OT Windows 10

Page 3 of 8  
On 2/20/2016 2:20 PM, snipped-for-privacy@snyder.on.ca wrote:

Enable logging in the firewall. It will log either (or both or neither) successful connections *or* unsuccessful (dropped) connections.
Of course, a rootkit (i.e. MS!) could chose to hide data that it doesn't want you to see! For this machine, I monitor the log of the firewall in my router to see what's going on (outside and inside)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| What utility did he use to determine there were 5000 "callouts" in 8 | hours? | What (not spamware laded) utility can I run to see what is happening | on mine???
I was going to refer you to the article, but when I went to look I saw it had been deleted! Sorry about that. I didn't know I was sending you to a stripped link. When I looked up the user link it claimed that user had never made any submissions. I then went to archive.org for a copy. They had one, but said the machine that serves it is down: https://web.archive.org/web/20160211133634/http://voat.co/v/technology/comments/835741 Weird. I always save such things, because URLs are often altered or moved. But I also found an archive linked from the comments on that page. It explains how the whole thing was done:
https://archive.is/QFL8e
He has some sort of customized router and installed Win10 on VirtualBox, on Linux Mint, so that he could track all activity. The problem with tracking it from Win10 itself is that Windows can no longer be trusted. Some IP addresses are now hard-coded, so that a DNS lookup is not even needed. (That actually started many years ago with Windows Media Player.)
To the extent that it might be possible to catch some of the traffic, you could try TCPView from sysinternals. You might also try a firewall. But that's tricky. The firewall would depend on Windows networking functionality, and most are not detailed enough to tell you what's going out, much less what the data is.
I think there are other utilities to record the actual data going in and out, but I've never tried anything like that.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 20 Feb 2016 17:57:19 -0500, "Mayayana"

activity, I put very little stock in what he said.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| Until I can see exactly what the guy supposedly used to log the | activity, I put very little stock in what he said.
It's at the link. Did you read it? In any case, it's up to you what you want to think about Win10. But if you think it's not spyware you're fooling yourself. Microsoft even says in their terms that some data sent back to them is not optional.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 7:23 PM, snipped-for-privacy@snyder.on.ca wrote:

Put a cheap router between you and your network connection. Mine will log all incoming/outgoing accepted/rejected connections, SYN flood attempts, PoD attempts, etc.
Attempts are logged in the form: <protocol> <sourceIP>.<port> -> <destinationIP>.<port> on <interface> and tagged "Connection accepted" or "Connection refused"
For outbound connections, <sourceIP> is one of the IP's served by the router while <destinationIP> is something foreign. The roles reverse for incoming connections.
Unless you are good at remembering the common ports/protocols, you'll tend to need a log interpreter to explain what each attempt is likely trying to do.
E.g., my ISP runs some network discovery tools that periodically (i.e., once a minute) probe specific ports on my connection (these are blocked by my router so the PC never sees them).
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sun, 21 Feb 2016 08:16:29 -0700, Don Y

And my suspicion is 90+% of these socalled "spyware" attempts are totally inoccuous.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/21/2016 2:31 PM, snipped-for-privacy@snyder.on.ca wrote:

