Security Experts:

Microsoft Boosts Remote Data Collection in Windows 7 and 8

Despite being criticized that it collects customer experience and diagnostic telemetry data in Windows 10, Microsoft decided months back that it would also add the same capabilities into in-market Windows 7 and Windows 8 devices, and has done so via a series of updates that arrived on these platform versions earlier this year.

Following a series of updates meant to prepare Windows 7 and Windows 8 for the impending upgrade to Windows 10, Microsoft pushed the Diagnostics and Telemetry tracking service to existing devices and began collecting more data on them, as Winaero notes in a recent article.

A quick look at the Windows 8.1 Feature Supplement reveals that Microsoft is already collecting details on how the platform, application, computers, and connected devices, are used, as part of its Windows Customer Experience Improvement Programs (CEIP).

In April of this year, however, Microsoft released update KB3022345 to in-market Windows 7 and Windows 8 devices, in addition to Windows Server 2008 and Windows Server 2012 systems, thus installing services that “download manifests and upload data to Microsoft when data is available for upload.” These services use SSL (TCP Port 443) and connect to two different DNS endpoints, namely vortex-win.data.microsoft.com and settings-win.data.microsoft.com.

Soon after, the software giant updated its Diagnostics and Telemetry tracking service on these devices with the release of two software updates, KB3068708 and KB3080149, with the latter meant to resolve an underlying issue with the service without making changes to way data is collected.

Another update in the series was KB3075249, which added telemetry points to the User Account Control (UAC) feature in Windows 7 and Windows 8.1 “to collect information on elevations that come from low integrity levels.”

The release of these updates raised concerns regarding the privacy of Microsoft’s users, despite the fact that the company claims that users participating in CEIP can opt out of participating in surveys at any time and that no contact information is being shared with the software giant, at least not intentionally.

As it turns out, the Diagnostics Tracking service can now collect more system data than before, while also having access to third-party applications integrating the Application Insights service, which allows developers to track various performance and crash issues with their programs, which sounds reasonable.

Windows 7 and Windows 8 users are offered the possibility to uninstall these updates from the Control Panel and can also choose to “hide” them, so that the system would not reinstall them. Moreover, they can set firewall rules to block the vortex-win.data.microsoft.com and settings-win.data.microsoft.com hosts that data is sent to, a ghacks.net article points out.

“Users should be able to clearly understand what data may be collected and for what purpose, so that they may make educated decisions about whether they are willing to provide this information in exchange for use of the service,” Rob Sadowski, Director of Technology Solutions at RSA, told SecurityWeek. “In this case, many users appear to be unclear about what data may be sent by various features in Windows, and how this is affected by the product’s privacy settings."

Sadowski also highlighted the importance that application developers understand the security implications of data they collect.

“For example, collecting data on crashes may indicate that a particular machine is susceptible to a particular software vulnerability,” Sadowski said. “Capturing memory dumps or other state information could reveal credentials, authentication data, encryption keys, or other sensitive information. Developers need to more carefully consider the risks of collecting this data against its perceived value. Should they decide that the benefits outweigh the risk, they must take their responsibility as custodians of this data seriously and ensure its protection against unauthorized disclosure.”

A Microsoft spokesperson told SecurityWeek in a statement that the May update (KB3080149) was “related to updates to the diagnostics service for Windows 7 & 8.1 systems that participate in the Customer Experience Improvement Program (CEIP), which is an opt-in, optional program.”

The statement also reassured users that the company has not changed its policies regarding the use of CEIP data compared to what is described in the Windows 8.1 Feature Supplement, in the “Windows Customer Experience Improvement Program” section, and that data collection is still meant “to help improve and diagnose Windows 7 and 8.1 products.”

view counter