Slashdot Mirror
Patch Tuesday Brought Windows 10 Ad Generator
jones_supa writes: Microsoft has been very aggressive on getting Windows 7 and 8 users to upgrade to Windows 10. The company has introduced a "Get Windows 10" system tray icon, moved the upgrade to "recommended" category in Windows Update, and even initiated the OS download automatically. The latest trick is almost comical: KB3139929 is an actual security update for Internet Explorer, but it also deploys a trojan horse, KB3146449, which is an advertisement generator for Internet Explorer. On computers not joined to a domain, it adds a blue banner when a user opens a new tab, saying "Microsoft recommends upgrading to Windows 10".
"but it also deploys a trojan horse"
A trojan horse is something that claims to be something that it isn't. Everything is very up front about what it is so long as you actually read what it is. It may be a bit underhanded, but it most certainly isn't a trojan horse.
Remember folks, hyperbole rarely helps your cause.
The fact that they are pushing it so hard tells you everything you need to know. This update benefits Microsoft in a very big way. Scratch that -- in a HUGE way. And if it benefits Microsoft in a huge way, take a wild guess how much it benefits you.
We don't even need to know the first thing about what the update actually does. All we need to know is that Microsoft is extremely determined to make it happen, to the point where they will actually try to trick you into it.
Really. Care to explain how you're less secure on two operating systems that are still receiving support and patches vs their new adware delivery platform?
Specifics please.
Chas - The one, the only.
THANK GOD!!!
I am on the Win10 insider program on my laptop, which I use for surfing, etc. But all my data and real important use is on my desktop, and that's a Win 7 machine. As I approach the time limit for upgrading, I've decided to stay on Windows 7 on my main machine. I don't really see any benefits to Windows 10 that are that important (to me), and I hate the intrusive advertising in Windows 10. I don't really need my OS to serve me ads - lord knows there are enough ads everywhere else without my OS doing it, too. If and when Win 7 becomes unusable or unsupported, I'm seriously thinking desktop Linux, as there is enough software out there now that almost fully replicates what I need and use. Oh, and I'm using the GWX control panel to get rid of the Windows 10 nags in my Win 7 system. I really hate MS for doing this aggressive bit, and I'm throwing them the proverbial finger as much as I can - no Windows 10 on my main machine for me!
Well..if MS can add an ad trojan to IE, they could add plugins to Opera as well to circumvent it like they did with their .NET plugin for Firefox. Wish that just not using IE would stop this sort of nonsense from MS, but they control the OS. And as they have all the backdoors and all the keys, that means if you "own" their OS, in point of fact, they own you. :-(
"Imagination is more important than knowledge" - Einstein
GWX Control Panel is your friend. http://ultimateoutsider.com/do...
(I have no interest in, or connection with this free utility).
I am sure that there are many other solipsists out there.
There have been theories that Microsoft is gathering a lot of telemetry that they intend on leveraging or selling, but there is a pretty simple, non-nefarious reason why they would want to push people to the latest version: support costs.
This was one of the theories for why Apple stopped charging for OS upgrades, that it's easier and cheaper for developers to deal with support and patching if almost everyone is running the same version. In a weird way, Microsoft has sort of shot themselves in both feet by basing such a large part of their business into vendor lock-in and backwards compatibility. It's left them trying to support their old OS for a very long time, and even if they discontinue support 13 years later, large portions of their customers complain and freak out. The vendor lock-in part of their plan created vast amounts of software that needs to run on Windows XP and IE 6, and trying to make a lot of that stuff work on newer versions of Windows leaves them maintain legacy code.
I suspect a lot of the Windows 10 stuff (e.g. making it free, pushing people to update, making it hard to disable automatic updates on Windows 10) is about getting everyone to get the latest version and then keep up to date with the latest version. That way, MS can start breaking backwards compatibility and stop wasting their time making updates for an release from 10 years ago.
Here's what's really sad: /. become, Faux News?
It all started with this Infoworld.com article. There's no definitive proof that "On computers not joined to a domain, it adds a blue banner when a user opens a new tab, saying "Microsoft recommends upgrading to Windows 10"."
I checked my Windows 7, windows 8 and windows 8.1 VMs. All have the update. None exhibit the behavior presented above.
None of the other machines I managed to check (which I don't own) exhibit the behavior.
There is no screenshot I could find online that shows the blue banner.
This seems to have blown out of proportion based on ONE single article which might just as well be a load of bullshit, and Slashdot is making it even worse.
What the fuck has
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Really. Care to explain how you're less secure on two operating systems that are still receiving support and patches vs their new adware delivery platform?
Specifics please.
