Microsoft Windows 10: Trading Privacy For an Upgrade (Operating System as a Service.pt 5)


This Week, “Operating System as a Service, part 5”

We discussed in the prior four posts how Microsoft seems to coyly sidestep the opportunity to be transparent regarding the scope of information that they collect, and how they do it. We reviewed the high level data schema (all the fields of data populated constantly by MSFT tools), and how they are mapping the fields together. We reviewed what needs to be done to lock down Windows 10. We then reviewed how to develop a Windows 10 risk management strategy.

In this post, a few trojans sneaked onto my computer while I was trying to install Office 2016, so we have to clean the computer.

 

 

Posted on Google+, in response to Microsoft’s Scroogled campaign

About SafeView

The SafeView Research Report is intended to give you a snapshot of technology risk management issues. SafeView is a reliable source for automated risk, threat and vulnerability data, and advisory services to help you mitigate and remediate issues.

 

I hate Microsoft, and I reluctantly depend on Microsoft every day

We will see that Microsoft gives us all plenty of reasons to hate them. Unfortunately, their products are just way better than many alternatives, so while we hate them, we reluctantly crave them. It is an addiction that has evolved from being stuck with no choices, where Microsoft offered the only real solution to now where they offer incredible solutions with few peers. Given everything that we know about the trojan software that Microsoft distributes, I still had no alternative than to install Office 2016. Instead of distrusting Microsoft, I ran the default installer, and they shoved OneDrive, Skype and the plethora of default pollution onto this once clean computer.

Microsoft Office 2016 installation, copyright Microsoft Corporation 2016, http://microsoft.com

I hate being surprised by stuff like this, so I am starting over. I have no interest in Skype, OneDrive or Outlook.

 

Uninstall, Cleanup and Start Over

revo-uninstaller

Revo Uninstaller Pro, http://www.revouninstaller.com/revo_uninstaller_free_download.html

I launched Revo Uninstaller to cleanup the extra entries left behind by Office 2016 after an uninstall.

Revo Uninstaller Pro removing Office 2016, http://www.revouninstaller.com/revo_uninstaller_free_download.html, Office 2016 is copyright Microsoft Corporation 2016, http://microsoft.com

 

 

Microsoft Office 2016 uninstaller

Microsoft says that it is gone. But is it?

Revo Uninstaller Pro removing Office 2016 – registry scan, http://www.revouninstaller.com/revo_uninstaller_free_download.html, Office 2016 is copyright Microsoft Corporation 2016, http://microsoft.com

. . .and there’s more.

Revo Uninstaller Pro removing Office 2016 – Directory scan, http://www.revouninstaller.com/revo_uninstaller_free_download.html, Office 2016 is copyright Microsoft Corporation 2016, http://microsoft.com

 

 

Revo Uninstaller Pro after removing Office 2016, http://www.revouninstaller.com/revo_uninstaller_free_download.html, Office 2016 is copyright Microsoft Corporation 2016, http://microsoft.com

I bet there is more . . .

Microsoft OneDrive, Copyright Microsoft Corporation 2016, http://microsoft.com

 

I followed carefully the instructions for removal of EVERYTHING from here( http://safeview.com/2016/01/23/microsoft-windows-10-trading-privacy-for-an-upgrade-operating-system-as-a-service-pt-3/ ), so OneDrive, Skype and the network chatter is new, within the time since I installed Office after completely installing this machine from nothing.

Step 1.  Remove OneDrive again. From an administrator prompt, run “taskkill /f /im OneDrive.exe”

taskkill /f /im OneDrive.exe

Step 2.   From an administrator prompt, run “%SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall”

%SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall

 

Step 3. Run “regedit”

Launch “regedit” from Start Menu X Pro, http://www.startmenux.com/index.html

Step 4. Search for HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}

HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}

 

Step 5. System.IsPinnedToNameSpaceTree change its value from 1 to 0.

System.IsPinnedToNameSpaceTree change its value from 1 to 0

 

Step 6. Remove Skype, again.

10AppManager, The Windows Club, http://www.thewindowsclub.com/10appsmanager-windows-10

Step 7. Stop the “telemetry”

The network proxy picked up a lot of noise from this computer. Thanks to Burp Suite Professional . . .

