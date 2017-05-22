Maybe we were all better with this

MICROSOFT'S FLAGSHIP operating system, Windows 10, is under the spotlight again, this time after a series of tweets showed massive holes in the Group Policy system.

Security researcher MarK Burnett (@m8urnett) posted the results of a test on Windows 10 Enterprise he conducted on a virtual machine. They make for grim reading.

I have this Win10 Enterprise vm that I was using to test out various privacy settings. Here's some of the stuff I found out so far... — Mark Burnett (@m8urnett) May 21, 2017

In the following tweets, he uses a packet sniffer to show that with teredo IPv6 disabled, the system still checks for IPv6 connectivity. SmartScreen is disabled but it still connects. Telemetry is disabled. Still connects. Error reporting disabled. Still connects. Sync-related services all disabled at a group level. Still connects.

I mean we could go on. Yes? OK then.

Online KMS validation disabled, still connects. All connections except Updates to Microsoft blocked. Still connects to a range of ad servers. Yes advertising servers. Burnett confirms that all these calls are made by Windows 10, not by any apps.

"So it seems" he goes on "like Microsoft doesn't even honour it's own Group Policy settings" warning "But the big problem here is that people will use third-party apps to block all this and inadvertently block security-related stuff."

As if for an encore, Burnett deleted the new Paint 3D, a system app, which he is entirely entitled to do. He found the system restored it and added a firewall rule allowing it network access. Yes. Not even Paint is safe.

Holy moly. This is just a complete disaster area. People have warned for a long time that Windows 10 is just that, a disaster area for privacy, but this seems to suggest that it is actively defying its users' wishes.

The fact that this is happening on Windows 10 Enterprise is of particular concern. Microsoft is relying on an upsurge of businesses to switch from Windows 7 to Windows 10, which currently has less than half the market share of its combined predecessors, and is running well short of the projected 2 billion machines in the first two years, which was promised. That two-year mark is fast approaching and even Microsoft's own statistics are showing a quarter of that.

Organisations need to have faith in their operating system and revelations like this will not help.

The conversation continued on ycombinator with others sharing their horror stories of Windows 10.

One user, ‘Donkeychan' said: "MS Support consistently and repeatedly told me that enterprise allowed me to disable this stuff. If I can't control the egress then I can't verify PCI compliance. I've already had to revert a client to Win 7 because they failed a PCI compliance audit using Win 10 Enterprise. Which, by the way, is very expensive for small businesses. Win 10 Enterprise isn't viable for business. I have a bunch of small business clients and I've had to use a whitelist firewall to pass PCI compliance, someone said here that a whitelist firewall is borderline unusable. I've sunk so much time into that solution and I can attest, it's not viable."

‘Sathackr' added: "I went through the same thing last year. I spent two months trying to plug all the holes in the enterprise version, for a medium sized healthcare client, and eventually gave up.

"The LTSB edition looks promising but I haven't put it under the microscope yet."

While ‘weeks' summed it all up "Playing whack-a-mole with memory corruption vulnerabilities isn't how you create a secure operating systems."

We've asked Microsoft for their response to all this, but as we discussed on these pages only last week, we have a bit of an issue there because they can rarely scrape together a response before we're all ready to go home. And that's on a good day. But the lines of communication have been opened, so settle down grab a beer and some popcorn and wait for the cavalcade of bullshit to commence.

We're fully expecting them to tell us how this is all for our convenience. µ