Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Security Software

Microsoft Stirs Suspicions By Adding Telemetry Files To Security-Only Update (zdnet.com) 154

An anonymous reader quotes a report from ZDNet: As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows. But some hawk-eyed observers noted a surprise in one of those Windows 7 packages. What was surprising about this month's Security-only update, formally titled the "July 9, 2019 -- KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it's a short step from seemingly innocuous data collection to outright spyware. [...] I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update. And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough."
"The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed," the report notes.
This discussion has been archived. No new comments can be posted.

Microsoft Stirs Suspicions By Adding Telemetry Files To Security-Only Update

Comments Filter:
  • by Anonymous Coward

    Problem solved.
    Also, hot grits.

  • by beep54 ( 1844432 ) <b54oramaster AT gmail DOT com> on Thursday July 11, 2019 @08:09PM (#58911060)
    Microsoft is actively trying to move Windows users to Linux.
    • by Major_Disorder ( 5019363 ) on Thursday July 11, 2019 @08:27PM (#58911120)

      Microsoft is actively trying to move Windows users to Linux.

      Worked on me. I find I swear a lot less since I kicked Microsoft to the curb.

      • by DogDude ( 805747 )
        I find I swear a lot less since I kicked Microsoft to the curb.

        That's fucking awesome.
      • by Bob-Bob Hardyoyo ( 4240135 ) on Thursday July 11, 2019 @10:22PM (#58911496)

        I find I swear more with Linux, BUT, whatever problem I have in Linux I can almost always find an answer to with some time and work. With Windows I'm often just shit out of luck.

        • Isn't that the problem with Linux, requires too much time to research and fix basic issues?
          Time most of us don't have.

          For example, I'm using Libre Office on Windows, but the new version kept crashing at startup or any of the packages (Writer / Impress / Calc / etc), and it took me several hours just to figure out that I need to start it in safe mode and disable graphics hardware acceleration!

          When one is wanting to get work done, it's rather annoying to say the least to research stuff like this!

          I've never ha

    • by LVSlushdat ( 854194 ) on Thursday July 11, 2019 @10:05PM (#58911448)

      Yeah... I consider Windows 10 the absolute BEST advertisement for Linux, short of maybe Linux "commercials" on tv/radio...... It sure made ME move MY systems to Linux..... FUCK MICROSOFT!! (damn that felt GOOD!)

      • When Win10 was forced upon me at work, that's probably the first time I also thought about migrating to Linux/BSD, or even OSX.

        Most things are done in the browser now, and even Microsoft has sadly adopted this mentality with Win10 apps, they are basically a browser shell which launch web applications hosted in the cloud. And the worst of them are stupidly bloated, slow, non-uniform web applications built using electron.js such as Teams / Skype / Visual Studio Code / etc, each kicking off countless processes

    • by Anonymous Coward

      I'm in my mid forties and interested in computing but it's not my job. I can code a little but Linux is rather new to me. I've got Ubuntu up and running fine on my computer but when my parents' Windows 7 box reaches end of life I've got problems. (I know, I know. I'm trying to become a pro in andvance. ;)

      They're addicted to Popcap type games. Chuzzle. Zuma. Bookworm. Windows games that never got patched, let alone ported to anything other than Win98. I'm hoping that WINE will be the answer to my prayers but

      • by Anonymous Coward

        > (I know, I know. I'm trying to become a pro in andvance. ;)

        I'm using Linux for about 20 years and Ubuntu is where it's at. Hands-off as it should be. The people who complain about a "noob distro" are just people who learnt all the manual specialized skills and don't like their knowledge becoming obsolete.

        >than Win98. I'm hoping that WINE will be the answer to my prayers but I just saw something about 32bit being abandoned soon by them? Hell, some of these games are 16bit, if I'm reading correctly.

        Ub

      • They're addicted to Popcap type games. Chuzzle. Zuma. Bookworm. Windows games that never got patched, let alone ported to anything other than Win98.

        You can get a pretty good idea of what is likely to work under Linux at ProtonDB [protondb.com].

        I can't imagine if they actually used Windows programs that were essential for their business or something...

        That's a real problem, but it's becoming less of one over time. Big name applications that used to be considered essential in their fields, like MS Office or Adobe Creative Suite, are facing increasing competition. In many cases, that competition is web-based and/or much more widely portable.

        We're still a long way from having good alternatives to everything available on Linux and in some cases you really still need Windows arou

      • They're addicted to Popcap type games. Chuzzle. Zuma. Bookworm. Windows games that never got patched, let alone ported to anything other than Win98.

        Last I checked, PopCap Studios [ea.com] was making Plants vs. Zombies, Bejeweled, and other games for the Linux-based Android operating system.

