Compatibility Appraiser, Information Security, Microsoft, Patch Tuesday, Privacy, Top News, Vulnerability, Windows, Windows 10, Windows 7, windows telemetry

Windows 7 users upset by unwanted Patch Tuesday telemetry

Has Microsoft just been caught trying to sneak a compatibility assessment tool into July’s supposedly security-only Patch Tuesday update for Windows 7?

Some users who signed up for ‘security-only’ updates for Windows 7 have taken to Twitter and even emailed journalists to voice their suspicions after noticing the inclusion of something called the Compatibility Appraiser tool into KB4507456 patch.

Depending on your interpretation of Microsoft adding a non-security component to what is advertised as a security update, this is either a minor controversy that is being blown out of proportion, or the latest example of Microsoft’s disregard for its users’ wishes.

The technical roots of the issue date back to 2016 when Microsoft tried to simplify its patching for older Windows versions by offering Windows 7 and 8.1 users two types of update – the first a ‘Monthly Rollup’ of all security and non-security patches (i.e bugs and reliability), the second a security-only update relating to that month’s fixes.

Individual security patches were no longer available with the security-only update which made it an all-in-one.

Ominously, in advance of Windows 10’s launch the year before, Microsoft hit a controversy bump when it started pushing an update, KB 2952664, with diagnostics designed to, in Microsoft’s words:

Evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows.

According to Windows expert Woody Leonhard, Windows 7 SP1 had added a new task, ‘DoScheduledTelemetryRun’, set to fire up at 3am every day, which didn’t go down well with everyone.

Since then, Microsoft has continued to add this Compatibility Appraiser (which sends Microsoft technical data about the ability of a computer to run Windows 10) to updates.

Normally, Compatibility Appraiser should only run on the machines of users who are part of the Windows Customer Experience Improvement Program (CEIP), which has been turned on by default on all Windows versions since Vista (i.e. users need to turn it off).

That said, users signing up for security-only updates on Windows 7 shouldn’t be part of that group if they’ve opted out.

Non-communication

Regardless of Microsoft’s intentions and the data that is or is not being collected by the Compatibility Appraiser, Microsoft has at the very least failed the communication test about why it was included.

Was this a harmless mistake made by Microsoft in advance of Windows 7’s end of support in January 2020? Or another example of Microsoft not paying attention to the fact that a sizeable minority of Windows users want to remain in control of what happens on their computers?

The unmistakable lesson: Microsoft’s focus might have shifted to Windows 10 and the need to control the upgrade cycle, but no user is as enthralled by that top-down world view.

Source : Naked Security

Previous ArticleNext Article

Send this to a friend