Is Windows 11 a spyware? A call to finally take action!

In the default configuration, the new Microsoft operating system reads some telemetry data without being asked and sends it to several servers for evaluation. There is an established measure to prevent this – and it has other positive “side effects”.

Media reports: Microsoft and its partners are “spying” on Windows 11 users

Windows 11: a spyware machine out of users’ control?“, “How Windows 11 scrapes your data before you’re even connected to the internet” or “Windows 11 Sends Tremendous Amount of User Data to Third Parties“”: Headlines like these could be read on numerous IT websites in mid-February.

One trigger for this media response was the video “Has Windows become Spyware?” by The PC Security Channel. This video shows that a default installed Windows 11 sends numerous data to Microsoft and several third-party vendors. And this already after installation, without users having to start an application!

Is the reading of telemetry data unusual?

The fact that the current operating system likes to “phone home” is no secret. Windows 11 and even Windows 10 are regularly in contact with Microsoft servers to check for updates or to send error reports. And Windows 11 and Windows 10 send telemetry data if this is not prevented. All of this has been known for many years.

The current media reports show what many did not think, however: That a freshly installed Windows 11 sends numerous data to servers that don’t have anything directly to do with Microsoft. Behind the “recipients” are, among others, advertising networks and market research companies.

The data dump is defended by a Microsoft press spokesperson with these words to

“As with any modern operating system, users can expect to see data flowing to help them remain secure, up to date, and keep the system working as anticipated.”

In other words: If you want to use Windows 11, you have to live with the fact that Microsoft and other companies spy on the users in a certain way and constantly send data to different servers – according to the company from Redmond.

Stop now the “data collecting rage” of Windows 11!

Is Microsoft going the egoistic way of an “evil corporation” by reading out the data? No. Even in the open source scene, developers are interested in learning more about users and their behavior. For example, the telemetry data use of the Go programming language is currently being hotly debated.

Discussion and outrage or not – what does the collection of telemetry data mean for your company? Do you really have to accept that your systems read out large amounts of data and that some of this data is sold?

The clear answer: No, absolutely not! Companies need a holistic IT security strategy that prevents the unintentional transfer of data!

How can Windows 11 be configured according to the state of the art?

A radical protection option would be not to connect one’s Windows 11 computers to the network. But: A workplace without the Internet – that usually makes little sense nowadays.

Tools such as DoNotSpy11 are available for private users. With these tools, the Microsoft operating system can be deprived of the ability to collect user data for advertising tracking on standalone computers. However, these options are not suitable for companies.

Medium-sized and enterprise companies need other measures here, especially organizations in the area of critical infrastructure or in highly regulated environments (automotive, insurance and banking, medical care, etc.).

What really limits spying or data collection and transmission from Windows 11 is system hardening. With “hardening” you configure your systems in such a way that Microsoft, Google, advertising networks and other “data octopuses” do not receive any relevant data. Incidentally, you reduce the attack surfaces for cyber attacks through the preventive measure.

Does system hardening really help against the hidden Windows 11 “spyware”?

Yes, definitely!

Our specialists have examined the transmission of telemetry data on Windows 10 and Windows 11 based on a BSI tool. The summarized result looks like this:

Windows 10 w/o hardening Windows 10  hardened Windows  11 w/o hardening Windows  11
Data transmission detected Yes No Yes No

The unhardened Windows 11 sent around 450 data packets to Microsoft in one week, while the hardened system did not transmit a single one.

Complementing these findings, we and our partners regularly test new “offensive tools” against both unhardened and hardened systems. So far, the results are impressive: System Hardening also stops programs like DefenderSwitch/DefenderStop and it protects against Mimikatz and similar.

Is disabling Windows spying a “nice to have”?

Quite clearly: No!

Various laws and regulations such as DS-GVO, ISO 27001, NIS2, BAIT and B3S require companies and organizations to configure their systems securely. Accordingly, hardening and thus disabling “spy services” is not a “nice to have”, but a “must have”!

Insurers who offer so-called cyber insurance also consider system hardening to be an important measure. If this is demonstrably not implemented in your case, significantly higher premiums can be the result. Or the insurance company may not even offer you a policy in the first place.

This means: If your company uses Windows 11 without hardening the operating system, it is acting negligently and not in compliance with numerous specifications, regulations and laws!

How can hardening be implemented properly?

Is there an information security or compliance officer in your company? Ask him! He usually has a good overview of the current legal and regulatory requirements.

And determine the current technical state of your reference systems. You can use our AuditTAP for this purpose, for example. The report and the AuditTAP risk score of the free tool shows you where there is still a need to catch up.

If you know the vulnerabilities, you should perform a professional and company-wide Windows 11 hardening. You can automate this process in larger infrastructure environments by using a hardening tool such as Enforce Adminstrator.

Enforce Administrator makes it possible to securely configure system landscapes with hundreds or even thousands of Windows 11 computers centrally. It also checks the status of hardened computers. This means that if there are any unintentional or accidental changes, these are monitored centrally and relevant teams are informed.

Do you need support with hardening Windows 11 and other operating systems? Contact us!

Send us a mail!


Leave a Reply