Tuesday, September 8, 2015

MICROSOFT - Privacy Invasion Port to Windows 7 and 8

"Microsoft backports privacy-invading Windows 10 features to Windows 7, 8" by Joel Hruska, Extreme Tech 9/31/2015

Excerpt

Every time Microsoft releases a new version of an operating system, there’s always a few users bitterly unhappy at the company’s decision not to support new features on older products.  Microsoft has finally listened to these die-hard devotees of older operating systems.  If you felt like Windows 7 and Windows 8 offered you a little too much privacy, rejoice: Microsoft is updating those operating systems with the same telemetry gathering software it deployed on Windows 10.

What?  You wanted DirectX 12?

Ghacks.net has discovered four KB updates for Windows 7 and 8, each of which is described as an “Update for customer experience and diagnostic telemetry.”  Each is detailed below:

KB 3068708:  This update introduces the Diagnostics and Telemetry tracking service to existing devices.  By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded.  The update also supports applications that are subscribed to Visual Studio Application Insights.

KB 3068708 is listed as collecting diagnostics about functional issues on systems that take part in the Customer Experience Improvement Program.  Determining whether or not you are a member of the CEIP, however, is less than obvious.  The KB also notes that “Most programs make CEIP options available on the Help menu, although for some products, you might have to check settings, options, or preferences menus.”  This is a recommended Windows update.

KB 3022345:  This update has been superseded by KB 3068708, but previously provided the same telemetry-tracking services.  It’s not clear how the two updates differ, but if you want to remove all traces of telemetry tracking, you’ll want to remove this update as well.

KB 3075249:  This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.  What this appears to mean is that MS wants more information about the kinds of applications that trigger UAC in the first place, presumably because it wants to know what they do and why they need that access.  This update is classified as Optional.

KB 3080149:  This update is described in identical language to the first two.  “This package updates the Diagnostics and Telemetry tracking service to existing devices.  This service provides benefits from the latest version of Windows to systems that have not yet upgraded.  The update also supports applications that are subscribed to Visual Studio Application Insights.”  It is provided as an Optional update, even though the first was classified a “Recommended” update.

Hard-coded phoning home

One of the assumptions made by various privacy advocates and journalists, including me, is that third-party utilities would be able to shut down the tracking Microsoft deployed in Windows 10.  To some degree, that’s already happened, but there are certain new “features” of Windows 10 that can’t be blocked by any OS-level tweaks, including the hosts file.  The updates listed above connect to vortex-win.data.microsoft.com and settings-win.data.microsoft.com.  These addresses are hard-coded to bypass the hosts file and cannot be prevented from connecting.  It’s been reported that software firewalls aren’t sufficient to block them, though this is unclear.

IMPORTANT:  You should uninstall updates in reverse order starting with KB3080149 and Restart after each uninstall run.  Uninstall KB3068708 LAST (it is the key update, the others are updates to this one).

The upshot for Windows 7 & 8 users who want MORE privacy, uninstall the listed 'updates' and hide them when they come up again.

There is more in the full article.

No comments: