Security hole in newer Windows versions

Topics: Technical Issues
Jul 31, 2015 at 11:28 PM
Edited Jul 31, 2015 at 11:31 PM
With newer versions of Windows apparently making hibernation mandatory, it seems likely that VeraCrypt passwords kept in system memory are always being stored in the Windows hibernation file and are therefore ripe for the picking by anyone who has access to your hard drive - even when the machine is powered off.

What is VeraCrypt's response to this Microsoft strategy, beyond just saying that it basically wipes out all the security that VeraCrypt has worked so hard to provide? Is some kind of technical countermeasure possible, or should VeraCrypt users simply abandon Windows in favor of Linux?

http://arstechnica.com/gadgets/2015/07/faster-booting-smaller-footprint-make-windows-10-an-easy-upgrade-for-old-pcs/

"Where Windows 7 users will notice the biggest boost [when upgrading to Windows 10] is in boot times, something we’ve talked about before. The foundational work was actually done in Windows 8—when you start Windows 7, it needs to load the entire OS and the user session from disk every time. Windows 8’s shut down is more like system hibernation. The core OS is dumped from RAM to disk and then restored to RAM from disk when you start up. ... There’s a separate but related feature these systems use to squeeze Windows into a smaller amount of disk space, and it’s called WIMBoot. WIMBoot is a proto-version of the file compression Windows 10 uses to save space—your system boots from a compressed Windows image file (WIM), usually kept on a separate partition at the end of the driver. This partition can also be used for system recovery."
Aug 1, 2015 at 2:57 PM

Make that MULTIPLE security holes...

https://bgr.com/2015/07/31/windows-10-upgrade-spying-how-to-opt-out/

Windows 10 is spying on almost everything you do

http://www.rockpapershotgun.com/2015/07/30/windows-10-privacy-settings/

Windows 10 Is Spying On You: Here’s How To Stop It

Coordinator
Aug 1, 2015 at 9:33 PM
Thank you for sharing these information.
Windows 10 is a privacy nightmare...As for the hibernation issue, it is just a continuation of the "Hybrid boot and shutdown" feature that was introduced in Windows 8. There are ways to disable things and to come up with a more secure configuration. It will need sometime to study all the aspect and come up with the best proposals.

In the meantime, there is an intersting discussin in reddit about this: https://www.reddit.com/r/Windows10/comments/3f38ed/guide_how_to_disable_data_logging_in_w10/
Aug 3, 2015 at 9:46 AM
Hi idrassi,

I was wondering if you turn off the hibernation mode using this method:

2.In the search results list, right-click Command Prompt, and then click Run as Administrator.
3.When you are prompted by User Account Control, click Continue.
4.At the command prompt, type powercfg.exe /hibernate off, and then press Enter.

In your opinion does "Hybrid boot and shutdown" actually present a security threat?
Aug 4, 2015 at 8:02 PM
the hibernation issue is to be solved in my opinion by the only logical step: DISMOUNT EVERYTHING before logging off :)

watch out for Windows 11 though, it might have a keyloger sending all your keystrokes to MS for your own protection :) regular automatic obligatory backup to the MS cloud server of all your data will be guarding your online safety and ensure the sustainability of your working experience by maintaining better working environment LOL
Aug 4, 2015 at 9:25 PM
Edited Aug 4, 2015 at 9:26 PM

An interesting comment from an ArsTechnica article on "privacy" in Windows 10:

http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/?comments=1

mrseb wrote: By all means, if anyone has some other privacy-related tips for Windows 10, leave a comment here, and I'll update the story later.

These guys already have a comprehensive list ;)

http://www.howtogeek.com/224616/30-ways-windows-10-phones-home/

(article: "30 ways Windows 10 phones home" at www.howtogeek.com)

One thing I didn't realize was that Home edition can encrypt drives with bitlocker, but only if you're signed into your Microsoft account. At which point your recovery key is uploaded to OneDrive.

Which, if you're paranoid, might not be a good thing.
Aug 4, 2015 at 9:33 PM

It gets worse...

Sebastian, I don't think you can turn off telemetry easily.

From http://www.ghacks.net/2015/07/30/windows-10-and-privacy/

[Image illustrating that Windows 10 makes it impossible for home users to fully disable "telemetry" of user data to Microsoft's servers]

In the descriptive text:

Quote:
Setting a value of 0 is applicable to enterprise and server devices only. Setting a value of 0 for other devices is equivalent to choosing a value of 1.


So yeah, even if you disable it, it still stays on if you have Home or Pro edition. Only the Enterprise and Server editions can have telemetry completely disabled.