Microsoft's Software is Malware
Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; that is the basic injustice. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.
This typically takes the form of malicious functionalities.
If you know of an example that ought to be in this page but isn't here, please write to <[email protected]> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.
UEFI-induced vulnerability
UEFI makes computers vulnerable to advanced persistent threats that are almost impossible to detect once installed. Here are technical details.
Kaspersky discovered this example by chance, but is unable to check in general for the presence of such rootkits in computers.
Nonfree software does not make your computer secure—it does the opposite: it prevents you from trying to secure it. UEFI is a nonfree program required for booting which is impossible to replace; in effect, a low-level rootkit. All the things that Intel has done to make its power over you secure against you also protect UEFI-level rootkits against you.
Instead of allowing Intel, AMD, Apple and perhaps ARM to impose security through tyranny, we should legislate to require them to allow users to install their choice of startup software, and make available the information needed to develop such. Think of this as right-to-repair at the initialization stage.
Types of Microsoft malware
Back Doors
-
2020-10
Microsoft is forcing Windows users to install upgrades it pushes using its universal back doors. These upgrades can do various harms to users such as restricting computers from some functions and/or forcing users to defenselessly do whatever Microsoft tells them to do.
-
2016-08
Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users.
This was reported in 2007 for XP and Vista, and it seems that Microsoft used the same method to push the Windows 10 downgrade to computers running Windows 7 and 8.
In Windows 10, the universal back door is no longer hidden; all “upgrades” will be forcibly and immediately imposed.
-
2015-12
Microsoft has backdoored its disk encryption.
-
2013-08
The German government veers away from Windows 8 computers with TPM 2.0 (original article in German), due to potential back door capabilities of the TPM 2.0 chip.
-
2013-07
Here is a suspicion that we can't prove, but is worth thinking about: Writable microcode for Intel and AMD microprocessors may be a vehicle for the NSA to invade computers, with the help of Microsoft, say respected security experts.
-
2011-12
Windows 8 also has a back door for remotely deleting apps.
You might well decide to let a security service that you trust remotely deactivate programs that it considers malicious. But there is no excuse for deleting the programs, and you should have the right to decide whom (if anyone) to trust in this way.
DRM
Digital restrictions management, or “DRM,” refers to functionalities designed to restrict what users can do with the data in their computers.
-
2019-04
Ebooks “bought” from Microsoft's store check that their DRM is valid by connecting to the store every time their “owner” wants to read them. Microsoft is going to close this store, bricking all DRM'ed ebooks it has ever “sold”. (The article additionally highlights the pitfalls of DRM.)
This is another proof that a DRM-encumbered product doesn't belong to the person who bought it. Microsoft said it will refund customers, but this is no excuse for selling them restricted books.
-
2007-08
DRM in Windows, introduced to cater to Blu-ray disks. (The article talks about how the same malware would later be introduced in MacOS. That had not been done at the time, but it was done subsequently.)
Insecurity
These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.
-
2022-10
The Microsoft Office encryption is weak, and susceptible to attack.
Encryption is a tricky field, and easy to mess up. It is wise to insist on encryption software that is (1) free software and (2) studied by experts.
-
2022-02
A security failure in Microsoft's Windows is infecting people's computers with RedLine stealer malware using a fake Windows 11 upgrade installer.
-
2021-07
A newly found Microsoft Windows vulnerability can allow crackers to remotely gain access to the operating system and install programs, view and delete data, or even create new user accounts with full user rights.
The security research firm accidentally leaked instructions on how the flaw could be exploited but Windows users should still wait for Microsoft to fix the flaw, if they fix it.
Please note that the article wrongly refers to crackers as “hackers”.
-
2021-03
At least 30 thousand organizations in the United States are newly “cracked” via holes in Microsoft's proprietary email software, named Microsoft 365. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs.
-
2021-02
Researchers at the security firm SentinelOne discovered a security flaw in proprietary program Microsoft Windows Defender that lurked undetected for 12 years. If the program was free (as in freedom), more people would have had a chance to notice the problem, therefore, it could've been fixed a lot sooner.
-
2020-04
The proprietary program Microsoft Teams' insecurity could have let a malicious GIF steal user data from Microsoft Teams accounts, possibly across an entire company, and taken control of “an organization's entire roster of Teams accounts.”
