Jump to content
Donations Read more... ×

Search the Community

Showing results for tags 'telemetry'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 32 results

  1. I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS MY MEMBERS ON THIS FORUM! Manual: Tools: Windows 10 Lite v8 Destroy Windows Spying v1.0.1.0 [Works with Win 7/8/8/1/10] Blackbird v6 v0.9.98 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.6.1396 WPD - Windows Privacy Dashboard v1.2.777 WindowsSpyBlocker v4.10.4 Spybot Anti-Beacon v2.1 [Works with Win 7/8/8/1/10] W10Privacy v3.1.0.1 Disable Windows 10 Tracking v3.2.1
  2. ADN

    W10Privacy 2.7.0.1

    W10Privacy can display common Windows 10 security settings that can be activated as well as deactivated within the program. It also allows importing and exporting of your changes. While there are a lot of Windows 10 privacy tools out there, many of them lack the detail this program has. Of course, this means that it might take you a bit longer to go through your choices. For those who don’t want to go into detail you can choose from 3 predefined settings. While the design is very simple, there are also 3 colors so that you can easily spot the these 3 settings: Green - Recommended - this is a conservative mode. Yellow - Conditionally recommended - probably the best bet but look over the choices. Red - Restricted - think of this as geek mode. Better know what you're doing. Must run as administrator. Also, other similar apps don’t always have a back or set a restore point making them a bit scary. This program however does offer a save, save as and load options so you can backup and import or export your settings anytime. W10Privacy has a built in update checker and a handful of user settings as well. Homepage Changelog Download
  3. Canonical's Will Cooke revealed in an email to the Ubuntu development list that the company plans to collect more diagnostic data from desktop. Many programs and operating systems collect diagnostic data. While the degree varies from program to program, it is fair to say that diagnostic data may provide developers with insights into issues and feature popularity. Canonical wants to collect data such as the Ubuntu version, hardware information and selected location during installation to "focus our engineering efforts on the things that matter most to our users". Cooke revealed what the data that Canonical plans to collect would include: Ubuntu Flavour Ubuntu Version Network connectivity or not CPU family RAM Disk(s) size Screen(s) resolution GPU vendor and model OEM Manufacturer Location (based on the location selection made by the user at install). No IP information would be gathered Installation duration (time taken) Auto login enabled or not Disk layout selected Third party software selected or not Download updates during install or not LivePatch enabled or not The company won't collect or store user IP addresses but wants to use Popcon and Apport. Popcon collects data on package use and Apport will be configured to send anonymous crash reports. All data is sent over HTTPS and aggregate information is made available publicly so that anyone may look them up. This would reveal the number of Ubuntu users on AMD or Intel hardware, or how many users select Germany or China as the location. Cooke notes that the data collecting will be opt-out, but that users can uncheck a box during installation or in the Gnome privacy settings to turn the collecting off. Any user can simply opt out by unchecking the box, which triggers one simple POST stating, “diagnostics=false”. There will be a corresponding checkbox in the Privacy panel of GNOME Settings to toggle the state of this. Closing Words Canonical, at least at this stage, does not want to collect as much data as Microsoft does on Windows 10. That's a good thing, and it is even better that the company plans to display an opt-out choice to users during installation and in the privacy settings. While some privacy advocates might have liked an opt-in choice better, giving users an option at all is something that is not self-evident anymore in this day and age. Ghacks.net
  4. Beginning with the April 2018 feature update, Microsoft will release a tool that allows Windows 10 users to inspect diagnostic data collected and sent to Microsoft's telemetry servers. Windows Insider Program members can test the app starting today. Earlier this week I noted a pair of mysterious (and inactive) links in the Privacy settings of recent preview releases of Windows 10, apparently offering the ability to view and delete telemetry data. Today, Microsoft officially confirmed that the next public release of Windows 10 will include a Windows Diagnostic Data Viewer utility. The app will allow anyone with an administrator account to inspect the telemetry data being collected from a device and sent to Microsoft through the Connected User Experience and Telemetry component, also known as the Universal Telemetry Client. Microsoft's enterprise customers have had this capability for some time, using a bare-bones tool available to IT professionals. The new viewer is considerably more polished and intended for use by nontechnical Windows 10 users. Members of the Windows Insider Program will have access to the Windows Diagnostic Data Viewer app in a new build scheduled to be delivered later today. Although the app will be delivered through the Microsoft Store, users won't be required to sign in with a Microsoft account to download and install it. In a blog post published today, Marisa Rogers, Privacy Officer in Microsoft's Windows and Devices Group, positioned the new tool as a way to be "fully transparent" about what data is collected from a device. I haven't been able to use the tool yet, but a pair of screenshots Microsoft released confirm that most of this data is intended to give Microsoft details about the type of hardware and apps in use by the 600 million-plus Windows 10 devices. Article
  5. A tool created to use some of the known methods of disabling tracking in Windows 10. How to Use You can either: A. Run the binary uploaded to the Release tab as an Administrator and select which options you'd like B. Install Python and the dependencies listed below and run the script from an elevated command prompt and select which options you'd like Silent Either can be run with the -silent argument as of v3.1. This will perform all available options of the version you're using. You still need to run it as administrator. Homepage Download Changelog :
  6. WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems . The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute or need help, take a look at the Wiki To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on : Windows 10 Pro 64bits with automatic updates enabled. Windows 8.1 Pro 64bits with automatic updates enabled. Windows 7 SP1 Pro 64bits with automatic updates enabled. Homepage Download Changelog :
  7. The next feature update for Windows 10, Windows 10 version 1803, will feature new privacy settings and improvements that give users and administrators more control over data on the device. Windows 10 users and admins may change privacy-related settings in several ways on machines running Windows 10. They may change some privacy options under Settings > Privacy, make modifications using policies, or change Registry keys related to privacy. The privacy options in Settings controlled application access to data up until now almost exclusively. You could turn a feature, say access to the microphone or notifications, off completely, or allow access on an individual basis only. Microsoft started to improve the privacy settings in the Fall Creators Update. If you open the Location controls in that version of Windows 10, you will notice that disabling location will make it unavailable to apps, Windows, and services. The most recent Windows 10 Insider Build, version 17074, features three new entries under privacy in the Settings application. Windows 10 version 1803: privacy improvements You find the new entries Videos, Documents and Pictures there. All three allow you to block application access to the system folders but you may also notice that you may deny Windows access to these folders as well. The description reads: Allow access to the documents/videos/pictures library on this device. If you allow access, people using this device will be able to choose if their apps have documents/videos/pictures library access by using the settings on this page. Denying access blocks Windows and apps from accessing the documents/videos/pictures library. A click on the change button turns access on or off on the device. You may also turn off application access only by flipping the preferences switch under "allow apps" on the page. This prevents applications from accessing the library but not Windows. Last but not least, you may allow specific applications access but deny access to all other apps. What happens if you disable access for Windows? It is unclear at this point in time. I ran a quick test after disabling access to the pictures library but did not notice any issues. Using File Explorer, I could still browse the folder and apps. I fired up Paint 3D and could load images using drag and drop, and could also save files to the folder. Windows Defender scanned the folder as well. It is possible that the functionality is not fully implemented yet, or that the access restriction only applies to automated processes. Ghacks.net
  8. At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how. To frame a discussion about telemetry, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at privacy.microsoft.com. These principles guided the implementation of the Windows telemetry system in the following ways: •Control. We offer customers control of the telemetry they share with us by providing easy-to-use management tools. •Transparency. We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions. •Security. We encrypt telemetry in transit from your device and protect that data at our secure data centers. •Strong legal protections. We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. •No content-based targeting. We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting. •Benefits to you. We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all of our customers. This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting [email protected] Overview In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. For Windows 10, we invite IT pros to join the Windows Insider Program to give us feedback on what we can do to make Windows work better for your organization. Understanding Windows telemetry Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us. The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts. What is Windows telemetry? Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: •Keep Windows up to date •Keep Windows secure, reliable, and performant •Improve Windows – through the aggregate analysis of the use of Windows •Personalize Windows engagement surfaces Here are some specific examples of Windows telemetry data: •Type of hardware being used •Applications installed and usage details •Reliability information on device drivers What is NOT telemetry? Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request. There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see Manage connections from Windows operating system components to Microsoft services. The following are specific examples of functional data: •Current location for weather •Bing searches •Wallpaper and desktop settings synced across multiple devices Much More Information Here - Too Long To Post All
