BE Careful with Windows 10.

http://www.tomshardware.com/news/microsoft-windows-technical-preview-data,27816.html

portions of Microsoft's privacy policy, which indicates that the company is using a keylogger, among other methods, to obtain information about the software's performance. This is likely one of the reasons why Microsoft insists that Windows Technical Preview not be installed on computers that are used every day.

"When you acquire, install and use the Program, Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks," the privacy policy stated. "Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage."

Microsoft provided four examples, one of which clearly states that when entering text into any application, Microsoft may collect those typed characters. Why? So that the company can fine-tune the spell check and auto-complete features. Again, the Technical Preview is not ideal on machines used for everyday purposes unless users don't care about this "character collection."

Microsoft also revealed that when users open a file, the company collects information about the file, the program that opens the file and how long it takes to open said file. Microsoft claims that it uses this information to improve performance and more. Microsoft also collects information about programs that are installed -- including the device they are installed on -- and uses that information to determine and improve Windows 10's compatibility with those programs.

The company acknowledges that it may collect voice information if the customer uses voice input features, such as speech-to-text. This information will be used to improve speech processing, Microsoft revealed.

"Microsoft uses data we collect from the Program to operate, improve and personalize the Program and other Microsoft products and services," the privacy policy stated. "Some data is stored on your device and some data is transmitted to Microsoft. Microsoft shares some data with our partners to improve how their products and services work with Microsoft's products and services."

Hmmm,
Not another operating version !
Did you see Four Corners last night ?

Oh well, they will never bother to look at my emails, they would be bored stiff.
I gave up on Windows at XP, the only problem is the ATO refuses to make a Linux Etax.

Did not see 4 corners, will try to get a copy.

Microsoft and any American software or hardware company now can't be trusted, they have admitted to putting in back-doors at the request or orders of the US government.

Well if I start spouting pro neo-con, anti-Russian, conservative Christian ramblings here on OLO, then you know I have been using windows10.

I hate computers. It's the main reason why we're so fat these days, all our business is done sitting on our bums in front of a screen. It's been 5 years since I've actually walked into a bank. ASIO and the FBI know my every online move.

May May - If you have a newer model phone they also know where you are and where you have been, also they can turn on the mic so they can hear what you are saying in some phones and take photos if you have a camera in it.
Welcome to big brother.

Hi there PHILIP S...

Thank you for your most enlightening expose on the apparent risks associated with Windows 10.

Actually, we're considering up-grading from Windows 7 to 10 shortly, but your assessment of the latter has given us pause as to whether it's worthwhile or not ? Furthermore, I'm a complete dunce. A total dullard, a lifetime simpleton in fact, with all things, 'Computer'!

Is there any inherent problem, or risk for an ordinary, elderly mum 'n dad from adopting the Windows 10 package when it's ultimately released ? Thank you.

Hate to break it to you folks, but Microsoft have been doing this for years since windows 98. There's plenty of evidence across the net to support my statement if you care to look it up.

There's a very excellent alternative to Windows[TM] called, Linux Mint.

http://linuxmint.com/

You can download the iso image and try it without installing it and upsetting your current Windows installation. It contains every program you could ever want for free and is a very modern and capable operating system, give it a try!

@Bazz. Use Wine or Virtual Box on linux to run windows programs, simple!

o sung wu - It is possible the problem is only in the test version they have released the keylogger would be to evaluate it without customers having to tell microsoft what is working or not.

BUT it is also so bloated I tried it for a little while it has so many backuped files etc even keeps a copy of the installer on a little virtual partition it makes along with other things.
It is like buying a new car and in the boot they put a spare part of every item on the car and they put a trailer on the car with more spare parts in it.

About the released product that assessment can only be made when it is released and checked out, sorry can't give a definitive answer.

I now do not trust anything new from Microsoft who are in bed with the NSA.

Personally go with the old saying if it's not broken don't fix it.

Windows 7 is good and will be around for a while.

Raw Mustard,
I installed Wine and loaded a window program which loaded OK
but could get it to address the RS232 port.
I did not get around to fiddling with the wine config.
I will get back to it when I learn a bit more.

Cheers

Thank you very much PHILIP S. for your time and your sage advice; 'Windows 7 is good, and it'll be around for awhile'. I'm about as comfortable as I can be, with this Windows 7 programme. I only undertake some Emails, and do some purchasing through E bay, virtually nothing else. So if it's not broken...well, why should we bother !

