Letter: COMPSEC Warning on Windows 10 Updates

Dear Editor:
I used to have respect for Kim Komando, but after reading her article about the recent Windows 10 update, I have moved her to my “don’t trust” list. Let me explain:

For my own COMPSEC I only connect to the internet wifi while I am actively using it and even then I monitor the data and CPU usage in real time using task manager. That way I know which program(s) are active. About 10 days ago, I detected the Windows 10 update in progress. It eventually took Four Hours of machine time (6X the usual time) and ate 5 gigs of data–more than enough to completely reinstall an operating system.

When the time stretched on, I became curious about what it was doing and I caught it doing a full scan of every file and program on my hard drive. This was a detailed scan and I could determine that it had actually changed at least one program (McAfee Web Advisor of all things) in addition to adding restrictions to the Windows features. (Komando touts a your ability to pause windows updates now for 7 days. Before the update, you could pause them for a month.)

After the scan was completed there was a period where the data flow was FROM my computer to Windows. That has never occurred during an update before.

The update also changed the IP address on my computer which set off security alarms when I checked gmail.

I don’t know whether that is now a standard procedure or targeted, but I do know that the SurvivalBlog bookmark is prominent.

Some recent searches have made me suspicious that there is also new tracking of internet activity through Windows 10–irrespective of the browser being used.

I thought I’d give you a heads up. After all, as you know Windows has declared itself a “service” (not a software company) and the similarities to some of the other “services” (YouTube, etc.) that have censored/blocked users for “undesirable” content, I am quite uneasy about their intent and will be taking steps to move to an alternate (open source) operating system.

I am not generally a fanciful person, but too many pieces are beginning to fit together. With the new 7-day limit for blocking “updates” you cannot deny the corporation access to your own computer for any longer period. I have to wonder whether it has less to do with updates than with monitoring. – Mr. C.




31 Comments

  1. @COMPSEC

    I use my TOR browser which allows me total anonymity across the WWW. Use VPN for added protection. I NEVER download any updates for my MAC, I just take it in to an Apple store and allow them to clean the hard drive once a year and they update the new OS for free. With a MAC you can demur indefinitely.

      1. I’m right there the entire time! They don’t even take in the back room. We stand at the table and he hooks a cord to it.

        It really doesn’t matter anyways, because i have already whacked the hard drive removing everything and then using tools such as bit bleach to overwrite what was there.

        Just to be safe: my “OPSEC” files are on another mac almost two decades old now with not hook up to the Internet.

  2. Re: Windows 10

    Having left Window behind years ago, the peace of mind has offset the hassle factor of the software issues of Linux based OS. Linux is not widely used, and one cannot download software easily, so interfacing with the rest of world that is Windows dominated can be inconvenient. Recommend the Linux version, Mint, or if you are a fellow radio geek, then Skywave Linux 3.02. If using a computer for mostly browsing, the experience is virtually the same as Windows, after a short period of familiarization. The Fire Fox browser on Linux is the same as Windows.

    Older and slower machines will have a new lease on life as well, and can remain serviceable for many years after the expiration date for Windows based OS that require faster processors to process your data for their purposes, not yours. And there are no updates. Why? Updates almost not needed, but only after period of many years. And if, and when you chose to up date, it is completed, usually in minutes, not hours! There has never been a virus problem, and no virus protection is needed for Linux. And one can do a temporary, or dual boot of a Linus OS on top of a Windows or along side of Windows, just to check it out. Purchase price is Zero! Do this with an older machine, even replace the Windows XP on something that will not run on the net now, and it will once again be useful for browsing.

    No, I do not trust Windows, and especially Window 10, that forces the user to submit to regular updates that Linux does not need, because this kind of updating is not necessary, but an opportunity for Big Tech to use you. Although I cannot prove it, IMHO, Microsoft is invading, collecting data, and manipulating during their update. Incrementally, they are moving the Overton Window, to the point where your machine, becomes their machine to program you. If you doubt that their tentacle is there, why do you not seriously consider Linux? After years of using Linux, that is an honest operating system that runs flawlessly, and for free, there is no need to use the enemies platform for browsing.

    1. Sorry Tunnel Rabbit, but “And there are no updates. Why? Updates almost not needed, but only after period of many years.” This is not true.

      I am an avid Linux Mint, Ubuntu and CentOS user for 10 years now. There are ALWAYS updates that are released frequently for security patches and bug fixes. Again, “head in the sand” naivety to think otherwise.

      Learn the Linux command line Package Manager called “apt-get”.

