Saying "Client information is sacred" and stealing executables off all windows machines with the automatic sample submission on by default does not go well together.
Thats an awfully low standard to set don't you think?
I don't think it makes sense for the public. Stealing files from unsuspecting users without as much as a popup saying "hey, we just snatched this file without you knowing this is even a possibility" is just sad.
While it has been normalized, the ops point is correct that the lip service to client data being sacred, does not match the actions of uploading clients data!
That's whataboutism. I absolutely do not want Microsoft grabbing stuff from my PC without asking me, it's so insidious. And then they put the switches to turn these off behind so many loops and registry flags that's it's a nightmare to turn this crap off.
And, if you turn off automatic sample submission, the Windows Defender icon in the task tray displays a scary exclamation mark, warning you that you might not be secure.
That incident did not provide proof. A text string is not a program. Given that over the last 20 years no one has shown that there is any code for the fantasy backdoor is near proof there isn't. Reversing the binaries and demonstrating such a backdoor would make one famous.
So no, this is not proof. At this point the lack of proof is near proof no backdoor existed.
"Reversing the binaries and demonstrating such a backdoor would make one famous."
At the risk of sounding tin hatty, not true. (In)Famy doesn't equal success or money, anyone attempting to post state secrets without the help of another state is probably not hard to intercept and buy off...
Anyways, there doesn't need to be proof - a (forced) system update straight from the source (Microsoft), targeted to your machine, is all it takes to make all security redundant, and there are enough publicly known phone home systems in Windows that we don't really need to prove they don't already dragnet.
I'll grant you, subverting corporate sec is a bit harder, but usually boils down to a bit of carfully targeted infil, put the right exceptions in the right corporate solutions, and corp security is also nill.
Hasn't this been debunked multiple times, or at least never been proved to be a backdoor? I mean I don't doubt there are backdoors or exploits used by the NSA in most mainstream OS, but I don't think this is a good example of that