I have written a few articles about computers and privacy and how you need to be careful what you access, use, and disclose. This article adds some fuel to that fire of eroding privacy. For most of us “users” out here if we still use a laptop or desktop, when it comes to our daily computing needs there really are only two viable choices; Mac or Windows. Sure, you can install Linux or its many variants, but only a small part of the computing public that wants to read email, do some online shopping, and pay our bills have the technical savvy to create and maintain a Linux machine.
Somewhere in deep storage, I still have Windows 3.1 floppy disks and I have faithfully upgraded through the many iterations of Windows for nearly 30 years. For almost all of that time, through all the versions, Windows was a “program” that ran on your chosen hardware. You bought the disks, installed the program and ran it. For years, it ran on top of DOS, which you could switch back to anytime you wanted to, in order to do low-level file maintenance, format a disk, or catalog directories.
Then, Windows became its own Operating System, no longer dependent on a foundation of DOS to run, although you could open a “DOS box” from within windows if you needed to. Soon, for all but the most hard core users, DOS became nothing but a vague memory.
Then came Windows 10. A free “upgrade” from Windows 7 for anyone who wanted it. Touted as bigger, better, faster, stronger, and with insinuations that Windows 7 was destined to become “unsupported,” the Microsoft team worked very hard to convince users to adopt the new Windows 10 standard. Before I launch into the meat of this article though, I want you to know that I have been a Windows “Insider” almost since Microsoft offered the program to me in January 2015. I have seen the herculean effort that the developers undertook to make Windows 10 the most flexible an compatible operating system in the history of PC’s. I downloaded dozens of Beta versions and saw the base of hardware and peripherals that Windows 10 supports grow exponentially to include even obscure and arcane devices. And, I read the fine print that detailed how Windows 10 would no longer be a “program” but rather be sold as a “service.”
That distinction has HUGE implications. For the most part, in the good old days, when you purchased a computer program you received it on some physical media, like floppies or later a CD, and subject to some limitations in the user agreement against copying or distributing it, you OWNED it. You could do what you wanted with it. You controlled it.
But now, as a “service,” Windows is no longer yours in any way. It’s a rented set of instructions, owned and operated by a third party that resides on your computer. THEY control it. You just “use” it.
Think of it like this. If you own a swimming pool, you can either maintain it yourself, or hire a pool “service.” If you decide to do-it-yourself, my local pool store sells a pool maintenance kit with the basic tools and chemicals you will need to keep your pool sparkling. They offer technical assistance if you get into a bind, and sell you stuff your run out of but, for the most part, YOU test your pool water and you decide what to pour into your pool water and when and how much.
But, if you decide to hire a pool “service,” things change drastically. Anytime they want, the pool people come and test your water. They decide what to put in it and how much. If they think you need algaecide, they pour it in. Chlorine? Plop, plop. As far as your are concerned, all you see is blue water and a monthly bill. Very convenient, much less time consuming, and generally safe. Unless the pool people hire someone that decides to case your house with each visit. Or, either due to negligence or malice, they pour something harmful into your pool. You don’t know what’s in that bottle, or what they are doing at your house while you are at work. You gave them permission to access your property and you won’t know what’s gone wrong until it’s too late.
So it now goes with your computer privacy. You are running Windows as a service, and no longer have ANY control over what it does while you are at work. Like so many other companies, Microsoft has discovered the value of accumulating and monetizing your private data. So, windows is rife with functions that transmit all manner of your user data to them while you blissfully read your email and shop for doggy treats.
Recently, the Windows Feedback Hub had some buzz about a new problem that apparently took people’s computers out of sleep or hibernate mode every day at 10:00am and ran some unknown function. When they asked about it on the Microsoft Forum, some early responses directly from Microsoft Support Engineers, labeled it as a threat.
Ever since the Windows operating system went from being a “program” to being a “service,” stuff like this has become a daily occurrence. “Customer Experience Improvement Program,” “Telemetry,” “Compatibility Checker,” and now this mysterious “remsh.exe,” that wakes my sleeping computers every day at 10:00am and then performs a series of unknown processes, some of which apparently send mountains of data to some Microsoft server somewhere, are just recent examples.
To add insult, the process doesn’t even graciously return the PC to sleep, but rather when I walked into my home office yesterday around noon, I found two of my computers, fans churning, running full on.
Idiotically, when this program was first reported on various MICROSOFT SPONSORED AND SUPPORTED technical assistance forums, some “official” Microsoft respondents labeled it “Malware” and a “Virus.” Quoting from one engineer’s response, “We’ve checked on the that .exe file and it seems that it has been known to be a possible malware.” “That .exe file” he was commenting on was part of an official MS update to Windows 10! “We’ve checked on it”? Who did they check with? Apple?
It seems that wherever in the bowels of MS this bit of Devil spawn originated, even the people charged with trying to help the poor users of their product weren’t told about it. Furthermore, even today, no one has yet actually owned up to what this program really does and what it is sending out every day at 10:00am, despite being directly asked on the MS forum.
Aside from the egregious behavior of just blatantly waking your computer whenever it wants to and then mining and sending your data off to PartsUnknown, it more broadly speaks to the disregard in which we, the customers, are held by “them,” the Corporation. Changing the operating state of YOUR computer at will, mining and storing your data at will, and modifying the operating system without notice and certainly without your permission is the new normal.
Once Windows became a “service” ostensibly so it would be more flexible, usable, and repairable, you basically signed away every last shred of privacy and control of your machine and your data. Any one of my computers “phones home” dozens of times a session and with gigabit internet speeds, can send anything anywhere in microseconds.
Long gone are the days when everything that ran on your machine was something YOU purposefully and with forethought chose to install, and allowed to run. Now, obscure commands, buried in the Registry, hidden in the Task Manager, or linked to sign-in, boot, or start of another program, gleefully chew up CPU cycles, clog your network, and whisk your privacy off to the cloud. Not occasionally, but rather, constantly; all the time your computer is on, and now, even when you thought you put it into sleep or hibernate until you got back.
I don’t suggest you run a packet sniffer like Wireshark during your typical computer sessions, as the results will cause your paranoia alarms to overload. The amount of spurious traffic on the WAN that is constantly buzzing in the background, targeting servers world-wide is staggering. You could develop a full time hobby trying to resolve the I.P. addresses of just one-day’s traffic.
You just have to face the fact that all illusions of data privacy that you may wish you had are completely gone. MS is but one small player in the wholesale erasure of your rights to your own data. In Europe, where they have much stricter computer privacy laws, corporations just bury permission to access, store, and sell your data deeper in the verbiage of the “User Agreement,” and violate you anyway. Here, in the good ole’ USA, Equifax, Home Depot, Target, etc. dump all your critical “personally identifying data” all over the street, and my State government sees fit to make a .pdf of the deed to my house, complete with my signature, available in just a few clicks of the mouse.
Wi-Fi’s WPA2 standard had been hacked to death by “Krack,” iOS and Android are a Swiss cheese of security, ( I particularly like the whole concept of them asking for “Permissions” when you install or update an App as to give you the illusion that you have SOME control over what your phone or tablet spews out to the ether about you) and one of the biggest Anti-Virus makers in the world is basically a branch of the Russian Intelligence Service.
So, that’s my rant. Remsh.exe is a minuscule grain of pepper in a mountain of fly turds. I’m just pissed that it turns my computer on unexpectedly. It should at least have the decency to sell me down the river on MY schedule, not theirs.