How Windows 10 Tackles Enterprise Privacy

Posted on by RSAC Contributor

This post comes from Bogdan Botezatu, a security researcher with BitDefender. 

With Microsoft releasing the new Windows 10, privacy concerns came up while some of the new “telemetry” features were showcased. For consumers, this telemetry opt-in when you install can be summed up as an “improving customer satisfaction” feature. Windows OS #rsac

Still “Basic” Privacy for Windows 10 Users
While all information is encrypted in transit to Microsoft servers, they also say they’re looking at it from three perspectives: safety and reliability, data personalization, and advertising data. And they are extremely clear that “neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising,” according to Terry Myerson, Executive Vice President at Microsoft.

They boast that “no other company is more committed, more transparent and listening harder to customers” when it comes to privacy, although users can only adjust the feedback and diagnostic reporting tools to Basic when configuring Windows 10.

Privacy versus security and reliability
In Basic mode, consumer-oriented SKUs of Windows 10 will automatically send crash reports to Microsoft. Crash reports often contain memory dumps, and the dumped memory can contain anything from process code to user data (the contents of opened documents, passwords and so on). However, crash reports are paramount in solving extremely serious issues such as the one described in this beautiful read by Microsoft’s John Lambert

All-Privacy Windows 10 Enterprise and Education
As mentioned, the Windows 10 services for telemetry are enabled by default, and that has stirred some concern for enterprises not keen on sharing this type of information. Because of this, Microsoft has announced that Windows 10 Enterprise and Education will enable IT administrators to completely disable any telemetry services when setting up the OS.

Many have stressed the legal implications associated with collecting such information from companies, especially since previous versions of the operating system did not require it. This ability will stop Windows 10 from phoning home and sending any type of information, including information about the device being used, data from crashed applications, and anonymous device IDs.

Because businesses want a completely locked down OS, as in previous Windows versions, Microsoft has agreed to issue an update this year to tackle the problem and allow them to disable all telemetry services.

Privacy as a Commodity
Some Windows 10 features, such as Cortana, might require personal information to function properly, likely worrying those who are paranoid about privacy. However, users have some control in shutting down such telemetry services while retaining many of the functionalities and features that Windows 10 packs.

For the corporate world, completely disabling telemetry services is a mandatory feature, as the risk of exposing corporate data is far more significant. It is still unclear how disabling this feature will affect the overall performance of Windows 10 in these environments, but it’s obvious that companies are prepared to drop some OS features in favor of privacy.

It would seem that some privacy aspects have become a commodity traded for improved user experience, at least for the average consumer. This holds true not just in this case, but also with ad-displaying mobile applications and even browsing.

RSAC Contributor

, RSA Conference

More Related To This

Share With Your Community