactly what is being sent to Microsoft — or I feel more comfortable with the telemetry process. And I’m keeping a closer eye on all other Web-attached services and software. No matter what you think about Edward Snowden, he made all of us far more aware of how our personal data might be used.

Attempting to answer whether MS is snooping

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.

Windows 10 Worst Feature Now Installing On Windows 7 And Windows 8

Forbes  Tech

Windows 10 Worst Feature Now Installing On Windows 7 And Windows 8

Gordon Kelly

Last week came the warning, now comes the roll out. The most criticised aspect of Windows 10 is coming to Windows 7 and Windows 8 after Microsoft released upgrades which enable the company to extensively track what users are doing. The releases bring good and bad news…

The Bad News

The three updates in question 

– KB3075249, KB3080149 and KB3068708 (which replaces KB3022345) – all add “customer experience and diagnostic telemetry” to Windows 7 and Windows 8. This is shorthand for monitoring how you use Windows and sending that data back to Microsoft HQ for evaluation.

Worse still software specialist site gHacks, which first discovered the tracking, notes these updates will ignore any previous user preferences:

“These four updates ignore existing user preferences stored in Windows 7 and Windows 8 (including any edits made to the Hosts file) and immediately starts exchanging user data with vortex-win.data.microsoft.com and settings-win.data.microsoft.com.”

Windows 7 and 8 are now receiving updates to allow more user data capture – Image credit Microsoft

Read more – Windows 10 Vs Windows 8 Vs Windows 7: What’s The Difference?

The Good News

Now they have been launched the positive news is KB3075249 and KB3080149 have been classed as ‘Optional’ in Windows Update. This means they won’t install without Windows 7 and Windows 8 users giving them express permission to do so (a key difference to Windows 10).

On the flip side KB3068708 is classified as ‘Recommended’ which means Windows 7 and Windows 8 PCs with Windows Update set to automatic will install it by default. That said for the update to appear in the first place you will need to be a participant in Microsoft’s Customer Experience Improvement Program, an opt-in program which already has you agreeing to send user data to the company.

As PCWorld notes, unfortunately CEIP members who now feel uncomfortable about being a part of the program will have to jump through hoops to get out of it:

“Most programs make CEIP options available from the Help menu, although for some products, you might need to check settings, options, or preferences menus. Some pre-release products that are under development might require participation in CEIP to help ensure the final release of the product improves frequently used features and solves common problems that exist in the pre-release software.”

Windows 10 is great software with questionable user policies and now Windows 7 and Windows 8 show signs of following in its footsteps – Image credit: Microsoft

Read more – Windows 10: Should You Upgrade?

PCWorld also confirms gHacks observation that KB3075249, KB3080149 and KB3068708 all bypass user privacy settings in the Windows hosts file, so the easiest option for Windows 7 and Windows 8 users is to uninstall and then hide it.

This can be done by following these instructions…

To Uninstall the updates in Windows 7 and Windows 8:

1. Go to Control Panel
2. Go to Programs
3. Go to Uninstall or change a program and locate them by name
4. Double click on each update to uninstall it or right click on the update and choose uninstall

To hide the updates so they won’t install in future:

1. Go to Control Panel
2. Go to System and Security
3. Go to Windows Update 
4. Go to Check for updates
5. Find them in pending updates, right click on each and select ‘Hide’

The Future With Microsoft

Of course the bigger question than how to deal with these individual updates, is what the future holds for Microsoft customers on all versions of Windows.

I’ve long argued that under Satya Nadella the new Microsoft is operating more akin to Google: subsidising software prices in exchange for user data. Microsoft has also taken on Google’s stance of supplying its services widely to rival platforms (though possibly only because Microsoft has lost the smartphone war).

So will these attempts at data mining escalate?

Given the criticism the company has received over privacy invasions in Windows 10, I had hoped a compromise would be found. Instead Microsoft’s ploy of bringing more tracking to older Windows versions suggests this won’t be the case.

As such, once the (justifiable) fanfare over the free release of Windows 10 has died down, the next 6-12 months is going to be crucial for Microsoft and its customers alike.

Read more – Windows 10 Updates U-Turn: Microsoft Details Changes

Wimdows Secrets

Thirty-day Win10 experiment lasts only a week

By Lincoln Spector on August 26, 2015

It was intended as a month-long immersion in Windows 10 and a test of using the new OS on a hybrid laptop.

