WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems. The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute or need help, take a look at the Wiki.
Telemetry and data collection
To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on :
- Windows 10 Pro 64bits with automatic updates enabled.
- Windows 8.1 Pro 64bits with automatic updates enabled.
- Windows 7 SP1 Pro 64bits with automatic updates enabled.
Traffic dumps are clean every day and compared with the current rules to add/remove some hosts or firewall rules.
Tools used to capture traffic :
All traffic events are available in the
logs folder :
- *-hosts-count.csv: number of events per host
- *-unique.csv: the first trigger of an event per host/process/destination port
The data folder contains the blocking rules based on domains or IPs detected during the capture process :
- data/<type>/winX/spy.txt : Block Windows Spy / Telemetry
- data/<type>/winX/update.txt : Block Windows Update
- data/<type>/winX/extra.txt : Block third-party applications
- DNSCrypt: a protocol for securing communications between a client and a DNS resolver.
- OpenWrt: an open-source project used on embedded devices to route network traffic.
- P2P: a plaintext IP data format from PeerGuardian.
- Proxifier: an advanced proxy client on Windows with a flexible rule system.
- simplewall: a simple tool to configure the Windows Filtering Platform (WFP).
And about data collection, you can read the Telemetry collection page for more info.
- Update hosts for extra and spy rules
- Update IPs for extra and update rules
- Update libs
Copyright (c) 2016-2018 CrazyMax
The post WindowsSpyBlocker v4.26 releases: Block spying and tracking on Windows appeared first on Penetration Testing.