Many thanks for that, and I do appreciate your time to respond to my enquiry. Cheers !

So don't use Windows Technical Preview?
They wont do this in the release version.

Nothing special about Windows 10. Microsoft have been able to do this for decades. And you sign your rights away simply by activating the software, which by definition indicates your acceptance of their EULA and its "privacy" statement.

This is from the Windows 7 version.

"Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the software; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."

(I just love the use of "good faith". Imagine what it would be like challenging their definition of "a good faith belief" in court. You would need tens of millions of dollars just to pay your lawyers for the pre-trial hearings.)

Two things you can do about it. The first is to find an alternative to installing Windows in the first place. Second is to find a team of talented and knowledgeable hackers to advise you on the latest techniques to avoid detection and surveillance. However, please be aware that in doing so you will be placed in the same category as terrorist organizations, who - necessarily - operate in this fashion. So don't be surprised if you get that three o'clock door knock.

Alternatively, you can accept the fact that yes, it is possible that someone might be looking over your shoulder each time you sit at your computer. And be comforted only by the fact that they would need to be pretty persistent in order to find anything remotely interesting.

A question:

Does the Microsoft EULA or privacy-statement allow them to spy on other computers in your local network?

Would it be safe to keep Microsoft only for those things it can do uniquely (such as E-tax and certain games) while keeping most work on Unix/Linux?

See my response to Bazz, Yuyutsu.
You can run a virtual machine (there are a few to choose from, I use Virtual Box) inside of linux which allows you to run windows inside of linux just as you would run any linux program. Once you start the virtual machine, you have a fully functional windows install running which can then run any windows program.

The beauty of this setup is, you can run both systems concurrently but both systems are independent of each other, not effecting each other if one, predominantly windows gets a virus or Trojan or something. Also your windows running in the virtual machine does not have access to your personal files which reside on the linux side of things, unless of course you give it access.

Well Yuyutsu, it is not an easy question to answer.
I think once they are into your machine they can do everything that you would do
such as download files from other networked computers.
Etax can be run as Rawmustard said under a Linux program called wine.
The ATO states that on their etax page so they must have tried it.
I only use the virus, malware and firewall protection that comes with Debian Linux.
I do have a scanner program that runs once a day and I have never had a virus etc
since I started with Linux about 8 years ago.
The main reason for this is that the operating system area and other users areas are password protected.
So even if you leave your password lying around a villain can only get at your area.
There are Linux viruses but I have never had one.

You get the normal office suites, word processors, spreadsheets, presentation, etc etc
and they cost nothing. Firefox for browsing and Thunderbird is for email.
There are hundreds of other programs that can be downloaded from the Debian software sites.
Other varieties of Linux are very popular such as Unbuntu and Mint etc etc.
I have tried both those and they are good, but I am used to Debian so I stuck with it.
You can download the disk 1 burn it onto a CD and run it without affecting your windows, a suck it and see operation.
The Linux magazines usually have such discs on their covers.

Linux safe Guess again.

https://wikileaks.org/spyfiles4/

Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others.

FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.

Since the first SpyFiles release, researchers published reports that identified the presence of FinFisher products in countries around the world and documented its use against journalists, activists and political dissidents.

Julian Assange, WikiLeaks Editor in Chief said: "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers."

FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite responsible for collecting the data acquired from the infected victims and delivering it to their controllers. It is commonly deployed by FinFisher's customers in strategic points around the world to route the collected data through an anonymizing chain, in order to disguise the identity of its operators and the real location of the final storage, which is instead operated by the FinSpy Master.

Yuyutsu, - The EULA is irrelevant, the NSA or police, ASIO whoever do not care the US Government (you can bet they all do it) have been using the telecommunication providers to spy on people for years they even had to go to the extraordinary step of indemnifying them from any legal action made by citizens.

The NSA even went to the extreme of intercepting computers bought by people and organizations and installing bugs in them before delivery.

I'm not sure you fully understand what is going on here, Philip S.

>>Linux safe Guess again.<<

The only method by which FinFisher can install itself on your Linux machine is by pretending it is something else, and inviting you - the user - to install it for them. This is in stark contrast to Windows systems, where there are many different ways to insert an exploit of this kind.

