Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-06-2017, 01:04
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 308 Times in 95 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Official Windows 10 spying list

Today Microsoft released an official list of all the ways Windows 10 is spying on its users by calling it "diagnostics data". In the past most of these things were considered as horror stories and the only thing people could agree on was that the spying is so complex that only Microsoft knows what is transmitted.

https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data

And this is just a list of things Microsoft officially admits to. The special Windows 10 version for China which recently was released as beta version is supposed to contain even more spy functions...
Reply With Quote
The Following 4 Users Say Thank You to Kerlingen For This Useful Post:
alekine322 (04-17-2017), LaDidi (04-19-2017), Shub-Nigurrath (04-07-2017), tonyweb (04-15-2017)
  #2  
Old 04-13-2017, 19:29
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 73
Rept. Given: 0
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 10
Thanks Rcvd at 52 Times in 19 Posts
surferxyz Reputation: 9
There are a number of programs that configure windows with the intention of stopping the telemetry, but I havnt seen anyone validate if the tools work.

For example you could configure a machine then maybe intercept all the windows communication (has anyone actually decoded the telemetry data?), and watch for network connections when none should be happening on a clean install.

I noticed there is a persistent connection to a microsoft server for "push" notifications which was not disabled by tools like "shutup10"

I think I just ended up having to track it down and disable the service myself.

From the ones I have looked at, none of them seem to do a particularly great job preventing what I consider unwanted communication with microsoft... but this project seemed fairly good:

https://github.com/Nummer/Destroy-Windows-10-Spying/releases

Also you can run the LTSB version of windows 10, which probably wont change all your configuration without your permission, although I never really checked.

Last edited by surferxyz; 04-13-2017 at 19:50.
Reply With Quote
The Following User Gave Reputation+1 to surferxyz For This Useful Post:
niculaita (04-14-2017)
The Following 3 Users Say Thank You to surferxyz For This Useful Post:
alekine322 (04-17-2017), an0rma1 (05-20-2017), niculaita (04-14-2017)
  #3  
Old 04-19-2017, 14:40
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 210
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 46
Thanks Rcvd at 41 Times in 24 Posts
LaDidi Reputation: 11
It's a good beginning if Microsoft publish collected informatons by Windows 10.
Only if they maintain the web page..
Reply With Quote
  #4  
Old 05-20-2017, 04:09
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 202
Rept. Given: 101
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 350
Thanks Rcvd at 99 Times in 40 Posts
an0rma1 Reputation: 29
@surferxyz: i am using here shutup10. Do you think is best to user other program? I thought this was very complete. Thanks
Reply With Quote
  #5  
Old 05-20-2017, 20:37
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 73
Rept. Given: 0
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 10
Thanks Rcvd at 52 Times in 19 Posts
surferxyz Reputation: 9
Quote:
Originally Posted by an0rma1 View Post
@surferxyz: i am using here shutup10. Do you think is best to user other program? I thought this was very complete. Thanks
I think shutup10 is alright as a quick way to setup a new windows 10 install, I haven't seen any research on exactly what communication is remaining from windows to microsoft after these tools are run.

But I can confirm that with shutup10 the "WpnService" (windows push notification service) is still running after you used the tool, resulting in a persistent connection to microsoft, which I feel like should be an option to turn off in the tool (and therefore I would say it is not doing a very good job/living up to its name). However I found basically all the other similar tools had the same deficiency.

I don't think any are "very complete", and I'd like to see a good technical review of what communication remains, and exactly what risks are involved with allowing unfiltered windows update communication.

Also I had the idea that, it might be good to intercept the windows update process, and use a out of band web of trust mechanism to confirm that everyone is also receiving the same updates (so for example preventing Microsoft from pushing out a backdoor update just targeting you/or a subset of users)

I know you can kind of do that already by using WSUS, but that seems too heavy for the simple kind of validation I have in mind.
Reply With Quote
  #6  
Old 06-13-2017, 11:19
Debugger Debugger is offline
Friend
 
Join Date: May 2013
Posts: 60
Rept. Given: 51
Rept. Rcvd 8 Times in 6 Posts
Thanks Given: 69
Thanks Rcvd at 38 Times in 26 Posts
Debugger Reputation: 8
I use Destroy Windows 10 spying in conjunction with Shutup10 plus private firewall to see where my beloved windows is connecting to.
Reply With Quote
  #7  
Old 06-13-2017, 15:53
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 259
Rept. Given: 75
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 141
Thanks Rcvd at 335 Times in 113 Posts
Fyyre Reputation: 85
werfault.exe send data Microsoft whenever application fault. Not matter what setting you place for "Windows Error Reporting".

You can disable with secpol.msc

Software Restriction Policy (if no exist), add policy.

Additional Rules. Right click; add Disallow entry. Type: Path .. Name: WerFault.exe
Attached Images
File Type: png policy.png (34.1 KB, 12 views)
__________________
Best Wishes,

Fyyre

--

https://github.com/Fyyre
Reply With Quote
The Following 3 Users Say Thank You to Fyyre For This Useful Post:
niculaita (06-14-2017), surferxyz (07-26-2017), TechLord (06-13-2017)
  #8  
Old 06-15-2017, 16:31
cnbragon cnbragon is offline
Friend
 
Join Date: Nov 2010
Posts: 26
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
cnbragon Reputation: 1
Does win10 collect these information by default? Is there any method to turn off this function?
Reply With Quote
  #9  
Old 07-26-2017, 03:32
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 73
Rept. Given: 0
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 10
Thanks Rcvd at 52 Times in 19 Posts
surferxyz Reputation: 9
I recently found the following project which uses a series of tools/wireshark etc, to periodically collect all the outbound connections windows is making:

https://github.com/crazy-max/WindowsSpyBlocker

I did a similar thing, where I just ran wireshark on my own system over night, and noticed that my current setup still missed a few things, and those things are actually present in the "WindowsSpyBlocker" list.

It is interesting at least.

Quote:
Originally Posted by Fyyre View Post
werfault.exe send data Microsoft whenever application fault. Not matter what setting you place for "Windows Error Reporting".
I am not sure when they are ever called, but it might make sense to also restrict
WerFaultSecure.exe
and
wermgr.exe

Last edited by surferxyz; 07-26-2017 at 03:47.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yahoo spying on you !! ferrari General Discussion 2 02-24-2004 23:17


All times are GMT +8. The time now is 19:25.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )