<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Microsoft's Software Is Malware
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<!--#include virtual="/proprietary/po/malware-microsoft.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
<img id="side-menu-icon" height="32"
src="/graphics/icons/side-menu.png"
title="Section contents"
alt=" [Section contents] " />
</a>
<p class="breadcrumb">
<a href="/"><img src="/graphics/icons/home.png" height="24"
alt="GNU Home" title="GNU Home" /></a> /
<a href="/proprietary/proprietary.html">Malware</a> /
By company /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Microsoft's Software is Malware</h2>
<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>
<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>
<div class="article">
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>
<div id="TOC" class="toc-inline">
<h3>Types of Microsoft malware</h3>
<ul>
<li><a href="#back-doors">Back doors</a></li>
<!--<li><a href="#censorship">Censorship</a></li>-->
<li><a href="#drm">DRM</a></li>
<li><a href="#insecurity">Insecurity</a></li>
<li><a href="#interference">Interference</a></li>
<li><a href="#jails">Jails</a></li>
<li><a href="#sabotage">Sabotage</a></li>
<li><a href="#subscriptions">Subscriptions</a></li>
<li><a href="#surveillance">Surveillance</a></li>
<li><a href="#tethers">Tethers</a></li>
<li><a href="#tyrants">Tyrants</a></li>
</ul>
</div>
<h3 id="back-doors">Back Doors</h3>
<ul class="blurbs">
<li id="M202010180">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.slashgear.com/windows-10-users-are-grumpy-over-forced-updates-and-unwanted-apps-18643135/">forcing
Windows users</a> to <a
href="https://support.microsoft.com/en-us/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe">install
upgrades it pushes</a> using <a
href="/proprietary/proprietary-back-doors.html#windows-update">its
universal back doors</a>. These upgrades can do various harms to
users such as restricting computers
<!-- Copied from some functions and/or forcing
users to defenselessly do whatever Microsoft tells them to do.</p>
</li> workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201608171">
<!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="windows-update">Microsoft
Windows has a universal back door through which <a
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183">
href="https://www.informationweek.com/government/microsoft-updates-windows-without-user-permission-apologizes">
any change whatsoever can be imposed on the users</a>.</p>
<p>This was <a
href="https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want">
reported in 2007</a> for XP and Vista, and it seems
that Microsoft used the same method to push the <a
href="/proprietary/malware-microsoft.html#windows10-forcing">
Windows 10 downgrade</a> to computers running Windows 7 and 8.</p>
<p>In Windows 10, the universal back door
is no longer hidden; all “upgrades” will be <a
href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">
href="https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">
forcibly and immediately imposed</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201512280">
<!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has <a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
backdoored its disk encryption</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201308230">
<!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The German government <a
href="https://www.theregister.co.uk/2013/08/23/nsa_germany_windows_8/">veers
href="https://www.theregister.com/2013/08/23/nsa_germany_windows_8/">veers
away from Windows 8 computers with TPM 2.0</a> (<a
href="https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa">original
article in German</a>), due to potential back
door capabilities of the TPM 2.0 chip.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201307300">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Here is a suspicion that
we can't prove, but is worth thinking about: <a
href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI">
Writable microcode for Intel and AMD microprocessors</a> may be a
vehicle for the NSA to invade computers, with the help of Microsoft,
say respected security experts.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201112080.1">
<!--#set var="DATE" value='<small class="date-tag">2011-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 8 also has a back door for <a
href="https://www.computerworld.com/article/2500036/microsoft--we-can-remotely-delete-windows-8-apps.html">
href="https://www.computerworld.com/article/2732767/microsoft--we-can-remotely-delete-windows-8-apps.html">
remotely deleting apps</a>.</p>
<p>You might well decide to let a security service that you trust
remotely <em>deactivate</em> programs that it considers malicious.
But there is no excuse for <em>deleting</em> the programs, and you
should have the right to decide whom (if anyone) to trust in this
way.</p>
</li>
</ul>
<h3 id="drm">DRM</h3>
<p>Digital restrictions management, or “DRM,” refers to
functionalities designed to restrict what users can do with the data
in their computers.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201904040">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Ebooks “bought” from Microsoft's store check that
their DRM is valid by connecting to the store every time their
“owner” wants to read them. Microsoft is going to close
this store, <a href="https://www.bbc.com/news/technology-47810367">
bricking all DRM'ed ebooks it has ever “sold”</a>. (The
article additionally highlights the pitfalls of DRM.)</p>
<p>This is another proof that a DRM-encumbered product doesn't belong
to the person who bought it. Microsoft said it will refund customers,
but this is no excuse for selling them restricted books.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M200708130.1">
<!--#set var="DATE" value='<small class="date-tag">2007-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="http://arstechnica.com/apple/2007/08/aacs-tentacles/">DRM href="https://arstechnica.com/gadgets/2007/08/aacs-tentacles/">DRM
in Windows</a>, introduced to cater to <a
href="/proprietary/proprietary-drm.html#bluray">Bluray</a>
href="/proprietary/proprietary-drm.html#bluray">Blu-ray</a> disks.
