Security Analyst Concludes Windows 10 Enterprise 'Tracks Too Much'

A viral Twitter rant about Windows 10 Enterprise supposedly ignoring users' privacy settings has since been clarified. "I made mistakes on my original testing and therefore saw more connections than I should have," writes IT security analyst Mark Burnett, "including some to Google ads." But his qualified results -- quoted below -- are still critical of Microsoft:

• You can cut back even more using the Windows Restricted Traffic Limited Functionality Baseline but break many things.
• Settings can be set wrong if you aren't paying attention. Also, settings are not consistent and can be confusing to beginners.
• You are opted-in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience... But you can't completely opt-out. Windows still tracks too much.
• Home and Professional users are much worse off due to limitations of some settings and lack of an IT staff... I'm not saying ditch Windows. I'm saying let's fix this. If we can't fix it, then we ditch Windows.

Re: Will you finally get to work already?

[DavidPetersonHarvey]

My business runs entirely on Linux. So does NASA. Those cute little Rovers that we have on Mars right now, Linux. Oil companies use special security Hardened versions of Linux to run the oil wells. If all these organizations are running Lenox just fine, the problem must be with you. :-)

PlayOnLinux is the killer app

[xeno]

Yep, linux linux linux... all us geeks can rant about the virtues and advantages, but at the end of the day, the rank and file want to run office and a web browser. MS Office is the lock-in that sells Windows... and while Wine promised to solve that it's way too complex for most people. Enter PlayOnLinux, which makes common Windows software installation just as simple as on Windows. Point, click, install. Holy $#%@ it just works, and ALL that Windows telemetry is gone, because Windows is gone. And I don't miss it.

To keep it short: I set up Linux Mint and ran updates (about 10 min total install time, from bare metal), installed PlayOnLinux (about three clicks into the Software Manager app), then used that to install MS Office (including Visio), registered and all. The Cisco VPN works (of course), the browsers are faster (of course) and work well with corp apps, and MS Office just works. Tons of other stuff Just Works(tm). Corp IT never hears from me, all the tools just work, everything's much faster, and I didn't have to do ANYTHING at the CLI -- in fact, it was easier and much faster than typical interminable Windows setup processes. It's beyond me why people still put up with the stress of Windows, or insist that it's easier (it's not) or more secure (*snort*).

Re: one file disable

Unfortunately it is well documented that Windows 10 ignores the hosts file for "telemetry"

Source?

It is well documented that Windows 10 ignores the host file for a list of "vital" MS services like Update. I have been unable to find any evidence the the telemetry urls get ignored too.

In fact they seem to be perfectly blockable by the hosts file.

Spybot anti-beacon

[nospam007]

Spybot abti-beacon fixes mst of it, even if it can't kill cortana.

https://www.safer-networking.o...

Re: Defective by design?

[AmiMoJo]

This "you are the product" meme is stupid. When you watch TV, you are not the product even though they sell advertising on it. The relationship is clearly more complex than that.

In Google's case, there is relatively little lock-in to their products. Farm animals can't leave, they belong to the farmer. It's trivial to switch to another search engine, to another mapping site, to another email provider. Google doesn't even mind if you install uBlock and Privacy Badger from their official Chrome extension repo. If Google annoys users too much, or doesn't offer them something compelling to stay, their advertising business becomes worthless.

Yes, they are selling advertising targeted ads. But they don't allow individual users to be targeted or for advertisers to access user data directly, only in aggregate via the tools that Google provides. That's not a simple "you are the product" relationship.

Re:BS

[LVSlushdat]

The *REAL* problem is you can use the Antibeacon tool to turn off the spyware aspects of Windows, but every time you get another "update" or new version from MS, they default those spyware aspects back on, so you're playing an endless game of "whack-a-mole" trying to keep MS's nose of your bidness.. I used/supported Windows for 20 years as a sysadmin, and never really trusted MS, but since Windows 10 came out, ANY trust I may have had for MS has evaporated. When I retired in 2010, I moved all of my computers over to Linux and thats where they'll stay..

Re:Defective by design?

[Kjella]

If the ReactOS project got even 10% of the commits and money that Linux receives, it might soon become the Open Source alternative to even Windows 10, allowing everyone to ditch Windows without having to change the software they use.

Said no person with experience reverse engineering ever, at no point has trying to chase your proprietary competitor's blobs ever worked. WINE does an okay job running some Windows software, LibreOffice does an okay job opening some MS Office documents but you'll never repeat every quirk, bug and obscure functionality. You'll never get a fully working replacement for DirectX that isn't DirectX, not without 10x the resources Microsoft used to write it to reverse engineer it. That's not 10% of the Linux resources, probably more like 1000%. The only workable solution long term is to get people over to new, open standards like web apps written for W3C compliant browsers instead of IE6, games using Vulkan instead of DirectX, cross platform tools like qBitTorrent instead of uTorrent and so on.

Look at git, the version control software to develop Windows is now created by Linus Torvalds, what better endorsement can you get than the competition eating your dogfood? Look at all the cloud solutions booming because you can just spin up another Linux instance on demand without licensing worries. You don't win by mimicking the old, you win by delivering something new and better. And even if someone builds proprietary stuff on top of it (OS X, Android, Tivo etc.) you keep gaining ground. Even if the pace is somewhat glacial I never had the feeling open source went backwards, even if you look at stuff like Firefox then Chrome is mostly open source through Chromium. It would be a helluva lot less work to fork that than to start over. Tools like ASP.NET Core is being open sourced, Apple has open sourced Swift, for more and more of low-level infrastructure closed source just isn't kosher anymore.