-
2017-05
Exploits of bugs in Windows, which were developed by the NSA and then leaked by the Shadowbrokers group, are now being used to attack a great number of Windows computers with ransomware.
-
2016-08
A flaw in Internet Explorer and Edge allows an attacker to retrieve Microsoft account credentials, if the user is tricked into visiting a malicious link.
-
2013-12
Point-of-sale terminals running Windows were taken over and turned into a botnet for the purpose of collecting customers' credit card numbers.
Interference
This section gives examples of Microsoft software harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them.
-
2024-03
Microsoft is using malware tactics to get users to switch to their web browser, Microsoft Edge, and their search engine, Microsoft Bing. When users launch the Google Chrome browser Microsoft injects a pop up advertisement in the corner of the screen advising users to switch to Bing. Microsoft also imported users Chrome browsing data without their knowledge or consent.
-
2023-11
Microsoft has been annoying people who wanted to close the proprietary program OneDrive on their computers, forcing them to give the reason why they were closing it. This prompt was removed after public pressure.
This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!
-
2023-02
Microsoft is remotely disabling Internet Explorer, forcibly redirecting users to Microsoft Edge.
Imposing such change is malicious, and the fact that the redirection is from one unjust program (IE) to another unjust program (Edge) does not excuse it.
-
2021-08
Microsoft is making it harder and harder to replace default apps in its Windows operating system and is pressuring users to use its proprietary programs instead. We believe the best approach to this would be replacing Windows with a free (as in freedom) operating system like GNU. We also maintain a list of fully free distributions of GNU.
-
2021-02
Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows.
The fact that Flash has been disabled by Adobe is no excuse for this abuse of power. The nature of proprietary software, such as Microsoft Windows, gives the developers power to impose their decisions on users. Free software on the other hand empowers users to make their own decisions.
-
2018-09
One version of Windows 10 harangues users if they try to install Firefox (or Chrome).
-
2018-03
Microsoft is planning to make Windows impose use of its browser, Edge, in certain circumstances.
The reason Microsoft can force things on users is that Windows is nonfree.
-
2017-03
Windows displays intrusive ads for Microsoft products and its partners' products.
The article's author starts from the premise that Microsoft has a right to control what Windows does to users, as long as it doesn't go “too far”. We disagree.
-
2016-12
The Microsoft Telemetry Compatibility service drastically reduces the performances of machines running Windows 10, and can't be disabled easily.
-
2016-08
After forcing the download of Windows 10 on computers that were running Windows 7 and 8, Microsoft repeatedly switched on a flag that urged users to “upgrade” to Windows 10 when they had turned it off, in the hope that some day they would fail to say no. To do this, Microsoft used malware techniques.
A detailed analysis of Microsoft's scheme is available on the Electronic Frontier Foundation's website.
-
2016-03
Microsoft has made companies' Windows machines managed by the company's sysadmins harangue users to complain to the sysadmins about not “upgrading” to Windows 10.
-
2016-01
Microsoft has desupported all future Intel CPUs for Windows 7 and 8. Those machines will be stuck with the nastier Windows 10. AMD and Qualcomm CPUs, too.
Of course, Windows 7 and 8 are unethical too, because they are proprietary software. But this example of Microsoft's wielding its power demonstrates the power it holds.
Free software developers also stop maintaining old versions of their programs, but this is not unfair to users because the users of free software have control over it. If it is important enough to you, you and other users can hire someone to support the old version on your future platforms.
Sabotage
The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Microsoft actions that harm the users of specific Microsoft software.
-
2019-04
Microsoft has been force-installing a “remediation” program on computers running certain versions of Windows 10. Remediation, in Microsoft's view, means tampering with users' settings and files, notably to “repair” any components of the updating system that users may have intentionally disabled, and thus regain full power over them. Microsoft repeatedly pushed faulty versions of this program to users' machines, causing numerous problems, some of which critical.
This exemplifies the arrogant and manipulative attitude that proprietary software developers have learned to adopt toward the people they are supposedly serving. Migrate to a free operating system if you can!
If your employer makes you run Windows, tell the financial department how this wastes your time dealing with endless connections and premature hardware failures.