(The article talks about how the same malware would later be
introduced in MacOS. That had not been done at the time, but it was
done subsequently.)</p>
</li>
</ul>
<h3 id="insecurity">Insecurity</h3>
<p>These bugs are/were not intentional, so unlike the rest of the file
they do not count as malware. We mention them to refute the
supposition that prestigious proprietary software doesn't have grave
bugs.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202411220">
<!--#set var="DATE" value='<small class="date-tag">2024-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows Recall is a feature of Microsoft's Copilot tool that
comes preinstalled on AI-specialized computers. <a
href="https://www.techtarget.com/searchenterpriseai/feature/Privacy-and-security-risks-surrounding-Microsoft-Recall">
Recall records everything users do on their computer</a> and allows
them to search the recordings, but it has numerous security flaws and
poses a risk to privacy. As Recall cannot be completely uninstalled,
disabling it doesn't eliminate the risk because it can be reactivated
by malware or misconfiguration.</p>
<p>Microsoft says that <a
href="https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15">
Recall will not take screenshots of digitally restricted
media</a>. Meanwhile, it stores sensitive user information such as
passwords and bank account numbers, showing that whereas Microsoft
worries somewhat about corporate interests, it couldn't care less
about user privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202408140">
<!--#set var="DATE" value='<small class="date-tag">2024-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/">
A critical vulnerability in Windows systems
that support IPv6</a> was discovered in 2024, <a
href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063">
16 years after the first affected system</a> was released. Unless
the relevant patch is applied, an attacker can remotely execute
arbitrary code on these systems. Microsoft considers exploits
“likely.”</p>
<p>The same sort of vulnerability in a free/libre operating system
would probably be discovered sooner, since many more people would be
able to look at the source code.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202210140">
<!--#set var="DATE" value='<small class="date-tag">2022-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/">
The Microsoft Office encryption is weak</a>, and susceptible to
attack.</p>
<p>Encryption is a tricky field, and easy to mess up. It is wise
to insist on encryption software that is (1) free software and (2)
studied by experts.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202202090">
<!--#set var="DATE" value='<small class="date-tag">2022-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A security failure in Microsoft's Windows is <a
href="https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/">infecting
people's computers with RedLine stealer malware</a> using a fake
Windows 11 upgrade installer.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202107090">
<!--#set var="DATE" value='<small class="date-tag">2021-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A newly found Microsoft Windows vulnerability <a
href="https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/">
can allow crackers to remotely gain access to the operating system</a>
and install programs, view and delete data, or even create new user
accounts with full user rights.</p>
<p>The security research firm accidentally leaked instructions on
how the flaw could be exploited but Windows users should still wait
for Microsoft to fix the flaw, if they fix it.</p>
<p><small>Please note that the article
wrongly refers to crackers as “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202103050">
<!--#set var="DATE" value='<small class="date-tag">2021-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>At least 30 thousand organizations
in the United States are newly “<a
href="/philosophy/words-to-avoid.html#Hacker">cracked</a>” via <a
href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/">holes
in Microsoft's proprietary email software, named Microsoft 365</a>. It
is unclear whether there are other holes and vulnerabilities in the
program or not but history and experience tells us it wouldn't be
the last disaster with proprietary programs.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202102110">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Researchers at the security firm SentinelOne discovered a <a
href="https://www.wired.com/story/windows-defender-vulnerability-twelve-years/">security
flaw in proprietary program Microsoft Windows Defender that lurked
undetected for 12 years</a>. If the program was free (as in freedom),
more people would have had a chance to notice the problem, therefore,
it could've been fixed a lot sooner.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202004270">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The proprietary program Microsoft Teams' insecurity <a
href="https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif">could
href="https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif/">could
have let a malicious GIF steal user data from Microsoft Teams
accounts</a>, possibly across an entire company, and taken control
of “an organization's entire roster of Teams accounts.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201705120">
<!--#set var="DATE" value='<small class="date-tag">2017-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Exploits of bugs in Windows, which were developed by the NSA
and then leaked by the Shadowbrokers group, are now being used to <a
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
a great number of Windows computers with ransomware</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201608020">
<!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A <a
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
href="https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
in Internet Explorer and Edge</a> allows an attacker to retrieve
Microsoft account credentials, if the user is tricked into visiting
a malicious link.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201312040">
<!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
href="https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
Point-of-sale terminals running Windows were taken over</a> and
turned into a botnet for the purpose of collecting customers' credit
card numbers.</p>
</li>
</ul>
<h3 id="interference">Interference</h3>
<p>This section gives examples of Microsoft software harassing or annoying
the user, or causing trouble for the user. These actions are like