FinFisher itself is actually a piece of commercially available software that you can buy and install yourself. If you have the patience, you can browse through its entire capabilities, conveniently gather together by Wikileaks here:

https://wikileaks.org/spyfiles/list/tags/gamma-finfisher-trojan.html

I downloaded the FinSpy 3.0 User Manual, and their "Tactical IT Intrusion Portfolio" brochure. Interesting reading as a starting point.

You can protect yourself against spyware in the normal way (by installing anti-spyware software) and by being normally vigilant as to what you expose your system to - i.e., be careful whom you trust. Here's one method that users of FinFisher have employed...

https://blog.mozilla.org/blog/2013/04/30/protecting-our-brand-from-a-global-spyware-provider/

Be alert. But not alarmed. Unless of course you have installed Windows, in which case you are beyond help, and deserve everything you get.

It's a typical windows user response, Pericles. They have no idea how linux works and naturally assume it's like windows.

Linux users have no need to scour the internet for software, sometimes from dodgy websites claiming to be their saviours. They only need to install software via their package management tool which provides software from their disto provider which have been vetted for nasties, all free(in all meanings of the word) of course.

I don't even know how one could get spyware or viruses in linux if they only install packages from their distro provider which is all that's necessary. Debian based distro's have over a 100 thousand software packages to choose from, That's kept me more than satisfied in the software department and I use my system for a lot of things most normal users wouldn't even dream about.

I went to the wikileaks web site that pericles gave and read the brochure and the specifications.
Very interesting.
Nowhere did it indicate that their software could be installed on the target m/c remotely.
Even the brochure on the first page gave me the suspicion that their software
was installable via memory sticks. That was how Stuckfx was installed in Iran.

I could be wrong there as we know windows m/c are weak in outside intrusion.
Even if they got it in with Linux, I think I can see a way to prevent any unauthorised
connection being made.
Not going to say it here, but it is possible I think.
Anyway very interesting.

Quite alot of exploits on Windows are done via 3rd party apps like Java and Adobe, Windows can be made just as secure as Linux (EMET for windows, similar to SELinux) but most don't for convenience. In saying that, attacks on Windows machines does more damage as the userbase is so much bigger.

I use Windows and I have never caught a virus or spyware. My antivirus does pickup phishing emails daily though. Its the same for all OSes, if the email looks suspicious, don't open it and don't download illegal SW.

I tried to migrate to Linux, used Gentoo for about half a year but I reverted back. There are a few industry specific programs I use that only runs on Windows and I found that I logged onto Linux to fire up the windows virtual machine! But if you just surf the net, type emails and a few word docs, Linux is an ideal as its free.

Folks,

Rest easy because your privacy only exists if it's uninteresting and someone has been in there and deemed your computer and web traffic to be so.

I recently had a few computer problems so rang the son of an American friend, the son works in the industry.

I told him the problems, he replied to me to not touch my mouse and to
ignore what my arrow was doing.

Next thing my computer went haywire as the arrow flew all over the place and the screen went berserk as he searched my files.

Then he said "There you are, all fixed."
I said that he was very quick but he told me that the first few moves were him but the rest was a program.

Now if one guy in a small company has access to gear like that then what do the big players have?

I wonder will the Government take note of my playing 'Solitaire'?

< Now if one guy in a small company has access to gear like that then what do the big players have? >

That's standard fare on most computer systems these days, Is Mise.
On Windows it's called Remote desktop. On linux we have several ways of doing it, Remote Desktop, X Forwarding, ssh, and vnc. Your own computer can do if you know how to use it!

Thank you for all the answers!

I want to narrow down my question:

From a technical point of view, obviously malware can go a long way into breaking into other computers over the relatively-relaxed security of the local network.

But assuming that no other malware is installed apart from Windows itself: does the EULA allow it to break into neighbouring Linux computers which trust the local network (for example by allowing FTP access via "/etc/hosts.allow" to the whole Class-C LAN)?

Thanks RawMustard, as I said

"Rest easy because your privacy only exists if it's uninteresting and someone has been in there and deemed your computer and web traffic to be so."

Yuyutsu - EULA is End User License Agreement, viruses, hackers etc do not take any notice of it.

Correct me if I am wrong but I think your question would be can a virus, trogan or such go from 1 computer to others on a network.

The answer would be it depends on how the other computers were setup with regard to security of accepting programs etc starting without the current users allowing them to.