      Launch Terminal and enter the following commands:

      Step 1: Fetch the updates available for your computer using apt-get update command:
      sudo apt-get update

      Step 2: You can then use apt-get upgrade command will upgrade the current packages
      sudo apt-get upgrade

      Step 3: Finally use the distribution upgrade command. This command also intelligently handles changing dependencies with new versions of packages. It will attempt to upgrade the most important packages at the expense of less important ones if necessary. The dist-upgrade command may, therefore, remove some outdated and broken packages.

      sudo apt-get dist-upgrade

      Install only Security updates on Ubuntu, Linux Mint, and elementary OS from Terminal

      At times to save time on remote machines, you may want to launch terminal and only install the security updates.

      You can use the unattended upgrade command which will silently install updates without user interaction.

      sudo apt-get install unattended-upgrades

      Instead, if you want to have an interactive installation, use the display parameter:

      sudo apt-get install unattended-upgrades -d

      Hope this helps. Best not to think you can just run updates every few years. This is 1980’s thinking. I have been in IT full time since 1981, so I should know.

      1. Thanks for the update! I am not an IT guy. Yes, you are correct. It was 2 am last night. What I should have explained is that I use my computer to only browse the net, and have found that updating is not necessary for my computers, if used only for that purpose. If Linux can do that, then Windows can do that, so why does Windows 10 force us to update? Why does Window update take so long as compared to a Linux update? There are probably good reasons to update, if one is doing something more than browsing. I do not want to give up control. I do not trust Big Tech that is now censoring us. I’ve had a program on Windows 10 be intentionally removed from my machine as I watched! That is invasive! They can sweep the WWW, and remove our data at will. Several times I’ve watched them do this, a virtual book burning, to attempt remove knowledge from the public. After the Fukushima Daiichi nuclear disaster, many persons reported that video was removed from their machines… There are other examples.

        Linux is not easy to operate like windows, but even this 1980’s dummy can manage to stay on the net with Linux. Again, thanks for the update.

  3. This part makes no sense: “The update also changed the IP address on my computer which set off security alarms when I checked gmail.”

    First of all, unless your Internet setup is different than 99% of users, you are behind NAT on a router so your IP address from the perspective of the Internet or of gmail is the IP address of your router, not your PC.

    Second of all, gmail or Yahoo mail or any web site doesn’t care about your local PC IP address changing. Your router’s IP address is not fixed either. It is assigned by dynamically by the ISP. Your PC IP address under NAT is assigned by DHCP lease which has an expiration time, thus you will not always have the same IP address on your PC. Microsoft doesn’t change that, your DHCP service of your router does.

    Third of all, why are you worried about Microsoft, when the even bigger evil is Googlag Mail. You should be using a paid subscription to Proton Mail with a VPN and dump gmail.com.

    Fourth al all, you say “After the scan was completed there was a period where the data flow was FROM my computer to Windows. That has never occurred during an update before.” Well, I presume your second PC is also Windows. Win 10 has a bandwidth saving feature (for Microsoft, not you) that is configurable, that allows one PC to provide updates over the Internet or your local subnet to other Windows PCs. Check in “settings -> update & recovery -> Windows Update
    click on ‘advanced options’
    click on ‘choose how updates are delivered’”

    Finally, not applying security updates regularly is a very bad idea. Anyone in the security industry, as I am, knows you must always update OS, software, apps, routers, etc. with the latest weekly or monthly security fixes. To not do this is insane in the evil modern world we live in.

    The same goes for the macOS or Linux or evil Android or iOS — update immediately with the latest patches / updates. Any other thinking is “sticking your head in the sand”. This means you Jefferson Davis with “demure indefinitely” Macintosh yearly to an Apple Store. Good luck.

    Hope this helps. P.S. I am a Microsoft Certified engineer.

    1. I don’t use a PC like most others. My work is done on an over a decade old MAC and any files are ported to my newer “internet” PC via USB when transferring files. I know a virus could attach to the document between transferring but I scan everything on the newer “internet” PC with up to date virus software prior to any transfers.

      In addition, there are articles written where the “NSA/FBI” pushes “things” to selective PCs. Remember that JWR had the FBI insert “something” on his server back in 2011 ish… I remember vividly because that was the year I stumbled upon his great treasure trove and been a follower ever since. If I have to go monthly to the Apple store which I do anyways, then I will update the PC every time then. I DO NOT update anything on my PC except virus files from Norton off the “nasty” Internet.

      Also, about Proton email. They take a credit card. Traceable!!! I use free email and ones that don’t require a second email as backup nor cell phone, nor credit card.

      Proton used to be that way early on but now they have more information on you you that can pinpoint NSA to you quicker than the Clinton’s on Epstein.

    2. To Jefferson Paine:

      Windows 10 is stealing personal data which has no bearing on security and use-ability.

