Microsoft Windows Hosts

From Kicksecure
Jump to navigation Jump to search

Microsoft Windows as Malware, Windows Insecurity, Windows Backdoors, Windows User Freedoms Restrictions, Windows Surveillance, Other Windows Abuses, Inescapable Telemetry

Windows Backdoors[edit]

Table: Windows Backdoors

Category Description
User Content Upload to Microsoft Windows sometimes takes user content, such as documents and uploads it to Microsoft servers.

Quote Microsoft: Configure telemetry and other settings in your organization (web archived website) The Web Archive (Underline added.)

Full level

The Full level gathers info necessary to identify and to help fix problems, following the approval process described below. This level also includes info from the Basic, Enhanced, and Security levels.

Additionally, at this level, devices opted in to the Windows Insider Program will send events that can show Microsoft how pre-release binaries and features are performing. All devices in the Windows Insider Program are automatically set to this level.

If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional info becomes necessary. This info can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the Full telemetry level and have exhibited the problem.

However, before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:

  • Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
  • Ability to get registry keys.
  • Ability to gather user content, such as documents, if they might have been the trigger for the issue.

Media also reported. The Register: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your dataarchive.org (Underline added.):

At the Full setting, you grant Microsoft permission to collect extra data [...]

The formal documentation makes it clear that this sort of investigation can snag personal documents:

[...]

Ability to gather user content, such as documents, [...]

Quote ZDNet: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your dataarchive.org (Underline added.):

At the Full setting, you grant Microsoft permission to collect extra data when your device "experiences problems that are difficult to identify or repeat using Microsoft's internal testing.

The formal documentation makes it clear that this sort of investigation can snag personal documents:

[...]

Ability to gather user content, such as documents, if they might have been the trigger for the issue.

The default level is Full for Windows 10 Home and Pro and Enhanced for Enterprise edition. (On a device that is running an Insider preview edition, this value is set to Full and can only be changed by installing a released version.) If you are concerned enough about privacy to have read this far, you probably want to set the telemetry level to Basic.

Quote OS researchgate: Call Home: Background Telemetry Reporting in Windows 10archive.org (Underline added.):

The default level for Windows 10 Home and Pro is “Full” and “Enhanced” for Enterprise editions.

Quote Microsoft (web archived, year 2018archive.org (Underline added.):

Full level The Full level gathers data necessary to identify and to help fix problems, following the approval process described below. This level also includes data from the Basic, Enhanced, and Security levels. This is the default level for Windows 10 Pro.

Alternative write-up, Scaring: Windows 10 lets Microsoft access your own local filesarchive.org.

In theory it might be possible to disable this behavior but then there have also been cases where these settings have not been honored as documented in chapter Inescapable Telemetry.

There is a privacy by policy safeguard implemented at the Microsoft organisational level. Quote "However, before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer." However, privacy by policy is not privacy by design (privacy enforced through technology). Generally speaking, there is a history of privacy by policy safeguards being circumvented by malicious employees (insider attack), hacking (outsider attacks) and privacy by policy also fails in case of government requests. Microsoft’s privacy governance team would be circumvented if Microsoft was compelled through a government order.

Quote FBI–Apple encryption disputearchive.org (Underline added. code added.):

In 2015 and 2016, Apple Inc. received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these seek to compel Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones [...]

While there exists (to the knowledge of the author) no law that allows the government to compel companies to add new surveillance capabilities, new backdoors to operating systems, Microsoft has an existing capability of accessing user content on the Windows operating system. It is therefore conceivable that Microsoft is receiving orders of using that existing capability.

Possibly even orders which Microsoft would never be allowed to talk about due to a gag orderarchive.org. Microsoft's U.S. National Security Orders Reportarchive.org states Foreign Intelligence Surveillance Act (FISA)archive.org orders for the time period of July - Dec 2019, 0 - 499 orders seeking disclosure of content with 14,500 - 14,999 Accounts impacted by orders seeking content. Some orders probably related to hosted accounts such the Microsoft live e-mail service or Skype. It is unknown if that might also include user content from Windows. FISA is just one order that includes a secrecy order (gag order) by the U.S. government. Microsoft must also abide by other types of government orders as well as by orders from governments of different countriesarchive.org.

The relevant statement by Microsoft Ability to gather user content, such as documents, can be found on this web archived website The Web Archive . The relevant statement can no longer be found in the current version of the document. If just the text or the actual behavior was changed in unknown by the author since no changelog, no further information on this could be found and no source code is available to the general public. [1]

If using this existing capability is possible against any users where only an IP address or Windows Live ID is known at any time or if an existing crash report is a prerequisite is also unknown for the same reasons. It would be far better if there would be no such existing capability.

Encryption Microsoft has backdoored its disk encryption.

Quote The Intercept: (...) Microsoft Probably Has Your Encryption Keyarchive.org:

But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out.

“When a device goes into recovery mode, and the user doesn’t have access to the recovery key, the data on the drive will become permanently inaccessible. Based on the possibility of this outcome and a broad survey of customer feedback we chose to automatically backup the user recovery key,” a Microsoft spokesperson told me. “The recovery key requires physical access to the user device and is not useful without it.”

