Windows 10: How to protect yourself if given one as a "Gift?"

There have been lists and lists about the M$ KB files to watch out for, but has anyone yet compiled a list of WHAT to do if you're given one as a gift, or want it for some other reason, but NOT with all the bad stuff it comes with?

Assume you get a Win 10 box as a "gift," likely from someone out to harm you, :) WHAT do you DO after first turning it on? What are all the things you should disable?

I would assume you should NOT allow it to connect to the net, lest you get more junk rammed down your throat? You may have to switch off your home wi-fi prior to booting the Win 10 box? It may start off downloading w/o you knowing? I don't know; I'm just asking.

How do you deal with this? Can anyone document, step by step, WHAT to do with a new Win 10 box?

Initially, don't connect it to the web. Boot it in safe mode and run an AV, then an anti-malware scan from a thumb drive. Use a well known AV brand (I also use a secondary AV --> ClamWin)

Then you'll need to spend time for research.
Here are some articles that I've come across. Some may have been posted in these fora previously.

> Windows 10 PC’s phone home even after privacy hardening
> How to disable Windows Feedback on Windows 10
> Comparison of Windows 10 Privacy tools --- *This will most benefit you

> Want to protect your privacy in Windows 10? Get this free tool.
> Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data
--- excerpt from the section "Where is telemetry data stored?"
"On a Windows 10 PC, telemetry data is stored in encrypted files in the hidden %ProgramData%\Microsoft\Diagnosis folder. The files and folders in this location are not accessible to normal users and have permissions that make it difficult to snoop in them. Even if you could look into the contents of those files, there's nothing to see, because the data files are encrypted locally."

> How to block Windows 10 upgrades on your business network (and at home, too)
> How to stop Windows 10 "spying" on you
--- from the author
"It's a one-click solution (along with an undo button in case things don't go as you planned) from a known developer that's been in the privacy business since 2000. And there's no adware! I've tested this tool on a number of systems and it seems to do what it says it does on the tin, and nothing more."

> Windows 10 Privacy: Step by step --- *Provides actual Win10 screen prints on how to 'lockdown' Win10

These are just a few from those that I've spotted.

Do you allow it to access the net before you take certain steps? This is a REAL situation that can happen and I think others, besides me, would be interested in knowing HOW to 'set it up?' I sure would. :)

The sad truth(as currently understood)is that if you have Window$ 10 installed on your device, there is no way to prevent the 'spy' features. On first boot, by accepting the EULA, you have ceded the ownership of your files(and your private life)to M$.

Furthermore, as has been posted previously, manufacturers of PC's and their components have joined with M$ in an agreement to make Win10 the platform for which all future development will be centered around. The most disturbing part about this agreement to me is the CPU manufacturer's plans to make all future bios upgrades to only be done through Win10, even if you are running a Linux OS.

Being a Conservative and a Rational Anarchist, it makes me nauseous to suggest the only 'cure' for this privacy piracy is through Government intervention............wow, that leaves a bad taste in my mouth......":(<

Oh gosh, I thought maybe a new Win 10 machine would give you the opportunity to choose to do a "default" first time setup of the install, which includes all the junk, OR would give you the opportunity to do a "custom" first time setup of the install?" I guess not, huh? Oh poop!

If you buy a PC at a store like 'Best Buy' you have to accept the fact that ALL choices have been made for YOU by the person who installed the OS? The same if you buy on-line, like from a place like 'Tiger Direct.' The choices they make are the ones desired by M$ and YOU are stuck.

I guess the only way you get to do a "custom install" to eliminate the junk is to buy a new machine w/o an OS on it. Then, if you really want Win 10, perhaps you're given the opportunity at THAT time to choose to do a "custom" install? Then, after that, you must not allow M$ to make any up-dates. A sad thing.

What you mention, i.e., "manufacturers of PC's and their components have joined with M$ in an agreement to make Win10 the platform for which all future development will be centered around." This is AWFUL. Our choices are being taken away! Does that mean that Linux and Apple PC's will also be taken over by M$? Geez.

