If Windows 10 Is So Great, Why Distribute It Like A Trojan Horse Virus?

I have been very vocal the last few weeks about the despicable methods Microsoft has adopted to force people to install Windows 10, even those of us who absolutely do not want it. One of my tweets on the subject was even published on PCWorld.com.

Why don’t I want to install Windows 10? Because my computer is private property that belongs to me. I decide what software is installed on it and I don’t like Windows 10. That is the only answer that matters. There is no obligation to explain my decision beyond these simple facts.

But I’ve decided to be nice and explain in more detail anyway.

I have decided that my main PC will stay with Windows 7. It is my gaming and development rig and it is set up exactly the way I like it. This PC is extremely important to my life and I’ll not put it at risk of being bricked by installing a new operating system that may or may not run well on it. Besides, I love Windows 7. I consider it to be Microsoft’s best work by a large margin, far better than Windows 8 or 10. That is the end of the discussion where my PC is concerned.

A family member gifted me an old laptop recently, which came pre-installed with Windows 8. I hated it. Windows 8 is horrible; that is the universal opinion of everyone who has been unfortunate enough to use it. Microsoft designed a tablet operating system and tried to force PC owners into using it, which was a failure that should have been predictable.

A touchscreen interface is out of place on a PC. On a laptop, it was even worse. I had neither a touchscreen nor a mouse; I had a touchpad, so I had the worst of all possible experiences. The 8.1 Update that I downloaded the next day was a slight improvement, but it was still basically terrible.

Since I had no investment in or real use for this laptop and hated the operating system it was running, I decided to experiment with it. I downloaded the Media Creation Tool from Microsoft and installed Windows 10 to see what the fuss was about. I used it for about a week, installing a few must-have apps and a couple of old games and using it for several hours a day.

To be perfectly honest, I saw very little difference between Windows 8 and Windows 10. It is still an operating system with a terrible UI. Of the few difference I did notice between Windows 8 and 10, most were actually strikes against 10.

The only feature of Windows 10 that truly interests me is DirectX 12, which is supposed to be pretty amazing for gaming. The laptop is too old and too underpowered for any but the most basic of games. My gaming PC that runs Windows 7 is also fairly underpowered and will never be able to play any modern game that would be able to take advantage of DirectX 12. So, the one thing about Windows 10 that interests me is of no actual use to me, at least until I can afford to replace my old PC.

At first, I hated the “Start Screen” (or whatever we’re calling it). But it grew on me when I realized I could customize, resize and reorder the tiles. Strangely, it was less useful in Windows 10 than in 8. In 8, you could at least scroll horizontally to see more groups, meaning you could make as many as you liked. You can’t do that in 10; you get three groups of icons horizontally and that’s it. It seems like eventually I would simply run out of space to add new tiles. That’s not very useful.

Maybe it expands more on a larger display, but I just have a 15″ display on the laptop. So with the “Start Screen” not being very useful, I just left it in regular desktop mode. At least they did away with that annoying menu that popped up on the right every time I tried swiping to the left on the touchpad.

The basic idea of Cortana sounds interesting, but I have no real use for it on a computer in my home that I don’t use very often. If it were on my phone that I take everywhere, then maybe it would be worth having around for its potential as an assistant, but then who in the world actually uses a Windows phone? Certainly I don’t.

And I have less than zero interest in having the amount of personal information about me that Cortana requires to operate being stored on Microsoft servers where they have access to the data. So I turned off Cortana straight away, then spent a fair few hours hunting down and turning off other problematic features. Windows 10 is horrible for privacy and that alone is a huge strike against it in my book.

This is the point where Microsoft apologists will want to chime in with “but Google! Facebook!” Yeah, yeah, they don’t know anything about me either. I decided years ago that both of those were privacy disasters and purposefully limit what information they have about me.

I make a few comments and “likes” on Facebook with my family, but if I want to chat with them, I use a chat program (not Facebook Messenger) or simply text them. I rarely make status updates there. I use it exclusively as an Android app and I block all scripts and cookies from facebook.com in my PCs browser, so they have no ability to track my web browsing. My life is not on Facebook and Mark Zuckerberg’s surveillance company knows practically nothing about me.

I use Google search while signed out, very rarely sign into Gmail with my PC (and use a private mode window when I do) and refuse to have anything to do with Google Plus. I used to have a YouTube account, but then they started forcing you to use Google+ to comment (even on your own videos!), so I quit using the account (which has the side effect of me not being able to “like” videos to endorse video creators. Good job there, Google).

I also refuse to use Chrome browser, both for its obvious and sweeping privacy problems as well as because there is no way to control how it downloads updates (the importance of this point becomes clear further down).

Speaking of browsers, I tried out the new Edge browser that replaces Internet Explorer. I thought it was decent and it does have potential, but it’s pretty bare bones right now. I know extension support is in beta now, but I didn’t have access to any extensions myself, which made the browser mostly useless for me.