But disabling this requires awareness of the issue, skills of using search engines and finding documentation how to do so, and technical skills to disable this privacy intrusion. This is often not the case for non-technical users. (The Tyranny of the Default)

Software Choice and Deletion

Windows Surveillance[edit]

Table: Windows Surveillance Threats

Category Description
Adversary Collaboration
Anonymity
Keylogger

Windows 10 comes with a keylogger.

Quote Microsoft (year 2015 web archived version): Windows 10 speech, inking, typing, and privacy FAQ The Web Archive :

What are speech, inking, and typing services? When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)— [...]

Quote [2] PCWorld: text input and unique typing cadence (pattern)archive.org:

Microsoft pretty much admits it has a keylogger in its Microsoft: Windows 10 speech, inking, typing, and privacy FAQ The Web Archive : “When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)…”

Quoting 2015 version of Microsoft: Windows 10 speech, inking, typing, and privacy FAQarchive.org:

Can I clear the speech, inking, and typing data Microsoft has collected about me?

Yes, you can clear your speech, inking, and typing data from your device and from the cloud.

  • [...]
  • To clear data stored on the cloud, go to Start, then Settings > Privacy > Speech, inking, & typing, and then select the Go to Bing and manage personal info for all your devices link.

Note: any deletion from the quote is only a promise. If data was leaked or shared with other parties previously or requested thought government order previously, it would not be deleted.

Such data is vulnerable to Keystroke Deanonymization.

Voice Recording

Quote 2020 Microsoft: Windows 10 speech, inking, typing, and privacy FAQarchive.org (Underline added.):

When you use the Microsoft cloud-based speech recognition service, Microsoft collects and uses your voice recordings to create a text transcription of the spoken words in the voice data.

This means Windows is recording the voice of the user and storing it on servers owned by Microsoft. The same website mentions this can be disabled.

You can use device-based speech recognition without sending your voice data to Microsoft.

But disabling this requires awareness of the issue, skills of using search engines and finding documentation how to do so, and technical skills to disable this privacy intrusion. This is often not the case for non-technical users. (The Tyranny of the Default)

Quote Microsoft Privacy Statement, Last Updated: March 2021archive.org (Underline added.) (Bold added.):

Inking and typing Recognition. You also can choose to help Microsoft improve inking and typing recognition by sending inking and typing diagnostic data. If you choose to do so, Microsoft will collect samples of the content you type or write to improve features such as handwriting recognition, autocompletion, next word prediction, and spelling correction in the many languages used by Windows customers. When Microsoft collects inking and typing diagnostic data, it is divided into small samples and processed to remove unique identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to you. It also includes associated performance data, such as changes you manually make to text, as well as words you've added to the dictionary. Learn more about improving inking and typing in Windows 10archive.org.

This sounds rather theoretic, "collect samples" - how many samples? "processed to remove" data "which could be used to reconstruct the original content or associate the input to you" - how well does that processing work?

Such data is vulnerable to Voice Deanonymization.

Spyware

According to tecChannel, the information sent to Microsoft includes details of all the software installed in a machine, not only Microsoft applications.

Telemetry and Personal Data

Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent “or as necessary”.

By default, when signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example “web browser history, favorites, and websites you have open” as well as “saved app, website, mobile hotspot, and Wi-Fi network names and passwords”. Users can however deactivate this transfer to the Microsoft servers by changing their settings.

“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to”, for example, “protect their customers” or “enforce the terms governing the use of the services”.

EU still concerned over Windows 10 privacy despite Microsoft’s changesarchive.org (2017)

Quote EFF With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Divearchive.org:

Windows 10 sends an unprecedented amount of usage data back to Microsoft,

France orders Microsoft to stop tracking Windows 10 usersarchive.org, Quote government orderarchive.org (Underline added.):

The Chair of the National Data Protection Commission (CNIL) issues formal notice on Microsoft Corporation to stop collecting excessive data and tracking browsing by users without their consent. She is also demanding that Microsoft take satisfactory measures to ensure the security and confidentiality of user data.

Ars Technica: Dutch privacy regulator says Windows 10 breaks the lawarchive.org [3]

Regulator says Microsoft doesn't offer enough information to enable informed consent.

Trust
Windows Error Reporting (WER) and Core Dumps Privacy Issues

Although Microsoft has made privacy assurances, they acknowledge that personally identifiable information]could be contained in the memory and application data compiled in the 100-200 KB "minidumps" that Windows Error Reporting compiles and sends back to Microsoft. They insist that in case personal data is sent to Microsoft, it won't be used to identify users, according to Microsoft's privacy policy. [4] [5] But in reporting issues to Microsoft, users need to trust Microsoft's partners as well. About 450 partners have been granted access to the error reporting database to see records related to their device drivers and apps. [6]

In December 2013, an independent lab found that WER automatically sends information to Microsoft when a new USB device is plugged to the PC.[7]

#crash reporter abused by NSA

According to Der Spiegel: Inside TAO: Documents Reveal Top NSA Hacking Unitarchive.org:

  • The Microsoft crash reporter has been exploited by NSA's Tailored Access Operations unit to hack into the computers of Mexico's Secretariat of Public Security.
  • Microsoft crash reports are automatically harvested in NSA's XKeyscore database, in order to facilitate such operations.

