Did Microsoft shove Windows 10 down people’s throats?

Microsoft lobs new OS at small businesses, consumers in a stealthy, piecemeal manner

CSO covered how “Lack of security in small companies means big risk for the enterprise” because attackers who compromise small concerns in the federated enterprise do so in order to hack large companies.

Microsoft is helping. The question is who are they helping? While Microsoft touts Windows 10 security enhancements, small businesses and entrepreneurs see another side to Windows 10, the side where Microsoft loads its new OS through automatic updates onto PCs with Windows 7 and Windows 8.1 without their knowledge or consent.

CSO details the results of the Microsoft misstep including corrupt system files and performance issues that make small business PCs vulnerable, which could make any large enterprise they serve vulnerable, too. Recommendations to hopefully revert control of the PC to the affected entities follow.

You may already have Windows 10 on your systems

“Microsoft is pushing out Windows 10 to individual computers (that is to say, unmanaged home and even SOHO systems) running Windows 7 and Windows 8.1 if Automatic Updates are enabled,” says Aryeh Goretsky, Researcher, ESET. As of this date, a number of news reports from various media outlets including IDG’s own Computerworld have confirmed this.

Posts and comments across the Internet on threads in technical forums and feature articles on the topic abound pointing up the woes of these updates. One disgruntled party commenting under the handle Flog says, I have Windows 10 updates pushed to OEM Windows 7 machines and never got anything asking me to reserve it or not, not even the notification icon in the system tray. The $Windows.~BT & .~WS folders are created on Win7 and Win8 machines. The $Windows.~BT\Sources\Panther has setupact.log & setuperr.log that shows what was done. The $Windows.~WS is a Hidden folder that contains Windows 10.

[ ALSO ON CSO: Don't get fooled into clicking phony Windows 10 upgrade emails ]

And when these updates do load, the first the small organization may hear of it is after the new software creates security and performance issues. While large companies have the means to sandbox and test updates before putting them into production, the small business is less likely to afford that luxury. “Large companies have a process in place to manage the updates so that they’re not going out before they’re tested,” says an attorney in the IT space who agreed to speak under conditions of anonymity.

“For smaller companies, they don’t have processes in place to do that. They typically just update the system,” says that same IT space attorney. And when those updates include several GBs and more of unwanted, unsecured software, that’s how the small business serving your big enterprise becomes your next vulnerability.

How this affected small businesses and consumers

A national rental company with nearly 400 PCs across the country was experiencing significant performance degradation on those systems. “We traced the problem to auto-update on all the PCs, which downloaded individual instances of Windows 10,” says Oli Thordarson, CEO, Alvaka Networks, the IT support service firm that turned off the updates and resolved the issue for this client.

People continue to express their dismay at finding Windows 10 on their computers. In threads on forums such as www.sevenforums.com, people report issues such as receiving Windows 10 on systems that do not have the resources to support it. More than one user reported receiving updates with a “Windows Update Standalone Installer” labeled as “required by your computer and cannot be uninstalled," which in turn downloaded Windows 10.

Others complained of corrupted system files that Microsoft’s own System File Checker could not fix only to find out that updates with Windows 10 in them were the cause. I personally had the same experience, leading to issues on both the Windows 7 and Windows 8.1 systems in my office.

“Those small companies do business with large companies, as we saw in the case of Target, and certainly have the potential to create risks,” says an anonymous IT industry attorney. If any software vendor loaded software on your systems without your knowledge or consent, you might call that a backdoor simply because they had the access and ability to do so and they made a point of not telling you about it. And if you found out a vendor that served you had been served such a stealthy software surprise, wouldn’t you have governance in place to question it?

Regaining control of your PCs

I have found resources like this thread at Seven Forums helpful in isolating and removing some of the Windows 10 updates. Here is a list of some of the suspect updates, which I examined after pulling them from a list on Seven Forums:

“2952664 (Windows 10 Upgrade preparation)

2976978 (Windows 10 Upgrade preparation)

2977759 (Windows 10 Upgrade preparation)

2990214 (Windows 10 Upgrade preparation)

3021917 (Windows 10 Upgrade preparation + Telemetry)

3022345 (Telemetry); may affect System File Checker

3035583 (Windows 10 upgrade preparation)

3050265 (a June 2015 replacement for 2990214)

3065987 (a July 2015 replacement for 2990214); may be OK as it might allow a way to block other Win 10 related KBs.

3068708 (Telemetry) (a later replacement for 3022345)

3075249 (Telemetry); first seen 8/19/15

3080149 (Telemetry); first seen 8/19/15”

You may want to look for information about those listed as KB for Knowledge Base as in KB2952664, and so on.

Further, I found that when I removed and hid these updates, I also needed to examine new updates individually as some of these also had Windows 10 under the guise of other Microsoft Knowledge Base numbers and names. Posters to Seven Forums and other blogs, forums, and website comment sections reported similar experiences. Make sure to do your own due diligence and consult a technical professional before making changes to your systems.

The response from Microsoft is mixed depending on whose reports you read and what you believe. Some news features picture the software giant apologetic about its secret Windows 10 upgrade moves. But when you say you’re sorry, isn’t it assumed that you mean you’ll never do it again?

Join the CSO newsletter!

Error: Please check your email address.

Tags MicrosoftWindows 10

More about CSOIDGMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By David Geer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place