Windows 10 - introduction to 1511

 

I have recently upgraded a Windows 8.1 laptop to Windows 10 Fall Update version, otherwise know as Windows 10 1511, and am working through the various ways to harden it, and producing a series of web pages about the hardening processes.

At present I have no idea how many pages I will end up with, or how long it will all take, I don`t think you can ever get to a point with a Windows computer that you have finished the security configuration, it is an ongoing battle.

 

First thoughts on Windows 10

The more I look at Windows 10, the more I think that from both a users perspective and a system perspective Windows 10 could be the most insecure operating system that Microsoft have ever produced.

It has been designed so that by default Microsoft can track everything that the users do.

It has been designed so that by default it is open to attack from the internet.

Microsoft talk about the security of modern versions of Windows, but just like Windows 8.1, they build in vulnerabilities that go back to NT.

In Windows 10 they have cut so many holes through the firewall that it is almost worthless.

I really do wonder what Microsoft is up to with Windows 10. They have now given away something like 250,000,000 installations of Windows 10 for nothing. At a normal price of say £150 per installation, Microsoft have given up an income of £37,500,000,000.

Are they going to get that back through advertising ?

Is this something to do with Microsoft moving towards providing Windows as a service - you don`t buy a DVD and / or a licence as a one time purchase, you enter a contract with Microsoft so that Microsoft provides you with an operating system that they completely control and can change as they like on an on-going basis.

Is somebody else paying them to give away Windows 10 for nothing because they want access to your computer behind your back ?

Anyway, this series of web pages looks at various ways to harden Windows 10, but I should add that I don`t use any kind of Microsoft networking, nor do my computers connect to an Active Directory domain, so I am always looking for ways to remove the Microsoft networking capabilities.

However do be aware that probably the biggest threat to a computer is the users, by doing things like opening attachments in emails and installing rogue apps.

 

Another security issue

One of the concepts that Microsoft are pushing with Windows 10 is that Windows 10 is very much designed around the concept of a totally connected lifestyle, where you can move from desktop to laptop to tablet to phone and carry on working seamlessly as you move between devices.

They are heavily pushing users into the cloud, so that all your data is available on whichever device you are using.

Now you could say that this is good - but from a security point of view it is bad, because now all your data is sitting on (probably) a Microsoft server, where Microsoft or anyone else with access can look through all your data, and use it to target advertising.

The other thing about it is that all your devices are feeding into the same data pot, so whoever has access to that data pot has a deeper insight across much more of the different parts of your life.

So it may be that from a personal security point of view, you set up Windows 10 in such a way that your data remains with you, and not with Microsoft.

 

Upgrade process

I have always strongly recommended that a computer is not connected to a network until it has been hardened. Until it has been hardened it is quite a bit more vulnerable to attack, and even respected websites may be delivering malware, because the web server has been attacked.

However if you are doing an upgrade via the internet, then you have to be connected to the internet the whole time, and are vulnerable to attack.

So I did the upgrade by downloading the Windows 10 ISO image, and burning a DVD, and used that for the upgrade, rather than doing an on-line based upgrade. There are several advantages to this approach, as you can do the upgrade and harden the computer before connecting to the internet.

There is another advantage of upgrading through a DVD or USB memory stick, in that the DVD can be used on any number of computers, without having to download 3GB of files for each computer.

Do bear in mind that once you have a DVD or USB, you must choose to do an upgrade, not a fresh install.

If you do a fresh install, you may not be able to activate the Windows 10 installation.

If you do an upgrade, then Microsoft should recognise the existing activation, and issue an activation code for the Windows 10 installation.

Once you have an activation code for the Windows 10 installation, you can then do a fresh install - I recommend this, as it gets rid of all the historical garbage that accumulates with upgrades.

Just remember to save all your data to an external device before you start a fresh install.

 

Windows as a service

Thinking a bit more about Microsoft providing Windows as a service - Microsoft have a bit of a history of offering updates that break computers.

So what happens if Microsoft is providing Windows as a service on a contract - then they do an update which breaks Windows, and renders the computer unuseable, and requires professional repair.

Who is going to pay for the repair ?

Microsoft would be in breach of contract - are they going to have to pay out for the repair of a few hundred million computers ?

Hmmmm !

 

 

 

 

 

website design by ron-t

 

website hosting by freevirtualservers.com

 

© 2024   Ron Turner

 

+                                   +  

 

Link to the W3C website.   Link to the W3C website.