Microsoft → How Secure Is The Windows 10 Tech Preview?

Is it safe to do Internet Banking on it using I.E. 11 in the Tech Preview? Thanks.

See this topic in the security forum.
»Windows 10 preview lets Microsoft collect private data in frightening ways

Yes that. If this software wasn't called "Windows" it would be considered malware based on the information it collects and sends home.

I'm not for or against.

I just know this is alpha in my books, not even beta.
However even in beta in software, if you had traces running for bug collection, it was going to produce some logs of what you did.

Release is a whole new game though.

We could as someone said use a sniffer.
Has any topic, subject, question, query or anything relative produced a simple TCP trace?
Let's not go into ARP, UDP, DNS or any other relative section as yet.
I'm happy to see simple tcp logs first to prove the masses maybe worried.

Just asking.....

I treat it as safe.

Only with your money, and only if you're not really attached to it.

The tech preview should not be used in a production environment. No one knows what security holes are being introduced with Windows 10 and we won't know for some time.

Can you use it for banking, sure. Should you use it for banking, NO.

I'll probably end up putting into a VM.

Read this:

“If you open a file, we may collect information about the file, the application used to open the file, and how long it takes any use [of] it for purposes such as improving performance, or [if you] enter text, we may collect typed characters, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features,” Microsoft writes about this unexpected Windows 10 key-logging feature.

The answer is no in my opinion. They are logging your keystrokes. You would have to be crazy to do online banking in this environment. Frankly with this in mind, you basically shouldn't do anything that involves a password or transmission of any personal information. The security of the web site is irrelevant if they are intercepting your keystrokes. You are far more secure using Windows XP. This preview is fun to play with, but you shouldn't be using it for everyday activities.

That's what I have done, but I got to thinking about it and I need to make some adjustments. Basically they now have access to every shared file on my network including the computer that it is running on. I thought I would be clever and make the credentials the same for the virtual machine as the desktop it is running on. That was idiotic.

Really? So, I should not be posting this from Preview 10? Then why bother getting the beta? I agree that one should not do banking or anything financial (like taxes) on this beta. But not posting here? Or any forums? That is a bit over reaction I think.

I, along with a whole bunch of other regulars in the Security forum here, did the 3 month Microsoft feedback thing that involved Vista back in 2007. I put Vista on a Microsoft virtual machine and I used it daily for ordinary surfing, etc (but no banking)for the three months. My reward was a Vista Ultimate 32 bit disk and another Vista Ultimate 64 bit disk each with DIFFERENT licenses sent by Microsoft as thanks for participating in the feedback panel.

I have never felt in the years since that Microsoft violated my privacy in some horrible way then and that later it came back to bite me. I'm a very private person but I don't see how being a beta tester for Microsoft (which I have done for other software also and was interesting, challenging, and fun) as long one uses some common sense (like no banking) is awful.

They are capturing keystrokes. Where is that information stored? How is it stored? Who has access to that information? I think it is fairly prudent to assume that information isn't in a vault.

I just lost $400 the other day to a jerk in Louiseville that went out and bought $400 worth of gas at two gas stations. Actually I lost the money a year ago, but I didn't know it until three days ago. They duplicated my debit card and used it at the same time I was using the only real card 500 miles away. Apparently that wasn't a red flag for Wells Fargo. If you think these big or small companies are handling your very private information with due diligence, then I'd like to offer you an investment opportunity in the "Bridge to Hawaii" venture I am just starting up.

Edit: Would mind quoting where I said you shouldn't be posting in these forums using the preview. I've looked and I must be blind, because I can't see where I said that.

It's been going on for a long time.

Posting here requires a password (although I could post anon I guess). You said "you basically shouldn't do anything that involves a password or transmission of any personal information". If you had used "and" instead of "or" then I would not have made my comment.

I would not. In its current state it is able to slurp any and all information and while I generally trust microsoft with the information (think of all the evil they could have done with all the automated crash reports they get every minute) I don't really trust the security of the preview release at this point.

With the current preview the most I will do is run it in a virtual machine.

If you need info on VMs check out freeware VirtualBox

»www.virtualbox.org/

Here is a step by step guide for win10preview:

»www.cnet.com/how-to/how- ··· machine/
»betanews.com/2014/10/01/ ··· tualbox/

Have you missed the posts here, (and all over the net, as well as in VirtualBox's OWN forums) reporting that it cannot be run on VB because Guest Additions cannot be installed? VB is crippled without Guest Additions. You can install it on Microsoft's Hyper-V but you won't have audio as Hyper-V doesn't support audio. I had audio in VirtualBox but I could not have my correct screen resolution plus a great deal more of essential things were missing because Guest Additions cannot be installed. So, I have it on Hyper-V and it is ok except I have no audio but at least everything else seems to work ok and I have full support on Hyper-V for my 24" monitor. It wasn't easy to set up though. Piece of cake on VMWare Workstation. Hyper-V is not easy for networking and setting up file sharing between the Host and the virtual machine and you can't copy/paste or drag/drop between the machines. CNet obviously didn't try to really see if it would install AND work properly on VirtualBox. They just installed it and then didn't check further as obviously they didn't try to install Guest Additions. I wasted quite a bit of time trying to get Guest Additions to install. It is possible VB will issue an update so that Guest Additions will work but that sort of thing has not been the case with them in the past or with paid software like VMWare Workstation where you have to upgrade at a hefty fee to the latest version of Workstation.

If you want to run Win 10 preview on a virtual machine you really should put it on VMWare Workstation but that is not free. For free, Hyper-V is the best if you have a new enough computer to run it or if it came installed on your computer as it did on my Win 8 Pro.

What if someone put a firewall on it and seveerly filtered ALL OUTGOING PACKETS??

It could help,
Also as mentioned by Chubbzie here in the security topic even adding to a hosts file or blocking communication to those IP addresses....

It can be stopped and you have mentioned 1 way.

It looks like there's some confusion between security and privacy. The two are very closely linked.

Windows 10 Tech Preview is definitely secure. Do you already trust Windows 7 and 8? Windows 7 is NT 6.1, 8 is 6.2 and 8.1 is 6.3. Windows 10 Tech Preview is Windows NT 6.4, so it's not like a whole lot has changed. In fact, IE 11 itself may be the exact same bits that are in Windows 7 and 8.1 today.

So, I would say that Windows 10 Tech Preview is, from the outset, as secure as Windows 7 and 8.1.

The privacy issue is tricky, because in any instance of beta or "tech preview" software, the vendor is likely to have testing and telemetry apparatus enabled. in this particular case, they're analyzing files people are using.

If you're not comfortable with that then you shouldn't have the Tech Preview installed, and you should immediately revert to your regular installation of Windows 7 or 8.1, whose license agreement is going to be more friendly to your privacy, because Microsoft doesn't need the telemetry information.

At the end of the day, Microsoft's wording in the license agreement, and the reason they're providing you with the bits for free of charge, is because they're collecting telemetry data and actual user-generated feedback on the system for the sake of testing purposes. It's not to use as your everyday desktop, and it's not completely out of the goodness of their hearts either.

If you trust Microsoft not to do anything with your banking password (I do) then go right ahead, but if you have sensitive work to do or you're just concerned for the privacy of some information, then keep a regular Windows 7 or 8.1 (or Mac 10.8/10.9 or Linux/BSD/Solaris) computer around.

I personally went ahead and installed it on an old ThinkPad R series machine I had laying around that was otherwise unused, and have had a pretty good time with it so far. The 5400rpm spinning disk from 2007 leaves a little bit to be desired in the performance department, but overall I like what I've seen of Windows 10 so far.