Back Doors

• 2016-08

  Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users.

  This was reported in 2007 for XP and Vista, and it seems that Microsoft used the same method to push the Windows 10 downgrade to computers running Windows 7 and 8.

  In Windows 10, the universal back door is no longer hidden; all “upgrades” will be forcibly and immediately imposed.

• 2015-12

  Microsoft has backdoored its disk encryption.

• 2013-08

  The German government veers away from Windows 8 computers with TPM 2.0 (original article in German), due to potential back door capabilities of the TPM 2.0 chip.

• 2013-07

  Here is a suspicion that we can't prove, but is worth thinking about: Writable microcode for Intel and AMD microprocessors may be a vehicle for the NSA to invade computers, with the help of Microsoft, say respected security experts.

• 2011-12

  Windows 8 also has a back door for remotely deleting apps.

  You might well decide to let a security service that you trust remotely deactivate programs that it considers malicious. But there is no excuse for deleting the programs, and you should have the right to decide whom (if anyone) to trust in this way.

DRM

Digital restrictions management, or “DRM,” refers to functionalities designed to restrict what users can do with the data in their computers.

• 2019-04

  Ebooks “bought” from Microsoft's store check that their DRM is valid by connecting to the store every time their “owner” wants to read them. Microsoft is going to close this store, bricking all DRM'ed ebooks it has ever “sold”. (The article additionally highlights the pitfalls of DRM.)

  This is another proof that a DRM-encumbered product doesn't belong to the person who bought it. Microsoft said it will refund customers, but this is no excuse for selling them restricted books.

• 2007-08

  DRM in Windows, introduced to cater to Blu-ray disks. (The article talks about how the same malware would later be introduced in MacOS. That had not been done at the time, but it was done subsequently.)

Insecurity

These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.

• 2024-11

  Windows Recall is a feature of Microsoft's Copilot tool that comes preinstalled on AI-specialized computers. Recall records everything users do on their computer and allows them to search the recordings, but it has numerous security flaws and poses a risk to privacy. As Recall cannot be completely uninstalled, disabling it doesn't eliminate the risk because it can be reactivated by malware or misconfiguration.

  Microsoft says that Recall will not take screenshots of digitally restricted media. Meanwhile, it stores sensitive user information such as passwords and bank account numbers, showing that whereas Microsoft worries somewhat about corporate interests, it couldn't care less about user privacy.

• 2024-08

  A critical vulnerability in Windows systems that support IPv6 was discovered in 2024, 16 years after the first affected system was released. Unless the relevant patch is applied, an attacker can remotely execute arbitrary code on these systems. Microsoft considers exploits “likely.”

  The same sort of vulnerability in a free/libre operating system would probably be discovered sooner, since many more people would be able to look at the source code.

• 2022-10

  The Microsoft Office encryption is weak, and susceptible to attack.

  Encryption is a tricky field, and easy to mess up. It is wise to insist on encryption software that is (1) free software and (2) studied by experts.

• 2022-02

  A security failure in Microsoft's Windows is infecting people's computers with RedLine stealer malware using a fake Windows 11 upgrade installer.

• 2021-07

  A newly found Microsoft Windows vulnerability can allow crackers to remotely gain access to the operating system and install programs, view and delete data, or even create new user accounts with full user rights.

  The security research firm accidentally leaked instructions on how the flaw could be exploited but Windows users should still wait for Microsoft to fix the flaw, if they fix it.

  Please note that the article wrongly refers to crackers as “hackers”.

• 2021-03

  At least 30 thousand organizations in the United States are newly “cracked” via holes in Microsoft's proprietary email software, named Microsoft 365. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs.

• 2021-02

  Researchers at the security firm SentinelOne discovered a security flaw in proprietary program Microsoft Windows Defender that lurked undetected for 12 years. If the program was free (as in freedom), more people would have had a chance to notice the problem, therefore, it could've been fixed a lot sooner.

• 2020-04

  The proprietary program Microsoft Teams' insecurity could have let a malicious GIF steal user data from Microsoft Teams accounts, possibly across an entire company, and taken control of “an organization's entire roster of Teams accounts.”

• 2017-05

  Exploits of bugs in Windows, which were developed by the NSA and then leaked by the Shadowbrokers group, are now being used to attack a great number of Windows computers with ransomware.