All the settings being secure (especially on windows)does not guarantee you will be okay because someone could find a weakness in the system that was unknown before. That is why antivirus programs are updating them self so often.

As someone said before Linux is less of a target for hackers etc (not the NSA if they want to target you) than Windows

Hope that answers your question.

There are a number of programs people can use to be probably around 95% safe.

I use Acronis true image - you can make a backup of your computer now exactly as it is (can also make incremental backups after changes) if you get a virus etc you just restore it back to the time of the backup. There are a few programs similar but I like that one easy to use.

I do not recommend windows "system restore" by itself for little problems it is okay but any good virus maker can mess it up.

You can also use sandboxie and run the programs in it then delete all the changes made (there are some viruses that can beat this system but not many at the moment)

Also there is a program Shadow Defender it can be on when you start your computer or you can turn it on when you want, just turn it on when you restart your computer any changes made to a partition you want protected are gone.

There are also quite a number of other programs that do similar things to the above.

Missed out I do not trust windows firewall.

Dear Philip,

<<Yuyutsu - EULA is End User License Agreement, viruses, hackers etc do not take any notice of it.>>

My question was specific about Microsoft, not about viruses and hackers:

Assume that the only software installed on the computer is Windows and a few selected and trusted applications (such as E-tax). Further assume that no browsing, mail or messaging occurs on that computer (since that's how malware arrives):

My question is whether the EULA allows Microsoft to LEGALLY spy on the other computers (running Linux) on my local network.

Yuyutsu - For a released operating system like windows 7 - XP etc it would be commercial suicide for them to say we reserve the right to spy on you in the EULA or even hint at it.

I have not fully read the EULA so cannot answer categorically, but that is not something they would put in the EULA if they did it would not take long for someone to notice and it be reported. But Microsoft and others work with the NSA and others so they could easily put something in for them.

For a released operating system like windows 7 - XP etc it would be commercial suicide for them to say we reserve the right to spy on you in the EULA or even hint at it.

As various leaks by Snowden and others have shown most American companies bend over backwards to accommodate the NSA.

Thank you Philip!

Of course the NSA is a different story. I suppose they wouldn't need to use Windows to spy on Linux - they probably can do it directly.

Actually Yuyutsu, they probably use Linux or its antecedent Unix.
Reading the specs on the Spy software I suspect that it has to be loaded by putting a
usb stick into a m/c on the network, or trick someone into opening a trojan.
Either that or a backdoor is provided by Microsoft for agency entry.
With Linux, the source code is public and many people go pouring over it.
If a backdoor was provided it would be noticed fairly soon.

I don't have any special knowledge here, so I cannot make definitive statements.

Dear Bazz,

I doubt that people actually read the Linux source-code nowadays as it gets longer and longer and more boring and obfuscated than ever.

Also, it's hard to verify that the binaries you run, which were provided by some giant distribution, are actually derived from the sources uncontaminated. Yes, you could check and compile everything yourself, then assemble all the different pieces into a functional operating-system - but who does?

It looks like they are spying on everything.

http://www.dailymail.co.uk/news/article-2789638/how-plod-spy-phone-just-three-clicks-officers-access-mobile-phone-internet-firms-mainframes.html

How 'Plod' can spy on YOUR phone...in just three clicks: Officers can access mobile phone and internet firms' mainframes

Every police force HQ has access to Vodafone, Three and EE mainframes
There they can retrieve confidential data from any number within minutes
Useful for for foiling terrorists but police are using the method far too often
The three easy steps to accessing people's numbers are illustrated below (follow link to see)

At the headquarters of every police force in Britain is a small office called the ‘Telecoms Intelligence Unit’ (TIU).

There, police officers can log in directly to the mainframe computers of three of four big mobile phone companies – Vodafone, Three and EE – as well as BT and internet service providers.

EE comprises the former networks Orange and T-Mobile, whose police interface was called Plod – an acronym for Police Liaison On-screen Database.

Armed with the required usernames and passwords, in a few keystrokes the officers can retrieve confidential data from anyone’s telephone or computer use within minutes.

Such swift access can save lives by finding an armed criminal on the run, or help track a terrorist before he strikes – but critics believe the ease with which police can access such information has led them to do so far more often than they should.

All it takes is a couple of senior officers within the force to sign off the request and any officer can have those details on his screen.

IF the poms are doing it you can bet Australia is doing it.