  9. A firmware update to the Netgear R7000 router adds a new feature that will concern privacy advocates. The update allows Netgear to start "collecting analytics data" and the release notes warn that: "NOTE: It is strongly recommended that after the firmware is updated to this version, you log back in to the router's web GUI and configure the settings for this feature." Netgear says that the data collection is to help it "isolate and debug technical issues" and does not -- according to the company -- include details such as the websites that are visited, but it will still be a cause of concern for many people. It's hard not to draw parallels with Windows 10 which has managed to upset many users with its telemetry settings. The data that's being collected by Netgear is what many people would consider to be personal information, but the company makes no apologies for the firmware update. It is possible to disable the telemetry, but it remains to be seen how many people are aware of how this can be done -- or, indeed, how many know that the new settings exist. An article on the Netgear support website gives an idea of the sort of information that might be collected in this way: Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers. Such data may include information regarding the router's running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network. Source: Privacy warning: Netgear routers copy Windows 10 and start 'collecting analytics data' (BetaNews)
  10. Microsoft is refining its telemetry to better determine when your Windows PC can be automatically upgraded Credit: Pixabay Microsoft is slowly rolling out Windows 10 Creators Update, but has switched into high gear with changes to the telemetry system that helps it detect when a PC is ready to be upgraded. The branding of those recent patches, however, is confusing to many Windows customers. On April 24, Microsoft issued a new version—the 10th revision in the past year—of the KB 3150513 snooping patch for computers running Windows 7, 8, 8.1, and Windows 10 builds 1511 and 1607. Billed as the “latest compatibility definition update for Windows,” KB 3150513’s description says: This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results. On May 1, Microsoft re-issued the snooper patch, but only for Win10 Anniversary Update version 1607 systems and with new names: 2017-05 Update for Windows 10 Version 1607 for x86-based Systems (KB 3150513) 2017-05 Update for Windows 10 Version 1607 for x64-based Systems (KB 3150513) Several people on the AskWoody Lounge have remarked that the new names ensure that the patches will bubble up to the top of any sorted list of installed updates. (Also note that 32-bit Windows patches are rarely identifed as “x86,” which makes these names rather odd.) Blogger Günter Born took apart the May 1 version of KB 3150513 and discovered that it included scanning files dated April 27. Now it seems the patch has been updated again—the second reissue this month—only for version 1607. Blogger EyesOnWindows, on the Lounge, rifled through his Windows Update log and confirmed that the latest version of the telemetry patch was installed on May 5. According to the release data in the KB article, the scanning files were last updated on May 3. Bottom line: If you’re running Windows 10 Anniversary Update and haven’t blocked updating, you’ll likely see one entry in your Update history for “Update for Windows 10 Version 1607 for x64-based Systems (KB3150513),” and two entries for “2017-05 Update for Windows 10 Version 1607 for x64-based Systems (KB3150513).” Although the names may confuse, Microsoft is refining its telemetry to better determine when your PC running version 1607 Anniversary Update should be automatically upgraded to version 1703 of the Creators Update. Of course, if you block the automatic upgrade to 1703, you’ll be able to control for yourself when your computer upgrades. Discussion continues on the AskWoody Lounge. Source: Microsoft has reissued KB 3150513 snooping patch twice this month (InfoWorld - Woody Leonhard)
  11. One of the complaints about Windows 10 ever since the operating system's introduction was that it was not really clear what date Microsoft's Telemetry and data collection services collected, and transferred to the company. Linked to that was the missing option to turn the collecting off for good -- this is reserved to LTSB Enterprise versions. The only built-in option that users had until now was to set the collecting to basic. Several privacy tools for Windows 10 come with options to block Microsoft Telemetry servers so that communication won't take place anymore. Microsoft announced in early 2017 that it would change privacy options in the Windows 10 Creators Update version. One of those changes was a reduction of Telemetry levels from three, to just Basic and Full. You can switch between the two diagnostic levels by opening the Settings application (Windows-I), navigating to Privacy > Feedback & Diagnostics, and selecting the other option -- Full or Basic -- on the page. Windows 10 Full and Basic Telemetry The Feedback & Diagnostics page of the Settings application reveals little information on what is being collected. Microsoft did publish two articles recently that offer information in great detail on what it collects in basic and full Telemetry modes. The listings are a hard read, and the basic listing is especially difficult to go through as it is highly technical in nature. The full listing is a bit better, as it is less technical. Basic Telemetry on Windows 10 If you go through the basic telemetry listing on the Technet site -- linked above -- you will find listed the following information among many, many other entries: Operating system name and version, locale. Date and time. Locally defined, unique ID for device, and device class (e.g. Server or Desktop). Various unique user, machine and application identifiers. Various information about the system, both in hash form and strings, e.g. OEM manufacturer information, device name, TMP version, active microphones, firmware, networking information, license state, license key, processor, speech settings, storage, display, and more. (see Census listings there). Full Telemetry on Windows 10 The full Telemetry listing includes information on the basic level, as it is included, and information on data that is only collected if full is enabled. The format is better, as it is less technical in nature. Header information: OS name, version, build and locale, User ID, Xbox UserID, Environment (e.g. application ID), diagnostic event name, HTTP header information, device ID (unique), device class, event collection time, diagnostic level. Device, Connectivity, and configuration data: Device properties: OS, installation type, processor, memory, storage, firmware and battery information, OEM details, hardware chassis type, color and form factor, virtual machine. Device capabilities: information about camera, touch and process capabilities, TPM, virtualization hardware, voice, number of displays, DPI and resolution, wireless capabilities, OEM information, advanced camera capture mode. Device preferences: User settings, user-provided decice name, domain or cloud joined, domain name hash, MDM settings, Bitlocker, Secure Boot and encryption settings, Windows Update, default app and browser choices, default language settings, app store update settings, Enterprise and commercial ID. Device peripherals: information on connected peripherals including names, models, manufacturers, drivers. Device network info: Networking information including available SSIDs and BSSIDs, connectivity status, proxy, DHCP and other details, IP address type, hashed IP address, data transfer rates, IMEI or MCCO, and more. Product and Service usage: App usage: Usage statistics, content searches within app, reading activity, user navigation and interaction with app and Windows features, time of and count of app and compoinent launches, duration, user interaction methods and duration. App or product state: Start menu and taskbar pins, app launch state, personalization impressions delivered, user interaction with UI controls or hotspots, User feedback, caret location or position within documents and media files. Login properties: Login success, failure, sessions and state. Product and Service data: Device health and crash data: information about device and software health including crash and hang dumps, system settings, error codes and messages, user generated files, details about abnormal shutdowns, hangs or crashes, crash failure data. Device performance and reliability data: performance information, including user interface interaction duration, on/off performance, user input responsiveness, disk footprint, power and battery live, service responsiveness. Software Setup and Inventory data: Installed applications and install history: Names, IDs, package family names, publisher, type of software, install date, method, install directory, installation type, more. Device update information: Update readiness analysis, number of applicable updates, downlad size and source, Windows Update machine ID, Update Server and service URL, and more. Content Consumption data: Movies: Technical video information, e.g. height or width, encoding, stream instructions, if there is an error, URL for a specific two second chunk of content. Music & TV: Service URL for song being downloaded, content type, local media library collection statistics, region mismatch. Reading: App accessing content and status, and options used to open a Windows Store Book, language of book, time spent reading, content type and size. Photos App: File source data, image & video resolution. Browsing, Search and Query data: Microsoft browser data: Text typed in address bar and search box, selected for Ask Cortana Search, browser ID, URLs, page title, auto-completed text, service response time. On-device file query: kind of query, number of items requested and retrieved, file extension of search result user interacted with, launched item kind, name of process, hash of search scope, state of indices. Inking Typing and Speech Utterance data: Voice, inking and typing: Type of pen used, pen gestures, palm touch coordinates, input latency, ink strokes written, text of speech recognition results, APP ID, language information. Licensing and Purchase data: Purchase history: Product and Edition ID, product URI, offer details, date and time, purchase quantity and price, payment type. DRM and license rights details, license type, usage session. Article source Other source: This Is the Data Microsoft Collects from Your Windows 10 PC
  12. Windows telemetry is getting a lot more transparent. Mike Mozart Microsoft has published the full range of data that Windows 10 version 1703, the Creators Update, will collect in its default "basic" telemetry setting. The company has also provided details on the kinds of information that can be captured in the optional "full" telemetry setting. Since it was first released there has been widespread concern about Windows 10's data collection, as the operating system collects various kinds of data and sends it back to Microsoft. The company says it uses this information to determine how well systems are running and get a heads up on problems that users are facing. Telemetry isn't new to Windows, but prior to Windows 10 it was always opt-in, through schemes such as the Customer Experience Improvement Program and Windows Error Reporting. If you didn't want to send anything, you could turn it all off. In Windows 10, however, that changed: while the Windows 10 Enterprise version, available to software assurance subscribers, enabled customers to disable telemetry, the regular consumer editions (Windows 10 Home and Windows 10 Pro) did not. At release, there were three options (Basic, Enhanced, Full); as of the Creators Update there are only two (Basic and Full). Basic is the default setting, though members of the Windows 10 Insider Program have their systems set to Full. This mandate, combined with the lack of documentation—Microsoft has never said precisely what the various options mean—has provoked many complaints from privacy-conscious Windows users. The Creators Update represents Microsoft's first real reaction to the outcry. The operating system itself is more explicit about obtaining consent for privacy settings. The out-of-box experience shown during installation has a new settings screen for privacy options, and existing Windows 10 users will be asked to choose their privacy