Is Windows 10/11 malware?

[GNULINUXPRO]

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Microsoft has backdoored its disk encryption, Installed universal backdoors (RAT), and spyware. Would this mean that Windows 10/11 is malware? and should windows developers be arrested for creating and distributing malware?

[Electronics Wizardy]

People generally seem to want windows, it does it job, and meets security standard like cmmc, pci, hipaa and others if configured correctly. I think it's pretty hard to argue its marware.

[GNULINUXPRO]

2 minutes ago, Electronics Wizardy said:

People generally seem to want windows, it does it job, and meets security standard like cmmc, pci, hipaa and others if configured correctly. I think it's pretty hard to argue its marware.

If there was a linux distro that had intentional backdoors in disk encryption, universal backdoors, and spyware, it would be removed and the developers behind it would be arrested. Just because people want windows doesn't make it not malware.

[TudorFinalBosz]

It's not malware if people paid for it and agreed: "yes, I have no problem if Microsoft datamines what I do with the system".

 

 

[Electronics Wizardy]

Just now, GNULINUXPRO said:

If there was a linux distro that had intentional backdoors in disk encryption, universal backdoors, and spyware, it would be removed and the developers behind it would be arrested. Just because people want windows doesn't make it not malware.

I'd argue that a lot of people wants windows, so its pretty hard to argue its malware if its software they want.  Generally malware is software people don't want, and people keep buying systems with windows, and not replacing the OS.

 

You listed a old article for your fde point, and they don't seem to do that for bitlocker(gov has failed to decrypt bitlocker drives in court cases from memory).

 

I think there is a good argument for windows updates that can't be turned off. You can do it as a it admin if you need to, but for the vast majority of users, forcing updates will make it more secure. Same with the fde key tied to an account. You can use bitlocker if you want to manage your own keys, but people get pretty unhappy if they lose access to all their files when they forget a password.

[y0ur5h4d0w]

1 hour ago, GNULINUXPRO said:

should windows developers be arrested for creating and distributing malware?

they should have been all arrested for releasing windows 11 24h2 in that awful ass state that made IT tech jobs 10x more difficult because we have to troubleshoot their shitty patches....

[DraconisMaximus]

2 hours ago, GNULINUXPRO said:

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

By this definition of malware I would argue that Windows is not malware simply because it IS the system. Yes, Window is rapidly circling the toilet. But that is like defining raw sewage as "Something nasty that fills a toilet" then if Kohler made a toilet that sprayed sewage at the user then defining Kohler as a sewage manufacturer instead of a defective toilet manufacturer.

[NoLeafClover]

On the FDE point, this isn't a "backdoor", at least not in the traditional sense of the term. It doesn't weaken or bypass the actual encryption used, but it does somewhat undermine its overall utility in the sense that another party (Microsoft) has access to the recovery key.

 

Given the ubiquity of Windows on consumer devices, I personally view this as an acceptable trade-off that overall benefits most people, especially in laptops / portable devices. The most likely adversary to obtain physical access to an average person's device are criminals, thieves, robbers, and maybe shady repair shops snooping around if you need to take your device in. Not spies, data mining companies, or government actors. From this perspective, having your data secure and protected against the most likely adversary (i.e. criminals) while allowing the average person to easily "recover" their data with minimal effort is sensible and the right thing to do for a default consumer set up. The benefits here outweigh the downside of the backed up key.

 

People who are technical enough to understand the implications of MS storing the recovery key can take further action to set-up their device w/o this, if they so wish. The CLI "manage-bde" tool offers plenty of options for manual set-up, including using AES256 (AES128 is the default).

 

Remember, security is always a trade-off. This is why risk assessment and security modelling is standard practice - what are the risks, and who/what are you trying to guard against. What data are you protecting? Is the data so critically sensitive that it may be best not stored on a device with easy physical access by an unauthorised party? Even if MS doesn't have the recovery key, you might wish to make a "paper copy" of it as it's sensible. Then where do you put it? In a safe box? What if an adversary breaks into your safe? Maybe off-site? Etc. etc.

[Hideki Ryuga]

4 hours ago, GNULINUXPRO said:

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Microsoft has backdoored its disk encryption, Installed universal backdoors (RAT), and spyware. Would this mean that Windows 10/11 is malware? and should windows developers be arrested for creating and distributing malware?

No because it's authorized.

 

You authorized it by agreeing to the license terms of the software.

[Potatoes__]

20 minutes ago, Hideki Ryuga said:

No because it's authorized.

 

You authorized it by agreeing to the license terms of the software.

This. 

You won't sue a snack company for trying to poison you with their junk food because you know it's junk food and you know how it's made, yet you still bought and ate it. Same analogy for windows and many other predatory software - you know it steals yo info, you know it has backdoors, and it literally says so in the licence agreement which you are supposed to read. If you still use it that's on you.

 

4 hours ago, GNULINUXPRO said:

If there was a linux distro that had intentional backdoors in disk encryption, universal backdoors, and spyware, it would be removed and the developers behind it would be arrested. Just because people want windows doesn't make it not malware.

I really doubt that north korean and ruzzian distros designed and mandated for government/military use have no such things but I digress. Linux distros with intentional backdoors would be slammed by the community because Linux community generally cares about such things and is more mobile in terms of distrohopping (versus moving from windows entirely). And even then nobody would be "arrested" because all it takes to rid yourself of responsibility for spyware or whatnot is a few lines in the licence agreement.

 

Lastly, from the legal point of view, it is not as simple as "somebody made a malware -> jail em" kind of situation. English is not my first language so I may have troubles explaining this point. Suing someone for "making and distributing dangerous malware", provided that this is a regulated and codified crime in your area, usually means that you've intentionally made a malicious piece of software with an explicit malicious intent, while actively hiding this intent from victims or running it without their consent. So a password stealing worm that self-replicates via USB sticks is malware, while some idiotic AI doodad that records your personal information is not because you know it does so, you agreed to it, and even paid for it.

 

Buuuuut, it also depends on the consequences of said software for you. Say if microsoft gathers your keyboard input or whatever and uses it to "improve our services and products blah blah" - thats plausible, but if microsoft straight up takes your credit card info and siphons your money from it for no reason that's theft. Or, if they gather your personal info to "better serve you and personalize our services" that's one thing but if they straight up steal your identity and do all the harmful identity theft stuff that a shady scam call center would do - that's a crime. But in both cases, that won't be as much as a "malware distribution" kind of crime but a "CC fraud and ID theft" kind of crime. Hope I was clear enough 

 

P.S. windows suggs

[FilipposTechGR]

17 hours ago, TudorF said:

Δεν είναι κακόβουλο λογισμικό αν κάποιος πλήρωσε για αυτό και συμφώνησε: «ναι, δεν έχω κανένα πρόβλημα αν η Microsoft υποκλέψει δεδομένα από ό,τι κάνω με το σύστημα».

 

 

Windows 10/11 aren’t malware by definition  they’re commercial operating systems. Malware is software intended to damage or gain unauthorized access. You may not like Microsoft’s telemetry, update policies, or design choices, but those fall under privacy and usability debates, not malware classification. If you prefer more control, Linux or BSD are great alternatives, but calling Windows malware isn’t accurate.

[GNULINUXPRO]

1 hour ago, FilipposTechGR said:

Malware is software intended to damage or gain unauthorized access.

Microsoft includes software that is intended to damage or gain unauthorized access.  Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows. (this is damaging to the users system through unauthorized access). Users could not consent and were forced to have their software they choose to install removed.

[FilipposTechGR]

5 minutes ago, GNULINUXPRO said:

Microsoft includes software that is intended to damage or gain unauthorized access.  Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows. (this is damaging to the users system through unauthorized access). Users could not consent and were forced to have their software they choose to install removed.

I get your point about Microsoft forcing updates removals, but I’d still argue that malware usually implies intent to exploit or harm the end-user, not just enforce a vendor’s policy. In Microsoft’s case it’s more about control and forced compliance, which is frustrating, but not quite the same as traditional malware.

[Nayr438]

11 hours ago, GNULINUXPRO said:

Microsoft includes software that is intended to damage or gain unauthorized access.  Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows. (this is damaging to the users system through unauthorized access). Users could not consent and were forced to have their software they choose to install removed.