Thank you and the other gentlemen here for your thoughts and kind help! :)

---

River Song (aka Linda Latte on planet Earth)
"Happy I-Phone girl on the GO GO GO"

Speaking of all the phone home spy stuff, does anyone have a list of the IP's and/or domain names that are used for the phone home? Thinking the simple answer is to block those with a hardware firewall.

---

Oh gee whillikers you guys! You and Martin should win 'Joker of the Year' awards. So funny! The 'Faraday Cage' bit caused me to ROFL. <giggles>

Want anyone who handles your credit card, social security numbers, tax returns, health records ... to not think like that?

---

Speaking of all the phone home spy stuff, does anyone have a list of the IP's and/or domain names that are used for the phone home? Thinking the simple answer is to block those with a hardware firewall.

I think that somebody else brought that up but the problem is that you have NO control over updates so anytime M$ wants they can send out an update that tells your computer to use different IP's or domains to keep on STEALING your private info and data.

---

ME AND MY BOY LOOKING FOR ET

Speaking of all the phone home spy stuff, does anyone have a list of the IP's and/or domain names that are used for the phone home? Thinking the simple answer is to block those with a hardware firewall.

I think that somebody else brought that up but the problem is that you have NO control over updates so anytime M$ wants they can send out an update that tells your computer to use different IP's or domains to keep on STEALING your private info and data.

They do change regularly, probably when it's not 'phoning home' like a good clone. I installed SpyBot AntiBeacon several months ago and about once a week I receive a notice on bootup that the hosts file has been changed by SpyBot (in response to IP's being changed in the file?). Also the Windows Diagnostic tool has become pretty much useless(but it wasn't very useful prior to blocking).

---

"Sour Grapes make a bitter Whine." <(0)>

Speaking of all the phone home spy stuff, does anyone have a list of the IP's and/or domain names that are used for the phone home? Thinking the simple answer is to block those with a hardware firewall.

I don't know how much of this list has changed since it was posted (I'm pretty sure in this thread) waaaaaaay back in August.

http://pastebin.com/N7wJLngB

It doesn't have the real IPs, but it has the domain names, which can be turned back into IPs with an nslookup. Personally, in a HOSTS file, I use 0.0.0.0 rather than loopback.

Blocking all of those might break a few things as collateral damage though. So.. use with caution.

But there was another issue that was raised (also in this thread) whereby even if you block the DNS lookups for stuff... things STILL get through, because they are hard-coded in the DLLs and so forth to use specific IPs without needing to be looked-up. Someone tested that by not setting a DNS entry on their machine and they were still able to get communication to Windows Update and a lot of the Cortana stuff.

---

Linux laptop:
record uptime: 1511d 20h 19m (ended due to the power brick giving-up)

But there was another issue that was raised (also in this thread) whereby even if you block the DNS lookups for stuff... things STILL get through, because they are hard-coded in the DLLs and so forth to use specific IPs without needing to be looked-up. Someone tested that by not setting a DNS entry on their machine and they were still able to get communication to Windows Update and a lot of the Cortana stuff.

Yep, which is why you don't block with a hosts file, but with a hardware firewall based on IP, which will work with all the computers behind it.

---

Speaking of all the phone home spy stuff, does anyone have a list of the IP's and/or domain names that are used for the phone home? Thinking the simple answer is to block those with a hardware firewall.

Just for grins, at the time of the August post I tried to determine how many IP addresses were registered to MS from pages such as http://ipinfo.io/AS8075 and came up with over 8 million IP addresses after plugging all that I found into a spreadsheet - and I am sure I did not find all of them. Some of them I think have been given/loaned to CDNs, perhaps for updates, because the reverse DNS lookups show they are currently used by the likes of Akamai. In any case, at that point I figured I would have to know specifically what IP addresses were being used as I was certainly not going to be able to block all of MS's ip addresses. ;)

Speaking of all the phone home spy stuff, does anyone have a list of the IP's and/or domain names that are used for the phone home? Thinking the simple answer is to block those with a hardware firewall.

Click on the first link in the list of articles in my previous reply to Linda Latte. The first paragraph beneath the table in the article contains two links. The second link is a downloadable .txt file of the first link.

bon apetit

EDIT:
Just discovered that Disable Win Tracking from the list within Comparison of Windows 10 Privacy tools is no longer being developed. As an alternative, you may want to consider BetterPrivacy. Info from the aforementioned .txt file can be inputted into this tool.

