Also, I'm a bit curious why this looks more like a request that it would send when someone types a search into the Startmenu rather than the Run box.
In fact, when typing into (or even running from) the Run box, I see no network requests over ports 80/443. When typing into the Startmenu, I see network requests going to the same M$ IP shown (18.104.22.168), but they are, of course, TLS-encrypted on port 443. Even if I block port 443 in the Windows firewall, it does not fall back to port 80.
This is either false, or version dependent. I would lean towards the former. Frankly, if this is real, a bigger problem than the sending of telemetry is the sending of unencrypted telemetry.
I wish more people would follow the maxim, "extraordinary claims require extraordinary evidence".
Agreed w/r/t outrage and the maxim, though.
It took reading around to see that this is incorrect.
EDIT: Thanks for deleting it
Install your own root CA then MITM it?
Does somebody know about such a tool?
It does not explain the port 80, however.
Unfortunately, no one really uses it (not even me) and it is probably full of bugs.
Or it could be an artifact of bad editpcap-ing. Same with the all 0s Ethernet source/destinations.
Either way I don't think it was the run box that triggered it. Either they didn't know the original run box is still a thing and the field in the taskbar is a search box or they have clipboard history enabled and didn't realize that's a cloud function while they were ctrl+c and ctrl+v-ing into the box.
The only explanation I could think of was that it falls back to HTTP if HTTPS is unavailable and they blocked port 443, which not only would be bat**** insane, but I tested and that does not occur.
Haven't used Windows in a decade so not sure if there's a better way now.
no, not running windows in a decade is still the better way.
only sort of joking. I run windows 7 and haven't upgraded.
I'm going to wait this whole windows thing out.
Which security issues are worse?
A built-in cloud command logger is quite bad if you don't know it's there, and is a security risk even if you know.
Some people occasionally enter things like private URLs, tokens, UUIDs, pathnames and query value onto the command line. Which is fine if they're the sort of thing that's ok in your local, private command history. Not so much if it's sent upstream.
But like I said, you do you. You'll figure it out eventually, probably at great cost.
Obviously the correct answer is "neither," but if you're deciding between Windows 7 or 11, that isn't an option you seem to be considering. Random people on the internet in countries with lower costs of living than yours will happily install malware on your computer to drain your bank account or cryptolocker you for a couple thousand bucks. Microsoft makes way more money than that (as does every single Microsoft engineer) and doesn't care about attacking you, at least not in that way.
(Also keep in mind that Microsoft surely has a bug tracker with a pile of WONTFIX'd security vulnerabilities in Windows 7 that they just didn't get around to fixing before EOL, and almost certainly that bug tracker is less locked down internally than raw telemetry data, so if you assume Microsoft or its engineers do care about attacking you, that's probably easier on Windows 7.)
Nevermind the fact that everyone is almost always behind a NAT and are basically unreachable for attackers to exploit remotely.
If anything, the newer versions of Windows are "horribly inescure" because they contain so many "unknown unknowns". But that wouldn't fit the narrative MS wants to propagate...
Excuse me while I die of laughter.
People are still finding bugs which existed in XP. Which was supported for 12 years and was released 20 years ago.
7 was supported for 11 years and was released 12 years ago.
> Nevermind the fact that everyone is almost always behind a NAT and are basically unreachable for attackers to exploit remotely.
Sure, except that the vast majority of malware doesn't come from a remote attack.
Ones which existed only in XP and not later? I doubt it. On the other hand, as for the bugs which exist only in the later versions...
...then where does it come from? Don't say "users installing it", because that's nothing more than an authoritarian excuse to take away freedom --- and as the saying goes, "Those who give up freedom for security deserve neither."
When did I say that? Finding a bug in Win10 which has existed since XP is just as dangerous as finding a bug only in XP, given that the patch Microsoft releases for Win10 will not be released for XP.
> ...then where does it come from?
Vulnerabilities in locally installed software? Supply-chain attacks, drive-by attacks, clickjacking attacks? Or, you know, users installing it? Believe it or not, users frequently install malware; otherwise, there wouldn't be such a proliferation of fake "driver" sites on the internet. I'm not sure how you reached the conclusion that facts are an authoritarian excuse to take away freedom, particularly since I have never and would never advocate for disallowing people to install whatever software they like.
Of course, we can play the asterisk game and expressly state that if the machine is not connected to the internet and not used to browse the web, then it's probably safe. Or if you like browse the web in a VM. I still have to wonder if the patches for these kinds of issues get backported to Windows 7.
