Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday July 12 2019, @08:48PM   Printer-friendly

As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows.

[...] What was surprising about this month's Security-only update, formally titled the "July 9, 2019—KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

[...] I spent the afternoon poking through update files and security bulletins and trying to get an on-the-record response from Microsoft. I got a terse "no comment" from Redmond.

My research did, however, confirm that this is not a mistake, and it led me to a theory for why these mysterious files are shipping in an unexpected location. I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update.

And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough." The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed.

Also at BetaNews & Ghacks

https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-deployment-script

ConfigScript.ps1 is pretty interesting.

Of note is there are different versions of DiagTrack (the script checks the version):
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3347

There is a blog post on it:
https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-does-Upgrade-Readiness-in-WA-collects-application-inventory/ba-p/213586

Upgrade Readiness in Windows Analytics provides an inventory of devices and applications for enrolled devices. We've had a lot of customers ask about the details of how this works, and this blog post is meant to answer those questions.

[...] This data is collected by an OS component called "Appraiser", which is built into Windows (require a KB to be installed on Windows 7/8.1 devices, per below).

[...] Core Inventory (apps, drivers) data collection is triggered via a scheduled nightly task "Microsoft Compatibility Appraiser" which runs every 24 hours. This assumes the system is awake and idle for long enough period to complete the scan. If the device was found inactive we resume the scan on the next available opportunity. This data is only sent to Microsoft if the device is opted in for CDO (Commercial Data Opt-in) on Win7/8.1 or Basic level in Windows 10.

Mozilla have https://bugzilla.mozilla.org/show_bug.cgi?id=1197768


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Pino P on Friday July 12 2019, @11:26PM (4 children)

    by Pino P (4721) on Friday July 12 2019, @11:26PM (#866440) Journal

    Core Inventory (apps, drivers) data collection

    I think part of the fear is that a government agency might subpoena the Core Inventory data from Microsoft as part of a fishing expedition to find who might be doing things that certain politically powerful publishers don't like, such as independent video game development for consoles and handhelds with physical inputs or using short clips from movies in reviews of those movies. The colorable reason for such an expedition would be allegations of circumvention in violation of national implementations of the WIPO Copyright Treaty of 1996.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2, Insightful) by Anonymous Coward on Saturday July 13 2019, @02:10PM (3 children)

    by Anonymous Coward on Saturday July 13 2019, @02:10PM (#866614)

    no

    the fear is that as a person that built my computer and tries to live an honest life, corporations are invading my privacy, taking away the control, and saying "well.. tough. Shareholder value FTW!"

    fuck that. an invasive government needs something to work with; growth via exploitation of the user base, the invasion of privacy and the elimination of individual choice in regards to security decisions... are all in favor of shareholder value and corporate sentiment.

    that is the thing to fear. it is also the stock to buy. no one makes money doing the right thing, unfortunately.

    • (Score: 2) by Pino P on Saturday July 13 2019, @02:33PM (2 children)

      by Pino P (4721) on Saturday July 13 2019, @02:33PM (#866623) Journal

      corporations are invading my privacy

      I'm trying to identify specific harms that may come from corporations invading your privacy. Without identifying specific harms, I don't know how I could convince the apathetic majority that corporations invading your privacy is something that a private citizen ought to care about in the first place.

      • (Score: 0) by Anonymous Coward on Sunday July 14 2019, @02:18PM (1 child)

        by Anonymous Coward on Sunday July 14 2019, @02:18PM (#866892)

        the fact that I dont want them to?

        there are no harms in my looking in your windows and reading your diaries, finding out how much you make, and leaving advertisements in each of your rooms for products and services that I get a bonus for if you subscribe to or buy them?

        here's the deal: i never asked them to snoop on me. i never willingly gave permission. just because you dont have a problem with it doesn't mean that everyone else doesn't, and that's cool -- maybe they can spy on you twice to make up for the loss they'll experience from not spying on me.

        anyone anywhere invading my privacy is a problem that i am not apathetic to. someday, maybe, you too will get violated somehow and feel differently.

        • (Score: 1) by yuhong on Sunday July 14 2019, @08:23PM

          by yuhong (6517) on Sunday July 14 2019, @08:23PM (#866966) Journal

          In the case, I think it is intended to check programs for compatibility with Windows 10 by using a cloud service.