<!--#include virtual="/server/header.html" --> <!-- Parent-Version:1.791.96 --> <!--#set var="DISABLE_TOP_ADDENDUM" value="yes" --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Microsoft's Software Is Malware - GNU Project - Free Software Foundation</title> <link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" /> <!--#include virtual="/proprietary/po/malware-microsoft.translist" --><style type="text/css" media="print,screen"> <!-- #content div.toc li { list-style: none; margin-bottom: 1em; } #content div.toc { margin-top: 1em; } --> </style><!--#include virtual="/server/banner.html" --> <div class="nav"> <a id="side-menu-button" class="switch" href="#navlinks"> <img id="side-menu-icon" height="32" src="/graphics/icons/side-menu.png" title="Section contents" alt=" [Section contents] " /> </a> <p class="breadcrumb"> <a href="/"><img src="/graphics/icons/home.png" height="24" alt="GNU Home" title="GNU Home" /></a> / <a href="/proprietary/proprietary.html">Malware</a> / By company / </p> </div> <!--GNUN: OUT-OF-DATE NOTICE--> <!--#include virtual="/server/top-addendum.html" --> <div style="clear: both"></div> <div id="last-div" class="reduced-width"> <h2>Microsoft's Software is Malware</h2><p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p><divclass="highlight-para"> <p> <em>Malware</em> meansclass="infobox"> <hr class="full-width" /> <p>Nonfree (proprietary) softwaredesignedis very often malware (designed tofunction in ways thatmistreator harmtheuser. (This does not include accidental errors.) This page explains how Microsoft software is malware. </p> <p> Malware and nonfree software are two different issues. The difference between <a href="/philosophy/free-sw.html">free software</a> and nonfreeuser). Nonfree software is controlled by its developers, which puts them in<a href="/philosophy/free-software-even-more-important.html"> whether the users have control of the program or vice versa</a>. It's not directlyaquestionposition ofwhatpower over theprogram <em>does</em> when it runs. However, in practice nonfree softwareusers; <a href="/philosophy/free-software-even-more-important.html">that isoften malware, becausethedeveloper's awarenessbasic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the userswould be powerlessthey ought tofix anyserve.</p> <p>This typically takes the form of maliciousfunctionalities temptsfunctionalities.</p> <hr class="full-width" /> </div> <div class="article"> <div class="important"> <p>If you know of an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include thedeveloperURL of a trustworthy reference or two toimpose some. </p>serve as specific substantiation.</p> </div> <divclass="toc"> <div class="malfunctions">id="TOC" class="toc-inline"> <h3>Types of Microsoft malware</h3> <ul><li><strong>Type of malware</strong></li><li><a href="#back-doors">Back doors</a></li> <!--<li><a href="#censorship">Censorship</a></li>--> <li><a href="#drm">DRM</a></li> <li><a href="#insecurity">Insecurity</a></li> <li><a href="#interference">Interference</a></li> <li><a href="#jails">Jails</a></li> <li><a href="#sabotage">Sabotage</a></li> <li><ahref="#interference">Interference</a></li>href="#subscriptions">Subscriptions</a></li> <li><a href="#surveillance">Surveillance</a></li> <li><ahref="#drm">Digital restrictions management</a> or “DRM” means functionalities designed to restrict what users can do with the data in their computers.</li> <li><a href="#jails">Jails</a>—systems that impose censorship on application programs.</li>href="#tethers">Tethers</a></li> <li><ahref="#tyrants">Tyrants</a>—systems that reject any operating system not “authorized” by the manufacturer.</li>href="#tyrants">Tyrants</a></li> </ul> </div></div><h3id="back-doors">Microsoft Backid="back-doors">Back Doors</h3><ul> <li><p><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> Microsoft has already backdoored its disk encryption</a>.</p></li> <li><p>Microsoft<ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201608171"> <!--#set var="DATE" value='<small class="date-tag">2016-08</small>' --><!--#echo encoding="none" var="DATE" --> <p id="windows-update">Microsoft Windows has a universal back door through which <ahref="http://www.informationweek.com/news/showArticle.jhtml?articleID=201806263">href="https://www.informationweek.com/government/microsoft-updates-windows-without-user-permission-apologizes"> any change whatsoever can be imposed on the users</a>.</p><p>More information on when <a href="http://slated.org/windows_by_stealth_the_updates_you_dont_want"> this<p>This wasused</a>.</p><a href="https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want"> reported in 2007</a> for XP and Vista, and it seems that Microsoft used the same method to push the <a href="/proprietary/malware-microsoft.html#windows10-forcing"> Windows 10 downgrade</a> to computers running Windows 7 and 8.</p> <p>In Windows 10, the universal back door is no longer hidden; all “upgrades” will be <ahref="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">forciblyhref="https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/"> forcibly and immediatelyimposed</a>.</p></li> <li><p><a href="http://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html">imposed</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201512280"> <!--#set var="DATE" value='<small class="date-tag">2015-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has <a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> backdoored its disk encryption</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201308230"> <!--#set var="DATE" value='<small class="date-tag">2013-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The German government <a href="https://www.theregister.com/2013/08/23/nsa_germany_windows_8/">veers away from Windows 8 computers with TPM 2.0</a> (<a href="https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa">original article in German</a>), due to potential back door capabilities of the TPM 2.0 chip.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201307300"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Here is a suspicion that we can't prove, but is worth thinking about: <a href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI"> Writable microcode for Intel and AMD microprocessors</a> may be a vehicle for the NSA to invade computers, with the help of Microsoft, say respected security experts.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201112080.1"> <!--#set var="DATE" value='<small class="date-tag">2011-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows 8 also has a back door for <a href="https://www.computerworld.com/article/2732767/microsoft--we-can-remotely-delete-windows-8-apps.html"> remotely deleting apps</a>.</p> <p>You might well decide to let a security service that you trust remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for <em>deleting</em> the programs, and you should have the right to decidewhowhom (if anyone) to trust in thisway.</p></li> <li><p>Windows 8's back doors are so gapingway.</p> </li> </ul> <h3 id="drm">DRM</h3> <p>Digital restrictions management, or “DRM,” refers to functionalities designed to restrict what users can do with the data in their computers.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201904040"> <!