But the experiment ended after just seven days. It turned out that upgrading a hybrid laptop/tablet was a trial of BSoDs and compatibility issues.

Duplicating last year’s experiment with Win8.1 (see the April 3, 2014, Best Practices article; paid content), I upgraded the small laptop/tablet hybrid (laplet) to Windows 10, planning to spend a month using it in place of both my main Win7 system and my iPad.

The ASUS Transformer Book T100 (more info) might just be the lightest, cheapest, and least powerful PC ever designed to run Windows 8. Without its detachable keyboard, it weighs only 1.4 pounds — or 2.4 pounds with the keyboard. It has only 2GB of RAM, 64GB of internal storage, and a relatively low-power 64-bit, 1.33GHz Atom Z3740 processor. It came with the original Win8 x32 but was later upgraded to Win8.1. Now it would run 32-bit Windows 10.

When using the T100 as a desktop PC, I connect it to a Plugable UD-3900 Dual Display Universal Docking Station (site), which in turn connects to an external monitor, a keyboard, a mouse, speakers, and an external drive for more storage.

Part of the 30-day plan was to use the T100 as my mobile-computing device on an upcoming vacation. No, I wouldn’t use it for work — just personal email, social networking, and reading.

The upgrade goes badly awry almost immediately

The initial process of moving up to Windows 10 seemed to go well — if you don’t count having to update the touchpad driver. But when I tried to get actual work — or play — done, problems piled up.

For example, my browsers behaved badly. I couldn’t comfortably read the newspaper or an ebook. And the new OS crashed — repeatedly.

By the seventh day of the experiment, only hours before leaving for the airport, I’d had enough. I put the laplet aside and packed my trusty Win7 laptop — and I plugged in the iPad so it’d have enough power for the flight across the country.

Reviewing the issues, starting with the crashes

The worst problem hit on day two. When I tried to lower the volume on my music, suddenly Win10 wouldn’t respond. Then the mouse pointer started behaving erratically. Within a minute, the music stopped entirely, the external monitor went black, and then the laplet’s monitor turned blue.

I was suffering my first experience of the Win10 version of a Blue Screen of Death (but not the last). Surprisingly, it’s a big improvement over the vintage BSoD. Instead of the usual technical mumbo-jumbo, you see a big, sad-face emoticon (which I dubbed the Friendly Face of Death — FFoD) and clear, concise text that tells you what to search for online.

Figure 1. Win10's Blue Screen of Death provides a friendlier face and a bit less-obscure information than do previous Windows versions.

Still, that was not much consolation. The first crash occurred on day two, in the middle of work. Two days later, it happened again. On day six, Win10 crashed twice! Each crash was preceded by erratic Windows behavior and no response from the keyboard and mouse. Two more crashes the next day effectively ended the 30-day experiment.

Over the week, I searched the Web for information on the error — “KMODE EXCEPTION NOT HANDLED.” I found suggested solutions, such as those on a Microsoft Answers discussion, but they were always for Win8.1 — and none worked for me.

I managed to go another 12 days without an FFoD — but half of that time my laplet and I weren’t in the same time zone, and over the six days following my vacation, I used the machine only occasionally. I wasn’t surprised when it crashed again for a seventh time.

Fellow contributor Susan Bradley kindly offered to take a look at my system’s dump files. (She’s far more skilled at interpreting them than I am.) Her guess: the manufacturer’s drivers were at fault. And she was apparently right — the final crash was on a Friday; the following Monday, Microsoft pushed out updates that included new ASUS drivers. Those updates seem to have fixed the crashes, but there were still other issues to solve.

An unfriendly environment for Web browsers?

I use Chrome as my browser of choice, but it had some choice problems with Win10.

I prefer to read my local newspaper, the San Francisco Chronicle, via my browser. Every morning, I use an emailed link to launch a browser-based version of the paper. (The process uses Olive Software technology; site.) With Win7 or Win8 — or on Android and iOS — I wait only a few seconds for a facsimile of the day’s paper to appear in Chrome.

But with Win10 installed, nothing ever comes up. An Olive Software FAQ offers a Chrome-specific fix but makes no mention of Windows 10. It basically says to always enable Adobe Flash. That didn’t solve my problem — I already had Flash enabled.

Other sites were apparently having Flash issues. PCWorld articles, for example, endlessly downloaded; social-media scores never appeared. I tried various Adobe Flash demo pages through Chrome, but they all worked just fine.

The obvious solution, of course, was to try another browser. Firefox, Edge, and Internet Explorer successfully launched the Chronicle. But they had other problems: Firefox and Edge both had scrolling issues inside the Olive environment. Internet Explorer had text-wrapping issues when viewing the paper in full-screen, portrait mode (my preferred way of reading on the T100). IE seemed to think that the screen was wider than it was.

I thought I’d found a solution when I uninstalled and then reinstalled Chrome. Everything worked fine — until the next morning. Suddenly, the news was back to an infinite loop. (Yeah, I know: 15 months before a presidential election, the news always feels like an infinite loop.)

I soon discovered that my browser problems weren’t exclusive to the laplet. The same issues with Chrome, Firefox, and Edge also showed up on the desktop PC I’d upgraded to Win10. (IE’s portrait-mode problems couldn’t easily be tested on my desktop machine.)

Win10 also unkind to some popular apps

In the aforementioned Best Practices story, I had proclaimed that “An operating system is only as good as the software that runs on it. In a desktop environment, that makes Windows king. But in mobile apps, it’s more like some minor lordling trying desperately to catch up.”

A year and four months later, Win10 is repeating history. Here’s one simple example — a problem that meant a lot to me because of my vacation plans: trying to use an ePub book reader (more info; paid content).

On my iPad, I can comfortably read a book in ePub form through Apple’s iBooks. Google’s Play Books also does a reasonable job, although I prefer iBooks’ user interface. But neither of these apps is available in Microsoft’s Store.

So I tried three other book readers — all of which had serious flaws.

Bookviser Reader (MS Store page) was the best of them, and the one I would have used, had I taken the laplet on my vacation. For the most part, it worked well. But in full-screen, portrait mode, it cut off a little bit of the last letters in the last two or three lines of each page. I could usually guess what those letters were, but it was annoying. I got around the problem by reading in a desktop window rather than full-screen. But that meant I couldn’t always stay in tablet mode when using the T100 as a tablet.

Figure 2. Bookviser Reader inexplicably cut off a tiny part of each page's lower-right corner.

ePub3 Reader (MS Store page) kind of worked, but it was difficult to use. You had to cope with a too-tiny-for-tapping menu for basic chores such as adding a bookmark. That was my first impression; I revisited ePub3 Reader again while writing this article and got a big surprise. It no longer works at all — I cannot load a book into it. (My desktop had the same problem.)

Nook (MS Store page) is, of course, the best known of the ePub readers. But on the Win10-updated laplet, it displayed the text off-center, with the end of every line cut off. I could find no way to fix that.

Figure 3. The Nook reader clipped off the right side of each page of text.

Going into my experiment, I thought I would have a way to, well, cheat on the tablet experience. By running AMIDuOS (discussed in the Feb. 26 Best Utilities article; paid content), I could have a virtual Android tablet inside my Windows one.

Alas, it was not to be: AMIDuOS, which works fine in Win7 and Win8, fails under Win10. Last I heard from my AMI contact, the company “is still finding the root of the bug/in process resolving it.” That was more than two weeks after I first contacted them about the problem. (AMIDuOS doesn’t run on my Win10-upgraded desktop PC, either.)

Good reasons for delaying a Win10 upgrade

New operating systems always come with some kinks and compatibility issues. I doubt that Win10 has more than previous Windows updates. But this time around, Microsoft is giving a new OS away for free — and a whole lot of people are jumping on it.

My experience was likely worse than most. But you should nevertheless take it as a warning — be prepared for unexpected consequences. If you’re ready — with either experience or time — to tackle the potential problems following a migration to Windows 10, put the upgrade off for a few months — even if you’re sick of Win8. That will give time for the release of new drivers and software fixes.

You might also take some time to search the Web for trouble reports from people who have similar hardware and apps to yours. Ask yourself: Do I really want to deal with similar problems?

Win7 users have even fewer reasons to upgrade anytime soon. If you don’t have a touchscreen, Win10’s advantages to you are minimal.