Having Fun at Microsoft's Expense

One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers.

When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscorearchive.org spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.

The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.

Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant. In one internal graphic, they replaced the text of Microsoft's original error message with one of their own reading, "This information may be intercepted by a foreign sigint system to gather detailed information and better exploit your machine." ("Sigint" stands for "signals intelligence.")

Quote Microsoftarchive.org (Underline added.):

Enhanced error reporting, including the memory state of the device when a system or app crash occurs (which may unintentionally contain user content, such as parts of a file you were using when the problem occurred).

Trying to disable the lenghty of privacy invasive featuresarchive.org is a huge task similar to playing "whack-a-mole". Being unaware of some spyware feature could result in unwanted surveillance.

Windows User Freedom Restrictions[edit]

A number of conscious decisions by Microsoft severely limit user freedoms.

Table: Windows User Freedom Threats

Category Description
Trust

The German government, Ministry of Economics, Federal Office for Information Security (BSI) does not trust Microsoft Windows.

Archived, redacted version after court order requested by Microsoft against news paper ZEIT ONLINE: page 1 The Web Archive , page 2 The Web Archive (DeepL translated [8]):

For example, an internal paper from the Ministry of Economics from early 2012 states: "Due to the loss of full sovereignty over information technology," the security goals of "confidentiality" and "integrity" are no longer guaranteed. Elsewhere, there are sentences such as, "Significant impacts on the IT security of the federal administration may result." Accordingly, the conclusion is: "The use of 'trusted computing' technology in this form ... is unacceptable for the federal administration and for operators of critical infrastructures."

What was it that ZEIT ONLINE needed to redact?

Quote A BSI-2i.pdf German government internal documents leaked on wikileaksarchive.org (DeepL translated [9]):

With regard to the use of TPMs, it can be pointed out in the negotiations, that not only the German government is critical of the use of TPMs that it does not control itself, but also wide sections of German industry, especially in critical infrastructures.

[10]

Therefore, Microsoft argues that they themselves need control over UEFI "Secure Boot". in order to securely manage UEFI "Secure Boot" for the owner. From the BSI's point of view the effort for a self-controlled configuration of UEFI "Secure Boot" is currently high, but it is urgently required in particular in areas of application with a high need for protection or in critical infrastructures.

Heise: German authorities are losing control over critical IT systems The Web Archive (German language, use DeepL and/or Google Translate) [11]:

On the one hand, the federal government demands "unrestricted controllability" of computers that keep critical infrastructures running - i.e. nuclear power plants, water, energy and transport networks. On the other hand, the responsible authorities are doing nothing to regain the control already lost to Intel and Microsoft.

The Register - Germany warns: You just CAN'T TRUST some Windows 8 PCsarchive.org

A whitewashed statement by the German government, Federal Office for Information Security, BSI, [12] wrote ( See full statement (web archived) The Web Archive .) (DeepL translated):

From the point of view of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and hardware used. This results in new risks for users, especially for the federal administration and critical infrastructures. In particular, on hardware operated with a TPM 2.0, with Windows 8, unintentional errors by the hardware or operating system manufacturer, but also by the owner of the IT system, can lead to error conditions that prevent further operation of the system. This can lead to the situation that in case of an error, not only the operating system but also the hardware used is permanently unusable. Such a situation would be unacceptable neither for the Federal Administration nor for other users. Furthermore, the newly implemented mechanisms can also be used for acts of sabotage by third parties. These risks must be countered.

For certain user groups, the use of Windows 8 in combination with a TPM can certainly mean a security gain. These include users who, for various reasons, cannot or do not want to worry about the security of their systems, but trust the system manufacturer to provide and maintain a secure solution. This is a legitimate usage scenario, but the manufacturer should provide sufficient transparency about the possible limitations of the provided architecture and possible consequences of its use.

Forced Updates Microsoft has a history of updating software without permissionarchive.org. While configurable update reminders are good for those who forget to regularly update, forced updates are problematic for those that do not wish to. [13]

This Windows issue has not been foreseen. To the knowledge of the author there where no popular "really disable all Windows updates" instructions.

By comparison such an issue is unlikely to happen with Debian (and many derivatives) based operating systems (and other Freedom Software Linux distributions). On Windows there was no real way to check which code will run when. Or at least, for practical purposes, nobody did reverse engineering and documented that.

For example on Debian (based) operating systems by default their default package manager APT is fully Open Source. But also without reading the source code, it's behavior is much more predictable.

Software sources are defined in easily human readable files such as /etc/apt/sources.list file and configuration snippets in /etc/apt/sources.list.d folder. These files can be viewed and edited with a simple text editor by the system administrator. Then also the upgrade process is divided into two parts. Downloading updated package lists ("sudo apt update") and the actual upgrade ("sudo apt full-upgrade"). The first step merely downloads metadata. No actual software packages are downloaded. [14] If anything looks unwanted, the user can disable any software source and re-fetch software sources to "forget" unwanted ones. The second step shows the user a preview what would happen (newly installed packages, upgrades packages, package removals) and asks the user for confirmation. [15] Automatic updates require installation of a software package that implements automatic upgrade functionality such as the unattended-upgrades Debian package. If no such package is installed, no automatic updates will happen. Surprises, package manager behavior unwanted by the user are extremely less likely.

