Posted on 02/15/2016 10:52:46 AM PST by blam
Feburary 14, 2016
Paul_Behan
Don’t Keep Your Personal Or Financial Data On A Windows 10 Machine!
Well not if you want to keep it private. Like many people I was surprised at the Edward Snowden revelations a few years ago. Nothing has seemed to change and in many cases things have got worse. Some corporations are in partnership with government agencies in regard to collection of data.
(snip)
According to this an article, (1) even after turning off all the tracking options on a computer, the researcher left the computer on overnight and tracked the traffic. He was surprised to find that Windows 10 had attempted to contact 51 Microsoft IP addresses 5,508 times. Some of the website addresses contacted include: (2)
(snip)
If Windows is left unattended for about 15 minutes, a large volume of traffic starts being transmitted to various servers. This may be the raw audio data, rather than just samples.
If you are still running earlier versions of windows you would think you would be safe from this tracking, but updates have been released that install this tracking into the earlier versions. Fortunately these updates can be removed. I found that these updates were installed on my Windows 7 computer on the 25th of November 2015. The updates in question are: (3)
* KB3068708 – This update introduces the Diagnostics and Telemetry tracking service to existing devices.
* KB3022345 (replaced by KB3068708) – This update adds the Diagnostics and Telemetry tracking service to in-market devices.
* KB3075249 – This update adds telemetry points to the User Account Control (UAC) feature in order to collect data on elevations that come from low integrity levels.
* KB3080149 – This package updates the Diagnostics and Telemetry tracking service to existing devices.
(snip)
(Excerpt) Read more at marketoracle.co.uk ...
Dude!
1) Buy an SSD.
2) Download Linux Mint 17.3 and burn to CD or DVD.
3) Install the SSD.
4) Boot into BIOS. Set CDROM drive as the first boot drive and new SSD as secondary. W10 after that.
5) Boot to the Mint CD and install on the new SSD.
6) Download and install Oracle Virtual Box.
7) In OVB build a new VM. For the virtual disk you should be able to select live disk and point it to the Windows 10 disk. Or mount the W10 disk as a live OS pointing at the W10 drive.
8) In W10 disable the NIC to prevent MS interrupting sessions.
The idea is to migrate to Linux Mint but still be able to access W10 and your work via the VM. If W10 still gives you problems should be able to setup a firewall allowing only the W10 programs of your choice to connect to the internet.
People are working on these solutions now. I’ll be doing it next month.
“I’m having a hard time believing that Microsoft is willing to assume the legal liability for having that information.”
Another person who didn’t read the EULA.
Wait till you realize you have also ceded control of your hardware to MS via using their OS.
Another person who doesn't understand the legal liability involved in possibly exposing customer HIPAA or PCI information. You cannot contractually absolve yourself from complying with those regulations.
That is correct. IMO, all programmers should be introduced, during their training, to the fact that all software has the potential for having flaws, that nothing is created that cannot be improved, and that part of their responsibility is to use good tools to make their software as robust as it can be, from their editor to their compiler to their validator, and that the QA department will be trying as hard as they can to break it. Any software company larger than two guys in a garage needs to establish a wall between development and QA, and establish a culture of "cooperating adversaries" who push each other to do the best they can. And all software companies should have a policy that includes mandatory use of software checkers appropriate to their product, which ferret out vulnerabilities and other mistakes.
Unfortunately, doing all that is a dilemma, since I hate business regulations and rules. Ideally, companies that produce crappy unsafe software would be pushed out of the market by loss of business. But that won't do the trick any more than companies that produce crappy unsafe automobiles would be pushed out of the market -- there's always a market for crap. So just like there are rules about car inspections if you want to drive on the public highway, I think there ought to be a rule about publishing a certification of compliance for software products used on the public internet. You'd have to state in unequivocal terms that you "inspected" your software with an approved validator and that it passed.
I know, dream on, dream on...
> By your account, if a Windows user disables updates and their machine gets compromised because it wasn't patched, then Microsoft is responsible for shipping an insecure OS in the first place.
Yeah, pretty much. Look, let's stop pussyfooting. I used to produce software for industrial process controllers. It was embedded -- you surely know what that means. It means IT'S CORRECT BEFORE IT SHIPS, NOT AFTERWARD. Because patches aren't possible. Because mistakes caught only after the code is in the field are immensely expensive to fix. Because it's the right way to do things. Sorry if I sound a bit strident but this is getting silly. OF COURSE I expect Microsoft to ship a high quality, robust OS. WTF else?? I'm not quite willing to believe you're defending their right to ship crap. :-)
> By the same token, if a Linux sysadmin running a free Linux distro doesn't keep his systems patched and they get compromised, who are you going to hold responsible for shipping an insecure OS, and how do you intend to collect damages?
I keep my Linux systems patched, roughly weekly, mostly automated, some manual if they have to be synced with other processes to not cause trouble. I run a mix of mainly free Ubuntu and free CentOS. If my patching slips and my systems get compromised, I'm in a world of hurt with everybody from my boss on up, because my company is responsible to its customers and clients. I patch regularly because as things stand, I cannot count on software being flaw-free.
Sure it would be nice if I could depend on all the Linux developers using validation software. But I don't get my way on that, just like I don't get my way on a lot of things. In the real world, as things stand, I can't hold developers and their companies responsible for shipping flawed software.
Collect damages? Hell, when was the last time -anybody- collected damages for software flaws from anybody else? That's not a problem only for the Linux folks.
There is a way to fix this. They want data, give them data.
Fill your data pipe with dummy google searches when you are not using it. Fill your storage devices with dummy data until you need the storage space.
Give them more data than they can ever sort through. Let them figure out what is real and what is not real
Okay. You're a sysadmin that works in a mixed Linux/Windows shop. You seem to be very familiar with and experienced with management of the Linux machines. The Windows machines not so much, and it would go a long way toward simplifying your life if they'd all just go away.
That sound about right?
Well, if the people who’d have to enforce the liability are the same ones for whom the spying is being done, then it shouldn’t be a problem, right?
If you're talking about the government, they have a lot better ways of getting it if they want it.
I grant you that my own preference is more for the *ix family of servers, but I've worked with Windows Server professionally since NT4 and my opinions of that family's quality and robustness are formed from 20 years of administering it, not personal preferences. Windows Server isn't going to "just go away" and if it did I'd be pretty unhappy since those servers run a bunch of my company's big business-critical applications.
Well, you seem pretty strident in your expectations about the quality of Microsoft's software on one hand, while being ambivalent about the need to keep your Linux servers patched on the other.
BTW, that glibc bug looks like a doozy.
You misunderstand -- my expectations are just as high for any popular OS as for Windows. What you may be reading as "ambivalence" was just an observation that a vulnerability in Windows affects 100 times as many machines as a vulnerability in Linux, and while -all- need to be addressed, some have a much more profound effect than others. There's no excuse whatsoever for not patching systems, all OSes, and for that matter all applications. But not releasing flawed software in the first place should ALWAYS be the goal. Patching is for when somebody f*cked up -- and it's not always an available option. Getting it right before it's released is the primary responsibility.
> BTW, that glibc bug looks like a doozy.
This one?
It's a doozy, alright. Hair on fire all over the place, including ours.
Given that disparity in the potential threat level, it would be normal for the appropriate counter measures for one to appear rather Draconian compared to the other.
BillGates can Bite Me.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.