Thread: OT Windows 10
View Single Post
  #183   Report Post  
Posted to alt.home.repair
[email protected] clare@snyder.on.ca is offline
external usenet poster
  
Posts: 18,538
Default OT Windows 10
On Mon, 22 Feb 2016 10:45:35 -0700, Don Y
wrote:

On 2/22/2016 6:31 AM, Mayayana wrote:
| The use of these well known ports (80/53/443/137) may be innocent.

That's really not a relevant question. The man
testing had chosen all possible privacy options. It's
his computer. Microsoft had no business rigging
the system to call out.

A box sending a request on port 53 can be doing so as
part of network discovery. Or, are you claiming "call(ing)
out" should also include being able to detect the
immediate environment? Locate network shares on the
local intranet? etc.

You also don't know what the software was *trying* to do at the
time. E.g., Windows machines have long tried to "validate"
their licenses. If I build a new 7even box and DON'T let
it phone home, it will complain that the product has not been
"activated". Should MS require the user to expllicitly
perform the activation step? ("Please connect me to an
active internet connection and let me contact my activation
server as part of the terms of the license agreement
that you accepted when you installed this software. I
will not allow you to use this software until you do so")

The software end user agreement calls for either "call home"
authentication or manual authentication over the phone. It only needs
to be done once - and after that it doesn't attempt to "call home"
unless MAJOR modifications are made to the system.

First loads of IE always want to run off to some startup page
at microsoft. Is this convenience? (so the user sees
SOMETHING when he invokes the browser without explicitly
specifying a URL in the invocation) Or, a surreptitious
attempt by Microsoft to notice yet another instance of
it's product coming on-line?

How did we get to a point
where we presume someone breaking into a house
had innocent reasons and has done nothing wrong,
unless we actually catch them running off with a
TV set?

The adage "innocent until proven guilty". No one has
shown the content of these connection attempts. How
do we know it isn't just a "helpful attempt" to provide
information (even advertising services: sign up for
your free hotmail/mslive account, today!) to a CUSTOMER?

It's too easy to get caught up in paranoia/conspiracy
theories. I like seeing conclusive *data* before
forming an opinion.

I build "appliances". You typically can't sit down at a console
(nor telnet into my devices). How do I provide information
to the user regarding the proper operation of the device
when I may only have a tri-color LED with which to convey
that information? He can't examine my network status "on
command". He can't force me to ping some remote host so
he can see if the ICMP packets are being sourced from my
network interface and passing through *his* firewall.
He can't see if I am "seeing" his incoming connection
attempts, etc.

So, I intentionally perform some specific, observable
actions on startup to provide myself with information
about my environment AND let him observe how I am
integrating with that environment. And, use information
from those actions to decide whether my LED should glow
GREEN, YELLOW, or RED -- or blink some obscure "error
code" (that will send him running for a cheat sheet
that explains its meaning, likely causes and potential
remedies).

When a BofH starts beating his chest about my device's
"misbehavior" (it's spying on us; its trying to probe the
firewall; it's trying to access our web server; etc.)
I ask his boss how they would like me to redesign the
device -- and how much they would like to add to its
cost (to provide for those features).

The cincher is reminding the boss that this will be
yet another device that *his* IT department will then
have to maintain (instead of a turnkey appliance).

"Leave it the way it is. Bob, go back to work..."

The author of the article could have designed an
experiment where he captured some of the traffic
(to a masquerading host as well as to the actual
GENUINE hosts -- does the content differ?). Instead,
he just captured the low hanging fruit.

And, of course, there's no guarantee that the nature
of the traffic won't change when he "wakes up" and
actually starts USING the box!

Or, that the box isn't simply "being coy" -- biding
its time until it thinks no one is watching it before
sending out its data ("Hey, I've got this big disk
that I can use to REMEMBER all the stuff I want to send
home... why should I do it *now*??")

Reply With QuoteReply With Quote