Windows 10 security fix?

I'm curious if anyone has any knowledge of a program existing that when executed fixes the various " security concerns " present in windows 10 , I don't mean the typical user accessible toggle switches , but the call home programs that report keystrokes and "advertising " data back to microsoft .

1 Like

Nope, you need to do it manually, as it requires firewall settings either with third party software or your router.

1 Like

On that note, do you know where we can find some notes on any of the services that need blocked by firewalls?

I think I might have to set up a pf sense router and have it block all non user traffic somehow , I was looking at all of the crap it reports via wire shark on a friends computer ( with permission ) if anything microsoft has opened up a huge vunerability all for " ad revenue " and questionable remote access ,
Any idea if a filter for outgoing traffic could be implemented on the system without having to resort to make a whole new router setup ?

Not to get off topic. But ive been telling people that this is effectively what they were going to do. Why else would they give it away. data collection and "services".

Exactly , nothing is ever free , I was just hoping there would be less malicious strings attached , I can understand the aggregation of network traffic simply because the NSA and gchq already do that anyway so no real loss but fuck , windows 10 is beyond intrusive , when snowden and various other whistleblowers released files on the NSA etc we lost our expectation of privacy online and now with windows 10 we have lost the expectation of privacy on our own desktop .
It should have been called "windows Orwell " instead

I came across this post from tumblr which supposedly originated on 4chan :

Do not use Express Settings during installation. Hit Customize, and make sure everything is turned off
Use a local account, and not a Microsoft account
Finish installing W10
Use Free alternatives to Microsoft's default software/services
Go to Settings > Privacy, and disable everything
In the Privacy page, go to Feedback, select Never in the first box, and Basic in the second box
Go to Settings > Update and Security > Advanced Options >
Choose how updates are delivered, and turn the first switch off
Disable Cortana by clicking the Search bar/icon
Disable web search in Search by going to Settings, and turning off "Search online and include web results"
Launch cmd as an admin, and enter the following:
sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
Launch gpedit.msc as an admin
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
Disable Telemetry
Computer Configuration > Administrative Templates > Windows Components > OneDrive
Enable "Prevent the usage of OneDrive for file storage"
Launch regedit as an admin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection
Change AllowTelemetry's value to 0
C:\Windows\System32\Drivers\Etc, then open the Hosts file
Add all the addresses from this link http://paste2.org/A1sv86VF into the file, then save it

3 Likes

I read elsewhere that the Win10 spyware ignores the host file, so that last bit isn't going to help much. You're much better off blocking those addresses on a router level.

I assume you are referring to this - http://pxc-coding.com/de/portfolio/donotspy10/


To answer your question, You could try installing the open-source software Peerblock http://www.peerblock.com and then downloading list of Microsoft IPs from http://list.iblocklist.com/lists/bluetack/microsoft so that any call home will be interrupted and blocked.

I should tell you that I haven't tried Windows 10 at all. So this method may fail(but I'm fairly sure it's gonna work. Please reply if it works.)

Also, one of the default lists in Peerblock is an ad-blocker. So... uh.. you may or may not want to untick that.

Blocking at the network level (router) would probably be the best thing today. Eventually there should begin to pop up some specificly tailored software from at least some semi reputable source. It's still so fresh that I'd expect that the precise behavior of the final version is still being investigated. Especially if the rumors are true that some of this "telemetry" code is also being added onto older Windows in the way of updates.

I am seeing more and more programs coming out to put a end to windows 10 spying on you. What really works, and what really dosen't is the big question.

I would hope in time the TEK would address it and show how to best deal with it. I saw some place that a registry hack will disable windows 10 updates.

Apparently that's a thing indeed.

Not only does it add a daily telemetry run, they say it's only for those that opted in to the Customer Experience Improvement Program but it also seems to run even if you've opted out of that.

Fortunately in Win7 and 8.1 it isn't part of the core OS, so you can uninstall it or prevent it from installing in the first place by carefully going through the updates when you're starting with a fresh install.

a lot of the dns entries are hard coded into system32 dll files
so best bet is to check out the hosts file in windows (system32\dnsapi.dll) - jump onto your router's filtering rules section and deny those entries in the hosts file
eg. www.msdn.com, msd.com, go.microsoft.com... the list goes on and on, & is growing.

for the most part there are tools like DoNotSpy10 that sort out all the registry fixes and what not.

I think you'd be better off using a software firewall on the windows machine so you can block the actual programs which are sending the traffic. I would imagine that most of it is sent on standard HTTP ports so you won't be able to block it using an external firewall without also blocking internet access, and blocking Microsoft IPs will stop you being able to update.