Slashdot Mirror
Visual Studio 2015 C++ Compiler Secretly Inserts Telemetry Code Into Binaries (infoq.com)
Reader edxwelch writes: Reddit user sammiesdog discovered recently that Visual Studio 2015 C++ compiler was inserting calls to a Microsoft telemetry function into binaries. "I compiled a simple program with only main(). When looking at the compiled binary in IDA, I see a call for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I cannot find documentation for these calls, either on the web or in the options page," he wrote. Only after the discovery did Steve Carroll, the dev manager for Visual C++ admit to the "feature" and posted a workaround to remove it.A Microsoft spokesperson confirmed the existence of this behavior to InfoQ, adding that the company wil be removing it in a future preview build. For those who wish to get rid of it, the blog writes: Users who have a copy of VS2015 Update 2 and wish to turn off the telemetry functionality currently being compiled into their code should add notelemetry.obj to their linker command line.
No escape.
wow wtf Msft. Just when they were getting good about .NET and open source and their stuff was getting good as a product. Seriously stupid and not a good business decision. Sounds like that Carroll guy needs a new 'role' at Msft.
Microsoft has shed all pretense of shame and is adamant to infect everything with their spyware/malware behavior. This is very unfortunate. They keep removing any remaining reason to stick with Windows over OSX or Linux. Sad.
VC++ dev manager explained that this is not the telemetry you think it is. It is just a way to gather perf statistic that have been badly named.
https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/d30dmvu
MS does a lot of shady things, but that isn't one of those.
I suppose MS will learn from this and hide it better in the future.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Who would ever have thought Steve Ballmer would look good in comparison to the sniveling sneaky 'meanderer' Satya Nadella. For the apologists, it's a corporate culture thing.
like malware.
"It is just a way...." Really? REALLY??!? What the h*ll is Microsoft thinking.
Their compiler should do one thing and one thing only. Take the source and translate its instructions into machine code, so the computer performs the instructions as described in the source.. Nothing less. Nothing more. They have NO excuse whatsoever to include extra stuff to their benefit. Just that fact that you defend this behaviour is scary.
To Terminate, or not to Terminate, that's the question - SCSIROB
Ken Thompson must be spinning in his grave!
1984 wasn't intended as an instruction manual.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Embedding malware via their compiler? Wow a new low
No matter how Nadella tries to spin things and give them a new image, MS still sucks worse than ever.
Little known fact: g++ has had the same ability to insert spyware for a long time. It's described about line 39885 of the manpage. All you have to do is invoke is via:
g++ --mrelocate --use-upper-reg-halfs --insert-telemetry-libs --mnetwork-lib --include-nsa-stubs --include-fbi-stubs --omit-eff-stubs --no-powerpc --no-fpu --disable-optimization --use-network-capture-prologs --fuck-snowden --section215-includes --fort-meade-includes --fiveeyes-libs --use-eschelon-libs --omit-greenwald-reporting --prism --enable-gchq-sharing myfile.cpp -o myfile
That does the same thing as Visual Studio. Easy peasy. Dunno why Microsoft always acts like they invented everything.
they should have spoken to Ken Thompson first.
A Microsoft spokesperson confirmed the existence of this behavior to InfoQ, adding that the company wil bel removing it in a future preview build
...because it was finally discovered. If it hadn't been discovered, does anyone honestly think they would be removing it? Of course not.
Even if this telemetry were perfectly innocent (likely not, if Windows 10's spyware is any indicator), the fact of the matter is that Microsoft have now compromised their own compiler using Ken Thompson's compiler attack.
When will this madness end? Is MS now just an arm for the NSA?
I hear a lot of chatter about how the Rust programming language is supposedly "better" and "safer" than C++ is. But has anyone done a full and independent audit of it to make sure Rust's one (and only!) implementation isn't inserting unexpected code, malicious or not, into the binaries it generates?
At least with C++ there are numerous capable and independent implementations out there we can use if we have any doubts. If, for example, we don't want to use Visual C++'s compiler, we always have the option of trying GCC, or Clang, or Intel C++, or one of the compiler from one of the other vendors. But since there's only one Rust implementation, we'd be up shit creek with no paddle if we ever questioned its reliability!
So unless you're a weekend hobbyist creating yet another Rust library that you'll toss on GitHub and then neglect to maintain, I don't see how Rust can be used for anything serious until it has at least two capable implementations developed by separate and independent parties.