--#set var="DATE" value='<small class="date-tag">2019-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Ebooks “bought” from Microsoft's store check that<a href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/">their DRM is valid by connecting to theGerman governmentstore every time their “owner” wants to read them. Microsoft is going to close this store, <a href="https://www.bbc.com/news/technology-47810367"> bricking all DRM'ed ebooks it hasdecidedever “sold”</a>. (The article additionally highlights the pitfalls of DRM.)</p> <p>This is another proof that a DRM-encumbered product doesn't belong to the person who bought it. Microsoft said itcan'twill refund customers, but this is no excuse for selling them restricted books.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M200708130.1"> <!--#set var="DATE" value='<small class="date-tag">2007-08</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://arstechnica.com/gadgets/2007/08/aacs-tentacles/">DRM in Windows</a>, introduced to cater to <a href="/proprietary/proprietary-drm.html#bluray">Blu-ray</a> disks. (The article talks about how the same malware would later betrusted</a>.</p></li> <li><p>Users reportedintroduced in MacOS. That had not been done at the time, but it was done subsequently.)</p> </li> </ul> <h3 id="insecurity">Insecurity</h3> <p>These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202411220"> <!--#set var="DATE" value='<small class="date-tag">2024-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows Recall is a feature of Microsoft's Copilot tool that comes preinstalled on AI-specialized computers. <ahref="http://www.networkworld.com/article/2993490/windows/windows-10-upgrades-reportedly-appearing-as-mandatory-for-some-users.html#tk.rss_all"> Microsoft was forcinghref="https://www.techtarget.com/searchenterpriseai/feature/Privacy-and-security-risks-surrounding-Microsoft-Recall"> Recall records everything users do on their computer</a> and allows them toreplace Windows 7search the recordings, but it has numerous security flaws and8 with all-spying Windows 10</a>.</p>poses a risk to privacy. As Recall cannot be completely uninstalled, disabling it doesn't eliminate the risk because it can be reactivated by malware or misconfiguration.</p> <p>Microsoftwas in factsays that <ahref="http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html"> attacking computershref="https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15"> Recall will not take screenshots of digitally restricted media</a>. Meanwhile, it stores sensitive user information such as passwords and bank account numbers, showing thatrunwhereas Microsoft worries somewhat about corporate interests, it couldn't care less about user privacy.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202408140"> <!--#set var="DATE" value='<small class="date-tag">2024-08</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/"> A critical vulnerability in Windows7 and 8</a>, switchingsystems that support IPv6</a> was discovered in 2024, <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063"> 16 years after the first affected system</a> was released. Unless the relevant patch is applied, an attacker can remotely execute arbitrary code on these systems. Microsoft considers exploits “likely.”</p> <p>The same sort of vulnerability in aflag that said whetherfree/libre operating system would probably be discovered sooner, since many more people would be able to“upgrade”look at the source code.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202210140"> <!--#set var="DATE" value='<small class="date-tag">2022-10</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/"> The Microsoft Office encryption is weak</a>, and susceptible to attack.</p> <p>Encryption is a tricky field, and easy to mess up. It is wise to insist on encryption software that is (1) free software and (2) studied by experts.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202202090"> <!--#set var="DATE" value='<small class="date-tag">2022-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>A security failure in Microsoft's Windows10 when users had turned it off.</p> <p>Later on,is <a href="https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/">infecting people's computers with RedLine stealer malware</a> using a fake Windows 11 upgrade installer.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202107090"> <!--#set var="DATE" value='<small class="date-tag">2021-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>A newly found MicrosoftpublishedWindows vulnerability <a href="https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/"> can allow crackers to remotely gain access to the operating system</a> and install programs, view and delete data, or even create new user accounts with full user rights.</p> <p>The security research firm accidentally leaked instructions on<a href="http://arstechnica.com/information-technology/2016/01/microsoft-finally-has-a-proper-way-to-opt-out-of-windows-78-to-windows-10-upgrades/">how the flaw could be exploited but Windows users should still wait for Microsoft topermanently rejectfix thedowngradeflaw, if they fix it.</p> <p><small>Please note that the article wrongly refers to crackers as “<a href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202103050"> <!--#set var="DATE" value='<small class="date-tag">2021-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>At least 30 thousand organizations in the United States are newly “<a href="/philosophy/words-to-avoid.html#Hacker">cracked</a>” via <a href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/">holes in Microsoft's proprietary email software, named Microsoft 365</a>. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202102110"> <!--#set var="DATE" value='<small class="date-tag">2021-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Researchers at the security firm SentinelOne discovered a <a href="https://www.wired.com/story/windows-defender-vulnerability-twelve-years/">security flaw in proprietary program Microsoft Windows10</a>.</p> <p>This seemsDefender that lurked undetected for 12 years</a>. If the program was free (as in freedom), more people would have had a chance toinvolve use ofnotice the problem, therefore, it could've been fixed aback doorlot sooner.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit inWindows 7malware-microsoft.html. --> <li id="M202004270"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>The proprietary program Microsoft Teams' insecurity <a href="https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif/">could have let a malicious GIF steal user data from Microsoft Teams accounts</a>, possibly across an entire company, and8.</p>taken control of “an organization's entire roster of Teams accounts.”</p> </li></ul> <h3 id="insecurity">Microsoft Insecurity</h3> <ul> <li><p>A<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201705120"> <!--#set var="DATE" value='<small class="date-tag">2017-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Exploits of bugs in Windows, which were developed by the NSA and then leaked by the Shadowbrokers group, are now being used to <ahref="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flawhref="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack a great number of Windows computers with ransomware</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201608020"> <!--#set var="DATE" value='<small class="date-tag">2016-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>A <a href="https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft account credentials, if the user is tricked into visiting a malicious link.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201312040"> <!--#set var="DATE" value='<small class="date-tag">2013-12</small>' --><!--#echo encoding="none" var="DATE" --> <p><ahref="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">href="https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/"> Point-of-sale terminals running Windows were takenoverover</a> and turned into a botnet for the purpose of collecting customers' credit cardnumbers</a>. </p>numbers.</p> </li> </ul> <h3id="sabotage">Microsoft Sabotage</h3> <p>The wrongsid="interference">Interference</h3> <p>This section gives examples of Microsoft software harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202404260"> <!--#set var="DATE" value='<small class="date-tag">2024-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has started to <a href="https://www.cnet.com/tech/who-wants-ads-in-their-windows-11-start-menu-heres-how-to-turn-them-off/"> show ads in the “Recommended” section of the Windows 11 Start menu</a>. Previously, this sectionareonly included recently used documents and images. Now it also contains the icons of apps Microsoft wants to advertise, in the hope that the user will click on one of them, and buy the app. So far, the user can disable the ads, but this doesn't make them more legitimate.</p> </li> <!-- Copied from workshop/mal.rec. Do notprecisely malware, since they doedit in malware-microsoft.html. --> <li id="M202403150"> <!--#set var="DATE" value='<small class="date-tag">2024-03</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theverge.com/2024/3/15/24101887/microsoft-bing-popups-windows-11-google-chrome"> Microsoft is using malware tactics to get users to switch to their web browser</a>, Microsoft Edge, and their search engine, Microsoft Bing. When users launch the Google Chrome browser Microsoft injects a pop up advertisement in the corner of the screen advising users to switch to Bing. Microsoft also imported users Chrome browsing data without their knowledge or consent.</p> </li> <!-- Copied from workshop/mal.rec. Do notinvolve makingedit in malware-microsoft.html. --> <li id="M202311101"> <!--#set var="DATE" value='<small class="date-tag">2023-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has been annoying people who wanted to close the proprietary program OneDrive on their computers, <a href="https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification"> forcing them to give the reason why they were closing it</a>. This prompt was removed after public pressure.</p> <p>This is a reminder thatrunsangry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!</p> </li> <!-- Copied from workshop/mal.rec. Do not edit ina waymalware-microsoft.html. --> <li id="M202302140"> <!--#set var="DATE" value='<small class="date-tag">2023-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is <a href="https://www.theguardian.com/technology/2023/feb/14/microsoft-to-phase-out-internet-explorer-with-new-edge-browser"> remotely disabling Internet Explorer, forcibly redirecting users to Microsoft Edge</a>.</p> <p>Imposing such change is malicious, and the fact thathurtstheuser. But they areredirection is from one unjust program (IE) to another unjust program (Edge) does not excuse it.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202108180"> <!--#set var="DATE" value='<small class="date-tag">2021-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is making it harder and harder to <a href="https://www.theverge.com/22630319/microsoft-windows-11-default-browser-changes">replace default apps in its Windows</a> operating system and is pressuring users to use its proprietary programs instead. We believe the best approach to this would be replacing Windows with alotfree (as in freedom) operating system likemalware, since they are technical Microsoft actionsGNU. We also maintain a <a href="/distros/free-distros.html">list of fully free distributions of GNU</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202102180"> <!--#set var="DATE" value='<small class="date-tag">2021-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is <a href="https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows">forcibly removing the Flash player from computers running Windows 10</a>, using <a href="/proprietary/proprietary-back-doors.html#windows-update">a universal backdoor in Windows</a>.</p> <p>The fact thatharmFlash has been <a href="/proprietary/proprietary-back-doors.html#M202012020">disabled by Adobe</a> is no excuse for this abuse of power. The nature of proprietary software, such as Microsoft Windows, gives the developers power to impose their decisions on users. Free software on the other hand empowers users to make their own decisions.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202010180"> <!--#set var="DATE" value='<small class="date-tag">2020-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is <a href="https://www.slashgear.com/windows-10-users-are-grumpy-over-forced-updates-and-unwanted-apps-18643135/">forcing Windows users</a> to <a href="https://support.microsoft.com/en-us/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe">install upgrades it pushes</a> using <a href="/proprietary/proprietary-back-doors.html#windows-update">its universal back doors</a>. These upgrades can do various harms to users such as restricting computers from some functions and/or forcing users to defenselessly do whatever Microsoft tells them to do.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201809120"> <!--#set var="DATE" value='<small class="date-tag">2018-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>One version ofspecificWindows 10 <a href="https://www.ghacks.net/2018/09/12/microsoft-intercepting-firefox-chrome-installation-on-windows-10/"> harangues users if they try to install Firefox (or Chrome)</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201803190"> <!--#set var="DATE" value='<small class="date-tag">2018-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is planning to make Windows <a href="https://www.theguardian.com/technology/2018/mar/19/windows-10-microsoft-force-people-edge-browser-windows-mail-chrome-firefox"> impose use of its browser, Edge, in certain circumstances</a>.</p> <p>The reason Microsoftsoftware.</p> <ul> <li><p>Oncecan force things on users is that Windows is nonfree.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201703170"> <!--#set var="DATE" value='<small class="date-tag">2017-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows displays <a href="https://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer"> intrusive ads for Microsoft products and its partners' products</a>.</p> <p>The article's author starts from the premise that Microsoft hastrickedauser into accepting installationright to control what Windows does to users, as long as it doesn't go “too far”. We disagree.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201612140"> <!--#set var="DATE" value='<small class="date-tag">2016-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Microsoft Telemetry Compatibility service <a href="https://answers.microsoft.com/en-us/windows/forum/all/microsoft-telemetry-compatibility/cefa7c8e-49c9-4965-aef6-2d5f01bb38f2"> drastically reduces the performances of machines running Windows 10</a>, and can't be disabled easily.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201608170"> <!