Specific Win10 security improvements include:
- Improvements to address space layout randomization (ASLR), Data Execution Prevention (DEP), the heap architecture, and memory-management algorithms reduce the likelihood that vulnerabilities can enable successful exploits.
- Protected Processes isolates nontrusted processes from each other and from sensitive operating system components.
- VBS, built on top of Microsoft Hyper-V, protects sensitive Windows processes from the Windows operating system by isolating them from user mode processes and the Windows kernel.
- Configurable code integrity enforces administrative policies to select exactly which applications are allowed to run in user mode. No other applications are permitted to run.
Microsoft has been collecting this information for years and years. At this point, we've no known security incidents involving the data collected via telemetry. It could have been compromised and they not told us but that's a bit unlikely. At any rate, they've been collecting metrics, in one form or another, since the XP days. They're certainly collecting more now but they do have a history of keeping that data to themselves - at least publicly. And no, I'm posting this from Lubuntu, not a Windows computer. I don't have any computers with Windows installed.
"So long and thanks for all the fish."
Specific security implications in Windows 10:
- Sends your data to a large host of Microsoft addresses without your permission.
- Ignores your attempts to disable this activity.
- Installs and displays ads to you in a manner similar to PUP adware
- Changes your settings to actively promote their money making ventures.
- Lies and hides changes in the attempt to mislead the user into thinking they are secure.
On one hand Win 10 might might help prevent an infection from a third party actor. On the other hand you guarantee that Microsoft has unfettered access to your computer, its usage, and all of the data it contains.
In that case I will stick to the might get infected and mitigate the risk with antivirus. It is safer.
Privacy is a good to many people, not just a principle. The new technical security features in Win 10 only help when the attacker isn't Microsoft.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
All of which would have been fine if they did it correctly, instead they:
1. Changed default app file associations
2. Upgraded to buggy or non-working drivers
3. Installed unwanted software that was difficult to remove (Windows OneDrive)
4. Installed monitor software that should ask for permission
And probably other issues I've missed. Don't mess up my system which I'm using to do work and depend on for my livelihood.
...The only reason to stay on 7 or 8 at this point is principle...
The reasons I stay on Windows 7 are (1) it works for my needs, including security, and (2) I don't want Microsoft data harvesting my family.
.
If there were a documented way to turn off all the data harvesting in Windows 10 (and have it stay turned-off), I'd have moved to Windows 10 weeks ago.
- Ignores your attempts to disable this activity.
From what I've read it doesn't simply ignore your attempts to disable this activity, it actively bypasses around it by connecting to different servers, etc.
Seven puppies were harmed during the making of this post.
Really?
https://support.microsoft.com/de-de/kb/3139929#bookmark-nonsecurityfix
Scroll down to "non-security related fixes", last table entry: 3146449 Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
From there look up 3146449: https://support.microsoft.com/de-de/kb/3146449
"This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10. Before you install this update, see the Prerequisites section. For more information about Windows 10, see Windows 10."
(I'm not the AC you replied to, but I have a similar position on this issue.)
And about the telemetry that most of this is about: I'm actually with a competitor of MS, but we too use telemetry as an incredible useful tool to improve the product for our users. I'm not sure what people believe is being transmitted, because they jumble this issue together with the ad business and personal information/tracking issue, but we have no interest in *your* personal data in a telemetry context. We want to know where our users encounter problems, and what they actually use and prefer, in their use of of the product to improve it.
I'm sure you do want to know that, and I've no reason to doubt your good intentions. The thing is, I work with clients in security-sensitive industries. So regardless of what you'd like to know or whether I believe in your good intentions, the fact is that if you have any phone-home behaviour that I can't completely and reliably disable, my business isn't going to use your product.
Also, it is a bit strange that this anger over tracking of personal data is directed at Microsoft while the really big elephant in the room on this issue is Google.
We don't use a lot of Google services, either, for exactly that reason. Just because we're avoiding Windows 10 in significant part because of the privacy concerns, that doesn't mean we aren't also avoiding other software or services for the same reason.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Yes, this is the line they should never, ever have crossed.
You don't call something non-security a security update. Ever. You just don't.
I already knew a lot of people who haven't been routinely installing Windows updates for a long time because of all the junk Microsoft have been throwing in as "recommended". But at least until this week you could still trust that you should install security updates.
The scale of screw-up that crossing this line represents in terms of Microsoft's remaining credibility is staggering.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
What if i dont want my computer to send you that information? It doesnt matter what YOU want it for, I DO NOT WANT YOU TO HAVE IT. Why is that so hard to understand? Telemetry is great, we all know its benefits, thats not the argument here. The argument is that the user ultimately should have the right to decide what data you get and that choice should be sacrosanct.
Good-bye