Microsoft caves on Windows 10 mandatory updates, but adds spying apps to Windows 7/8

This company really can't make up its mind if it wants to respect privacy or not.

It's a week where Microsoft giveth and Microsoft taketh away. On the plus side, it has caved on the mandatory app updates for home users and will allow them to opt out. On the down side, it has back-rolled some of the privacy-intrusive parts of Windows 10 to its older operating systems.

The mandatory updates were for both the OS and hardware drivers as well as Windows Store app updates. This only applied to home users, business users were exempt. It wasn't really an unheard-of move. Gamers live with that constantly, especially online gamers. You're getting the update whether you want it or not.

See also: How does Microsoft's new Edge browser perform against the competition?

Plus, you couldn't blame Microsoft for forcing people because unpatched Windows systems were usually where all the botnets and other malware were found, so they grew impatient with counting on Windows Update to do it for people.

But there were downsides, like the endless reboot loops people became stuck in when applying a bad patch. So Microsoft relented, but curiously it didn't tell anyone. Paul Thurrott went digging through a patch (which Microsoft does not detail any more) and found KB3081448, which said only that it "includes improvements to enhance the functionality of Windows 10."

Thurrott noticed that there was a toggle for turning automatic app updates on and off. The On/Off toggle was grayed-out prior to the fix. He theorized that maybe it was simply a bug that was supposed to be working in prior builds.

Not all the news is positive. discovered three recent updates to Windows 7 and 8 that add the same kind of information and data gathering found on Windows 10 to those older operating systems. There was a fourth, but it was replaced by one of the three. They are: 

  • KB3068708: Described as "This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights."
  • KB3075249: Described as "This article describes an update that adds telemetry points to consent.exe in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1." Consent.exe is the User Account Control (UAC) feature that asks your approval for disk access.
  • KB3080149: Described as "This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights."

Brad Chacos over at PC World has a very good deep dive on what they do and how to disable them, which is not easy.

It's rather telling that these updates are a priority for Windows 7, which is six years old and has not had any significant additions in years. Of all the things to add to Windows 7, they chose this. And if you look at Chacos' piece, it's clear this was done surreptitiously and without any attention.

A Microsoft spokesperson issued a statement, but it didn't tell us much.

"This KB was posted in May related to updates to the diagnostics service for Windows 7 & 8.1 systems that participate in the Customer Experience Improvement Program (CEIP), which is an opt-in, optional program. Our use of CEIP data to help improve and diagnose Windows 7 and 8.1 products has not changed from what is described in the privacy statements for those versions of the operating system. For Windows 8.1, CEIP is described in the Feature Supplement in the 'Windows Customer Experience Improvement Program' section."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.