sabotage but the word “sabotage” is too strong for them.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202404260">
<!--#set var="DATE" value='<small class="date-tag">2024-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has started to <a
href="https://www.cnet.com/tech/who-wants-ads-in-their-windows-11-start-menu-heres-how-to-turn-them-off/">
show ads in the “Recommended” section of the
Windows 11 Start menu</a>. Previously, this section only included
recently used documents and images. Now it also contains the icons
of apps Microsoft wants to advertise, in the hope that the user will
click on one of them, and buy the app. So far, the user can disable
the ads, but this doesn't make them more legitimate.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202403150">
<!--#set var="DATE" value='<small class="date-tag">2024-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.theverge.com/2024/3/15/24101887/microsoft-bing-popups-windows-11-google-chrome">
Microsoft is using malware tactics to get users to switch to
their web browser</a>, Microsoft Edge, and their search engine, Microsoft
Bing. When users launch the Google Chrome browser Microsoft injects
a pop up advertisement in the corner of the screen advising users to
switch to Bing. Microsoft also imported users Chrome browsing data
without their knowledge or consent.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202311101">
<!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has been annoying people who wanted to
close the proprietary program OneDrive on their computers, <a
href="https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification">
forcing them to give the reason why they were closing it</a>. This
prompt was removed after public pressure.</p>
<p>This is a reminder that angry users still have the power to make
developers of proprietary software remove small annoyances. Don't
count on public outcry to make them remove more profitable malware,
though. Run away from proprietary software!</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202302140">
<!--#set var="DATE" value='<small class="date-tag">2023-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.theguardian.com/technology/2023/feb/14/microsoft-to-phase-out-internet-explorer-with-new-edge-browser">
remotely disabling Internet Explorer, forcibly redirecting users to
Microsoft Edge</a>.</p>
<p>Imposing such change is malicious, and the fact that the redirection
is from one unjust program (IE) to another unjust program (Edge)
does not excuse it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202108180">
<!--#set var="DATE" value='<small class="date-tag">2021-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is making it harder and harder to <a
href="https://www.theverge.com/22630319/microsoft-windows-11-default-browser-changes">replace
default apps in its Windows</a> operating system and is pressuring
users to use its proprietary programs instead. We believe the
best approach to this would be replacing Windows with a free
(as in freedom) operating system like GNU. We also maintain a <a
href="/distros/free-distros.html">list of fully free distributions
of GNU</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202102180">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows">forcibly
removing the Flash player from computers running Windows 10</a>, using
<a href="/proprietary/proprietary-back-doors.html#windows-update">a
universal backdoor in Windows</a>.</p>
<p>The fact that Flash has been <a
href="/proprietary/proprietary-back-doors.html#M202012020">disabled
by Adobe</a> is no excuse for this abuse of power. The nature of
proprietary software, such as Microsoft Windows, gives the developers
power to impose their decisions on users. Free software on the other
hand empowers users to make their own decisions.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202010180">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.slashgear.com/windows-10-users-are-grumpy-over-forced-updates-and-unwanted-apps-18643135/">forcing
Windows users</a> to <a
href="https://support.microsoft.com/en-us/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe">install
upgrades it pushes</a> using <a
href="/proprietary/proprietary-back-doors.html#windows-update">its
universal back doors</a>. These upgrades can do various harms to
users such as restricting computers from some functions and/or forcing
users to defenselessly do whatever Microsoft tells them to do.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201809120">
<!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>One version of Windows 10 <a
href="https://www.ghacks.net/2018/09/12/microsoft-intercepting-firefox-chrome-installation-on-windows-10/">
harangues users if they try to install Firefox (or Chrome)</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201803190">
<!--#set var="DATE" value='<small class="date-tag">2018-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is planning to make Windows <a
href="https://www.theguardian.com/technology/2018/mar/19/windows-10-microsoft-force-people-edge-browser-windows-mail-chrome-firefox">
impose use of its browser, Edge, in certain circumstances</a>.</p>
<p>The reason Microsoft can force things on users is that Windows
is nonfree.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201703170">
<!--#set var="DATE" value='<small class="date-tag">2017-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows displays <a
href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
href="https://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
intrusive ads for Microsoft products and its partners'
products</a>.</p>
<p>The article's author starts from the premise that Microsoft has
a right to control what Windows does to users, as long as it doesn't
go “too far”. We disagree.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201612140">
<!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Microsoft Telemetry Compatibility service <a
href="https://answers.microsoft.com/en-us/windows/forum/all/microsoft-telemetry-compatibility/cefa7c8e-49c9-4965-aef6-2d5f01bb38f2">
drastically reduces the performances of machines running
Windows 10</a>, and can't be disabled easily.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201608170">
<!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p> After <a href="/proprietary/malware-microsoft.html#windows10-forcing">forcing the download of Windows 10</a>
on computers that were running Windows 7 and 8, Microsoft <a
href="https://www.computerworld.com/article/3012278/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html">
repeatedly switched on a flag that urged users to
“upgrade” to Windows 10</a> when they had turned
it off, in the hope that some day they would fail to say no.
