Jump to content

Windows 10 traffic - security concern

Bert

By Bert,
in Windows Client

 Share

Recommended Posts

  • Administrators
Jon Universalist

Jon

Posted
  • Administrators
Posted

It will be interesting to see when someone comes out with a detailed analysis of all this (there seems to be some questions over this article). Microsoft really know how to create bad PR for themselves, don't they? I'm trying to create a "corporate" image at the moment with all the unneeded settings disabled. There are GPOs for about two privacy settings, everything is registry hacks. That's appalling.

What is interesting is that 90% of this stuff existed in Windows 8.1 but because no-one ever took notice of it we didn't have these revelations.

Deployment Blog: https://www.autoitconsulting.com/site/blog/
SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted

for every os and software ever, since ever.

1) fire up a fresh image in a sandbox

2) let it sit for a day

3) go block every ip that the machine talked to on the host firewall and your network firewall

 

Sure they are a bag of dicks for not providing a handy mechanism to disable it, but so are adobe/oracle/cisco/google/mozilla/yourmother :)   We run them all through quarantine.

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted (edited)

I think the toughest one for me to stomach is 'Skype for Business'.  We havent gone o365 yet, Im waiting to see that light up our SIEM.

Edited by boththose 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
JohnOne Universalist

JohnOne

Posted
Posted

for every os and software ever, since ever.

1) fire up a fresh image in a sandbox

2) let it sit for a day

3) go block every ip that the machine talked to on the host firewall and your network firewall

 

Sure they are a bag of dicks for not providing a handy mechanism to disable it, but so are adobe/oracle/cisco/google/mozilla/yourmother :)   We run them all through quarantine.

It's a good notion, but microsoft could just covertly change the IP's or domains it uses in any update it wanted.

The whole reason I never got windows 8 is because I did not want a mobile phone on my PC, I was really hoping that windows 10 would not be that too. It's a real shame. I'll be using windows 7 until it's dead and start learning some linux OS in the meantime.

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted (edited)

Win 8.1 is pretty clean, it takes a minimal amount of effort to stop all updates from the internet in gp (stopping the calls home is still a firewall entry).  The risk of them breaking everyone who whitelisted the last update address, just to trick the people who have it blocked, is minimal.  As long as you are gentle, the public will give up the butt.

Edited by boththose 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
  • 2 weeks later...
Chimaera Universalist

Chimaera

Posted
Posted

Ive been using this to help with the known problems so far

It may not cover everything but seems to be a ok for a one use out the box solution

http://www.oo-software.com/en/shutup10

If Ive just helped you ... miracles do happen. Chimaera

CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices()

Link to comment
Share on other sites
  • 2 months later...
  • 3 months later...
iamtheky Universalist

iamtheky

Posted
Posted

 

  

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...