Decrapify Windows 10 (March 4th 2018 edition)

Oh shit NTLite looks bawler. It costs $40 for all the features (which is fine honestly).

It allows you to remove components and drivers and services in Windows. That’s super useful and really neatly organized, but there’s some problems with that:

1 - You may want to keep a component but you’d want to tweak it / neuter it / block it, instead of removing it completely. (you gotta do that yourself or with other tools)

2 - It doesn’t exactly tell you “here are the things we’ve observed are spying on you - you should remove these specific things: …” - I may not know that the Fax service is spying on me, and leave it in. :stuck_out_tongue:

I will add it to the guide.

[Edit] As for the LTSB/LTSC versions, I looked into those and they may be exactly what a lot of people want, but you will miss on that 1% of Microsoft features that you actually want to keep (for ex -some- of the UX improvements)

1 Like
1 Like

@The_Guy

honestly the M$ part … dude they are a corporation hate their stance all they want they provide a service you agree to their terms its honestly how it works… this is the nature of the business world and its not as bad as you think because in essence it protects them and protects their customers indirectly by making sure they cannot be sued out of business especially in a crucial global corp like Microsoft case that would be very bad. Shit on them all you want ever since balmer stepped down their ecosystem despite privacy concerns is not all that bad. Its actually really good. A great step for windows.

Secondly, on the topic of privacy. theres a billion microphones and cameras around you collecting more data both legally and illegally then on any other time on earth not mention myriads of sensors etc and your worried about a little OS data collection. LOL seriously ? just saying

also

Uhmm you can use the Host’s file if you dont have an ability to use a firewall. That being said you are completely correct microsoft does play dirty and heres the real dirt. They have a backdoor they use for it anyways. We may not have found it yet but in the above 50 million lines of code just for the Operating system itself… are you telling me somewhere there isnt a backdoor. I know when I do things I always leave myself a backdoor. I secure it well enough and I acknowledge its security risk. (typically it will be backdoor locked permanently if one does the wrong thing)…

Just out of curiosity … (well written by the way but i have question) Will this cause future updates not to go through like we have dealt with in many guides?

1 Like

Thanks-ish.

This kind of thinking is the worst. :frowning:

  • Heimdallr, you’re narrowing your vision on the “purity” of the low level corporate concept loop of it, and don’t apply enough macro level wisdom and monitor societal impact.

  • What do you win with these mechanisms? Are the consequences of forcing or conditioning or psychologically manipulating or lobbying the market into making society a dystopia, worth the protecting of the old greed and scarcity based business models of the industrial or digital revolution from a million years ago? Because it’s “Safe for You™”?

  • Is Comcast also the good guys? What about the Tobacco and Oil industries?

  • Isn’t it better to shift paradigms to open systems and corporations that Prove that they Can’t Do Evil instead of “promise” they “Do No ‘Evil’”? For one example, maybe a move towards Decentralized Autonomous Organizations, Decentralized Autonomous Apps, Oracolized data, encrypted disclosure of info that is tracked irrefutably by a blockchain where they only get the data you have chosen to disclose, is a less primitive alternative?

So you’re one of the masses that has given up? Thinking there’s no safe heaven for your thoughts? What countries does this make you think of? heh

When I’m in public I act and speak accordingly. For instance if I’ve just met you irl, I’m not gonna open the conversation with what color underwear my gf is wearing. I can scan for stingrays and I can neuter my phone. And I can try to inspire change that respects individuals as intelligent private agents.

The outside monitoring is irrelevant to the bastion, the extension of my brain, that is my PC. I don’t want ransomware, I don’t want a microsoft 3rd party to get my blockchain private keys, to get my dick pics etc. That’s why I self-educate and defend myself.

You are contributing to the field through your lack of educated proactiveness. (for evil to triumph it is necessary only for good people to do nothing) You forget how easy it is to trigger a change and how much power you have.

Sorry if I’ve misinterpreted you, but this is my stance.

Yeah, as I said, the anti-spying tools write to both hosts and windows firewall. But you can’t expect to trust them against MS. Which is why I said use PFSense/OPNSense to block what comes out of your Windows, the kind of stuff that was shown in the wireshark vid I linked to.

Backdoors are only fun if your product is unrelated to people’s privacy and security. Its practices like this that make Open Source, audited, software the strongest (e.g. PFSense/OPNSense).

I had written in the Scope section that updating must work. And now I updated the Updates section to make it clearer.

2 Likes

This is very true and a point I have often made when talking about privacy and devices. Mobile/Cell phones are the worst becasue they are mini-computers we carry everywhere with us often 24/7. However that doesn’t mean MS should have a carte blanche to do as they please - even if you accept an EULA. They seem to deliberately mislead people as well by offering features to disable data collection services, and then just go ahead and do it anyway. Even the most expensive paid for Enterprise Edition of Win10 sends telementary after services are disabled, uninstalled or in some cases blocked.

I like Win10 and have to use it almost daily for work, but it annoys me that MS could flip into a ‘Evil Corp’ mode and by the time we realised what they had done it would be too late.

As much as I find Stallman and the FSF a little disconnected from the real-world they make several good points when it comes to libre software - even Open Source software could be co-opted for nefarious purposes and be used to control it’s users.

2 Likes

Read the article’s comments. Several people “debunk” the totalitarian theme of that “research”.

Also, if you update your system, the applications stop reinstalling themselves after reboot. This was fixed in October 2017.

1 Like

It’s one person and he hardly debunks it, just point out that MS have made statements & blogs which clarify that data is still collected. This is not obvious to most users when they are setting up Windows.