To do this, Microsoft used <a
href="https://www.theregister.co.uk/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/">
href="https://www.theregister.com/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/">
malware techniques</a>.</p>
<p>A detailed <a
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
analysis of Microsoft's scheme</a> is available on the Electronic
Frontier Foundation's website.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201603090">
<!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has made companies'
Windows machines managed by the company's sysadmins <a
href="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue
href="https://www.computerworld.com/article/3042397/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue
users to complain to the sysadmins about not “upgrading”
to Windows 10</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201601160">
<!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has <a
href="http://www.theverge.com/2016/1/16/10780876/microsoft-windows-support-policy-new-processors-skylake">desupported
href="https://www.theverge.com/2016/1/16/10780876/microsoft-windows-support-policy-new-processors-skylake">desupported
all future Intel CPUs for Windows 7 and 8</a>. Those
machines will be stuck with the nastier Windows 10. <a
href="http://gizmodo.com/only-the-latest-version-of-windows-will-run-on-some-fut-1753545825">
href="https://gizmodo.com/only-the-latest-version-of-windows-will-run-on-some-fut-1753545825">
AMD and Qualcomm CPUs, too</a>.</p>
<p>Of course, Windows 7 and 8 are unethical too, because they are
proprietary software. But this example of Microsoft's wielding its
power demonstrates the power it holds.</p>
<p>Free software developers also stop maintaining old versions of
their programs, but this is not unfair to users because the users of
free software have control over it. If it is important enough to you,
you and other users can hire someone to support the old version on
your future platforms.</p>
</li>
</ul>
<h3 id="sabotage">Sabotage</h3>
<p>The wrongs in this section are not precisely malware, since they do
not involve making the program that runs in a way that hurts the user.
But they are a lot like malware, since they are technical Microsoft
actions that harm the users of specific Microsoft software.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202412250">
<!--#set var="DATE" value='<small class="date-tag">2024-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows Defender <a
href="https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-deleted-my-download-without/0b4211cf-80f7-47c7-8ea0-675785a0003c">
deletes downloaded files that it considers malware</a> as soon as
they are saved to disk, without requesting permission to do so. Many
angry users have complained about this unacceptable behavior over the
last few years, and even suggested fixes, but Microsoft has ignored
them. It is high time for Windows users to escape Microsoft's tyranny
by migrating to a free/libre system.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201904041">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has been <a
href="https://borncity.com/win/2019/01/17/windows-10-update-kb4023057-re-released-1-16-2019/">
force-installing a “remediation”
program</a> on computers running certain
versions of Windows 10. Remediation, in Microsoft's view, means <a
href="https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a">
href="https://support.microsoft.com/en-us/topic/kb4023057-update-health-tools-windows-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a">
tampering with users' settings and files</a>, notably to
“repair” any components of the updating system that users
may have intentionally disabled, and thus regain full power over
them. Microsoft repeatedly pushed faulty versions of this program to
users' machines, causing numerous problems, some of which <a
href="https://www.windowsmode.com/microsoft-suspends-windows-10-october-2018-update-rollout-due-to-critical-bugs/">
href="https://web.archive.org/web/20240223182933/https://www.windowsmode.com/microsoft-suspends-windows-10-october-2018-update-rollout-due-to-critical-bugs/">
critical</a>.</p>
<p>This exemplifies the arrogant and manipulative attitude
that proprietary software developers have learned to adopt
toward the people they are supposedly serving. Migrate to a <a
href="/distros/free-distros.html">free operating system</a> if you
can!</p>
<p>If your employer makes you run Windows, tell the financial
department how this wastes your time dealing with endless connections
and premature hardware failures.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201704194">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has made Windows 7
and 8 cease to function on certain new computers, <a
href="https://support.microsoft.com/en-us/help/4012982/the-processor-is-not-supported-together-with-the-windows-version-that">effectively
href="https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/processor-not-supported-together-with-windows-version">effectively
forcing their owners to switch to Windows 10</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201704134">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://arstechnica.com/information-technology/2017/04/new-processors-are-now-blocked-from-receiving-updates-on-old-windows/">
has dropped support for Windows 7 and 8 on recent processors</a>
in a big hurry.</p>
<p>It makes no difference what legitimate reasons Microsoft might
have for not doing work to support them. If it doesn't want to do
this work, it should let users do the work.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201606270">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="windows10-forcing">In its efforts to trick users of Windows
7 and 8 into installing all-spying Windows 10 against their
will, Microsoft forced their computers to <a
href="https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1">
silently download… the whole of Windows 10</a>! Apparently,
this was done through a <a
href="/proprietary/proprietary-back-doors.html#windows-update">
universal back door</a>. Not only did the unwanted downloads <a
href="https://www.theregister.co.uk/2016/06/03/windows_10_upgrade_satellite_link/">
