Microsoft sneaks telemetry into Windows 7 via security update
Microsoft appears to be at it again, adding telemetry components into its operating system. This time around it is Windows 7 that gets the telemetry treatment, and Microsoft seems to have gone about things in a rather sneaky fashion.
The latest "security-only" update for Windows 7 includes a Compatibility Appraiser element (KB2952664) which performs checks to see whether a system can be updated to Windows 10. Hardly what most people would consider a security-only update. So what's going on?
- Microsoft is retiring its 3D model repository Remix 3D
- Microsoft releases Windows 10 20H1 Build 18936 with passwordless sign-ins
- Microsoft releases public preview of Desktop Analytics to help with Windows 10 update readiness checks
Released on Patch Tuesday earlier this week, the update (July 9, 2019—KB4507456 (Security-only update) as Microsoft has labeled it) is billed as having the following "key changes": "Security updates to Windows Server, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Shell, Windows Input and Composition, and Windows Kernel".
There is no mention of the bundled Compatibility Appraiser element (KB2952664), and this apparently dishonesty (a security-only update which includes non-security elements) coupled with Microsoft's lack of transparency has raised hackles and suspicions.
Woody Leonhard was among those to speak out about the issue:
Microsoft included the KB2952664 functionality (known as the "Compatibility Appraiser") in the Security Quality Monthly Rollups for Windows 7 back in September 2018. The move was announced by Microsoft ahead of time.
With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the "Compatibility Appraiser" and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates).
Come on Microsoft. This is not a security-only update. How do you justify this sneaky behavior? Where is the transparency now.
Contacted by ZDNet's Ed Bott, Microsoft responded with a rather unhelpful "no comment".
The one saving grace -- if there is a silver lining to a sneaky cloud of deception -- is that the Compatibility Appraiser does not (if Microsoft is to be believed) throw us back to the days of the GWX nagging:
The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.
It's possible that Microsoft genuinely sees encouraging Windows 7 users to move to Windows 10 as a matter of security, but the company is doing itself no favors and making itself no new friends by being underhand in its approach.
If you've installed the update and want to avoid the appraiser, you can simply disable the following tasks in the Task Scheduler:
- \Microsoft\Windows\Application Experience\ProgramDataUpdater
- \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
- \Microsoft\Windows\Application Experience\AitAgent