Forced Upgrades
Tiered Stability (Updates Testing) Windows forces lower-paying customers to install new updates and gives higher-paying customers the option of whether or not to adopt them. Quotearchive.org:

Windows 10 Enterprise does allow users to postpone any update indefinitely but it is only available in bulk licensing.

User Freedoms
Software Freedom
Forced Telemetry into C++ Binaries

Adversary Collaboration[edit]

Microsoft has a history of informing adversaries of bugs before they are fixed. Microsoft reportedly gives adversaries security tipsarchive.org (archive.isarchive.org) on how to crack into Windows computers.

Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process.

Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn't ask and can't be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to give government "an early start" on risk assessment and mitigation

See also this opinion analyzing this, How Can Any Company Ever Trust Microsoft Again?archive.org.

By comparison, the Linux kernel has a security buy embargo processarchive.org.

[...]

Although our preference is to release fixes for publicly undisclosed bugs as soon as they become available, this may be postponed at the request of the reporter or an affected party for up to 7 calendar days from the start of the release process, with an exceptional extension to 14 calendar days if it is agreed that the criticality of the bug requires more time. The only valid reason for deferring the publication of a fix is to accommodate the logistics of QA and large scale rollouts which require release coordination.

While embargoed information may be shared with trusted individuals in order to develop a fix, such information will not be published alongside the fix or on any other disclosure channel without the permission of the reporter. This includes but is not limited to the original bug report and followup discussions (if any), exploits, CVE information or the identity of the reporter.

In other words our only interest is in getting bugs fixed. All other information submitted to the security list and any followup discussions of the report are treated confidentially even after the embargo has been lifted, in perpetuity.

[...]

Fixes for sensitive bugs, such as those that might lead to privilege escalations, may need to be coordinated with the private <linux-distros@vs.openwall.org> mailing list so that distribution vendors are well prepared to issue a fixed kernel upon public disclosure of the upstream fix. Distros will need some time to test the proposed patch and will generally request at least a few days of embargo, and vendor update publication prefers to happen Tuesday through Thursday. When appropriate, the security team can assist with this coordination, or the reporter can include linux-distros from the start.

[...]

The crucial difference between Microsoft bug embargoes and Linux bug embargoes is that Microsoft notifies intelligence agencies which are then known to exploit vulnerabilities while the Linux kernel security team has a much more transparent bug embargo process where trusted parties, huge Linux distributions receive an early notification for the purpose of wide availability of the software upgrade containing the fix before to prevent wide exploitation by attackers in the wild.

Shared Source[edit]

  • Open Source, Freedom Software versus
  • proprietary, closed source, precompiled software.

are totally different development models. Both development models have advantages and disadvantages.

The case for Open Source, Freedom Software is made on the Avoid Non-Freedom Software wiki page.

One advantage for closed source software could be argued being secrecy, security through obscurityarchive.org. (Also addressed on the Avoid Non-Freedom Software wiki page.)

However, Microsoft Windows has none of the advantages of Open Source, Freedom Software but also cannot fully take advantage of security through obscurity either. Part of the Shared Source Initiativearchive.org is the Government Security Programarchive.org. Quote ZDNetarchive.org:

Microsoft's Shared Source Initiativearchive.org makes source code available to "qualified customers, enterprises, governments, and partners for debugging and reference purposes". There's almost no information on the company's website about their Government Security Programarchive.org (GSP). Just two sentences. But the first of those sentences notes that requests might come from "local, state, provincial, or national governments or agencies". When the GSP was launched back in 2003, however, Microsoft was happy to tell the media that Windows source code was made available to a number of governments and international organistions, including Russia, NATO, the UK, and China. Another report said that Australia, Austria, Finland, Norway, Taiwan, and Turkey were also on the list.

Simplified summary: Independent security researchers don't have access to the source code but huge groups of people from of which some you probably do not trust do have the advantage over you. The only motivation for sharing the source code is to get regulatory approval for deployment in foreign government networks that demand certain assurances for accessing their markets. This has nothing to do with empowering third parties or giving them the choice and freedom to modify the software or share it with others.

Inescapable Telemetry[edit]

The fact that there is no way to completely remove or disable telemetry requires further consideration. For instance, non-enterprise editions do not permit anyone to completely opt-out of the surveillance "features"archive.org of Windows 10. Quote Even when told not to, Windows 10 just can’t stop talking to Microsoftarchive.org. Quote Windows 10 Sends Your Data 5500 Times Every Day Even After Tweaking Privacy Settingsarchive.org

CheesusCrust also disabled every single tracking and telemetry features in the operating system. He then left the machine running Windows 10 overnight in an effort to monitor the connections the OS is attempting to make.

Eight hours later, he found that the idle Windows 10 box had tried over 5,500 connections to 93 different IP addresses, out of which almost 4,000 were made to 51 different IP addresses belonging to Microsoft.

