Slashdot Mirror
Patch Tuesday Brought Windows 10 Ad Generator
jones_supa writes: Microsoft has been very aggressive on getting Windows 7 and 8 users to upgrade to Windows 10. The company has introduced a "Get Windows 10" system tray icon, moved the upgrade to "recommended" category in Windows Update, and even initiated the OS download automatically. The latest trick is almost comical: KB3139929 is an actual security update for Internet Explorer, but it also deploys a trojan horse, KB3146449, which is an advertisement generator for Internet Explorer. On computers not joined to a domain, it adds a blue banner when a user opens a new tab, saying "Microsoft recommends upgrading to Windows 10".
I don't use Windoze, but if I did, I would be even less likely to update now.
The fact that they are pushing it so hard tells you everything you need to know. This update benefits Microsoft in a very big way. Scratch that -- in a HUGE way. And if it benefits Microsoft in a huge way, take a wild guess how much it benefits you.
We don't even need to know the first thing about what the update actually does. All we need to know is that Microsoft is extremely determined to make it happen, to the point where they will actually try to trick you into it.
From a security standpoint you are better off on 10. The only reason to stay on 7 or 8 at this point is principle but principle doesn't keep your computer safe. Food for thought.
I never allow windows to automatically download anything. I go to the trouble of reading the updates despite microsoft saying shit like "recommended update" and "Fixes critical vulnerability in windows" without actually saying what the fuck it does. I click through and read the darn KB.
I didn't like M$ at the best of times but I appreciated windows 7, it works. It seems that they were dissatisfied with that and couldn't figure out how toi give people MORE VALUE so they decided to piss us off with shoving the damn thing down our throats.
We are sufficiently angry to tell M$ they can go fuck themselves and their stupid windows 10.
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
It's annoying, certainly, but Trojan Horse? Come on. Dramatic much?
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
Okay, Microsoft has been injecting all sorts of stuff in their interest a the expense of their customers since Windows XP (WGA). We've had more "phone home" since WGA, and progressively more with each release. Windows 10 is the result of prodding a broom handle up our butts progressively deeper and seeing how deep it goes before we say "stop". The "telemetry" (really?!?) data collection, which MS admits you cannot turn off, and now ads in IE? We pay MS for this POS (well I don't touch windows 10 and legal firms and medical practices are aware of why they cannot go to Windows 10 to protect their clients), and MS find more ways to get money from us at the cost of our privacy. When do we say "enough is enough". Unless you are a gamer or have specific hardware (medical mainly), nobody needs MS Windows. Linux (Mint although hacked previously due to carelessness although fixed now), Elementary OS (for mac users), Debian (My favorite, can modify KDE to look like MS Windows/Mac), or even Ubuntu (think they still have a deal with Amazon on desktop searches which is why stopped using it but at least you can turn the amazon forwarding off). Any of these will serve any user. Even gamers may be happy with Linux as there has been an an explosion of games for linux (even 'AAA'...see Pillars of Eternity and Tides of Numunera for example). For those who like privacy I suggest the Tails distro (uses the Tor proxy network by default :D) . We all need to tell MS, enough is enough and we have choices.
"Imagination is more important than knowledge" - Einstein
Really. Care to explain how you're less secure on two operating systems that are still receiving support and patches vs their new adware delivery platform?
Specifics please.
Chas - The one, the only.
THANK GOD!!!
Yeah no. 98% of users just see "update available" and click ok. 1 more % might read KB###### and click OK. the other 1% might actually read what it is. SO yes it's a trojan horse.. The entire update system's vagueness allows for that. Until it's telling the 99% "you're getting ads now, yes or no?" it's a forced, trojan, horse.
I am on the Win10 insider program on my laptop, which I use for surfing, etc. But all my data and real important use is on my desktop, and that's a Win 7 machine. As I approach the time limit for upgrading, I've decided to stay on Windows 7 on my main machine. I don't really see any benefits to Windows 10 that are that important (to me), and I hate the intrusive advertising in Windows 10. I don't really need my OS to serve me ads - lord knows there are enough ads everywhere else without my OS doing it, too. If and when Win 7 becomes unusable or unsupported, I'm seriously thinking desktop Linux, as there is enough software out there now that almost fully replicates what I need and use. Oh, and I'm using the GWX control panel to get rid of the Windows 10 nags in my Win 7 system. I really hate MS for doing this aggressive bit, and I'm throwing them the proverbial finger as much as I can - no Windows 10 on my main machine for me!