settings during the process of upgrading to the Creators Update. Microsoft has also extended the documentation within the product and online to be clearer and more explicit about what each privacy option controls and what the consequences are of turning the options on and off. But it's publishing the full set of data points that the Basic setting can collect that's the biggest change. Making this available should go some way towards alleviating fears about how invasive the OS is. There isn't a full list of Full telemetry mode data, however; while the company is offering documentation of the kinds of data it can collect, it isn't doing so in the same exhaustive way as it is for the Basic setting. The company is also not offering documentation for older Windows 10 versions nor for the data collection in Windows 7 or Windows 8.1. Enlarge / The privacy settings that people upgrading to the Creators Update will see. Microsoft Marisa Rogers, the "privacy officer" of the Windows and Devices Group, told us that the telemetry data is genuinely useful to making Windows better. As an example the company offered us, there was a problem with the Windows Alarm app. The Alarm app can have more complicated interactions than one might think, due to its interactions with system sleep (it can wake a machine up if necessary) and the notification framework. Some Windows users reported that their alarms weren't consistently going off. As is often the case with annoying bugs, the problem was intermittent, appearing to occur randomly and hence difficult to reproduce for debugging. With information collected at the Full level from a broad range of affected machines, the company's developers were able to ascertain the precise combination of factors leading to problems, and discovered that alarms became more unreliable as they grew older. The bug was fixed, and a patch was deployed. Another problem the company described to us was that certain combinations of audio drivers and audio hardware were resulting in audio that was broken or missing certain special effects. The telemetry data enabled the exact pairings of drivers and hardware that had issues to be pinpointed, enabling a fix to be developed. Microsoft has also been open about how it uses this kind of information to stagger rollouts of major Windows updates. The Creators Update, like the major updates before it, will initially be offered only to configurations that Microsoft has high confidence in; OEM systems that have been explicitly tested are one example. As Microsoft's tracking registers more successful installations—more pieces of third-party software working correctly, more drivers and hardware functioning properly—Windows Update will offer the update to a wider range of PC configurations. After a few weeks, the floodgates will be opened and it will be offered to every system aside from those with known, specific incompatibilities. These phased deployments depend on telemetry data. These practical experiences have also shown Microsoft that some data isn't useful. Accordingly, Rogers said that in the Creators Update this information is no longer being collected, and the total volume of data has dropped by about half. The final alteration being made for the Creators Update is an greater control over the voice data that Cortana collects. The online privacy dashboard will soon include a new section to review and delete any voice data that Microsoft holds. These improvements are unlikely to appease that minority of users that regard the mandatory telemetry as an unacceptable intrusion, but greater clarity about what data gets collected is nonetheless a step forward. Source: Microsoft opens up on Windows telemetry, tells us most of what data it collects (ars TECHNICA - Peter Bright)
  13. Karlston

    What we know about KB 3150513

    On March 15, the Thursday after Patch Tuesday, Microsoft re-re-released KB 3150513. It’s innocuously titled “Latest compatibility definition update for Windows,” but it’s raised a lot of suspicion for those of us who prefer our Windows snooping overt, not covert. Microsoft’s description: This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results. Which is enough to get my tinfoil hat twitching. We had a similar not-quite-documented appearance of KB 3150513 back in September. Here’s what we know for sure: The update includes files called Appraiser.sdb and Appraiser_telemetryrunlist.xml. It was offered on just about every version of Windows you can name. The KB article lists prerequisites, but there are versions for Win10 1607, 1511, Windows 8 (!) and 8.1, and Win 7 RTM (!) and SP1. In addition @ch100 documents that a version is also available for Windows Server 2016, for the first time. When it appeared in September, poster K hid it, but it re-appeared two additional times. At the time, I documented that it appeared twice, with two different dates, May 4 and May 11, 2016. In September, @abbodi86 viewed it as a precursor to upgrading to the Win10 Anniversary Update (released July 2016): it’s an update for the system’s compatibility database, which is related the famous schedule task “Microsoft Compatibility Appraiser”. This diagnostics is required to see if the current machine is applicable for RS1 upgrade through WU. Yes, it may involves sending “telemetry” feedback but isn’t whole Windows 10 is already telemetry-connected? With regard to the March 15 release, @PKCano says: This is being offered on all versions of Windows. It is a compatibility definition update. A new release for Win10, but Win7 and Win8.1 are seeing the earlier version appear if they installed KB2952664 (Win7) or KB2976978 (Win8.1) with the recent updates. The latter are prerequisites. It is also showing up in Win10. And @abbodi86 says Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM. Both KB2952664/KB3150513 are only needed for upgrade they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics) And @ch100: Other versions were released in the past for Windows 10 1511. To me, without having the full details, it indicates that the functionality from KB2952664 in Windows 7 is built-in at least in Windows 10 1511 and 1607. Otherwise we wouldn’t see KB3150513 being on offer for those versions of Windows 10. There was no KB3150513 release for Windows 10 1507. Does anybody else have some definitive information on this beast? Is there any reason at all to install it, unless you plan on upgrading to the Win10 Creators Update version as soon as it’s available (which is an incredibly poor choice, but more about that later)? Source: What we know about KB 3150513 (AskWoody.com) What we know about KB 3150513 (AskWoody Lounge)
  14. Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again)
  15. Broken down, this works out to 3967 connection attempts to 51 different Microsoft IP addresses. You can see full tabulated results on Voat. With Microsoft facing unprecedented levels of criticism for its lack of transparency over spying components, these findings will serve only to add fuel to the fire. The fact that it was the Enterprise edition of Windows 10 that was used for testing is likely to raise further questions. http://betanews.com/2016/02/06/windows-10-phones-home-a-lot-even-with-all-reporting-and-telemetry-disabled/ Windows 10 telemetry network traffic analysis, part 1 Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently. Like many of you, I am concerned about the telemetry, spying and other surveillance features, known or unknown, of Windows 10. It has concerned me enough to push me to Linux Mint as my main operating system. Even so, I wanted to better understand Windows 10, but internet search results for a decent windows 10 traffic analysis leave a lot to be desired. As such, I decided to do my own investigating on what, exactly, Windows 10 is doing traffic-wise, and post the results. For this analysis, I wanted to simply analyse the network traffic of Windows 10 on a clean install, and just let it sit and run without using it. What I have done for this analysis: I have installed DD-WRT on a router connected to the internet and configured remote logging to the Linux Mint laptop in #2. I have installed Linux Mint on a laptop, and setup rsyslog to accept remote logging from the DD-WRT router. I have installed Virtualbox on the Linux Mint laptop, and installed Windows 10 EnterprisePNG on Virtualbox. I have chosen the customized installation option where I disabled three pages of tracking options. I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise. Aside from installing Windows 10 Enterprise, and verifying the internet connection through ipconfig and ping yahoo.com, I have not used the Windows 10 installation at all (the basis for the first part of this analysis) Let Windows 10 Enterprise run overnight for about 8 hours (while I slept). I use perl to parse the data out of syslog files and insert said data into a Mysql database. I use perl to obtain route data from whois.radb.net, as well as nslookup PTR data, and insert that into the Mysql database. Lastly, I query and format the data for analyzing. Here is the roughly 8-hour network traffic analysis of 5508 connection attempts of an unused, base install of Windows 10 Enterprise (NOTE: I did not remove any 192.168.1.x home network IP addresses from the analysis): individual connection attempts by IP address,port, and protocol: select distinct(ip_address),port,protocol,count(ip_address) as attempts from rejected_connections group by ip_address order by attempts desc; ip_address port protocol attempts 94.245.121.253 3544 UDP 1619 65.55.44.108 443 TCP 764 192.168.1.1 53 UDP 630 192.168.1.255 137 UDP 602 65.52.108.92 443 TCP 271 64.4.54.254 443 TCP 242 65.55.252.43 443 TCP 189 65.52.108.29 443 TCP 158 207.46.101.29 80 TCP 107 207.46.7.252 80 TCP 96 64.4.54.253 443 TCP 83 204.79.197.200 443 TCP 63 23.74.8.99 80 TCP 45 23.74.8.80 80 TCP 45 65.52.108.103 443 TCP 29 134.170.165.251 443 TCP 27 23.67.60.73 80 TCP 21 65.52.108.27 80 TCP 21 157.56.96.58 443 TCP 19 134.170.51.247 443 TCP 18 23.67.60.97 80 TCP 18 134.170.165.253 443 TCP 18 65.55.138.126 443 TCP 18 131.253.40.53 443 TCP 16 134.170.58.118 443 TCP 15 131.253.61.100 80 TCP 14 104.73.92.149 80 TCP 14 157.56.96.123 443 TCP 14 157.56.77.139 443 TCP 13 65.55.138.111 443 TCP 12 40.117.145.132 443 TCP 12 131.253.40.59 80 TCP 12 23.210.63.75 80 TCP 12 65.55.113.13 80 TCP 11 134.170.51.246 443 TCP 9 134.170.58.190 443 TCP 9 191.232.80.58 443 TCP 9 207.46.114.58 443 TCP 9 23.193.225.197 80 TCP 9 134.170.115.62 443 TCP 9 104.73.160.51 80 TCP 9 104.73.160.16 80 TCP 9 23.210.5.16 80 TCP 8 157.56.77.138 443 TCP 8 131.253.61.84 80 TCP 8 23.217.138.11 80 TCP 8 23.193.230.88 443 TCP 7 198.41.214.183 80 TCP 6 13.107.3.128 443 TCP 6 198.41.215.186 80 TCP 6 198.41.214.186 80 TCP 6 198.41.214.184 80 TCP 6 104.73.143.160 443 TCP 6 157.55.240.220 443 TCP 6 198.41.215.185 80 TCP 6 72.21.81.200 80 TCP 6 23.193.251.132 80 TCP 6 23.193.236.70 443 TCP 5 72.21.91.8 80 TCP 5 23.217.138.25 80 TCP 4 131.253.61.96 443 TCP 4 131.253.61.82 443 TCP 3 23.102.17.214 443 TCP 3 23.101.156.198 443 TCP 3 23.74.9.198 80 TCP 3 104.73.153.9 443 TCP 3 23.74.9.217 80 TCP 3 23.9.123.27 80 TCP 3 94.245.121.254 3544 UDP 3 23.101.187.68 123 UDP 3 104.91.188.21 80 TCP 3 131.253.61.66 443 TCP 3 23.217.138.122 80 TCP 3 23.101.115.193 443 TCP 3 198.41.215.182 80 TCP 3 198.41.214.187 80 TCP 3 23.210.48.42 443 TCP 3 104.208.28.54 443 TCP 3 23.217.138.18 80 TCP 2 23.193.238.90 443 TCP 2 23.217.138.90 80 TCP 2 23.217.138.43 80 TCP 1 23.67.60.65 80 TCP 1 65.52.236.160 443 TCP 1 157.56.144.215 3544 UDP 1 23.96.212.225 443 TCP 1 157.56.144.216 3544 UDP 1 65.52.108.252 443 TCP 1 65.52.108.94 443 TCP 1 134.170.179.87 443 TCP 1 104.73.138.217 443 TCP 1 104.91.166.82 80 TCP 1 104.73.160.58 80 TCP 1 137.116.74.190 80 TCP 1 23.217.138.97 80 TCP 1 Extended data for each distinct connection attempt: select distinct(t1.ip_address),nslookup,port,protocol,connection_attempts,route,origin,description from (select distinct(ip_address) as ip_address,port,protocol,count(ip_address) as connection_attempts from rejected_connections group by