Microsoft Admits Home Users Cannot Stop Windows 10 From Phoning Home

Microsoft VP Joe Belfiore recently admitted that home users are going to be hard pressed to stop the Windows 10 upgrade train.

Windows 10 has been reclassified as an optional update now so that if you have Windows configured to install optional updates, Windows 10 will be installed by default.

Early next year, Microsoft will reclassify Windows 10 again – this time as a recommended update.  Again, those users who have configured Windows to install recommended updates, the update will start the install when they do their normal updates.

Users will still have to click on the prompts and will be able to cancel the update, but for many users, that will wind up being too confusing and they will wind up upgraded to Windows 10.

Users will have a 31 day downgrade period where they will be able to uninstall Windows 10, but again, that will be too complicated for a lot of users.

This is all being done under the disguise of making it easier for you to upgrade to Windows 10 – whether you want to or not.

On the other hand, Microsoft is also admitting that home users will not be able to turn off core data collection and transmission — period, short of figuring out how to block traffic back to Microsoft completely.

They claim that this is because they know what is good for you and you don’t.  One more time, when you get something for free, there is likely a catch.

Of course at some point, the Feds may step in and “suggest” that Microsoft is being dishonest, but they are playing by the rules of the license agreement – the one that no one reads.

Windows 10 home users will also not be able to disable updates and in fact, Microsoft is not even telling them exactly what is being installed.

Maybe it is time to look at a Mac or Chromebook.

It even has the ability to log your browser history and your keystrokes.

If this sounds like a commercial for Apple, it might as well be – and in fact, Apple is already using this in advertising.

For Pro and Enterprise users, those users will be able to disable automatic updates.  This is a calculated move on Microsoft’s part knowing that businesses will just choose not to upgrade if they do not allow them to disable updates.  This is what Microsoft saw with Windows 8 – many businesses just never upgraded at all.

For enterprise users (for whom Windows is NOT free, so for whom they do not need to sell your data to pay for the software), those users will be able to disable ALL phone-home transmissions – again for the same reason.  For enterprise users, if they felt that Microsoft was uncontrollably snooping on them, they either would not upgrade or would block all traffic back to Microsoft at the corporate edge.

I am not sure how long this will last.  If Apple ramps up the advertising, it can’t be good for Microsoft’s business and they really won’t be able to respond, since what Apple is saying is accurate.

Stay tuned for updates.


Information for this post came from two Forbes – articles .

Android Security Is Improving – But Not As Good As iPhone

The Android community is slowly beginning to understand that they are going to have to step up to the plate and deal with security like Apple has done from the beginning.  The challenge is that unlike Apple, where there is one master in control, the Android community is fractured.  The only one who has any hope of pulling off a solution is Google.  They have the size (money) and the motivation to fix the problem.

Two examples popped up today.

First, Google has stepped up and is issuing monthly security updates – like Microsoft has done for a long time.  Some vendors, such as Oracle, choose to announce patches quarterly.  The advantage of that is that you only have to make 4 updates a year.  The disadvantage is that the patch releases are monstrous – with hundreds of patches  in each one – so many companies just ignore them.  Typically, Microsoft’s monthly patch release is in the low teens for number of patches and often those are bundled so users have to deal with less details.  Also, the bugs are fixed sooner with monthly releases.  I vote for monthly.

In this month’s Google patch release, there are two patches which can be exploited remotely with specially crafted media files (Argh!, again) – this is a continuing effort to clean up the fright fest which is Android’s media handling (called Stagefright – you may remember that there were two earlier patches to fix problems in Stagefright.  This is number 3.  Expect more – they are announcing them as they fix them).  There are also 3 other patches in this month’s collection.

Owner’s of Google Nexus phones will get these patches quickly.  Owners of phones from other manufacturers will need to wait until the manufacturers decide to release the patches.

I am an Android user and am seriously considering making a Nexus phone my next phone since Google seems to have gotten the security message.