--#set var="DATE" value='<small class="date-tag">2016-08</small>' --><!--#echo encoding="none" var="DATE" --> <p> After <a href="/proprietary/malware-microsoft.html#windows10-forcing">forcing the download of Windows10,10</a> on computers that were running Windows 7 and 8, Microsoft <ahref="http://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/">they findhref="https://www.computerworld.com/article/3012278/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html"> repeatedly switched on a flag that urged users to “upgrade” to Windows 10</a> when theyare deniedhad turned it off, in theoptionhope that some day they would fail tocancel or even postpone the imposed datesay no. To do this, Microsoft used <a href="https://www.theregister.com/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/"> malware techniques</a>.</p> <p>A detailed <a href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive"> analysis ofinstallation</a>. </p> <p>This demonstrates what we've said for years: using proprietary software means letting someone have power over you, and you're goingMicrosoft's scheme</a> is available on the Electronic Frontier Foundation's website.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201603090"> <!--#set var="DATE" value='<small class="date-tag">2016-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has made companies' Windows machines managed by the company's sysadmins <a href="https://www.computerworld.com/article/3042397/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue users toget screwed sooner or later.</p></li> <li><p>Microsoftcomplain to the sysadmins about not “upgrading” to Windows 10</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201601160"> <!--#set var="DATE" value='<small class="date-tag">2016-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has <ahref="http://www.theverge.com/2016/1/16/10780876/microsoft-windows-support-policy-new-processors-skylake">desupportedhref="https://www.theverge.com/2016/1/16/10780876/microsoft-windows-support-policy-new-processors-skylake">desupported all future Intel CPUs for Windows 7 and 8</a>. Those machines will be stuck with the nastier Windows 10. <ahref="http://gizmodo.com/only-the-latest-version-of-windows-will-run-on-some-fut-1753545825">href="https://gizmodo.com/only-the-latest-version-of-windows-will-run-on-some-fut-1753545825"> AMD and Qualcomm CPUs,too</a>. </p>too</a>.</p> <p>Of course, Windows 7 and 8 are unethical too, because they are proprietary software. But this example of Microsoft's wielding its power demonstrates the power itholds. </p>holds.</p> <p>Free software developers also stop maintaining old versions of their programs, but this is not unfair to users because the users of free software have control over it. If it is important enough to you, you and other users can hire someone to support the old version on your futureplatforms. </p></li> <li><p>Microsoft isplatforms.</p> </li> </ul> <h3 id="sabotage">Sabotage</h3> <p>The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Microsoft actions that harm the users of specific Microsoft software.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202412250"> <!--#set var="DATE" value='<small class="date-tag">2024-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows Defender <ahref="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146"> forcibly pushing Windows updatehref="https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-deleted-my-download-without/0b4211cf-80f7-47c7-8ea0-675785a0003c"> deletes downloaded files that it considers malware</a> as soon as they are saved toits version 10</a>, ignoringdisk, without requesting permission to do so. Many angry users have complained about this unacceptable behavior over theflag onlast few years, and even suggested fixes, but Microsoft has ignored them. It is high time for Windows7 or 8 that you could setusers to escape Microsoft's tyranny by migrating to a free/libre system.</p> </li> <!-- Copied from workshop/mal.rec. Do notupgrade. This reaffirmsedit in malware-microsoft.html. --> <li id="M201904041"> <!--#set var="DATE" value='<small class="date-tag">2019-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has been <a href="https://borncity.com/win/2019/01/17/windows-10-update-kb4023057-re-released-1-16-2019/"> force-installing a “remediation” program</a> on computers running certain versions of Windows 10. Remediation, in Microsoft's view, means <a href="https://support.microsoft.com/en-us/topic/kb4023057-update-health-tools-windows-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a"> tampering with users' settings and files</a>, notably to “repair” any components of thepresenceupdating system that users may have intentionally disabled, and thus regain full power over them. Microsoft repeatedly pushed faulty versions of this program to users' machines, causing numerous problems, some of which <a href="https://web.archive.org/web/20240223182933/https://www.windowsmode.com/microsoft-suspends-windows-10-october-2018-update-rollout-due-to-critical-bugs/"> critical</a>.</p> <p>This exemplifies the arrogant and manipulative attitude that proprietary software developers have learned to adopt toward the people they are supposedly serving. Migrate to a <ahref="/proprietary/proprietary-back-doors.html">universal back doorhref="/distros/free-distros.html">free operating system</a> if you can!</p> <p>If your employer makes you run Windows, tell the financial department how this wastes your time dealing with endless connections and premature hardware failures.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit inWindows</a>malware-microsoft.html. --> <li id="M201704194"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has made Windows 7 and8.</p></li> <li><p>Windows 10 “upgrades”8 cease to function on certain new computers, <ahref="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/"> delete applications</a> without asking permission.</p></li> <li><p> Microsoft ishref="https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/processor-not-supported-together-with-windows-version">effectively forcing their owners to switch to Windows 10</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201704134"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft <ahref="http://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1"> repeatedly nagging manyhref="https://arstechnica.com/information-technology/2017/04/new-processors-are-now-blocked-from-receiving-updates-on-old-windows/"> has dropped support for Windows 7 and 8 on recent processors</a> in a big hurry.</p> <p>It makes no difference what legitimate reasons Microsoft might have for not doing work to support them. If it doesn't want to do this work, it should let users do the work.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201606270"> <!--#set var="DATE" value='<small class="date-tag">2016-06</small>' --><!--#echo encoding="none" var="DATE" --> <p id="windows10-forcing">In its efforts toinstalltrick users of Windows10</a>. </p></li> <li><p>7 and 8 into installing all-spying Windows 10 against their will, Microsoft forced their computers to <a href="https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1"> silently download… the whole of Windows 10</a>! Apparently, this wasfor monthsdone through a <ahref="http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update"> tricking usershref="/proprietary/proprietary-back-doors.html#windows-update"> universal back door</a>. Not only did the unwanted downloads <a href="https://www.theregister.com/2016/06/03/windows_10_upgrade_satellite_link/"> jeopardize important operations in regions of the world with poor connectivity</a>, but many of the people who let installation proceed found out that this “upgrade” was in fact a <a href="https://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146"> downgrade</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201606010"> <!