Even if some settings are tweaked to limit this behavior, it is impossible to trust those changes will be respected. Even the Enterprise edition was discovered to completely ignore privacy settings and anything that disables contact with Microsoft servers. [19]

Any corporation which forces code changes on a user's machine, despite Windows updates being turned off many times before, is undeserving of trust. [20] [21] [22] [23] [24] Windows 10 updates have been discovered to frequently reset or ignore telemetry privacy settings. [25] Microsoft backported this behavior to Windows 7 and 8archive.org for those that held back, so odds are Windows users are already running it.

Forfeited Privacy Rights[edit]

By now the reader should be convinced that just by using any version of Windows, the right to privacy is completely forfeited. Windows is incompatible with the intent of Kicksecure (and the anonymous Tor Browser), since running a compromised Windows host shatters the trusted computing base which is part of any threat model. Privacy is inconceivable if any information that is typed or downloaded is provided to third parties, or programs which are bundled as part of the OS regularly "phone home" by defaultarchive.org.

Targeted Malicious Upgrades[edit]

Microsoft Windows is not designed to be resistant to targeted malicious software upgrades of the Windows operating system or applications from Windows store.

Targeted malicious software upgrade means singling out specific users and shipping malicious upgrades to these select users only.

Most users are using a Windows Live ID since that is encouraged by Windows and their real names and IP addresses.

When installing/updating applications using the Microsoft Store, Microsoft knows the Windows Live ID, therefore also the real name and IP address of the user. It follows that a coerced or compromised Microsoft Store could single out users and ship malicious software that includes malware with features such as remote control, remote view, file upload and download, microphone and web camera snooping, keyboard logging and so forth. This is the same situation for any OS shipped with corporate controlled walled garden app store like Apple, Google and Amazon.

With knowledge of Microsoft existing privacy intrusive behavior as documented elsewhere on this page, it seems sane to assume that the same applies to Microsoft Update.

By comparison:

  • Most Linux distributions usually do not require an e-mail based login to receive upgrades. Users can still be singled out by IP addresses unless users opt-in for using something such as apt-transport-tor which is not the default.
  • In case of Whonix And Kicksecure, all upgrades are downloaded over Tor. There is no way for the server to ship legit upgrade packages to most users while singling out specific users for targeted attacks.

Opinion by GNU Project[edit]

The GNU Project opinionarchive.org is that Windows is "Malware", due to the threats posed to personal freedoms, privacy and security, meaning the software is designed to function in ways that mistreat or harm the user.

Interpretation of Opinion by GNU Project:

Word definitions: Spyware is a type of malware.

Quote wikipedia malwarearchive.org:

A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and scareware.

If that definition is accepted... It therefore follows, if one agrees that "Windows is Spyware", it then logically follows "Windows is also Malware". This is to explain the GNU Project opinion of calling Windows "Malware".

Windows is malware by definition because of what it does. Individuals trusting Microsoft as an entity with all the data it collects by default doesn't change that determination.

Opinion by Free Software Foundation[edit]

The Free Software Foundation (FSF) writesarchive.org quote:

Microsoft uses draconian law to put Windows, the world's most-used operating system, completely outside the control of its users. Neither Windows users nor independent experts can view the system's source code, make modifications or fixes, or copy the system. This puts Microsoft in a dominant position over its customers, which it takes advantage of to treat them as a productarchive.org.

Windows Insecurity[edit]

Microsoft's willingness to consult with adversaries and provide zero daysarchive.org before public fixes are announced logically places Windows users at greater risk, especially since adversaries buy security exploits from software companiesarchive.org to gain unauthorized accessarchive.org into computer systems. [26] Even the Microsoft company president has harshly criticized adversaries for stockpiling vulnerabilitiesarchive.org that when leaked, led to the recent ransomware crisis world-wide. This is elaborated in chapter Adversary Collaboration.

Windows is not a security-focused operating systemarchive.org. If it was, it would for example:

Such security standards are well affordable because since Microsoft makes billions of profit as well as very realistic since some Freedom Software Linux distributions already implemented these.

Due to Microsoft's restrictive, proprietary licensing policy for Windows, there are no legal software projects that are providing a security-enhanced Windows software forkarchive.org. There are security-enhanced Windows software fork(s) but these are illegal, violating the copyright of Microsoft and provided by anonymous developers. In contrast, the Linux community has multiple Freedom Software Linux variants that are strongly focused on security, like Qubes OSarchive.org.

Microsoft provides Tyrant Security. Not Freedom Security. ( Freedom vs Tyrant Security The Web Archive Onion Version ) Windows comes with some innovative security technologies, however privacy and user freedom is terrible. Security and privacy have a strong connection. Quote Bruce Schneier Security vs. Privacyarchive.org, The Value of Privacyarchive.org:

There is no security without privacy.

Quote HulaHooparchive.org:

I equate privacy with security because they are very much related in the real world especially for whistleblowers.