That doesn't make it okay. And redmond is on a "do shady things" binge... again. Shouting "FUD" at that deserves a "NO U SHILL" answer.
So no, they should have documented the thing properly and perhaps not given it a stupid name. But then, having to add object code to remove unwanted crap from your binaries -- that they didn't tell you they were putting in there in the first place -- is completely arse-backwards... as usual from this outfit.
When you consider that MS backdoored OS, compromised compiler is, comparatively, much lesser sin.
Its not to their benefit, its the developer's benefit. It tracks time and memory usage, some nice tools in VS 2015.
Example... put a couple breakpoints in code. Stop at one, continue to next, it will tell you how long it took to get to second break from first one. Give a running total on right of memory usage as well.
Don't like it, turn it off. I would bet it gets turned off in release mode anyways (I didn't check though). None of it is secret, they are literally bragging about doing this every chance they get.
Debugging symbols and hooks should be an OPT IN you idiot. Even if they're harmless they slow down the program and make the binary larger.
Looks like the solution is to statically link function stubbs. Which means a smart dynamic linker could very easily undo this. And if they were brazen enough to add this to the compiler in the first place they are brazen enough to "fix" the binary with a smart dynamic linker.
But then there really is no solution as the exec dispatcher and dynamic linker could always implement some form of telemetry.
The real solution is an OS vendor that is not going to pull tricks like this.
You would think that the IDE would be smart enough not to insert extraneous calls for trivial programs.
What compiler MS used for Windows 10.
'We did not add any telemetry in Windows 10. It was the compiler, I tell you.'
Boy this is at the scale of the Ken Thompson attack. Compilers that insert backdoors
http://c2.com/cgi/wiki?TheKenT...
Some drink at the fountain of knowledge. Others just gargle.
Everything Microsoft spies on you. Bill is a huge fucking pussy. XBox,Windows,even virtual machines if you use Microsoft Hyper-V can't be trusted.
https://www.helpnetsecurity.com/2016/06/10/telescope-technique/
Did he ever find out what feed_all_keystrokes_and_web_sites_to_nsa does?
There is no return version of this, because history shows a nation never returns from it.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Why don't we see similar outrage about the telemetry that Firefox includes?
Here are some examples of the data that Firefox sends to Mozilla:
American proofreading.
Failure to protect your privacy is inevitable. This time you can just see it coming
If you compile it with the evil flag, of course the compiler will set the evil bit. (The evil flag is implicit and undocumented.)
http://www.tenforums.com/windows-10-news/51159-how-msfts-tricky-new-windows-10-pop-up-deceives-you-into-upgrading-27.html
Microsoft is the us government's bitch. Do they look split into two corporations? Bill Gates is a fucking pussy.
Yay! This will finally settle that silly debate about which is more secure, open source or proprietary software.
It's so heartwarming to see the long-theorized 'backdoor the compiler' attack finally gaining commercial acceptance and enterprise support!
Steve Carroll, the dev manager for the Visual Studio diagnostics team, responded directly to these concerns on Reddit. The rest of that whole thread is pretty informative as well.
Visual Studio adding telemetry function calls to binary?
So one can imagine a case where a program crashes and sends telemetry to microsoft from inside a secure computing enviornment or otherwise exports secret bussiness data. This could invalidate MS from all government computing.
Some drink at the fountain of knowledge. Others just gargle.
nobody has a real need for that closed source software any more, simply do not use it.
And this shows you why access to the source code is not enough to audit software.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
"Telemetry! Telemetry! Telemetry!" seems to have been the decree screamed from the ivory tower of MS leadership to the devs crafting Win10.
Seems like desperate flailing to maximize profits from the terminally declining Windows hegemony.
One of the big features coming to Debian are reproducible builds. Reproducible builds designed to help detect and defend against compromised binaries, including those of a compiler. Although in this case MS may have deliberately done it with their compiler, techies have been warning against these kinds of attacks for years. If you don't think the NSA is targeting compilers, you're naive. Although it won't get the traction it deserves, this story is huge and really exposes how evil and shifty Microsoft is. Who knows, there could even be an NSA angle at work here. What I'd like to see is a class action lawsuit over this. Surely some company would have standing in a case like this.
Bought a quick URL from GoDaddy, but never used free Office 365 which is associated with it.
Suddenly Little Snitch on my Mac was reporting maybe 5 dozen or more attempts to send data out even though I clicked "Never" & MS would try to send out to a new URL.
