Slashdot Mirror

← Back to Stories (view on slashdot.org)

Visual Studio 2015 C++ Compiler Secretly Inserts Telemetry Code Into Binaries (infoq.com)

Posted by msmash on from the Microsoft-things dept.

Reader edxwelch writes: Reddit user sammiesdog discovered recently that Visual Studio 2015 C++ compiler was inserting calls to a Microsoft telemetry function into binaries. "I compiled a simple program with only main(). When looking at the compiled binary in IDA, I see a call for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I cannot find documentation for these calls, either on the web or in the options page," he wrote. Only after the discovery did Steve Carroll, the dev manager for Visual C++ admit to the "feature" and posted a workaround to remove it.A Microsoft spokesperson confirmed the existence of this behavior to InfoQ, adding that the company wil be removing it in a future preview build. For those who wish to get rid of it, the blog writes: Users who have a copy of VS2015 Update 2 and wish to turn off the telemetry functionality currently being compiled into their code should add notelemetry.obj to their linker command line.

23 of 421 comments (clear)

  1. MS Spyware by allo · · Score: 5, Insightful

    No escape.

    1. Re:MS Spyware by JustBoo · · Score: 2, Insightful

      Debug performance telemetry? Yep. Clearly spyware.

      Like the other comment said, (but I can't help myself here): One does not put debug information in release builds. Period.

      I'm sorry, you are either an Uneducated Idiot or a Shill. Which is it?

      Let see another way.

      Do you think that "debug performance telemetry" should be in a mission critical embedded application build in release mode? Do you?

      I await your answer.

    2. Re:MS Spyware by Anonymous Coward · · Score: 2, Insightful

      I'm ok with the idea of telemetry

      I would be interested in hearing your reasoning here.
      To locally measure performance of an application I get, but the "tele" part of this is something that I'm not OK with.
      What I develop and who my customers are is something I don't wish to share with Microsoft.
      I have no contract with Microsoft that says that they can't take my customers from me. They can afford developing some applications at a loss. I can't.

    3. Re:MS Spyware by Anonymous Coward · · Score: 4, Insightful

      Quote from wiki
      "Visual Studio "15" Preview 2 was released 10 May 2016."

      In other words, this isn't a final MS product. Think of it as more of a beta. Aka the other poster titling it "unreleased". He meant more than it's not a retail build. It also has telemetry. However it's still inexcusable that MS did this without notification. So MS is at fault here. And I don't believe for a minute they would have removed it before final build. See win 10.

      On the other hand, it's also a STUPID move for developers to program production applications in a preview product.
      Production meaning, you are deploying it, you are giving it to customers, you are selling it, etc.
      No one with a clue should have released any software built in this non final build version.
      Doing anything in a preview/beta product you run huge risks of a screwup biting you on the butt.
      EXACTLY LIKE THIS .

      So if anyone had used this to release production software, they would be at fault for doing it with preview/beta crap from MS.

    4. Re:MS Spyware by cfalcon · · Score: 5, Insightful

      > Debug performance telemetry? Yep. Clearly spyware.

      While Microsoft offers a profiler, this is NOT that. I'm puzzled how someone could could confuse the two. Profilers / debuggers / all manner of code analysis tools are all hooks that allow the developer (not Microsoft) to analyze how something works in development. They are usually stripped out of release builds, but, more importantly, are only ever present at the convenience of the developer.

      The mysterious telemetry calls are not even claimed by MICROSOFT to be debugging or profile hooks. "The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. ". This means that the hooks make data available to a telemetry subsystem, on production code, which Microsoft can usefully access in some fashion- while to make use of this in any way would require a developer to know about it (it is not publicized), contact the "right" part of Microsoft (which no one knows), and ask to use the data Microsoft has been collecting about their shipped code, using an undocumented system to gather unknown data.