Windows Historic Insecurity[edit]

Microsoft updates also use weak cryptographic verification methods such as MD5 and SHA-1. In 2009, the CMU Software Engineering Institute stated that MD5 "...should be considered cryptographically broken and unsuitable for further use". [27] In 2012, the Flame malware exploited the weaknesses in MD5 to fake a Microsoft digital signature. [28]

Before Windows 8, there was no central software repository comparable to Linux where software could be downloaded safely. This means a large segment of the population remains at risk, since many Windows usersarchive.org are still running Windows 7.

https://seclists.org/fulldisclosure/2023/Feb/14archive.org

Windows Software Sources[edit]

On the Windows platform, a common way to install additional software is to search the Internet and install the relevant program. This is risky, since many websites bundle software downloads with adware, or worse malware. Even if software is always downloaded from reputable sources, they commonly act in very insecure ways. For example, if Mozilla Firefox is downloaded from a reputable website like chip.de, [29] then until recently, the download would have taken place over an insecure, plain http connection. [30] In that case, it is trivial for ISP level adversaries, Wi-Fi providers and others to mount man-in-the-middle attacks and to inject malware into the download. But even if https is used for downloads, this would only provide a very basic form of authentication.

To keep a system secure and free of malware it is strongly recommended to always verify software signatures. However, this is very difficult, if not impossible for Windows users. Most often, Windows programs do not have software signature files (OpenPGP / gpg signatures) that are normally provided by software engineers in the GNU/Linux world.

Tools for software digital signature verification are not installed by default on the Windows platform. Neither SignTool nor gpg4win are installed by default on the Windows platform. These could be manually installed but there is a bootstrap issue. These tools itself would have to be downloaded over https, i.e. only with a very basic form of authentication. In contrast, on the Linux platform usually the GnuPG software digital signature verification tool is installed by default.

For these reasons it is safe to assume that virtually nobody using a Windows platform is regularly benefiting from the strong authentication that is provided by software signature verification.

Windows 10 App Store does not suffer from this issue and does software signature verification but many applications are not available form Windows App Store. In the Windows ecosystem, the culture is software signature verification is less widespread.

In contrast, most Linux distributions provide software repositories. For example, Debian and distributions based on Debian are using apt. This provides strong authentication because APT verifies all software downloads against the Debian repository signing key. Further, this is an automatic, default process which does not require any user action. Apt-get also shows a warning should there be attempts to install unsigned software. Even when software is unavailable in the distribution's software repository, in most cases OpenPGP / gpg signatures are available. In the Linux world, it is practically possible to always verify software signatures.

No Ecosystem Diversity Advantage[edit]

The popularity of Windows platforms on desktops actually increases risk, as attackers target the near monocultural operating system environment with regularity. A security bug is usually exploitable on many versions of Windows run anywhere, making them known in security terms as a "class break". [31] For example:

Intransparency[edit]

Windows source code is unavailable for public review and build by independent third parties.

Microsoft Windows has none of the advantages of Open Source, Freedom Software but also cannot fully take advantage of security through obscurity either. This point is made in chapter shared source.

There is no public issue tracker for Microsoft Windows where any reasonable user is allowed to post or reply. There is a public list of vulnerabilitiesarchive.org but without public discussion among developers and/or users. [32] Microsoft's internal issue tracker is private, unavailable for the public even for reading. [33] The ability of the public of getting insights into the planning, thought process of Microsoft, participation in the development of Windows is much more limited. This is the case for many closed source, proprietary software projects. The community cannot participate as much in development. In comparison for Open Source projects, issue tracker are most often public for everyone to post and reply (with exception of security issues under embargo until fixed).

When users are having issues and searching for advice, often the advice is to "reinstall Windows". Due to the closed source nature of windows, it's far more difficult to analyze issues and provide bug fixes and workarounds.

Sometimes reverse engineering is cited as an alternative to the unavailability of Window's source code to the general public. Reverse engineering however is far more difficult. For example, the forced updates and forced upgrades issues, Windows ignoring the user's automatic update settings (documented in chapter Windows User Freedom Restrictions) had not been foreseen and published by anyone doing reverse engineering. Users were taken by surprise.

Using Earlier Windows Versions is no good Alternative[edit]

When users learn about shortcoming, anti-features, spyware features of Windows they often consider as an alternative to not upgrade to a newer version of Windows or to downgrade to an earlier version of Windows. [34] This is not a solid plan for the future since security support for older versions of Windows is being dropped and without security support, newly found security vulnerabilities will remain unfixed.

This is also made difficult due to forced updates/upgrades which are mentioned above.

Terrible Company[edit]

Microsoft has been hostile against Freedom Software. Microsoft is a patent troll. Microsoft claimed that Linux infringed its intellectual property. Microsoft experienced backslash over that claim, never substantiated this claim, sued anyone or apologized. References:

Other:

The Tyranny of the Default[edit]

Quote The Tyranny of the Default [35]:

“‘The tyranny of the default’ [is] the expression I like to use for: we know most users don’t go in and change things. They just assume that someone smarter than them chose the settings that are best for them, and so they say ‘YES’ a lot when they’re asked questions. What that means is that if it’s enabled by default, it’ll tend to stay on.

Any anti-features of Windows such as telemetry cannot be excused by "but it can be disabled". That's a workaround at best. Not a fix. Fact remains, for most users, if it’s enabled by default, it’ll tend to stay on.

Changing defaults requires awareness of the issue, skills of using search engines and finding documentation how to do so, and technical skills to change the default. This is often not the case for non-technical users. Even technical users might forget it in some situations such after re-installation. Therefore default settings matter.

