Debate: How important is it to install ALL Win7/8.1 patches?

Topic

New Reply

Figured I’d kick this one out to the crowd. With October just around the corner, we have two factions here. Their deliberations influence the choice b
[See the full post at: Debate: How important is it to install ALL Win7/8.1 patches?]

Reply | Quote

Replies

Woody, you really are brilliant! I took off my shoe and walloped the computer a couple times. No need to update any more. Peace at last.

Reply | Quote

I am fairly pensive about October.

At all my clients, we use WSUS to control patch releases. Over the years it’s not been uncommon for a specific patch to break software that is critical for the Engineering and Architectural community. Some would say this is the fault of the third party software vendors, and they would be correct . . . but the the fact remains that for these people to do their daily jobs, that software has to work.

So we test patches the day of release, and if we have problems, we block the patch that induced the issue. This has happened on a rough average of twice a year over the last ten years.

With the new patch model rolling out for Windows 7 in October, I am pretty sure this method is going to be much easier – if the patch breaks something we roll the whole patch back.

It’s going to be harder though, if the rollup patches install older patches we already blocked.

And it’s going to be less secure – which is really bothering me – because now we’ll be blocking MORE critical fixes that got lumped in with less critical repairs.

And the following months, the rollup will attempt again to install stuff we had to block.

Really not sure how this is going to work yet – eventually our software vendors fix their stuff to be reliable on up to date patches systems, but it can take them months.

~ Group "Weekend" ~

Reply | Quote

I favour security updates only, in case an update messes up my PC as I wouldn’t know how to fix it. This was my main opposition to W10 as I understood updates couldn’t be prevented (I may be wrong in this)so chose to stay with W7.

Reply | Quote

It’s not important, rather it’s very recommended
having latest common base for system components reduces the ratio of issues or patch fragmentation

it’s the same concept of installing Service Pack, why one would install it? because it have the latest fixes and improvements

if they would ever released Windows SP2, they will include all released patches, internally and for public
that’s why Convenience Rollup KB3125574 is considered an SP2-like, because it follow this rule, it contain almost 1500 patches
https://blogs.technet.microsoft.com/yongrhee/2016/05/20/enterprise-convenience-rollup-update-ii-2-for-windows-7-sp1-and-windows-server-2008-r2-sp1/

Reply | Quote

There’s a good reason in theory to install all patches so as to keep your system up-to-date and as MS intended it to be (and as they tested the patches), but in practice you really want to avoid any problematic ones. I don’t see anything new in that respect with the October change, it’s always been the case.

The main differences will be the increased difficulty in working out what the combined updates actually include, accessing the non-security ones as they won’t be offered under WU as they are now, and keeping the ones you decide not to have off your machine if they keep getting included in the roll-up patches in subsequent months.

The whole discussion about the October changes should only be about the actual Windows OS patches, but I still think that a lot of people don’t realise they’re still going to be offered a slew of other patches relating to e.g. .Net Framework, Office, WU client, etc. Putting the WU settings on “Never” and relying on the MS catalogue to get the security updates manually will mean you won’t automatically be offered all the other updates so will have to track them down and install them manually too.

I’d be very surprised if in practice people end up with either Group A or Group B as a fixed choice. I suspect they’ll assess the situation each month once the new system has settled down and with the present practice of leaving everything for a week or two anyway to see what problems arise.

Those who do backups will continue to be protected anyway, and those who install all updates automatically will carry on as before but with an arguably increased risk of a system problem from the combining of individual patches into one, the likelihood being that it will take MS longer to track down and fix the rogue element within the combined patch.

Reply | Quote

On my “clients” PCs, during the GWX crisis, I unchecked the “Give me recommended” box, and culled the telemetry, GWX, and Win Update Client patches.

On my own machines, I only culled the telemetry, GWX, and Win Update Client patches.

Setting Windows Update to Never check, I have since gone back and rechecked the “recommended” box on the clients machines and unhidden all the ones I hid on all machines. Then I applied KB3172605 for speedup and searched for updates. Most of the GWX related patches had disappeared.

I then installed all the remaining CHECKED patches under important updates. I have NEVER checked what was not already checked under important or optional. So I still have .NET 4.6.1 pending unchecked under importants and a few (including Azerbaijani/Manat and some old Remote Desktop related) on Win7 for example. I figure if MS deems them necessary in the future, they will show up checked and get installed.

IMHO There doesn’t seem to be a problem if some of the superceded and no longer needed patches didn’t get installed. They would not have shown up in the list on a fresh install anyway.

Reply | Quote

Will install updates that have purpose. If they add telemetry or prep for windows 10 they have no purpose and are not installed. I don’t object to many of the optional updates.

Reply | Quote

Speaking only from experience, I have always been selective about installing updates, ignoring those that were irrelevant to my hardware, software or usage. And that was before GWX. All my machines have been stable on Win7 Pro and Win 8.1 with no apparent problems from not installing all updates.
As of October, I am in Group B, moving swiftly to the W Bench if the need arises.

Reply | Quote

I don’t think it’s important at all, and since we have a choice (being able to install updates only when we see fit), I think we’re doing ourselves a disservice if we take them, on or around day 0.

Win10 AU is a prime example of why this is a bad idea.

Let patches and updates mature. Let them stew out in the wild for a bit.

MS has had a laundry list (it feels like) of updates that have come out and caused a lot of issues to more than just a handful of machines. The Win7 updates released last Tuesday ended up blue screening my boss’ workstation. Perfectly good machine for the last 2 1/2 years, and for some reason, one of those updates just broke it. Luckily he was able to revert and get a working machine again.

