Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re: HOSTS file (Score 1) 413

"Microsoft services could always bypass the security if they wanted"

I can confirm that they do indeed do this. The firewall can stop some of the unwanted traffic by configuring blocks for specific IP ranges, but not all of it. Even if you block everything both by default policy and by rule, traffic from some sources can still be observed. I'm currently experimenting with a combination of the windows firewall and the hosts file, to see if together they catch everything.

Comment Re:HOSTS file (Score 1) 413

Even when it's set to deny everything by default, lots gets through. Even the Maps app!

I think there might be some sort of hidden hard-coded rule that always permits signed apps, or something like that. But all the login.live.com and onedrive-related traffic is blockable by the Windows firewall. Partially effective. I've not even started on playing with the hosts file yet.

Comment Re:HOSTS file (Score 1) 413

Got another one. vortex-win.data.microsoft.com IP 65.55.44.109. Note that I've got everything in 65.52.0.0/14 blocked by the firewall, which conclusively shows that some Windows services are able to disregard the Windows firewall. IP range blocks there can reduce the spying, but not eliminate it, and because of all the mixing of servers may also block updates in the attempt.

Comment Re:HOSTS file (Score 1) 413

Made an error in pasting there, sorry - got the IPs mixed up. The mysterious ip is actually 65.55.138.111. I looked in the TLS negotiation and saw the hostname specified as sls.update.microsoft.com - so yes, it appears that some processes do have the ability to ignore Windows own firewall. Also my nslookup query for sls.update.microsoft.com just changed, so I can confirm that theory. Probably load balancing.

65.52.108.33 is the spymaster, licensing.md.mp.microsoft.com.

Comment Re:HOSTS file (Score 1) 413

Because it appears to work... almost.

The firewall blocks almost all spying traffic, but there is an exception. I'm still seeing connections to 65.52.108.33 even with a firewall block, and sometimes 65.52.108.33. I think I know why. The latter of these is licensing.md.mp.microsoft.com, and the former shares the same range allocation. The hostname suggests they may relate to DRM in some way, probably for the app store, so it is possible they are coming from a service which has privileges beyond the normal as an anti-tamper or anti-reverse-engineering measure. Like being able to ignore the firewall.

licensing.md.mp.microsoft.com is particularly troublesome, because it's the one that I noticed getting contacted every time you run any app using the new interface API, including even trivial ones like the calculator or image viewer. I do not know what 65.52.108.33 is, but I don't see any mention of it in the DNS query responses, which suggests it may be a hard-coded address.

Microsoft doesn't appear to segregate their network by function very much - content delivery, update and licensing servers all share the same IP ranges. I suspect they may move around if I watch long enough, to judge by the short TTL in DNS. Makes it difficult to filter the spying without disabling updates too.

Comment Re:The lack of control (Score 2) 413

Windows 10 assumes the user to be technologically ignorant because the vast majority of computer users *are*.

Computers have matured to the point where, like cars, you need only the vaguest idea how they work in order to use them. There was a time when anyone who wanted to drive a car needed to be familiar with the technology in order to carry out frequent maintenance and repair the many breakdowns in the field - that is where computers used to be. Now the car is a mature technology people can stop worrying about how their car works and treat it as a magic moving box, needing to contact an expert only on the rare occasions it goes wrong. That almost works for computers too now.

Comment Re:/facepalm (Score 1) 413

3) Those are the obvious options. There are many more burried all over the place, under control panel and settings, every one of which is invasive-by-default. It's quite the quest to find them all, and even when you do find them all you only run into 1) anyway - you've reduced the spying a bit, but not eliminated it.

You can't even run calculator or the image viewer without Microsoft knowing. Really. Every time you do, it establishes a connection to licensing.md.mp.microsoft.com. I think it does that for all the new-style-interface apps, perhaps checking for revocation or collecting usage statistics.

Comment Re:not good enough (Score 4, Informative) 413

I have been examining Windows Ten with a packet sniffer, and can confirm both of these claims. Even if you disable cortana and searching bing from the start menu, typing anything in there still results in a connection to a server associated with Bing - I don't know what's in that connection, as it's TLS. I've also confirmed that it does attempt to update the live tiles even when said tiles have been removed, as I see connections to servers such as foodanddrink.tile.appex.bing.com.

The only difference between a car salesman and a computer salesman is that the car salesman knows he's lying.

Working...