Nuisances[edit]

  • "reinstall Windows": When users are having issues and searching for advice, often the advice is to "reinstall Windows". Due to the closed source nature of windows, it's far more difficult to analyze issues and provide bug fixes and workarounds.
  • Windows update often take a long time and require multiple reboots. [36]
  1. User runs Windows update.
  2. Windows downloads updates and installs.
  3. Reboot is required, the user reboots, shutdown takes a long time since Windows is finalizing some updates.
  4. Boot takes a long time since Windows is finalizing some updates.
  5. Windows update reports further updates. Back to 1.
  6. Repeat a few times.

By comparison, for example for Debian based distributions a single "sudo apt update && sudo apt full-upgrade" is sufficient to download and install all updates. No extra time is required for shutdown or the next boot. No further updates are required right after reboot. [37]

Advertisements:

Windows is less flexible. While with Linux distribution it's easily possible to install them on USB or to swap a hard drive installed in one computer and boot it inside a replacement computer, these are major challenges for Windows users.

It's hard to modify Windows. For example, Qubes Windows Tools for Windows 10 are still not ready.

Freedom Software Superiority[edit]

Based on the preceding section and analysis, it is strongly recommended to learn more about GNU/Linux and install a suitable distribution to safeguard personal rights to security and privacy. Otherwise, significant effort is required to play "whack-a-mole" disabling Windows anti-features, which routinely subjects users to surveillance, limits choice, purposefully undermines security, and harasses via advertisements, forced updates/forced upgrades, and so on.

See also Avoid Non-Freedom Software.

Conclusion[edit]

Can Windows 10 be secure for huge enterprise level customers? In theory, maybe. These customers might have access to Windows Shared Source which mightarchive.org even be complete enough to building Windows from source code. Who knows. It cannot be known for sure due to the high requirementsarchive.org to get access to Windows source code and the requirement of signing a non-disclosure agreement (NDA). Even if the author of this page did know, it could not be published here due to the NDA requirement. Such customers might even be able to escape the otherwise for mere mortals Inescapable Telemetry, to build their own Windows installer ISO and Windows updates from Windows source code.

In practice, it is foolish to trust any version coming from an entity that has proved beyond doubt that is not trustworthy. Much better to move on and instead use sustainable alternatives.

Can Windows 10 be secure for laymen users? Probably not. Due to Windows Error Reporting (WER) and Core Dumps Privacy Issues, telemetry, spyware and keylogger (see chapter Windows Surveillance) too much private information including user data is ending up on Microsoft servers which is then in part harvested by any government with thousands of employees which Mircosoft is compelled to cooperate with. Such data can then be used in parallel constructionarchive.org (evidence laundering), circumvention of constitutional protections against protection from unreasonable searches and seizures.

Security updates are necessary for any operating system but the issue with Microsoft is they tend to sneak in things other than what users can reasonably expect. In the past at least they made changes to the update system to still phone home even if it was disabled. Examples include Inescapable Telemetry and forced updates/upgrades.

Windows officially admits their data mining activity and gives users so-called options to “choose” what they share. Third parties have uncovered time and time again, these user choices are ignored and there is no way to disable data gathering completely.

Does Windows result in a world wide net gain or net loss of privacy?

A proprietary security hardened Windows that resists third party spyware + includes data snooping in its core = net loss of end user freedom/privacy and security risk as NSA has been know to use windows error reporting for aiding exploitation.

A less security hardened Freedom Software operating system might more vulnerable to active attacks + no privacy invasive code include by default = net gain of privacy by default as nothing is being reported anywhere unless targeted attacks are deployed.

Forum Discussion[edit]

https://forums.whonix.org/t/host-operating-system-selection-wiki-page-discussion/11303archive.org


See Also[edit]

References[edit]

  1. With the ability to be legally allowed to actually talk about. I.e. without non-disclosure agreement (NDA).
  2. modified by author: added link to web archive with quote from 2015
  3. https://www.government.nl/documents/publications/2019/06/11/dpia-windows-10-enterprise-v.1809-and-preview-v.-1903archive.org
  4. Microsoft Privacy Statement for Error Reportingarchive.org
  5. Description of the end user privacy policy in application error reporting when you are using Officearchive.org
  6. https://rcpmag.com/articles/2002/10/03/microsoft-error-reporting-drives-bug-fixing-efforts.aspxarchive.org
  7. https://web.archive.org/web/20200312211152/https://www.forcepoint.com/blog/x-labs/are-your-windows-error-reports-leaking-dataarchive.org
  8. So heißt es in einem internen Papier aus dem Wirtschaftsministerium von Anfang 2012: "Durch den Verlust der vollen Oberhoheit über Informationstechnik" seien "die Sicherheitsziele 'Vertraulichkeit' und 'Integrität' nicht mehr gewährleistet." An anderer Stelle stehen Sätze wie: "Erhebliche Auswirkungen auf die IT-Sicherheit der Bundesverwaltung können damit einhergehen." Die Schlussfolgerung lautet dementsprechend: "Der Einsatz der 'Trusted-Computing'-Technik in dieser Ausprägung … ist für die Bundesverwaltung und für die Betreiber von kritischen Infrastrukturen nicht zu akzeptieren."

