Microsoft Stirs Suspicions By Adding Telemetry Files To Security-Only Update (zdnet.com) 154
An anonymous reader quotes a report from ZDNet: As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows. But some hawk-eyed observers noted a surprise in one of those Windows 7 packages. What was surprising about this month's Security-only update, formally titled the "July 9, 2019 -- KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.
Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it's a short step from seemingly innocuous data collection to outright spyware. [...] I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update. And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough." "The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed," the report notes.
Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it's a short step from seemingly innocuous data collection to outright spyware. [...] I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update. And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough." "The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed," the report notes.
install linux (Score:1)
Problem solved.
Also, hot grits.
Re: (Score:2)
You forgot one part: Use a clean installation of Windows each time. It's the only way to be sure.
How to be an asshole (Score:1)
Step 1: Post some rabid anti-semite nonsense to slashdot.
Step 3: Profit
You win, and may you wipe the shit off your face because omg you stink.
E
Re: How to be an asshole (Score:2)
Step 2: Collect payment from dirty PR firm(s) employed by Micro$oft, Faceboot, and/or Big Brother Google.
Re: (Score:2)
Developers, Developers, Developers, Developers!
Dunno where you're getting that from. As is clearly obvious from watching the video, what he's saying is "The ballot burst! The ballot burst! The ballot burst!". Go watch the video and see.
Android Spying (Score:2)
If I want to be spied upon, I'll just use Android, at least the software is free, and it provides some useful services.
Also:
- you can find versions that only contain the opensource parts of android - AOSP - and not the proprietary blob of Google that does all the spying (Google Play Services) . e.g.: Lineage OS
- you can find opensource alternatives that implement the same API ("com.google.android.gms") that don't perform spyign or are configurable in the amount of spying they do. e.g.: MicroG [microg.org].
Seems almost as if... (Score:5, Insightful)
Re:Seems almost as if... (Score:4, Funny)
Microsoft is actively trying to move Windows users to Linux.
Worked on me. I find I swear a lot less since I kicked Microsoft to the curb.
Re: (Score:1)
That's fucking awesome.
Re:Seems almost as if... (Score:5, Insightful)
I find I swear more with Linux, BUT, whatever problem I have in Linux I can almost always find an answer to with some time and work. With Windows I'm often just shit out of luck.
Re: (Score:3)
Isn't that the problem with Linux, requires too much time to research and fix basic issues?
Time most of us don't have.
For example, I'm using Libre Office on Windows, but the new version kept crashing at startup or any of the packages (Writer / Impress / Calc / etc), and it took me several hours just to figure out that I need to start it in safe mode and disable graphics hardware acceleration!
When one is wanting to get work done, it's rather annoying to say the least to research stuff like this!
I've never ha
Re:Seems almost as if... (Score:4, Interesting)
Yeah... I consider Windows 10 the absolute BEST advertisement for Linux, short of maybe Linux "commercials" on tv/radio...... It sure made ME move MY systems to Linux..... FUCK MICROSOFT!! (damn that felt GOOD!)
Re: (Score:2)
When Win10 was forced upon me at work, that's probably the first time I also thought about migrating to Linux/BSD, or even OSX.
Most things are done in the browser now, and even Microsoft has sadly adopted this mentality with Win10 apps, they are basically a browser shell which launch web applications hosted in the cloud. And the worst of them are stupidly bloated, slow, non-uniform web applications built using electron.js such as Teams / Skype / Visual Studio Code / etc, each kicking off countless processes
Moving Mom and Dad over is a problem... (Score:1)
I'm in my mid forties and interested in computing but it's not my job. I can code a little but Linux is rather new to me. I've got Ubuntu up and running fine on my computer but when my parents' Windows 7 box reaches end of life I've got problems. (I know, I know. I'm trying to become a pro in andvance. ;)
They're addicted to Popcap type games. Chuzzle. Zuma. Bookworm. Windows games that never got patched, let alone ported to anything other than Win98. I'm hoping that WINE will be the answer to my prayers but
Re: (Score:1)
> (I know, I know. I'm trying to become a pro in andvance. ;)
I'm using Linux for about 20 years and Ubuntu is where it's at. Hands-off as it should be. The people who complain about a "noob distro" are just people who learnt all the manual specialized skills and don't like their knowledge becoming obsolete.
>than Win98. I'm hoping that WINE will be the answer to my prayers but I just saw something about 32bit being abandoned soon by them? Hell, some of these games are 16bit, if I'm reading correctly.
