Windows 10 (1)

Executive Summary: Microsoft should hire a team to document and explain the Windows 10 operating system for customers that care about security and privacy.

Three of my graduate students are starting on a team project that takes a month. I wrote an assignment that uses the Mac firewall, Little Snitch. None of them had a Mac. So I went to Costco and bought a Windows 10 HP Envy 360. I have not used Windows for two years, (my Windows laptops tend to die at about year 3 and I just did not replace it).

I am going to use the comment fields for the gory details as the project continues, but here is some information about the first two days. The HP PC itself is OK, screen resolution is 1080p and the keyboard feel is fine. The mouse pad is a bit rough. I have only used it in laptop mode so far. Tablet is not in the scope of the project.

12/6/15
Powered the box on. It asked some questions. The setting I chose is in capital letters.

OFF. Personalize by sending contacts, calendar details, along with other associated input data to Microsoft
OFF. Send typing and linking data to Microsoft
OFF. Let apps use your advertising ID for experience across apps
OFF. Location, let Windows and apps request your location including location history and send Microsoft and trusted partners some location data to improve location services

Note: All of these settings are on by default if you select express install.

ON. SmartScreen, (malware protection)
OFF. Page prediction
OFF. Automatically connect to suggested open hotspots
OFF. Error and diagnostic information to Microsoft. As we will soon see even though the PC is set off, information is still being sent.

At this point the computer restarted.

The next screen asked me to sign in to my Microsoft account, skipped that step.

Next it asked me to register with HP, skipped that step.

First time I ran Edge, (browser), it wanted me to set up Curtana, (personal assistant), skipped. Using Edge, I downloaded Chrome. Note: I always use multiple browsers, since each browser has a unique fingerprint.

Chrome wanted to be default browser. Denied.

Download Firefox, added NoScript, set as default browser. Note: this setting is not sticking for some reason. Will look into it later.

Unpin Trip Advisor from task bar. Note: at some point need to find and delete that.

Windows firewall is not running, protecting is being supplied by a free one year subscription to McAfee. Not sure what the logic is here, but we will go with it for now.

Found McAfee logo on the desktop. I Clicked on navigation > Firewall > Traffic Controller. It was set for Smart Access (Recommended). There are two other interesting settings Monitored access and stealth. I will try stealth, Hide my PC from others. Let me decide whether unknown programs can connect to the Internet.

Under PC Settings Privacy there is a setting about letting websites access my language list, it is currently on, turning it OFF.

There is also a setting/link at the bottom of the page that takes you choice.microsoft.com for personalized adds, (I assume when using Edge). It was ON, turned it OFF. See RANT in next paragraph.

There was a link called Digital Advertising Alliance. It said 8 companies were customizing ads for my browser. I tried to opt out and it succeeded with seven of them. I retested and now it says there are 4. Opted out again, 3 said successful. Went back and there were 27 hmmm. RANT and an APOLOGY: In a NewsBites comment a couple months ago I suggested the Digital Advertising Alliance was a step forward. I was wrong. Both Microsoft and the DAA use cookies AND 3rd party cookies to support what they are doing. This puts me in worse shape than I was before.

According to the Control Panel, I have 46 programs installed, one of them is Adobe Shockwave, uninstalled.

Downloaded Secunia PSI scored 83, box needs some work in the manual update department.

McAffe firewall reported SIH is trying to access Internet. 1sih is for "Silent Install Helper". It starts background installation of Windows updates, as planned in advanced update options. I set firewall to Allow Once.

Ran Qualys Browser check on chrome, it says Adobe Flash is up to date.

Firewall reported Microsoft Malicious Software Removal Tool wanted to access the internet, Allow Once.

An address apparently belonging to secunia 91.198.117.181 apparently tried to connect to my pc which means the wireless access point may not be acting as a firewall various ports 54145, 54127 etc. Note: need to look into that.

Control Panel > System and Security > Administrative Tools View event logs > Windows logs shows Application, Security, Setup, System, Forwarded Events. It is as inscrutable as ever. I peeked at the Application log, there was a warning about a COM exception, when I clicked on Event Log Online Help it said it needed to send the information across the Internet. I declined. Faulty application is HP Active Health. I did use Filter Current Log to check for any critical status warnings. None found.

12/7/15
McAfee firewall detected Runtime Broker trying to get to the Internet, set for Allow Always, it manages Metro apps.
https://www.groovypost.com/howto/runtimebroker-exe-process-windows-8-running/

Install Agent asked to access the Internet, set Allow Once, it will be interesting to see how often this happens. It isn't evil, but it isn't all good either.
https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/windows-10-installagentexe/1ffb7a42-1cd8-4cf5-bdf7-1b01fbb3f79b

Task Host Process wants to access Internet, Allow always.

Browser_Broker wants to access the Internet. According to McAfee, it was allowed once, but the program has changed. I do not need Edge, Block.

Summary: Even though I am trying to minimize my footprint, the applications  continue to want to phone home and report in. It is not clear what they all do or what they are reporting.