I park my car in my garage, which is in my house.
A few years back, I was in a car wreck. Therefore, my house tried to kill me.
telemetry_main_invoke_trigger and telemetry_main_return_trigger.
Oh why, oh why they didn't name those calls threeletteragencysurveillance_main_invoke_trigger and threeletteragencysurveillance_main_return_trigger??!!
There needs to be a law, if one can not be found that already can already cover this, but "faithful" generation of object code from source code is, by definition, what a compiler does. There MUST be *some* product law that covers intentionally inserting functionality without the user's knowledge.
Yeah you fucking idiot! You are a fucking moron. I feel pitty for your children with the level of stupidity displayed as they probably inherited whatever defective genes you gave them, unless, of course, (and is probably likely) your wife was smart enough to find another 'donor' for her brood and is having you raise them. May whatever God you believe have mercy on your soul, there's no coming back from that comment. Nothing. You're just...done.
Yes, it was bad on Microsoft's part. It was stupid to not protect it by default. However, it's been addressed, removed from Update 3, and there's an option to disable it. It appeared folks were moving on, but then again, this is Slashdot.
Honestly, seems like infoq dug this out of the grave simply to get some page hits ("Here's an anti-Microsoft story! Let's post it to Slashdot and roll in the hits so that we can be relevant!"
It inserts that into RELEASE binaries, you IDIOT.
Unfortunately, that's not been true ever since the first version of ANSI C was released, the most common word in the spec being "undefined."
(TBH, this sounds like a storm in a teacup. So some code that, despite the name, turned out to be debugging/profiling crap got into the compiler? So what? Other than minor performance impacts that obviously are so minor nobody noticed, I'm failing to see how anyone was harmed by this.)
You are not alone. This is not normal. None of this is normal.
to the masochists that persist on using their software (myself included, but not for long).
Microsoft is clearly planning to move to a future in which they, with total control of the desktop, have a better ability to spy on,and advertise to, users than companies like Google who only have access to the browser activity of users. They have seen Google become far more powerful (even becoming embedded into the White House and several other national governments) and wealthy while making and selling NOTHING as Microsoft was actually making and selling both hardware and software. They seem to have decided that the future will be a free OS with free desktop and free browser that is ubiquitous and that spies maximally and advertises mercilessly, and makes Google and Facebook etc obsolete second class citizens in a commercial sense (because THOSE companies will have far less access to user info than the company that controls the computer).
This explains why they are forcing everybody to move to Windows 10 with who-knows-what built-in spying AND who-knows-what built-in ability to quietly install more remote controls, spying and updating later. Why else would they have done so many "free" upgrades from relatively recent OS versions when in the past they changed around a hundred dollars for each upgrade? Even the tawdry update from DOS 6.2 to DOS 6.22 cost users nearly a hundred dollars for no real improvement.
To achieve their aims, they need everybody to move to the newest flavor of Windows that has been rebuilt with the modern support mechanisms they are putting in place. Users with older versions of Windows that pre-date the strategy shift and lack the new remote control/monitoring/updating/telemetry/etc capabilities need to be replaced. After everybody is on Win10, any future discovery of spying in/by Windows can be apologised for as a "misunderstanding" and then be quietly and secretly replaced by a new and different back-door in a future automatic update using the new "features" buiklt into Windows 10 and newer.
This newly-discovered junk only shows that they have reached the point of even glomming onto the applications that users and other vendors build with MS tools to run within the new "Big Brother" versions of the MS "life experience". This proves that even programs like Chrome or Firefox, when built with modern Microsoft tools and run on Windows 10 and beyond are not trustworthy and not secure.
Visual C++ does debugging symbols in a separate file - a PDB. This looks to be worse than their normal debugging symbols as it is actually in the program. But it is the exception, not the rule, to the way they normally do it.
Why doesn't one use Linux and GCC?
What the fuck Microsoft? Now you want to insert Telemtry spying into the programs that people build with your software?
This is getting ridiculous.
Most of now have privacy policies where we disclose what data we collect and what we do with it. If that disclosure is defective, you're in legal jeopardy for failure to disclose. Thanks for the poison pill, MS!
And, haven't they considered that the whole Apple/FBI thing might have implications for them and their developers, just maybe? If not legal issues, then PR at the very least? Stunning!
I assume that Microsoft compiles its shipping products with some form of Visual C++.