• 2016-08

  A flaw in Internet Explorer and Edge allows an attacker to retrieve Microsoft account credentials, if the user is tricked into visiting a malicious link.

• 2013-12

  Point-of-sale terminals running Windows were taken over and turned into a botnet for the purpose of collecting customers' credit card numbers.

Interference

This section gives examples of Microsoft software harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them.

• 2025-05

  With Windows 10 soon reaching obsolescence, users whose computer is not modern enough are facing unjust choices, such as paying for updates or buying a new computer. But their best option is to replace Windows with a free operating system, and enjoy the freedom and justice it brings them.

• 2024-04

  Microsoft has started to show ads in the “Recommended” section of the Windows 11 Start menu. Previously, this section only included recently used documents and images. Now it also contains the icons of apps Microsoft wants to advertise, in the hope that the user will click on one of them, and buy the app. So far, the user can disable the ads, but this doesn't make them more legitimate.

• 2024-04

  Microsoft has, repeatedly, pushed software changes meant to make it harder for users to use a web browser different than Microsoft's.

• 2024-03

  Microsoft is using malware tactics to get users to switch to their web browser, Microsoft Edge, and their search engine, Microsoft Bing. When users launch the Google Chrome browser Microsoft injects a pop up advertisement in the corner of the screen advising users to switch to Bing. Microsoft also imported users Chrome browsing data without their knowledge or consent.

• 2023-11

  Microsoft has been annoying people who wanted to close the proprietary program OneDrive on their computers, forcing them to give the reason why they were closing it. This prompt was removed after public pressure.

  This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!

• 2023-02

  Microsoft is remotely disabling Internet Explorer, forcibly redirecting users to Microsoft Edge.

  Imposing such change is malicious, and the fact that the redirection is from one unjust program (IE) to another unjust program (Edge) does not excuse it.

• 2021-08

  Microsoft is making it harder and harder to replace default apps in its Windows operating system and is pressuring users to use its proprietary programs instead. We believe the best approach to this would be replacing Windows with a free (as in freedom) operating system like GNU. We also maintain a list of fully free distributions of GNU.

• 2021-02

  Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows.

  The fact that Flash has been disabled by Adobe is no excuse for this abuse of power. The nature of proprietary software, such as Microsoft Windows, gives the developers power to impose their decisions on users. Free software on the other hand empowers users to make their own decisions.

• 2020-10

  Microsoft is forcing Windows users to install upgrades it pushes using its universal back doors. These upgrades can do various harms to users such as restricting computers from some functions and/or forcing users to defenselessly do whatever Microsoft tells them to do.

• 2018-09

  One version of Windows 10 harangues users if they try to install Firefox (or Chrome).

• 2018-03

  Microsoft is planning to make Windows impose use of its browser, Edge, in certain circumstances.

  The reason Microsoft can force things on users is that Windows is nonfree.

• 2017-03

  Windows displays intrusive ads for Microsoft products and its partners' products.

  The article's author starts from the premise that Microsoft has a right to control what Windows does to users, as long as it doesn't go “too far”. We disagree.

• 2016-12

  The Microsoft Telemetry Compatibility service drastically reduces the performances of machines running Windows 10, and can't be disabled easily.

• 2016-08

  After forcing the download of Windows 10 on computers that were running Windows 7 and 8, Microsoft repeatedly switched on a flag that urged users to “upgrade” to Windows 10 when they had turned it off, in the hope that some day they would fail to say no. To do this, Microsoft used malware techniques.

  A detailed analysis of Microsoft's scheme is available on the Electronic Frontier Foundation's website.

• 2016-03

  Microsoft has made companies' Windows machines managed by the company's sysadmins harangue users to complain to the sysadmins about not “upgrading” to Windows 10.

• 2016-01

  Microsoft has desupported all future Intel CPUs for Windows 7 and 8. Those machines will be stuck with the nastier Windows 10. AMD and Qualcomm CPUs, too.

  Of course, Windows 7 and 8 are unethical too, because they are proprietary software. But this example of Microsoft's wielding its power demonstrates the power it holds.

  Free software developers also stop maintaining old versions of their programs, but this is not unfair to users because the users of free software have control over it. If it is important enough to you, you and other users can hire someone to support the old version on your future platforms.