The articles author seems pretty decent at what he does, and as a former MVP he will have good contacts within the MIcrosoft world and wider user community. Like many MVP’s etc. he may have books to sell or a consultancy to run so pushing arcticles wouldn’t be unusual.

Some of his recent tweets about MS logging are interesting, he is clear this is with the telementary set to max, so not sensationalising, but goes to show, you really should review Win10 settings.

image

read these 3 from the bottom up:
image

I like Win10 and use it almost daily, but trust it completely - no.

EDIT: I stand to be corrected. Mark Burnett did the research used for the article I linked to, he didn’t write it.

3 Likes

If you listen closely you can hear a sucking sound. All the data being hoovered up.

1 Like

I encourage people to install W10 on a VM, run Wireshark on the host OS, and see for themselves why you need to block 10.000 telemetry IPs. Try it with different “privacy settings” over longer periods of time/use.

That only happened because of public backlash. And it only happened for uninstalled apps, not the rest of the OS (e.g. keylogger).

2 Likes

2016… Got anything recent? A lot has changed in the last two major releases.

And how do you know it was public backlash versus bug reports? Really, how do you know.

If M$$$! is so evil, why did they open up PowerShell and .NET?

To gain public trust and start black bagging people?

Ballmer is gone, he’s not coming back.

They did that because moving to being a PaaS as their business model they need to support linux servers to a degree.

Azure had Linux years before those were open source.

And is that such a bad thing, anyway?

Nope. Its a great thing. I agree with you.

Yes, but it lacked tooling and convenience . Most server runs linux, and if they were going to keep turning a blind eye to it they were willingly taking a cut of possible profits.

Now that their model has changed to be an agnostic PaaS provider, they want to be the best at that to get as many customers as possible (good thing). To accomplish that goal, they need to up the tooling.

So they:

  • Open-sourced what was need
  • added WSL
  • upgraded to PS to work with linuxy things
  • created editor (VSCode) for their dev’s who run MacOS.

So yeah great things all around, but this was only possible because they lost the server war to linux.

1 Like

Agree 100%

Yeah, I don’t disagree. It is crazy how Linux has climbed from .25, to .33, to .5 of the Azure market over the last few years. I think from the start a quarter of the boxes were Linux.

With Azure overtaking Amazon little by little, I think they’re more sensitive to the market, too. I know certain extensions and plugins on AWS are a nightmare versus a dream on Azure.

Certain roles get to work with OS X and Linux as their primary host, which is awesome.

Microsoft is a massive corporation, I know several current and ex-employees and have worked as a consultant representing MS. To say that MS as a whole is somewhat Schizophrenic would be a massive understatement.

The vast majority of techies at MS are fantastic people, they are well meaning and geniuely try to help their customers. They will also follow the company direction and as far as telementry gathering goes will usually follwo the line that it is all part-and-parcel of a modern OS and helps MS to understand how their products are used, where there are problems and where to put their efforts. This is perfectly reasonable.

I have also at time crossed paths with MS sales and licencing people; I will say no more.

MS is much better under Satya, he has basically pushed techies like Jeffery Snover to the fore, which is why we now see FOSS coming out of MS. The writing was on the wall, the cloud is massively FOSS driven. Satya’s brief to Snover et al was to build products and let the sales guys work out how to monitise it. In Azure this isn’t hard because you pay for compute, storage and bandwidth consumption and can be tied to subscriptions which help make prediciting income easy.

As you said yourself a few posts back, they are a corporation and need to make money. Just don’t ever kid yourself that corporations can’t slip from being ‘darlings’ to being ‘evil’ just look at VW.

EDIT: I recommend following Jeffrey Snover https://twitter.com/jsnover if you are interesting on PoSH & Azure.

1 Like

Definitely. AFAIK it was just Digital Ocean against AWS as major IaaS providors.

But MS is really shaking up the game. I don’t have anything on Azure, because I’m a nobody, but from what I’ve seen the OOTB analysis and threat detection stuff for PaaS nodes is next level.

1 Like

@BGL @anon79053375 This is a great convo and all, but out of scope to the original topic. If you guys want we could split this and talk about it elsewhere.

2 Likes

Here’s Linus on Feb 6th 2018 explaining the systems built into M$ for spying and what they collect. You like Linus, right? It is up to you to believe that unticking the checkboxes that you can untick, turns all that infrastructure off, or that those systems don’t have backdoors.

Controlling Windows 10 Update Schedule

Windows 10 has changed the scope of the Active Hours settings with the Creators Update. I believe now you can do 16 hour gaps. However, sometimes that still does not provide enough flexibility for power users, late night gamers, businesses, developers, and admins.

If you have the Pro edition of Windows, you can make this simple change in gpedit.msc

Win + R > gpedit.msc

Computer Configuration > Administrative Templates > Windows Update > Configure Automatic Updates

You can do this across Windows Server 2012R2 with the Administrative Templates for 10:

https://www.microsoft.com/en-us/download/details.aspx?id=48257

Actually, I don’t know who that is. I’ll watch the video, though.

Again, I think with Basic coming standard out of the box now and with them being transparent with what they are capturing, it’s a non-issue for most people. People that don’t like it are in a position to move to another system.

2 Likes

“People that don’t like Comcast are in a position to move to another ISP” (like move outside of north america)

[Edit] Why are you posting about how you can slightly delay windows 10 updates? That had nothing to do with the discussion. And how that works has been pretty much covered by the guide.

1 Like