The NoScript and Ublock Origin extensions I use for Firefox are deal breakers. I can’t stand the never ending pop-up newsletter subscription prompts and other javascript-based annoyances that every damn website uses these days. Whoever invented this stupid javascript lightbox thing that’s everywhere now has ruined the web as thoroughly as did the inventor of the pop-up ad and I refuse to allow that crap to run in my browser. As for ads, I don’t have the bandwidth to spare to allow every page I visit to download multiple video advertisements, so I block ads on all but a few websites.

Lightbox picture

Now we get to the main problem I have with Windows 10: it uses up internet bandwidth the way an open flame uses up gasoline. Even with all the telemetry and privacy-impacting features turned off, it still hogs my network. Without third-party tools, you can’t completely disable all telemetry. You can turn off everything and it still uploads and downloads all manner of data, activity which several tech columnists have captured and demonstrated with network monitoring tools. The Windows Store apps update automatically. The operating system itself updates automatically.

That last one is the most serious problem for me. Windows Update in Windows 10 has no UI to let the user control if, how and when updates are downloaded, at least in the Home version. That is absolutely a deal breaker. Windows has a notorious reputation for pushing dangerous, buggy updates that break computers. By default, Windows 10 even turns Windows Updates into a bittorrent client that distributes the update files on your computer with other computers around the world! On top of all that, there is the fact that Microsoft abuses the Windows Update system to foist unwanted software on users, a thing which I’ll talk about further down.

Even if every update were guaranteed to be bug free, it still wouldn’t matter. I need to control the schedule for when updates are downloaded. I have internet through a satellite provider: Hughesnet. The service is terrible and it comes with very tight data limits. I get half a gig of data to use per day, which rolls over once for a total of 1GB of usable data per two days. This limit resets by half a gig once per day. If I use more data than that, Hughesnet cuts off my internet until the reset. They claim they throttle it to dialup speed, but that claim is false; the connection simply stops working until the data allowance resets.

However, I do have a “Bonus Period” that starts at 2AM and ends at 7AM every day. During the bonus period, I can use as much data as I like. So, I have to schedule anything that checks for updates to do so only after 2AM. Windows 10 doesn’t let me do that; it simply commandeers my network in complete disregard for the fact that I own it and pay for its internet connection. The Windows Store apps do the same thing, hogging my network with no way to control it.

The one and only option is to set my network connection as “metered”—which it is—but that just disables updates entirely, even if I try to start one manually. Even that doesn’t completely disable the automatic download of critical security updates, some of which may be hundreds of megabytes in size. Additionally, this option only exists on a WiFi network; it doesn’t appear at all if I connect to the router with an ethernet cable.

Of course, I could simply use a firewall. I already use TinyWall on my main PC and like it very much. Unlike most software firewalls that pummel the user with prompt after prompt after prompt warning that whateverapp.exe is trying to connect to whocares.com on port eleventyhundred in order to convince the user it’s being useful, TinyWall just silently blocks everything. If you want a piece of software to have network access, you whitelist it and that’s the end of it. TinyWall also helpfully includes a feature to unblock several Windows subsystems, including Windows Update. Which means you can just uncheck that feature and Windows Update will be blocked.

TinyWall settings panel

This did allow me to block automatic updates, but left me having to stay up until well after 2AM to manually check everything for updates. Certainly not ideal. And honestly, why would I want to use an operating system that requires me to keep it firewalled like it’s a security risk? That is just offensive. This is my computer; I decide what software is installed on it. It is connected to my network; I decide when, if and how it uses that network.

The final straw for me was seeing the news that Microsoft, desperate to make good on their publicly-stated goal to have one billion devices running Windows 10, decided to transform the Windows Update service into a remote access trojan. On devices running Windows 7 and 8, Windows Update has been installing the Get Windows 10 (GWX) app for over a year now. This obnoxious piece of adware is responsible for the nag window that most of you have probably seen popping up from your Windows taskbar.

GWX nag

The latest trick of this annoying little piece of adware? Putting your computer into a state where it will automatically install Windows 10, with no way to cancel or decline it. Worse, clicking the “X” button that is supposed to close any window is deliberately misconfigured to act as consent for the installer. They got my mother like this last week; I had to go over to her house and remove Windows 10 from her PC, which she swears arrived as a complete surprise to her.

removing windows 10

At some point, Windows Update started automatically and silently downloading the entire Windows 10 operating system to devices running Windows 7 and 8, all 6GBs of it! It does this even if you’ve set Windows Update to not download or install automatically. It did this to me on two different computers before I realized what was going on, with predictable results for my daily data allowance.