        Hell, some of these games are 16bit, if I'm reading correctly.

        If it's 16-bit games you're after, the DOSBox, Mesen-S, and BlastEm emulators run even on low-end (Pentium N) Linux laptops.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Microsoft is actively trying to move Windows users to Linux.

      They tried with Windows ME, they tried with Windows Vista, they tried with Windows 8 and they're trying with Windows 10...even with hundreds of distributions Linux desktops are so demonstrably shithouse that Microsoft has taken on the mission to usher in the Year of the Linux Desktop to it's extreme by bringing Linux into the Windows desktop.

      I genuinely love Linux itself and UNIX-based operating systems in general (reason my primary machine is a Macbook) but all the desktop distributions are just a crapshoo

    • by antdude ( 79039 )

      And mac OS. :/

    • by chrish ( 4714 )

      I could probably switch if they'd make a native version of OneNote for Linux.

      Games would still (obviously) be an issue, despite the advances GOG and Steam have made over the years.

  • by ArchieBunker ( 132337 ) on Thursday July 11, 2019 @08:34PM (#58911144)

    Not seeing either of those updates in my list.

    • by Kjella ( 173770 )

      If you're using the ordinary update channels you just get the big cumulative rollups, you have all the telemetry and more. There's one with last month's feature updates and one without, but the latter has all the previous feature updates so you're just one month behind. If you use the corporate update channels there's monthly security-only rollups, no features and not cumulative. You have to apply a new one each month and if you ever have to reinstall you have to install all of them. They're still offering

      • You don't need to be a corporate user to get the security-only update bundles. They're available on the Microsoft Update Catalog, and you can just download one file each month and install it with a single command using the WUSA tool. This process is generally fast and reliable; in fact, I first discovered this way of applying updates during the time when the normal Windows Update tool was badly broken and would take hours just sitting there trying to work out which updates your system might need..

        Until now,

  • More like - outright breaking any remaining trust Microsoft had with its customers. How are customers supposed to have any trust in Microsoft when Microsoft continually tries to, for lack of a better phrase, pull a fast one on its customers? Why cannot the contents of Microsoft's security updates be transparent? What in the world is Microsoft trying to hide?
    • "What in the world is Microsoft trying to hide?"

      Collaboration with the gestapo.

  • Meh (Score:2, Informative)

    by DogDude ( 805747 )
    Meh. There are no other real alternatives for a lot of people (in our business, it's Windows or nothing). So, there's really nothing I can do about it. Wish I could, but that's the way it is. I gotta pay my bills, and I can't do that with OSX or *nix. Once I'm retired, I'll switch over to *nix, though.
  • So could this be the reason that Windows 10 has resumed freezing again? At least on the machine I use most frequently things have gotten much worse, with frequent hard freezes that force hard pull-the-plug shutdowns.

    If my hypothesis is a low-level conflict with high-priority telemetry data, then how can I test it?

  • by H_Fisher ( 808597 ) <h_v_fisher@yah[ ]com ['oo.' in gap]> on Thursday July 11, 2019 @09:40PM (#58911384)
    Here's my question: For a home user who's moderately intelligent (doesn't click spam / unrecognized attachments, keeps virus definitions & Spybot S&D up-to-date, isn't going to random pr0n sites) ... why update at all?

    My Win7 Pro install on my desktop (media files + backup) hasn't been updated in 5+ years and I've never looked back. And the first thing I did when I bought my current laptop (daily driver) was wipe Win10 "Core" in favor of an early OEM image of Win10 Pro ... spent a happy hour deleting or neutering every AppX package I could find (Solitaire? Gone. Xbox? Dead. Cortana? Perma-muted.) ... and I used GPO to kill off every bit of telemetry and hamstring Windows Update, before I took the machine online. Never a problem.

    I don't see a reason to ever update, until or unless something breaks.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Updating is like vaccination: moderately unpleasant regularily, and sometimes with a small risk of problems. But you massively reduce major risks by doing it - for yourself and for everyone else (you don't infect others, including those that can't be vaccinated (updatet))

      So in a way anti-update folks are like anti-vaxxers

      • But you massively reduce major risks by doing it

        Well, that's the question, isn't it?

        There's a lot more to security than just updating your OS, and I've seen far more problems caused by bad Windows updates over the years than I've seen caused by malicious attacks. Ironically, the #1 cause of system hangs/boot failures/blue screens I've seen is probably Microsoft's own anti-virus software for Windows, which seems to have had an amazing number of bad updates over the years and by its nature can totally undermine system stability if that happens.

        At work, we'

    • I'm with you on this. Microsoft has subverted the integrity of the update process to the point that I'd rather just turn it off. It's possible that I'll get pwned in the future because of it, but inevitable that some Microsoft update will be indistinguishable from malware in terms of damage. I'll take my chances with the script kiddies.
    • by AmiMoJo ( 196126 )

      There are some risks to not updating.

