According To 8chan's /tech/, Windows 10 Could Be Fairly Malicious

[LAwLz]

Because picture evidence can be misinterpreted has happened many times before on place like 8chsn and reddit

Which is why people should test it out for themselves. In this thread people are just going "lol it's 8chan so it must be wrong" without even looking into it.

Speaking of testing it out, my Windows 10 install just finished. Going to apply all the default settings and then test out how legitimate all the claims are.

[Cainn]

Because picture evidence can be misinterpreted has happened many times before on place like 8chsn and reddit

Good point. Take Bruce Jenner for example.

[NAP51DMustang]

Or, you know, pick a time that you don't normally play Rocket League?

 

The point is, if you're always gaming at 3 AM, then don't set the update time to 3 AM.

If you leave it on Auto, it will pick a time where the computer is generally in Idle.

Eh, just poking good fun at Windows amazing timing on auto updating.

[LAwLz]

Okay I have been going through the claims in order to see if they are true or not. Here are my findings (using all the default settings when installing Windows 10).

I didn't blindly believe in 8chan so I went and checked it out for myself. If you don't believe in me and 8chan then I highly recommend you check it out for yourself too. I will gladly give instructions on how to validate the claims for yourself for anyone who needs them.

 

Microsoft owns Pando Networks, famous for the malware/botnet Pando Media Booster.

Windows Update in Windows 10 utilizes P2P by default, most likely the same P2P technology used by Pando Media Booster.

Essentially it turns your PC into a zombie host server, wasting your bandwidth serving updates to other computers.

This also means Windows Update might be utilized later to spread malware through the P2P system via 0days.

https://archive.is/Tqv7s

https://archive.is/s3BjC

https://archive.is/Yy9JB

This is correct although the threat is probably pretty small. It depends on how Microsoft designed the system.
There is always a risk of malware being spread when you fetch files from another persons' computer, but there are ways to prevent malicious things from being fetched and executed.
So anon on 8chan isn't lying, but the threat level is somewhere between almost non-existing and very small. It can also be turned off.
It is kind of worrying that the P2P part is enabled by default. A lot of people will probably not know about it and they will have their PCs stealing upload bandwidth in the background.



 

You cannot turn off "Telemetry" unless you own Windows 10 Enterprise Edition.

This means your computer will continuously leak unspecified information to Microsoft and there's no way of turning this off.

https://archive.is/3yo92

This is also true. I just looked in both the privacy settings as well as the group policy settings. It is set to full by default and it is impossible to set it any lower than basic unless you are using the Enterprise version.
I haven't sniffed the packets yet to determine what kind of data Microsoft collects but according to the privacy FAQ they link in the privacy settings they will use personal information for targeted ad purposes, and they will share your information with third parties.
 

How We Use Personal Data
Microsoft uses the data we collect to provide you the services we offer, which includes using data to improve and personalize your experiences. We also may use the data to communicate with you, for example, informing you about your account, security updates and product information. And we use data to help make the ads we show you more relevant to you. However, we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you.

 

Reasons We Share Personal Data
We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of Microsoft.

Source: https://www.microsoft.com/en-us/privacystatement/default.aspx



 

You cannot turn off "Real-time Protection", aka Windows Defender. Even if you do it will turn itself on again after a while.

This means you cannot prevent your PC from sending random files and information to Microsoft for "analysis".

https://archive.is/Dln44

Yep, this is true as well. In the settings for Windows Defender it says:

"This helps find and stop malware from installing or running on your PC. You can turn this off temporarily, but if it's off for a while we'll turn it back on automatically."
The image has not been photoshopped to say that. I haven't checked how long "for a while" is but I'll try and find it out tomorrow.



 

Cortana has zero local storage functionality and does not function unless you have a Microsoft Account connected.

It will even inform you about this if you try using it on a local account, and then shut itself down.

https://archive.is/2Vw55

I can't validate the "zero local storage functionality" but the rest is true. You have to sign in to Windows with your Microsoft account to use Cortana. No idea why.



 

Windows 10 start menu will have "Content suggestions" which are on by default, which means you'll be seeing ads.

https://archive.is/0ltgw

This seems to be true as well, and it will also show ads on the lock screen. BUT you can turn it off if you want. It will be on by default though.
 
Edit!: I am not sure about this one anymore. It used to be in the TP but they might have removed it. It's hard to tell because right now I don't have any ads in the start menu, but the option to disable it is gone. The option used to be in the start menu settings but it is no longer there. The setting is still in Windows because if you search for "Occasionally show suggestions in Start" without the "" it will appear as a result, but pressing it brings you to Start settings and the button is no longer there.

