Microsoft secretly adds snooping codes into C++ Binaries Visual Studio 2015

Microsoft adds secret snooping codes into C++ Binaries Visual Studio 2015, when caught says it is for debugging

Microsoft has once again upset a large number of people, and this time because of the company’s updated Visual Studio 2015, which is adding secret telemetry code in the C++ binaries compiled by every developer.

The issue surfaced in May on Reddit, when a user notice Microsoft inserting telemetry_main_invoke_trigger and telemetry_main_return_trigger into binaries as they are compiled. They have been found in both debug and release versions of the software in Windows 7 and Windows 10. There is now a busy thread on Reddit debating the company’s thinking behind including this ‘feature’.

What was bothersome for the Reddit users that the existence of the functions was not referenced in any documentation, not online, and neither in the software’s built-in documentation package.

Telemetry data is a sensitive subject with Microsoft users, and at the start, most people thought this to be another method through which Microsoft adds telemetry calls to snoop on users and the way they use their software on Windows.

Steve Carroll, one of the high-ranking managers for the Visual Studio team, was kind enough to answer’s everyone’s questions regarding this undocumented feature.

“Our intent was benign – our desire was to build a framework that will help investigate performance problems and improve the quality of our optimizer should we get any reports of slowdowns or endemic perf problems in the field.

“We apologize for raising the suspicion levels even further by not including the CRT source, this was just an oversight on our part. Despite that, some of you already investigated how this mechanism works in nice detail. As you have already called out, what the code does is trigger an ETW event which, when it’s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We haven’t actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead.”

This debug feature was added in Visual Studio 2015 Update 1, and is currently on Update 2 as well, However, Carroll says its team plans to remove it in Update 3 after this strong backlash.

He also offered a workaround for those concerned about the telemetry feature and said that to remove any telemetry calls added automatically to any compiled C++ binaries; developers should add the notelemetry.obj to their linker command line.

Previously to being talked on Reddit, Russian developers also had a run-in with the telemetry call and had discussions about it on Habrahabr.

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyer
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!


Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post