      Your Windows 10 system will be more stable and perform better if you NEVER update.

      There are only three things a user needs to do to have a secure Windows 10 system, and it takes less than 5 minutes to do them all.

      The Windows Firewall will not block certain things, even if you put in specific rules. This is an inexcusable violation of trust for a firewall and it should NEVER be used in any capacity.

      If you look at the data being sent from your PC you would not think that Google or anyone is worse. They are all bad, but Microsoft collects things they have no use for, such as ALL your searches anywhere in Windows.
      They send usage metrics back when you use calculator or paint. What is the point of that?

      Install Firefox and Ad-Block Ultimate. Turn off Windows Update. Delete all scheduled tasks from Microsoft as they will cause Update to come back on against your wishes.

      Now enjoy a fast computer which will keep working the exact same way for many years with out issue.

  4. I’m moving toward linux operating system on my computers. I now have three laptops for different purposes. An old Windows XP for backup and archives which will never be allowed back on the web. A newer windows 7 machine for heavy duty work and limited web access (mostly for making on-line purchases and downloading my bank statement) and the newest laptop running linux and the Brave browser. I use this newest machine for all my web browsing and news. I trust none of these tech giants

  5. Looked in my settings.
    There is a box that says defer but it will not tell me what or how long.
    just refers me to a help page.

    Some apps were turned back on to run in the background.

    I loved win 95, liked 7 but unhappy with 10 in any form.

    Remember it’s “free” so there’s going to be issues that we cannot change.
    If it was something people had to pay for, enough complaining and there
    would be positive changes.

  6. Doesn’t the Win10 1903 update basically replace the OS?

    MS released some PR that they were moving away from incremental updates to the biggies like 1903. I think there was good coverage on some of the tech websites.

    A full discussion of alternatives, no matter what level of practicality/utility they offer vs what sort of actual trail they leave is too huge of an undertaking for the comments section of a thread on some good observations that beg more specific questions. Perhaps in another place and time.

    Back to this observation there seems to be a lot of troubles with the major Win10 updates, yes they largely replace significant portions of the OS, yes these large updates also trigger other updates – especially among highly integrated/embedded programs like McAfee, yes McAfee is itself suspect of not always playing fair with the end user, and if you have specialized programs with intense audio drivers these large updates do mischief to those drivers requiring professional grade help to fix, and yes MS has wanted to reduce the delays typical users have available to defer upgrades.

    We’re seeing similar force-the-update strategies in other OS products, so don’t think you can escape completely with alternative platforms.

    Create restore points and do backups regularly, make good decisions on what personal data you leave on your PC and remember privacy is relative with drawing attention as much of consideration as absolute privacy.

    Good Luck in a world your truly only partially control and perhaps see even less.

  7. Learn to use free VirtualBox from Oracle to run your Linux or Tails OS within a “Virtual Machine” under your macOS, Windows 10 or Linux. Other than booting up under Tails / Tor with a USB thumb drive, this is one of the best, most secure, and easily backupable and restoreable methods. The other, even better, but slightly more technically complicated, if you are a macOS or Linux user, is to launch Linux under Docker as a container and connect to it with ssh.

  8. The IP address had to be the external IP, and almost all ISPs use DHCP (I have static IP addresses). Even VPNs change exit IPs occasionally. You should also disable WebRTC https://diafygi.github.io/webrtc-ips/ DHCP Can change your IP, which is why there is DynDNS and other services.

    As to Windows 10, I suspect either the update or something else (re)enabled indexing on your main drive. I have this disabled on every machine I use – index CONTENTS of files (Drive->properties – you can also enable compression and apply it to all files). You can half-disable Cortana, but as mentioned, Microsoft now wants to be a service, not a product company.

    There may be other hidden ways to delay updates up to a year IIRC a broadcast, but after Win 7 loses support, I’m moving to Linux.

    I also block ads (incl. tracking) plus malware both at the browser and the hosts file level, see https://github.com/StevenBlack/hosts, adding things like google-analytics and other tracking only sites.

  9. I don’t like or trust Windows 10 but… I find I have to use it in some cases so I keep working with it as best I can.

    Here are some resources for those of us who need to keep running windows:
    A great reference / help site: https://www.askwoody.com/
    Sign up for the newsletter and get useful information about the ‘fixes’ / patches and other stuff about all the versions of windows.

    A good resource for computer programs/tools: https://www.oldergeeks.com/index.html (from the Ask Woody site)
    A recent recommendation from them: https://greatis.com/stopupdates10/

    I will guess there is no one perfect solution but hopefully this will help some. I’ve got an older Mac too and that has issues as well. Linux will likely be my next move when I “have to” change computers.

