Friday, November 13, 2015

Windows Insanity

Unsolicited Advertisements

To add insult to injury, Microsoft Windows 10 now displays advertisements right in the File Explorer. 

I'll leave it to you to figure out why that is a very bad security problem.

 

Rusted Sieve

Windows 10 is about as secure as a rusted sieve, with a few deliberate holes poked in it for good measure.  Microsoft essentially tries to convert your Personal Computer into a cell phone, which is a purpose built blabbing and tracking device.  They don't seem to understand the word 'personal' in 'PC' though.

https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/what-is-diagnostics-tracking-service-which-was/253fe2ec-fba6-4240-bfb8-2a3bdc801ed1?auth=1

Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.

Recently, the Diagnostics Tracking Service (DiagTrack) service was renamed to the Connected User Experiences and Telemetry service.  Sigh...

Microsoft, in their infinite wisdom, hooked up a plethora of tracking systems and tunnels, to capture your keystrokes, your voice, every address you visit on the web, your WiFi router passwords and your disk drive encryption keys.  I guess they figured that your camera is already captured by Skype, so they didn't need to add that to the list.  I can see many a giant law-suit lurking on the horizon because of this.

To further rub salt into the wounds, a long laundry list of CIA exploits have been published by WikiLeaks http://www.bbc.com/news/technology-39221421 - these are mostly for Windows.  The point being that Windows already has enough holes and it doesn't need Microsoft deliberately adding more.

Irresponsible Use

At this point, all I can say is that using MS Windows for anything except maybe playing games, is irresponsible.

You should not risk using MS Windows for shopping, banking, business or government.  It is not suitable for that.

Here is a list of utilities that can be used to attempt to clean Windows 10 and try to prevent it from blabbing to all and sundry about everything you do with your computer.

ShutUp10

http://www.oo-software.com/en/shutup10

Techne

http://techne.alaya.net/?p=12499

DisableWinTracking

https://github.com/10se1ucgo/DisableWinTracking

BlockWindows

https://github.com/WindowsLies/BlockWindows

GWX Control Panel

http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

Spybot Anti-Beacon

https://www.safer-networking.org/spybot-anti-beacon/

Evil Addresses

A list of evil hard coded addresses I found, that should be blocked in a router:
134.170.30.202
137.116.81.24
204.79.197.200
23.218.212.69
65.39.117.230
65.55.108.23

I have no idea what these addresses are and there may be many more.  These are hard coded connections in Windows, that cannot be blocked with a domain name server or hosts file.

Domain Names

My hosts file that I made after looking at packets with tcpdump:
127.0.0.1 dns.msftncsi.com
127.0.0.1 ipv6.msftncsi.com
127.0.0.1 win10.ipv6.microsoft.com
127.0.0.1 ipv6.msftncsi.com.edgesuite.net
127.0.0.1 a978.i6g1.akamai.net
127.0.0.1 win10.ipv6.microsoft.com.nsatc.net
127.0.0.1 en-us.appex-rf.msn.com
127.0.0.1 v10.vortex-win.data.microsoft.com
127.0.0.1 client.wns.windows.com
127.0.0.1 wildcard.appex-rf.msn.com.edgesuite.net
127.0.0.1 v10.vortex-win.data.metron.life.com.nsatc.net
127.0.0.1 wns.notify.windows.com.akadns.net
127.0.0.1 americas2.notify.windows.com.akadns.net
127.0.0.1 travel.tile.appex.bing.com
127.0.0.1 www.bing.com
127.0.0.1 any.edge.bing.com
127.0.0.1 fe3.delivery.mp.microsoft.com
127.0.0.1 fe3.delivery.dsp.mp.microsoft.com.nsatc.net
127.0.0.1 ssw.live.com
127.0.0.1 ssw.live.com.nsatc.net
127.0.0.1 login.live.com
127.0.0.1 login.live.com.nsatc.net
127.0.0.1 directory.services.live.com
127.0.0.1 directory.services.live.com.akadns.net
127.0.0.1 bl3302.storage.live.com
127.0.0.1 skyapi.live.net
127.0.0.1 bl3302geo.storage.dkyprod.akadns.net
127.0.0.1 skyapi.skyprod.akadns.net
127.0.0.1 skydrive.wns.windows.com
127.0.0.1 register.mesh.com
127.0.0.1 BN1WNS2011508.wns.windows.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 settings.data.glbdns2.microsoft.com
127.0.0.1 OneSettings-bn2.metron.live.com.nsatc.net
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 win8.ipv6.microsoft.com
127.0.0.1 go.microsoft.com
127.0.0.1 windows.policies.live.net