The other article is about Android Bloatware or Crapware.  Those are the terms for all of the garbage that phone manufacturers think that you want and they need to add to differentiate their phones from their competitors.  In most cases, they are so sure that you want this garbage that they do not give you a way to remove it.  In fact, in many cases, they are being paid by the manufacturers of the software to install it on your phone, which is why they do not let you remove it.  This is another advantage that Apple has.  They control the phones.  Since there is no competition, they control the price and don’t have to install Crapware to subsidize the price of the phone.  This is one reason why Apple phones are more expensive than Android phones.

Google has a research team that hunts for bugs.  Besides hunting for bugs in Windows, Mac OSx and Linux, they are now looking inside Android phones.  This month, they announced, they found 11 bugs inside the Samsung Galaxy S6 Edge Crapware.  These bugs likely won’t be on a Galaxy S5 or on a LG phone as the crapware, for the most part is tailored to the phone.  Who did Samsung make a deal with for this particular phone.

The biggest risk is in software drivers – that software that talks to the hardware and has the most permissions.  That is where these bugs, for the most part, were found.

The good news is that Samsung has fixed these.  The bad news is that there are hundreds of phones and Google’s researchers do not the resources to review that many phones.

The manufacturers – like Samsung – need to realize that this is an impediment to sales and deal with it.

One more point.  The patches that Google released ONLY patch Lollipop (5.x) and Marshmallow (6.x).  Almost no one is running 6.x – it is brand new – and less than 15% are running 5.x according to a statistic that I just found.  Almost 75% of the Android users are running 4.x and the patches just released DO NOT protect those users.

In their defense, Apple does the same thing.  They patch the current release and one release back typically.

For Android users, they need to understand that if they are saving money by not upgrading their phones, they are at greater risk for being attacked because these old phones are not being patched.

As Google ramps up their security efforts and releases more patches, they are giving the hackers a road map for how to attack these old phones, making them more vulnerable every month.

Just food for thought.

Information for this post came from two articles in Network World – here and here.

FCC Going After Companies That Block Personal WiFi

Some of you may remember that the FCC fined Marriott $600,000 a year ago when it was disclosed that Marriott was blocking personal WiFi hot spots so that customers were forced to use the Hotel’s convention centers WiFi, which often costs hundreds of dollars a day or more.

This summer, the FCC fined Smart City, an ISP for convention centers and hotels, $750,000 for doing the same thing.

Now they are fining M.C. Dean $718,000 for blocking personal WiFi connections.  M.C. Dean charges exhibitors up to $1,000 a day for WiFi access at the Baltimore Convention Center.

The FCC has proposed to fine Hilton $25,000 for obstructing an investigation by failing to turn over documents for over a year.  They said that fine could go up a lot if Hilton continues to fail to hand over documents related to WiFi blocking.

From the hotel’s and provider’s standpoint, they don’t want anyone to interfere with their very expensive WiFi service.

From the FCC’s standpoint, the law says that you cannot block free spectrum even if it might interfere with you making money by selling access to that spectrum.

It certainly appears that blocking WiFi signals to force you to buy their service could be a standard practice at major hotel chains, especially in the convention center areas.  In my experience in staying at hotels, my personal WiFi hot spot often does not work.

The FCC says that the blocking tools are not exactly precise in nature and sometimes blocked WiFi signals in passing cars in Baltimore.

M.C. Dean said that they did use “auto-block” mode which automatically attempts to kill any WiFi connection that is not going to a paid session.

By fining these companies a few million dollars collectively, the companies are not going to go broke, but I would not be surprised if fines go much higher for repeat offenses.

The fine for jamming can go as high as $112,500 per act or $16,000 per day.  That means if you block just 1,000 sessions, you could be fined $112 million.  That would likely get people’s attention.  1,000 sessions could occur in 1 day at a busy convention center.

Unfortunately, as more people use WiFi, there will be competition for access and possibly more of this kind of activity.

Clearly, charging you $1,000 a day for WiFi access makes these hotels a lot of money.  Maybe not enough to pay a hundred million dollar fine, but a lot of money none the less.

On the other hand, if big companies start cancelling conventions over it, that will get the companies’ attention.

Material for this post came from Network World.