Its a system update that removes a non functioning version of flash player installed by a previous Microsoft update, no backdoor was used. This also  doesn't affect software you installed. If this is your definition of malware and a backdoor then every OS with an updater meets this.

 

The "backdoor" you also link to is a self update system for the windows update system itself not the rest of the system. This makes sense, you don't want a lack of updates to the system to potentially break the updater itself. Windows update itself can however be entirely disabled per their reference.

 

Don't buy into the GNU nonsense which you keep referencing, by their definition anything that's not entirely open source is malware and probably has a backdoor which is entirely false.

[Indian pc builder]

i'm ok with microsoft having my data as long as they keep maintaining their system and keep it this user friendly, i tried running ubuntu and truenas scale on my server, and they are just so much more painful

 

- the realistic average person who tried linux answer statistically

[Aeternalis]

On 9/3/2025 at 2:07 AM, GNULINUXPRO said:

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Microsoft has backdoored its disk encryption, Installed universal backdoors (RAT), and spyware. Would this mean that Windows 10/11 is malware? and should windows developers be arrested for creating and distributing malware?

The OS meets its purpose of facilitating the use of your computer, so no, it's not malware. I have a lot of issues with windows and haven't used it outside of work for a couple years but let's not be hyperbolic.

 

Adware and spyware? Absolutely, but the whole program is not malicious. 

[CasonPlayz]

On 9/3/2025 at 1:07 AM, GNULINUXPRO said:

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Microsoft has backdoored its disk encryption, Installed universal backdoors (RAT), and spyware. Would this mean that Windows 10/11 is malware? and should windows developers be arrested for creating and distributing malware?

yes

[Mark Kaine]

On 9/3/2025 at 12:30 PM, Hideki Ryuga said:

You authorized it by agreeing to the license terms of the software.

I mean that take is so weird....

 

 

Did they *really*? Does Microsoft explain this all in a none misleading manner?

 

How much of the "agreed" stuff is actually legal? And you know that how?

 

 

[Mark Kaine]

On 9/3/2025 at 8:07 AM, GNULINUXPRO said:

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Microsoft has backdoored its disk encryption, Installed universal backdoors (RAT), and spyware. Would this mean that Windows 10/11 is malware? and should windows developers be arrested for creating and distributing malware?

By definition it is... But it's software, hardly regulated... 

[Hideki Ryuga]

6 hours ago, Mark Kaine said:

How much of the "agreed" stuff is actually legal? And you know that how?

I'm not a lawyer. But you do have to agree to a bunch of stuff before using the service.

 

... Just use linux?

[Mark Kaine]

1 hour ago, Hideki Ryuga said:

I'm not a lawyer. But you do have to agree to a bunch of stuff before using the service.

 

... Just use linux?

Well yes, I'm just saying there's (likely) a bunch of hidden or unclear stuff, or stuff that's outright not legal (GDPR)

 

Just because you "agree" to something doesn't make it automatically ok or legal.

[akira_cachyosbtw]

On 9/3/2025 at 7:07 AM, GNULINUXPRO said:

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Microsoft has backdoored its disk encryption, Installed universal backdoors (RAT), and spyware. Would this mean that Windows 10/11 is malware? and should windows developers be arrested for creating and distributing malware?

well in theory yes but in practice no 

[Aeternalis]

On 9/14/2025 at 11:31 PM, Mark Kaine said:

I mean that take is so weird....

 

 

Did they *really*? Does Microsoft explain this all in a none misleading manner?

 

How much of the "agreed" stuff is actually legal? And you know that how?

 

 

If there's an issue with the Windows license, I'd suggest finding a lawyer because the fact that the headline product of a 4 trillion dollar company has that issue is one hell of a discovery. 

[Lurking]

1 hour ago, Aeternalis said:

If there's an issue with the Windows license, I'd suggest finding a lawyer because the fact that the headline product of a 4 trillion dollar company has that issue is one hell of a discovery. 

Especially since MS had been in many trials by many governments. You would think all those entities have qualified lawyers who went through everything already. It is unlikely someone on this forum will find something illegal that all those trained lawyers and judges haven't found.