Jump to content

[Guide] Disable Data Collection in Windows 10

ptd163

By ptd163
in Windows 10

 Share

Recommended Posts

jaclaz

jaclaz

Posted
Posted

Seemingly a new kid on the block:

http://www.prnewswire.com/news-releases/microsofts-windows-10-privacy-nightmare-addressed-with-free-total-defense-privacy-shield-utility-300155431.html

 

I wonder whether this kind of apps/tools are actually the "real thing" or they are just automating otherwise easily accessible "privacy settings", i.e. basically providing a "false" sense of security to less technically advanced (I guess representing the majority) Windows 10 users which actually care about th edata the good MS guys collect. :unsure:

 

jaclaz

Link to comment
Share on other sites

JorgeA

JorgeA

Posted
Posted (edited)

Seemingly a new kid on the block:

http://www.prnewswire.com/news-releases/microsofts-windows-10-privacy-nightmare-addressed-with-free-total-defense-privacy-shield-utility-300155431.html

 

I wonder whether this kind of apps/tools are actually the "real thing" or they are just automating otherwise easily accessible "privacy settings", i.e. basically providing a "false" sense of security to less technically advanced (I guess representing the majority) Windows 10 users which actually care about th edata the good MS guys collect. :unsure:

 

jaclaz

 

In principle, it shouldn't be difficult to determine that. Might be little more than a matter of comparing the sotfware's features with the various Win10 privacy settings, to see if the software offers things you can't easily access via the settings.

 

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites
  • 2 weeks later...
jaclaz

jaclaz

Posted
Posted

Anybody here who's familiar with this product?

 

For those who know how to use such tools, might it be useful in determining what sorts of connections Windows 10 is making, or not really?

 

--JorgeA

Not really :no:.

(I can state that though this does not in any way imply that I know how to use such tools ;))

That would be only HTTP/HTTPS connections.

The protocols used by "the abomination" may well be not HTTP/HTTPS.

jaclaz

Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted

Does anyone know why, on an otherwise completely quieted down Windows 10 system that's got the Windows Update Service disabled, the "Malicious Software Removal Tool" makes an encrypted https: (port 443) connection to spynetalt.microsoft.com (191.238.241.80)?

 

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

 

This address resolves as a Microsoft Azure server outside Wichita, Kansas (CDN?).

 

This is the last unexplained communication I have come across from Windows 10.

 

-Noel

 

 

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

It makes perfectly sense to me. (not that I "like it", only saying that it makes sense)

If it was plain http or plain text anyone could probably find a way to (say) spoof the server and fill the database with every kind of crap, imagine that someone manages to insert in the database as "malware" a few tens of MS's own's .exe's :w00t::ph34r:.

jaclaz

Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted

Yes, that's sensible, though one thing still bothers me...  This "Malicious Software Removal Tool" is clearly running on a schedule attempting these connections, yet note this wording:

 

WindowsMaliciousSoftwareRemovalTool.png

 

-Noel

 

 

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted (edited)

Sure, you didn't notice the fingers crossed behind the back when they wrote that ;).
Just in case, a reminder for the good MS guys:

Trustworthiness-wedding-600x446.png

 

To be picky, that would be more like an omission, you know like:

After the download the tool runs one time to check your computer for infections by specific ....

...

...  and several other times whenever we feel like it should run to do whatever we see it fit doing ....

 

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted (edited)

Looking through the registry, it appears mrt.exe can be run as a fallback if Windows Defender fails in some way.  For example, mrt.exe is listed in the "FailureCommand" value in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend].

 

For me MsMpEng.exe may be considering itself to fail (and thus causing mrt.exe to run) because it is unable to use (the disabled) Windows Update to load the latest virus definitions - even though it falls back to direct access and succeeds.

 

One possible answer may be to just disable Windows Defender.  It's not like it has EVER blocked anything for me.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites
GrofLuigi

GrofLuigi

Posted
Posted (edited)

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

No, it's an attempt to update Microsoft's database.

At least that's what it looks like to me (SpyNet Alternative?). And "improved" by including MRT.

Edited by GrofLuigi
Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted (edited)

 

It's tempting to think this is just an attempt to update a local database with updated malware data, to make the tool more likely to succeed, but...  Why encrypt such a communication?

No, it's an attempt to update Microsoft's database.

 

 

Participation in that is all turned off here.  I suppose the software could be attempting the connection anyway.

 

Nothing seems to break when the firewall blocks these connections to spynet2.microsoft.com and spynetalt.microsoft.com, though I always prefer to set things up so the system doesn't even try unwanted communications.  Could just be sloppy programming on Microsoft's part (OMG, is that even possible?)...

 

FYI, this seems to apply equally to Win 7, 8.1, and 10.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...