Tag Archives: infosec

The Windows 10 Telemetry Problem

If you’re a Windows user or manage environments with Windows devices, Microsoft has put you in a tight place. On the one hand, they have revolutionized their product deployment model. Free Windows version updates, say what? Of course, there’s an angle here. Historically, Microsoft has had difficulty getting people to move on from Windows XP. While that goes a long way to show that XP’s functionality meets the public’s general operating system needs, it is a dinosaur in terms of security. From a publicity standpoint, it favors Microsoft a great deal to get their Windows userbase on to a modern operating system.

 

With the good comes the bad, of course. It is quite obvious that Microsoft is trying to offset the cost of getting users onto Windows 10 for little-to-no cost with a hyperbolic push for cloud integration with Microsoft platforms at the OS level. Cortana, OneDrive, XBox Garbage, etc., are permanently affixed to your system. We are back to having applications and functionality bundled with the operating system that are difficult and risky to remove as users and administrators. What else is in this cloud integration you ask? Telemetry. You’re shiny, seemingly free, Windows 10 system is constantly communicating with Microsoft serves about the on-goings of your system. Connor MacLeod did a neat little study comparing Windows 10 and Ubuntu idle network traffic with graphs and what not, titled “Where is My Data Going?“.

Windows 10 Telemetry Packet Length. https://github.com/AbstractClass/Windows-vs-Ubuntu-Idle-Traffic/

For users, welcome to a whole new, much expanded world of “Who is reading/listening/watching me and my data?” Businesses and security professionals have to worry about backdoors, corporate risks, and secondary or unintended consequences of allowing Windows 10 in their domain and network environment. Here are a few recommendations:

  1. Block known Windows telemetry hosts at the client hosts and/or firewall level. This is relatively easy to do and reduces the risk of network accessibility to your computer. Unfortunately this does not prevent Microsoft from changing its servers or hard coding IP addresses to prevent DNS resolution solutions in the future.
  2. Block update nagging by removing or preventing the installation of known malicious Windows updates.
  3. Start testing Windows 10 now. With forced updates, and Microsoft insisting that all previous versions of Windows are no longer secure (but not this version, of course), the migration to Windows 10 is inevitable for those unwilling or incapable of migrating to Xubuntu or other awesome Linux desktops systems like Mint.  Waiting to dedicate time and energy to understand how Windows 10 interacts with your corporate environment will likely ensure frustration with support staff and loss of productivity when Windows 10 devices start cropping up in your environment. This is particularly applicable with BYOD sites or places that, god forbid, give average users administrator privileges.

 

I know what you’re thinking, “What a pain in the ass, fuck you very much Microsoft.” Have no fear, Mr. Windows Lies created a nice repository with some code to get you started in this epic battle against the corporate Microsoft overlords seeking to botnet their user base (read before you run). It turns out there are plenty of solutions to this problem currently in development, which you can monitor by searching windows telemetry.