Thoughts on Windows 10 - Windows Users Only, Please

Status
Not open for further replies.
If you stop patching the security vulnerabilities discovered then that can have severe consequences.

But as the user base rapidly shrinks, the bad guys aren't going to waste their time on 7 looking for new exploits when the easy ones have been found, when there is a whole new universe out there with all new problems just waiting to be exploited.
 
If you stop patching the security vulnerabilities discovered then that can have severe consequences.

But as the user base rapidly shrinks, the bad guys aren't going to waste their time on 7 looking for new exploits when the easy ones have been found, when there is a whole new universe out there with all new problems just waiting to be exploited.

If you say so.
 
If you stop patching the security vulnerabilities discovered then that can have severe consequences.

But as the user base rapidly shrinks, the bad guys aren't going to waste their time on 7 looking for new exploits when the easy ones have been found, when there is a whole new universe out there with all new problems just waiting to be exploited.

Hackers prey on out-dated software. They are preying on people still using Windows XP or Vista right now. If the hackers could have any single thing in the entire world, it'd be that people stick with what makes them comfortable as oppose to upgrade to software that is regularly receiving security patches. It's thinking like this that has thousands of people with zombied Windows XP computers providing backdoors into other systems to hackers.

The second 7 reaches EOL, you can GUARANTEE that they will be spending a CONSIDERABLE amount of time looking for exploits because they know that Microsoft won't do anything to fix them anymore. The "bad guys" will be banking on thinking like this - you're not the only one - that gives them free reign without worrying about a zero-day patch to fix their exploit.

Upgrade. Windows 8 was great. Windows 10 is even better. Learn new things. Stay secure.
 
Last edited:
I was just about ready to jump on the bandwagon. The notification icon is there on my taskbar. But, as is my habit, I read the terms of service and privacy disclosures before downloading a program. I don't think I can use it.

Buried in 33 pages (pdf version) of text downloaded from this site: https://www.microsoft.com/en-us/privacystatement/default.aspx
I find this:

Reasons We Share Personal Data

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:

1. comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
3. operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.

Please note that some of our services include links to services of third parties whose privacy practices differ from Microsoft's. If you provide personal data to any of those services, your data is governed by their privacy statements.

(Emphasis added).

When Dropbox came out with similar language in 2010 or so, I "dropped" the account like a hot potato. Now MS is claiming access to my private files, not just emails, on a "good faith" standard. If I consent to this, I may have just waived confidentiality for the 600+ clients whose files reside on my computer.

I frankly don't see how any lawyer could sign on to these terms in good conscience. I didn't have those terms for Windows 7.

Now I'm trying to figure out if these terms of service are retroactive. If so, I'm going to have to increase my encryption practices.
 
I was looking at a battery saver program for my phone that wanted permission to read all my emails. I've no idea why almost all apps ask for this comprehensive permission, but I try to use as few as possible, since almost all of them do (even the weather apps!). I expect nothing on my devices is truly private, but I'd like to maintain the illusion of being alone in a room when it's just us -- me and the machinery. I refused the upgrade because I watched a youtube preview and was profoundly disturbed by Cortana: I really do not want my computer to interact with me socially. I do not want it to make helpful suggestions based on all the intelligent spying it's been doing. I'd rather blunder along in my frail humanity.
 
I frankly don't see how any lawyer could sign on to these terms in good conscience. I didn't have those terms for Windows 7.

It seems that a lawyer should, at least, get an advisory opinion from his or her state bar. That may give me something to stir up.
 
Stay secure.

You might read Mr. Bottomly's post below, if you think your information is secure with 10. It's just a question of who is hacking you.

I did. I didn't think it qualified a response. The link he pointed to is to Microsoft's generalized Privacy and Cookies documentation. It is not about Windows 10 specifically. It is a broad-spectrum document that covers all of their services. If you have a Microsoft account and you want to sync between computers, they have to have access to your data. If you have OneDrive they have access to your data. If you have Outlook.com they have access to your data. If you use Skype, they have access to your data.

I hope none of you have a Google account at all. I hope none of you have a Facebook account at all. I hope none of you have any apps on your phones. I hope none of you use any webmail service.

This is very standard language that is actually pretty tame compared to other things I've read.

The fact that their default privacy settings are set to "share everything!" bothers me, and I'm sure they're going to change that given the outcry of privacy folks, but the only people who are going to be worried about that are people who are worried about that, so they'll take care of it.

If you have anything that you need to be ABSOLUTELY secure, then you should have an encrypted profile on an encrypted hard drive, and you should be using a GNU/Linux distribution, because this kind of language in one way or another is in practically every ToS out there now.

