Microsoft has been preparing Windows 7 and Windows 8.1 PCs for a more aggressive Windows 10 upgrade strategy that the company will kick off shortly, according to the developer of a tool that blocks such upgrades.
“Over Thanksgiving weekend I started getting reports that the Windows Update ‘AllowOSUpgrade’ setting was getting flipped back on on a number of peoples’ PCs, and it keeps re-setting itself at least once a day if they switch it back off,” said Josh Mayfield, the software engineer who created GWX Control Panel. The tool was originally designed to make the “Get Windows 10” (hence GWX) applet go away after Microsoft installed it on consumer and small business Windows 7 and 8.1 PCs starting in March, then activated in June.
“This is new behavior, and it does leave your PC vulnerable to unwanted Windows 10 upgrade behavior,” he said.
Mayfield has been tracking Microsoft’s various moves since last summer to keep his GWX Control Panel up to date with new features required to block the upgrade from appearing on PCs, and from automatically beginning the install process.
The latest update to GWX Control Panel, which shifted the version number to 1.6, added background monitoring so that users did not have to repeatedly relaunch the app to detect changes in Microsoft’s upgrade strategy. Mayfield released GWX Control Panel 1.6 — which is a free download — on Nov. 24.
Concurrent with the release of GWX Control Panel 1.6, Mayfield began hearing from users that their PCs were being switched from a “do-not-upgrade-to-Windows-10” status to a “do-upgrade” state, often multiple times daily.
In an interview Friday, Mayfield said that the Windows 10 upgrade setting switcheroo on Windows 7 and 8.1 PCs was apparently due to continued updates that Microsoft has shoved onto the older devices. The Redmond, Wash. company has repeatedly re-served its original GWX app to PCs, often with undocumented changes, even if the machine already had the app, or even if the user had managed to uninstall it previously.
“Microsoft has released this update several times,” said Mayfield. “It doesn’t change the name of the update, but every version is new, with new binary files.”
Also in play, said Mayfield, were updates to the Windows Update client on Windows 7 and Windows 8.1 PCs that Microsoft has also pushed to customers: Windows Update was refreshed last week for both Windows 7 and Windows 8.1.
Documentation for the Dec. 1 updates to Windows Update did not spell out all the changes, but did state, “This update enables support for additional upgrade scenarios from Windows 7 to Windows 10, and provides a smoother experience when you have to retry an operating system upgrade because of certain failure conditions. This update also improves the ability of Microsoft to monitor the quality of the upgrade experience.”
There’s more to those updates than that, Mayfield argued. “They’re telling [the PC’s] Windows Update client that this computer can be upgraded to Windows 10,” Mayfield said. “[The Windows Update client] is constantly checking settings several times an hour. It’s fully aware of the Windows 10 upgrade.”
The Get GWX updates and the more recent refreshes to Windows Update on Windows 7 and 8.1 are running in tandem, Mayfield said. “They’re working together,” he argued. “They’re laying the groundwork for something.”
That “something” is likely the next step in an unprecedented scheme by Microsoft to boost adoption of Windows 10.
In late October, Terry Myerson, the Microsoft executive who runs the Windows and devices teams — dubbed the “More Personal Computing” group — outlined how Microsoft would try to convince users of Windows 7 and 8.1 to upgrade to Windows 10. Rather than wait for customers running the older editions to request a copy of the new OS — the original idea from the summer — Microsoft will instead begin to automatically send the upgrade to PCs via Windows Update, the default security maintenance service.
The new push will be a two-step process, with the first kicking in this year, the second in early 2016. First, Microsoft will add the Windows 10 upgrade to the Windows Update list on Windows 7 and 8.1 systems as an “optional” item. That list can be examined by users, letting them choose — or not — each optional update.
Sometime next year, Microsoft will shift the Windows 10 upgrade from optional to the “recommended” list. Updates on that list are automatically downloaded and installed on most PCs.
While the Windows 10 upgrade delivered as a recommended update will automatically begin the installation process, the user will be able to refuse the OS change early in the process. “Before the upgrade changes the OS of your device, you will be clearly prompted to choose whether or not to continue,” Myerson promised in October.
Microsoft is counting on a large portion of users to allow that upgrade to proceed.
Many Windows users, however, are not yet ready to upgrade to Windows 10, and are tired of being bombarded with the nagging messages to change operating systems. That includes Mayfield, who wants to remain on Windows 7, a desire that prompted him to create GWX Control Panel.
Because he’s been closely monitoring how Microsoft force-feeds the upgrade to Windows 7 and 8.1 devices — necessary to keep his app in step with Microsoft’s changes — he’s become an expert on what the company has been doing, often surreptitiously, to prepare PCs for Windows 10 and execute its “get-Windows-10” game plan.
By monitoring his own test PCs — eight all told — and from the reports he’s received from GWX Control Panel users, Mayfield has concluded that Microsoft is manipulating Windows 7 and Windows 8.1 PCs with behind-the-scenes changes, part of its effort to ensure Windows 10 ends up on as many devices as possible.