--#set var="DATE" value='<small class="date-tag">2016-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Once Microsoft has tricked a user into“upgrading” toaccepting installation of Windows10</a>, if10, <a href="https://www.theregister.com/2016/06/01/windows_10_nagware_no_way_out/">they find that theyfailedare denied the option tonotice and say no. </p></li> <li><p><a href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm"> Microsoft informscancel or even postpone theNSAimposed date ofbugsinstallation</a>.</p> <p>This demonstrates what we've said for years: using proprietary software means letting someone have power over you, and you're going to get screwed sooner or later.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit inWindows before fixing them.</a></p></li> <li><p><a href="http://www.computerworlduk.com/blogs/open-enterprise/windows-xp-end-of-an-era-end-of-an-error-3569489/">malware-microsoft.html. --> <li id="M201601310"> <!--#set var="DATE" value='<small class="date-tag">2016-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>FTDI's proprietary driver for its USB-to-serial chips has been designed to <a href="https://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/">sabotage alternative compatible chips</a> so that they no longer work. Microsoft is <a href="https://it.slashdot.org/story/16/01/31/1720259/ftdi-driver-breaks-hardware-again">installing this automatically</a> as an “upgrade”.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201511240"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows 10 “upgrades” <a href="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/"> delete applications</a> without asking permission.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201503260"> <!--#set var="DATE" value='<small class="date-tag">2015-03</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20191205010621/https://www.computerworld.com/article/3423768/windows-xp--end-of-an-era--end-of-an-error.html">Microsoft cut off security fixes for Windows XP, except to some big users that payexorbitantly.</a></p>exorbitantly</a>.</p> <p>Microsoft is going to <ahref="http://www.computerworlduk.com/news/security/3605515/more-than-half-of-all-ie-users-face-patch-axe-in-10-months/">href="https://web.archive.org/web/20181030194725/https://www.computerworlduk.com/applications/more-than-half-of-all-ie-users-face-patch-axe-in-10-months-3605515/"> cut off support for some Internet Explorer versions</a> in the same way.</p> <p>A person or company has the right to cease to work on a particular program; the wrong here is Microsoft does this after having made the users dependent on Microsoft, because they are not free to ask anyone else to work on the program forthem.</p></li>them.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201306220"> <!--#set var="DATE" value='<small class="date-tag">2013-06</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">Microsoft informs the NSA of bugs in Windows before fixing them</a>.</p> </li> </ul> <h3id="interference">Microsoft Interference</h3> <p>Various proprietary programs often mess upid="subscriptions">Subscriptions</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201507150"> <!--#set var="DATE" value='<small class="date-tag">2015-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft Office forces users <a href="https://www.computerworld.com/article/2948755/office-for-windows-10-will-require-office-365-subscription-on-pcs-larger-tablets.html">to subscribe to Office 365 to be able to create/edit documents</a>.</p> </li> </ul> <h3 id="surveillance">Surveillance</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202502230"> <!--#set var="DATE" value='<small class="date-tag">2025-02</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://proton.me/blog/outlook-is-microsofts-new-data-collection-service"> Outlook has become a “data collection and ad delivery service”</a>. Since Outlook is now integrated with Microsoft “cloud” services, and doesn't support end-to-end encryption, theuser's system. Theycompany has full access to users' emails, contacts, and calendar events. Microsoft may also <a href="https://www.cyberkendra.com/2023/11/new-outlook-update-raises-privacy.html"> retrieve credentials associated with any third-party services</a> that arelike sabotage,synchronized with Outlook. This trove of personal data enables Microsoft, as well as its commercial partners, to flood users with targeted ads, and possibly to train “artificial intelligences.” Even worse, this data is available to any government that can force Microsoft to hand it over.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202407300"> <!--#set var="DATE" value='<small class="date-tag">2024-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>In its default configuration, Windows 11 now <a href="https://www.zdnet.com/article/windows-11-now-turns-on-onedrive-folder-backup-without-your-permission/"> uploads users' files and personal information to Microsoft's “cloud”</a> without asking permission to do so. This is presented as a convenient backup method, butthey areif the allotted storage capacity is exceeded, the user will need to buy more space, increasing Microsoft's profit.</p> <p>However, this small profit is probably notgrave enoughthe company's major reason for making cloud storage the default. Here is an excerpt from the <a href="https://www.microsoft.com/en-US/servicesagreement"> Microsoft Services agreement</a> (Section 2b):</p> <blockquote><p><i>To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve Microsoft products and services, you grant toqualifyMicrosoft a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on theword “sabotage”. Nonetheless, theyServices.</i></p></blockquote> <p>We strongly suspect that the backed-up material is used to feed Microsoft's greedy “AI.” In addition, it is most likely analysed to better profile users in order to flood them with targeted ads, thereby generating more profit.</p> <p>Users, on the other hand, arenastyat the mercy of any entity that demands their data, let alone of any cracker that breaks into Microsoft's servers. They <em>must</em> escape from this sick environment, andwrong. This sectioninstall a sane <a href="https://www.gnu.org/distros/free-distros.html"> free/libre system</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202306120"> <!--#set var="DATE" value='<small class="date-tag">2023-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Edge <a href="https://www.neowin.net/news/edge-sends-images-you-view-online-to-microsoft-here-is-how-to-disable-that/">sends the URLs of images the user views to Microsoft's servers</a> by default, supposedly to “enhance” them. And these images <a href="/proprietary/proprietary-surveillance.html#M201405140">may end up on the NSA's servers</a>.