Ub
Re: (Score:2)
They're addicted to Popcap type games. Chuzzle. Zuma. Bookworm. Windows games that never got patched, let alone ported to anything other than Win98.
You can get a pretty good idea of what is likely to work under Linux at ProtonDB [protondb.com].
I can't imagine if they actually used Windows programs that were essential for their business or something...
That's a real problem, but it's becoming less of one over time. Big name applications that used to be considered essential in their fields, like MS Office or Adobe Creative Suite, are facing increasing competition. In many cases, that competition is web-based and/or much more widely portable.
We're still a long way from having good alternatives to everything available on Linux and in some cases you really still need Windows arou
PopCap games on Android (Score:2)
They're addicted to Popcap type games. Chuzzle. Zuma. Bookworm. Windows games that never got patched, let alone ported to anything other than Win98.
Last I checked, PopCap Studios [ea.com] was making Plants vs. Zombies, Bejeweled, and other games for the Linux-based Android operating system.
Hell, some of these games are 16bit, if I'm reading correctly.
If it's 16-bit games you're after, the DOSBox, Mesen-S, and BlastEm emulators run even on low-end (Pentium N) Linux laptops.
Re: (Score:2, Interesting)
Microsoft is actively trying to move Windows users to Linux.
They tried with Windows ME, they tried with Windows Vista, they tried with Windows 8 and they're trying with Windows 10...even with hundreds of distributions Linux desktops are so demonstrably shithouse that Microsoft has taken on the mission to usher in the Year of the Linux Desktop to it's extreme by bringing Linux into the Windows desktop.
I genuinely love Linux itself and UNIX-based operating systems in general (reason my primary machine is a Macbook) but all the desktop distributions are just a crapshoo
Re: (Score:2)
And mac OS. :/
Re: (Score:2)
I could probably switch if they'd make a native version of OneNote for Linux.
Games would still (obviously) be an issue, despite the advances GOG and Steam have made over the years.
Re: (Score:1)
Windows is a full on surveillance operating system. There's always been excessive telemetry in windows, but now spying on people is the entire business model.
Seriously just stop this garbage. You are the sort of drama queen that normalizes that sort of behavior to begin with. Microsoft has no business based on surveilling users - feel free to provide evidence to the contrary though, but you normalize the idea that they do. People see no harm in the idea that they are being constantly spied upon because you tell them that's what's happening when it isn't.
There's enough to complain about here without inventing more nonsense with your hyperbolic ignorance. Groups l
Re: (Score:2, Insightful)
Actually he's right. The proof is:
1. Microsoft stopped explaining what are in updates (Creepy/Evil as fuck)
2. Microsoft "tricks you" in to creating a Microsoft Account (Creepy/Very Evil as Fuck)
3. Microsoft Forces you to have an Advertising ID in the O/S you paid for (Extremely Evil as Fuck)
4. Microsoft Forcibly installed Telemetry against your wishes basically telling you that you are a sheep to be spied on (Creepy/Evil As Fuck/Straight from Tech Hell)
5. Microsoft Added Telemetry to other products (High on
Say no to proprietary software, yes to SW freedom. (Score:2)
Even if a proprietor explains what's in an update users cannot trust the description and don't really know what that update does.
It's easy to make a program do multiple things and updates are no different; updates can run arbitrary programs to do arbitrary things. People expect differently (hence the euphemisms "security update" and the like), but what an update does isn't governed by expectations it's governed by the code in the updat
Re: (Score:3)
Its a lot of work to do that, not something a person can do. Open source solutions like Linux are OK, but its very difficult for a non-expert to know if those contain spyware and backdoors. (some guy on slashdot pointed to a technical document saying application XYZ is safe is NOT enough).
Even if you believe linux is OK, there are a lot of desktop applicaions that are not available or which work substantially worse than their windows equivalents.
Re: (Score:2)
A secure, non-spying, non-hostile OS. (That's the opposite of both Windows and Linux/FreeBSD/Haiku.)
Found the Microsoft FUD peddler!
How would you go about proving, in a way that a non-technical user can understand, that an application for X11/Linux downloaded from its publisher's PPA does not engage in pervasive telemetry?
Re: So here's the thing... (Score:1)
Re: (Score:2)
Linux doesn't require PPAs and no decent Linux distribution uses them.
Even if this is the case, I believe that what I wrote applies just as well to any other means of distributing executables from the publisher to the public.
You know damn well that the source is available too.