Microsoft’s original GWX app, for example, does more than just display an icon in the Windows 7/8.1 taskbar and let customers “reserve” a copy of the Windows 10 upgrade. “It’s pushed down three different processes that each had different jobs and were unrelated to the icon,” said Mayfield Friday. Currently, his GWX Control Panel monitors 10 different Windows settings that may leave a Windows 7/8.1 PC “potentially vulnerable to unexpected Windows 10 upgrade behavior,” Mayfield wrote in a Nov. 26 guide to his app.
Microsoft keeps changing those settings, sometimes adding new ones, without the user knowing, Mayfield said. For example, users have reported that their prior GWX Control Panel settings have been overridden by recent updates from Microsoft. In some cases, even Mayfield has been unable to figure out which components of Windows 7/8.1 were responsible.
It’s unknown whether Microsoft has, in fact, begun placing the Windows 10 upgrade on older OS-powered devices as an optional item in Windows Update. Microsoft has declined to provide more information than what Myerson gave out on Oct. 29 about the timetable for the upgrade hitting Windows Update. “We will soon be publishing Windows 10 as an ‘Optional Update’ in Windows Update for all Windows 7 and Windows 8.1 customers,” Myerson said five weeks ago [emphasis added]. “Early next year, we expect to be re-categorizing Windows 10 as a ‘Recommended Update.'”
The lack of reports online, including on Microsoft’s own Windows 10 support forums, argues that the company has not yet started adding the upgrade to Windows Update on Windows 7/8.1 PCs.
The first move may happen as soon as Tuesday, Dec. 8, which is the month’s already-scheduled “Patch Tuesday,” the day Microsoft historically serves up security updates. Microsoft often uses Patch Tuesday to deliver other, non-security updates.
In Mayfield’s eyes, the background machinations conducted by Microsoft’s GWX app and the recent changes to the Windows Update client on Windows 7 and Windows 8.1 systems are clues that the company is preparing for the upgrade reaching the optional list.
The GWX Control Panel app can be downloaded from Mayfield’s website. While the app is free, Mayfield does accept donations from appreciative users via PayPal. But he’s not getting rich from those donations. “I get a donation from about one in every thousand downloads,” he said Friday.
When users allow GXW Control Panel to run in the background, what Mayfield called “Monitor Mode” — and which debuted in version 1.6 — the app detects any behind-the-scenes changes Microsoft makes to Windows 7 or 8.1 to grease the wheels for the Windows 10 upgrade. Users can then use GWX to restore the PC’s settings to a “do-not-upgrade” state.
Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.
The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.
One byproduct of this trend is that the duration of attacks is smaller than it has been during past quarters.
These subscription sites limit the duration of attacks to somewhere between 20 minutes and an hour, Akamai says. “Instead of spending time and effort to build and maintain DDoS botnets, it’s far easier for attackers to use booter-stresser tools to exploit network devices and unsecured service protocols,” according to the report.
These tools can’t generate the big attacks that can be launched from DDoS botnets, but attackers may use them because, for a time at least, they give an aura of anonymity by masking the origin of attacks.
The report is based on data observed and identified by Akamai on its network of more than 200,000 servers in more than 100 countries. The data can be influenced over time by the mix of Akamai’s customer base, new products and new attack-detection tools, so which may skew trends. Its network transmits 15% to 30% of Internet traffic.
Despite a drop in attack duration, the average attack detected during the quarter still lasted 18.86 hours, a drop from 22.36 hours a year ago.
The report says there are more DDoS attacks compared to last year at the same time and they not only don’t last as long on average and there are fewer attacks greater than 100GB. The number of biggest attacks detected by Akamai over the quarter, those over 100GBps, has dropped to eight from 17 in the same quarter of 2015.
Half of all DDoS attacks were against gaming sites, with software and technology firms combining to tally another 25%.
There were 1,510 DDoS attacks recorded for the quarter, up 180% from the year before and up 23% from the quarter before. Application layer DDoS attacks were up 26% over last year and infrastructure layer attacks nearly tripled, up 198%.
Web apps attacks were launched mainly against home networks.
The report took a look at where attacks originate and found that the U.K. (26%) was the source of the largest percentage of DDoS attacks, followed by China (21%) and the U.S. (17). Leaders in this category have fluctuated. Last quarter the top three were China (37%), U.S. (18%) and U.K. (10%). Last year it was China (20%), Brazil (17.5%) and Mexico (14%).
The report makes a number of predictions:
Expect more records set for DDoS attacks, with varying attack methods.
Because of the huge number of users and vulnerable devices located in the U.S., it will remain the top source of malicious traffic.
Attacks against gaming will continue as players look for competitive edges and as platforms remain vulnerable.
Retailers will suffer the vast majority of Web apps attacks because successful exploits prove so lucrative.