ip_address order by connection_attempts desc ) as t1 join (select distinct(ip_address) as ip_address,nslookup,route,origin,description from routing_data group by ip_address) as t2 where t1.ip_address=t2.ip_address order by connection_attempts desc; ip_address nslookup port protocol connection_attempts route origin description 94.245.121.253 3544 UDP 1619 94.245.64.0/18 AS8075 MICROSOFT 65.55.44.108 443 TCP 764 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.92 msnbot-65-52-108-92.search.msn.com 443 TCP 271 65.52.0.0/14 AS8075 MICROSOFT 64.4.54.254 443 TCP 242 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 65.55.252.43 msnbot-65-55-252-43.search.msn.com 443 TCP 189 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.29 msnbot-65-52-108-29.search.msn.com 443 TCP 158 65.52.0.0/14 AS8075 MICROSOFT 207.46.101.29 80 TCP 107 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 207.46.7.252 80 TCP 96 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 64.4.54.253 443 TCP 83 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 204.79.197.200 a-0001.a-msedge.net 443 TCP 63 204.79.197.0/24 AS8151 Microsoft Corporation 23.74.8.99 a23-74-8-99.deploy.static.akamaitechnologies.com 80 TCP 45 23.74.8.0/23 AS20940 Akamai Technologies 23.74.8.80 a23-74-8-80.deploy.static.akamaitechnologies.com 80 TCP 45 23.74.8.0/23 AS20940 Akamai Technologies 65.52.108.103 443 TCP 29 65.52.0.0/14 AS8075 MICROSOFT 134.170.165.251 443 TCP 27 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.67.60.73 a23-67-60-73.deploy.static.akamaitechnologies.com 80 TCP 21 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 65.52.108.27 msnbot-65-52-108-27.search.msn.com 80 TCP 21 65.52.0.0/14 AS8075 MICROSOFT 157.56.96.58 443 TCP 19 157.56.0.0/16 AS8075 MICROSOFT 134.170.51.247 443 TCP 18 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.67.60.97 a23-67-60-97.deploy.static.akamaitechnologies.com 80 TCP 18 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 134.170.165.253 443 TCP 18 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 65.55.138.126 443 TCP 18 65.52.0.0/14 AS8075 MICROSOFT 131.253.40.53 443 TCP 16 131.253.32.0/20 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 134.170.58.118 443 TCP 15 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.61.100 80 TCP 14 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.92.149 a104-73-92-149.deploy.static.akamaitechnologies.com 80 TCP 14 104.64.0.0/10 AS31377 Akamai Technologies 157.56.96.123 443 TCP 14 157.56.0.0/16 AS8075 MICROSOFT 157.56.77.139 443 TCP 13 157.56.0.0/16 AS8075 MICROSOFT 65.55.138.111 443 TCP 12 65.52.0.0/14 AS8075 MICROSOFT 40.117.145.132 443 TCP 12 40.64.0.0/10 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.40.59 80 TCP 12 131.253.32.0/20 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.210.63.75 a23-210-63-75.deploy.static.akamaitechnologies.com 80 TCP 12 23.210.48.0/20 AS16625 Akamai Technologies 65.55.113.13 80 TCP 11 65.52.0.0/14 AS8075 MICROSOFT 134.170.51.246 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 134.170.58.190 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 191.232.80.58 443 TCP 9 191.232.0.0/13 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 207.46.114.58 443 TCP 9 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.193.225.197 a23-193-225-197.deploy.static.akamaitechnologies.com 80 TCP 9 23.193.224.0/20 AS20940 Akamai Technologies 134.170.115.62 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.160.51 a104-73-160-51.deploy.static.akamaitechnologies.com 80 TCP 9 104.64.0.0/10 AS31377 Akamai Technologies 104.73.160.16 a104-73-160-16.deploy.static.akamaitechnologies.com 80 TCP 9 104.64.0.0/10 AS31377 Akamai Technologies 23.210.5.16 a23-210-5-16.deploy.static.akamaitechnologies.com 80 TCP 8 23.208.0.0/14 AS31377 Akamai Technologies 157.56.77.138 443 TCP 8 157.56.0.0/16 AS8075 MICROSOFT 131.253.61.84 80 TCP 8 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.11 a23-217-138-11.deploy.static.akamaitechnologies.com 80 TCP 8 23.217.138.0/24 AS7922 Akamai Technologies 23.193.230.88 a23-193-230-88.deploy.static.akamaitechnologies.com 443 TCP 7 23.193.224.0/20 AS20940 Akamai Technologies 198.41.214.183 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 13.107.3.128 443 TCP 6 13.104.0.0/14 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 198.41.215.186 80 TCP 6 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.186 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.184 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 104.73.143.160 a104-73-143-160.deploy.static.akamaitechnologies.com 443 TCP 6 104.64.0.0/10 AS31377 Akamai Technologies 157.55.240.220 443 TCP 6 157.55.0.0/16 AS8075 MICROSOFT 198.41.215.185 80 TCP 6 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 72.21.81.200 80 TCP 6 72.21.81.0/24 AS15133 EdgeCast Networks, Inc. 23.193.236.70 a23-193-236-70.deploy.static.akamaitechnologies.com 443 TCP 5 23.193.224.0/20 AS20940 Akamai Technologies 72.21.91.8 80 TCP 5 72.21.91.0/24 AS15133 EdgeCast Networks, Inc. 23.217.138.25 a23-217-138-25.deploy.static.akamaitechnologies.com 80 TCP 4 23.217.138.0/24 AS7922 Akamai Technologies 131.253.61.96 443 TCP 4 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.61.82 443 TCP 3 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.101.156.198 443 TCP 3 23.100.0.0/15 AS8075 MICROSOFT 104.73.153.9 a104-73-153-9.deploy.static.akamaitechnologies.com 443 TCP 3 104.64.0.0/10 AS31377 Akamai Technologies 23.9.123.27 a23-9-123-27.deploy.static.akamaitechnologies.com 80 TCP 3 23.9.112.0/20 AS16625 Akamai Technologies 94.245.121.254 3544 UDP 3 94.245.64.0/18 AS8075 MICROSOFT 23.101.187.68 123 UDP 3 23.100.0.0/15 AS8075 MICROSOFT 104.91.188.21 a104-91-188-21.deploy.static.akamaitechnologies.com 80 TCP 3 104.91.176.0/20 AS20940 Akamai Technologies 131.253.61.66 443 TCP 3 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.122 a23-217-138-122.deploy.static.akamaitechnologies.com 80 TCP 3 23.217.138.0/24 AS7922 Akamai Technologies 23.101.115.193 443 TCP 3 23.100.0.0/15 AS8075 MICROSOFT 198.41.215.182 80 TCP 3 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.187 80 TCP 3 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 23.210.48.42 a23-210-48-42.deploy.static.akamaitechnologies.com 443 TCP 3 23.210.48.0/20 AS16625 Akamai Technologies 104.208.28.54 443 TCP 3 104.208.0.0/13 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.18 a23-217-138-18.deploy.static.akamaitechnologies.com 80 TCP 2 23.217.138.0/24 AS7922 Akamai Technologies 23.193.238.90 a23-193-238-90.deploy.static.akamaitechnologies.com 443 TCP 2 23.193.224.0/20 AS20940 Akamai Technologies 23.217.138.90 a23-217-138-90.deploy.static.akamaitechnologies.com 80 TCP 2 23.217.138.0/24 AS7922 Akamai Technologies 23.217.138.43 a23-217-138-43.deploy.static.akamaitechnologies.com 80 TCP 1 23.217.138.0/24 AS7922 Akamai Technologies 23.67.60.65 a23-67-60-65.deploy.static.akamaitechnologies.com 80 TCP 1 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 65.52.236.160 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 157.56.144.215 3544 UDP 1 157.56.0.0/16 AS8075 MICROSOFT 23.96.212.225 443 TCP 1 23.96.0.0/14 AS8075 MICROSOFT 157.56.144.216 3544 UDP 1 157.56.0.0/16 AS8075 MICROSOFT 65.52.108.252 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.94 msnbot-65-52-108-94.search.msn.com 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 134.170.179.87 443 TCP 1 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.138.217 a104-73-138-217.deploy.static.akamaitechnologies.com 443 TCP 1 104.64.0.0/10 AS31377 Akamai Technologies 104.91.166.82 a104-91-166-82.deploy.static.akamaitechnologies.com 80 TCP 1 104.91.166.0/23 AS20940 Akamai Technologies 104.73.160.58 a104-73-160-58.deploy.static.akamaitechnologies.com 80 TCP 1 104.64.0.0/10 AS31377 Akamai Technologies 137.116.74.190 80 TCP 1 137.116.0.0/15 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.97 a23-217-138-97.deploy.static.akamaitechnologies.com 80 TCP 1 23.217.138.0/24 AS7922 Akamai Technologies is for awhile longer (hours? days? weeks?) to get a more complete snapshop of connection attempts before I move on to further analysis of Windows 10. All Credits To CheesusCrust The Source
  16. Microsoft Reduces the Amount of Telemetry Data Collected from Windows 10 PCs Other privacy changes implemented for Microsoft users First and foremost, Microsoft is introducing a new privacy dashboard on the web that lets users see and manage privacy data, including search history, location activity, and Cortana’s Notebook - information that the digital assistant requires to provide a more personal experience. In order to access this dashboard, you need to sign in with your Microsoft account and connect to account.microsoft.com/privacy, with Redmond promising to add more functionality and categories over time. Windows 10 changes As far as Windows 10 is concerned, Microsoft is announcing a new setup experience for users who install the new OS. The new option replaces the previous Express settings presented during the Windows 10 install, Microsoft says. Those upgrading from Windows 7, Windows 8 or performing a new clean install should be able to see what Microsoft describes as “simple but important settings,” while those who are already on Windows 10 will be asked to update privacy settings with a notification. These new settings will make their debut with the Creators Update, and will be integrated into an insider build shipping soon. The telemetry settings in Windows 10 will be simplified from three different levels to just two, namely Basic and Full. The Enhanced level will no longer be offered, and users who picked this one will be prompted to switch to Basic or Full after installing the Creators Update. But what’s more important is that the Basic level will collect a reduced amount of telemetry data from Windows 10 computers, according to Microsoft. “This includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft,” the firm says. Users will be given full control over their privacy settings and will obviously be allowed to change them at a later time from the Settings app in Windows 10. Source
  17. How Windows 10 Data Collection Trades Privacy For Security Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft. But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features. Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality. With the current shift to Windows-as-a-service, Microsoft plans to release more updates to the operating system more frequently, and it will use telemetry data to understand how people are actually using Windows and applications. Microsoft can use the information to figure out what new features are needed or to prioritize changes to existing components. For Microsoft, more data means more security But the telemetry data is used for more than how to improve or evolve Windows. There is an actual security impact, too. Knowledge is power, and in the case of Windows 10, that usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft’s director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender, such as Application Guard and Advanced Threat Detection (these two features are available only to customers with Windows 10 Enterprise with Anniversary Update and Enterprise E5 subscriptions). As Windows 10’s built-in security tool, Windows Defender uses real-time protection to scan everything downloaded or run on the PC. The information from these scans is sent back to Microsoft and used to improve protection for everyone else. For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences. Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers. How Windows 10 telemetry levels affect security and administration IT admins can control what telemetry is sent back to Microsoft using group policy objects—if they are using an enterprise version of Windows 10 and a Microsoft administration tool, of course. (Consumer versions of Windows don’t provide this capability, which is why there are now third-party telemetry blockers on the market, though not all telemetry can be blocked.) The Privacy option in Settings lets administrators choose one of three telemetry levels: Basic, Enhanced, and Full. Windows 10 Home and Pro are set by default to Full. Windows 10 Enterprise and Education are set by default to Enhanced. But there’s a fourth level called Security available only in Windows 10 Enterprise and Education editions, and only through group policies (not via Settings). Available to admins only, Security level sends the least data. The Security level sends less telemetry to Microsoft than the Basic level does. And it collects enough technical data about Windows’s Connected User Experience and Telemetry component settings, the MSRT (Malicious Software Removal Tool), and Windows Defender to keep Windows, Windows Server, and System Center secure. At the Security level, only OS information, device ID, and device class (server, desktop, mobile device) are sent to Microsoft, along with the MSRT report that contains information about the infection and IP address. Windows Defender and System Center Endpoint Protection provide diagnostic information, user account control settings, UEFI (Unifieid Extensible Firmware Interface) settings, and IP addresses. (If this latter information shouldn’t be sent, then turn off Windows Defender and use a third-party tool instead.) If the goal is to not have any data go to Microsoft, using the Security level is the best option. But it has one big drawback: Windows Update won’t work, because Windows Update information—such as whether the update installation succeeded or failed—does not get collected at the Security level. MSRT also won’t run if Windows Update is not working. Thus, it requires a lot of IT involvement to keep the systems updated and secure if the telemetry level is set to Security. Basic level is the least a user can choose within Windows. For most users focused on privacy, the Basic level is probably the best option for limiting what gets sent to Microsoft. The Basic level sends device information like application compatibility and usage information in addition to the information sent from the Security level. This can include the number of crashes and the amount of processor time and memory an application used at a time. System data can help Microsoft know whether a device meets the minimum requirements to upgrade to the next version. Data from the Basic level helps identify problems that can occur on a particular hardware or software configuration. The types of data collected include device attributes, such as camera resolution, display type, and battery capacity; application and operating system versions; networking devices, such as the number of network adapters; IMEI number (for mobile devices) and mobile operator network; architecture details, such as processor, memory type, and firmware versions; storage data, such as number of drives, type, and size; and virtualization support. The Basic level also collects and transmits compatibility details, such as how add-ons work with the browser, how applications work with the operating system, and whether peripherals like printers and storage devices would work with the next version of the operating system. Enhanced level aids user-experience improvements. The Enhanced level, the default setting for Windows 10 Enterprise and Education, also sends data on how Windows, Windows Server, System Center, and applications are used; how they perform; and their reliability. This includes operating system events, such as those from networking, Hyper-V, Cortana, storage, and file system; operating system application events, such as those from Server Manager, Mail, and Microsoft Edge; device-specific events such as data from Microsoft HoloLens; and all crash dumps. Data collected from the Enhanced level helps Microsoft improve user experience because the company can use the detailed information to find patterns and trends in how the applications are being used. Enhanced is the minimum level needed for Microsoft to identify and address Windows 10, Windows Server, and System Center quality issues. The Full level makes your PC an open book. The Full level—the default for consumer versions of Windows—is the free-for-all level that has privacy folks worried, because it includes significant technical data, which Microsoft claims is “necessary to identify and help to fix problems.” At the Full level, devices send information related to reliability, application responsiveness, and usage along with all crash dumps. Data collection has changed in Windows Telemetry data is not new to Windows 10. Microsoft used telemetry in previous versions of Windows and Windows Server to check for updated or new Windows Defender signatures, verify Windows Update installations, and gather reliability information through the RAC (Reliability Analysis Component) and Windows CEIP (Customer Experience Improvement Program). What’s changed is that Windows 10 has expanded the scope to better understand the type of hardware being used, basic system diagnostics, logs of how frequently features are being used, what applications have been installed, how users are using those applications, and the reliability data from device drivers. Microsoft says it tries to avoid collecting personal information, but it can happen. For example, crash dumps can contain the contents of a document that was in memory at the time of the crash. The news that Microsoft would include threat intelligence content such as indicators and reports of past attacks from FireEye’s iSight Intelligence product into Windows Defender Advanced Threat Protection, there were concerns that FireEye would gain access to some of the telemetry data. But Microsoft says that is not part of the FireEye deal. Microsoft’s plan to put advertising on users’ lock screens and Start screens—and block IT admins from disabling them—has also fanned the flames of security fear. After all, similar advertising from the likes of Google ad Facebook relies heavily on the intense collection of personal data to target the ads. It’s worth noting that Windows is not intentionally collecting functional data, such as the user’s location when the user is looking at local weather or news. The application may collect such data, but not the Windows 10 operating system—and thus not the Windows 10 telemetry. Of course, Microsoft collects personal information from its own applications. Cortana is such an example, but users can turn off Cortana completely. Overall, IT organizations should be able to find a telemetry level they’re comfortable with in terms of privacy, while not sacrificing the core security of Windows. They may have to pay the price of higher admin costs if they use the lowest telemetry level (Security), but only if they choose to do so. Source AskWoody's Word On This Article
  18. Gamers are accusing NVIDIA’s new drivers of spying on you, collecting more data with new telemetry services. But NVIDIA isn’t spying on you—or, at least, NVIDIA isn’t gathering more data than it already was, and most of that data is required for it to work properly. Those New Telemetry Processes Do Nothing (at the Moment) This whole subject started to take on a life of its own when people noticed the latest NVIDIA drivers add an “NVIDIA telemetry monitor”, or NvTmMon.exe, entry to the Task Scheduler. MajorGeeks even recommended disabling these tasks with the Microsoft Autoruns software. While many websites uncritically recommended disabling these processes, Gamers Nexus monitored these processes and found that “they appear to be inactive at this time and do not transact data, as far as we can tell.” In other words, those telemetry-named processes do nothing. Disabling them accomplishes nothing. It’s possible that NVIDIA is working on moving telemetry-related functions from the main GeForce Experience program to these processes, but that hasn’t happened yet. A future driver update that makes these processes functional will also probably re-enable them in the Task Scheduler. There’s no point in disabling them right now “just in case”. People Are Reading the Wrong Privacy Policy People on Reddit found the Privacy Policy on NVIDIA’s website and summarized it as such: “NVIDIA may collect your name, address, email, phone number, IP address, and non traditional identifiers and share this information with business partners, resellers, affiliates, service providers, consulting partners, and others. This information is combined with typical browsing and cookie data and used by NVIDIA itself or advertising networks.” That sounds bad. But that’s actually a summary of the privacy policy for your use of NVIDIA’s website. As Gamers Nexus wrote, there’s a separate policy that covers GeForce Experience and NVIDIA’s software. NVIDIA issued an official statement that said: “NVIDIA does not share any personally identifiable information collected by GeForce Experience outside the company. NVIDIA may share aggregate-level data with select partners, but does not share user-level data… Aggregate data refers to information about a group of users rather than an individual. For example, there are now 80 million users of GeForce Experience.” GeForce Experience Needs to Collect Data to Function The GeForce Experience application, by its very nature, needs to collect some data from you. Here’s what the GeForce Experience application, included with NVIDIA’s drivers, does: It checks for new drivers and downloads them for you. To do this, it has to check which operating system you’re using, which NVIDIA hardware you have installed, and which driver version you currently have installed. It scans your system for installed games and suggests optimal settings. To do this, it needs to know which games you have installed, how they’re currently configured, and what hardware you have in your PC. It also reports back basic information about how you use the application. For example, NVIDIA can probably tell how many people use the GeForce Experience application to optimize games, how many people use the gameplay-recording feature, and so on. NVIDIA says it hasn’t started collecting any new data recently, writing in a statement: “The nature of the information collected has remained consistent since the introduction of GeForce Experience 1.0. The change with GeForce Experience 3.0 is that this error reporting and data collection is now being done in real-time.” You Can Monitor the Data GeForce Experience Sends If you’d like to see every bit of data GeForce Experience sends, you can do so with Wireshark. Gamers Nexus monitored the data NVIDIA’s applications sent over the wire and found about what you’d expect. It sends: Your GPU’s specification, vendor, clock speed, and overclock information. Your monitor information and display resolution. Driver settings for some specific games, such as whether you’ve disabled G-Sync or chosen a type of antialiasing for a game in the NVIDIA Control Panel. The resolution and quality settings you’ve chosen for some specific games. A list of games and applications installed, so NVIDIA can see how many people have Origin, Steam, Counter-Strike: GO, Overwatch, and other games installed. How much RAM you have. Information about your CPU, motherboard, and BIOS version. This is the type of data we’d expect to see, given what GeForce Experience does. NVIDIA can use much of this data to suggest optimal settings for your hardware. Data about which games you have installed and how you’ve configured them can help NVIDIA know which games to focus development resources on, and point it in the right direction when automatically choosing graphics settings. These are good things, and what GeForce Expeirence has always been designed to do anyway. To Disable Telemetry, You’d Have to Break GeForce Experience You’re free to disable those telemetry services, but that won’t do anything for the time being. To truly stop NVIDIA’s software from phoning home, you’d have to break GeForce Experience by blocking its connections at the firewall level. But if you do this, GeForce Experience won’t automatically check for and provide you with graphics driver updates anymore. The game-optimization features would stop working. Other Internet-connected features would also break. In fact, if you block connections from GeForce Experience and it can’t connect to NVIDIA’s servers, it just kicks you back top a sign-in screen saying “We are unable to log you in at this time. Try again later.” This is a bad idea. Those graphics driver updates are important! The Mandatory Account Still Stings We’ve looked into it and found NVIDIA’s telemetry is really nothing to worry about. GeForce Experience collects as much data as it always does, and the data it collects makes sense for what it has to do. The new telemetry processes don’t seem to actually do anything. But NVIDIA has gamers on edge with its recent decisions. GeForce Experience version 3.0 requires you sign in with an account to use it—even just to get driver updates—which makes many gamers unhappy. However, you can just create an NVIDIA account for this purpose. You don’t have to link a Google or Facebook account. While we wish NVIDIA would offer more options, let’s keep our complaints tethered to the real world. Many of the claims going around online about NVIDIA’s new telemetry services just aren’t true. Article source