Sabotage

The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Microsoft actions that harm the users of specific Microsoft software.

• 2024-12

  Windows Defender deletes downloaded files that it considers malware as soon as they are saved to disk, without requesting permission to do so. Many angry users have complained about this unacceptable behavior over the last few years, and even suggested fixes, but Microsoft has ignored them. It is high time for Windows users to escape Microsoft's tyranny by migrating to a free/libre system.

• 2019-04

  Microsoft has been force-installing a “remediation” program on computers running certain versions of Windows 10. Remediation, in Microsoft's view, means tampering with users' settings and files, notably to “repair” any components of the updating system that users may have intentionally disabled, and thus regain full power over them. Microsoft repeatedly pushed faulty versions of this program to users' machines, causing numerous problems, some of which critical.

  This exemplifies the arrogant and manipulative attitude that proprietary software developers have learned to adopt toward the people they are supposedly serving. Migrate to a free operating system if you can!

  If your employer makes you run Windows, tell the financial department how this wastes your time dealing with endless connections and premature hardware failures.

• 2017-04

  Microsoft has made Windows 7 and 8 cease to function on certain new computers, effectively forcing their owners to switch to Windows 10.

• 2017-04

  Microsoft has dropped support for Windows 7 and 8 on recent processors in a big hurry.

  It makes no difference what legitimate reasons Microsoft might have for not doing work to support them. If it doesn't want to do this work, it should let users do the work.

• 2016-06

  In its efforts to trick users of Windows 7 and 8 into installing all-spying Windows 10 against their will, Microsoft forced their computers to silently download… the whole of Windows 10! Apparently, this was done through a universal back door. Not only did the unwanted downloads jeopardize important operations in regions of the world with poor connectivity, but many of the people who let installation proceed found out that this “upgrade” was in fact a downgrade.

• 2016-06

  Once Microsoft has tricked a user into accepting installation of Windows 10, they find that they are denied the option to cancel or even postpone the imposed date of installation.

  This demonstrates what we've said for years: using proprietary software means letting someone have power over you, and you're going to get screwed sooner or later.

• 2016-01

  FTDI's proprietary driver for its USB-to-serial chips has been designed to sabotage alternative compatible chips so that they no longer work. Microsoft is installing this automatically as an “upgrade”.

• 2015-11

  Windows 10 “upgrades” delete applications without asking permission.

• 2015-03

  Microsoft cut off security fixes for Windows XP, except to some big users that pay exorbitantly.

  Microsoft is going to cut off support for some Internet Explorer versions in the same way.

  A person or company has the right to cease to work on a particular program; the wrong here is Microsoft does this after having made the users dependent on Microsoft, because they are not free to ask anyone else to work on the program for them.

• 2013-06

  Microsoft informs the NSA of bugs in Windows before fixing them.

Subscriptions

• 2015-07

  Microsoft Office forces users to subscribe to Office 365 to be able to create/edit documents.

Surveillance

• 2026-01

  Windows encrypts disks for “security,” but reports all the encryption keys to Microsoft so that the encryption doesn't provide real security. Once Microsoft has these keys, it can't refuse to give them to the FBI. However, for real security you need to be able to use your own choice of keys. Microsoft stops users from doing that.

• 2025-05

  Microsoft Teams has been collecting voice and face data from students of an Australian school, to feed the CoPilot chatbot. It took the school network administrators a whole month to realize what was happening, and disable this malfeature. It was obviously beyond their imagination that Microsoft could have made biometric data collection the default in Teams!

  Let's hope legislators and regulatory agencies all over the world will quickly put a stop to this sort of outrageous practice.

  In any case people would be better off switching to a free-software replacement such as Jitsi Meet for medium-size groups, or Big Blue Button for larger ones. Many public instances are available, and groups of users can also set up their own servers.

• 2025-03

  Microsoft is tightening the chains that force Windows useds to sign into their Microsoft account [*], thus identifying themselves. We suspect this is an intentional strategy to avoid inspiring a lot of resistance all at once: leave openings to escape identification, then gradually close them.

  Enough is enough!

  [*] Why “useds”? Because running Windows is not you using Windows; it is Windows using you.