As for being secure - If you read what Microsoft will use it for is to protect you or to stop you from doing something illegal - hackers will use it to profit from it. I guess the choice is yours. If you're that paranoid about this language (which is a broad sweeping usage for ALL of Microsoft's services, not something new hidden in Windows 10) then you should probably think about switching to a different operating system. Probably something not built by Microsoft or Apple or Google.
 
If you're that paranoid about this language (which is a broad sweeping usage for ALL of Microsoft's services, not something new hidden in Windows 10) then you should probably think about switching to a different operating system.

Yes, I am paranoid about such things. That's why I do not use gmail accounts or Microsoft accounts or Facebook, etc. I don't use the cloud for client data (contrary to the prevailing trend).

What bothers me about this is that the operating system itself is set up to use the cloud for everything. The opt out procedure is fairly convoluted and not at all straightforward.

This was not the case with previous operating systems, only services.

Our state (Washington) already has an advisory opinion on this. One of the things it says is:

Because the technology changes rapidly, and the security threats evolve equally rapidly, a lawyer using online data storage must not only perform initial due diligence when selecting a provider and entering into an agreement, but must also monitor and regularly review the security measures of the provider.

The language of the terms of service is too broad, regardless if it has become "industry standard" for consumers. There are cloud based services that cater to attorneys and other professionals that recognize privacy concerns and incorporate them into their terms of service. The new wrinkle here is that an operating system is the portal for such "services."

Until things are clearer, and the dust settles, I think I'll have to pass.

If you read what Microsoft will use it for is to protect you or to stop you from doing something illegal - hackers will use it to profit from it.

Yes, that is what it said, "for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone...." But the agreement does not restrict it to such wholesome-sounding motives. If I have a client facing criminal charges and I take notes about what he tells me he has done in the past, Microsoft's "good faith" notion might be to turn over my client files to the FBI.

That breach could be laid at my feet. Do we really want to trust the "good faith" of corporations when it comes to civil liberties?
 
Do we really want to trust the "good faith" of corporations when it comes to civil liberties?

Microsoft will only give up your private files to the FBI if the FBI comes to them and requests information from them. Microsoft isn't the NSA. They aren't scanning all of your data looking for some sort of illegal behavior in your client files. If they have reason to suspect (security alert, FBI lead, NSA lead, lead from a tipster or something) that something in your files is showing that YOU are pirating software, or YOU are spamming people or YOU are breaking Microsoft ToS, or YOU are a terrorist, then they will go into your files. Another instance is if there is a very nasty virus that is running around in a file called "HAHAVIRUS.exe," they will scan your directories for this file... And they need access to "private" folders.

But this is why corporations like Microsoft have business contracts.

Google Apps has a much better privacy policy when you are a corporation and plan on using them in the course of doing business.

If you're looking at upgrading your computer to the free version of Windows 10 Home, then you are upgrading to a consumer-level operating system, not an enterprise or business-level one where privacy and terms of service are likely different.

Perhaps you should get in contact with Microsoft about getting a business-level contract and license with a privacy policy that you can sleep easily at night with.

By the way, you can keep your computer offline and never connected to the internet and then you won't have to worry about anything.
 
Microsoft will only give up your private files to the FBI if the FBI comes to them and requests information from them. Microsoft isn't the NSA. They aren't scanning all of your data looking for some sort of illegal behavior in your client files. If they have reason to suspect (security alert, FBI lead, NSA lead, lead from a tipster or something) that something in your files is showing that YOU are pirating software, or YOU are spamming people or YOU are breaking Microsoft ToS, or YOU are a terrorist, then they will go into your files.

I appreciate your input and perspective, really.

But in the world of criminal defense, this kind of thinking is considered naive. Of course Microsoft will only do what it thinks is right (I hope). But they are operating in "good faith," which is a legal term of art that means their duty is quite low.

As in, suppose a Microsoft rep gets a phone call from an FBI agent saying he's investigating a potential crime. The agent asks MS to send them copies of Vic's files because he is known to represent a suspect.

Microsoft says, "OK" in the good faith belief that it was a proper request.

Now I'm having to go to the court on a Motion to Suppress on 4th Amendment grounds because it was an unlawful search without probable cause. The State gets to respond: "your honor, Mr. Bottomly gave those files to Microsoft with out any limitation other than good faith. Voluntary disclosure to third parties on such limited terms is a waiver of confidentiality. It was not an unlawful search because there is no privacy issue...." And so forth.

Yes, it's things like this that keeps me awake at night. That and the sick cat.

I use Windows 7 Professional. The Windows 10 upgrade offers me the consumer version. I've tried negotiating with MS before with some success, but it is time consuming.

But, maybe I'm just a special case. As I look at the issue being discussed online, I see folks' reaction ranging from "what else is new" to "the world is ending."

I've never been a Microsoft basher. I've used its products since the early MSDOS days. I'm a fairly advanced user of MS Word and prefer it to all other options. But I've never let them on my system without being assured that, at least, I could sue them if they breached their agreement. With this agreement, there's not a whole lot of assurance. Renegotiating it on my terms is probably a tremendous hassle. Maybe more of us will jump on it.

