Originally published at: http://boingboing.net/2015/08/14/even-when-you-turn-on-win-10.html
…
My wife works at a large, regional medical clinic and they are in the process of ordering a bunch of new laptops for the staff. The IT people have told them not to select anything with Windows 10 because it’s use could put them in violation of HIPPA privacy regulations. In time, they think Microsoft will surface more controls, but for now it’s too chatty.
A bunch of the staff are using this as a way to push for Mac support in the group. It’s chatty too, but at least you can turn that off.
that’s only two well known ports so it misses every other possible port. Why not actually attach a proxy between the device and the gateway so you can get 100% of the traffic? Odd methodology IMO.
Sounds pretty bogus. There needs to be a watchdog institution or something for this sort of shit.
Apparently, if you don’t have steady online access to the Internet, there may be issues. I am earnestly and honestly considering the Mac route and considering just turning my current machine into a dedicated Linux/SteamOS box.
If Microsoft intends on charging people for this crap, they need to go fuck themselves. It’s not like Windows 10 is actually free on the market and people upgrading are supposed to be getting an ad-subsidized product. This is the real, honest-to-goodness product Microsoft is going to start expecting people to pay for.
Linux continues to become a better option with each new release of Windows.
So Microsoft is still the scummiest scumbag arround since the 80’s, when they made nazism collaborator IBM look like sweet heavenly angels.
The winning strategy is really going overboard with non-stop awful ethics, so people eventually just give up and openly accept evil big brother as a family member, because hey! They had been like this all the time, so who cares about ethics and privacy, caring is lame, BECAUSE NOW we have our (licensed, not really owned) cool AR toys working with MINDCRAFT ® and free Win10, yay.
Corrupt corporations helping sinister unaccountable three letter agencies aren’t that bad, if they keep giving us bread and circuses, or so the shills at the recent E3 thread said back then here on the bbs. Because YAY again: cooly spyware gadgets are the new status symbols.
P.D.: +1 for FOSS
Likes like time for a new hosts file entry:
127.0.0.1 ssw.live.com
Unless that address is listed in that dll that handles resolving and is done before the hosts file lookup. Some reportedly are.
The remedy is in having the problematic names resolved by your own DNS resolver (which also makes you conveniently immune to ISP-based DNS blocks, unless they intercept and redirect port 53 traffic), or the IPs blocked on the firewall.
Well, I just added it (on my Win10 laptop) to see, and at the very least when I try to ping it, now, it goes back to 127.0.0.1. But the OS side of things could very well handle it completely outside of that same framework.
By default, Windows listens to you, gathers your keystrokes, watches your browser history and purchases and sends them to Microsoft and its partners…
No query or search usage data is sent to Microsoft, in accordance with the customer’s chosen privacy settings.
Good thing we cleared that up. Thanks, Boing Boing!
As @shaddack says, Windows 10 switched things so that their dll overrides any host file settings for microsoft based servers and any other server they set specifically in the dll, which SUCKS imho.
I see you did some testing and it appears to work for now, but it could stop working anytime after a update to that dll, and/or not work for specific services/protocols/ports. We really don’t know all the details of this override yet…people are looking into it.
As much as contemporary computer security seems to be a nightmare, people should at least use the lessons which were already learned in securing your network years, even decades ago. This is what firewalls are for!
This is what properly configurable firewalls are for, and user-controllable DNS resolvers. Both of which is rarely seen in consumer grade crap boxes, and possible to implement on OpenWRT/DD-WRT firmware.
Thought. Could a Raspberry Pi do the job with a USB-Ethernet dongle? It’s way less resource-constrained than the usual embedded router crap.
I miss DD-WRT so bad. I need a modern router running it. Want to recommend one?
EDIT: I had a WRT-54G that I put DD on myself, and used it hard until it burned out a couple of years ago.
For myself, I run OpenWRT on WRT54GL. I have no idea about anything more modern; I’d be sorely tempted to go with Raspi and roll the hardware up from scratch. OpenWRT seems to have direct support for Raspi too.
I’m tempted to try something with a MikroTik in the middle.
From a patching/security side I can see why they did this as there are enough users who will just not patch, not bother with malware scans, etc., and willfully block it as well.
As far as the ‘keylogging’ goes how else does it know you misspelled a word other than tracking the input? Keeping it and sending back to the mothership is a skeezy thing to do though.
BTW, it’s “HIPAA” (two A’s). The Health Insurance Portability and Accountability Act of 1996.
IT Security analyst at a large county hospital here, and yes - I’d be very circumspect about deploying Win10 at my workplace right now as well…
Off-the-shelf solutions should be expected to be insecure. Home computer users are network administrators, whether they like it or not.
RasPis are a bit power hungry. I’d look for a low-power SBC with an ethernet controller and several physical ports. USB anything is a last resort for me. Your idea of router firmware sounds practical, but I don’t do wireless.