• 2025-02

  Outlook has become a “data collection and ad delivery service”. Since Outlook is now integrated with Microsoft “cloud” services, and doesn't support end-to-end encryption, the company has full access to users' emails, contacts, and calendar events. Microsoft may also retrieve credentials associated with any third-party services that are synchronized with Outlook. This trove of personal data enables Microsoft, as well as its commercial partners, to flood users with targeted ads, and possibly to train “artificial intelligences.” Even worse, this data is available to any government that can force Microsoft to hand it over.

• 2024-07

  In its default configuration, Windows 11 now uploads users' files and personal information to Microsoft's “cloud” without asking permission to do so. This is presented as a convenient backup method, but if the allotted storage capacity is exceeded, the user will need to buy more space, increasing Microsoft's profit.

  However, this small profit is probably not the company's major reason for making cloud storage the default. Here is an excerpt from the Microsoft Services agreement (Section 2b):

  To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve Microsoft products and services, you grant to Microsoft a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services.

  We strongly suspect that the backed-up material is used to feed Microsoft's greedy “AI.” In addition, it is most likely analysed to better profile users in order to flood them with targeted ads, thereby generating more profit.

  Users, on the other hand, are at the mercy of any entity that demands their data, let alone of any cracker that breaks into Microsoft's servers. They must escape from this sick environment, and install a sane free/libre system.

• 2023-06

  Edge sends the URLs of images the user views to Microsoft's servers by default, supposedly to “enhance” them. And these images may end up on the NSA's servers.

  Microsoft claims its nonfree browser sends the URLs without identifying you, which cannot be true, since at least your IP address is known to the server if you don't take extra measures. Either way, such enhancer service is unjust because any image editing should be done on your own computer using installed free software.

  The article describes how to disable sending the URLs. That makes a change for the better, but we suggest that you instead switch to a freedom-respecting browser with additional privacy features such as IceCat.

• 2023-02

  As soon as it boots, and without asking any permission, Windows 11 starts to send data to online servers. The user's personal details, location or hardware information are reported to Microsoft and other companies to be used as telemetry data. All of this is done is the background, and users have no easy way to prevent it—unless they switch the computer offline.

• 2023-01

  Microsoft released an “update” that installs a surveillance program on users' computers to gather data on some installed programs for Microsoft's benefit. The update is rolling out automatically, and the program runs “one time silently.”

• 2022-09

  Windows 11 Home and Pro now require internet connection and a Microsoft account to complete the installation. Windows 11 Pro had an option to create a local account instead, but the option has been removed. This account can (and most certainly will) be used for surveillance and privacy violations. Thankfully, a free software tool named Rufus can bypass those requirements, or help users install a free operating system instead.

• 2020-11

  Microsoft's Office 365 suite enables employers to snoop on each employee. After a public outburst, Microsoft stated that it would remove this capability. Let's hope so.

• 2020-10

  Microsoft is imposing its surveillance on the game of Minecraft by requiring every player to open an account on Microsoft's network. Microsoft has bought the game and will merge all accounts into its network, which will give them access to people's data.

  Minecraft players can play Minetest instead. The essential advantage of Minetest is that it is free software, meaning it respects the user's computer freedom. As a bonus, it offers more options.

• 2020-10

  As of 2019-2020, Minecraft players are being forced to move to Microsoft servers, which results in privacy violation. Microsoft publishes a program so users can run their own server, but the program is proprietary and it's another injustice to users.

  People can play Minetest instead. Minetest is free software and respects the user's computer freedom.

• 2020-04

  Proprietary programs Google Meet, Microsoft Teams, and WebEx are collecting user's personal and identifiable data including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.

• 2020-04

  Google, Apple, and Microsoft (and probably some other companies) are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.

• 2019-12

  Microsoft is tricking users to create an account on their network to be able to install and use the Windows operating system, which is malware. The account can be used for surveillance and/or violating people's rights in many ways, such as turning their purchased software to a subscription product.

• 2019-08

  Microsoft recorded users of Xboxes and had human workers listen to the recordings.

  Morally, we see no difference between having human workers listen and having speech-recognition systems listen. Both intrude on privacy.

• 2019-08

  Skype refuses to say whether it can eavesdrop on calls.

  That almost certainly means it can do so.