  19. Microsoft Security Bulletins November 2016 Microsoft Security Bulletins November 2016 offers an overview of all security and non-security patches for Windows and other Microsoft products. Yes, it is this time of the month again. Microsoft just released updates for all client and server versions of Windows and other company products. Our Microsoft Security Bulletins November 2016 provides you with information so that you can prioritize updates for deployment, or find out what they do before installing them. The overview begins with an executive summary that highlights the most important bits of information. It is followed by the operating system and other Microsoft product distribution that lists products and the number of security updates and their severity. This is followed by the list of security bulletins, security advisories and updates, and non-security updates released in the past 30 days. The last part details how to download these updates. It offers direct update download links that point to Microsoft's Update Catalog, and reference links that you can load for additional information and research. Microsoft Security Bulletins November 2016 Executive Summary Microsoft released 14 security bulletins on the November 2016 Patch Day. 6 of the bulletins are rated with a severity rating of critical, the remaining 8 with a rating of important. All client and server versions of Windows are affected by at least one critically rated bulletin. Microsoft published updates for Microsoft Edge, Microsoft SQL Server, Office and other Microsoft products as well. Operating System Distribution Windows 8.1 and 10 are affected by more vulnerabilities than Windows 7 and Vista on the client side. This is explained by the security update for Adobe Flash MS16-141 which is released for Windows 8.1 and 10 only, and MS16-129, the cumulative security update for Microsoft Edge. The new Windows Server 2016 is affected by MS16-130 and Ms16-131 critically, while previous versions of Windows Server are either not affected at all, or only with important severity. Windows Vista: 2 critical, 6 important Windows 7: 2 critical, 6 important Windows 8.1: 3 critical, 7 important Windows RT 8.1: 1 critical, 7 important Windows 10: 4 critical, 7 important Windows Server 2008: 1 critical, 6 important Windows Server 2008 R2: 1 critical, 6 important Windows Server 2012 and 2012 R2: 6 important, 2 moderate Windows Server 2016: 2 critical, 5 important Server core: 8 important Other Microsoft Products Microsoft Office 2007, 2010, 2013 and 2016: 1 important Microsoft Office 2013 RT: 1 important Microsoft Office 2011, 2016 for Mac: 1 important Microsoft Office Compatibility Pack Service Pack 3: 1 important Microsoft Excel Viewer: 1 important Microsoft PowerPoint Viewer: 1 important Microsoft SharePoint Server 2010, 2013: 1 important Microsoft Office Web Apps 2010, 2013: 1 important SQL Server 2012 Service Pack 2, Service Pack 3: 1 important SQL Server 2014 Service Pack 1, Service Pack 2: 1 important SQL Server 2016: 1 important Security Bulletins Red = critical MS16-129 -- Cumulative Security Update for Microsoft Edge (3199057) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS16-130 -- Security Update for Microsoft Windows (3199172) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application. MS16-131 -- Security Update for Microsoft Video Control (3199151) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. MS16-132 -- Security Update for Microsoft Graphics Component (3199120) This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. MS16-133 -- Security Update for Microsoft Office (3199168) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. MS16-134 -- Security Update for Common Log File System Driver (3193706) This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. MS16-135 -- Security Update for Windows Kernel-Mode Drivers (3199135) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. MS16-136 -- Security Update for SQL Server (3199641) This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. MS16-137 -- Security Update for Windows Authentication Methods (3199173) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. MS16-138 -- Security Update to Microsoft Virtual Hard Disk Driver (3199647) This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability. MS16-139 -- Security Update for Windows Kernel (3199720) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. MS16-140 -- Security Update for Boot Manager (3193479) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy. MS16-141 -- Security Update for Adobe Flash Player (3202790) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. MS16-142 -- Cumulative Security Update for Internet Explorer (3198467) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Security advisories and updates KB3201860 -- MS16-128: Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8 Embedded Standard, and Windows Server 2012 Non-security related updates Cumulative updates not yet published on the update history pages. Will update the article as soon as that happens. KB3197867 -- November, 2016 Security Only Quality Update for Windows 7 and Server 2008 R2 Security updates to Microsoft Graphics Component, kernel-mode drivers, Microsoft Video Control, Common Log File System driver, Windows authentication methods, Windows operating system, Windows File Manager, Windows registry, OpenType, Internet Explorer 11, and Windows Component. KB3197868 -- November, 2016 Security Monthly Quality Rollup for Windows 7 and Server 2008 R2 Support page MIA. No information other than the security updates that it includes. KB3197873 -- November, 2016 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 Support page MIA. See KB3197867 above for list of updates. KB3197874 -- November, 2016 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 Support page MIA. No information KB3200970 -- Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 Addressed issues that prevented users from connecting to virtual private networks (VPNs). Improved reliability of Internet Explorer, Remote Desktop and multimedia audio. Fixed a system tray issue in regards to WiFi connections not showing up. Fixed unnamed issues in various Windows components including Microsoft Edge, Internet Explorer 11, Remote Desktop, Active Directory, Windows shell, enterprise security and more. Security updates for a number of Windows components including Boot Manager, kernel-mode drivers, Edge, IE11, Microsoft Video Control and more (as outlined in the Security Bulletins section above). KB3197954 -- Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 Improved reliability of many components including Windows kernel, Internet Explorer 11, Start, File Explorer, graphics. Fixed crash in System Center Operations Manager (SCOM). Fixed connectivity issues in Remote Desktop Gateway. Addressed updates restoration issue when doing system resets. Fixed an issue that caused domain logons to fail after upgrading from Windows 10 Home to Pro. The HTTP Strict Transport Security (HTST) preload list was updated. Addressed unnamed issues affecting USB, Wi-Fi, Bluetooth, Windows kernel, Microsoft Edge, Internet Explorer 11, PowerShell, and more. Check out the support article linked above for a full rundown. KB2976978 -- Update for Windows 8.1 -- Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8 -- This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program KB3199375 -- Update for Internet Explorer -- FIX: "Do you want to open this file" error message after you apply security update 3185319 KB3200006 -- Update for Internet Explorer -- System Center Operations Manager Management Console crashes after you install MS16-118 and MS16-126 KB3192321 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Turkey ends DST observance KB3192403 -- October, 2016 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 KB3192404 -- October, 2016 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 KB3192406 -- October, 2016 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 KB3198591 -- Update for Windows 7 and Windows Server 2008 R2 -- Windows Server 2008 R2 domain controller crashes when two threads use the same LDAP connection How to download and install the November 2016 security updates Windows 7, 8.1 and 10 users get so-called monthly rollup releases. On Vista, individual patches are made available. Windows users can download and install the patches via Windows Update: Tap on the Windows-key, type Windows Update and hit the Enter-key. If the update check is not performed automatically, click on "check for updates" on the page that opens. Updates that are found may be installed automatically, or displayed to the user instead for manual selection. Updates are also made available on Microsoft's Download Center, as monthly security releases, and through the Microsoft Update Catalog. Direct Microsoft Update Catalog download links: Windows 10, Windows Server 2016 KB3200970 -- Cumulative Update for Windows 10 Version 1607 KB3197954 -- Cumulative Update for Windows 10 Version 1607 Windows 8.1, Windows Server 2012 R2 KB3197874 -- November, 2016 Security Monthly Quality Rollup for Windows 8.1 and Server 2012 R2 KB3197873 -- November, 2016 Security Only Quality Update Windows 7, Windows Server 2008 R2 KB3197868 -- November, 2016 Security Monthly Quality Rollup for Windows 7 and Server 2008 R2 KB3197867 -- November, 2016 Security Only Quality Update Additional resources Microsoft Security Bulletin Summary for November 2016 List of software updates for Microsoft products List of security advisories of 2016 Microsoft Update Catalog site Our in-depth update guide for Windows Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source
  20. It's been brought to our attention that nVIDIA now has telemetry included with its drivers. It also continues the bloat with nVIDIA Wireless Controller and ShadowPlay services, something many don't need. First, let's go over what these are. Telemetry is essentially considered spying by many as it is a way to send data back and forth. It's nowhere near that simple, but we'd like to know what it's doing in our video drivers when it's never been needed before. nVIDIA Wireless Controller requires you have, you guessed it, a nVIDIA Wireless Controller. ShadowPlay is a way to capture and record gameplay. The easiest way to check for, and disable these is to download Microsoft Autoruns. Autoruns is portable, so no installation is needed. Download it and unzip Autoruns.zip into its own folder and double click Autoruns.exe or Autoruns64.exe. Type nvidia in the filter box. You will find Telemetry in the Task Scheduler section and the nVIDIA Wireless Controller, and ShadowPlay services further down under the registry entries. Uncheck what you don't want, close and reboot. If you get an error, close the program and right click on Autoruns.exe or Autoruns64.exe and "Run as Administrator." Here is an image showing you how to get it done: Article source
