Windows 10 is chatty

by Jonathan Nicholas on January 27th, 2018
in Background

Someone mentioned that Windows 10 is pretty chatty, so I thought I would take a look.  I don't have a Windows 10 machine so I borrowed my son's laptop and put Wireshark on it.  I captured traffic for just under 15 minutes with no applications running.

There were 700k packets exchanged with 67 different public IP addresses. A total of 650MB was downloaded.   I suppose nothing about Microsoft should surprise you, but I was a bit surprised!

How I analysed the data.

I love Wireshark!  You can do so much with it.  As well as the normal view (below) there is a "conversations" view which splits the traffic by address.  

 

It even looks up reverse DNS entries for you.   Talking of which most of them look OK as they are either Microsoft of Akmai but one looked a bit supiscious, candycrushsoda.king.com.   Turns out the site hosts some game which my son has installed and I assume it was lchecking in somehow.

Conclusions

The high volume of data was not surprising as MS has released a new update for Windows 10, this machine had 15063.something and it needs to update to the Fall Creators Update 1709.  What was disturbing was the sheer number of IP addresses it was talking to.  The ones which resolved as microsoft.com are presumably OK but there wer many tens of addresses belonging to Akamai.  How are we supposed to know if they are good?

How do you maintain Windows 10 in a secure environment?  Blocking all web traffic and updating manually, is probably not a good solution.  But how can you know what are "good" addresses to get updates?

No feedback yet


Form is loading...