According to the developer:
"With this script you can do the following to improve your privacy on Windows 10 computers:

* Disable services
* Remove apps
* Block telemetry domains
* Block telemetry IPs
* Change general privacy settings"

The site provides a screen print.

But there was another issue that was raised (also in this thread) whereby even if you block the DNS lookups for stuff... things STILL get through, because they are hard-coded in the DLLs and so forth to use specific IPs without needing to be looked-up. Someone tested that by not setting a DNS entry on their machine and they were still able to get communication to Windows Update and a lot of the Cortana stuff.

Yep, which is why you don't block with a hosts file, but with a hardware firewall based on IP, which will work with all the computers behind it.

Over the years I have added IPs to my router to block. So far I have these all in my block list.
64.34.0.0 ~ 64.34.255.255
64.94.107.0 ~ 64.94.107.255
74.125.45.100 ~ 74.125.45.100
74.125.226.254 ~ 74.125.226.254
84.19.171.6 ~ 84.19.171.6
173.194.43.28 ~ 173.194.43.28
195.50.191.14 ~ 195.50.191.14
200.0.0.0 ~ 200.255.255.255
202.97.192.0 ~ 202.97.255.255
211.73.192.0 ~ 211.73.223.255
216.157.0.0 ~ 216.157.255.255
216.73.93.8 ~ 216.73.93.8
218.0.0.0 ~ 218.255.255.255
221.0.0.0 ~ 221.255.255.255

I don't recall what most of them are, and recently I found I'm going to have to start making an IPv6 list as well.

---

SETI@home classic workunits: 93,865 CPU time: 863,447 hours
Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[

I posted here at the first part of January that I had succumbed to the siren call of Smartphones and purchased a Windows Phone, careful to pick V8.1. Being new to the service which allows 3Gb of data with my plan level, I've been an extreme data miser, checking usage weekly.

I noticed that between 7:30 and 8:30 each morning there was a connection with between .4 and 1.2 Mb of data being transferred, without my input. I surmise this is the 'phone home' protocol at work. As I'm coming from a 2001 flip phone I'm still learning how to just make and answer calls so I haven't had time to delve further into it, but so far my phone hasn't 'auto upgraded' to v 10.

---

"Sour Grapes make a bitter Whine." <(0)>

But there was another issue that was raised (also in this thread) whereby even if you block the DNS lookups for stuff... things STILL get through, because they are hard-coded in the DLLs and so forth to use specific IPs without needing to be looked-up. Someone tested that by not setting a DNS entry on their machine and they were still able to get communication to Windows Update and a lot of the Cortana stuff.

Yep, which is why you don't block with a hosts file, but with a hardware firewall based on IP, which will work with all the computers behind it.

Over the years I have added IPs to my router to block. So far I have these all in my block list. ...

Almost pointless now since Microsoft uses the services of Akamai, as do many other service delivery systems...


My experience of Microsoft (and some others) are that they appear to have contrived to make firewalling of their nefariousness almost impossible. Or at least extremely painful.


Do we all give up and die to be chopped up as dead meat?

HELL NO!


There are far better alternatives.

IT is what we allow it to be...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

But there was another issue that was raised (also in this thread) whereby even if you block the DNS lookups for stuff... things STILL get through, because they are hard-coded in the DLLs and so forth to use specific IPs without needing to be looked-up. Someone tested that by not setting a DNS entry on their machine and they were still able to get communication to Windows Update and a lot of the Cortana stuff.

Yep, which is why you don't block with a hosts file, but with a hardware firewall based on IP, which will work with all the computers behind it.

Over the years I have added IPs to my router to block. So far I have these all in my block list. ...

Almost pointless now since Microsoft uses the services of Akamai, as do many other service delivery systems...


My experience of Microsoft (and some others) are that they appear to have contrived to make firewalling of their nefariousness almost impossible. Or at least extremely painful.


Do we all give up and die to be chopped up as dead meat?

HELL NO!


There are far better alternatives.

