Is Microsoft keeping secret records of customers and for what purpose?

Truth be told I have never been a fan of Microsoft. Don’t get me wrong you have to respect what Bill Gates has managed to do and how he has influenced many companies. I have to also mention the good work he and his wife are doing in third world countries.

However I have never liked the numerous faults in Microsoft software, or how you have to upgrade to the latest version to get the fix that you need or how they do business. This is basically now good business practices, or the only business model around but there is a limit to what I’m willing to tolerate.

My story is a bit long winded but the ending is worth the price of your time and as all good stories go, it may have a moral for you to learn from, at the end. Enjoy the read, the story is true!

Around 18 months ago Microsoft was commissioned to set up and install software for a company which I was employed at. Microsoft was to set up and install Cloud based Exchange service, Outlook and some other pieces of software. Sometime after I started work there I was approached by an employee who was concerned that on a regular basis his PC would prompt to run a backup job of his Outlook. My first reaction was the user must had accidentally pressed some button and set up the job to run. Having gotten over my initial reaction and only witnessing this on this person’s PC, the incident peaked my interest.

I quietly asked around as to what, why, who, where, when and how this may have happened. The person who drew my initial attention to the issue certainly didn’t do either by accident or deliberately. Failing to get any satisfactory answers for the support services and managers around at the time I turned my attention to the people that did the work and are currently maintaining the system. This is a very important point, as you would imagine, anyone setting up and maintaining a system should keep good record and would be able to quickly respond to what I see as a simple question, who set the job up?

When I asked the Microsoft representative, she was prompt and efficient with reassurance that I would get a response quickly within days. A couple of weeks went by and I decided to call. I was quickly greeted with apologies and comments such as I thought that XYZ was going to call you and explain. All I wanted was a couple of simple questions answer, so that I could determine the next step.

Here is the good part I waited all the time only to be told when I did call that they could not tell me anything!!! The only lead I had vanished without a trace by those simple words. This did two things for me one, it left me very frustrated, and I waited for weeks to be told nothing. Secondly, I wanted to know what Microsoft should have been able to tell me given that they are the service provider and getting well paid to not only provide the service but provide reasonable answers to questions.

Wait there is more, I’m only getting started.

Fast forward a few months, projects are going on all around me and I’m not invited into any of the meetings. The server and desk teams roll out Microsoft System Centre End Point Security models throughout the organisation. By the time I found out the deed is done and we have gone from a good product providing measureable results, to one were within weeks thousands of machines are infected with viruses, malwares and Trojans. The company’s intrusion detection system is going crazy with alerts but the Microsoft product doesn’t seem to be detecting them, removing them or stopping them.

I went to the organisation’s senior managers and informed them that the Microsoft solution seems to be failing as documented by the risk assessment showing that Microsoft wasn’t the best Anti-Virus protection solution. I was directed by the senior managers to engage with Microsoft directly.

The fun was about to start. I tried to explain to Microsoft what was happening on the network but they didn’t seem to get it. They asked me for signature patterns of viruses, malware and Trojans - try explaining to someone that you don’t have soft copies files to submit but screen shots.

At this point I was asked how I submit request for signature updates based on the information I had available to me and once again I’m greeted with the usual I will get back to you. Over a period of time, which seemed like a century, I exchanged a number of emails and phone calls, wondering what is so difficult. To this day I haven’t had a satisfactory reply to this question or others. I’m still waiting for a reply to what I consider a very simple question - “how do I?”

By now you must be wondering…what the hell has the title got to do with the story? Last week I was having a discussion with my manager, you know the type. The one sided discussion where the manager doesn’t have the facts, or a clue, about things they do, and no matter what you say it’s going falls on deaf ears. It is during the discussion that my managers drops a bomb shell, apparently the Microsoft representative neglected to inform me, she was directed to record all of my requests to her. Over a period of 10 months or less I have made about 4 maybe 5 requests of which I have never had a satisfactory reply from Microsoft. I have no idea as to what has been recorded or who directed my requests to be recorded. But to say that I’m less impressed with Microsoft the company now than ever, is an understatement. I want the Privacy Commission to step up and look into this outrage.

Remember that I mentioned early Microsoft set up cloud based solution for the company, well my last request to Microsoft was regarding who has access to certain information in the cloud based solution, within weeks of the new privacy act coming into force. The information I was inquiring about was leaked and available on the Internet for anyone to buy. I was told both over the phone and in writing how seriously Microsoft takes privacy, only find out that it can’t answer simple questions and also secretly keep records on those that submit requests. Under the privacy act I should be able to get access to this information, but then again I should have also been told they were doing this and why.

For those of you that don’t recall many years ago, Microsoft released one of its desktop operating system environments, the US Department of Defense (DoD) caught Microsoft operating sending back information to its HQ. When DoD confronted Microsoft about this they refused to comment or provide any information to validate the incident.

Why is Microsoft keeping records on customers submitting requests? Who is seeing these requests? Who has the authority to make this request, to record details? How are you selected for tracking? How accurate are these records? How long has this being going on for and how long are Microsoft going to keep this up? How long will Microsoft going to keep the records for?

Perhaps the most disturbing is who else is doing this and for what purpose, it is a good tool to keep people in-line.

To borrow a line form the George Orwell novel 1984, “Big Brother is watching you”. Hopefully, we will not all end up the same why as the hero of the novel did…sorry no spoilers on the novel ending.

This article was written by a CSO who wished to remain anonymous.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Microsoft

More about BillBrother International (Aust)CSOEnex TestLabMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Anonymous

Latest Videos

More videos

Blog Posts