Windows 10 Security and Privacy - Your tinfoil hat isn't big enough

[Temetka]

So um yeah, I'm just going to leave this here for your consideration:

http://arstechnica.com/information-tech ... microsoft/

[precip9]

Temetka,
Thanks for being so forthcoming with your thought processes. I wonder if you would consider sharing a question that must be in your mind. I would understand if you would prefer to pass.

Since you are responsible for the security of an enterprise, are you sufficiently comfortable with what is known about Windows 10 to deploy the 500 licenses you have been granted? Does the hack potential worry you in terms of execution of your job responsibility?

I am reminded of the perennial Adobe flash hazard. So many systems have been hacked through Flash, but people love to watch their videos. The losses through Flash warrant class action suits that exceed the market value of Adobe.

[Temetka]

Temetka,
Thanks for being so forthcoming with your thought processes. I wonder if you would consider sharing a question that must be in your mind. I would understand if you would prefer to pass.

Since you are responsible for the security of an enterprise, are you sufficiently comfortable with what is known about Windows 10 to deploy the 500 licenses you have been granted? Does the hack potential worry you in terms of execution of your job responsibility?

I am reminded of the perennial Adobe flash hazard. So many systems have been hacked through Flash, but people love to watch their videos. The losses through Flash warrant class action suits that exceed the market value of Adobe.

I will NOT be deploying Windows 10 in it's current form.

If I can block telemetry data through the use of hosts files, group policy and hardware firewall settings then maybe. There is some paranoia that Microsoft has hard coded certain IP's/Domain's into various .DLL's so as to bypass any proxies, hosts file, etc. that the user has configured. But unless they have a deal with SonicWall, they can't bypass my firewall.

Windows 7 has support until 2020, so I have a few years to figure this one out. But considering the bulk of my clients are local government, I am 99% sure they don't want this stuff being sent to Microsoft. If they aren't aware of the implications, then it's my job to handle the due diligence and inform them fo what could be transmitted, what Microsoft scans, and how that data is used. It will then be up to City Council to decide on whether or not to move forward. I feel pretty comfortable that they will go with whatever recommendation I ultimately make - whether it means sticking with Microsoft or switching to RedHat or other.

I am also 99.9% sure I am not the only admin doing a complete WTF right now.

Finally to clarify - it's 5,000 licenses we have. For 10 different versions of Windows 10. So 50k.

[precip9]

Exactly. IMHO, it's not enough that a bunch of white hats take W10 apart. Microsoft would have to supply hard, binding documentation on exactly how a W10 client communicates with the Microsoft "host." No ifs, ands, buts, unpredictable, or undocumented behavior. Only with that documentation can due diligence be applied to enterprise security.

I never thought I would seriously consider linux. Not now, but when W7 and perhaps W8.1 sunset...

[Norway Pad]

I really haven't paid attention to privacy issues related to on any previous Microsoft OS. I know that there has always been those random articles online who has claimed that big brother can see everything you do. But I have never paid attention to them, as they are rare, and I have considered that level of concern for privacy as slightly paranoid and tinfoil hattish.

But with Win10 it seems to be a much bigger, more universal and credible group of IT-people who fronts the privacy concerns. So I have come to the conclusions that this time it's worth listening to, and I have put off any further Win10 upgrades. I will run my only Win10 computer, the T420, as a test bed for now, with the main goal of testing how updates can be un-automated and hidden, and to test various suggested fixes and hacks for improving privacy. I will put every step into a document, so I can go back and see what I did. And I will make sure to image it in case I by break the install beyond repair with any of the hacks.

I also have the general impression that by going online, posting on Facebook and using Gmail, I have already given up some of my privacy in trade for a "useful(?)" service. But at which point is it enough? I don't need Cortana and a live websearch in my Start Menu, nor do I need live content in the app tiles. On a phone, created for consuming content, it might be fun and useful. On a computer, mainly used for creating content, it has no value.

[Temetka]

Exactly. IMHO, it's not enough that a bunch of white hats take W10 apart. Microsoft would have to supply hard, binding documentation on exactly how a W10 client communicates with the Microsoft "host." No ifs, ands, buts, unpredictable, or undocumented behavior. Only with that documentation can due diligence be applied to enterprise security.

I never thought I would seriously consider linux. Not now, but when W7 and perhaps W8.1 sunset...

It is coming to light that Windows 8.1 is doing almost the same thing. I would place hard money on Microsoft adding updates to Windows 7 and 8.1 to emulate the same behaviour.

Windows 7 already phones home to see if you're connected to the internet.

http://blog.superuser.com/2011/05/16/wi ... awareness/

[Temetka]

I really haven't paid attention to privacy issues related to on any previous Microsoft OS. I know that there has always been those random articles online who has claimed that big brother can see everything you do. But I have never paid attention to them, as they are rare, and I have considered that level of concern for privacy as slightly paranoid and tinfoil hattish.

