How to block these 2 addresses through the router firewall?
- Thread starter Phoenix
- Start date
AdvHomeServer
Senior Member
http://thehackernews.com/2015/08/windows-spying-on-you.html
Following the steps in this article will remove the updates associated with those addresses. It's unclear if that will stop the communication, but the implication is that it will.
Linux Update: Replaced Win 8.1 with OpenSUSE, then Fedora. Both were unsuitable as replacements due to little idiosyncrasies with the usability ... little details that made both unusable as replacements.
Loaded Linux Mint. It's really nice. Going to play with it more today but it looks, so far, like a winner. All the details you expect to encounter are there. My desktop passed the "Family Tries It Out and Didn't Complain' test. Wine is a pretty good Win emulator, but still experimenting .... too soon to draw a conclusion. Haven't got OpenVPN client working ... not as easy to configure as I want. Advice welcome. Using tun interface on port 443 for pass through only. In contrast, Android almost installs and configures OpenVPN client on its own. If tests are successful, no reason to load Windows Any Version back on laptop, so far they look very good. Laptop much peppier now due to no antivirus loaded. Still unsure about "linux doesn't need an antivirus' concept.
Phoenix
Regular Contributor
That doesn't answer my question man, I want to block those 2 addresses in the router itself.......
As to the Windows udpates to avoid, here is I compiled:
I have been noticing lately a lot of people keep asking the same question on how to prevent the Windows 10 upgrade so here is a list of updates that need to be hidden in order to prevent the Windows 10 Upgrade or prevent updates that enable Telemetry, some of them are system preparation for the upgrade so you may not find them all in your updates list until a pre-requistie update was installed before.
If doing a clean installation of Windows 7 or 8, you need to scan the list of updates carefully everytime updates appear to ensure none of them re-appears as Micro$h4ft has been showing some of them again even if you hide them.
If you have already installed Windows and did a few updates, then head over to Control Panel > Programs and Features > View Installed Updates then go from the top to the bottom through the list to ensure none of them is installed, if you do find one installed, then uninstall it, reboot, then check for updates and once it appears right click on it and hide it.
These Windows 10 upgrade activation updates are like a virus really, only thing is, it's a legit virus
=============================================================
KB2505438 (Although it claims to fix performance issues, it often breaks fonts)
KB2670838 (The EVIL Update, breaks AERO on Windows 7 and makes some fonts on websites fuzzy, Windows 7 specific update only, do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install)
KB2952664 (Windows 10 Upgrade preparation)
KB2976978 (Windows 10 Upgrade preparation)
KB2977759 (Windows 10 Upgrade preparation)
KB2990214 (Windows 10 Upgrade preparation)
KB3021917 (Windows 10 Upgrade preparati0on + Telemetry)
KB3022345 (Telemetry)
KB3035583 (Windows 10 upgrade preparation)
KB3044374 (Windows 10 upgrade preparation for Windows 8 systems)
KB3068708 (Telemetry)
KB3075249 (Telemetry)
KB3080149 (Telemetry)
=============================================================
If you have installed any of the above updates, simply copy paste the below command lines and paste them one by one (according to which update you want to uninstall) in an elevated command prompt:
Code:
•wusa /uninstall /kb:2505438 /quiet /norestart
•wusa /uninstall /kb:2670838 /quiet /norestart
•wusa /uninstall /kb:2952664 /quiet /norestart
•wusa /uninstall /kb:2976978 /quiet /norestart
•wusa /uninstall /kb:2977759 /quiet /norestart
•wusa /uninstall /kb:2990214 /quiet /norestart
•wusa /uninstall /kb:3021917 /quiet /norestart
•wusa /uninstall /kb:3022345 /quiet /norestart
•wusa /uninstall /kb:3035583 /quiet /norestart
•wusa /uninstall /kb:3044374 /quiet /norestart
•wusa /uninstall /kb:3068708 /quiet /norestart
•wusa /uninstall /kb:3075249 /quiet /norestart
•wusa /uninstall /kb:3075851 /quiet /norestart
•wusa /uninstall /kb:3080149 /quiet /norestartAdditionally, please go to Task Scheduler and disable the following items:
AdvHomeServer
Senior Member
Thanks.
