Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


ptd163

[Guide] Disable Data Collection in Windows 10

Recommended Posts

Seemingly a new kid on the block:

http://www.prnewswire.com/news-releases/microsofts-windows-10-privacy-nightmare-addressed-with-free-total-defense-privacy-shield-utility-300155431.html

 

I wonder whether this kind of apps/tools are actually the "real thing" or they are just automating otherwise easily accessible "privacy settings", i.e. basically providing a "false" sense of security to less technically advanced (I guess representing the majority) Windows 10 users which actually care about th edata the good MS guys collect. :unsure:

 

jaclaz

Share this post


Link to post
Share on other sites

Seemingly a new kid on the block:

http://www.prnewswire.com/news-releases/microsofts-windows-10-privacy-nightmare-addressed-with-free-total-defense-privacy-shield-utility-300155431.html

 

I wonder whether this kind of apps/tools are actually the "real thing" or they are just automating otherwise easily accessible "privacy settings", i.e. basically providing a "false" sense of security to less technically advanced (I guess representing the majority) Windows 10 users which actually care about th edata the good MS guys collect. :unsure:

 

jaclaz

 

In principle, it shouldn't be difficult to determine that. Might be little more than a matter of comparing the sotfware's features with the various Win10 privacy settings, to see if the software offers things you can't easily access via the settings.

 

--JorgeA

Edited by JorgeA

Share this post


Link to post
Share on other sites

Anybody here who's familiar with this product?

 

For those who know how to use such tools, might it be useful in determining what sorts of connections Windows 10 is making, or not really?

 

--JorgeA

 

  • Upvote 1

Share this post


Link to post
Share on other sites

Anybody here who's familiar with this product?

 

For those who know how to use such tools, might it be useful in determining what sorts of connections Windows 10 is making, or not really?

 

--JorgeA

Not really :no:.

(I can state that though this does not in any way imply that I know how to use such tools ;))

That would be only HTTP/HTTPS connections.

The protocols used by "the abomination" may well be not HTTP/HTTPS.

jaclaz

Share this post


Link to post
Share on other sites

Thanks, jaclaz. :thumbup  I suspected that it might not be suitable for our needs, but wanted to make sure.

 

--JorgeA

Share this post


Link to post
Share on other sites

Does anyone know why, on an otherwise completely quieted down Windows 10 system that's got the Windows Update Service disabled, the "Malicious Software Removal Tool" makes an encrypted https: (port 443) connection to spynetalt.microsoft.com (191.238.241.80)?

 

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

 

This address resolves as a Microsoft Azure server outside Wichita, Kansas (CDN?).

 

This is the last unexplained communication I have come across from Windows 10.

 

-Noel

 

 

Share this post


Link to post
Share on other sites

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

It makes perfectly sense to me. (not that I "like it", only saying that it makes sense)

If it was plain http or plain text anyone could probably find a way to (say) spoof the server and fill the database with every kind of crap, imagine that someone manages to insert in the database as "malware" a few tens of MS's own's .exe's :w00t::ph34r:.

jaclaz

Share this post


Link to post
Share on other sites

Yes, that's sensible, though one thing still bothers me...  This "Malicious Software Removal Tool" is clearly running on a schedule attempting these connections, yet note this wording:

 

WindowsMaliciousSoftwareRemovalTool.png

 

-Noel

 

 

Share this post


Link to post
Share on other sites

Sure, you didn't notice the fingers crossed behind the back when they wrote that ;).
Just in case, a reminder for the good MS guys:

Trustworthiness-wedding-600x446.png

 

To be picky, that would be more like an omission, you know like:

After the download the tool runs one time to check your computer for infections by specific ....

...

...  and several other times whenever we feel like it should run to do whatever we see it fit doing ....

 

 

jaclaz

Edited by jaclaz

Share this post


Link to post
Share on other sites

Looking through the registry, it appears mrt.exe can be run as a fallback if Windows Defender fails in some way.  For example, mrt.exe is listed in the "FailureCommand" value in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend].

 

For me MsMpEng.exe may be considering itself to fail (and thus causing mrt.exe to run) because it is unable to use (the disabled) Windows Update to load the latest virus definitions - even though it falls back to direct access and succeeds.

 

One possible answer may be to just disable Windows Defender.  It's not like it has EVER blocked anything for me.

 

-Noel

Edited by NoelC

Share this post


Link to post
Share on other sites

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

No, it's an attempt to update Microsoft's database.

At least that's what it looks like to me (SpyNet Alternative?). And "improved" by including MRT.

Edited by GrofLuigi

Share this post


Link to post
Share on other sites

 

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

No, it's an attempt to update Microsoft's database.

 

 

Participation in that is all turned off here.  I suppose the software could be attempting the connection anyway.

 

Nothing seems to break when the firewall blocks these connections to spynet2.microsoft.com and spynetalt.microsoft.com, though I always prefer to set things up so the system doesn't even try unwanted communications.  Could just be sloppy programming on Microsoft's part (OMG, is that even possible?)...

 

FYI, this seems to apply equally to Win 7, 8.1, and 10.

 

-Noel

Edited by NoelC

Share this post


Link to post
Share on other sites

Could just be sloppy programming on Microsoft's part (OMG, is that even possible?)...

Or could it be just disrespect of user's preferences by Microsoft? OMG is that even possible?...  :whistle:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...