href="https://www.theregister.com/2016/06/03/windows_10_upgrade_satellite_link/">
jeopardize important operations in regions of the world with poor
connectivity</a>, but many of the people who let installation proceed
found out that this “upgrade” was in fact a <a
href="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146">
href="https://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146">
downgrade</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201606010">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Once Microsoft has tricked a user
into accepting installation of Windows 10, <a
href="https://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/">they
href="https://www.theregister.com/2016/06/01/windows_10_nagware_no_way_out/">they
find that they are denied the option to cancel or even postpone the
imposed date of installation</a>.</p>
<p>This demonstrates what we've said for years: using proprietary
software means letting someone have power over you, and you're going
to get screwed sooner or later.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201601310">
<!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>FTDI's proprietary driver
for its USB-to-serial chips has been designed to <a
href="http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/">sabotage
href="https://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/">sabotage
alternative compatible chips</a>
so that they no longer work. Microsoft is <a
href="http://it.slashdot.org/story/16/01/31/1720259/ftdi-driver-breaks-hardware-again">installing
href="https://it.slashdot.org/story/16/01/31/1720259/ftdi-driver-breaks-hardware-again">installing
this automatically</a> as an “upgrade”.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201511240">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 10 “upgrades” <a
href="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/">
delete applications</a> without asking permission.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201503260">
<!--#set var="DATE" value='<small class="date-tag">2015-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20191205010621/https://www.computerworld.com/article/3423768/windows-xp--end-of-an-era--end-of-an-error.html">Microsoft
cut off security fixes for Windows XP, except to some big users that
pay exorbitantly</a>.</p>
<p>Microsoft is going to <a
href="https://web.archive.org/web/20181030194725/https://www.computerworlduk.com/applications/more-than-half-of-all-ie-users-face-patch-axe-in-10-months-3605515/">
cut off support for some Internet Explorer versions</a> in the same
way.</p>
<p>A person or company has the right to cease to work on a particular
program; the wrong here is Microsoft does this after having made the
users dependent on Microsoft, because they are not free to ask anyone
else to work on the program for them.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201306220">
<!--#set var="DATE" value='<small class="date-tag">2013-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">Microsoft
informs the NSA of bugs in Windows before fixing them</a>.</p>
</li>
</ul>
<h3 id="subscriptions">Subscriptions</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201507150">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft Office forces users <a
href="https://www.computerworld.com/article/2948755/office-for-windows-10-will-require-office-365-subscription-on-pcs-larger-tablets.html">to
subscribe to Office 365 to be able to create/edit documents</a>.</p>
</li>
</ul>
<h3 id="surveillance">Surveillance</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202503280">
<!--#set var="DATE" value='<small class="date-tag">2025-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://arstechnica.com/gadgets/2025/03/new-windows-11-build-makes-mandatory-microsoft-account-sign-in-even-more-mandatory/">
tightening the chains that force Windows useds to sign into their
Microsoft account</a> [*], thus identifying themselves. We suspect this
is an intentional strategy to avoid inspiring a lot of resistance
all at once: leave openings to escape identification, then gradually
close them.</p>
<p>Enough is enough!</p>
<p>[*] <small>Why “useds”? Because running Windows is
not you using Windows; it is Windows using you.</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202502230">
<!--#set var="DATE" value='<small class="date-tag">2025-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://proton.me/blog/outlook-is-microsofts-new-data-collection-service">
Outlook has become a “data collection and ad delivery
service”</a>. Since Outlook is now integrated with
Microsoft “cloud” services, and doesn't support
end-to-end encryption, the company has full access to users'
emails, contacts, and calendar events. Microsoft may also <a
href="https://www.cyberkendra.com/2023/11/new-outlook-update-raises-privacy.html">
retrieve credentials associated with any third-party services</a>
that are synchronized with Outlook. This trove of personal data
enables Microsoft, as well as its commercial partners, to flood
users with targeted ads, and possibly to train “artificial
intelligences.” Even worse, this data is available to any
government that can force Microsoft to hand it over.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202407300">
<!--#set var="DATE" value='<small class="date-tag">2024-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In its default configuration, Windows 11 now <a
href="https://www.zdnet.com/article/windows-11-now-turns-on-onedrive-folder-backup-without-your-permission/">
uploads users' files and personal information to Microsoft's
“cloud”</a> without asking permission to do so. This is
presented as a convenient backup method, but if the allotted storage
capacity is exceeded, the user will need to buy more space, increasing
Microsoft's profit.</p>
<p>However, this small profit is probably not the company's major
reason for making cloud storage the default. Here is an excerpt
from the <a href="https://www.microsoft.com/en-US/servicesagreement">
Microsoft Services agreement</a> (Section 2b):</p>
<blockquote><p><i>To the extent necessary to provide the Services to
you and others, to protect you and the Services, and to improve
Microsoft products and services, you grant to Microsoft a worldwide