</p> <p>Microsoft claims its nonfree browser sends the URLs without identifying you, which cannot be true, since at least your IP address is known to the server if you don't take extra measures. Either way, such enhancer service is unjust because any image editing <a href="/philosophy/who-does-that-server-really-serve.html">should be done on your own computer using installed free software</a>.</p> <p>The article describesexampleshow to disable sending the URLs. That makes a change for the better, but we suggest that you instead switch to a freedom-respecting browser with additional privacy features such as <a href="/software/gnuzilla/">IceCat</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202302080"> <!--#set var="DATE" value='<small class="date-tag">2023-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>As soon as it boots, and without asking any permission, <a href="https://web.archive.org/web/20230212120649/https://www.techspot.com/news/97535-windows-11-spyware-machine-out-users-control.html">Windows 11 starts to send data to online servers</a>. The user's personal details, location or hardware information are reported to Microsoft and other companies to be used as telemetry data. All of this is done is the background, and users have no easy way to prevent it—unless they switch the computer offline.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202301190"> <!--#set var="DATE" value='<small class="date-tag">2023-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft <a href="https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/"> released an “update” that installs a surveillance program</a> on users' computers to gather data on some installed programs for Microsoft's benefit. The update is rolling out automatically, and the program runs “one time silently.”</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202209220"> <!--#set var="DATE" value='<small class="date-tag">2022-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows 11 Home and Pro now <a href="https://www.microsoft.com/windows/windows-11-specifications"> require internet connection and a Microsoftcommitting interference.</p> <ul> <li>In orderaccount</a> toincreasecomplete the installation. Windows10's11 Pro had an option to create a local account instead, but the option has been removed. This account can (and most certainly will) be used for surveillance and privacy violations. Thankfully, a free software tool named <a href="https://gothub.projectsegfau.lt/pbatard/rufus/">Rufus</a> can bypass those requirements, or help users installbase,a <a href="/distros/distros.html"> free operating system</a> instead.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202011260"> <!--#set var="DATE" value='<small class="date-tag">2020-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft's Office 365 suite enables employers <a href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to snoop on each employee</a>. After a public outburst, Microsoft stated that <ahref="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive"> blatantly disregards user choice and privacy</a>.href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it would remove this capability</a>. Let's hope so.</p> </li><li><p>Microsoft<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202010221"> <!--#set var="DATE" value='<small class="date-tag">2020-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is imposing its surveillance on the game of Minecraft by <a href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring every player to open an account on Microsoft's network</a>. Microsoft hasstartedbought the game and will merge all accounts into its network, which will give them access to people's data.</p> <p>Minecraft players <a href="https://directory.fsf.org/wiki/Minetest">can play Minetest</a> instead. The essential advantage of Minetest is that it is free software, meaning it respects the user's computer freedom. As a bonus, it offers more options.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202010210"> <!--#set var="DATE" value='<small class="date-tag">2020-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>As of 2019-2020, Minecraft players are <ahref="https://www.theguardian.com/technology/2016/jul/04/microsoft-windows-10-full-screen-upgrade-notification-pop-up-reminder">nagginghref="https://www.minecraft.net/en-us/article/java-edition-moving-house">being forced to move to Microsoft servers</a>, which results in privacy violation. Microsoft publishes a program so usersobnoxiouslycan run their own server, but the program is proprietary andrepeatedlyit's another <a href="/philosophy/free-software-even-more-important.html">injustice to users</a>.</p> <p>People can play <a href="https://directory.fsf.org/wiki/Minetest">Minetest</a> instead. Minetest is free software and respects the user's computer freedom.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202004301"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex-a7383469308/">are collecting user's personal and identifiable data</a> including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M202004131"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google, Apple, and Microsoft (and probably some other companies) <a href="https://www.lifewire.com/wifi-positioning-system-1683343">are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off</a>, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201912160"> <!--#set var="DATE" value='<small class="date-tag">2019-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is <a href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking users to create an account on their network</a> to be able to install and use the Windows10</a>.</p></li> <li><p>Microsoftoperating system, which is malware. The account can be used for surveillance and/or violating people's rights in many ways, such as turning their purchased software to a subscription product.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201908210"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft recorded users of Xboxes and had <ahref="http://news.softpedia.com/news/windows-10-upgrade-reportedly-starting-automatically-on-windows-7-pcs-501651.shtml">is tricking users</a>href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana"> human workers listen to the recordings</a>.</p> <p>Morally, we see no difference between having human workers listen and having speech-recognition systems listen. Both intrude on privacy.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201908151"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Skype refuses to say whether it can <ahref="https://web.archive.org/web/20160522062607/http://www.theregister.co.uk/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/"> into replacing Windows 7 withhref="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop on calls</a>.</p> <p>That almost certainly means it can do so.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201905281"> <!--#set var="DATE" value='<small class="date-tag">2019-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft <a href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces people to give their phone number</a> in order to be able to create an account on the company's network. On top of mistreating their users by providing nonfree software, Microsoft is tracking their lives outside the computer and violates their privacy.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201710134"> <!--#set var="DATE" value='<small class="date-tag">2017-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows 10 telemetry program sends information to Microsoft about the user's computer and their use of the computer.