  9. Bei der Verhandlungsführung kann bezogen auf die TPM-Nutzung daraufhingewiesen werden,

    dass nicht nur die Bundesregierung den nicht selbst kontrollierten Einsatz von TPMs kritisch

    sieht, sondern auch weite Teile der deutschen Industrie, insbesondere in Kritischen Infrastrukturen.

  10. Daher argumentiert Microsoft damit, dass sie selbst die Kontrolle über UEFI „Secure Boot"

    benötigen, um für den Eigentümer UEFI „Secure Boot" sicher zu verwalten. Aus Sicht des BSI ist der Aufwand für eine selbst kontrollierte Konfiguration von UEFI „Secure Boot" zwar derzeit hoch, aber insbesondere in Einsatzbereichen mit hohem Schutzbedarf oder in Kritischen

    Infrastrukturen dringend geboten.

  11. Einerseits verlangt die Bundesregierung „uneingeschränkte Kontrollierbarkeit“ von Computern, die kritische Infrastrukturen am Laufen halten – also Atomkraftwerke, Wasser-, Energie und Verkehrsnetze. Andererseits tun die zuständigen Behörden nichts, um die bereits an Intel und Microsoft verlorene Kontrolle zurückzuerlangen.

  12. Bundesamt für Sicherheit in der Informationstechnik
  13. https://www.techrepublic.com/index.php/blog/it-news-digest/microsoft-admits-to-stealth-updates/archive.org
  14. sudo apt update
    
    ...
    Get:5 tor+https://deb.debian.org/debian buster-backports InRelease [46.7 kB]
    Get:6 tor+https://deb.debian.org/debian-security buster/updates InRelease [65.4 kB]
    Get:7 tor+https://deb.debian.org/debian buster-updates InRelease [51.9 kB]
    Hit:8 tor+https://deb.debian.org/debian buster InRelease
    ...
    
  15. sudo apt full-upgrade
    
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Calculating upgrade... Done
    The following packages will be upgraded:
      anon-apt-sources-list anon-icon-pack apparmor-profile-dist
      apparmor-profile-torbrowser bootclockrandomization damngpl dist-base-files
      gpg-bash-lib hardened-malloc hardened-malloc-kicksecure-enable helper-scripts
      kicksecure-base-files kicksecure-cli kicksecure-dependencies-cli msgcollector
      msgcollector-gui open-link-confirmation repository-dist sdwdate secbrowser
      security-misc tb-default-browser tb-starter tb-updater timesanitycheck tor
      tor-geoipdb usability-misc vm-config-dist whonix-initializer
    30 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    Need to get 5,957 kB of archives.
    After this operation, 732 kB of additional disk space will be used.
    Do you want to continue? [Y/n]
    
  16. https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1archive.org
  17. https://www.computerworld.com/article/3012278/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.htmlarchive.org
  18. https://web.archive.org/web/20170609221304/https://forums.whonix.org/uploads/default/original/2X/0/004857ec71ff2e4b23c88bf596b6142373fe2879.jpgarchive.org
  19. https://web.archive.org/web/20071011010707/http://informationweek.com/news/showArticle.jhtml?articleID=201806263archive.org
  20. https://archive.fo/LffTyarchive.org
  21. https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/archive.org
  22. https://web.archive.org/web/20171006181359/http://voices.washingtonpost.com/securityfix/2007/09/microsofts_stealth_update_come.htmlarchive.org
  23. https://www.zdnet.com/blog/hardware/confirmation-of-stealth-windows-update/779archive.org
  24. https://community.spiceworks.com/topic/1535835-win-10-update-resets-privacy-againarchive.org
  25. This is especially true for users of Tor, who are regularly targeted in this fashion.
  26. https://en.wikipedia.org/wiki/MD5#cite_note-11archive.org
  27. https://arstechnica.com/security/2012/06/flame-crypto-breakthrough/archive.org
  28. https://www.chip.de/downloads/Firefox-64-Bit_85086969.htmlarchive.org
  29. In 2019, chip.de now enforces https for its entire website.
  30. https://www.schneier.com/blog/archives/2017/01/class_breaks.htmlarchive.org
  31. https://answers.microsoft.comarchive.org is mostly(?) user-to-user discussion. Mostly: hard to find any employees posting there or very low interaction. A volunteer moderator isn't a developer.archive.org There is also https://techcommunity.microsoft.comarchive.org.
  32. Link as evidence pointing to the fact that Microsoft does have an internal issue tracker: https://www.engadget.com/2017-10-17-microsoft-bug-database-hacked-in-2013.htmlarchive.org
  33. Example quotearchive.org:

    I doubt microsoft is telling everything, im sticking with W7 indefinitely.

    Example quotesarchive.org:

    Hmm, guess I'm going back to windows 7.

    This is why I went from using the beta build as my primary OS back to Windows 8.1.

    And now myself and everyone in my family will be staying with their current OS (Windows XP, Vista, 7 and 8.1).

  34. broken link: https://cmitsolutions.com/hartford/the-tyranny-of-the-default
  35. Because a previous update was a prerequisite for getting the next update.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!