  10. It isn’t just Windows, it is using gmail or any other Google product such as Chrome, as they have built in intrusive algorithms that scan pretty much any document you have on your computer including all email, email address books, etc.
    If you want good COMPSEC, get rid of all Google products.

      1. I use the Brave browser. I have concerns with this as it is based on Google’s Chrome browser. If I make modifications, add extensions, etc. I’m always sent to the Chrome store to make the change. Looking at Opera, not sure what to do at this point.

        1. Use TOR browser. The cia invented it for anonymous browsing. It works. It’s free. It’s public.

          Also,
          @ Jefferson Paine
          Is that a combination of my name and Thomas Paine our so called Founder who was Christian…??

      2. I work as a DoD contractor and the USAF uses Chrome which is very scary. The USAF does keep it’s unclassified completely away from it’s classified, which is excellent, but the fact that their IT Security people approve of the use of Chrome is scary. I only use it at work when I absolutely have no other choice.

  11. I’m not a geek by any stretch of the imagination, but I never updated to Windows 10, even when it was a “free upgrade”. Even back then there were stories about it.
    I stick with 8.1. Probably not much safer, but I don’t do any financial or personal stuff online anyway.
    I prefer cash transactions in person.

  12. Being a long-time Linux and OpenBSD guy, I only kept Windows around for gaming which for various reasons I don’t really do any more. I finally made the Apple plunge because of the build quality of their hardware and refusing to go from Windows 7 (which was just fine) to 8 or even 10. Then I heard about the always-on phone-home crap in Windows 10 and Cortana and all that and “noped the heck out”

    I’m not pretending that Apple doesn’t have its own privacy issues or backdoor agreements with NSA or local and state LEOs (e.g. Fusion Center crowd) but at least I can control it somewhat with power user opsec like others have mentioned like Tor, VPNs, selective wifi usage etc.

    I’m also not pretending that Tor isn’t backdoorable either but I could care less about the Navy and the NSA knowing I’m browsing survivalblog (in fact, I WANT them to know; maybe they’ll get on the good side) it’s more the Trump hater in Big Tech or the spineless marketer/spammer/cracker that I’m concerned about getting my personal info. You’d be surprised what is possible. Defend your electronic identity like you would your priceless identity papers in your safe, family heirlooms and so forth.

    If you’re gonna have a Palantir you kinda have to pick your poison, so to speak. Otherwise, don’t look into it. Computers have uses without being networked.

  13. @ Jefferson Davis – technically the US Naval Research Lab invented The Onion Router but it’s kinda the same people to me. I’m sure there are some real patriots in there, though.

  14. I worked for a (very) large software/hardware company and Windows 10 was not allowed to be installed on ANY work computers. Violators could be terminated. They knew full well the data hoovering that was going on with a Windows 10 installation.

  15. I value everyone’s comments here–but–as a VERY non geek-type person, can any of you recommend books or ? to try and help me decipher all of the alphabet soup (preferably something that doesn’t make my eyes glaze over and my head hit the desk). And yes, I work for a company that now has Windows 10, and is going to change to Google–yikes!

    1. CP, if your company is going with Windows 10 there is not much you can do about that. I recommend not using it for personal business – which is probably good advice on multiple fronts.

      If you own your own laptop or desktop you can easily download an DVD of Linux Mint or similar and boot the DVD and try it out for a day without disturbing whatever OS is on your computer. It will run a little slow since it is running off of a DVD (slow!) but you can try before you buy so to speak and see if Linux is for you.

  16. Couple of thoughts… Linux Mint user now for several years, since Mint 16. Only one Windows drive on an old laptop running Windows 7, and this is to program our Motorola 900mhz radios.
    I use Brave Browser and Dissenter. Degoogleing day by day. You can use a prepaid visa card for Protonmail. I usually run the browser within Firejail, except when I need to download a file. Don’t keep anything I don’t want read on Dropbox. TOR Browser is excellent, although some sites do not work well. I use a VPN programmed directly into the router, but I use the Conky desktop application to double check that the IP address is the VPN, and hasn’t been disconnected (this does happen).
    I don’t use fakebook, twitter or instagram. Sometimes on Gab… couple of good groups there.
    Someone said Linux is not easy to operate like Windows. It’s like anything else… there is a learning curve. There was with Windows, there was with ios, and there is with Linux. Linux is certainly no more difficult than Windows, and IMHO, actually much more intuitive. Linux Mint is honestly far easier to use than Windows, and every computer it runs on (and that would be every computer) it is significantly faster by a huge margin than Windows. With the exception of programming the radios, there is nothing I cannot do on Linux that I ever needed to do within Windows. I can even program the Baofeng radios with Linux. And almost all of the programs are free and open source. That is very hard to beat.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.