Microsoft's dirty tactics | INFJ Forum

Microsoft's dirty tactics


Feb 20, 2018
[tagging @Ginny and @Lady Jolanda]

This is a continuation of the thread about Microsoft snooping on users, except with some new and even more disturbing additions. (mods - feel free to place somewhere else, not sure what this would fall under but news for sure)

A brief recap - Ars Technica published a comprehensive article about Microsoft forcefully enabling telemetry transmission (spying on users) in Windows 10 even when the users wanted to opt out. Not only is the option turned on by default and disguised such that the user won't see it (*Microsoft has been forced to place a dialog up-front in more recent builds of Windows) but it cannot be entirely turned off either except in the enterprise version of Windows 10. Worse yet, utcsvc was back-ported to Windows 7 and 8 so those of you running these OSes are also running MS' "telemetry" spying malware.

To this end I did some digging and found out the spyware is implemented as a system service which cannot easily be stopped using the SCM (service control manager) and which relies on a "system" file owned by Trusted Installer and untouchable by the user even when logged in as admin. Worse yet, running a sfc /scannow or installing any major updates prompts Windows to re-scan the system32 folder and reinstall the spyware if it has been disabled somehow.

A temporary solution is my telemetry monitor tool* which uses some underhanded techniques to get access to the file and install a blank (but functional as a service DLL) alternative. Though it still needs much work such as adding it to startup so it can tell the user when Windows has managed to sneak the malware back into the OS.

So thinking this has solved the problem I became somewhat complacent about it figuring the data transmission has stopped with the disabling of utcsvc - unfortunately this assumption has turned out to be wrong.


A recent test session with Fiddler for an unrelated project showed Microsoft is now using the Windows Error Reporting component to send encrypted data to MS servers - thus a legitimate component of Windows once again zombified into a data mining/transmission component. In the screenshot the request fails since I've blocked the server with an external firewall (it cannot be blocked with the Windows firewall, Microsoft has added hard-coded exceptions so the network requests always succeed...), however it would have succeeded otherwise. Thus Microsoft appears to be adding a second route for data transmission through what have up to now been legitimate Windows components and services.

Most ironic bit however - MS has noticed Telemetry Monitor and now Windows Defenders flags it as malware which could be "dangerous to your computer." Bahahaaa..

* If there are any devs here and one of you is interested in picking up this code and developing it further please let me know. I'd like it to be easy to use and available to people, at least anyone interested in their privacy.
True... Google is just much more smooth about it
Google is low-key because they basically have 1 business model.

this must be included

Microsoft has many areas of interest while Apple is way more focused. Microsoft is much better now, and would be light years ahead if they didn't have a good/bad problem of supporting legacy applications their enterprise customers find very important.
  • Like
Reactions: jkxx
Actually the Win32 API (and the binary compatibility) is where I think they did brilliantly - certainly what keeps me on Windows vs Linux's chaotic ever-changing model which supports little binary back-compatibility. But to MS's credit they have some mature server products and dev frameworks going now, a trend which apparently started with Win NT 6.0 (the not so beloved Windows Vista.)

Good point about Google.. never thought of it that way but this rings true. Guess Google is the sushi chef who charges $400 per course while Microsoft really is the buffet where you can get "good enough" cheaply and quickly.
  • Like
Reactions: ZcM4xzkjgzCjytBc
If people don't want to pay for shit, they deserve their privacy to be invaded. App store ecosystems work exactly the same way.
  • Like
Reactions: jkxx
Overall, yes, except it's morally unacceptable (the ends) regardless of the means. But then reality and what you just posted.
  • Like
Reactions: ZcM4xzkjgzCjytBc
To be fair Jobs stole the GUI concept from Xerox Parc who saw it here so Bill Burr has a point

To be fair Jobs stole the GUI concept from Xerox Parc who saw it here so Bill Burr has a point

Yeah! I remember that from Pirates of Silicon Valley (great movie).

Anyone seen the movie Steve Jobs? It's pretty high up on my "want-to-see" list.
  • Like
Reactions: jkxx
Yup that was a good one indeed. There was yet another one which poked fun at Gates from the same era but don't recall the name.