As to the appeal for age, I think software ages like seafood in terms of security. Just because it's been deployed for years doesn't mean that there aren't vulnerabilities lurking in that code. Although I will concede that as Windows 7 loses users, the payoff for finding a vulnerability will decrease too.
What if you just browse the web in an up-to-date web browser? In both cases, the browser has a sandbox that should keep you safe.
Multiple layers of defense are of course better—but in both cases, someone would need a zero day to escape the sandbox, right?
Have they? We just had printernightmare (CVE-2021-34527) a few months ago. In certain configurations you can even get RCE.
That's a remote authenticated code execution...
...which is how this fucking corporatoracy will try to maintain its power. You can point out the very clear and visible truth, but they'll just deny it. Fortunately, the number of people who realise they're being fleeced is slowly rising.
- its the beesknees
; Type in the clipboard
MyClip = %clipboard%
StringReplace, MyClip, MyClip, `r, , All
If you ever find the time, open up fiddler and keep it visible on a second monitor while you browse. You'll be amazed by how much data is sent back to microsoft/Google.
I'm not sure if other chromium browsers also do this, I know ungoogled chromium doesn't.
They didn’t magically appear from thin air for sure.
* doesn't send your text to the botnet
* works with multiline text
* isn't 2 keys (win-R) away. I personally had to type win + N + O + T + E + P until it showed up, then hit enter.
hm, yet? And are we even sure about that? Who expect that what you type in the Run dialog being spied on and sent to MS? Is this even documented anywhere?
At this point I'm considering all MS softwares have become mainly hardcore spyware, with maybe some secondary legacy functions remaining (but in lots of cases being stripped slowly, while getting more bloated at the same time).
Probably illegal under GDPR laws, but like that kind of company gives a shit...
I will just abandon Windows, it's not worth it anymore. Win 11 incompatible with most not-so-old PCs will be a good occasion.
Unless it's always on - an Alt-Tab away. I use Notepad++ for that, it comes in handy with seemingly infinite undos and autosave.
There's also a way to add aliases via the Registry, but it's way more cumbersome.
You're welcome ;-)
best ever - ClCl 
It basically a clipboard manager, but the best one Ive ever used. Can create templates, use Alt+v to paste from list.Super intuitive. Its better than I am describing for sure, and its free. (cannot find equivelant for Mac)
The WE here is perpetually growing, where once it was the government and spy agencies, now it has become platform providers, service providers and pretty much everyone who can get a vendor lockin or near-monopoly established.
Edit: Anyone tried using NixOS as a desktop OS? I like the idea of scripting my setup.
It's a major distro with excellent security support, it's completely non-commercial, and KDE has a traditional GUI layout with all the optional trimmings (snap to window edges, thumbnail previews in taskbar etc)
Fedora may be the best options for new linux users who do not want to customize everything, but just wants a clean, fast and polished "works-out-of-the-box" experience.
I'll keep my higly cusomized arch (sway) install for my programming needs for now, but will probably choose Fedora for my "personal" laptop where I do some light video and photo editing.
Yes! Works great actually.
Even running Windows-based games on Steam with Proton. All my hardware worked out of the box(including my Wifi6 module) - only tweaking I had to do was for Vulkan with my GPU. Even then, not that difficult and instructions are in their wiki.
I have little reason to run Windows now. Only software I really miss is Fusion 360.
Edit - now 9 replies, all different. Great to see so much choice!
Best "works out of the box" desktop Linux experience I've had; which made me stick with it. I recommend the Budgie edition for a clean desktop environment that stays out of your way and doesn't confuse you with a billion configuration options. The packaging process is also quite easy in my opinion. In case you want to add some software that isn't yet available in the repository; either for everyone or just for your own use.
As a possible pain point starting out I've heard the installer can be a bit finicky (I myself had no problems with it though).
User guide here (.pdf) :
Yes, I use it daily and it’s been the most reliable distro I’ve ever used. My current install is 6 months old, completely shadowing anything I ever got before that. It’s package repository nixpkgs is the largest and most up to date out there, when counting unique packages.
The learning curve might be very steep in the beginning, but it’s very much worth it!
I run openSUSE (with KDE) pretty much for one reason - the repos available are completely comprehensive. They have everything I ever need in them, even some pretty obscure stuff, and because it's a rolling distro everything is up to date.
The amazing YaST graphical configuration tool is a nice bonus.
It's a ubuntu based with a i3 desktop manager but with newer perfect configurations out of the box.