Burp Suite Professional, https://portswigger.net/burp/proxy.html

Time to stop the noise, yet again. Get Spybot Anti-Beacon here( http://download.spybot.info/AntiBeacon/SpybotAntiBeacon-1.5-setup.exe#hash(md5:63C2CF7B61D29D7664BFA55D33EDA510) ).

 

 

Spybot Anti-Beacon 1.5 – after Office 2016

 

Spybot Anti-Beacon 1.5, after Immunize, https://www.safer-networking.org/spybot-anti-beacon/

         

– Downloaded Microsoft Office 2016

– Installed Office 2016

– Uninstalled Office 2016

– Removed OneDrive

– Removed Skype

– Blocked Telemetry

5 minutes to install, 2 hours to uninstall and clean up

Now I can get to what I was doing before I inadvertently got a trojan (Outlook 2016, Skype, OneNote, CEIP, Telemetry, etc) on my computer.

 

The Office 2016 Deployment Tool ( https://www.microsoft.com/en-us/download/details.aspx?id=49117 )

The Office 2016 Deployment Tool allows the administrator to customize and manage Office 2016 Click-to-Run deployments. This tool will help adminstrators to manage installations sources, product/language combinations, and deployment configuration options for Office Click-to-Run.

By default, Office 2016 installations that use Click-to-Run will download the Office product from the Internet, with full UI, and with automatic updates enabled.

Some administrators will need more control beyond the default Click-to-Run installation behavior in order to work best in their environments.

Using the Office Deployment Tool, an administrator may:

– Download an Office installation source to a network share location

– Configure an installation to use a network share as the installation source instead of the Internet

– Configure an installation to suppress all UI

– Configure whether Office will automatically update or not

– Configure which products and languages to install

– Remove Office Click-to-Run products

Administrators run the Office Deployment Tool at the command line. The tool creates a configuration file, which the administrator can modify to specify what the desired action is.

Learn more about the Office Deployment Tool and the options expressed in the configuration file from these links:

Customization overview for Click-to-Run
Office Deployment Tool for Click-to-Run
Click-to-Run for Office 365 Configuration.xml file
Download Click to Run for Office 365 products by using the Office Deployment Tool
Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool

 

 

 

Summary

By the numbers, Microsoft may be the single largest distributor of trojans. Paraphrased, from Wikipedia . . .

Use of resources or identity (Windows gives users an option to “Download apps and OS updates from multiple sources to get them more quickly)

Windows 10 was propagated to users around the world by letting Windows 10 establish a giant peer-to-peer network, and by sharing the downloaded Windows 10 installation files

Data theft ( Windows 10 collects PII, search information, biometrics, and secret user information depending on where it is saved, and much more )

Data theft, including for industrial espionage

User passwords or payment card information

User personally identifiable information

Trade secrets

Spying, surveillance or stalking ( Cortana captures keystrokes, and technology exists to capture dynamic elements of the remote computing session )

Keystroke logging

Watching the user’s screen

Viewing the user’s webcam

Controlling the computer system remotely

The problem is not that Microsoft’s software does this. They make excellent software, and likely use the information collected to make better software. Additionally, by maintaining a back channel into my computer, they can probably improve my software faster than ever before. I am not insinuating that Microsoft is up to no good by collecting this information. The problem that I have with this, and the problem that many have, is that Microsoft does not openly disclose the breadth and depth of their data harvesting efforts. While this is more than likely the best thing that any company could do to make better software, Microsoft is creating the problem by acting coy about their efforts. They value our privacy, but they don’t tell me that they are shoving stuff into my computer without my acknowledgement.

The test computer used for this post runs Microsoft Windows 10 Enterprise 2015. I had to approve the install as administrator, but I was not prompted for any other choices. Logically, I should have been asked a few questions, or given an option to tailor the install once Microsoft was able to detect that I am running an Enterprise install.

I will likely lose another few hours reinstalling this computer. This computer is a nuisance to setup. It has four video outputs three HDMI sound cards and a number of USB 3 devices. However, I cannot feel secure that the environment complies to company privacy and configuration policy anymore.

In the next post, we will go through the Office 2016 installation, using the Office Deployment Tool. After that, the computer is getting reinstalled, yet again.

sourced from: https://ihatemicrocrap.wordpress.com/