[Nextgrid]

> you can use Microsoft as a mule to exfiltrate data from otherwise firewalled victims

This is actually a smart idea. Make your spyware collect & encrypt data into a (new and unknown) binary and execute it, relying on the fact that Microsoft will exfiltrate it for you. When that binary itself is run (within MS' premises) it will then reach out to you with its embedded data.

[zelon88]

And it all slips through the firewalls and whitelists because it looks just like official "Microsoft Telemetry" data. Wow.

[undersuit]

Free data uploads. You could make unique binaries that when run start seeding a torrent. Maybe MS will put the kibosh on you uploading Seinfeld_S1_E1_obfuscated.exe to their cloud, but... how about a worm serving up its own updates through MS IPs?

[rkagerer]

Yet another reason I'm reluctant to upgrade to Windows 10. Too many buttons and toggles to turn off to arrive at a PC that functions the way I expect it to, and an update mechanism that's likely turning new ones on faster than I can spot them.

[naikrovek]

This is a Windows Defender thing, not a Windows 10 thing.

Windows Defender on Windows 7 also submits previously unobserved binaries to Microsoft for the same reason.

Go ahead, blame Win10, though. A non-zero number of people will take your comment to heart and believe that you knew what you were talking about with their entire soul, without seeing my comment.

I am so tired of seeing communal ignorance on this topic. People believe whatever bullshit they want, if it fits the narrative they are trying to sell.

[rkagerer]

You're splitting hairs on semantics. However you slice it, the software is present after a fresh OS installation, with a default setting that broadcasts my files to Microsoft.

Since you brought up Windows 7, I'll point out in those days Microsoft had the decency to inherit the setting from a choice made during OS installation (but even then you had to dig a little to discern the connection): https://i.imgur.com/SpqXmod.png. You further had to visit a SpyNet enrollment screen before it collected more "advanced" metadata like filenames, location, etc: https://i.imgur.com/z3qtuxp.png

On Windows 10, even if you turn off ALL three pages of privacy-hostile options during installation: https://i.imgur.com/RjXSM6S.png

...you still wind up with a Defender that broadcasts your files: https://i.imgur.com/1M7z3nH.png

Incidentally, the Privacy Policy links in that screenshot all just forward to the generic Microsoft one (https://privacy.microsoft.com/en-US/privacystatement), so who even knows what additional metadata each feature sucks up.

This is what I'm talking about when I complain about all the buttons and toggles to turn off just to get my OS to function the way I expect (in this case, stop indiscriminately bleeding my bits and bytes to the cloud).

[naikrovek]

They aren't indiscriminately doing anything. Only executables with hashes not previously seen are sent by default, and clearly you know how to turn that off.

They're legally bound by their privacy policy. They can't use info obtained by those executables to blackmail you or turn you in to authorities; they can only use that data to improve the anti-malware service they offer. And, as previously mentioned, you know how to turn it off.

The information about this isn't hidden. An operating system is complex, and thus operating system configuration is likely to be complex. Microsoft could have made things less difficult to find, you're right, and they are basing their defaults on the vast majority of people, like me, who are completely fine with doing what we can to improve their anti-malware service.

You're angry and that's fine.

Imagine the anger (and the fallout) if yet another malware worm used Windows to propagate across the world. People were absolutely LIVID last time, and there were lots of lawsuits against Microsoft for ILOVEYOU and Code Red and others of the era. The default settings you see today are a direct result of those events and other, smaller ones, like them.

[fiblye]

>This is a Windows Defender thing, not a Windows 10 thing.

So Windows Defender isn't bundled as a part of Windows 10?

[wolrah]

> So Windows Defender isn't bundled as a part of Windows 10?

It was also bundled as part of Windows 8.1, Windows 8, Windows 7, and Windows Vista on top of being available as a free download for Windows XP (and even 2000 during the beta phase).

The current form, after the Microsoft Security Essentials package was merged in, didn't come about until Windows 8 but Windows Defender as a product dates back to Microsoft's purchase of GIANT Software.

Either way you call it, XP or 8, saying Defender is a Windows 10 thing is like saying Firefox is an Ubuntu 19.04 thing. Sure, Ubuntu 19.04 does bundle Firefox, but so did many versions prior.

---

It's also worth noting that almost every antimalware product has an option to submit unknown binaries for analysis, and almost every one of those either enables it by default or very strongly suggests that you do so during setup to the point that I'd imagine most installations that aren't managed under corporate policy are submitting samples.

[mirimir]

Sure. But Windows users often installed it on Windows 7. And on Windows XP, as I recall.

Also, other anti-malware apps typically upload novel binaries. And their test machines likely run them, with network access, for the same reasons that Microsoft does.

So this exfiltration channel may well have existed for decades. Whether it's been used or not is an open question, though.

Edit: style

[mikepurvis]

I'm a Windows 10 user— I switched back after a decade of MacOS, and I've been really satisfied with it. It's a huge step forward from Windows 7/8.

[mikepurvis]

Seems nuts that they'd just randomly run every binary that comes to them in a crash report.

[mirimir]

I don't think that this is about crash reports.

Windows Defender, like many anti-malware apps, checks hashes of binaries. Anything that's new gets uploaded for testing.