</p> <p>Furthermore, for users who installed the fourth stable build of Windows10</a>.</p></li> <li><p>Microsoft has made companies'10, called the “Creators Update,” Windowsmachines managed bymaximized thecompany's sysadminssurveillance <ahref="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue usershref="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law/"> by force setting the telemetry mode tocomplain“Full”</a>.</p> <p>The <a href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level"> “Full” telemetry mode</a> allows Microsoft Windows engineers tothe sysadmins aboutaccess, among other things, registry keys <a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)"> which can contain sensitive information like administrator's login password</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not“upgrading”edit in malware-microsoft.html. --> <li id="M201702020"> <!--#set var="DATE" value='<small class="date-tag">2017-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>DRM-restricted files can be used toWindows 10</a>.</p></li> </ul> <h3 id="surveillance">Microsoft Surveillance</h3> <ul> <li><p>By<a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users"> identify people browsing through Tor</a>. The vulnerability exists only if you use Windows.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201611240"> <!--#set var="DATE" value='<small class="date-tag">2016-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>By default, Windows 10 <ahref="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sendshref="https://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties/">sends debugging information to Microsoft, including core dumps</a>. Microsoft now distributes them to anothercompany.</p></li> <li>Itcompany.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201608170.1"> <!--#set var="DATE" value='<small class="date-tag">2016-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate" href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive"> blatantly disregards user choice and privacy</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201603170"> <!--#set var="DATE" value='<small class="date-tag">2016-03</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://duo.com/decipher/bring-your-own-dilemma-oem-laptops-and-windows-10-security"> Windows 10 comes with 13 screens of snooping options</a>, all enabled by default, and turning them off would be daunting to most users.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201601050"> <!--#set var="DATE" value='<small class="date-tag">2016-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>It appears <ahref="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">href="https://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/"> Windows 10 sends data to Microsoft about what applications arerunning</a>.</li> <li><p>Arunning</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201511264"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>A downgrade to Windows 10 deleted surveillance-detection applications. Then another downgrade inserted a general spying program. Users noticed this and complained, so Microsoft renamed it <ahref="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">href="https://www.theregister.com/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"> to give users the impression it was gone</a>.</p> <p>To use proprietary software is to invite suchtreatment.</p></li> <li><p> <a href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">treatment.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201508130"> <!--#set var="DATE" value='<small class="date-tag">2015-08</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/"> Windows 10comes with 13 screens of snooping options</a>, all enabled by default, and turning them off would be dauntingsends identifiable information tomost users.</p></li> <li><p> WindowsMicrosoft</a>, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201507300"> <!--#set var="DATE" value='<small class="date-tag">2015-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows 10 <ahref="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/"> ships with default settings that show no regard for the privacy of its users</a>, giving Microsoft the “right” to snoop on the users' files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.</p> <p>We can suppose Microsoftlooklooks at users' files for the US government on demand, though the “privacy policy” does notexplicitexplicitly say so. Will it look at users' files for the Chinese government ondemand?</p></li> <li><p> <a href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/"> Windows 10 sends identifiable information to Microsoft</a>, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.</p></li> <li><p>The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.</p></li> <li>Spyware in Windows 8: <a href="https://web.archive.org/web/20160313105805/http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/"> Windows Update snoops on the user.</a> <a href="http://www.infoworld.com/t/microsoft-windows/look-the-black-underbelly-of-windows-81-blue-222175"> Windows 8.1 snoops on local searches.</a> And there's a <a href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA key in Windows</a>, whose functions we don't know.</li> <li><p> <a href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/"> Microsoft SkyDrive allows the NSA to directly examine users' data.</a></p>demand?</p> </li><li><p>Spyware<!-- Copied from workshop/mal.rec. Do not edit inSkype: <a href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/"> http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>. Microsoft changed Skype <a href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data"> specifically for spying</a>.</p> </li> <li><p> Microsoftmalware-microsoft.html. --> <li id="M201506170"> <!--#set var="DATE" value='<small class="date-tag">2015-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft uses Windows 10's “privacy policy” to overtly impose a “right” to look at users' files at any time. Windows 10 full disk encryption <ahref="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/"> gives Microsoft a key</a>.</p> <p>Thus, Windows is overt malware in regard to surveillance, as in other issues.</p><p>We can suppose Microsoft look at users' files for the US government on demand, though the “privacy policy” does not explicit say so. Will it look at users' files for the Chinese government on demand?</p><p>The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.</p> <p>It's as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn't drop Windowsnow.</p></li>now.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201410040"> <!--#set var="DATE" value='<small class="date-tag">2014-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>It only gets worse with time. <a href="https://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html"> Windows 10 requires users to give permission for total snooping</a>, including their files, their commands, their text input, and their voice input.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201405140"> <!