Are we fighting a losing battle for privacy?

Helluva good question from Brian, in a comment on the Avast post:

In your professional opinion- are we, the public of the world, fighting a loosing battle against Microsoft in trying to keep our Windows 7/8.1 and our private lives in tact?

Here’s my response:

In short, we’re losing the battle to keep our private lives private. It isn’t just Windows. It’s ab-so-lute-ly everything. When you think of the privacy implications of, e.g., face recognition on public-facing cameras, the mind boggles.

People need to figure out their tolerance for snooping. Many of the capabilities people want – say, maps with directions on their phones, or Alexa responding to factual questions, or Google sorting out photos – are only possible if they give up some privacy.

I think one of the great political debates of the coming decade will be about data gathering and retention. Right now, we have some (ineffective) safeguards in place for the credit reporting industry. There are more-effective but still holey safeguards with medical data and credit card info. Some day, people are going to demand details about what data is being gathered about them – they’ll want full reporting, and the ability to delete (or at least challenge) data they don’t like.

Or maybe people don’t care. Maybe the benefits being provided (and there ARE benefits) outweigh the loss of privacy. I don’t claim to have a one-size-fits-all answer to the problem.

As for privacy in Win7/8.1… clearly, Microsoft is trying to retrofit more data gathering into Win7 and 8.1. If you install all of the updates to Win7 or 8.1, they’re going to get more telemetry – more snooping. All of the telemetry between your machine and Microsoft’s big data dump in the sky is encrypted, just as you would want it to be. But that means nobody (outside of a very small handful of people inside Microsoft) knows what’s being collected.

Some of the new telemetry, we’re told, is tied to the Customer Experience Improvement program (CEIP) settings on a computer. Again, we have no way of knowing exactly what gets sent with a CEIP-on computer, vs a CEIP-off computer. We’ve never known what gets sent with CEIP on, which is why I’ve recommended that people turn CEIP off, and I’ve been recommending that since the early days of XP.

Bottom line: Microsoft has published lots of info about how they treat data, how they protect it, how they won’t let it go. You can opt in to certain snooping ways in Win7, 8.1 and 10, or you can opt out. But there’s no hard information about what’s being collected, how it’s being handled, and there are few promises about what will be done with it one, five, ten years down the road.

As for keeping Win7/8.1 on your machine – I haven’t seen any indication that Microsoft is changing the rules of engagement. If you’re using GWX Control Panel, or Never10 – or you’ve flipped the Registry bits manually — I think there’s a very good chance you’ll never get Win10 forced on you. Microsoft’s running out of sticks. Perhaps they’ll finally revert to a primarily-carrot approach.

Almost certainly, Google has more information about you than Microsoft. Almost certainly, every other software manufacturer is trying hard to get more info about you and guide you to more targeted advertising. Apple has just announced a unique approach, but the techniques behind “Differential Privacy” are hotly debated.

It’s a jungle out there. But then, it always has been.

Avast goes rogue

From reader c:

Avast has just taken a page out of Microsoft’s bullying manual.

I use Avast Free Antivirus. Several months ago, after resisting nag messages to “upgrade” to the new free version whose extra “features” I did not care for, I finally gave in.

The new version messed with my Outlook 2003 (yes, that’s two thousand and three ; it suits me perfectly). It added a new “anti-spam” toolbar in all messages, which takes unwanted screen space and is completely unneeded, since I practically never receive spam.

There was no warning, no way to opt-out before or after installation, and no way within Outlook 2003 or Windows 7 to disable the unwanted add-in. None that I found, anyway.

So I went nuclear, and restored my whole system drive from a backup image. The “upgrade” vanished and I was back where I wanted to.

Yesterday, Avast fired up a new, different nag screen, urging me to “upgrade” again (for my own good). Except… the only option “offered” was a Continue button… and no way to Cancel or Decline.

So I right-clicked in the Windows taskbar to Close Window. Which it did.

