/tech/ - Technology★

>>894231 (OP)

Even without telemetry, W10 is worse than W7.

Also, why even bother with Windows.

>>894231 (OP)

chances are anything shady is encrypted, you probably wouldn't see anything of value without microsoft's private key

>>894231 (OP)

I would assume that telemetry data is encrypted (which you appear to assume, as well), but I would further assume that they would hard-code the public cert info and IP addresses of telemetry servers into their telemetry software precisely so that someone couldn't do:

>2. Make a certificate for the domain microsoft.com and add it to the certificates.

>3. Use a DNS server that redirects the resolution-requests for microsoft.com to something that is under my control (for example an Apache server set up with the private key).

Is that not the case?

If you need to use windows for school or work software and there is no available free software alternative just use windows 7 or vista. there is no reason to get windows 10 unless you are a gamer faggot.

>>894234

Yeah, but you could maybe add a new certificate for your "forged Microsoft server."

>>894235

Even if they would hardcode the IPs you might be able to modify the raw IP packets and just redirect it to one of your servers (for example I think this could be done by setting up a linux router with iptables) between it. Also even if they would hardcode the cert info wouldn't that mean you could change it :P There must be a beginning where it begins to verify the identity of the server, but anything can be modified, so for MS there's no way to truly hide it if someone with enough knowledge tries to force it open.

>>894237

Look, I'm truly just interested on what it is sent and how it is sent. I use Linux on most machines. I'd never connect a Windows machine to the internet, besides for the exception of maybe trying to analyze the telemetry.

>>894240

>Also even if they would hardcode the cert info wouldn't that mean you could change it :P

Could -> Couldn't?

Perhaps, but I assume you'd have to do that with a hex editor, and it probably wouldn't be easy to find. I guess you'd need experience with a disassembler.

>>894231 (OP)

>Give MS the facebook treatment

I'm all for that OP, but without the right (((catalyst))) we won't see Microsoft in the news next to faceberg any time soon.

>>894237

Enjoy your Windows 7 until until January 14, 2020. Only 1.6 years away.

>>894231 (OP)

Who said Windows can't detect if it's running in a VM?

You need to try harder to make it fucking impossible to detect VM.

Also, certificates are probably hardcoded deep in the system, and Windows could see that it's connecting to something else and not send suspicious data when it's detected.

Unless you can inspect the source to make sure Windows doesn't change behavior based on hypervisor presence and modified certificates, this won't prove the absence of the data which you did not capture.

(Well, it can also be hidden in other ways, for example sending some shit only if the user is targeted, or random sampling)

>>894231 (OP)

>according to the article

it only applies to

Windows 10 Enterprise edition

Windows Server 2016

if you test only them, it won't say shit about the other editions.

>>894235

The traffic redirection itself can be done transparently if you have a sufficiently smart gateway. Doesn't matter if IP addresses or DNS names are hardcoded.

But the big problem is to deal with encryption, and not let Windows detect that it is running in an unnatural environment. That, in a worst case, would require heavily patching Windows, without access to the source code that sucks ass I guess.

>>894284

>That, in a worst case, would require heavily patching Windows, without access to the source code that sucks ass I guess.

And then you would need to also prove that you didn't intentionally add some other shit while patching, and even then results could be deemed illegally obtained in some countries, as reverse engineering Windows is likely prohibited by EULA, etc.

>>894235

Either that, or maybe they don't even give much of a shit at this point. After all, the telemetry thing was finalized post-Snowden, after they saw that the shitstorm was short-lived and everyone either swallowed the "hurr but it's for national security kthxbai" message, or just felt hepless anyway. Maybe even the long-term reaction (or rather a lack thereof) to Snowden revelations encouraged them to implement the telemetry thing in the first place.

>>894231 (OP)

>>894311

>"For your own safety and the safety of others do not interfere with vital telemetry apparatus"

>>894315

What's the advantage to using 2k over XP, given that you can turn basically all the bullshit in XP off one way or another and bring it to 2k level of comfiness, while 2k itself is much more limited compatibility-wise?

>>894277

If MS tried an unprecedented dick move and decided to revoke all 7 licenses January 14, 2020 (thus literally forcing anyone concerned about licensing to abandon the OS), then that short timespan might indeed be worrying.

>>894316

For some reason it is smaller. There's almost no bullshit to remove, you only need to add some bullshit like updated crypto, etc. depending on use cases.

Still they both are probably insecure as fuck anyway.

