Visual Studio 2015 C++ Compiler Secretly Inserts Telemetry Code Into Binaries

Reader edxwelch writes: Reddit user sammiesdog discovered recently that Visual Studio 2015 C++ compiler was inserting calls to a Microsoft telemetry function into binaries. "I compiled a simple program with only main(). When looking at the compiled binary in IDA, I see a call for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I cannot find documentation for these calls, either on the web or in the options page," he wrote. Only after the discovery did Steve Carroll, the dev manager for Visual C++ admit to the "feature" and posted a workaround to remove it.A Microsoft spokesperson confirmed the existence of this behavior to InfoQ, adding that the company wil be removing it in a future preview build. For those who wish to get rid of it, the blog writes: Users who have a copy of VS2015 Update 2 and wish to turn off the telemetry functionality currently being compiled into their code should add notelemetry.obj to their linker command line.

MS Spyware

[allo]

No escape.

Re:MS Spyware

[cfalcon]

> Debug performance telemetry? Yep. Clearly spyware.

While Microsoft offers a profiler, this is NOT that. I'm puzzled how someone could could confuse the two. Profilers / debuggers / all manner of code analysis tools are all hooks that allow the developer (not Microsoft) to analyze how something works in development. They are usually stripped out of release builds, but, more importantly, are only ever present at the convenience of the developer.

The mysterious telemetry calls are not even claimed by MICROSOFT to be debugging or profile hooks. "The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. ". This means that the hooks make data available to a telemetry subsystem, on production code, which Microsoft can usefully access in some fashion- while to make use of this in any way would require a developer to know about it (it is not publicized), contact the "right" part of Microsoft (which no one knows), and ask to use the data Microsoft has been collecting about their shipped code, using an undocumented system to gather unknown data.

If this was in any way benign:
1- It would have been documented: you'd know what it gathers
2- Microsoft would offer this data to the developer in some fashion, including what it is
3- It would have been opt-in: you'd have to link in the telemetry, instead of linking it OUT.
4- It wouldn't be present in secret on ALL code Microsoft compiles. This affects run times in some fashion, even if you ignore the massively spooky privacy issues.
5- The data wouldn't be available for Microsoft's use, but not the developer: what right do they have to gather data on your code as you build it, much less on your code as it runs for your customer?

This whole thing gets crazier. That Microsoft is putting hooks into as much code as they can may actually be illegal, or it may be buried in some document- all I know is, this is just what has been FOUND so far. Every couple weeks, someone finds more stuff. All of it is found by acting on some highly technical layer Microsoft hasn't been able to obscure yet. How much more is there? We really have no way to know.

Apparently...

[ChodaBoyUSA]

Microsoft has shed all pretense of shame and is adamant to infect everything with their spyware/malware behavior. This is very unfortunate. They keep removing any remaining reason to stick with Windows over OSX or Linux. Sad.

Next time it will be hidden better

[flyingfsck]

I suppose MS will learn from this and hide it better in the future.

Re:FUD - no, TREASON

[scsirob]

"It is just a way...." Really? REALLY??!? What the h*ll is Microsoft thinking.

Their compiler should do one thing and one thing only. Take the source and translate its instructions into machine code, so the computer performs the instructions as described in the source.. Nothing less. Nothing more. They have NO excuse whatsoever to include extra stuff to their benefit. Just that fact that you defend this behaviour is scary.

Re:FUD

[MightyMartian]

If it's telemetry it's bad. Period.

Imagine writing highly secure software only to find out the fucking compiler is placing a telemetry backend into the binary. Regardless of the purpose or intent out destination, it's bad.

MS still the shitheel of the tech world

[bazmail]

Embedding malware via their compiler? Wow a new low

No matter how Nadella tries to spin things and give them a new image, MS still sucks worse than ever.

Ken Thompson Attack

[goombah99]

Boy this is at the scale of the Ken Thompson attack. Compilers that insert backdoors

http://c2.com/cgi/wiki?TheKenT...

Re:Ken Thompson Attack

[ljw1004]

Boy this is at the scale of the Ken Thompson attack. Compilers that insert backdoors

http://c2.com/cgi/wiki?TheKenT...

No it's not. Ken Thompson's work was beautiful and subtle - a compiler disguised all evidence of its backdoor even when you write code to search for these backdoors or when you compile the compiler itself.

If Ken Thompson had gone on stage to say "hay guys I made a compiler which inserts a call at the entrypoint of your program" -- well, that's trivial.

Re:Where's the outrage over Firefox's telemetry?

[Aruta]

Difference, and it's a whopping one, is that the Firefox telemetry is fully documented on, shock-horror, the mozila site. You get it clear and simple, and if you don't like it, you don't use it.

The MS stuff was undocumented, and now they are making up BS excuses as to how it's for the developer's benefit.