How Many More?

If the above lists haven't convinced you to shun this super quality spying system, then consider that there may be many more leaks that we haven't found yet and as soon as Microsoft figures out that most holes are plugged by the above tools, then they are sure to add new ones to keep the data flowing - as evidenced by the recent rename and rework of their networked sniffing service.  It is bound to keep happening to throw off the defenders.

Therefore I still think that the only somewhat secure way to use Windows 7, 8 and 10 is in a virtual machine with networking disabled.  The trouble is that you cannot analyze encrypted tunnels with packet inspection in a router, so you have to unplug the network cable.

The only real solution is to use UNIX - buy a Mac, install Red Hat Linux Fedora or BSD, since securing MS Windows is a futile game of Whack a Mole.

In addition, Windows also has a low level exploit in the UEFI BIOS, that allows a perpetrator to install WPBT code that will run before the system starts up.  This was supposed to be used for an anti-theft system, but MS botched it.

Amusing use of WGA Remover

The most amusing fix, is to install Windows 7 and then run WGA Remover instead of registering it.
http://www.majorgeeks.com/files/details/wga_remover.html

Microsoft will then think that you are running an illegal copy and out of sheer spitefulness will not offer you any unsolicited Windows 10 bugs, adware and downgrades, but you will get security updates.  I recently tried it and it seems to keep Win7 Pro from morphing into Win7.10 Shopping Channel Edition.

I like this approach, since it reflects their attack upon our sensibilities right back to them.


A Simple Fix for the Windows 7 Black Screen Annoyance

You don't normally need to download any special tools to fix Windows Annoyance problems, but you need to be aware that there is a user higher than Administrator, called Local User.  So you need to take ownership of a couple of files in the system32 directory, then zap them.

Click Start, All Programs, Accessories, Right Click on Command Prompt and select Run As Administrator, then:

You can use slmgr to input the key if the machine is online or if you have a phone and the right number and depending on where you are in the world, that may be a tall order.

Zap a couple files in the system32 directory:C:\> cd \windows\system32

Take ownership of the sppcomapi.dll file and rename it:
C:\> takeown /f sppcomapi.dll
C:\> ren sppcomapi.dll sppcomapi.dll.bad

(If the above doesn't work due to the file being in use - restart and try again and if that doesn't work either, get the Microsoft 'handle' utility:
https://technet.microsoft.com/en-us/sysinternals/bb896655
Run 'handle filename' to list all matching handles, then 'handle -c id -p pid' to release it.
)

Make an empty file to replace it:
C:\> nop > sppcomapi.dll

Take ownership of the slui.exe file and rename it:
C:\> takeown /f slui.exe
C:\> ren slui.exe slui.exe.bad

Make an empty file to replace it:
C:\> nop > slui.exe

Now the Windows Annoyance system cannot run.

Reboot Windows
Log in

Right click on desktop, personalize:
Reset the desktop background to something pretty.


Once you turned all the junk off, Windows starts up and runs significantly faster.


-. --- / .-- .. -. -.. --- .-- ... --..-- / -. --- / -.-. .-. -.--

Sigh...

Herman

No comments:

Post a Comment

On topic comments are welcome. Junk will be deleted.