Today, when I launched Ooutlook, the dreaded anti-spam add-in appeared again.

So, Avast stealthily “upgraded” me against my will, using exactly the same method Microsoft introduced with its wicked Windows 10 “upgrade” nag screen, where no Cancel option is offered and where clicking X means Accept.

Folks, when a major player goes rogue, expect other, lesser vendors to grab the opportunity and go with the flow… Bad habits spread more readily than good ones. It seems we are less and less in control of our computers, and “empowerment” is a word of the past.

UPDATE: I don’t know why, but attempts to post comments on this article are getting locked out. At least, I can’t get anything to post. Sometimes WordPress works in mysterious ways. Reader BC sent this:

I’ve been using Panda Free Antivirus for over a year without problems. It seems light on resources, and it’s truly a “set-and-forget” experience when properly configured. The key is to enable “Gaming/multimedia mode,” and–most importantly–turn off “Panda news.” The software will be silent, without any type of nag screen.

Panda does request an e-mail address, but I’ve never provided one.

I don’t have another anti-virus scanner, but Malwarebytes and Spybot seem to indicate my system is clean.

More details about “Start Fresh” in the new Windows 10 beta build 14367

It isn’t a Windows feature. It’s a link to a Microsoft Answers forum post. And there’s a big reason why you probably want to use “Start Fresh” instead of a Refresh with “Remove everything.”

InfoWorld Woody on Windows

Trivia: Just noticed that my chapter on refresh in Windows 10 All-In-One For Dummies first edition is called “Book 8 Chapter 2: A Fresh Start”

I’m working hard – as in nose to the grindstone – on the second edition, with significant changes for the Anniversary edition of Win10, version 1607.

Windows 10 beta build 14367

It’s rolling out right now.

The only worthwhile announced change is the appearance of a “Fresh Start” option. I have no idea if it’s a substantial improvement over the current Reset/Refresh/Recycle/Reuse/Repeat option.

Look for a post on InfoWorld in the morning.

New security bulletin MS16-083 / KB 3167685 – Adobe Flash Player

Microsoft just released a patch for Win 8.1 and 10 systems that covers all of the security patches in Adobe’s ASPB16-18, a mammoth list.

MS16-083 / KB 3167685 should be arriving on a computer near you.

It’ll be interesting to see if the Win10 version rolls out to Win10 machines,  not as part of a cumulative update. I just now got it on my Win10 machines. It installs separately, doesn’t require a reboot, and even upon reboot it doesn’t change the Win10 build number (currently version 1511 build 10586.420.)

Of course, I’ve been railing against Flash for a decade. Don’t use it, disable it everywhere. If you see a site that needs Flash, write a Nastygram to the web folks.

Time to upgrade to Win10?

This just in from reader R:

Hi Woody –
 
The Win 10 cutoff date is fast approaching and I don’t know what to do with my Win 7 system. I have read all the news and messages in the Newsletter and in AskWoody but the more I read, the more I am still trying to decide.
 
I have no problem with my Win 7 and have made copies of all my other programs and data and I would like you opinion about changing over to Win 10.
 
I have your Win 10 Book for Dummies, that’s me, so if I change to Win 10 that book will undoubtedly be a great help.
 
Your advice will be greatly appreciated.

I say hold off. There’s no huge rush – the free upgrade is good until July 29. At least.

We’ll know a lot more about Win10 when the Anniversary Update is ready, and it’s likely to be done (in practice, if not in name) very soon.

In the end, it’s likely going to boil down to a question of personal preference. In particular:

• If you move to Win10, you’re going to be more-or-less forced to take all of the changes that Microsoft pushes out. People have had a hard time swallowing the “Get Windows 10” updates. Win10 will be much more strict.
• With Win10, Microsoft will be collecting a LOT more information about you. That doesn’t bother me, but it does bother some people, and for good reason. I wish Microsoft adopted something like Apple’s “Differential Privacy” but the technology’s not yet set in concrete, and it isn’t clear if Apple will end up being less of a snoop than Microsoft.
• We’ve only started to see how much advertising Microsoft will cram into Win10. There are no promises from MS as yet – only questions, and lots of hooks into the operating system.