There are 1600 attempted connections to port 3544 which is allegedly used in the "customer experience program" (spyware that you possibly can opt out of -- one has to wonder why MS would choose to enable this, by default?)
There are ~1200 attempted connections to port 443 (HTTPS) and ~400 to port 80 (HTTP).
Another 600 attempts to port 53 (DNS) and another 600 to 137 (NetBIOS). These can be simple network discovery probes. Or, "calls out" prior to initiating further connection attempts to other "named hosts".
The fact that so many were (apparently) hard-coded (port 53 is blocked so where could those IP addr's have come from if not encoded in the binary?) is interesting/suspicious. Of course, there may be some uncertainty as to when the ports were blocked; any name resolution that occurred early in the installation may have been cached before the firewall was erected (MS may *require* a live connection for the install to work?)
[This is why having DETAILED logs of the installation process are important: when did you do *each* action. So, you can later audit YOUR actions to see where discrepancies may have crept in.]
By my count, we're at 4000 connection attempts (all blocked) on a machine that has "not used the Windows 10 installation at all" (the author was asleep during the test). After having "disabled three pages of tracking options"
The IP addresses involved resolve to msn.com and akamaitechnologies.com (akamaitechnologies is one of those mechanisms that allows you to be tracked across HTTP domains)
The use of these well known ports (80/53/443/137) may be innocent. Or, it may be a surreptitious attempt to probe *through* external firewalls (cuz those ports tend to be NEEDED to be open for their NORMAL, intended traffic so one can exploit them to route specific data to external hosts tunneling through them!)

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| The use of these well known ports (80/53/443/137) may be innocent.
That's really not a relevant question. The man testing had chosen all possible privacy options. It's his computer. Microsoft had no business rigging the system to call out.
How did we get to a point where we presume someone breaking into a house had innocent reasons and has done nothing wrong, unless we actually catch them running off with a TV set?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/22/2016 6:31 AM, Mayayana wrote:

A box sending a request on port 53 can be doing so as part of network discovery. Or, are you claiming "call(ing) out" should also include being able to detect the immediate environment? Locate network shares on the local intranet? etc.
You also don't know what the software was *trying* to do at the time. E.g., Windows machines have long tried to "validate" their licenses. If I build a new 7even box and DON'T let it phone home, it will complain that the product has not been "activated". Should MS require the user to expllicitly perform the activation step? ("Please connect me to an active internet connection and let me contact my activation server as part of the terms of the license agreement that you accepted when you installed this software. I will not allow you to use this software until you do so")
First loads of IE always want to run off to some startup page at microsoft. Is this convenience? (so the user sees SOMETHING when he invokes the browser without explicitly specifying a URL in the invocation) Or, a surreptitious attempt by Microsoft to notice yet another instance of it's product coming on-line?

The adage "innocent until proven guilty". No one has shown the content of these connection attempts. How do we know it isn't just a "helpful attempt" to provide information (even advertising services: sign up for your free hotmail/mslive account, today!) to a CUSTOMER?
It's too easy to get caught up in paranoia/conspiracy theories. I like seeing conclusive *data* before forming an opinion.
I build "appliances". You typically can't sit down at a console (nor telnet into my devices). How do I provide information to the user regarding the proper operation of the device when I may only have a tri-color LED with which to convey that information? He can't examine my network status "on command". He can't force me to ping some remote host so he can see if the ICMP packets are being sourced from my network interface and passing through *his* firewall. He can't see if I am "seeing" his incoming connection attempts, etc.
So, I intentionally perform some specific, observable actions on startup to provide myself with information about my environment AND let him observe how I am integrating with that environment. And, use information from those actions to decide whether my LED should glow GREEN, YELLOW, or RED -- or blink some obscure "error code" (that will send him running for a cheat sheet that explains its meaning, likely causes and potential remedies).
When a BofH starts beating his chest about my device's "misbehavior" (it's spying on us; its trying to probe the firewall; it's trying to access our web server; etc.) I ask his boss how they would like me to redesign the device -- and how much they would like to add to its cost (to provide for those features).
The cincher is reminding the boss that this will be yet another device that *his* IT department will then have to maintain (instead of a turnkey appliance).
"Leave it the way it is. Bob, go back to work..."
The author of the article could have designed an experiment where he captured some of the traffic (to a masquerading host as well as to the actual GENUINE hosts -- does the content differ?). Instead, he just captured the low hanging fruit.
And, of course, there's no guarantee that the nature of the traffic won't change when he "wakes up" and actually starts USING the box!
Or, that the box isn't simply "being coy" -- biding its time until it thinks no one is watching it before sending out its data ("Hey, I've got this big disk that I can use to REMEMBER all the stuff I want to send home... why should I do it *now*??")
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Mon, 22 Feb 2016 10:45:35 -0700, Don Y