IT is what we allow it to be...
Martin

Yeah, MAC OS X!!!!! :-)


Tl

---

TimeLord04
Have TARDIS, will travel...
Come along K-9!
Join Calm Chaos

More meddling by Micro$haft to users computers running Windows 10:

Windows 10 Updates Are Deleting Some Apps Without Notifying Users

If you’ve applied a major update to Windows 10 recently, you might notice that a couple of your apps have gone missing. It’s not a bug. Windows 10 is removing apps it considers incompatible or outdated.

---snip---

It’s unclear why Windows is doing this right now. While the primary theory is that the upgrade is removing outdated apps and drivers, Microsoft hasn’t officially commented on the reasoning behind it. For now, if you want your apps back, you’ll have to reinstall them manually. Check out the How-To Geek’s post for more details on how to potentially recover your files as well.

Windows 10 May Delete Your Programs Without Asking

---

More meddling by Micro$haft to users computers running Windows 10:

Windows 10 Updates Are Deleting Some Apps Without Notifying Users

If you’ve applied a major update to Windows 10 recently, you might notice that a couple of your apps have gone missing. It’s not a bug. Windows 10 is removing apps it considers incompatible or outdated.

---snip---

It’s unclear why Windows is doing this right now. While the primary theory is that the upgrade is removing outdated apps and drivers, Microsoft hasn’t officially commented on the reasoning behind it. For now, if you want your apps back, you’ll have to reinstall them manually. Check out the How-To Geek’s post for more details on how to potentially recover your files as well.

Windows 10 May Delete Your Programs Without Asking

Greetings Dr.,

Logic dictates that if this were on the up-and-up, Micro$oft would just answer when they are questioned about these 'nefarious' events. If Micro$oft was on the up-and-up, they would have the update utility note what programs have been removed and why. Because that logic is not being followed, in my opinion anyway, this just smacks of Micro$oft doing it's best to steal every PC they can get Window$ 10 installed on.

I predict that if Micro$oft is allowed to continue as they are, within a decade NO ONE will ever own a PC ever again, unless Linux becomes users OS of choice. "Choice", now there's something that Micro$oft is removing from all who are running Window$.

Keep on BOINCing...! :)

---

CAPT Siran d'Vel'nahr - L L & P _\\//
Winders 11 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath

Last night some Win 10 updates were available, so i installed them. Only one worked, and Windows said the other failed, and reversed it. It had to reboot several times before I finally could log on. In the process, it decided that my pdf viewer should be Edge, instead of Adobe Reader. I knew the latest Adobe Reader version had problems with another program I had, so I removed the latest, and installed the previous version, before the cloud system. I tried the failed update again, and the same thing happened. After numerous reboots, I logged on, and resumed crunching.

That was a real pain in the butt, and I wonder what will happen now that my system refuses to install these updates.

Steve

---

Warning, addicted to SETI crunching!
Crunching as a member of GPU Users Group.
GPUUG Website

13 days ago I last used the laptop with Windows 10 on it. Since I need to use it again tomorrow, I thought I'll allow it to update itself. It's been doing that, and only that, since noon. It's almost 7pm here and it's still doing Windows Update. Yeah, a marvel of engineering that Windows 10, doesn't slow your stuff down at all, and those through your nose updates? Best we ever had.

---

Another interesting thought occurred to me regarding M$'s position regarding the EULA and ownership of files. Are they next going to claim that unique intellectual property such as songs, poetry, and scientific discovery, created while using a M$ O$, are also the property of M$ and not their creator?

I think there's some 'food for thought' there.

---

"Sour Grapes make a bitter Whine." <(0)>

Another interesting thought occurred to me regarding M$'s position regarding the EULA and ownership of files. Are they next going to claim that unique intellectual property such as songs, poetry, and scientific discovery, created while using a M$ O$, are also the property of M$ and not their creator?

I think there's some 'food for thought' there.

IIRC that became an issue many years ago, the mid-70's. Can't remember the full details of the case, but it involved some software that printed a copyright notice on every page, claiming the users data was theirs. Didn't go well for the software company. But if you "sign" a EULA that transfers ownership ...

---