To me, those are the big points, for now. Edge still isn’t firing on all cylinders. Cortana’s interesting and potentially useful, but a big data gatherer (as are OK Google and Siri). There are some significant security improvements, but that’s pretty much par for the course with a Windows upgrade. I find Windows Hello face recognition a distraction. OneDrive still doesn’t have all the features it should have. The built-in Win10 apps are, to a first approximation, pathetic. And on and on.

Keep your powder dry. Let’s see what happens.

Microsoft acknowledges permission problems with MS16-072 patches KB 3159398, 3163017, 3163018, 3163016

It took 36 hours, but they came clean.

InfoWorld Woody on Windows

Rod Trent notes on WindowsITPro that there’s a PowerShell script that will go out and see if any of your domain’s computers are affected.

UPDATE: Susan Bradley notes this “doesn’t have to be listed in the client side patches – Windows 10 for example. The fix for this group policy mess has to be done on the servers.  so 2012/2012 r2 is where the known issue stuff should be documented.”

That means if you see the problem on your machine (client, not server), your admin has to solve the problem. And the solution is in the KB article directed to your admin.

Latest Win10 beta build 14366: Are we there yet?

Lots of fixes, basically no new features – except for an Edge extensions that works just like its Chrome counterpart.

InfoWorld Woody on Windows.

Security update for Group Policy, KB 3159398, breaks Group Policy

I’m coming up to speed on this one, on a very busy Wednesday morning. Anything new to add?

From DC_FS on the TechNet forum:

I found out that if you give the Group authenticated users the right to read the GPO (Just Read, not to  Apply the GPO) then the Policies work again.

Details from Rod Trent on WindowsITPro.

Patch Tuesday: 16 security bulletins, IE and Edge share an exploit, Win10 at 10586.420

Lots of news, including a new fast way to scan for Windows 7 Updates.

InfoWorld Woody on Windows

Reader reports missing “Never check for updates” in Win7

Can anyone confirm this? It’s working fine on my machines.

From JT:

My Win 7 SP1 Windows Update settings have changed, just this morning as far as I can tell, and I suspect Microsoft because I’ve not installed any new software or made any sort of changes to the system.

For years I’ve had Windows Update set to “don’t check”, but today that’s not even an option.

After turning the computer on this morning it booted as normal, but after that there was a lot of download activity for quite a while and then I got an “updates are ready to install” message in the taskbar.

I opened Windows Update and sure enough the June 2016 Windows and Office security updates were there to greet me.

Surprised, and more than a bit annoyed, I checked my update settings.

Guess what?  “Don’t check” is no longer an option.  You can see the three options that I now have in the attached graphic ‘Choose how Windows can install updates.png’.

The three options now are:

1. Install updates automatically (recommended)

2. Download updates but let me choose whether to install them

3. Check for updates but let me choose whether to download and install them

Just thought you might find this interesting, and I’m also curious to know if other Win 7 users have been “hit”.

Several of you asked for screenshots. Here’s what JT’s machine looks like:

UPDATE: We’ve ascertained pretty definitively that this is a bizarre side-effect of a Group Policy change. For details, see the comments. Most people need never worry about it.

Reminder: We’re still at MS-DEFCON 2 – don’t install anything

It’s easy to get confused.

I’ll be talking about ways to speed up Windows Update, but I’m NOT actually recommending that you install the latest crop of patches.

The speed-up discussion isn’t intended to be an endorsement of this month’s patches. It’s not.

Rather, I want to get all the facts out on the table for folks who will be updating, at some point.

Right now, unless you absolutely NEED a specific patch (and I doubt that many of you do), sit tight. Watch the world haggle out the best patching method.