      If this was in any way benign:
      1- It would have been documented: you'd know what it gathers
      2- Microsoft would offer this data to the developer in some fashion, including what it is
      3- It would have been opt-in: you'd have to link in the telemetry, instead of linking it OUT.
      4- It wouldn't be present in secret on ALL code Microsoft compiles. This affects run times in some fashion, even if you ignore the massively spooky privacy issues.
      5- The data wouldn't be available for Microsoft's use, but not the developer: what right do they have to gather data on your code as you build it, much less on your code as it runs for your customer?

      This whole thing gets crazier. That Microsoft is putting hooks into as much code as they can may actually be illegal, or it may be buried in some document- all I know is, this is just what has been FOUND so far. Every couple weeks, someone finds more stuff. All of it is found by acting on some highly technical layer Microsoft hasn't been able to obscure yet. How much more is there? We really have no way to know.

    5. Re: MS Spyware by rochrist · · Score: 3, Insightful

      Personally, I figure you're all the same person, Coward.

    6. Re:MS Spyware by Darinbob · · Score: 3, Insightful

      Debugging my program is my job. No information needs to go to Microsoft unless I am talking to them directly and I offer to send it. Maybe they ask me to send them a core file or whatever post-mortem info I have. There is no legitimate reason for telemetry here, "telemetry" means that data is being sent to Microsoft rather than just being an event stored locally. For Microsoft to know how often my program ran and how often it crashed without my telling them, then that is indeed spyware. They're not offering to help debug everyone's code, no way do they have that amount of manpower, so this is in no way a service to help out customers.

  2. Apparently... by ChodaBoyUSA · · Score: 5, Insightful

    Microsoft has shed all pretense of shame and is adamant to infect everything with their spyware/malware behavior. This is very unfortunate. They keep removing any remaining reason to stick with Windows over OSX or Linux. Sad.

    1. Re:Apparently... by geoskd · · Score: 1, Insightful

      What would stop them? Community uproar? HA!

      It is open sourced and would get forked in a New York minute. People have already talked a good line about another Debian fork just to avoid systemd (although I have yet to see more than just empty rhetoric).

      Even systemd has not been forced on anyone. There is absolutely nothing preventing someone from continuing to use upstart with Ubuntu, or building something better on their own. The reality is that the things about systemd that people dont like are not enough to cause them to do actual work to change, so they live with it. Some of the more savvy ones have taken an active role in helping maintain systemd so they can modify the behavior to better suit their particular desires.

      I actually wish someone would hurry up and complete a Debian fork without systemd just so that we could finally get some idea of the actual popularity (plus we could get side by side comparisons of features and performance), all we have right now is FUD and rhetoric.

      --
      I wish I had a good sig, but all the good ones are copyrighted
    2. Re:Apparently... by jacekm · · Score: 2, Insightful

      Right. AutoCAD, Photoshop, Microsoft Office just to name a few do not run on Linux. Those are key programs for many professionals.

  3. Next time it will be hidden better by flyingfsck · · Score: 5, Insightful

    I suppose MS will learn from this and hide it better in the future.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
    1. Re:Next time it will be hidden better by null+etc. · · Score: 4, Insightful

      I suppose MS will learn from this and hide it better in the future.

      Or, they'll just update their operating system to dynamically inject telemetry into every executable that runs.

      Ooops, I hope I didn't just give Microsoft a new idea. Wait, they're probably already thought of it, and more.

  4. Re:FUD - no, TREASON by scsirob · · Score: 5, Insightful

    "It is just a way...." Really? REALLY??!? What the h*ll is Microsoft thinking.

    Their compiler should do one thing and one thing only. Take the source and translate its instructions into machine code, so the computer performs the instructions as described in the source.. Nothing less. Nothing more. They have NO excuse whatsoever to include extra stuff to their benefit. Just that fact that you defend this behaviour is scary.

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
  5. Re:FUD by MightyMartian · · Score: 5, Insightful

    If it's telemetry it's bad. Period.