      There are known flaws in some Windows services, like file sharing. If other machines on your network get infected, your machine could too. You may be careful, but what about the rest of your family, visiting guests etc?

      You don't get things like certificate revocations, so someone could use a revoked certificate to make web sites or software appear to be from someone you trust.

      At some point you will be screwed by needing to update sometime, often video drivers needed for

      • by tepples ( 727027 )

        You may be careful, but what about the rest of your family, visiting guests etc?

        The reply I got before was "We keep a separate pay-as-you-go hotspot for visiting guests to use."

        You don't get things like certificate revocations

        OCSP indicates revoked TLS certificates.

        video drivers needed for newer games

        Unless you prefer "newer games" from the retro and faux-retro scenes, such as Brad Smith's Lizard and Joshua Hoffman's Nova the Squirrel and Retrotainment's Haunted: Halloween '86. These tend to have more modest system requirements than the latest AAA fare.

    • by Anonymous Coward

      Because home users with moderate intelligence are not qualified IT professionals with enough knowledge of security to lock their systems down, and that's assuming a one-person network where other people can't fuck it up more. You might be able to get away with it if this is yourself in particular we're talking about and you're really telling the truth about every single thing you mentioned (do you keep your virus definitions up to date on a daily basis? do you really not look at porn? what about pirated sof

    • Here's my question: For a home user who's moderately intelligent (doesn't click spam / unrecognized attachments, keeps virus definitions & Spybot S&D up-to-date, isn't going to random pr0n sites) ... why update at all?

      I hope you get modded into oblivion. You're precisely the reason malware spreads so easily these days. Let's start with the obvious: Updates bring new virus definitions. Now let's go on: Updates plug holes in software that directly executes code on your machine, simply not watching porn doesn't work given the amount of malware that has been distributed through legitimate channels. Updates solve problems that are wormable as well.

      *People* have been conclusively proven not to be smart enough to manage their o

      • In fact it would appear given what you've done with your machine that you have completely lost touch with how everyone else uses their computer so it's no surprise that you're confused as to why someone else would install security updates.

        Can't speak for everyone else, but on my computer I edit audio for a podcast, maintain a WordPress site and social media profiles, game, and stream video. I know - such a luddite.

        But in all seriousness, then, what's your solution? If it's "Let Windows automagically push every update MS wants me to have, as soon as possible, on their schedule" - that's a non-starter. I want time to know what updates are actually doing, beyond what MS says they do Most importantly, I want to control how I use my hardware

    • by mea2214 ( 935585 )
      My last Win10 update was Feb 2017. Other than Steam never use the Windows box on Internet and it's firewalled so can't talk to Microsoft. I use a linux VM to do Internet stuff like this post. Windows 10 is quite nice when it isn't constantly breaking things.
  • by SuperKendall ( 25149 ) on Thursday July 11, 2019 @09:50PM (#58911412)

    "Re-verify our version to target... one Bing only".

  • by Anonymous Coward on Thursday July 11, 2019 @09:58PM (#58911432)

    ...to switch to Linux as a primary desktop operating system. I once paid for every new release of Windows, played the latest games, installed the latest drivers, and constantly tweaked my machine for better performance.

    I used to think Linux was more of a novelty but the borking of the Windows 8 desktop caused me to start playing around with Linux more. I actually found I liked Linux Mint MATE better than Windows 8, and found it more useful for browsing and such. Game compatibility was somewhat of an issue so I dual booted for quite a while.

    Windows 10 and Telemetry sealed it though.

    The forced updates, the mandatory telemetry, and the complete lack of transparency caused me to drop Windows almost entirely. I use both Ubuntu and Mint now and Iâ(TM)ve found ways to play many of the same games (with excellent or better performance in some cases). With Linux, I feel like I have much more control over my machine.

    Linux is now my primary OS and Iâ(TM)m not going back.

    • by dargaud ( 518470 )
      Yup, I did the same over 15 years ago. And for the ONE program I still use that is Windows-only, a VirtualBox running XP is perfect. Yup, XP: low footprint and no risk of infection because I don't surf the web or do anything else with it.
  • by jbmartin6 ( 1232050 ) on Friday July 12, 2019 @07:19AM (#58912934)

    The word telemetry appears in at least one file

    Well, we don't need any more facts than that.

  • I like updates. I like automatic updates. I like the idea of the update system having application compatibility information included so they don't break things, or at least warn when something might break.

Whatever is not nailed down is mine. Whatever I can pry up is not nailed down. -- Collis P. Huntingdon, railroad tycoon

Working...