Does anyone know if these telemetry calls are made inside those products? For example, inside Microsoft's shipped versions of SQL Server?
And if so, does this mean using those products for handling HIPPA or PCI workloads is illegal?
As you have already called out, what the code does is trigger an ETW event which, when itâ(TM)s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs)
Microsoft by default includes and enables Remote Access Trojan in Windows 10 with capability of exfiltration of anything from your system without your explicit knowledge or consent.
https://web.archive.org/web/20...
Microsoft doesn't provide paying customers an option to stop persistent cyber stalking of their systems and activities.
https://web.archive.org/web/20...
Microsoft constructs intentionally misleading interfaces and systems designed to intentionally leak personal information and trick people into submitting to things they don't want.
Now they are collecting "telemetry" from software compiled with visual studio...until...oops we got caught.
There is a new culture in the industry fueled by disrespecting your customers in every way you can possibly get away with and then some. It is part of a concerted top down conspiracy to put PC as an open platform genie back in the bottle. It is about supporting a post ownership vision of the future where customers are the product and vendors are all powerful kings.
Hopefully the cumulative effect will be enough interest into use and development of alternatives to eventually push Microsoft into bankruptcy. This is what they deserve.
The function could have been "windows_10_forced_install"
Yes Francis, the world has gone crazy.
That is an interesting article.
I bet they never planned to remove it until they got caught.
They are acting as the same entity.
I don't understand how you deny this let alone not come to this conclusion yourself. The fact that two entities of comparable size that have been caught doing the same thing should be some clue. Not to mention the many ways that they are deeply in bed with each other.
Is it too much to put together for yourself?
There is no terrorism threat.
Complete surveillance has been brought into existence to control you, you are considered to be the potential "terrorist". Every single one of us is. The purpose is to ensure that the transition from human labor to robotic/computerized labor is "smooth". Meaning no one tries to stop the destruction of the vast majority of the population.
'But wait, what? You mean to say that people who have no use to society won't be supported by society?'
People who do not have work run amok, regardless of any comforts they have.
Consider that the psychology of the average person is a known system. Consider the example of the effectiveness of advertising or politics. It's easy to tell people what they want to hear, and even easier now because most of their thoughts are being directly monitored through surveillance and mined for patterns.
Basically these people could be convinced that everything that is bad for them is good, and it would be a short matter of time until they destroy themselves.
Genocide through manipulation.
But how on earth to describe this to anyone in such a way that they don't reject it immediately? Is there any hope?
To be fair, this only seems to be if you use MS's compiler, and I don't know of a single company that uses it for commercial-released products - code analysis, and dev-testing, at most. I'd further suspect you agree to it with their EULA; because, if not, this could open them up to a huge lawsuit - the kind that's makes lawyers salivate.
Not defending MS here, but in what bizarro world do debug symbols "slow down the program"? They're just symbol entries in the image that never even get loaded during normal use.
Hooks is a different matter, but symbols?
Furthermore logging when executables start and close doesn't seem too useful when investigating performance problems. Carroll say's that the feature was abandoned, so perhaps that's why it seems mostly useless. However this feature is not useless if the purpose is to determine which programs the user runs and for how long. I'm suspicious enough about Windows 10 to suspect that's already happening at other levels.
Yep, looks it does: http://winaero.com/blog/how-to...
One way to find out if these functions were intentionally meant to explicitly spy on userland programs would be to check whether it is enabled for executables contained within Windows 10. If it is in Win10 exes, and telemetry_main_invoke_trigger is truly useless, I wonder whether it will be removed in the future when Windows gets rebuilt with a newer compiler.
What do you get when you cross a mountain-climber with a mosquito? Nothing! You can't cross a scaler with a vector.
Do you happen to know if any of the release notes with the early-preview code disclose the fact that the builds include this telemetry?
Will these telemetry packets be sent with their evil bit set?
Ken Thompson's work was beautiful and subtle - a compiler disguised all evidence of its backdoor even when you write code to search for these backdoors or when you compile the compiler itself.
True. But that works only when there's one compiler available for a particular language. If you bootstrap a compiler with three independent compilers, the backdoor is highly unlikely to persist into all three according to "Diverse Double-Compiling" by David A. Wheeler. Compile the compiler A with multiple compilers B, C, and D, and then compile A with (A compiled with B), (A compiled with C), and (A compiled with D), and you end up with (A compiled with A), (A compiled with A), and (A compiled with A). If they're identical, then B, C, and D have either no backdoor or an identical backdoor. Which is more likely?
