Microsoft is committing corporate espionage across the board with their products. This goes way beyond personal data harvesting because they are the de-facto standard for corporate documents, and they are spying on everything that comes their way. There are no real alternatives currently, but there needs to be more awareness of what they are doing.
It's actually insane. Work just swapped me in a new laptop, and of course win11 was the image.
It's an 8-core xeon. When I'm away from it, it sits at about 8% CPU. about 2% of that is random company tracking crap. about 6% of that is "windows defender advanced threat protection CE"
This thing runs regular expressions against all your files, looking for data patterns the company wants to flag. Not really viruses, but "let's scan this 4GB TCP dump to see if it has a social security number in one of the random byte patterns.
I store infrastructure config dumps from huge storage arrays, vmfarms, VIO, etc. lots of stuff to scan. It unzips files. It scans encrypted 7z files. The fan is on low and the laptop is warm when I'm not using the computer.
Now thankfully, they just record filenames, make my AC run a more, jack up my electric bill a dollar a month, decrease the life of the laptop by a year, and nothing more.
I did a gig at a hospital during covid lockdowns and those guys were nuts. Anything that could be an SSN or patient ID stuff under HIPAA would be blocked from email, blocked from being sent in a web page, and saved in a document after recording the reason in servicethen. Thing like array serial numbers, vendor support case numbers, etc. I thankfully got the h out of there in under a year, but the people there learned to live with it. Support call? That's a call. Need to email something? 7z it, encrypt it, rename the file to .renameToDocx. Vendor emails would get thrown into a bit bucket. Downtime galore. Staff morale non-present.
Policies of course set by middle management. When things failed the technical staff and vendors blamed. 2 stars on glassdoor, but mostly from the nurses who got 20 hour shifts and a decrease in pay.
Microsoft is not doing anything. They are providing solutions to meet the demand from their customers. Their toxic, incompetent customers who are on a powertrip at work to compensate for lack of control in their personal lives.
The problem is many healthcare organizations do have terrible IT security. I've seen a nigerian (419) spam from a hospital employee mail account (confirmed by DKIM and Received, so not a spoofing - a mail account credentials were compromised) and such spammers don't target healthcare - all they need an easy to hack mail account with good reputation. But what I see organizations doing to 'improve' their security is mostly security theater which make work hard for employees and with security crapware which uses 100% CPU monitoring users and 'scanning for threats'. At best a small fraction of what is done actually improves security.
I have an exe in my digital archive (a meticulously organized ZFS pool) which Windows is absolutely convinced is a virus. Windows likes to randomly delete this file. While I do keep backups, and I do my best to confirm their validity, this doesn't mean I want Windows randomly deleting files. I do delete old backups eventually.
So for safety, I have been storing this exe file in an encrypted zip archive, where the password is the name of the zip file itself. After reading this article, I've changed the password to a random series of letters.
However, I'm storing the password in a text file next to the zip file. And I have to wonder--is Windows going to start reading my text files to look for the password? This is honestly screwing with my head a tiny bit! What if Microsoft starts using a large language model to find the password? How far must I go to ensure Windows leaves my files alone?
How is windows accessing the zfs pool exactly? Afaik, there is no zfs support on windows?
Since these are backups, shouldn't they be read only? A snapshot at least would ensure easy rollback.
Also, windows defender is not the only thing that can alter your archives. Think malware and ransomware.. once again a fully read only unalterable storage should be preferable if you care about the data.
> Since these are backups, shouldn't they be read only? A snapshot at least would ensure easy rollback.
My digital archive is not a backup. It is digital storage which I actively use every day, and which is itself backed up. Windows is not deleting the file from the backups, but I don't keep old backups forever.
Yes, and very happily too. Defender seems to not really care where the files are, as long as there's readable data on a drive mounted somewhere accessible, it's all fair game.
This is my experience as well, I don't know if I'm doing something wrong or not but exclusions never seem to work, at least when Windows is convinced it has found a severe threat. I have to completely disable Real Time Protection.
The (ZFS) snapshot approach mentioned above might be useful?
That would make sure the important files are still available (even over smb) by going to the hidden .zfs directory inside the zfs file system.