This is true of Linux, the system libraries, and X Window System. It is not true of all applications, especially proprietary applications that have no close free replacement. And even for those applications whose source code is available to the public, a non-technical user stands no chance of verifying either A. that the executable matches its source code
Re: So here's the thing... (Score:1)
Re: (Score:1)
>How would you go about proving, in a way that a non-technical user can understand, that an application for X11/Linux downloaded from its publisher's PPA does not engage in pervasive telemetry?
Do you hold Windows and Windows software to the same standards? Or is Linux special?
Re: (Score:2)
Do you hold Windows and Windows software to the same standards?
Many have chosen X11/Linux over Windows precisely because they "hold Windows and Windows software to the same standards."
Don't see them (Score:3)
Not seeing either of those updates in my list.
Re: (Score:2)
If you're using the ordinary update channels you just get the big cumulative rollups, you have all the telemetry and more. There's one with last month's feature updates and one without, but the latter has all the previous feature updates so you're just one month behind. If you use the corporate update channels there's monthly security-only rollups, no features and not cumulative. You have to apply a new one each month and if you ever have to reinstall you have to install all of them. They're still offering
Installing Windows 7 security-only updates (Score:2)
You don't need to be a corporate user to get the security-only update bundles. They're available on the Microsoft Update Catalog, and you can just download one file each month and install it with a single command using the WUSA tool. This process is generally fast and reliable; in fact, I first discovered this way of applying updates during the time when the normal Windows Update tool was badly broken and would take hours just sitting there trying to work out which updates your system might need..
Until now,
Less graphical detail in older games (Score:2)
Got Win98 in a VM on Linux and it's pretty nifty. [...] Oooh the older games that didn't have stores or loot boxes but were ACTUAL games
Early 2000s games designed for Windows 98 also had far less graphical detail than mid to late 2010s games. To cover the cost of making all this detail, would you prefer "ACTUAL games" that cost $120 a copy? If not, there are plenty of indie games on Itch, Humble, and Steam with production values matching the early 2000s or earlier and no pay-extra-to-win mechanics.
Stirs suspicions? (Score:2)
Re: Stirs suspicions? (Score:2)
"What in the world is Microsoft trying to hide?"
Collaboration with the gestapo.
Re: (Score:2)
Re: (Score:2)
Firstly, people do care. The Zoom fix made the front page of every major tech aggregator/discussion site I follow.
Secondly, security and telemetry are two very different things. In particular, a lot of the people who would be deploying these security-only bundles in the first place are doing so specifically to avoid the sorts of telemetry and Windows 10 migration junk that we're discussing here.
Re: (Score:2)
My "paranoia" is backed by numerous reports of actual problems with Windows 10. As they say, it's not paranoia if they really are out to get you.
Meh (Score:2, Informative)
Recent freezes in Windows 10? (Score:2)
So could this be the reason that Windows 10 has resumed freezing again? At least on the machine I use most frequently things have gotten much worse, with frequent hard freezes that force hard pull-the-plug shutdowns.
If my hypothesis is a low-level conflict with high-priority telemetry data, then how can I test it?
Why update at all? (Score:3)
My Win7 Pro install on my desktop (media files + backup) hasn't been updated in 5+ years and I've never looked back. And the first thing I did when I bought my current laptop (daily driver) was wipe Win10 "Core" in favor of an early OEM image of Win10 Pro ... spent a happy hour deleting or neutering every AppX package I could find (Solitaire? Gone. Xbox? Dead. Cortana? Perma-muted.) ... and I used GPO to kill off every bit of telemetry and hamstring Windows Update, before I took the machine online. Never a problem.
I don't see a reason to ever update, until or unless something breaks.
Re: (Score:3, Interesting)
Updating is like vaccination: moderately unpleasant regularily, and sometimes with a small risk of problems. But you massively reduce major risks by doing it - for yourself and for everyone else (you don't infect others, including those that can't be vaccinated (updatet))
So in a way anti-update folks are like anti-vaxxers
Re: (Score:2)
But you massively reduce major risks by doing it
Well, that's the question, isn't it?
There's a lot more to security than just updating your OS, and I've seen far more problems caused by bad Windows updates over the years than I've seen caused by malicious attacks. Ironically, the #1 cause of system hangs/boot failures/blue screens I've seen is probably Microsoft's own anti-virus software for Windows, which seems to have had an amazing number of bad updates over the years and by its nature can totally undermine system stability if that happens.
At work, we'
Re: (Score:2)
Re: (Score:2)
There are some risks to not updating.