• 2019-05

  Microsoft forces people to give their phone number in order to be able to create an account on the company's network. On top of mistreating their users by providing nonfree software, Microsoft is tracking their lives outside the computer and violates their privacy.

• 2017-10

  Windows 10 telemetry program sends information to Microsoft about the user's computer and their use of the computer.

  Furthermore, for users who installed the fourth stable build of Windows 10, called the “Creators Update,” Windows maximized the surveillance by force setting the telemetry mode to “Full”.

  The “Full” telemetry mode allows Microsoft Windows engineers to access, among other things, registry keys which can contain sensitive information like administrator's login password.

• 2017-02

  DRM-restricted files can be used to identify people browsing through Tor. The vulnerability exists only if you use Windows.

• 2016-11

  By default, Windows 10 sends debugging information to Microsoft, including core dumps. Microsoft now distributes them to another company.

• 2016-08

  In order to increase Windows 10's install base, Microsoft blatantly disregards user choice and privacy.

• 2016-03

  Windows 10 comes with 13 screens of snooping options, all enabled by default, and turning them off would be daunting to most users.

• 2016-01

  It appears Windows 10 sends data to Microsoft about what applications are running.

• 2015-11

  A downgrade to Windows 10 deleted surveillance-detection applications. Then another downgrade inserted a general spying program. Users noticed this and complained, so Microsoft renamed it to give users the impression it was gone.

  To use proprietary software is to invite such treatment.

• 2015-08

  Windows 10 sends identifiable information to Microsoft, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.

• 2015-07

  Windows 10 ships with default settings that show no regard for the privacy of its users, giving Microsoft the “right” to snoop on the users' files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.

  We can suppose Microsoft looks at users' files for the US government on demand, though the “privacy policy” does not explicitly say so. Will it look at users' files for the Chinese government on demand?

• 2015-06

  Microsoft uses Windows 10's “privacy policy” to overtly impose a “right” to look at users' files at any time. Windows 10 full disk encryption gives Microsoft a key.

  Thus, Windows is overt malware in regard to surveillance, as in other issues.

  The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.

  It's as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn't drop Windows now.

• 2014-10

  It only gets worse with time. Windows 10 requires users to give permission for total snooping, including their files, their commands, their text input, and their voice input.

• 2014-05

  Microsoft SkyDrive allows the NSA to directly examine users' data.

• 2013-07

  Skype contains spyware. Microsoft changed Skype specifically for spying.

• 2013-07

  Spyware in older versions of Windows: Windows Update snoops on the user. Windows 8.1 snoops on local searches. And there's a secret NSA key in Windows, whose functions we don't know.

Tethers

Tethers are functionalities that require constant (or very frequent) connection to a server.

• 2025-02

  Microsoft is shutting down Skype on May 5th, 2025. As with other tethered proprietary programs, users have to rely on servers that are controlled by the developer. When these servers shut down, the service disappears. Instead of migrating to the service that Microsoft suggests as a replacement, Skype users should regain control of their communications by switching to one that is based on free software. Jitsi Meet, for example, is appropriate for small video meetings. Anyone can set up a Jitsi server and let other people use it, and indeed many of these are available around the world.

• 2017-08

  The recent versions of Microsoft Office require the user to connect to Microsoft servers at least every thirty-one days. Otherwise, the software will refuse to edit any documents or create new ones. It will be restricted to viewing and printing.

Jails

Jails are systems that impose censorship on application programs.

• 2017-06

  Windows 10 S was a jail: only programs from the Windows Store could be installed and executed. It was however possible to upgrade to Windows 10 Pro. The successor of Windows 10 S is a special configuration of Windows 10 called S mode. The major difference with Windows 10 S is that there is an easy way to switch out of S mode.

• 2012-10

  Windows 8 on “mobile devices” (now defunct) was a jail.

Tyrants

Tyrants are systems that reject any operating system not “authorized” by the manufacturer.

• 2016-07

  Microsoft accidentally left a way for users to install GNU/Linux on Windows RT tablets, but now it has “fixed” the “error”. They have the gall to call this “protecting” the users. The article talks of installing “Linux”, but the context shows it is really GNU/Linux that users install.

• 2011-10

  Mobile devices that come with Windows 8 are tyrants.

As this page shows, if you do want to clean your computer of malware, the first software to delete is Windows.