Well..if MS can add an ad trojan to IE, they could add plugins to Opera as well to circumvent it like they did with their .NET plugin for Firefox. Wish that just not using IE would stop this sort of nonsense from MS, but they control the OS. And as they have all the backdoors and all the keys, that means if you "own" their OS, in point of fact, they own you. :-(
"Imagination is more important than knowledge" - Einstein
A trojan horse is something that claims to be something that it isn't.
Ever followed through to figure out exactly what most of the updates presented in Windows Update actually do? The description for KB3035583, for example, reads, "Install this update to resolve issues in Windows." Yeah, if the "issue" with windows is that I have 7 installed instead of 10... It's only after clicking the CORRECT link for more information (there are two, the second just takes you to the generic support page) that you discover this update actually installs the Get Windows 10 app.
That level of obfuscation sounds exactly like a trojan horse to me.
There have been theories that Microsoft is gathering a lot of telemetry that they intend on leveraging or selling, but there is a pretty simple, non-nefarious reason why they would want to push people to the latest version: support costs.
This was one of the theories for why Apple stopped charging for OS upgrades, that it's easier and cheaper for developers to deal with support and patching if almost everyone is running the same version. In a weird way, Microsoft has sort of shot themselves in both feet by basing such a large part of their business into vendor lock-in and backwards compatibility. It's left them trying to support their old OS for a very long time, and even if they discontinue support 13 years later, large portions of their customers complain and freak out. The vendor lock-in part of their plan created vast amounts of software that needs to run on Windows XP and IE 6, and trying to make a lot of that stuff work on newer versions of Windows leaves them maintain legacy code.
I suspect a lot of the Windows 10 stuff (e.g. making it free, pushing people to update, making it hard to disable automatic updates on Windows 10) is about getting everyone to get the latest version and then keep up to date with the latest version. That way, MS can start breaking backwards compatibility and stop wasting their time making updates for an release from 10 years ago.
It's Security update that contains non-security updates including an ad for Windows 10. So it's claiming to do one kind of thing but it's also doing another kind of thing that doesn't conform to what was claimed would be done.
I think you answered your own question there.
CLI paste? paste.pr0.tips!
A trojan horse is something that claims to be something that it isn't. Everything is very up front about what it is so long as you actually read what it is.
It's not up front in this case. Read the description page for KB3139929. You need to dig deep to find that there's an advertisement included. In the list of meta-updates, KB3146449 (which adds the advertisement) is simply described as "Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7".
Specific security implications in Windows 10:
- Sends your data to a large host of Microsoft addresses without your permission.
- Ignores your attempts to disable this activity.
- Installs and displays ads to you in a manner similar to PUP adware
- Changes your settings to actively promote their money making ventures.
- Lies and hides changes in the attempt to mislead the user into thinking they are secure.
On one hand Win 10 might might help prevent an infection from a third party actor. On the other hand you guarantee that Microsoft has unfettered access to your computer, its usage, and all of the data it contains.
In that case I will stick to the might get infected and mitigate the risk with antivirus. It is safer.
Privacy is a good to many people, not just a principle. The new technical security features in Win 10 only help when the attacker isn't Microsoft.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It's a security patch for CRITICAL vulnerabilities in IE, that also includes Windows 10 advertising. I repeat, this is a CRITICAL security update. Advertising should not be any part of this.
How do I deploy the CRITICAL exploit patches without also getting Windows 10 advertisements? I don't? That is a trojan horse as far as I'm concerned. Fuck everything about this update.
I never got any update notice, but then I've done some things to block the Win 10 updates.
But keep pushing Microsoft- I've got Linux Mint already installed on my laptop (dual boot) and it won't take but about 15 minutes to install it on my desktop too.
The first time I see anything related to Windows 10 on my PC, you're toast. Any conversion, any forced "upgrade", anything like that...and that'll be the last time I run Windows on my PC.
It'll take ~10 minutes to backup and offload my most recent data and 15 minutes to load Mint, and we'll be done. Get it through your heads- I like Win 7, I do NOT want Windows 10, period.
So yeah, just keep pushing and you'll push me right off your OS.
Just cruising through this digital world at 33 1/3 rpm...
Why can't they put a description in Windows Update instead of making us look up KBxxxx? It takes forever to click on them and see what each one claims to do.
Because if you knew what it was, you might not install it.
Just cruising through this digital world at 33 1/3 rpm...
From a security standpoint you are better off on 10.