BTW, where did you get this level of detail? I already did some of it but you presented more than is commonly available at the sites I visit. Any links to people / sites who have already done this with reports about effectiveness?
About blocking ... check and see if your router has that capability just by typing in the addresses. Maybe a parental control page.
BTW, where did you get this level of detail? I already did some of it but you presented more than is commonly available at the sites I visit. Any links to people / sites who have already done this with reports about effectiveness?
About blocking ... check and see if your router has that capability just by typing in the addresses. Maybe a parental control page.
Phoenix
Regular Contributor
It took a while man, I have been switching between Win 7 and 10 for a while now and on Win 7 when I see a new update, I research what it does and if it has anything to do with the Windows 10 upgrade or has anything to do with Telemetry I add it to the list.
You may not find all of the updates as some of them rely on other updates to be installed for them to appear. For example, I never see KB3035583 which is the number 1 update responsible for the Win 10 upgrade, reason being I didn't install any of the pre-requisties.
That list you provided barely touches the surface of how dangerous the latest updates are.
AdvHomeServer
Senior Member
1) I use The Hacker News and Ghacks to bird dog the daily scoops. They appear to like to try things out and report on them. Big news makes it to Infoworld / Computerworld. Try getting your story out to them for a 2nd opinion and to be helpful to everyone else. You'll know if you hit a nerve if the Microsoft apologists make fun of you or your findings for not wanting MS to get in your business.
2) Now you know why I'm looking into a Win alternative. I have better things to do than be an unwilling marketing objective of Microsoft. Android already does that and I have to accept it if I want to use a cell phone or tablet ... at least ad blocker helps a bit there.
3) This is probably why you can't block updates on Win 10, so MS can always keep an eye on you so it can sell you something, or whatever else is possible with the unique code each PC that loads Win 10 uses to link personal info with database records. For all I know, it's the new version of NSA metadata collection ... if not today then potentially later as data collection capabilities encounter the human ability to rationalize just about anything. No, I'm not a bad guy, but that doesn't mean I want someone looking over my shoulder and collecting, potentially, whatever they want.
Last edited:
gatorback
Regular Contributor
"How can I block those 2 addresses completely in my AC68U Router: vortex-win.data.microsoft.com and settings-win.data.microsoft.com"
BLOCKING OUTBOUND TRAFFIC: LAN devices can be blocked from accessing target URLS by configuring DNS to incorrectly resolving the IP address. Check the ENTWARE packages out there. This may be referred to as DNS poisoning. A nifty example of this is 'Pixelserv', found on OPTWARE.
It is also possible to DROP inbound traffic (using IPTABLES) from known targets.
If you block at the router layer and connect your device to another router, your Win10 box is 'vulnerable' to MS updates. Why not block these using the hosts file or similar mechanism first?
https://en.wikipedia.org/wiki/Hosts_(file)
BLOCKING OUTBOUND TRAFFIC: LAN devices can be blocked from accessing target URLS by configuring DNS to incorrectly resolving the IP address. Check the ENTWARE packages out there. This may be referred to as DNS poisoning. A nifty example of this is 'Pixelserv', found on OPTWARE.
It is also possible to DROP inbound traffic (using IPTABLES) from known targets.
If you block at the router layer and connect your device to another router, your Win10 box is 'vulnerable' to MS updates. Why not block these using the hosts file or similar mechanism first?
https://en.wikipedia.org/wiki/Hosts_(file)
highwire
Regular Contributor
Multiple sources say that Microsoft is playing games with the Win10 telemetry connections, and trying to block via the hosts file doesn't work.