This means one of two things.

1) They removed the ads in the start menu.

2) They removed the option to not show ads in the start menu.

 

Hopefully it is scenario 1, but for now we don't know. If anyone sees a suggested app appear in the start menu then please take a screenshot and post it.
 
 
 
 
 

Windows 10 "Wifi Sense" will be begging for your Facebook account details so it can get to know you better.

It will also be sharing your Wifi password with all your Facebook/Skype/Outlook friends, their friends, as well as Microsoft.

https://archive.is/9HETF

https://archive.is/mO3aH

WiFi Sense is enabled by default, but sharing the network information for a network you sign in to is off by default. The button for sharing the network info is worrying close to the Next button, but I think accidents will be very rare.

 

If you are worried about this then you can add "_optout" without the "" at the end of your SSID and it won't be shared. So for example the SSID "ASUS" would be shared, but "ASUS_optout" will not.



Summary: Nothing in the post from 8chan is a lie. 3 of them can be disabled/opt-outed from and while Cortana don't have a setting for local users, it can be disabled (*puts on tinfoil hat* but we don't know if it's really disabled!!1!1! *takes off tinfoil hat*). The other 2 points are genuinely scary to me since you can't do anything about them, and they are 100% correct.

 

I will check out other things on other lists a bit later.

[dalekphalm]

Eh, just poking good fun at Windows amazing timing on auto updating.

I will say, on Windows 8 before I disabled auto restart, I had a few frustrating moments myself

[alicskysareblue]

Which is why people should test it out for themselves. In this thread people are just going "lol it's 8chan so it must be wrong" without even looking into it.

Speaking of testing it out, my Windows 10 install just finished. Going to apply all the default settings and then test out how legitimate all the claims are.

true I'm not giving it attention until am actual security expert confirms not because it's 8chan

[LAwLz]

true I'm not giving it attention until am actual security expert confirms not because it's 8chan

Why wait for "an actual security expert" when you can just look it up by yourself like I did?

Not giving it attention is a bad idea. You don't ignore a potential issue until it's confirmed that it's very bad.

[Cainn]

And by not being able to disable updates, they can at anytime... disable your ability to disable any of those options.

Free candy from Microsoft to get everyone "In the van"

[RH00D]

Why wait for "an actual security expert" when you can just look it up by yourself like I did?

Not giving it attention is a bad idea. You don't ignore a potential issue until it's confirmed that it's very bad.

 

Because most people actually know fuck all about security/networking/encryption and/or OS architecture and how things actually work. They just see something or some clickbait headline and freak out.

[alicskysareblue]

Why wait for "an actual security expert" when you can just look it up by yourself like I did?

Not giving it attention is a bad idea. You don't ignore a potential issue until it's confirmed that it's very bad.

I actually believe some of it just not all of it I'll check it out just haven't had time too

My experience is that while some of it is true the otherportion is misunderstood by people who are not as experienced and it can take a third party who is a trusted expert to be able to rule out the misconceptions.

With that said thanks for checking it out

[ExDreamer]

Okay I have been going through the claims in order to see if they are true or not. Here are my findings (using all the default settings when installing Windows 10).

I didn't blindly believe in 8chan so I went and checked it out for myself. If you don't believe in me and 8chan then I highly recommend you check it out for yourself too. I will gladly give instructions on how to validate the claims for yourself for anyone who needs them.

 

This is correct although the threat is probably pretty small. It depends on how Microsoft designed the system.

There is always a risk of malware being spread when you fetch files from another persons' computer, but there are ways to prevent malicious things from being fetched and executed.

So anon on 8chan isn't lying, but the threat level is somewhere between almost non-existing and very small. It can also be turned off.

It is kind of worrying that the P2P part is enabled by default. A lot of people will probably not know about it and they will have their PCs stealing upload bandwidth in the background.

 

This is also true. I just looked in both the privacy settings as well as the group policy settings. It is set to full by default and it is impossible to set it any lower than basic unless you are using the Enterprise version.

I haven't sniffed the packets yet to determine what kind of data Microsoft collects but according to the privacy FAQ they link in the privacy settings they will use personal information for targeted ad purposes, and they will share your information with third parties.

 

 

Source: https://www.microsoft.com/en-us/privacystatement/default.aspx

 

Yep, this is true as well. In the settings for Windows Defender it says:

"This helps find and stop malware from installing or running on your PC. You can turn this off temporarily, but if it's off for a while we'll turn it back on automatically."

The image has not been photoshopped to say that. I haven't checked how long "for a while" is but I'll try and find it out tomorrow.