There are known flaws in some Windows services, like file sharing. If other machines on your network get infected, your machine could too. You may be careful, but what about the rest of your family, visiting guests etc?
You don't get things like certificate revocations, so someone could use a revoked certificate to make web sites or software appear to be from someone you trust.
At some point you will be screwed by needing to update sometime, often video drivers needed for
Re: (Score:2)
You may be careful, but what about the rest of your family, visiting guests etc?
The reply I got before was "We keep a separate pay-as-you-go hotspot for visiting guests to use."
You don't get things like certificate revocations
OCSP indicates revoked TLS certificates.
video drivers needed for newer games
Unless you prefer "newer games" from the retro and faux-retro scenes, such as Brad Smith's Lizard and Joshua Hoffman's Nova the Squirrel and Retrotainment's Haunted: Halloween '86. These tend to have more modest system requirements than the latest AAA fare.
Re: (Score:1)
Because home users with moderate intelligence are not qualified IT professionals with enough knowledge of security to lock their systems down, and that's assuming a one-person network where other people can't fuck it up more. You might be able to get away with it if this is yourself in particular we're talking about and you're really telling the truth about every single thing you mentioned (do you keep your virus definitions up to date on a daily basis? do you really not look at porn? what about pirated sof
Re: (Score:2)
Here's my question: For a home user who's moderately intelligent (doesn't click spam / unrecognized attachments, keeps virus definitions & Spybot S&D up-to-date, isn't going to random pr0n sites) ... why update at all?
I hope you get modded into oblivion. You're precisely the reason malware spreads so easily these days. Let's start with the obvious: Updates bring new virus definitions. Now let's go on: Updates plug holes in software that directly executes code on your machine, simply not watching porn doesn't work given the amount of malware that has been distributed through legitimate channels. Updates solve problems that are wormable as well.
*People* have been conclusively proven not to be smart enough to manage their o
Re: (Score:2)
In fact it would appear given what you've done with your machine that you have completely lost touch with how everyone else uses their computer so it's no surprise that you're confused as to why someone else would install security updates.
Can't speak for everyone else, but on my computer I edit audio for a podcast, maintain a WordPress site and social media profiles, game, and stream video. I know - such a luddite.
But in all seriousness, then, what's your solution? If it's "Let Windows automagically push every update MS wants me to have, as soon as possible, on their schedule" - that's a non-starter. I want time to know what updates are actually doing, beyond what MS says they do Most importantly, I want to control how I use my hardware
Re: (Score:2)
Overheard at Windows Command (Score:3)
"Re-verify our version to target... one Bing only".
They drove a diehard Windows user... (Score:3, Interesting)
...to switch to Linux as a primary desktop operating system. I once paid for every new release of Windows, played the latest games, installed the latest drivers, and constantly tweaked my machine for better performance.
I used to think Linux was more of a novelty but the borking of the Windows 8 desktop caused me to start playing around with Linux more. I actually found I liked Linux Mint MATE better than Windows 8, and found it more useful for browsing and such. Game compatibility was somewhat of an issue so I dual booted for quite a while.
Windows 10 and Telemetry sealed it though.
The forced updates, the mandatory telemetry, and the complete lack of transparency caused me to drop Windows almost entirely. I use both Ubuntu and Mint now and Iâ(TM)ve found ways to play many of the same games (with excellent or better performance in some cases). With Linux, I feel like I have much more control over my machine.
Linux is now my primary OS and Iâ(TM)m not going back.
Re: (Score:2)
Re: (Score:2)
But when you eventually so have to move on from there, what will you install?
Serious answer? At work, we've been evaluating both Linux and Apple ecosystems, and we're also doing more using web and/or mobile apps.
The one thing that is fairly clear is that unless Microsoft changes its position on the usual concerns like mandatory telemetry and forced updates, the answer will not be Windows 10, except for test systems and the like where you need to run the same thing as your customers. And those systems are likely to be on an isolated part of our network.
The sky is falling (Score:3)
The word telemetry appears in at least one file
Well, we don't need any more facts than that.
I'm not paranoid. (Score:2)
Re: (Score:2)
Nah... its not "Holy wood" or "Hollywood".... Its HollyWEIRD......
Re: (Score:2)
Want to know how often something crashes? That's telemetry! Are people really using a feature, or should you just remove it? That's telemetry! Did an update actually apply or fail? That's telemetry!
Do you not want to participate in providing that information to a company and you cannot force your computer to follow your wishes? That's spyware.