Of course, all this requires that source code for A be available to the public or at least to a person trusted by the public to release compiler binaries. This is true of TCC, GCC, and Clang, not so much for Microsoft C++.
Performance tuning is useless in a debug build.
There exist builds other than release and debug, such as profiling builds. These are in fact designed for performance tuning.
You're right that it's strongly preferable for there to be multiple implementations. I really do take any language a little less seriously if it only has one.
But it's not a total dealbreaker, and the one implementation is there for anyone to look at. If it has malware in it, that malware has nowhere to hide. That's why this is totally wrong:
No, that's just it: you're not up shit creek if you question its reliability. If you question its reliability, you can go looking for answers. There are things you can do about your predicament, so the shit creek imagery is inappropriate. It's with proprietary compilers (such as Microsoft's) where if you question its reliability then you're up shit creek. Sure, you can use another compiler that you trust more, but that doesn't give you the answers. It just makes the question become irrelevant.
Having to explain this night-and-day difference reminds me of trying to have an argument about science with a "skeptic" of evolution or global warming. Those people don't seem to understand that science deals with questions and once a theory is confirmed enough times, the contra side shouldn't be called "skeptic" anymore; they're disbelievers. And that's fine. But use the right word instead of trying to deceive everyone about your belief that the scientific method doesn't work.
You aren't questioning the Rust compiler, because if you had questions, you would go get answers. You're simply stating that you don't trust it (and that you don't intend to address the lack of trust, either by catching it doing something naughty or clearing it of any specific charges of wrongdoing). That isn't questioning; that's out-of-hand rejecting.
And that's your right. Just don't lie about your feelings on this, and then you'll be able to get along with other people instead of pissing them off with your bullshit.
Until then, though, you sound like a creationist. Your neat idea (Rust has backdoors / Enki etc created life on Earth) is consistent and elegant, and also has no evidence to back it up. Meanwhile, people who actually want to know truth, go do something about it, by testing their ideas.
So let's say they remove it from the compiler. How much hidden cheap is in the DLLs we link to just to run on Windows?
Considering that the binaries provided by the Python project are generally compiled with Visual Studio, and considering that many if not most new comp sci / programmers now learn python, this is especially troubling.
It is my hope that the Python BDFL and Python Software Foundation will move away from Visual Studio for Python binaries before long ...
Thank god I don't use that bloated piece of spyware crap.
I believe the answer is yes. Likely why feedback and diagnostics can no longer be completely disabled. I know for a fact that similar data is collected for Windows store apps, regardless of whether or not the application itself actually offers telemetry.
VS2015 Update 2 introduced IDE support for Application Insights, an Azure-hosted desktop/web application performance and error analytics service. We use it at my work - it's great and super easy to get up and running and use. I assume these are just enabling methods for generic application-wide logging/telemetry-based functionality, and I'd put my money on them not sending any telemetry data by themselves. The word "telemetry" in the method names was probably a bad choice, considering how many of you it spooked.
Of course you'll remove it. Otherwise people might be outraged....But you are Microsoft. You can do no wrong.
This nuisance can be disabled by linking "notelemetry.obj" though this shouldn't be necessary but just Microsoft things.
During the Vietnam war, an American naval aviator named Jeremiah Denton was shot down and became a POW. While he was interviewed as a POW he blinked his eyes unusually and when the film made it out to the West, it was realized that he was blinking a message in Morse code.
I think we should all go back and review the video of former SecDef Donald Rumsfled giving his "known knowns and unknown unknowns" talk.... it MIGHT have been the last free attempt at communications in the modern internet era with an important embedded message.... [smile]
Steps to follow:
Wait for all public and government organizations to install programs compiled with this.
1.) make malware that collects the local crash reports and data dumps.
2.) focus attention on crashing commonly used user interface libraries instead of the MS malware
3.) wait until a large number of users have installed your global crash vector.
4.) send signal to turn on crashing globally
5.) direct emails or background FTP of collected crash data through TOR or other obfuscation
6.) sift through the data of world governments at your leisure.
Go get em!
Why is now spyware called "telemetry"? THey should be held responsible...
It would appear that there is yet another reason to distance one's self from Microsoft and its products when possible.
It does make a difference if a developer doesn't realize this is being placed in released code and customers end up with compromised systems and the developer must tell the customer why their code that was supposed to be secure had a back door.
APK, is that you?