Really depends on what you want. (I run Gentoo otherwise, but that's probably not everyone's preference. ;)
It will send (encrypted / 443) if using start menu search (as it uses bing to inter search as well. But doesnt do this for Run as the tweet is claiming.
The PCAP file is also more than a year old (which is not great in fairness)
Edit: actually just noticed that there's nothing to back this claim up. I didn't realize that the reply here was from a different account and not the one that's talking about the whole Win-R sequence. It's entirely possible that this is a packet capture from typing into the start menu search with the web search feature enabled.
Unfortunately it's not that hard to believe. Let's not forget Ubuntu did this as well and sent everyone's data to Amazon.
the group policy description explicitly says it does not respect it unless you're using enterprise or education.
>If you enable this setting, you can decide what level of diagnostic data to send to Microsoft, including:
>- 0 (Security). Sends only a minimal amount of data to Microsoft, required to help keep Windows secure. Windows security components, such as the Malicious Software Removal Tool (MSRT) and Windows Defender may send data to Microsoft at this level, if enabled. Setting a value of 0 applies to devices running Enterprise, Education, IoT, or Windows Server editions only. Setting a value of 0 for other editions is equivalent to setting a value of 1.
>- 1 (Basic). Sends the same data as a value of 0, plus a very limited amount of diagnostic data, such as basic device info, quality-related data, and app compatibility info. Note that setting values of 0 or 1 will degrade certain experiences on the device.
Disabling the relevant service might stop it regardless, but it's definitely not the group policy.
It would be prudent not to use company equipment for anything personal anyway.
As for remoting, rdp-ing from linux is a solved issue, as long as VPN is not too esoteric… at which point driver compatibility is not an issue anymore. That’s Looking Glass scenario for me :)
it having un-disablable telemetry and mandatory updates finally made me switch to Linux everywhere
otherwise it's no longer My Computer... it's Satya's
"Either the user controls the software, or the software controls the users":
Knowing the commands people often use the Run dialog for can be a useful input for making usability and stability improvements. (Eg: a sudden influx of people running explorer.exe might hint at something etc. )
Of course, MS telemetry is in many places and it's not always clear where so it is often a surprise to find these spots when you start looking.
It used to coexist with linux, now basically everyone of "google engineer" quality single boots linux.
Don't worry about choosing, little by little the Linux ecosystem (distros, applications) is/will be catching up with these horrific anti-patterns too. After all, it is now in the hands of the same type of guys, who apply the same reasoning (1. how could I improve my piece of software if I don't put telemetry everywhere? 2. Security! Security! Security! Please let me auto-update 3 times a weeks, put a camera in your house, oh and by the way, give me your car keys, it's for your own good.)
It’s an American company that’s keeping taps on something like 600 million European citizens. I don’t care what sort of “license agreement” it comes with, that’s just not ok.
Well we’re still struggling to get them to commit to never having Azure support work on our things with workers who aren’t EU citizens. But AWS complied with that rather quickly and Microsoft is bound to follow or lose a lot of business. And that last part is what’s important. It’s also why we can turn the telemetry off in the enterprise setups. So all you really need is someone high enough in the EU to make it stop and Microsoft will end it because it’s too valuable for them not to do so.
You’re right that we can’t easily leave Microsoft in the public sector, and we don’t really wish to do so either as the education of millions of workers alone would be so expensive there is no business case, but we’re not as reliant on Windows as we once were. Almost all our systems have become platform independent, including office365, and more and more of our new hires have never used a Windows PC when they join us.
Good. But I'd prefer if the average EU citizen can have it turned off as well, by default.
I can't pressure them with my single OEM license. Windows 10 is most likely not GDPR compliant and everyone knows it (I'd be very surprised if the hidden and sometimes impossible opt-out is fine). But aside from a ban in german schools nothing is being done it seems. Amazon, Google, Facebook were all fined, I can't find anything about MS.
Inking, typing, and speech utterance data
This type of Optional diagnostic data includes details about the voice, inking, and typing input features on the device.
Samples of the content you type, write, or dictate on the device.
Details about status of transcribing input into text
If you say Wireshark then you are the problem.
It would need to be in something as easy as Task Manager.
Ideally you could also just set a token string that if it ever gets sent over the internet you'd get a immediate flag. Then just shove it everywhere. And let the worlds power users work it out.
I assume it's a technical issue.
That's a feature, not a flaw, of TLS.
Such a simple search but somehow microsoft manages to make it such , first it searches the web (why? we have browsers for this ) sends a copy to micsoft… then finally pops up with what you want.
I know this is not the same as the run dialogue but just reminds of how borked some of microsoft products have become.