Stopping WinX telemitry -

(Kurt Angel) #1

“Windows 10 is possibly the worst spyware ever made”

I have 15 new Dell workstations in bound. The county policy is to wipe the drives and install a fresh image and only the software required by the end user. It seems my employer is aware of rogue nation state actors intercepting hardware and installing software/firmware illegally without the knowledge of the OEM or the customer. Our county government takes privacy, the Bill of Rights and the US Constitution at face value and with due diligence. They really protect our citizen’s data long before my arrival. We do not allow any cloud storage other than public records in my GIS. We have no public facing IP other than Exchange. I’ll never forget about one rogue nation state actors physically breaking into Google and splitting off fiber used between the (at that time) unencrypted server to server data feeds! My employers are justified. I thought it was overkill, but no longer. This reminds me of the Watergate burglars, aka a pattern or MO.

I first used Microsoft’s WDS for duplicating a golden drive after the first clean build. I now use Acronis because the Windows installers can’t keep up with the many mass storage drivers making clean installs difficult. I have had great and easy success with Acronis. It is far easier than WDS but not as flexible.

My question is how do others set up new PC workstations? Do others wipe and reimage? What tools work best?

I only recently learned that Microsoft has ended free support for failed Win7 update issues. Reimaging is the only fix now on problem machines. The free MS fixer utilities mostly fail lately. Motivation to force upgrades? Highly likely. I believe all W7 support ends in 2020 or so. This forces us to consider adding Windows Ten into the mix. My end users are going to hate the Metro interface as do all of my private business and home customers. I hate the full screen apps that cannot be reduced in size. My department’s concern with WinX is the forced updating and deeply embedded spyware, aka the MS advertising revenue back channel and so-called telemetry data. I was following the various Win7 “de-clouding” groups that monitored the SpyPatches and maintained lists with removal scripts. Once the forced WinX OS high-jacking program ended, I stopped monitoring such groups and removing the spy/telemetry patches.

My question is how do others deny WinX back channel data from leaving their domains? Experience and opinions are welcome. Can enterprise level port blocking work?
“MS admits Windows 10 automatic spying cannot be stopped”

“These invasive tools can break things and cause a variety of system problems you may not notice until later, with no indication that the problem was caused by the tool.”

I did one in-place upgrade from W7 to WX. It took about an hour. I had to re-authenticate Office, very weird and extremely lame, taking over 20 minutes in the dreaded MS phone tree. I had an issue with having to manually set an “allow” option for UAC as it was inhibiting some native windows features. I used the MS media creation tool as the Dell supplied WX installer utterly fails to even get started. I suspect lack of the many mass storage controller drivers as the cause. MS seems to be pushing WX as more robust against Meltdown/Specter.

It seems to me that what is needed is a simple option indicating that this computer system is used for private data, such as HIPAA. Any privacy violations via all and any means on such machines would be illegal
Thanks in advance for all suggestions and comments.