and royalty-free intellectual property license to use Your Content,
for example, to make copies of, retain, transmit, reformat,
display, and distribute via communication tools Your Content on the
Services.</i></p></blockquote>
<p>We strongly suspect that the backed-up material is used to feed
Microsoft's greedy “AI.” In addition, it is most likely
analysed to better profile users in order to flood them with targeted
ads, thereby generating more profit.</p>
<p>Users, on the other hand, are at the mercy of any
entity that demands their data, let alone of any cracker
that breaks into Microsoft's servers. They <em>must</em>
escape from this sick environment, and install a sane <a
href="https://www.gnu.org/distros/free-distros.html"> free/libre
system</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202306120">
<!--#set var="DATE" value='<small class="date-tag">2023-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Edge <a
href="https://www.neowin.net/news/edge-sends-images-you-view-online-to-microsoft-here-is-how-to-disable-that/">sends
the URLs of images the user views to Microsoft's servers</a> by
default, supposedly to “enhance” them. And these images
<a href="/proprietary/proprietary-surveillance.html#M201405140">may
end up on the NSA's servers</a>.</p>
<p>Microsoft claims its nonfree browser sends the URLs without
identifying you, which cannot be true, since at least your IP
address is known to the server if you don't take extra measures.
Either way, such enhancer service is unjust because any image editing
<a href="/philosophy/who-does-that-server-really-serve.html">should
be done on your own computer using installed free software</a>.</p>
<p>The article describes how to disable sending the URLs. That makes
a change for the better, but we suggest that you instead switch to a
freedom-respecting browser with additional privacy features such as
<a href="/software/gnuzilla/">IceCat</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202302080">
<!--#set var="DATE" value='<small class="date-tag">2023-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As soon as it boots, and without asking any permission, <a
href="https://web.archive.org/web/20230212120649/https://www.techspot.com/news/97535-windows-11-spyware-machine-out-users-control.html">Windows
11 starts to send data to online servers</a>. The user's personal
details, location or hardware information are reported to Microsoft and
other companies to be used as telemetry data. All of this is done is
the background, and users have no easy way to prevent it—unless
they switch the computer offline.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202301190">
<!--#set var="DATE" value='<small class="date-tag">2023-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/">
released an “update” that installs a surveillance
program</a> on users' computers to gather data on some installed
programs for Microsoft's benefit. The update is rolling out
automatically, and the program runs “one time silently.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202209220">
<!--#set var="DATE" value='<small class="date-tag">2022-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 11 Home and Pro now <a
href="https://www.microsoft.com/windows/windows-11-specifications">
require internet connection and a Microsoft account</a> to
complete the installation. Windows 11 Pro had an option to create
a local account instead, but the option has been removed. This
account can (and most certainly will) be used for surveillance
and privacy violations. Thankfully, a free software tool named <a
href="https://gothub.projectsegfau.lt/pbatard/rufus/">Rufus</a> can bypass those
requirements, or help users install a <a href="/distros/distros.html">
free operating system</a> instead.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202011260">
<!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft's Office 365 suite enables employers <a
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
snoop on each employee</a>. After
a public outburst, Microsoft stated that <a
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
would remove this capability</a>. Let's hope so.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202010221">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is imposing its
surveillance on the game of Minecraft by <a
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
every player to open an account on Microsoft's network</a>. Microsoft
has bought the game and will merge all accounts into its network,
which will give them access to people's data.</p>
<p>Minecraft players <a
href="https://directory.fsf.org/wiki/Minetest">can play Minetest</a>
instead. The essential advantage of Minetest is that it is free
software, meaning it respects the user's computer freedom. As a bonus,
it offers more options.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202010210">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As of 2019-2020, Minecraft players are <a
href="https://www.minecraft.net/en-us/article/java-edition-moving-house">being
forced to move to Microsoft servers</a>, which results in
privacy violation. Microsoft publishes a program so users can run
their own server, but the program is proprietary and it's another <a
href="/philosophy/free-software-even-more-important.html">injustice
to users</a>.</p>
<p>People can play <a
href="https://directory.fsf.org/wiki/Minetest">Minetest</a>
instead. Minetest is free software and respects the user's computer
freedom.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202004301">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/">are
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex-a7383469308/">are
collecting user's personal and identifiable data</a> including how long
a call lasts, who's participating in the call, and the IP addresses
of everyone taking part. From experience, this can even harm users
physically if those companies hand over data to governments.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202004131">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google, Apple, and Microsoft (and probably some other companies)
<a href="https://www.lifewire.com/wifi-positioning-system-1683343">are
