Windows 10 is possibly the worst spyware ever made

But there are worse offenders. Microsoft’s service agreement is a monstrous 12,000 words in length, about the size of a novella. And who reads those, right? Well, here’s one excerpt from Microsoft’s terms of use that you might want to read:

We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.

Source: Windows 10 is possibly the worst spyware ever made

Need an SSH client on Windows? Don’t use Putty or CygWin…use Git

Ok, maybe not…but its very likely that if you are reading this and find yourself needing to SSH here and there, you also use GIT. Well many are unaware that git for windows bundles several Linux familiar tools. Many might use these in the git bash shell.

Source: Need an SSH client on Windows? Don’t use Putty or CygWin…use Git — Hurry Up and Wait!

Microsoft shows Windows 10 market share growing steadily, but the numbers are fake

That means that when Microsoft showed Windows 10 overtaking Windows 7, this apparently happened in August last year. Most other analysts don’t see that seismic shift happening globally until December 2017, at the earliest.

Source: Microsoft shows Windows 10 market share growing steadily, but the numbers are fake [Updated]

Configure Windows telemetry in your organization (Windows 10)

Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user’s device. If we determine that sensitive information has been inadvertently received, we delete the information.

Source: Configure Windows telemetry in your organization (Windows 10)

How to permanently stop Windows 10 reboots after installing updates

If you do not want to wait for Anniversary Update (which will be released in July 2016) or if Active Hours is not a solution for you, you can permanently stop Windows 10 reboots after updates are installed if you follow the steps below.

via How to permanently stop Windows 10 reboots after installing updates

Just bought a refurbished I7 machine with Windows 10 Home edition to use for gaming  and run VMs via Virtual Box.  The VMs need to be up 24/7 if they are an active unit.   This box has a lot of RAM so it can run many VMs.  Microsoft brought them all down last night with an update then reboot.  This is totally unacceptable.  Most of the solutions on the web using gpedit.msc or regedit do not work on Windows Home since we are the lowest OS on the MS totem pole.

The procedure in the above website worked for Windows 10 Home.   Now I just have to wait a week or so to see if it really stops the auto reboot.  I don’t mind having to queue up updates that require reboot.  VMs  need to be shutdown gracefully.  Many people use their computers for doing things other than consuming mass media.

With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy

The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious. Some highlights: Microsoft installed an app in users’ system trays advertising the free upgrade to Windows 10. The app couldn’t be easily hidden or removed, but some enterprising users figured out a way. Then, the company kept changing the app and bundling it into various security patches, creating a cat-and-mouse game to uninstall it.

Source: With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive | Electronic Frontier Foundation

And while users can disable some of these settings, it is not a guarantee that your computer will stop talking to Microsoft’s servers. A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so.

Disable WPAD now or have your accounts and private data compromised

WPAD is a protocol, developed in 1999 by people from Microsoft and other technology companies, that allows computers to automatically discover which web proxy they should use. The proxy is defined in a JavaScript file called a proxy auto-config (PAC) file.

The location of PAC files can be discovered through WPAD in several ways: through a special Dynamic Host Configuration Protocol (DHCP) option, through local Domain Name System (DNS) lookups, or through Link-Local Multicast Name Resolution (LLMNR).

Source: Disable WPAD now or have your accounts and private data compromised | CSO Online

The researchers recommended computer users disable the protocol. “No seriously, turn off WPAD!” one of their presentation slides said. “If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file.”

From Slashdot comments:

To prevent Windows from tracking which network support WPAD, you need to make a simple registry change:

Click the Start button, and in the search field, type in “regedit”, then select “regedit.exe” from the list of results
Navigate through the tree to “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad”
Once you have the “Wpad” folder selected, right click in the right pane, and click on “New -> DWORD (32-Bit Value)”
Name this new value “WpadOverride”
Double click the new “WpadOverride” value to edit it
In the “Value data” field, replace the “0” with a “1”, then click “OK”
Reboot the computer

Microsoft Live Account Credentials Leaking From Windows 8 And Above

Basically, the default User Authentification Settings of Edge/Spartan (also Internet Explorer, Outlook) lets the browser connect to local network shares, but erroneously fail to block connections to remote shares. To exploit this, an attacker would simply set up a network share. An embedded image link that points to that network share is then sent to the victim, for example as part of an email or website. As soon as the prepped content is viewed inside a Microsoft product such as Edge/Spartan, Internet Explorer or Outlook, that software will try to connect to that share in order to download the image. Doing so, it will silently send the user’s Windows login username in plaintext along with the NTLMv2 hash of the login password to the attacker’s network share.

Source: Microsoft Live Account Credentials Leaking From Windows 8 And Above | Hackaday

Spybot Anti-Beacon for Windows

Anti-Beacon is small, simple to use, and is provided free of charge. It was created to address the privacy concerns of users of Windows 10 who do not wish to have information about their PC usage sent to Microsoft. Simply clicking “Immunize” on the main screen of Anti-Beacon will immediately disable any known tracking features included by Microsoft in the operating system.

Source: Spybot Anti-Beacon for Windows