>>>- Phoning home: Hyper-V is designed to scale up to data center/cloud levels. Those operators do not appreciate software phoning home and have the skills to prevent that. Even if MS's EULAs allow Hyper-V to phone home I'd be surprised if it does in practice
>>
>>We recently had a security audit and no problems. But as we sling personal data required to be protected by law over here (the same laws that torpedoed safe harbour, but not only on a personal level, so the requirements are a notch higher) my main worry is that another audit might tut-tut on using Hyper-V as it might contain a backdoor for NSA, having no written guarantee not to phone home and we did not have the knowledge to erect an outbound firewall blocking all of MS tries...
>
>I understand data protection laws are more stringent in Europe (and Germany in particular IIRC). So that makes your lives more difficult.
>
>"written guarantee not to phone home" - I don't know of any product which gives you that. Linux offers no guarantees whatsoever for any reason or purpose. I'm pretty sure the BSDs (even OpenBSD) don't give you that either. And that's just where source can be examined. Hyper-V and VMWare products could have something latent, as end users we can't prove a negative (that the products don't contain phone home/backdoor code). About all we can do is "trust" that those are not in place, the idea being if something is ever found, no-one will trust those products again.

As the calls to home are encrypted (as they should be!) we as MS customers have no way to verify what is sent. Giving customers a chance to verify their own "home phone" calls by letting them decrypt saved home calls could build trust, but in itself would open up a new vector to decrypt for black hats listening in, as patterns a decrypted msg might look like can be expected and help black hat decryption efforts, so the raw text would have to undergo some randomization at least.

If MS cannot give customers insight (either into source or transmit payload), it should give a real option to disable. I have sat in discussions where already given clearance for Win7 and Win8 OS was argued to be rolled back because of backporting the call home behaviour from Win 10. After Snowden I find that hard to argue against.

>
>Security audits can tut-tut but in practice, what can users or sysadmins do? Stop using Hyper-V or VMWare because the code can't be audited? If so, switch to open source - but in that case, who has the skills to audit all that code? You end up having to trust someone - or not use virtualization at all. Running on bare metal servers has its own problems.
>
>It's not just hypervisors. Antivirus products run with deep system privileges and can do anything they want. I don't know of any open-source real-time product; ClamAV is open-source but isn't real-time so if you want real-time protection you're using closed source. It may not apply in your case because many locked-down environments don't run any AV at all but for many organizations and users they're running closed-source AV that has full system privileges, and is known (and allowed) to frequently phone home using encrypted communications.

You remember the Linux based AV frm c't/heise ? That is all we run on our VMs (vhd).
>
>Juniper switchgear with backdoors, Snowden talking about Cisco gear being intercepted and tampered with while being shipped from Cisco to customers, the list is endless...

Yupp. It might make swing the pendulum back to keeping HW on premises, sometimes adding an air gap between sub-nets. Our customer could do it - but that would bar us from doing the job: sometimes I either slept near my machine or brought laptop to the bedroom if a new kink/crisis developed - cannot do that on their premises ;-))

And building own HW for well situated branches might remind you of feudalistic robber baron times, where those with enough resources like a castle were a totally different caste than peasant population....