collecting people's access points and GPS coordinates (which can
identify people's precise location) even if their GPS is turned
off</a>, without the person's consent, using proprietary software
implemented in person's smartphone. Though merely asking for permission
would not necessarily legitimize this.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201912160">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking
users to create an account on their network</a> to be able to install
and use the Windows operating system, which is malware. The account can
be used for surveillance and/or violating people's rights in many ways,
such as turning their purchased software to a subscription product.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201908210">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft recorded users of Xboxes and had <a
href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
human workers listen to the recordings</a>.</p>
<p>Morally, we see no difference between having human workers listen and
having speech-recognition systems listen. Both intrude on privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201908151">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Skype refuses to say whether it can <a
href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
on calls</a>.</p>
<p>That almost certainly means it can do so.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201905281">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
people to give their phone number</a> in order to be able to create an account on
the company's network. On top of mistreating their users by providing
nonfree software, Microsoft is tracking their lives outside the computer and
violates their privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201710134">
<!--#set var="DATE" value='<small class="date-tag">2017-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 10 telemetry program sends information to Microsoft about
the user's computer and their use of the computer.</p>
<p>Furthermore, for users who installed the
fourth stable build of Windows 10, called the
“Creators Update,” Windows maximized the surveillance <a
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law/">
by force setting the telemetry mode to “Full”</a>.</p>
<p>The <a
href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
“Full” telemetry mode</a> allows Microsoft Windows
engineers to access, among other things, registry keys <a
href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)">
which can contain sensitive information like administrator's login
password</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201702020">
<!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>DRM-restricted files can be used to <a
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">
identify people browsing through Tor</a>. The vulnerability exists
only if you use Windows.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201611240">
<!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>By default, Windows 10 <a
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
href="https://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties/">sends
debugging information to Microsoft, including core dumps</a>. Microsoft
now distributes them to another company.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201608170.1">
<!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate"
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
blatantly disregards user choice and privacy</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201603170">
<!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
href="https://duo.com/decipher/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
Windows 10 comes with 13 screens of snooping options</a>, all enabled
by default, and turning them off would be daunting to most users.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201601050">
<!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>It appears <a
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
href="https://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
Windows 10 sends data to Microsoft about what applications are
running</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201511264">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A downgrade to Windows 10 deleted surveillance-detection
applications. Then another downgrade inserted a general spying
program. Users noticed this and complained, so Microsoft renamed it <a
href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
href="https://www.theregister.com/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
to give users the impression it was gone</a>.</p>
<p>To use proprietary software is to invite such treatment.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201508130">
<!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
href="https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
Windows 10 sends identifiable information to Microsoft</a>, even if
a user turns off its Bing search and Cortana features, and activates
the privacy-protection settings.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201507300">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 10 <a
href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
ships with default settings that show no regard for the privacy of
its users</a>, giving Microsoft the “right” to snoop on
the users' files, text input, voice input, location info, contacts,
calendar records and web browsing history, as well as automatically
connecting the machines to open hotspots and showing targeted ads.</p>
<p>We can suppose Microsoft looks at users' files for the US government
on demand, though the “privacy policy” does not explicitly
say so. Will it look at users' files for the Chinese government
on demand?</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201506170">
<!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft uses Windows 10's “privacy policy”
to overtly impose a “right” to look at
users' files at any time. Windows 10 full disk encryption <a
href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
gives Microsoft a key</a>.</p>
<p>Thus, Windows is overt malware in regard to surveillance, as in