The software end user agreement calls for either "call home" authentication or manual authentication over the phone. It only needs to be done once - and after that it doesn't attempt to "call home" unless MAJOR modifications are made to the system.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Mon, 22 Feb 2016 08:31:22 -0500, "Mayayana"

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 9:55 AM, Mayayana wrote:

There are places where non-profits (verified 501(c)3's) can get licenses for very *little* money (single digits). But, those places operate at the whim of the folks who *donate* the licenses (e.g., MS). So, you're stuck with their terms...

Stick with Dells and licensing isn't usually a problem. OTOH, you're always at the mercy of drivers. And, the manufacturers AND MS have skin in that game -- wanting to move you along to the latest and greatest at all costs!

Of course! MS is late to the game. Billy Goates thought software was the product; but, in fact, the *users* are!

I'd seen notes that there were more tweeks required.
And, as everything between the user and the network connection is controlled by MS, there's nothing to say they can't simply *ignore* that setting -- now or after you've installed something else!
I.e., I can install updates "offline" and KNOW that my machines will never "phone home" -- there's no way they can do that (no connection to outside networks). As I'm using them as "computers" and not "entertainment devices" or "media access points", I lose nothing by operating in this manner.
However, the students will almost assuredly WANT to be "online".
And, *I* would want them to get any "required" updates automatically without having to deal with seeing *all* of these machines again, every Patch Tuesday, etc.

FOSS options are simply impractical. Who do they call for help when something doesn't work? Can they turn to the student seated at the next desk and ask for assistance? Or, the teacher/assistant in the classroom?
What happens when they want to download a file-sharing application? Or, <whatever>?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| And, *I* would want them to get any "required" updates automatically | without having to deal with seeing *all* of these machines again, | every Patch Tuesday, etc. |
I wonder why you posted your question. You seem to already have formed opinions and gathered as much info as you want.
I would add, though, that I don't enable updates on any machines I handle. I install service packs. Beyond that very few updates are important and some will do damage. Unless you use MS Office, there's not much to update. If you don't use IE, even better. MS doesn't generally offer functionality updates. Just bug and security patches. If you don't use MS software online then you don't need security patches. You'd get those from Mozilla or whatever other company makes the software you use online.
If you're going to enable Windows Update then you're probably leaving your students to be tricked into Win10.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 12:38 PM, Mayayana wrote:

I've not used Windows 10. I was hoping folks had first-hand experiences with it and could indicate why a student *would* want to run it instead of W7, etc. And, at the same time, identify issues that I (with no experience using it) *or* a student (with little interest in the details) wouldn't notice.

Exactly. The last batch of machines I built were XP boxes. As ALL the updates were already released, I could safely install ALL of them and then remove the update mechanism (nothing new to be gained with it).
But, moving to a more current OS -- especially one that WANTS to go poking around in your box -- means you have little practical choice in the matter.

I can remove the executables so the updates never happen. But, that means any hardware that is received as a donation must have driver support for the older OS's.
This is a losing proposition; over time, the machines that are available as donations will NOT have support for older OS's thereby forcing newer OS's to be deployed.
I.e., the machines being manufactured today will be available as donations in 2-3 years. Look at today's offerings and see how far back OS support goes.
By the same token, machines seen as donations today were manufactured 2-3 years ago. The "Windows Option" becomes increasingly difficult to be presented as a *choice* ("use THIS version of Windows, or nothing")
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| Exactly. The last batch of machines I built were | XP boxes. As ALL the updates were already released, | I could safely install ALL of them and then remove | the update mechanism (nothing new to be gained with it). | | But, moving to a more current OS -- especially one that | WANTS to go poking around in your box -- means you have | little practical choice in the matter. |
?? I have two Win7 computers. I don't enable Windows Update on either one of them. I use XP for getting things done. My main Win7 box is the sacrificial lamb for enabling javascript online. I put AV on that one, for good measure, but disable most services, including Windows update. It's simply not needed.
| > If you're going to enable Windows Update then | > you're probably leaving your students to be tricked | > into Win10. | | I can remove the executables so the updates never happen. | But, that means any hardware that is received as a donation | must have driver support for the older OS's. |
What's that got to do with enabling Windows Update? If you get a computer that you want to put Win7 on, you go online and get drivers for the hardware. If there are no drivers then so be it. Enabling Windows Update won't help with that.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 1:26 PM, Mayayana wrote:

And you are relying on Windows to honor your wish NOT to enable updates.
Do you likewise rely on windows 10 NOT to track your activities -- simply because you *told* it not to? Which activities constitute tracking in YOUR mind? Are you sure MS doesn't have a rationale for those *particular* activities "to provide better service", "to assist in troubleshooting problems", "to..."?

You said: "If you're going to enable Windows Update then you're probably leaving your students to be tricked into Win10." I replied: "I can remove the executables so the updates never happen." I.e., so windows can't even *chose* to IGNORE the "disable updates" setting (cuz you are relying on windows to do what you've told it to do). As such, there (should be) no way for updates to be offered -- unless a user visits a MS service (web page, etc.) that tries to explicitly offer that option.
But, the effect of disallowing Windows 10 (via update or any other means) forces: "any hardware that is received as a donation must have driver support for the older OS's." As donations get NEWER (simply a consequence of the passing of time), finding drivers for that NEWER hardware for OLDER OS's becomes problematic -- they probably NEVER write an XP driver for hardware on a machine released in 2016!
[You can verify this by trying to purchase a "current" machine and seeing for which OS's it offers support. Of course, you *may* be able to get older drivers for SOME of the hardware (with some effort and some risk of uncertainty). Or, you may be completely SoL.]
(By extension, which drivers are simply not available for machines designed in 2013 -- which are now being donated for these uses?)

You're conflating two different issues. Please reread my comments (restated here).
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 2:56 PM, Don Y wrote:

Why teach them outdated stuff?
MikeB
--
Email is valid

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 02/20/2016 09:37 AM, Don Y wrote:

Considering the Whack-A-Mole game you need to play to keep 10 off a 7 machine, I see no way a relatively naive user is going to avoid MS re-introducing the spyware.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 1:33 PM, rbowman wrote:

The XP machines were relatively easy, by comparison, to "control". As all the updates -- that would ever exist -- were already released (by MS), it was safe to install them and disable the update service entirely (there's nothing more to update, why even try??)
[Yeah, maybe root certificates, eventually]
Students who were too-smart-by-half and tried to update using a copy of a Win7 CD that a friend happened to have were essentially "on their own". If I received a call about a "broken computer", I simply repeated the instructions that I provided with each machine: "reboot, press this, click on that, wait 4 minutes" and they'd soon "discover" that I'd undone all of their changes and restored the machine to the state it was in when they received it (from me).
It doesn't take long for them to realize that there's no support for the upgrade that they think they want -- at least, not from the freebie computer guy! :>
[At the same time, there was nothing that prevented them from trying this! Or any *other* use/OS/etc. *I* just don't want to be taxed with supporting their adventures!]
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/20/2016 11:37 AM, Don Y wrote:

I had to turn off several privacy settings that were either intrusive or collected data taking an extra minute to shut down.
My only disappointment with Win 10 was their taking off several time wasting games and making you go to their ap store to get them for free. Not super intrusive but you will get a pop up ad at the end of the game and they tell you you can make it ad free by paying $1.49 a month.
I think Apple and Android are in the up sale business and MS has joined them. Future software upgrades will be free but won't be free of them trying to up sell you aps.
Otherwise I'm happy with Win 10 and have not had any serious issues since starting to use it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.