But with Win10 it seems to be a much bigger, more universal and credible group of IT-people who fronts the privacy concerns. So I have come to the conclusions that this time it's worth listening to, and I have put off any further Win10 upgrades. I will run my only Win10 computer, the T420, as a test bed for now, with the main goal of testing how updates can be un-automated and hidden, and to test various suggested fixes and hacks for improving privacy. I will put every step into a document, so I can go back and see what I did. And I will make sure to image it in case I by break the install beyond repair with any of the hacks.

I also have the general impression that by going online, posting on Facebook and using Gmail, I have already given up some of my privacy in trade for a "useful(?)" service. But at which point is it enough? I don't need Cortana and a live websearch in my Start Menu, nor do I need live content in the app tiles. On a phone, created for consuming content, it might be fun and useful. On a computer, mainly used for creating content, it has no value.

I like the idea of the documentation. Perhaps create a blogspot.com account and share your findings?

Regarding facebook et al., Yes, you give up a lot of privacy. Same with google. Especially if you own an Android device.

[dr_st]

Windows 7 already phones home to see if you're connected to the internet.

http://blog.superuser.com/2011/05/16/wi ... awareness/

Well, this particular behavior (which has been around since Vista RTM, or if not that - then Vista SP1) is in itself quite useful and seems perfectly harmless.

[RealBlackStuff]

How about some deliberate typo in the Micro$haft webname http://www.msftncsi.com?
According to the $hafters, ncsi stands for: "Network Connection Status Indicator".
But I bet that in reality you are dealing with ncis, which means: "Naval Criminal Investigative Service".
And we all know what disasters happen there...

As far as I'm concerned, I've now deleted all the W10-junk from all machines that showed the white Windows flag.
Directories like $Windows.~BT and $Windows.~WS stole a lot of valuable real estate for nothing.
They were never invited, but M$ just keeps beleaguering you...

[Dekks]

Windows 7 already phones home to see if you're connected to the internet.

http://blog.superuser.com/2011/05/16/wi ... awareness/

Well, this particular behavior (which has been around since Vista RTM, or if not that - then Vista SP1) is in itself quite useful and seems perfectly harmless.

How?

[dr_st]

I am not sure I understand your question, or which part of my remark it refers to...

[Dekks]

I'm surprised you don't understand have made a very contentious point that it's fine that an OS should tell a server when it's online. In the west hopefully that's not an issue but in some places it's life or death.

[precip9]

Windows has never been designed for stealth. A need for stealth is at one extreme of computer use, opposite complete integration with the cloud. A distinction should be made:

It is the desire and need of many that Microsoft adhere to the OLD privacy agreement in law, in practice, and spirit.

It is the desire and need of many that the pervasive and undocumented communication of Windows 10 with Microsoft be documented and completely restrictable, in a way accessible to the man in the street as well as enterprise security specialists.

Few in the West need an invisible connection to the Internet. Total invisibility isn't practical anyway, because an upstream router needs a downstream IP to deliver the packets.

[dr_st]

I'm surprised you don't understand have made a very contentious point that it's fine that an OS should tell a server when it's online. In the west hopefully that's not an issue but in some places it's life or death.

What I said is that I find this feature (to be able to quickly determine whether or not I have internet connectivity without having to manually check) quite useful.

At the same time, I also find it, having read the explanation in the link, completely harmless. It does not leak any private data, it has no potential of leaking private data, and does not even send out any identification. All that will be recorded on the server is that some entity from some IP made a connection at some time. 99% of the time that IP is not even directly traceable to an end-user without enormous hassle.

I am curious as to where and how in the world this can be "an issue of life and death", and more specifically - why you think that this particular feature is the one that should be blamed for the life or death of said user, and not, say, the far more fundamental fact that the user decided from some reason to turn on the freaking computer which is physically connected to the freaking internet, knowing very well that it can lead to their death.

Sorry, but I find your attitude to this particular point, and only that, a fine example of how to make mountains out of molehills and argue for the sake of argument.

[laowai]

i honestly stopped caring. i'll pay attention to what data is leaking, i make sure my firewalls are good, but that's about it. all sensitive work is done on airgapped machines

[Norway Pad]

I like the idea of the documentation. Perhaps create a blogspot.com account and share your findings?

By the time I'll get around to play with this, it has probably lost it's "latest news" interest, but I will sure look into that. Experiences are always interesting to share.

Especially if you own an Android device.

Indeed I do. Even though I have turned off some of the built in Samsung and Google apps in my S5, I have probably given up a lot of privacy as it is. So that's why the phone is for fun and play, while anything that has to do with banking, money and confidential work stuff is carried out on a computer. But not a Win10 one. Yet..

[laowai]

i dont really care too much about banking. we use banks that require the use of USB dongles and OTP devices for login and transactions.