Windows 10/11 as spyware: How to stop data transmission to Microsoft

In the default configuration, the new Microsoft operating system reads some telemetry data without being asked and sends it to several servers for evaluation. There is an established measure to prevent this – and it has other positive “side effects”.

Media reports: Microsoft and its partners are “spying” on Windows 11 users

Windows 11: a spyware machine out of users’ control?“, “How Windows 11 scrapes your data before you’re even connected to the internet” or “Windows 11 Sends Tremendous Amount of User Data to Third Parties“”: Headlines like these could be read on numerous IT websites in mid-February.

One trigger for this media response was the video “Has Windows become Spyware?” by The PC Security Channel. This video shows that a default installed Windows 11 sends numerous data to Microsoft and several third-party vendors. And this already after installation, without users having to start an application!

Is the Windows spying unusual?

The fact that Windows likes to “phone home” is no secret. Windows 11 and even Windows 10 are regularly in contact with Microsoft servers to check for updates or to send error reports. And Windows 11 and Windows 10 send telemetry data if this is not prevented. All of this has been known for many years.

In short: Modern Windows versions unfortunately behave like spyware. All this has been known for many years.

The current media reports show what many did not think, however: That a freshly installed Windows 11 sends numerous data to servers that don’t have anything directly to do with Microsoft. Behind the “recipients” are, among others, advertising networks and market research companies.

The data dump is defended by a Microsoft press spokesperson with these words to

“As with any modern operating system, users can expect to see data flowing to help them remain secure, up to date, and keep the system working as anticipated.”

In other words: If you want to use Windows 11, you have to live with the fact that Microsoft and other companies spy on the users in a certain way and constantly send data to different servers – according to the company from Redmond.

Stop Windows 10/11 phoning home!

Is Microsoft going the egoistic way of an “evil corporation” by reading out the data? No. Even in the open source scene, developers are interested in learning more about users and their behavior. For example, the telemetry data use of the Go programming language is currently being hotly debated.

Discussion and outrage or not – what does the collection of telemetry data mean for your company? Do you really have to put up with Windows “spying” by reading data and Microsoft selling some of it

The clear answer: No, absolutely not! Companies need a holistic IT security strategy that prevents the unintentional transfer of data! Companies – and individuals – should stop Windows 10/11 spying.

Windows 10/11 without spyware: How is that possible?

A radical protection option would be not to connect one’s Windows 11 computers to the network. But: A workplace without the Internet – that usually makes little sense nowadays.

Tools such as DoNotSpy11 are available for private users. Among other things, this removes the possibility for the operating system to collect user data for advertising tracking on single-user computers. This allows Windows spying to be switched off.

However, these options are not suitable for companies. Medium-sized and enterprise companies need other measures here, especially organizations in the area of critical infrastructure or in highly regulated environments (automotive, insurance and banking, medical care, etc.).

What really limits spying or data collection and transmission from Windows 10/11 is System Hardening. With “hardening” you configure your systems in such a way that Microsoft, Google, advertising networks and other “data octopuses” do not receive any relevant data. Incidentally, you reduce the attack surfaces for cyber attacks through the preventive measure.

Does System Hardening really help against “Microsoft spyware”?

The clear answer is: Yes, definitely!

Our specialists have examined the transmission of telemetry data on Windows 10 and Windows 11 based on a BSI tool. The summarized result looks like this:

Windows 10 w/o hardening Windows 10  hardened Windows  11 w/o hardening Windows  11
Data transmission detected Yes No Yes No

The unhardened Windows 11 sent around 450 data packets to Microsoft in one week, while the hardened system did not transmit a single one. This means we were able to switch off the Windows data transmission to Microsoft and thus stop Windows spying!

Complementing these findings, we and our partners regularly test new “offensive tools” against both unhardened and hardened systems. So far, the results are impressive: System Hardening also stops programs like DefenderSwitch/DefenderStop and it protects against Mimikatz and similar.

Is disabling Windows spying a “nice to have”?

Quite clearly: No!

Various laws and regulations such as GDPR, ISO 27001, NIS2, BAIT and B3S require companies and organizations to configure their systems securely. Accordingly, hardening and thus disabling “spy services” is not a “nice to have”, but a “must have”!

Insurers who offer so-called cyber insurance also consider System Hardening to be an important measure. If this is demonstrably not implemented in your case, significantly higher premiums can be the result. Or the insurance company may not even offer you a policy in the first place.

This means: If your company uses Windows 10 or Windows 11 without hardening the operating system, it is acting negligently and not in compliance with numerous specifications, regulations and laws!

End the Windows spying: How can hardening be implemented properly?

Is there an information security or compliance officer in your company? Ask him! He usually has a good overview of the current legal and regulatory requirements.

And determine the current technical state of your reference systems. You can use our free AuditTAP for this purpose, for example. The report and the AuditTAP risk score of the free tool shows you where there is still a need to catch up. Here is an example:

If you know the vulnerabilities, you should perform a professional and company-wide Windows 11 hardening. You can automate this process in larger infrastructure environments by using a hardening tool such as Enforce Adminstrator.

Enforce Administrator makes it possible to securely configure system landscapes with hundreds or even thousands of Windows 11 computers centrally. It also checks the status of hardened computers. This means that if there are any unintentional or accidental changes, these are monitored centrally and relevant teams are informed.

Do you want to turn off Windows spying? Do you need support with Windows hardening? Contact us, we will be happy to help you!

Send us a mail!


Leave a Reply