-
2017-04
Microsoft has made Windows 7 and 8 cease to function on certain new computers, effectively forcing their owners to switch to Windows 10.
-
2017-04
Microsoft has dropped support for Windows 7 and 8 on recent processors in a big hurry.
It makes no difference what legitimate reasons Microsoft might have for not doing work to support them. If it doesn't want to do this work, it should let users do the work.
-
2016-06
In its efforts to trick users of Windows 7 and 8 into installing all-spying Windows 10 against their will, Microsoft forced their computers to silently download… the whole of Windows 10! Apparently, this was done through a universal back door. Not only did the unwanted downloads jeopardize important operations in regions of the world with poor connectivity, but many of the people who let installation proceed found out that this “upgrade” was in fact a downgrade.
-
2016-06
Once Microsoft has tricked a user into accepting installation of Windows 10, they find that they are denied the option to cancel or even postpone the imposed date of installation.
This demonstrates what we've said for years: using proprietary software means letting someone have power over you, and you're going to get screwed sooner or later.
-
2016-01
FTDI's proprietary driver for its USB-to-serial chips has been designed to sabotage alternative compatible chips so that they no longer work. Microsoft is installing this automatically as an “upgrade”.
-
2015-11
Windows 10 “upgrades” delete applications without asking permission.
-
2015-03
Microsoft cut off security fixes for Windows XP, except to some big users that pay exorbitantly.
Microsoft is going to cut off support for some Internet Explorer versions in the same way.
A person or company has the right to cease to work on a particular program; the wrong here is Microsoft does this after having made the users dependent on Microsoft, because they are not free to ask anyone else to work on the program for them.
-
2013-06
Microsoft informs the NSA of bugs in Windows before fixing them.
Subscriptions
-
2015-07
Microsoft Office forces users to subscribe to Office 365 to be able to create/edit documents.
Surveillance
-
2023-06
Edge sends the URLs of images the user views to Microsoft's servers by default, supposedly to “enhance” them. And these images may end up on the NSA's servers.
Microsoft claims its nonfree browser sends the URLs without identifying you, which cannot be true, since at least your IP address is known to the server if you don't take extra measures. Either way, such enhancer service is unjust because any image editing should be done on your own computer using installed free software.
The article describes how to disable sending the URLs. That makes a change for the better, but we suggest that you instead switch to a freedom-respecting browser with additional privacy features such as IceCat.
-
2023-02
As soon as it boots, and without asking any permission, Windows 11 starts to send data to online servers. The user's personal details, location or hardware information are reported to Microsoft and other companies to be used as telemetry data. All of this is done is the background, and users have no easy way to prevent it—unless they switch the computer offline.
-
2023-01
Microsoft released an “update” that installs a surveillance program on users' computers to gather data on some installed programs for Microsoft's benefit. The update is rolling out automatically, and the program runs “one time silently.”
-
2022-09
Windows 11 Home and Pro now require internet connection and a Microsoft account to complete the installation. Windows 11 Pro had an option to create a local account instead, but the option has been removed. This account can (and most certainly will) be used for surveillance and privacy violations. Thankfully, a free software tool named Rufus can bypass those requirements, or help users install a free operating system instead.
-
2020-11
Microsoft's Office 365 suite enables employers to snoop on each employee. After a public outburst, Microsoft stated that it would remove this capability. Let's hope so.
-
2020-10
Microsoft is imposing its surveillance on the game of Minecraft by requiring every player to open an account on Microsoft's network. Microsoft has bought the game and will merge all accounts into its network, which will give them access to people's data.
Minecraft players can play Minetest instead. The essential advantage of Minetest is that it is free software, meaning it respects the user's computer freedom. As a bonus, it offers more options.
-
2020-10
As of 2019-2020, Minecraft players are being forced to move to Microsoft servers, which results in privacy violation. Microsoft publishes a program so users can run their own server, but the program is proprietary and it's another injustice to users.
People can play Minetest instead. Minetest is free software and respects the user's computer freedom.
-
2020-04
Proprietary programs Google Meet, Microsoft Teams, and WebEx are collecting user's personal and identifiable data including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.
-
2020-04
Google, Apple, and Microsoft (and probably some other companies) are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.
