Win 10 mess up VPN security

Impetus

I ‘updated’ a spare pc to Win 10, for the second time, just before the “free” update to Win 10 period expires, to determine if this junkware had got any better. On the previous attempt it was buggy, and I moved back to the legacy o/s for the machine.

I noticed that Windows 10 messes up VPN settings (inherited from a Win 7 installation) – reducing the security settings to the lowest available. The VPN appears to work, but on examination, the encryption used has been proven to be broken.

Yet another security weakness introduced to one’s system using Win 10. So much for Microsoft’s claim that Win 10 was more secure…..

The only solution is to delete the VPN in Win 10 after changing to that operating system, and re-enter the configuration manually within the Win 10 environment.

I also noticed, that if you return from Win 10 to say Win 7, the conversion process deletes the VPN settings completely.

One wonders what other security weaknesses has Microsoft built in to Windows 10?

testicles

This post has been deleted.

Impetus

testicles wrote: »

This post has been deleted.

If so, why does the Win 10 VPN client change the set-up from use SSTP and "maximum strength encryption, (disconnect if server declines) to PPTP and "optional encryption connect even if no encryption"?

The same VPN server has not fiddled with VPN settings on Win 7 clients.

testicles

This post has been deleted.

Tenshot

As a counter-part, I've updated two systems from Win7 to Win10 recently. On both of them, the VPN connection survived intact with no reconfiguration needed.

These were PPTP connections however.

I've upgraded about 15 systems this month in advance of the deadline. While the upgrade process itself has been a mixed bag, all the systems are running well post-upgrade with no major problems reported by users.

Impetus

testicles wrote: »

This post has been deleted.

The VPN concentrator is configured to accept PPTP as well as SSTP. The small number of people who use it take responsibility for their clients, in accordance with company policy. There are some Linux clients which will not work with SSTP, which have to be accommodated.

Impetus

Tenshot wrote: »

As a counter-part, I've updated two systems from Win7 to Win10 recently. On both of them, the VPN connection survived intact with no reconfiguration needed.

These were PPTP connections however.

I've upgraded about 15 systems this month in advance of the deadline. While the upgrade process itself has been a mixed bag, all the systems are running well post-upgrade with no major problems reported by users.

https://www.schneier.com/academic/pptp/

syklops

Just like the security bug on the Ryanair website, you have of course sent a bug report to Microsoft?

Impetus

syklops wrote: »

Just like the security bug on the Ryanair website, you have of course sent a bug report to Microsoft?

I can't find a means of doing this. Microsoft seems to be only interested in communicating with US customers. Whether it is a bug or intentional is another thing. Or just sloppy conversion procedures between Win 7 and 10. Where the developers are too lazy to map the configuration precisely from the 7 to 10 versions. Which shouldn't be too hard, as Win 10 is little more than a cosmetic gloss on 7.