  21. If you have the Microsoft Windows Malicious Software Removal Tool installed on your machine, either by having installed it manually or because it shipped with Windows, you may have noticed already that it is sending out so called Heartbeat Reports after certain scans. These reports are not linked to any of the major telemetry services or tasks that you may or may not have disabled on your machine. On Windows 10, the Heartbeat report gets sent out to Microsoft even if you have disabled the Customer Experience Program and the majority of other telemetry related services or tasks, and made sure to set all privacy related settings to maximum privacy. How to disable Heartbeat Telemetry First thing you may want to do is check whether the installed copy of the Windows Malicious Software Removal Toll (MRT) sents Heartbeat telemetry reports. The easiest way to check that is to load the MRT log. Open File Explorer or Windows Explorer on your Windows machine, and load the following by pasting it in the address bar and hitting the Enter-key: C:\Windows\debug\mrt.log This opens the MRT log. Scroll down to the last entries and check for Heartbeat Telemetry there. You may also hit F3 to open the search to jump to the first Heartbeat entry in the log. Heartbeat Telemetry data is not sent out each day according to the log, but only every five or six days. You can verify that in the log as you will find "Heartbeat Will be Sent in x Days" entries there. Microsoft notes in its privacy statement that the Malicious Software Removal Tool will sent a report to Microsoft with "specific data about malware detected, errors, and other data about your device" but fails to go into details. We don't know what is sent to Microsoft as part of Heartbeat other than the information that Microsoft revealed in its privacy statement. Option 1: Registry Key The Knowledgebase support article KB891716, Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment, lists a Registry key to block the sending of reports of the MRT to Microsoft. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft. Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT Entry name: \DontReportInfectionInformation Type: REG_DWORD Value data: 1 Note: Since Heartbeat is only triggered when automatic scans are run, it is too early to say if setting the key disables the sending of reports completely. I will monitor the situation and will update the article with my findings later. Tap on the Windows-key, type regedit.exe and hit the Enter-key. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT Right-click on MRT and select New > Dword (32-bit) Value from the context menu. Name the name Dword DontReportInfectionInformation Double-click the newly created Dword and set its value to 1. Option 2: Disable the MRT Task, or Disable Heartbeat Telemetry Since MRT is run automatically, it must be triggered somewhere. If you check the Task Scheduler for MRT related tasks, you will eventually find the one task that Windows uses for that. Note: Disabling the task disables automatic MRT scans on the system. Make sure you have proper antivirus software installed on the device. Tap on the Windows-key, type Task Scheduler, and hit the Enter-key. Use the sidebar folder structure and go to Task Scheduler Library > Microsoft > Windows > RemovalTools. Right-click on MRT_HB and select disable from the context menu. If you compare the last run time with the Malicious Software Removal Tool log, you will notice that they match. Also, the _HB part is a strong indicator that this is what is triggering the Heartbeat reports. If you check the command switches used, you will notice the undocumented switch /EHB. You could remove the switch from the command to keep automatic scans without Heartbeat report generation enabled. I verified that /EHB is indeed the trigger for Heartbeat Telemetry. If you remove it, no Heartbeat reports are created when the scan runs. You may need to check back regularly though as Windows Updates may replace the custom task with the default one. Article source
  22. Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November Yesterday Microsoft released seven new patches through Windows Update. Three of them -- KB 3192403 for Windows 7, KB 3192404 for Windows 8.1, and KB 3192406 for Windows Server 2012 -- confirm a trend we've long expected: Microsoft is adding new telemetry/snooping capabilities to Win7, 8.1, and Server 2012 by growing out its Diagnostic and Telemetry service subsystem, DiagTrack. The big push will come in November. Much to Microsoft's credit, we have many details about the new subsystem. We also have tools to help you avoid installing this enhancement to DiagTrack. But in order to use those tools effectively, you must start installing Windows 7 and 8.1 updates manually -- using Windows Update will ensure that your PC starts sending more info to the mothership. What kind of info? We don't know -- and don't have any way of knowing. While there are voluminous lists of privacy-related settings, Microsoft hasn't said what data it's collecting. There is no "Security" level option for Win 7 or 8.1 (or Win10 Pro or Home, for that matter). Data sent to the mothership is encrypted and inaccessible -- as it should be -- so we simply don't know if this new, improved DiagTrack will lead to Google-class snooping. Before you get worried, be sure you understand the situation. These three patches have been released as a test. They're called "October 2016 Preview of Monthly Quality Rollup" for a reason. If you run Windows Update in Win7 or 8.1, they'll appear as unchecked, optional updates. If you don't check them, they won't be installed. And unless you're testing something specific, you'd be foolish to check and install the updates. These Third Tuesday patches are a preview of the non-security portion of the monthly rollup that's expected to arrive in November. It's complicated, but in short, you don't want to install them yet. The KB articles have detailed descriptions of the changes coming in November, but they're quite esoteric -- telemetry receiving locations, proxy servers, and registry entries. The KB articles all point to Microsoft's description of the Customer Experience Improvement Program (CEIP). But the description, which is almost eight years old, doesn't mention DiagTrack. You might draw the conclusion that you can turn off DiagTrack by turning off CEIP, but as best I can tell that isn't true. I first noticed that telemetry-with-no-off-switch behavior 18 months ago in KB 2952664. A new incarnation of the same patch appeared earlier this month. Bottom line: Those users who install KB 3192403 or KB 3192404 should expect a greatly enhanced DiagTrack subsystem that provides unknown kinds of telemetry to Microsoft, with no easy way to switch it off. The obvious way to avoid such a situation is to avoid installing the patches in the first place. I'll step you through that minefield next month, when the patches appear for real. Tero Alhonen has noticed something uncanny about the patches: The KB 3192403 and KB 3192404 articles include wording that's basically identical to that found in KB 3192441, which is the Oct. 11 cumulative update for Windows 10 version 1511. They have the same telemetry upload points and registry entries. It sure looks like Windows 10-class snooping is coming to Windows 7 and 8.1. If you have Windows 7 or 8.1, you likely already have a nascent version of DiagTrack running. To see it, go into Control Panel and choose System and Security, Administrative Tools. Double-click on Services and scroll down the list to see if Diagnostic Tracking Service has been started. If you want to disable it (I've seen no reports of adverse side effects in doing so), double-click on Diagnostic Tracking Service. Under General, set Startup type to Disabled and click the Stop button, then OK. After you reboot, DiagTrack will haunt your PC no more -- until the next DiagTrack patch gets applied. If you want to kill DiagTrack and pour salt on the ground from which it springs, you can run these commands (each on one line) provided by abbodi86 on AskWoody.com: sc config DiagTrack start= disabled sc stop DiagTrack reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener /f reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Diagtrack-Listener /f reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\SQMLogger /f reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack /f reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /f takeown /f %ProgramData%\Microsoft\Diagnosis /A /r /d y icacls %ProgramData%\Microsoft\Diagnosis /grant:r *S-1-5-32-544:F /T /C del /f /q %ProgramData%\Microsoft\Diagnosis\*.rbs del /f /q /s %ProgramData%\Microsoft\Diagnosis\ETLLogs\* That's a scorched-earth removal of a "service" you're not likely to want. Stay tuned. There will be lots of bumps ahead, in the aftermath of this month's patchocalypse. I continue to recommend that you NOT install any October updates just yet. Wait for the dust to settle. Later this week I'll have detailed (and easy) step-by-step instructions for safely installing the October updates. Source: Microsoft previews telemetry push with new Win7/8.1 patches KB 3192403, 3192404 InfoWorld - Woody on Windows AskWoody.com - Woody Leonhard's no-bull news, tips and help for Windows and Office
  23. Microsoft Security Bulletins October 2016 Microsoft Security Bulletins October 2016 provides you with an overview of all security and non-security patches Microsoft released in that month. Microsoft released updates for supported operating systems and other company products on today's patch day. This guide provides you with information on the patches and related information. It covers all security and non-security updates that Microsoft released, plus additional information and links that may prove useful. It begins with an executive summary highlighting the most important information about the October 2016 Patch day. This is followed by the list of affected Windows client and server operating systems, and other Microsoft products. The severity and number of updates is listed for each product so that you can see on first glance how products that you use are affected. What follows is the list of security bulletins, security advisories, and non-security updates that Microsoft released in October 2016. The last part lists download options, and links to additional resources. Microsoft Security Bulletins October 2016 Executive Summary Updates for Windows 7 and 8 are provided as monthly rollup patches instead of individual updates from this Patch day on. We covered this in detail, and suggest you check out this article for details. Microsoft released a total of 10 security bulletins on the October 2016 Patch Day. Five of the ten bulletins are rated with a maximum severity rating of critical (highest), the remaining five with a maximum severity rating of important (second highest). All Microsoft client and server operating systems are affected by vulnerabilities. Microsoft Silverlight, Microsoft .Net Framwork, Microsoft Office, and various business products are affected as well. Operating System Distribution All client versions of windows are affected by MS16-118, Ms16-120 and MS16-122 critically. Windows 8.1, RT 8.1 and Windows 10 are furthermore affected by MS16-127 critically. windows 10 on top of that is affected by MS16-119 critically. Windows 10 is also affected by MS16-126, rated important, which fixes issues in the Microsoft Internet Messaging API. MS16-119 is a cumulative security update for Microsoft Edge. MS16-127 updates the integrated Adobe Flash Player on those systems. Windows Vista: 3 critical, 2 important, 1 moderate Windows 7: 3 critical, 2 important, 1 moderate Windows 8.1: 4 critical, 2 important Windows RT 8.1: 4 critical, 2 important Windows 10: 5 critical, 3 important Windows Server 2008: 1 critical, 2 important, 1 moderate, 1 low Windows Server 2008 R2: 1 critical, 2 important, 1 moderate, 1 low Windows Server 2012 and 2012 R2: 1 critical, 2 important, 2 moderate Server core: 1 critical, 3 important Other Microsoft Products