I'm not sure where this all goes, but I'm mildly alarmed when I was complacent just a day ago.
 
In your special case, you have a legitimate reason for NOT downgrading to any consumer-level things. But this isn't a problem with Microsoft or Windows 10. This is the way things are going, like it or not. They want professionals to use their professional products. Some of those Pro products don't even have any extra features - you're paying for the extra support and different terms of use/privacy.

Which is worse for you legally and/or professionally with your clients? Microsoft being jerks and having to deal with them, or you being negligent in properly protecting your computer by using an up-to-date operating system and software? What will your argument be?

Imagine the legal ramifications of your refusal to upgrade your operating system. EOL rolls around and because you're afraid of what Microsoft MIGHT do with its new privacy policy, your operating system stops receiving security patches, and somebody finds a backdoor or some exploit. That hacker gains access to your computer along with all of your client files. Now your client files aren't just in the hands of Microsoft and other organizations that are keeping that data in-house. Now your client files are in the dark web being bought and sold by people who can use that information for their financial and sadistic benefit.

If you're not willing to put in the extra time to haggle with Microsoft over terms, then I'd honestly suggest you switch to Linux. By refusing to upgrade your operating system, you are refusing to do everything in your power to protect your client's data. To me, that's way worse than worrying about what Microsoft MIGHT do.

If I went to a doctor, a lawyer or anywhere where my personal information might be stored on the computer and I saw that they were using Windows XP or Windows Vista, I wouldn't give them anything. I'd leave. I'd know my data won't be safe. If you don't upgrade to SOMETHING besides Windows 7, you'll eventually reach EOL, and then you're setting yourself up for some serious hurt. It'll be way worse than having to deal with the courts over the 4th. You'll be dealing with civil courts when your clients are suing your pants off for not doing everything you could to protect their confidentiality.
 
By refusing to upgrade your operating system, you are refusing to do everything in your power to protect your client's data. To me, that's way worse than worrying about what Microsoft MIGHT do.

True enough, but I'm not refusing. Just waiting for the dust to settle after being surprised.
 
By refusing to upgrade your operating system, you are refusing to do everything in your power to protect your client's data. To me, that's way worse than worrying about what Microsoft MIGHT do.

True enough, but I'm not refusing. Just waiting for the dust to settle after being surprised.
Now this I can get down with. Chances are they'll be forced to modify their terms anyway. You have some time.
 
People are unaware of how vulnerable most often they are while sitting online with a connection that is 24-7 like a server. I remember the days of XP when the Netbios exploit was never spoken about or acknowledged by Microsoft. One could scan or sniff the internet looking for vulnerable computers.

I guess one could reduce the chances of being exploited by unplugging the internet connection while not in use, but that is seldom done. The computer stays online day and night waiting for some hat to find them... just like a server.

God bless,
William
 
Vic,

I understand your concern but the terms primarily are of concern if you're using OneDrive. An OS can do nothing unless it's connected to the Internet. I think those who fear what the government might subpoena in the future probably should not use any kind of Cloud storage service. The reason why those terms weren't in prior versions is because OneDrive is one of the standard services built in to the OS now where you had to install it as a separate application in the past. If you use OneDrive or Google Drive or Dropbox (or any other online file storage or email based system) then those companies are required to comply with the laws of the country they operate within regarding the subpoena of those records in criminal investigations.
 
Have you considered switching over to a Linux OS?

I have a few versions on some older computers for fun. But for work, no.

I'm running several applications that require Windows and I'm not inclined to give them up just yet. Not only do I really like Word 2010 over any of the linux competitors, I'm running some case management software that I like. But most important, my VAGcom program (for analyzing my wife's 2001 Audi allroad) runs only on Windows. (I do have an XP netbook without internet running it, so I suppose that's not really an excuse).

Vic,

I understand your concern but the terms primarily are of concern if you're using OneDrive. An OS can do nothing unless it's connected to the Internet. I think those who fear what the government might subpoena in the future probably should not use any kind of Cloud storage service.

I've settled down and am not so worked up. I don't have a problem with subpoenas--those can apply to my physical files anyway and there are procedures to deal with that. I was concerned about the grey area "informal" requests that have become fairly common with data carriers.

There are cloud providers with different terms of service and I've considered those as a potential option. But, really, for me as a one-man show, I don't need the cloud. I backup my work files every couple hours to a hard drive and a high-capacity sd card. Back up again at home every night. I keep additional document files backed up on flash drives in my brief case. (Yes, they are all encrypted).

Basically, if my computer were stolen, my house burnt down, and my office ransacked all at the same time, I'd still be able to have all my work product over the past 9 years at my fingertips with a $350 Walmart laptop.

