Stop Windows 7 Microsoft SpyNet to alleviate privacy concerns


Windows 7 comes built-in with a SpyNet service (connected to Windows Defender and Microsoft Security Essentials) that logs various data related to these programs and sends them to Microsoft.

Although the name sounds like a dangerous “Big Brother” spying program from Microsoft, it isn’t quite as dangerous (at least on the outset).

SpyNet runs automatically if you use the recommended option “Help protect your computer and improve Windows automatically” during install. Data typically connected include those about malicious software detected, its source and actions performed against it by the user or by security programs. Worryingly, Microsoft admits that personal information might also be sent. They do say that it will not be used to identify the user. If you are worried about the personal data, belwo are the steps to disable Microsoft SpyNet for good.

For Windows Defender
Bring up Windows Defender (type first few letters of it in Start > search box). Go to Tools > Microsoft SpyNet. In the resulting screen, change the setting to “I don’t want to join Microsoft SpyNet at this time”.


For MS Security Essential
If you have Microsoft Security Essentials, disabling SpyNet has to be done manually in the form of editing a Windows registry.

Open Registry editor (Start > regedit in search box). Navigate to the location below using left pane:
Hkey_LocaL_Machine\Software\Microsoft\Microsoft Antimalware\SpyNet\

Double click the value SpyNetReporting and change its value to 0 to disable SpyNet.


  1. Spynet creates a digital signature of every bit of software on your computer. If all of your software is registered, you have no problem. If you have a bit of unlicensed software, well, you’ve just turned yourself in to the Man.

    Now suppose you’re attacked by polymorphic virus, such as the Alureon family of viruses. These viruses inject code into executable files, and thus might change the digital signature. The next time you update, Spynet reports.the signature change to Microsoft. Of course, at this point Microsoft doesn’t know if the signature changed because you had a virus or if you just installed some new software.

    But suppose thousands of capable users have their signatures changed the same way on the same day. The signature changes are reported by Spynet. Then, swearing and cursing, a bunch of these people manage to get rid of the virus by going back to a restore point or a backup image. The signatures change back to what they were. And that too is reported.

    At this point, Microsoft Security sits up and takes notice. “Aha”, it says. ” A whole bunch of people had to restore their hard drives. I wonder if they were hit by a virus. Let’s check it out.” And so they set to work trying to find the virus and figure out how to clean it.

    Point being, cloud programs like Spynet merely report the infection. The solution won’t be found immediately or automatically. That still take human intervention, and it can take a long time. The volsnap.sys virus has been around since 2009 and the software vendors are still trying to figure out how to remove it automatically. I don’t want to knock cloud computing before it’s been given a fair trial, but I’m doubtful that it will find viruses any faster than users manually reporting them to their software vendors.

    In the meantime you’re telling Microsoft every piece of software on your system. Are you sure it’s all licensed?

Comments are closed.