    Imagine writing highly secure software only to find out the fucking compiler is placing a telemetry backend into the binary. Regardless of the purpose or intent out destination, it's bad.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  6. MS still the shitheel of the tech world by bazmail · · Score: 5, Insightful

    Embedding malware via their compiler? Wow a new low

    No matter how Nadella tries to spin things and give them a new image, MS still sucks worse than ever.

  7. What about Rust? Is it any better? by Anonymous Coward · · Score: 0, Insightful

    I hear a lot of chatter about how the Rust programming language is supposedly "better" and "safer" than C++ is. But has anyone done a full and independent audit of it to make sure Rust's one (and only!) implementation isn't inserting unexpected code, malicious or not, into the binaries it generates?

    At least with C++ there are numerous capable and independent implementations out there we can use if we have any doubts. If, for example, we don't want to use Visual C++'s compiler, we always have the option of trying GCC, or Clang, or Intel C++, or one of the compiler from one of the other vendors. But since there's only one Rust implementation, we'd be up shit creek with no paddle if we ever questioned its reliability!

    So unless you're a weekend hobbyist creating yet another Rust library that you'll toss on GitHub and then neglect to maintain, I don't see how Rust can be used for anything serious until it has at least two capable implementations developed by separate and independent parties.

    1. Re: What about Rust? Is it any better? by Aighearach · · Score: 3, Insightful

      No, you're just lying about what the FOSS position ever was.

      Nobody ever said, "having a lot of users means their eyeballs are looking for unknown bugs."

      The position was always that when you have a known bug, more eyeballs makes the bug shallower. It is easier to solve known problems when the information is available, and lots of people (who are presumably affected by the problem) can look at it. Some of them will have more insight into the causes than others, because of different backgrounds and use cases.

      When you have to lie about what people say just to argue against it, that pretty much refutes not just your claims, but your claim to have even considered the issue. I reject that your analysis was even well-considered. You are just trolling, in addition to be wrong on the merits.

  8. Re:FUD - no, TREASON by Viol8 · · Score: 4, Insightful

    Debugging symbols and hooks should be an OPT IN you idiot. Even if they're harmless they slow down the program and make the binary larger.

  9. Ken Thompson Attack by goombah99 · · Score: 5, Insightful

    Boy this is at the scale of the Ken Thompson attack. Compilers that insert backdoors

    http://c2.com/cgi/wiki?TheKenT...

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Ken Thompson Attack by ljw1004 · · Score: 5, Insightful

      Boy this is at the scale of the Ken Thompson attack. Compilers that insert backdoors

      http://c2.com/cgi/wiki?TheKenT...

      No it's not. Ken Thompson's work was beautiful and subtle - a compiler disguised all evidence of its backdoor even when you write code to search for these backdoors or when you compile the compiler itself.

      If Ken Thompson had gone on stage to say "hay guys I made a compiler which inserts a call at the entrypoint of your program" -- well, that's trivial.

  10. So far so bad by Impy+the+Impiuos+Imp · · Score: 3, Insightful

    I see a call for telemetry_main_invoke_trigger and telemetry_main_return_trigger

    Did he ever find out what feed_all_keystrokes_and_web_sites_to_nsa does?

    There is no return version of this, because history shows a nation never returns from it.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  11. Re:Where's the outrage over Firefox's telemetry? by LichtSpektren · · Score: 2, Insightful

    Because you can turn it off easily and clearly. It's not stealthily inserted into binaries you compiled.

  12. Re:Where's the outrage over Firefox's telemetry? by Aruta · · Score: 5, Insightful

    Difference, and it's a whopping one, is that the Firefox telemetry is fully documented on, shock-horror, the mozila site. You get it clear and simple, and if you don't like it, you don't use it.

    The MS stuff was undocumented, and now they are making up BS excuses as to how it's for the developer's benefit.

    --
    This universe shipped by weight, not by volume. Some expansion of the contents may have occurred during shipment.