other issues.</p>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
<p>It's as if Microsoft has deliberately chosen to make Windows 10
maximally evil on every dimension; to make a grab for total power
over anyone that doesn't drop Windows now.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201410040">
<!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>It only gets worse with time. <a
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
href="https://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
Windows 10 requires users to give permission for total snooping</a>,
including their files, their commands, their text input, and their
voice input.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201405140">
<!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
Microsoft SkyDrive allows the NSA to directly examine users'
data</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201307110">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Skype contains <a
href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
Microsoft changed Skype <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
href="https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
specifically for spying</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201307080">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in older versions of Windows: <a
href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
href="https://www.theregister.com/2003/02/28/windows_update_keeps_tabs/">
Windows Update snoops on the user</a>. <a
href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
Windows 8.1 snoops on local searches</a>. And there's a <a
href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
key in Windows</a>, whose functions we don't know.</p>
</li>
</ul>
<h3 id="tethers">Tethers</h3>
<p>Tethers are functionalities that require constant (or very frequent)
connection to a server.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M202502280">
<!--#set var="DATE" value='<small class="date-tag">2025-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://arstechnica.com/gadgets/2025/02/on-may-5-microsofts-skype-will-shut-down-for-good/">
Microsoft is shutting down Skype</a> on May 5th, 2025. As with other
tethered proprietary programs, users have to rely on servers that are
controlled by the developer. When these servers shut down, the service
disappears. Instead of migrating to the service that Microsoft suggests
as a replacement, Skype users should regain control of their
communications by switching to one that is based on free software.
<a href="https://jitsi.org/jitsi-meet/">Jitsi Meet</a>, for example, is
appropriate for small video meetings. Anyone can set up a Jitsi server
and let other people use it, and indeed many of these are available
around the world.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201708310">
<!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The recent versions of Microsoft Office require the user to <a
href="https://products.office.com/en-us/microsoft-office-for-home-and-school-faq?legRedir=true&CorrelationId=c9c5b549-11ad-4f71-bf81-b7e069fdb372">
href="https://www.microsoft.com/en-us/microsoft-365/microsoft-365-for-home-and-school-faq?legRedir=true&CorrelationId=c9c5b549-11ad-4f71-bf81-b7e069fdb372">
connect to Microsoft servers at least every thirty-one
days</a>. Otherwise, the software will refuse to edit any documents
or create new ones. It will be restricted to viewing and printing.</p>
</li>
</ul>
<h3 id="jails">Jails</h3>
<p>Jails are systems that impose censorship on application programs.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201706130">
<!--#set var="DATE" value='<small class="date-tag">2017-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 10 S was a jail: <a
href="https://www.theguardian.com/technology/2017/may/03/windows-10-s-microsoft-faster-pc-comparison">
only programs from the Windows Store could be
installed and executed</a>. It was however possible to <a
href="https://www.theverge.com/2017/6/13/15789998/microsoft-windows-10-s-upgrade-windows-10-pro-guide">
upgrade to Windows 10 Pro</a>. The successor of Windows
10 S is a special configuration of Windows 10 called <a
href="https://support.microsoft.com/en-us/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85">
S mode</a>. The major difference with Windows 10 S is that there is
an easy way to switch out of S mode.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201210080">
<!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20190917162027/https://www.itworld.com/article/2832657/microsoft-metro-app-store-lock-down.html">
Windows 8 on “mobile devices” (now defunct) was a
jail</a>.</p>
</li>
</ul>
<h3 id="tyrants">Tyrants</h3>
<p>Tyrants are systems that reject any operating system not
“authorized” by the manufacturer.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201607150">
<!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft accidentally left a way for users
to install GNU/Linux on Windows RT tablets, but now it has <a
href="http://www.securitynewspaper.com/2016/07/15/microsoft-silently-kills-dev-backdoor-boots-linux-locked-windows-rt-slabs/">
href="https://www.securitynewspaper.com/2016/07/15/microsoft-silently-kills-dev-backdoor-boots-linux-locked-windows-rt-slabs/">
“fixed” the “error”</a>. They have the gall
to call this “protecting” the users. The article talks
of installing “Linux”, but the context shows it is really
<a href="/gnu/linux-and-gnu.html">GNU/Linux</a> that users install.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-microsoft.html. -->
<li id="M201110110">
<!--#set var="DATE" value='<small class="date-tag">2011-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="https://fsf.org/campaigns/secure-boot-vs-restricted-boot/"> href="https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/">
Mobile devices that come with Windows 8 are tyrants</a>.</p>
</li>
</ul>
<div class="column-limit"></div>
<p>As this page shows, if you do want to clean your computer of malware,
the first software to delete is Windows.</p>
</div>
</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2014-2021 2014-2025 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2025/05/08 09:07:41 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>