-
2019-12
Microsoft is tricking users to create an account on their network to be able to install and use the Windows operating system, which is malware. The account can be used for surveillance and/or violating people's rights in many ways, such as turning their purchased software to a subscription product.
-
2019-08
Microsoft recorded users of Xboxes and had human workers listen to the recordings.
Morally, we see no difference between having human workers listen and having speech-recognition systems listen. Both intrude on privacy.
-
2019-08
Skype refuses to say whether it can eavesdrop on calls.
That almost certainly means it can do so.
-
2019-05
Microsoft forces people to give their phone number in order to be able to create an account on the company's network. On top of mistreating their users by providing nonfree software, Microsoft is tracking their lives outside the computer and violates their privacy.
-
2017-10
Windows 10 telemetry program sends information to Microsoft about the user's computer and their use of the computer.
Furthermore, for users who installed the fourth stable build of Windows 10, called the “Creators Update,” Windows maximized the surveillance by force setting the telemetry mode to “Full”.
The “Full” telemetry mode allows Microsoft Windows engineers to access, among other things, registry keys which can contain sensitive information like administrator's login password.
-
2017-02
DRM-restricted files can be used to identify people browsing through Tor. The vulnerability exists only if you use Windows.
-
2016-11
By default, Windows 10 sends debugging information to Microsoft, including core dumps. Microsoft now distributes them to another company.
-
2016-08
In order to increase Windows 10's install base, Microsoft blatantly disregards user choice and privacy.
-
2016-03
Windows 10 comes with 13 screens of snooping options, all enabled by default, and turning them off would be daunting to most users.
-
2016-01
It appears Windows 10 sends data to Microsoft about what applications are running.
-
2015-11
A downgrade to Windows 10 deleted surveillance-detection applications. Then another downgrade inserted a general spying program. Users noticed this and complained, so Microsoft renamed it to give users the impression it was gone.
To use proprietary software is to invite such treatment.
-
2015-08
Windows 10 sends identifiable information to Microsoft, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.
-
2015-07
Windows 10 ships with default settings that show no regard for the privacy of its users, giving Microsoft the “right” to snoop on the users' files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.
We can suppose Microsoft looks at users' files for the US government on demand, though the “privacy policy” does not explicitly say so. Will it look at users' files for the Chinese government on demand?
-
2015-06
Microsoft uses Windows 10's “privacy policy” to overtly impose a “right” to look at users' files at any time. Windows 10 full disk encryption gives Microsoft a key.
Thus, Windows is overt malware in regard to surveillance, as in other issues.
The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.
It's as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn't drop Windows now.
-
2014-10
It only gets worse with time. Windows 10 requires users to give permission for total snooping, including their files, their commands, their text input, and their voice input.
-
2014-05
Microsoft SkyDrive allows the NSA to directly examine users' data.
-
2013-07
Skype contains spyware. Microsoft changed Skype specifically for spying.
-
2013-07
Spyware in older versions of Windows: Windows Update snoops on the user. Windows 8.1 snoops on local searches. And there's a secret NSA key in Windows, whose functions we don't know.
Tethers
Tethers are functionalities that require constant (or very frequent) connection to a server.
-
2017-08
The recent versions of Microsoft Office require the user to connect to Microsoft servers at least every thirty-one days. Otherwise, the software will refuse to edit any documents or create new ones. It will be restricted to viewing and printing.
Jails
Jails are systems that impose censorship on application programs.
-
2017-06
Windows 10 S was a jail: only programs from the Windows Store could be installed and executed. It was however possible to upgrade to Windows 10 Pro. The successor of Windows 10 S is a special configuration of Windows 10 called S mode. The major difference with Windows 10 S is that there is an easy way to switch out of S mode.
- 2012-10
Tyrants
Tyrants are systems that reject any operating system not “authorized” by the manufacturer.
-
2016-07
Microsoft accidentally left a way for users to install GNU/Linux on Windows RT tablets, but now it has “fixed” the “error”. They have the gall to call this “protecting” the users. The article talks of installing “Linux”, but the context shows it is really GNU/Linux that users install.
- 2011-10
As this page shows, if you do want to clean your computer of malware, the first software to delete is Windows.