Windows 10 still does a lot of snooping

Security analyst Mark Burnett says Windows 10 Enterprise Edition still phones home to Redmond, and the consumer edition has even less protection

Windows 10 still does a lot of snooping

Microsoft has been roundly beaten up for the aggressive telemetry gathering in Windows 10 (a.k.a. spying) in many quarters, including here. However, the company has proven it’s not tone deaf by working to add greater controls over privacy in its recent updates to the operating system. 

However, one veteran security analyst and Microsoft MVP said that even a very restricted setup of Windows 10 Enterprise Edition doesn’t go far enough to keep Windows 10 from connecting to Redmond with user data.

Mark Burnett, a seven-time MVP and long-time Windows developer (along with many other bonafides), conducted an experiment with Windows 10 Enterprise Edition, the one designed for IT shops with the greatest controls over privacy. He notes that even with documentation, turning off settings can be confusing.

"You are opted in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience. It’s almost like they don’t want you to opt out,” he wrote.

He installed Windows 10 on a machine running VirtualBox virtual machine (CentOS host) with no network adapter, then applied the Windows Restricted Traffic Limited Functionality Baseline that Microsoft publishes.

The Baseline is a Microsoft-built configuration for Windows 10 that shuts down much of the tracking functionality. It comes well-recommended. HIPPA compliance organizations recommend this configuration to avoid personal health privacy violations with Windows 10 in healthcare.

He then shut down the virtual machine and added NIC tracing in VirtualBox and left it running overnight.

Burnett found that while it did cut back on traffic significantly, not everything was shut off, and a few things broke. Windows still gathers telemetry info on the programs you run, app diagnostics, Windows DRM, Microsoft Office and what the Mail and Calendar apps have access to. It also allowed Microsoft OneDrive nag screens to get through, even though OneDrive is disabled.

On the down side, he noted Windows Updates are disabled and root SSL certificates are not updated. Also, Burnett noted many event log errors for device setup. That means no driver updates. Windows also thought it was not connected to the internet during this test phase.

Home and Professional users are much worse off due to limitations of some settings and the lack of knowledge by the average user, he notes. Most people likely don’t fiddle with the settings at all, so they are at maximum default levels.

Burnett said he’s not advocating ditching Windows; he wants Microsoft to “fix it.” Not exactly sure what he means by fix it, but he went on to say, “If we can’t fix it, then we ditch Windows.”

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022