Microsoft .NET Framework Security Only Release: 1 important. Microsoft .NET Framework -Monthly Rollup Release: 1 important. Skype for Business 2016: 1 important. Microsoft Lync 2010, 2013: 1 important. Microsoft Live Meeting 2007 Console: 1 important. Microsoft Silverlight: 1 important Microsoft Office 2007, 2010: 2 important Microsoft Office 2013, 2013 RT, 2016: 1 important Microsoft Office for Mac 2011, 2016: 1 important: Microsoft Word Viewer: 2 important Microsoft Office Compatibility Pack Service Pack 3: 2 important Microsoft SharePoint Server 2010, 2013: 1 important Microsoft Office Web Apps 2010, 2013: 1 important Security Bulletins Red = critical MS16-118 -- Cumulative Security Update for Internet Explorer (3192887) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. MS16-119 -- Cumulative Security Update for Microsoft Edge (3192890) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS16-120 -- Security Update for Microsoft Graphics Component (3192884) This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. MS16-121 -- Security Update for Microsoft Office (3194063) This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. MS16-122 -- Security Update for Microsoft Video Control (3195360) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. MS16-123 -- Security Update for Windows Kernel-Mode Drivers (3192892) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. MS16-124 -- Security Update for Windows Registry (3193227) This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information. MS16-125 -- Security Update for Diagnostics Hub (3193229) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. MS16-126 -- Security Update for Microsoft Internet Messaging API (3196067) This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. MS16-127 -- Security Update for Adobe Flash Player (3194343) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. Security advisories and updates Non-security related updates KB3194798 -- Update for Windows 10 Version 1607 - The update includes quality improvements according to Microsoft. The history lists various fixes for issues, as well as security updates released today. See this page for details. KB3192392 -- Security only update for Windows 8.1 and Windows Server 2012 R2 Security updates to Microsoft Video Control, kernel-mode drivers, Microsoft Graphics Component, Windows registry, and Internet Explorer 11. KB3185331 - Monthly Rollup for Windows 8.1 and Windows Server 2012 R2 This security update includes improvements and fixes that were a part of update KB3185279 (released September 20, 2016) and also all security updates of KB3192392. KB3192391 -- Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP Security updates to Windows authentication methods, Internet Explorer 11, Microsoft Graphics component, Microsoft Video Control, kernel-mode drivers, Windows registry, and Microsoft Internet Messaging API. KB3185330 -- Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 This security update includes improvements and fixes that were a part of update KB3185278 (released September 20, 2016), and also resolves the security updates listed under KB3192391 KB3191208 -- Update for Windows 10 Version 1511 -- Can't install Windows servicing updates in Windows 10 Version 1511 KB3197099 -- Dynamic Update for Windows 10 Version 1607 -- Compatibility update for upgrading to Windows 10 Version 1607: October 11, 2016 KB890830 -- Windows Malicious Software Removal Tool - October 2016 KB2952664 -- Update for Windows 7 -- Compatibility update for upgrading Windows 7. See this article for details. KB2976978 -- Update for Windows 8.1 -- Compatibility update for Windows 8.1 and Windows 8. See this article for details. KB3192665 -- Update for Internet Explorer -- ActiveX installation that uses AXIS fails after you install MS16-104. KB3063109 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 -- Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host. KB3177467 -- Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: September 20, 2016. KB3179930 -- Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6 and 4.6.1 on Windows 7 and Windows Server 2008 R2. KB3179949 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 and 4.6 on Vista and Server 2008. KB3181988 -- Update for Windows 7 and Windows Server 2008 R2 -- SFC integrity scan reports and fixes an error in the usbhub.sys.mui file in Windows 7 SP1 and Windows Server 2008 R2 SP1. KB3182203 -- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded -- September 2016 time zone change for Novosibirsk. KB3184143 -- Update for Windows 8.1 and Windows 7 -- Remove software related to the Windows 10 free upgrade offer. KB3184951 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows Server 2012. KB3185278 -- Update for Windows 7 and Windows Server 2008 R2 -- September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. Improved support for the Disk Cleanup tool to free up space by removing older Windows Updates after they are superseded by newer updates. Removed the Copy Protection option when ripping CDs in Windows Media Audio (WMA) format from Windows Media Player. Addressed issue that causes mmc.exe to consume 100% of the CPU on one processor after installing KB3125574. Addressed issue that causes the Generic Commands (GC) to fail upon attempting to install KB2919469 or KB2970228 on a device that already has KB3125574 installed. All reported changes here. KB3185279 -- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 -- September 2016 update rollup for Windows 8.1 and Windows Server 2012 R2. Addressed issue that causes some USB storage devices to lose authorization when the device goes into the lowest power state, requiring user to re-authenticate using PIN when the device moves back to a working power state. Addressed issue that causes Windows Explorer to become unresponsive when sharing a folder that is the child of at least two shared parent folders. Addressed issue that causes a COM port to become unavailable after it is repeatedly opened and closed. Addressed issue that causes devices to lose connection to their virtual private network (VPN) a few seconds after connecting, if the connection is made using an integrated mobile broadband connection. All reported changes here KB3185280 -- Update for Windows Embedded 8 Standard and Windows Server 2012 -- September 2016 update rollup for Windows Server 2012. KB3186208 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2. KB3159635 -- Update for Windows 10 Version 1607 -- Windows 10 Update Assistant update. How to download and install the October 2016 security updates Updates are also provided via Microsoft's Download Center, monthly Security ISO image releases, and via Microsoft's Update Catalog. Direct Microsoft Update Catalog download links: Windows 7 Security-only October 2016 Windows 8.1 Security-only October 2016 Windows 8.1 Flash security patch October 2016 Additional resources Microsoft Security Bulletin Summary for October 2016 List of software updates for Microsoft products List of security advisories of 2016 Microsoft Update Catalog site Our in-depth update guide for Windows Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source
  24. When Microsoft offered Windows 10 as a free upgrade to Windows 8.1 and Windows 7 SP1 users last year, everyone rejoiced and readily opted for the upgrade. But soon it was discovered that Windows 10 has so many programs and components that send a feedback about how you use your PC to Microsoft servers. After that everyone became very cautious about upgrading to Windows 10 and turning off various settings in Windows 10 if they actually upgrade to the new operating system. Now almost one year has passed and nothing has changed – Microsoft has actually become more aggressive about advertising their products via Windows updates and hiding the privacy related options much deeper into a pile of settings. If you want to be able to manage those privacy settings from one place instead of hunting for them in dozens of locations, then you can use Windows 10 Dominator tool. Windows 10 Dominator is an open source tool that allows you to manage all the privacy settings in Windows 10 that are otherwise difficult to configure. You can manage various privacy, telemetry, location and other miscellaneous settings using this small program. Under the privacy settings, you can toggle the search bar results, use of your advertising ID by apps, sending feedback to Microsoft, logging of keystrokes, and asking for your feedback etc. You can also switch off telemetry data collection, connecting to Microsoft telemetry servers, prevent the apps from requesting your location, turn off SmartScreen filter and more. All of these settings are available somewhere in Windows but Windows 10 Dominator allows you to easily control them from its interface. However, if you want to manually change these settings in Windows, then you can click on the more.. shown next to each of the settings in Windows 10 Dominator. For example, if you click on more.. displayed next to the SmartScreen filter setting, then it opens Windows settings window where you can manually modify the setting. Windows 10 Dominator Article source
  25. Windows Spy Blocker is a regularly updated collection of firewall, hosts file and Proxifier rules that block Windows 10 phone home functionality. While Microsoft collected telemetry data in previous versions of the Windows operating system as well, data collection was intensified with the release of Windows 10. The default installation has most telemetry data settings set to enabled and while options are provided to turn off some settings, some cannot even be turned off in the operating system's settings. According to Microsoft, the data collecting is all for the greater good as it helps Microsoft make the product better for the user. While there is certainly some truth to that, it is not the whole story and since no one knows what Windows 10 PCs are submitting to Microsoft in regular intervals, some prefer to block connections to Microsoft servers altogether. Lots of tools have been created in the past year that aim to help users improve privacy when using Windows 10 machines. You can check out our comparison of privacy programs for Windows 10 for that as a starting point. Windows Spy Blocker Windows Spy Blocker is a collection of rules that its author has discovered while running Wireshark on a Windows 10 Professional system. The provided download includes a batch file that updates rules files, and files with the latest set of rules as well. Hosts file The hosts directory lists three files that block Windows Telemetry, Windows Update, and third party applications (using servers operated by Microsoft). You can copy and paste the information into the Windows hosts file directly, which you find under C:\Windows\System32\drivers\etc, or by using hosts managers which may be easier to use and support extra features such as backing up the hosts file or resting a previously backed up copy. Firewall The firewall directroy includes the batch file. You get a number of options when you run it, including one to download and add rules from the GitHub repository, or to add or remove rules so that Windows Firewall uses them on the computer. Proxifier Some hosts are not blocked even when they are added to the hosts file. The author of Windows Spy Blocker suggests to use a top level application such as Proxifier for these instead, and that's what this set of rules are designed for. You can use other means, like blocking hosts on the router level or hardware firewall if one sits between the device and the network/Internet. Closing Words Windows Spy Blocker offers a handy set of rules to block Windows 10 devices from phoning home. While you may be tempted to use them all without verification, it is highly suggested to make sure you are not blocking services or features that you require or use. This includes Windows Update, and especially so if you are not using other means to retrieve updates for the operating system running on the device. crazy-max/WindowsSpyBlocker Article source
×