I'd probably do something like create a new ZFS file system on your server just for these special files, move them into it, snapshot the file system to ensure they're preserved, then make the filesystem available over the network via a new SMB share.
That's just a rough first idea. If you're changing those special files much, then some kind of automatic timed snapshot thing (maybe with expiry) would probably be useful too. aka cronjob
Is there a setting to turn this scanning off. Having to go through multiple levels of UI just to download a fucking zip has been annoying me lately.
For that matter, is there a way to actually disable Window’s suite of security tools. I’ve tried settings, mucking with registry keys, etc. and that crap never seems to die.
It seems to me like Microsoft's cloud department has taken control of the company, and now even Windows isn't safe. They'll either course-correct and make Windows friendly to home users again, or they'll become a company only tech nerds know about like Oracle or IBM.
20 comments
[ 2.6 ms ] story [ 44.0 ms ] threadIt's an 8-core xeon. When I'm away from it, it sits at about 8% CPU. about 2% of that is random company tracking crap. about 6% of that is "windows defender advanced threat protection CE"
This thing runs regular expressions against all your files, looking for data patterns the company wants to flag. Not really viruses, but "let's scan this 4GB TCP dump to see if it has a social security number in one of the random byte patterns.
I store infrastructure config dumps from huge storage arrays, vmfarms, VIO, etc. lots of stuff to scan. It unzips files. It scans encrypted 7z files. The fan is on low and the laptop is warm when I'm not using the computer.
Now thankfully, they just record filenames, make my AC run a more, jack up my electric bill a dollar a month, decrease the life of the laptop by a year, and nothing more.
I did a gig at a hospital during covid lockdowns and those guys were nuts. Anything that could be an SSN or patient ID stuff under HIPAA would be blocked from email, blocked from being sent in a web page, and saved in a document after recording the reason in servicethen. Thing like array serial numbers, vendor support case numbers, etc. I thankfully got the h out of there in under a year, but the people there learned to live with it. Support call? That's a call. Need to email something? 7z it, encrypt it, rename the file to .renameToDocx. Vendor emails would get thrown into a bit bucket. Downtime galore. Staff morale non-present.
Policies of course set by middle management. When things failed the technical staff and vendors blamed. 2 stars on glassdoor, but mostly from the nurses who got 20 hour shifts and a decrease in pay.
Microsoft is not doing anything. They are providing solutions to meet the demand from their customers. Their toxic, incompetent customers who are on a powertrip at work to compensate for lack of control in their personal lives.
The creator of bittorrent is not pirating movies.
So for safety, I have been storing this exe file in an encrypted zip archive, where the password is the name of the zip file itself. After reading this article, I've changed the password to a random series of letters.
However, I'm storing the password in a text file next to the zip file. And I have to wonder--is Windows going to start reading my text files to look for the password? This is honestly screwing with my head a tiny bit! What if Microsoft starts using a large language model to find the password? How far must I go to ensure Windows leaves my files alone?
How is windows accessing the zfs pool exactly? Afaik, there is no zfs support on windows?
Since these are backups, shouldn't they be read only? A snapshot at least would ensure easy rollback.
Also, windows defender is not the only thing that can alter your archives. Think malware and ransomware.. once again a fully read only unalterable storage should be preferable if you care about the data.
Over SMB.
> Since these are backups, shouldn't they be read only? A snapshot at least would ensure easy rollback.
My digital archive is not a backup. It is digital storage which I actively use every day, and which is itself backed up. Windows is not deleting the file from the backups, but I don't keep old backups forever.
That would make sure the important files are still available (even over smb) by going to the hidden .zfs directory inside the zfs file system.
I'd probably do something like create a new ZFS file system on your server just for these special files, move them into it, snapshot the file system to ensure they're preserved, then make the filesystem available over the network via a new SMB share.
That's just a rough first idea. If you're changing those special files much, then some kind of automatic timed snapshot thing (maybe with expiry) would probably be useful too. aka cronjob
And if you use third party antivirus software windows security is switched off.
For that matter, is there a way to actually disable Window’s suite of security tools. I’ve tried settings, mucking with registry keys, etc. and that crap never seems to die.
You’d think someone into malware analysis would have the skill to share files without cloud though, right?