--#set var="DATE" value='<small class="date-tag">2014-05</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/"> Microsoft SkyDrive allows the NSA to directly examine users' data</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201307110"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Skype contains <a href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>. Microsoft changed Skype <a href="https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data"> specifically for spying</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201307080"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Spyware in older versions of Windows: <a href="https://www.theregister.com/2003/02/28/windows_update_keeps_tabs/"> Windows Update snoops on the user</a>. <a href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html"> Windows 8.1 snoops on local searches</a>. And there's a <a href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA key in Windows</a>, whose functions we don't know.</p> </li> </ul> <h3id="drm">Microsoft DRM</h3> <ul> <li><p><a href="http://arstechnica.com/apple/2007/08/aacs-tentacles/"> DRM (digital restrictions mechanisms)id="tethers">Tethers</h3> <p>Tethers are functionalities that require constant (or very frequent) connection to a server.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit inWindows</a>, introducedmalware-microsoft.html. --> <li id="M202502280"> <!--#set var="DATE" value='<small class="date-tag">2025-02</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://arstechnica.com/gadgets/2025/02/on-may-5-microsofts-skype-will-shut-down-for-good/"> Microsoft is shutting down Skype</a> on May 5th, 2025. As with other tethered proprietary programs, users have tocaterrely on servers that are controlled by the developer. When these servers shut down, the service disappears. Instead of migrating to the service that Microsoft suggests as a replacement, Skype users should regain control of their communications by switching to one that is based on free software. <ahref="/proprietary/proprietary-drm.html#bluray">Bluray</a> disks. (The article also talks about howhref="https://jitsi.org/jitsi-meet/">Jitsi Meet</a>, for example, is appropriate for small video meetings. Anyone can set up a Jitsi server and let other people use it, and indeed many of these are available around thesame malware would later be introducedworld.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit inMacOS.)</p></li>malware-microsoft.html. --> <li id="M201708310"> <!--#set var="DATE" value='<small class="date-tag">2017-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The recent versions of Microsoft Office require the user to <a href="https://www.microsoft.com/en-us/microsoft-365/microsoft-365-for-home-and-school-faq?legRedir=true&CorrelationId=c9c5b549-11ad-4f71-bf81-b7e069fdb372"> connect to Microsoft servers at least every thirty-one days</a>. Otherwise, the software will refuse to edit any documents or create new ones. It will be restricted to viewing and printing.</p> </li> </ul> <h3id="jails">Microsoft Jails</h3> <ul> <li><p><a href="http://www.itworld.com/operating-systems/301057/microsoft-metro-app-store-lockdown">id="jails">Jails</h3> <p>Jails are systems that impose censorship on application programs.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201706130"> <!--#set var="DATE" value='<small class="date-tag">2017-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Windows 10 S was a jail: <a href="https://www.theguardian.com/technology/2017/may/03/windows-10-s-microsoft-faster-pc-comparison"> only programs from the Windows Store could be installed and executed</a>. It was however possible to <a href="https://www.theverge.com/2017/6/13/15789998/microsoft-windows-10-s-upgrade-windows-10-pro-guide"> upgrade to Windows 10 Pro</a>. The successor of Windows 10 S is a special configuration of Windows 10 called <a href="https://support.microsoft.com/en-us/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85"> S mode</a>. The major difference with Windows 10 S is that there is an easy way to switch out of S mode.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201210080"> <!--#set var="DATE" value='<small class="date-tag">2012-10</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20190917162027/https://www.itworld.com/article/2832657/microsoft-metro-app-store-lock-down.html"> Windows 8 on “mobile devices”is(now defunct) was ajail</a>: it censors the user's choice of application programs.</p></li>jail</a>.</p> </li> </ul> <h3id="tyrants">Microsoft Tyrants</h3> <ul> <li>id="tyrants">Tyrants</h3> <p>Tyrants are systems that reject any operating system not “authorized” by the manufacturer.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201607150"> <!--#set var="DATE" value='<small class="date-tag">2016-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft accidentally left a way for users to install GNU/Linux on Windows RT tablets, but now it has <ahref="http://www.securitynewspaper.com/2016/07/15/microsoft-silently-kills-dev-backdoor-boots-linux-locked-windows-rt-slabs/">href="https://www.securitynewspaper.com/2016/07/15/microsoft-silently-kills-dev-backdoor-boots-linux-locked-windows-rt-slabs/"> “fixed” the “error”</a>.Those arrogant bastardsThey have the gall to call this “protecting” the users. The article talks of installing “Linux”, but the context shows it is really <a href="/gnu/linux-and-gnu.html">GNU/Linux</a> that usersinstall. </p>install.</p> </li><li><p><a href="http://fsf.org/campaigns/secure-boot-vs-restricted-boot/"><!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. --> <li id="M201110110"> <!--#set var="DATE" value='<small class="date-tag">2011-10</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/"> Mobile devices that come with Windows 8 aretyrants</a>: they block users from installing other or modified operating systems.</p></li>tyrants</a>.</p> </li> </ul> <div class="column-limit"></div> <p>As this page shows, if you do want to clean your computer of malware, the first software to delete is Windows.</p></div><!-- for id="content", starts in the include above</div> </div> <!--#include virtual="/proprietary/proprietary-menu.html" --> <!--#include virtual="/server/footer.html" --> <divid="footer">id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating andsubmittingcontributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating andsubmittingcontributing translations of this article.</p> </div> <!-- Regarding copyright, in general, standalone pages (as opposed to files generated as part of manuals) on the GNU web server should be under CC BY-ND 4.0. Please do NOT change or remove this without talking with the webmasters or licensing team first. Please make sure the copyright date is consistent with the document. For web pages, it is ok to list just the latest year the document was modified, or published. If you wish to list earlier years, that is ok too. Either "2001, 2002, 2003" or "2001-2003" are ok for specifying years, as long as each year in the range is in fact a copyrightable year, i.e., a year in which the document was published (including being publicly visible on the web or in a revision control system). There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> <p>Copyright ©2014, 2015, 20162014-2025 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license"href="http://creativecommons.org/licenses/by-nd/4.0/">Creativehref="http://creativecommons.org/licenses/by/4.0/">Creative CommonsAttribution-NoDerivativesAttribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2025/03/17 14:42:45 $ <!-- timestamp end --> </p> </div></div></div><!-- for class="inner", starts in the banner include --> </body> </html>