 

I can't validate the "zero local storage functionality" but the rest is true. You have to sign in to Windows with your Microsoft account to use Cortana. No idea why.

 

This seems to be true as well, and it will also show ads on the lock screen. BUT you can turn it off if you want. It will be on by default though.

 

Edit!: I am not sure about this one anymore. It used to be in the TP but they might have removed it. It's hard to tell because right now I don't have any ads in the start menu, but the option to disable it is gone. The option used to be in the start menu settings but it is no longer there. The setting is still in Windows because if you search for "Occasionally show suggestions in Start" without the "" it will appear as a result, but pressing it brings you to Start settings and the button is no longer there.

This means one of two things.

1) They removed the ads in the start menu.

2) They removed the option to not show ads in the start menu.

 

Hopefully it is scenario 1, but for now we don't know. If anyone sees a suggested app appear in the start menu then please take a screenshot and post it.

 

 

 

 

 

WiFi Sense is enabled by default, but sharing the network information for a network you sign in to is off by default. The button for sharing the network info is worrying close to the Next button, but I think accidents will be very rare.

 

If you are worried about this then you can add "_optout" without the "" at the end of your SSID and it won't be shared. So for example the SSID "ASUS" would be shared, but "ASUS_optout" will not.

Summary: Nothing in the post from 8chan is a lie. 3 of them can be disabled/opt-outed from and while Cortana don't have a setting for local users, it can be disabled (*puts on tinfoil hat* but we don't know if it's really disabled!!1!1! *takes off tinfoil hat*). The other 2 points are genuinely scary to me since you can't do anything about them, and they are 100% correct.

 

I will check out other things on other lists a bit later.

 @SpaghettiCarbonara maybe you could add this in the main post since most people dismiss the claims since it coming from 8chan.

[Kamina]

The installation of W10 asks you about what info you want to send. It's like the best NSA operating system.

[SpaghettiCarbonara]

How the flying elves are people taking content from 4chan/8chan seriously, in any way, shape, or form??

 

For those of you screaming "look into the information before dismissing it", you really should follow your own advise, as these "problems" pertain specifically to this little thing called the INSIDER PREVIEW, where they need to collect the information for feedback.

 

There is no way to spin this; the only thing malicious about the information is the source itself, a clickbait to the n^th degree.

Ignore everyone, just click bait. Nothing to see here.

 

 

I am using the latest version of Windows 10 also used its previous versions and didn't notice any bandwidth usage outside of my normal use.

Because most people actually know fuck all about security/networking/encryption and/or OS architecture and how things actually work. They just see something or some clickbait headline and freak out.

 

I'd appreciate if you could hold back a bit with your "clickbait" screaming, thanks. As I said in my post, I don't know much about this topic, so I just wanted to spread the information to see if it's legit or not and see what LTT thought of it.

 

Edit: Thought I might add that if it's legit, it's important that people see it.

 

-snip-

 

Dude, thanks for your objectivity and input. This forum definitely needs more people like you.

 

 @SpaghettiCarbonara maybe you could add this in the main post since most people dismiss the claims since it coming from 8chan.

 

Absolutely!

[TOMPPIX]

there is a program called nodefender that can disable windows defender for windows 10

[Solkia]

 

This is also true. I just looked in both the privacy settings as well as the group policy settings. It is set to full by default and it is impossible to set it any lower than basic unless you are using the Enterprise version.

I haven't sniffed the packets yet to determine what kind of data Microsoft collects but according to the privacy FAQ they link in the privacy settings they will use personal information for targeted ad purposes, and they will share your information with third parties.

 

 

Source: https://www.microsoft.com/en-us/privacystatement/default.aspx

 

Fuck right off Microsoft

 

I really want to know what data is being recorded, I'm not dropping $120 on your shitty OS to be bludgeoned with anxiety.

[mr moose]

snip

 

Fuck right off Microsoft

 

I really want to know what data is being recorded, I'm not dropping $120 on your shitty OS to be bludgeoned with anxiety.

 

The privacy policy is pretty standard, it allows/informs you that MS has to pass your details on to banks/paypal/financial institutions in order to process purchases, pass on any information under court order or as part of any data laws in there respective countries.  And the third party sharing of information allows them to outsource services they sell to you.  For example without that clause they might have trouble sending you your purchase because they can't share your address with a third party shipping company.  You'll find almost every privacy policy is exactly the same. 

 

Also interesting to note that they print in black and white that they will not use content (email content, personal files, chat, documents, video etc) to direct ads.