>>894311

>That telemetry you're analyzing isn't important to me. It's the fluid catalytic cracking unit. It makes shoes for orphans. Nice job redirecting it, hero.

>>894334

does power user mean "I will find you and kick your ass if you fuck with me"? in that case, maybe you have a point.

>>894325

>Still they both are probably insecure as fuck

XP?, maybe, but a configured firewall should keep you safe from the potential remote exploits, and common sense should keep you safe from malware.

7?, no, it's still supported, it might or might not have a few vulnerabilities W10 doesn't have (e.g. eternalblue), but W10 probably has some vulnerabilities W7 doesn't have as well, with all the extra botnet services.

>>894334

webm source?

>>894325

>>894339

Wait I'm retarded, I somehow thought this was between W7 and WXP.

>>894341

https://www.imdb.com/title/tt1723811/

noob here, cant you just install wireshark and save it to a file or something?

>>894237

wrong, in my country win7 is twice as expensive

>>895038

also im retarded idk how the license system works, judging from reviews the "cheaper" versions (30EU) are illegal or something?

Any success in OP's endeavor would be ephemeral at best. As we speak, MS is working with Intel to have Windows telemetry work entirely transparently via the ME.

>>894248

<How Trump uses Windows 10 telemetry to deport undocumented families

>>894231 (OP)

>I'll just make a VM

Pro-tip: Windows, as of version 7 (or vista maybe), knows when it's run in a VM and adjusts behaviour accordingly. Microsoft most certainly made windows 10 do less malicious things in a VM to make sure people have a harder time making a telemetry analysis.

>>894284

>not let Windows detect that it is running in an unnatural environment

Impossible

>>895131

>Windows, as of version 7 [...] knows when it's run in a VM and adjusts behaviour accordingly.

In a properly set-up VM, I doubt it. That would require red pill techniques[1], and I'm not sure Microsoft implements them, or that strong blue bill techniques can really be defeated.

[1] Read more on blue pill and red pill techniques there: https://en.wikipedia.org/wiki/Blue_Pill_(software)

>>895134

>In a properly set-up VM

how do?

Which publicly available VM implementation uses something like blue pill?

>>895135

I honestly don't know. This presentation[1] by Muli Ben Yehuda explains a bit more about blue pill techniques, but it's very technical, and I'll admit it's beyond my level of understanding of how hypervisors work. I think it explains how to install such a blue-pill rootkit.

If you modify KVM or similar the proper way, you might be able to blue pill Windows 10. I doubt OP can, however. That would be a task for a decently sized team of security professionals working at a lab.

[1] http://www.mulix.org/lectures/vmsecurity/vmsec-cyberday13.pdf

>>895098

Why not then inspect the traffic after it has already left the machine

Stop deluding yourself, don't you think they've thought of all this lmao

>>895144

it will be encrypted

to make it readable you need to replace certs in Windoze without triggering it

as I said in >>894284 >>894286

>>895150

I mean if you simply change certificates Windoze will likely have ways to detect it, so you need to also prove that the behavior you measure is the same as if you didn't change them

>>895134

>In a properly set-up VM, I doubt it.

The OS detecting a "vmware virtual xyz adapter" device (or equivalent in other virtualization software) is not enough for it to figure out it's run in a vm?

>>895161

If you want to run a blue pill VM, you obviously don't give it such an adapter name.

>>895144

1. encryption (whether by the OS or by the ME)

2. big network equipment companies (such as Cisco) being part of the cabal can make such traffic invisible to the user

>>895162

All virtualization software exposes some virtual devices to the OS which can be trivially recognized as such by any modern OS. Or do you know virtualization software that can either do passthrough of every physical host device (or spoof presence of various physical devices)?

>>895164

Yes, it's literally called a blue pill. Modern AMD-V or VT-x virtualization is entirely transparent, and you can just use a minimal hypervisor underneath that doesn't perform PCI initialization.

>>895164

>All virtualization software exposes some virtual devices to the OS which can be trivially recognized as such by any modern OS

By default, because it helps with getting the guest OS to run as decently as possible. That default can be changed. As I said, I don't know how you would go about with a QEmu/KVM setting, but fully fooling the guest OS is a possibility since Joanna Rutkowska's work in 2005-2006.

What about React OS?

>>895217

What about? Go and test and tell us.

>>895217

It's still in alpha. So it's unstable, featureless, doesn't work fine with any drivers yet and doesn't work well with a lot of software.