Once I realized what they were doing, I started being very selective about what patches I installed, to the point that I’d stop and read the description of every individual patch. Microsoft very unhelpfully refuses to include any description for most of their patches in the update client, forcing you to go to their website to read KB articles. Even that doesn’t always disclose if a patch is related to Windows 10; often you have to google the patch’s KB number to see what it actually does.

Worse, microsoft keeps constantly re-releasing the patch that installs the GWX app, KB 3035583. People will hide that patch and Microsoft will just release it again a few weeks later. To date, this patch has been released TWELVE DAMN TIMES now (Correction: Actually, FOURTEEN TIMES, not twelve). There is also a registry setting that’s supposed to prevent operating system upgrades. Guess what? Microsoft installs a scheduled task that tampers with that setting, just in case you decided to use that to block Windows 10.

I finally got sick and tired of this nonsense last year and completely disabled Windows Update on my Windows 7 machine for several months. That was a risk, but it was a calculated risk.

I weighed the tiny, practically non-existent risk of some sort of malware exploiting an unpatched security flaw on my PC versus the absolute certainty that Microsoft would exploit Windows Update to install Windows 10 files I didn’t want. I weighed the hour or so it would take for an antivirus to clean a virus against the ordeal of removing an entire, unauthorized operating system and having to reinstall the old one, plus all my software and settings. I factored in the fact that my tiny data allowance simply cannot handle a background process downloading gigs of unwanted files over and over again. In the end, I decided that blocking Windows Update was, by far, the least risky option Microsoft had left me with.

I actually worked in the malware removal industry about ten years ago, so I know more than the average user about how to avoid malware and what to do if I become infected anyway. I block ads. I block javascript on most sites. I block Flash on most sites. I don’t even have Java installed as a browser plug-in. I don’t share or install pirated software. I know better than to open an email attachment and I rarely use email on Windows anyway; I use the email app on my Android tablet. My PC is behind a software firewall and connected to a modem that acts as a NAT router, which is itself hooked up to an actual NAT router. My exposure to malware is extremely limited, so I said goodbye to Windows Update for about five months or so.

However, I did recently decide to turn it back on, in “Check, but do not automatically download or install” mode. I now use GWX Control Panel as protection to make sure Windows Update does not attempt to install any more Windows 10-related patches or apps. This is a free app that disables the GWX app, checks your Windows Update settings to make sure they’re not configured in a manner that leaves you vulnerable to an automatic install, deletes the several gigs of Windows 10 file from the hidden folders Microsoft slips onto your system and it runs in the background to monitor for any sign of Windows 10 appearing on your system. Basically, it’s an antivirus that only checks for one particular virus. How tragic is it that Windows has come to this?

But let’s not call it a virus; that’s not accurate. Call it what it is: a trojan.

Windows Update, in the guise of installing security updates, has been altered by Microsoft to download unwanted software: the GWX app. Left alone and entirely without user interaction, the GWX app will download an entire operating system, remove the one you already have and replace it with Windows 10. Windows 10 itself is designed to download and install software without consent, as well as spy on its users in scores of different ways.

When my job was to identify the latest malware floating around the internet and figure out how to remove it, this is exactly how that malware behaved.

The federal courts ruled years ago that Microsoft was a criminal organization that used and abused illegal tactics to gain an anti-competitive monopoly over the desktop operating system market. Microsoft has a special obligation not to behave the way they are behaving right now. I believe the Federal Trade Commission and the Department of Justice should investigate the tactics Microsoft is using to foist Windows 10 on people who do not want it.

I’ve decided that I simply cannot support this kind of behavior. Whatever trust Microsoft had with consumers has been thrown in the toilet and flushed unceremoniously down the drain. Certainly I will never trust them again. That laptop I installed Windows 10 on? Now runs Linux Mint. Linux Mint worked perfectly on my laptop right out of the box, which certainly wasn’t the case with Windows 10. I love it. If not for the need to play games that will never work right on Linux, I’d install it on my PC as well.

Linux Mint laptop screenshot

So, not that I had any obligation to anyone to explain myself, but for the curious, these are my reasons for not wanting to use Windows 10 just now. When I finally get around to replacing my PC, I’ll have to grit my teeth and use it, because I play games and create content for games and I can’t do that with Linux or Mac.

When I get that new computer, I will lock down Windows Update with the firewall and try to remember to check manually for security updates once a month. As a result, I will be a bit more vulnerable than average to security flaws because of the unacceptable behavior of Windows Updates.

Microsoft: You are going to have to come down off the ledge about automatic updates. People have all manner of reasons for needing to control updates on their devices and, as they are the owners of those devices, ALL of those reasons automatically trump your desire to install updates without input.

And Microsoft, you definitely have to stop abusing Windows Update to make it behave like a remote access trojan. What the hell is wrong with you that you even considered using the same tactics found in the worst malware? If Windows 10 is so great, why distribute it surreptitiously as the payload of a trojan horse virus?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s