[Solkia]

The privacy policy is pretty standard, it allows/informs you that MS has to pass your details on to banks/paypal/financial institutions in order to process purchases, pass on any information under court order or as part of any data laws in there respective countries.  And the third party sharing of information allows them to outsource services they sell to you.  For example without that clause they might have trouble sending you your purchase because they can't share your address with a third party shipping company.  You'll find almost every privacy policy is exactly the same. 

 

Also interesting to note that they print in black and white that they will not use content (email content, personal files, chat, documents, video etc) to direct ads.

 

You're sure it's nothing like internet activity tracking? I figured it purchase-related but I never know what Microsoft is cooking up.

[mr moose]

You're sure it's nothing like internet activity tracking? I figured it purchase-related but I never know what Microsoft is cooking up.

 

Not saying it isn't bad (or good or anything really) Just saying without it there is a lot of normal operations they couldn't do because it requires sharing information.  Also It reads almost identical to privacy policies from HP, ebay, paypal, facebook.

[SpaghettiCarbonara]

Not saying it isn't bad (or good or anything really) Just saying without it there is a lot of normal operations they couldn't do because it requires sharing information.  Also It reads almost identical to privacy policies from HP, ebay, paypal, facebook.

 

I don't know about the others, but isn't Facebook notorious for giving out your information willy-nilly?

[mr moose]

I don't know about the others, but isn't Facebook notorious for giving out your information willy-nilly?

 

As far as I know they use all information on the page (including personal chat) to direct ads. MS has specifically ruled that out.

[SpaghettiCarbonara]

As far as I know they use all information on the page (including personal chat) to direct ads. MS has specifically ruled that out.

 

I remember a bit of a shitstorm over the FB messenger app. From what I remember they were taking information from basically every area of your phone for advertising (including text messages, I think this included content).

 

One of the problems I have is they say it's for advertising, but we never hear about which advertising companies are getting our information, nor if they're actually advertisers.

[LAwLz]

Not saying it isn't bad (or good or anything really) Just saying without it there is a lot of normal operations they couldn't do because it requires sharing information.  Also It reads almost identical to privacy policies from HP, ebay, paypal, facebook.

Do you not agree that collecting an undisclosed amount of personal information without the majority of users' knowledge is a bad thing?

I think it's terrifying. According to Microsoft's previous definition of spyware ("Spyware can collect information or act on your computer without your full knowledge or consent."), Windows 10 is spyware.

 

It spies on the users without the full knowledge and consent.

 

"Others do it too" is not a justification by the way. All that shows is that other companies are as bad and evil as Microsoft, not that Microsoft itself is good.

[mr moose]

Do you not agree that collecting an undisclosed amount of personal information without the majority of users' knowledge is a bad thing?

I think it's terrifying. According to Microsoft's previous definition of spyware ("Spyware can collect information or act on your computer without your full knowledge or consent."), Windows 10 is spyware.

 

It spies on the users without the full knowledge and consent.

 

"Others do it too" is not a justification by the way. All that shows is that other companies are as bad and evil as Microsoft, not that Microsoft itself is good.

 

It's not undisclosed, the privacy policy tells you what is excluded from the data they collect, and they tell you what they are doing with it.   Many security companies have poured over windows before, MS even sends the whole source code to governments in order to show they have nothing to hide and aren't doing the dirty on their customers.

[LAwLz]

It's not undisclosed, the privacy policy tells you what is excluded from the data they collect, and they tell you what they are doing with it.   Many security companies have poured over windows before, MS even sends the whole source code to governments in order to show they have nothing to hide and aren't doing the dirty on their customers.

It's not undisclosed? Then can you please tell me what data they collect? Not in vague terms but like actual "they collect X and Y and Z and A and B".

All I can find are some very vague terms that don't actually tell you what they collect and how much.

 

 

That article about Microsoft getting the source code reviewed is 12 years old, and a lot has changed since then. For example Microsoft has entered the ad business and are far more interested in personal details now. Don't assume that Microsoft are exactly the same as they were 12 years ago.

 

 

Also you didn't answer my question. Do you or do you not think that collecting an undisclosed amount of personal information without the majority of users' knowledge is bad?

Like I said before, even Microsoft themselves classifies it as malware, regardless of how much info they collect.

[Astralify]

Ok, why is this forum full of micro$oft white knights? Who are you protecting? Anyway... Windows is going downhill. I knew that things will only get worse after windows 8. It as far as I see I was right. Widnows 10 is nothing more than a giant steaming pile of shit, that beats even vanilla 8 with it's bullshit. 

Also, everything mentioned in the OP is true. Here is more "reputable article" on the matter.