Friday, August 7, 2015

Hidden Features of Windows 10 Install That You Should Worry About and Fix

There is a new "feature" in Windows 10 that you'll want to know abut (and fix) on Day One.  That's on top of the little security challenge noted in the previous post which notes a key action you will need to take before the roll-out happens.  If you haven't done it yet, please do so immediately.

A separate post addresses the actual roll-out experience, but the summary is: pretty painless.

What I want to let you know about today is a whole new security wrinkle you need to consider: the Windows 10 defaults.

Yup, that's a vulture sitting there, looking over your shoulder.

(Image: Audubon)

Let me say first, and not for the first time, that I am a Microsoftie at heart. And I trust the NSA with my information a heck of a lot more than I would trust the Washington Post (in case you are reading this, hi guys!)

Still, you can't help but be surprised by the default settings.  They go a long way to explain Rand Paul's apparent paranoia.  If someone really is watching your every move, are you really paranoid?

So, when the actual install cycles end and the system asks whether you want to customize: YES, you do!

Read the settings carefully. Your choices may be a bit more aggressive or cautious than mine for various reasons.

Here are the ones that jumped out at me:

In the basic Customization table, the key settings are almost the reverse of what I wanted.  I disabled:

  • Content and calculation details: no, Microsoft does not need to know that
  • Typing data: ditto
  • Advertiser information: no, thanks.  I get enough of that already.
  • Location (since this computer doesn't travel much and when it does I use the phone for "near me" sorts of things). Google seems to know the answer anyway; that's probably a whole other topic!
  • Page prediction. This one is not so much a security and privacy issue as it does cut down the background processing.  Yes, it probably would speed up the actual transition from on page to another but Verizon's FIOS service and (let's admit it)Windows 10 are pretty fast for most purposes.
  • Suggested hot-spots: more ads
  • Auto-connect to content-suggested networks: Really?  "Yes" by default?

That is 8 out of 10 that I chose to reverse.  What is left?

  • Smart scanning: protects against known or likely threats while in Windows browser: seems like a good idea, although I will likely not be using Windows Edge until all the sites that don't support Internet Explorer reverse themselves.
  • Send errors and diagnostics to Microsoft: sure, let them identify and fix problems. Of couse, I have no idea how much data gets sucked out of the machine when i doe that, and it may well undo all of the concerns noted above.  Oh, well.

After the customization appears, you will get an opportunity to go through the "Getting Started" page. At first I thought it did not work, but it came to life eventually.  Then I thought that the audio drivers has been killed, as the getting started videos were playing but without sound.  That too was restored after a bit.  I suspect that the system was busy finishing up some other tasks in background.

The system now advises that it includes several new applications:

  • Photos (the old Microsoft Office Photo Manager turned into a tile; actually this happened in Windows 8)
  • Music (I can't help you much here as I don't have much to do with music)
  • Microsoft Edge (new new name for the browser), and
  • Movies and TV (Windows Media Manager turned into a tablet app)

Since they are tablet-style applications, if you haven't had this pleasure before you'll have to get used to dragging them down and off the screen when you are done with them.  Yecch.  And it makes it quite hard to multitask with them, i.e to have them and another applications on the screen at the same time. There's probably a way to do that but frankly nothing about tile-world is intuitive to me and for the most part it disgusts me so much that I just don't use the apps.  There's a reason why I have a PC as well as a phone, which is specifically that I want to to be able to use information from more than one program at a time.  I assume that was also the reason hardly anybody liked Windows 8 either.

Once you've registered changes to your defaults and taken about 10 minutes to go through the Get Started set of tutorials (they are pretty lean, and more motivational than instructional, so it does not take long), you get a restart.

Up comes a nice new screen and to my surprise the system displays some customer screen-savers you may have saved earlier rather than the standard Windows displays.  Thus far, AVG Tune-up has not complained of the dag on system resources that those screen-savers cause.  When it does, Windows has some defaults available.

Also, fortunately, the Microsoft ID (the address you were forced to create is you bought a computer with Windows 8 on it) and the PIN you had to set up for Windows 8 still work.

Then the system will take another recycle for applications setup; this one is only about 5 minutes.

Once it has finished with that, you get the opportunity to do more customization and again you may want to do just that.

The next area with some security implications is the Notifications.

  • Tips about Windows: You may want to shift this to "on" for a while until you get the feel of your new toy.  You can get back to the notifications dialogue from the Start menu [did I tell you that as back?  Thank goodness it is.  Although you may want to consider re-installing your own, as the Windows 10 version still does not show Recent History].
  • Application notification: Of course yes. You should decide on this at the application level.
  • Notifications on the lock screen: The point of the lock is that you are away from the computer. Why show your notifications to anyone else?
  • Alarms, reminders and incoming VIP call while locked: same reasoning
  • Hide notifications while presenting: yes, that would be a good idea. You cannot rely on this, however, as I assume it only works if you have a projector plugged in, or perhaps if you are using PowerPoint.  So if you are doing a webinar-type event through a web service, it may or may not pick up on that. If you're going to share your desktop, you should assume that people will see what you have on your desktop.

There are other settings but they are pretty much the usual choices, with one exception: under Multi-tasking, there are "Virtual desktop" options for showing desktops other than yours.  Whether you want to do that or not depends on your situation, of course, but there is no provision for declining to show your desktop to anyone else.  Until I learn more about how this works (as usual, there is zero documentation for the system), I am going to assume that anyone in your connected work-group can see your desktop.  And of course the people in Redmond, if you did not turn off the customizations noted above!  And the NSA.  And the Chinese.  Well, heck, you might as well not worry about it.  Just stay off the porn sites.

That's about it from a security perspective - as far as I know!
Microsoft seems to have a bit better information as there has been a patch install daily so far. Presumably they are fixing holes.

Oh, yes: one more thing.  When all this is done, if you have not done so already, check the "hidden icons" tray.  It's in the status bar at the bottom-right of the screen.   If your antivirus of choice is not up and running, then you'll need to decide whether to adopt Windows Defender or go back and re-install your preferred flavor. Which is where the "key step" from before the install comes in.

As always, comments are welcome.

No comments:

Post a Comment