You are here: Home Services Software and Hardware Software Know-how Windows 10 - not ready for the everyday work

Windows 10 - not ready for the everyday work

As of: 21.10.2015 (revised version)

Windows 10 is available - both as OEM operating systems when purchased with a computer, and in the software shop from our Select Plus framework agreement. The first experiences confirm the expectations, which we change in the article Windows 10 - Quick Change? (Part 1 + Part 2, worth reading according to confirmations!). There are - as reported - problems with the upgrade in connection with the Cisco VPN-software and PGina, an authentication for e.g.: CIP-Pools should probably not run under Windows 10. We observe further. The antivirus software McAfee and Sophos now seem to run on Windows 10.

Meanwhile the KMS servers of the HRZ are converted to the activation also of Windows 10 and Office 2016. Questions, as usual, by E-Mail to [Email protection active, please enable JavaScript.]

The problem "data slingshot" is still acute with Windows 10 (see article, part 2 or the interesting article from astechnia.com: "Even when told not to, Windows 10 just can't stop talking to Microsoft", where Microsoft has reported that one or the other behaviour of telemetry - especially under Windows 10 Education - would result from a bug that would be fixed "as fast as possible"**).

Some data protection officers investigate whether the product Windows 10 is allowed to be used at all! Microsoft itself says that everything is securely configurable - tools like "Shutup 10" from O&O help to set everything to "green"! - and a lot of that may be true. But if the security is (possibly) established, there is - except perhaps around DirectX12 - actually no reason to switch from Windows 7 or 8.x to Windows 10 today. This may be different next spring. 

But even if everything should be compliant to the data protection: exactly this information about the data, their use/link and the effects of this behaviour gives serious thought - not only for the use at the University of Bonn!

Note: The problem "data octopus" is not only a problem with Windows 10. Chip has explained that even the latest updates in Windows 7, 8 and 8.1 now collect "general information" and send it to Microsoft. 

Of course, Heise countered that all this only extends the existing services. In this context it is also explained that patch KB3075249 "... only the telemetry data, which Microsoft collects anyway in Windows 7 and 8.1, for example in the context of error reporting, with new data points [added]: After the import, Microsoft additionally learns about it when a process running with a low binding level tries to extend its rights via the user account control." (see www.heise.de/newsticker/meldung/Angebliche-Schnueffel-Updates-fuer-Windows-7-und-8-1-2792343.html )

It is helpful to know that this "reporting service" should also be switched off at a university, because, for example, the data protection regulations for Windows 8.1 can be read in the "Features - Supplement" section (privacy.microsoft.com/en-GB/windows-8-1-privacy-statement#T1=supplement ):

"If you turn on automatic reporting when you set up Windows, the reporting service automatically sends basic information about where you're having problems. In some cases, the Reporting Service automatically sends additional information that can help diagnose the problem, such as a partial snapshot of PC memory. Some error reports may unintentionally contain personal information. For example, a report that includes a snapshot of PC memory may include your name, a portion of the document you've been working on, or data recently submitted to a Web site."

Good for the one who, when his Word crashes, has not worked in his latest research report or even previously logged on to confidential (research) websites using Internet Explorer...

Incidentally, the data protection regulations do not specify what happens to the data in the error report since the error has been detected and analysed and what is described above for Windows 8.1 is also valid for other Windows versions in any case, even if I didn't find this detailed description at privacy.microsoft.com/en-GB/windows10privacy

Windows 10 should be tried out at the university, if an installation is already to be done on test computers, in any case without all the "nice new services" (Cortana, location transmission, synchronization via devices, etc.) and without the "Microsoft Cloud" (e.g. LiveID, OneDrive, etc.).

For all these reasons it remains (as of Oct 2015) on our warning: On the use of Windows 10 on workstations of the university is still discouraged.

In the Softwareshop you will the versions "Windows 10 Educational incl. Software Assurance" (a special version of Windows 10 Enterprise; this software is no longer available without SA) and a "Windows 10 Pro" (without SA) for the framework contract Select-Plus, which may only be used if the computer is assigned a valid Windows 7,8 or 8.1 Pro license. According to our information, a change from "Windows 7 Enterprise" to "Windows 10 Pro" is not possible under licensing law, even if the information provided by ASKnet claims otherwise: It remains thereby that all operating systems versions from MS Select - also in a virtual machine e.g. under Linux - ONLY may be installed, if the computer is also assigned a suitable basic operating system (which was not bought from Select, there are only upgrades!). But also this topic is worth an article, because with the introduction of Windows 10 also this topic has changed***.

If you already need an activation for tests in advance (which cannot yet take place automatically), please send an e-mail to [Email protection active, please enable JavaScript.] with a short explanation.

We wish you a wonderful day!

Andreas Beutgen 

Head of the Department "Workplace Systems" at the HRZ

 

PS: --- Side Considerations ---

Last Message

Microsoft claims that Windows 10 and the use of Office 365 in the cloud is also safe for companies. The conditions of "Safe Harbour", which was described by the European Court of Justice as insufficient under data protection law, would have been for exceeded due to specific securities and technologies at Microsoft. The ECJ's ruling was not relevant for MS cloud services (after all, it was already sufficiently known).

Irrespective of this, it is clear that the "official Office 365 offers intended for private individuals" do not meet the increased data protection requirements of a research university! The University of Bonn would have to order an "Office365 for Business" and, above all, administer it itself. Encryption would also be offered by Microsoft, which would make the data secure (read: should make). 

Even if this seems possible, the University of Bonn would have to provide additional resources for such an administrative of Office365 Business. There would be e.g. in the use of about 10% of the users queries (support effort). The infrastructure of the university (e.g. the IdM) would have to be connected (and extended) to the MS systems, a part of the MS technology would have to be set up and operated here in the HRZ (e.g. and AD). None of this is currently possible. 

Therefore: For the time being, the use of the MS Cloud for official purposes is not possible for data protection reasons. 

 

** Bugs in telemetry:

Microsoft has explained that only in Windows 10 Education (and Enterprise, which we can't buy anymore) you can disable (set=0) the telemetry settings via group policies. But even if this happens, a bug currently always sends a basic telemetry to Microsoft. According to our information, the higher settings (2 and 3) are generally not compatible with data protection laws, so that you should always set a maximum of level 1 ("basic information") or 0 ("switch off"). 

*** Basic operating systems

Before you are allowed to install a Windows X Upgrade (!) from the MS SelectPlus framework agreement, a so-called basic operating system must first be assigned to the computer (legally speaking). This can be a purchased OEM operating system Windows as well as a subsequently assigned Systembuilder system. The court rulings, which many years ago permitted the transferability of operating systems to other hardware, were "leveraged" by today often using upgrades and framework agreement conditions a fixed assignment to the hardware (read: to the mainboard of the computer). Please read the information of ASKnet AG, which we have written under "Software --> PC Operating Systems" at the bottom of this page. 

The OEM systems (with which hardware is sold) today often cost 120 Euro for the Home Edition or 260 Euro for the Professional Edition of Windows 10 including support or between 100 and 150 Euro for versions without support. Microsoft increases thus the prices for operating systems drastically and in this range we get also over our framework contracts no discounts! Also in this area discussions with Microsoft still take place - but so far there is no better information. Latest information says that hardware manufacturers who sell "higher quality PCs" (e.g. 8GB memory or 1TB hard disk or Intel I7 processor) have just been asked by Microsoft not to sell Windows Home there anymore. In the future, there would only be one authorization for a "High Performance" Windows (similar to the Pro version). Wait and see - watch the market - ask. We cannot do more at the moment. We will keep you up to date!

 

 

 

Document Actions