ColinTaylor
Part of the Furniture
I would prefer to have seen some proper analyse of what actually happens (on Windows 7) in real life, rather than some guy reading a bunch of KB descriptions and shouting "the skies falling!". (And in true internet fashion, there's a rush by lots of other sites to cut and paste these revelations without any verification.)
Don't get me wrong, I'm as much a MS-hating privacy nut as the next guy. But they've already backtracked on the "can't be blocked with the firewall" statement. And as far as I can see all but one of the "evil" updates are rendered harmless by opting out of the CEIP.
So that at the moment that leaves one undesirable update.
Fortunately I don't run Windows 10 and only perform manual updates on Windows 7. So I'll wait a little bit longer for some proper investigation to happen after which a definitive solution might emerge.
Now, where did I put my tin-foil hat and flame-proof vest...
Don't get me wrong, I'm as much a MS-hating privacy nut as the next guy. But they've already backtracked on the "can't be blocked with the firewall" statement. And as far as I can see all but one of the "evil" updates are rendered harmless by opting out of the CEIP.
So that at the moment that leaves one undesirable update.
Fortunately I don't run Windows 10 and only perform manual updates on Windows 7. So I'll wait a little bit longer for some proper investigation to happen after which a definitive solution might emerge.
Now, where did I put my tin-foil hat and flame-proof vest...
Last edited:
john9527
Part of the Furniture
Which one is the remaining undesirable update?
Also, to be extra sure, I disable the tasks responsible for CEIP...so far haven't found any ill effects.
Code:
schtasks /change /tn "Microsoft\Windows\Application Experience\AitAgent" /disable >nul
schtasks /change /tn "Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable >nul
schtasks /change /tn "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable >nul
schtasks /change /tn "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable >nul
schtasks /change /tn "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable >nulColinTaylor
Part of the Furniture
I think it was optional update KB3075249 that might be a problem. But again that's still speculation based on it's description. Until somebody actually publishes some packet captures we'll not know whether all, some or none of these are really bypassing the user's preference setting. Or indeed if there are other updates that do so but don't allude to it in their description.Which one is the remaining undesirable update?
Blocking network traffic and disabling scheduled tasks would seem a better solution than playing whack-a-mole with Windows updates!
gatorback
Regular Contributor
My response was to address the OP's original question of how to block to specific URLs. While it may be the case that there are other considerations of solving the MS-Privacy issue, I believe that we have addressed the original question of how to block two URLs in the router.
I do not presume nor care to police forums: that being said, the OP has posted a good question regarding networking control. In contrast, I would note that the issue of MS-Privacy is not a networking issue and discussion of OS updates would find solid information in another forum.
I do not presume nor care to police forums: that being said, the OP has posted a good question regarding networking control. In contrast, I would note that the issue of MS-Privacy is not a networking issue and discussion of OS updates would find solid information in another forum.
David Arnstein
Regular Contributor
You are still subject to telemetry. It is now backported to Windows 7 and Windows 8. http://www.infoworld.com/article/29...w-all-collecting-user-data-for-microsoft.html
AdvHomeServer
Senior Member
Realistically, I imagine someone will find out if there's a real problem with Win 10 and the ability to turn off the privacy features (double negative?) within a few months. MS is especially bad at PR. Far worse than most companies. If Win 10 is truly a PUP, someone inquisitive and smart should have an answer and make it public before the free upgrade period passes. The arrogance of the horrible win 8 interface plus the silence concerning even directly and bluntly addressing these common and popular concerns is, unfortunately, standard MS operating procedure.
MS probably still needs to flush out the old guard, and replace them with a new wave of execs who are more like Gabe Aul and less like Steven Sinofsky.
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| V | IPv6 addresses on LAN but disabled in settings | ASUS Wi-Fi | 12 | |
| D | Running AiMesh nodes through a fiber switch/converter - what worked for me. | ASUS Wi-Fi | 2 |
Similar threads
-
-
Running AiMesh nodes through a fiber switch/converter - what worked for me.
- Started by DTM
- Replies: 2