CSO covered how “Lack of security in small companies means big risk for the enterprise” because attackers who compromise small concerns in the federated enterprise do so in order to hack large companies.
Microsoft is helping. The question is who are they helping? While Microsoft touts Windows 10 security enhancements, small businesses and entrepreneurs see another side to Windows 10, the side where Microsoft loads its new OS through automatic updates onto PCs with Windows 7 and Windows 8.1 without their knowledge or consent.
CSO details the results of the Microsoft misstep including corrupt system files and performance issues that make small business PCs vulnerable, which could make any large enterprise they serve vulnerable, too. Recommendations to hopefully revert control of the PC to the affected entities follow.
You may already have Windows 10 on your systems
“Microsoft is pushing out Windows 10 to individual computers (that is to say, unmanaged home and even SOHO systems) running Windows 7 and Windows 8.1 if Automatic Updates are enabled,” says Aryeh Goretsky, Researcher, ESET. As of this date, a number of news reports from various media outlets including IDG’s own Computerworld have confirmed this.
Posts and comments across the Internet on threads in technical forums and feature articles on the topic abound pointing up the woes of these updates. One disgruntled party commenting under the handle Flog says, I have Windows 10 updates pushed to OEM Windows 7 machines and never got anything asking me to reserve it or not, not even the notification icon in the system tray. The $Windows.~BT & .~WS folders are created on Win7 and Win8 machines. The $Windows.~BT\Sources\Panther has setupact.log & setuperr.log that shows what was done. The $Windows.~WS is a Hidden folder that contains Windows 10.
[ ALSO ON CSO: Don't get fooled into clicking phony Windows 10 upgrade emails ]
And when these updates do load, the first the small organization may hear of it is after the new software creates security and performance issues. While large companies have the means to sandbox and test updates before putting them into production, the small business is less likely to afford that luxury. “Large companies have a process in place to manage the updates so that they’re not going out before they’re tested,” says an attorney in the IT space who agreed to speak under conditions of anonymity.
“For smaller companies, they don’t have processes in place to do that. They typically just update the system,” says that same IT space attorney. And when those updates include several GBs and more of unwanted, unsecured software, that’s how the small business serving your big enterprise becomes your next vulnerability.
How this affected small businesses and consumers
A national rental company with nearly 400 PCs across the country was experiencing significant performance degradation on those systems. “We traced the problem to auto-update on all the PCs, which downloaded individual instances of Windows 10,” says Oli Thordarson, CEO, Alvaka Networks, the IT support service firm that turned off the updates and resolved the issue for this client.
People continue to express their dismay at finding Windows 10 on their computers. In threads on forums such as www.sevenforums.com, people report issues such as receiving Windows 10 on systems that do not have the resources to support it. More than one user reported receiving updates with a “Windows Update Standalone Installer” labeled as “required by your computer and cannot be uninstalled," which in turn downloaded Windows 10.
Others complained of corrupted system files that Microsoft’s own System File Checker could not fix only to find out that updates with Windows 10 in them were the cause. I personally had the same experience, leading to issues on both the Windows 7 and Windows 8.1 systems in my office.
“Those small companies do business with large companies, as we saw in the case of Target, and certainly have the potential to create risks,” says an anonymous IT industry attorney. If any software vendor loaded software on your systems without your knowledge or consent, you might call that a backdoor simply because they had the access and ability to do so and they made a point of not telling you about it. And if you found out a vendor that served you had been served such a stealthy software surprise, wouldn’t you have governance in place to question it?
Regaining control of your PCs
I have found resources like this thread at Seven Forums helpful in isolating and removing some of the Windows 10 updates. Here is a list of some of the suspect updates, which I examined after pulling them from a list on Seven Forums:
“2952664 (Windows 10 Upgrade preparation)
2976978 (Windows 10 Upgrade preparation)
2977759 (Windows 10 Upgrade preparation)
2990214 (Windows 10 Upgrade preparation)
3021917 (Windows 10 Upgrade preparation + Telemetry)
3022345 (Telemetry); may affect System File Checker
3035583 (Windows 10 upgrade preparation)
3050265 (a June 2015 replacement for 2990214)
3065987 (a July 2015 replacement for 2990214); may be OK as it might allow a way to block other Win 10 related KBs.
3068708 (Telemetry) (a later replacement for 3022345)
3075249 (Telemetry); first seen 8/19/15
3080149 (Telemetry); first seen 8/19/15”
You may want to look for information about those listed as KB for Knowledge Base as in KB2952664, and so on.
Further, I found that when I removed and hid these updates, I also needed to examine new updates individually as some of these also had Windows 10 under the guise of other Microsoft Knowledge Base numbers and names. Posters to Seven Forums and other blogs, forums, and website comment sections reported similar experiences. Make sure to do your own due diligence and consult a technical professional before making changes to your systems.
The response from Microsoft is mixed depending on whose reports you read and what you believe. Some news features picture the software giant apologetic about its secret Windows 10 upgrade moves. But when you say you’re sorry, isn’t it assumed that you mean you’ll never do it again?