I can pretty much do without the cloud and will get Windows 10 when I get assurance that I can get the professional version. I'll just opt out of all the "services." Maybe this year I'll buy a Surface Pro with it preinstalled when I'm convinced it's better than my Series 7 Slate (which has been amazing).
 
Can anyone tell me if my Excel and Word documents will be okay and transfer if I change to 10? I think I am using a 2007 version with Windows 7.
 
I cancelled my Sugarsync and Dropbox accounts. Use Crashplan and Google Drive, the latter just because I get 1TB storage free with a Chromebook Pixel I purchased last year. Crashplan lets me maintain versioned sync backups to one of my local network hard drives as well as the cloud if I choose to use Crashplan's unlimited storage cloud service.
 
Can anyone tell me if my Excel and Word documents will be okay and transfer if I change to 10? I think I am using a 2007 version with Windows 7.
I have had no problems with these earlier versions of Office using Windows 10. You might consider a subscription to Office 365 and never have to worry about Office products any further and be able to install Office on five of your computers at home.
 
I've settled down and am not so worked up. I don't have a problem with subpoenas--those can apply to my physical files anyway and there are procedures to deal with that. I was concerned about the grey area "informal" requests that have become fairly common with data carriers.

There are cloud providers with different terms of service and I've considered those as a potential option. But, really, for me as a one-man show, I don't need the cloud. I backup my work files every couple hours to a hard drive and a high-capacity sd card. Back up again at home every night. I keep additional document files backed up on flash drives in my brief case. (Yes, they are all encrypted).

Basically, if my computer were stolen, my house burnt down, and my office ransacked all at the same time, I'd still be able to have all my work product over the past 9 years at my fingertips with a $350 Walmart laptop.

I can pretty much do without the cloud and will get Windows 10 when I get assurance that I can get the professional version. I'll just opt out of all the "services." Maybe this year I'll buy a Surface Pro with it preinstalled when I'm convinced it's better than my Series 7 Slate (which has been amazing).

I think they are probably vague not because they want to mess with people's data but because there are certain instances where they might need to use it and don't want to be accused of taking data they didn't say they were going to use. For example, Microsoft has one of the biggest and most sophisticated operations regarding malware because users opt to send data to Microsoft when a program crashes. In fact, in some cases, some antivirus and malware makers have been detected because they crashed their own systems during the creation of root kit attacks and the numbskulls sent the crash report to Microsoft and they were able to determine the source.

Imagine, for instance, if a person's machine has been compromised by malware (this can happen by merely visiting some sites) and it becomes a zombie being used to generate spam or some other malicious activity. Between the ISP and Microsoft, both want to determine what's going on with that machine with or without the user's permission because it's not only using the ISP's bandwidth maliciously but the OS is compromised. There may be some information that gets shipped from the user computer that lands in the hands of Microsoft because of this kind of problem and Microsoft is going to need to act on it. They may not need the user's data but they also don't want to be sued because thair TOS didn't cover them getting information even if it wasn't them taking that data so much as the zombie computer doing weird stuff. I can think of a number of similar scenarios.

I'm not naive but I also know how this Cloud business works. It really hurt the bottom line of the major Cloud providers when it was revealed what the NSA was up to in the Snowden leaks. Their business requires trust of their customers. This is why you see the U.S. Government going after Apple and Google and others right now because they're refusing to just give the government an easy backdoor to user data. They're global companies and can't afford to be seen as a tool of the government.

I'm not trying to talk you in to the whole thing but I'm just expressing why I grant OneDrive a modicum of trust. Yes, your Surface will come with some services built in but you can configure what kind of information you're willing to share with Microsoft and its 3rd party providers. You can also configure OneDrive as to what you put into the Cloud. I personally love OneDrive because I pay for Office 365 (Military Appreciation) and get 1 TB of Cloud storage. It also interacts very well with Office 2013 in terms of picking up where you left off on documents across multiple computers as well as your Desktop, etc. It saves me a lot of manual syncing time.
Use Crashplan and Google Drive,
I use Crashplan as well to back up my data. I have about 2TB backed up that way. I have a home NAS that syncs to Crashplan. Thus, I have a local, durable storage solution for quick backup and recovery along with a more durable (but slower) backup in Crashplan. I have a 150Mbps internet connection but 2 TB takes a long time to download.
 
I have OneDrive as well. My issue is that I have all my personal folders subsumed in "Google Drive" and nesting "OneDrive" as a folder therein (or nesting Google Drive within OneDrive) causes all sorts of sync issues. The only way I get it to work is to copy all my personal folders to OneDrive, in effect, doubling the hard disk space used on my laptop. Accordingly, OneDrive is used just when I want to mirror a personal folder therein for various reasons.
 
Status
Not open for further replies.
Back
Top