[citation needed] Ok I'll accept that because Windows 10 adoption is so small there's not that much malware targeted at it yet. From a "security" standpoint IIRC, pretty much any security problem you have since Windows 7 has been your own damned fault for opening that attachment, running that trojan that came with that game/app you got off a disreputable site, or using shitty Adobe products.
Seven puppies were harmed during the making of this post.
...The only reason to stay on 7 or 8 at this point is principle...
The reasons I stay on Windows 7 are (1) it works for my needs, including security, and (2) I don't want Microsoft data harvesting my family.
.
If there were a documented way to turn off all the data harvesting in Windows 10 (and have it stay turned-off), I'd have moved to Windows 10 weeks ago.
Specific security implications in Windows 10:
- Sends your data to a large host of Microsoft addresses without your permission. - Ignores your attempts to disable this activity.
I know there was a story saying Win10 was pinging MS IP addresses even if telemetry was disabled, but there was no information on what information was transferred. So say "sends *your data*" is hyperbole. And about the telemetry that most of this is about: I'm actually with a competitor of MS, but we too use telemetry as an incredible useful tool to improve the product for our users. I'm not sure what people believe is being transmitted, because they jumble this issue together with the ad business and personal information/tracking issue, but we have no interest in *your* personal data in a telemetry context. We want to know where our users encounter problems, and what they actually use and prefer, in their use of of the product to improve it.
Also, it is a bit strange that this anger over tracking of personal data is directed at Microsoft while the really big elephant in the room on this issue is Google. Microsoft has a miniscule ad and info-peddling business. They actually closed down and sold off much of it late last year. Google has a gargantuan data collection business. And almost no matter how much you think you are blocking, they have advanced server side finger printing that tracks you anyway. So long before boycotting Win10, boycotting all of Google's services would be a minimum if you really care about this.
- Installs and displays ads to you in a manner similar to PUP adware
I've configured and uninstalled apps so my Win10 is not showing any ads that I see. You could argue I shouldn't have to, but it wasn't hard. YMMW.
- Changes your settings to actively promote their money making ventures. - Lies and hides changes in the attempt to mislead the user into thinking they are secure.
Can't say I have experienced this but would be interested in any specific examples..
Specific security implications in Windows 10:
- Sends your data to a large host of Microsoft addresses without your permission.
Really? My logs doesn't show that.
- Ignores your attempts to disable this activity.
Nope. Unless MS works together with misc. sites like /. to send steganographic covert information. You know it's possible to verify right?
- Installs and displays ads to you in a manner similar to PUP adware
Really? How come I don't see any ads then?
- Changes your settings to actively promote their money making ventures.
What?!?
- Lies and hides changes in the attempt to mislead the user into thinking they are secure.
On one hand Win 10 might might help prevent an infection from a third party actor. On the other hand you guarantee that Microsoft has unfettered access to your computer, its usage, and all of the data it contains.
In that case I will stick to the might get infected and mitigate the risk with antivirus. It is safer.
You are just another conspiracy theorist.
Yes, this is the line they should never, ever have crossed.
You don't call something non-security a security update. Ever. You just don't.
I already knew a lot of people who haven't been routinely installing Windows updates for a long time because of all the junk Microsoft have been throwing in as "recommended". But at least until this week you could still trust that you should install security updates.
The scale of screw-up that crossing this line represents in terms of Microsoft's remaining credibility is staggering.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
What if i dont want my computer to send you that information? It doesnt matter what YOU want it for, I DO NOT WANT YOU TO HAVE IT. Why is that so hard to understand? Telemetry is great, we all know its benefits, thats not the argument here. The argument is that the user ultimately should have the right to decide what data you get and that choice should be sacrosanct.
Good-bye
That's how you recognize a Microsoft shill these days. I call it "the kindergarten defense", "Steve did it too!!" Of course it's just as much bullshit when it's on /. as it is in kindergarten, but these morons doesn't seem to understand it, nor that the rest of us are grownups and see it for what it is.
- Ignores your attempts to disable this activity.
From what I've read it doesn't simply ignore your attempts to disable this activity, it actively bypasses around it by connecting to different servers, etc.
You get your news from reddit don't you. The guys who block a single IP address and then a shocked SHOCKED I TELL YOU that their PC would dare attempt to communicate with a different IP because we all know redundancy is the work of Satan.
You are a cunt.
I could write a full knowledge base article explaining why in technical terminology but I can summarise my point in four words that any Slashdot reader can easily grok.
Windows updates are no different. "Fixes remote access bug" is easy for users to understand. "Installs annoying fucking popup" is easy to understand. "Improves windows update" is a fucking lie, dishonest and fraudulent.