I think these types of things will continue in frequency. At this point, I wouldn’t put it past MS to sneakily sabotage machines with bad updates – after all, they spent the last year and a half trying to force Win10 down everyone’s throat as much as possible, with all the updates, the “mysteriously” checked by default updates, the upgrading with no interaction or EULA acceptance, and modification of the registry to allow upgrades on machines that at one point were edited to NOT all upgrades.

I don’t trust MS at all at this point. I generally wait 2 weeks after update release to apply the updates; sometimes longer. My methods will not change just because MS wants to try to make things more difficult for me, removing the ability for me to pick and choose what updates I want, ignoring those that I don’t. If anything, my machines may be run unpatched going forward, because I’m not ready to cede control. Just because you own the software does not mean you own the hardware.

If MS wants to come to my home and give me a check for all my hardware, then I’ll let them do whatever they want with it. Until then, I’m in control and that’s not going to change. If MS continues to attempt to strip away that control, it’ll just more quickly push me towards the Linux ecosystem.

Reply | Quote

I will briefly summarise what I have been saying here on this site for the last few months.

Group A: This is where most non-technical users should be, after all updates are cleared by Woody or at least after waiting a minimum of 3 weeks from their release. The easiest and reliable way to achieve this outcome is to configure your WU for Never check for updates and when the time comes, scan manually for updates, install and scan few more times until you are convinced that nothing else is available.

Group B: Those who have their own reasons for not installing all updates and most reasons are related to telemetry concerns as far as I know, may install all Important updates only. Installing only Security updates is incorrect practice as in addition to Security updates, all Important non-security updates should be installed. Important does not include Recommended in this context. Recommended belongs to Group A.

For a new installation of Windows 7 64-bit SP1, to avoid faulty detection of the new updates, you should manually install in the following order at minimum:
– KB2533552 (optional, not technically required, but for cosmetic reasons and to avoid further confusion related to the Windows Update Agent detection routine, indicated to install in that order)
– KB3020369
– KB3138612

KB2533552 and KB3020369 and KB3138612 are all Critical Updates and the last 2 are absolutely essential at the date of this post.

Optionally, next you can install KB3172605, but with this one you have already moved into Group A, as it is not a Critical or Security Update, only Recommended. Be aware that there are still reports of issues with Intel Bluetooth related to this update which still affects a certain number of users and some are regular posters here.

This is the bare minimum.
To avoid further issues with Windows Update, you may go ahead and install KB3185911 which is a Security update for September 2016, the so called “magic patch” for September 2016. If everything is working correctly you should be OK with those initial patches for many months to come to get started with the official Windows Update agent.

Reply | Quote

Woody: In your September 4, 2016 article, you said “You can move from Group B [installing the monthly non-cumulative security-only updates] to Group A [installing the monthly cumulative security-plus-non-security rollups], but … there’s no way to move from Group A to Group B without completely re-installing Win7 or 8.1.” Could you please give a more detailed explanation of why Group A adopters are locked into their initial choice; I think it would help users decide which group to join in October 2016. I’m a long-time AskWoody reader (both this website and your books), first-time AskWoody commenter. Many thanks for all the good advice you’ve provided over the years. You perform an invaluable service.

Reply | Quote

@Woody,

Don’t forget the people who will decide not to do any updating, not even security, after the new updating system is put in place in October: your “Group W”.
I don’t think that this third group is a subset of Group B, but quite a separate beast.

Due to the sorts of participants you have here on this site (more skeptical and more concerned about the changes that are happening in Windows 7/8 than the average Joe Q. Public probably is),
I bet if you took a poll over the next several weeks (keeping it open for a while, so that infrequent visitors here who are waiting for October’s Patch Tuesday before returning again to learn what your advice will be) about what people are thinking of doing, the third group could be pretty sizeable, maybe eventually it could number 20%+ of your readers here….

Reply | Quote

I have posted this elsewhere, so I am sorry for the duplication, but this is a direct answer to this particular question.

I do not believe it is necessary to install updates. In fact, my clients’ 150 Win7 machines run very well indeed after about a year of rejecting all updates posted in the list of proposed updates that do not start with the word security. Exceptions for things like the malicious, ++ updates and the like.

In addition, I have re-built many computers over this last year, specifically rejecting all updates that were not labeled security and were issued after 2014.

I have never seen a problem as a result of this practice.

CT

Reply | Quote

Woody:

It is good that we have a little time to think this out.

1.With a good firewall-AV do we even need updates?

2.Given that we cannot trust M$ ever again to not push us up to ten or brick our machines or both,is it worth the risk?

3.Can we believe the “security” updates really are,or will they do #2 above?

At this point I am in Group NC, a vote of no confidence…no October updates,wait-and-see what M$ does to the poor souls who do trust them.

I don’t.

Reply | Quote

I think @ch100 has been the leading advocate of the view that all patches should be installed, on the theory that the software is designed to work that way and any deviation (other than certain ones that he has carved out, perhaps inconsistently with the rest of his argument) runs the risk that it will not work, now or perhaps later.

Much as I respect his evident knowledge, and I am intrigued by his argument, I think the theory is flawed. It assumes omniscient and competent design and maintenance of Windows. We have ample evidence to the contrary in the form of patches that break things, etc. etc.

Microsoft, moreover, has little or no incentive to invest much effort in maintaining older software. It commitment to “support” Win7/8/8,1 is only a promise. In the real world of business it is quite common to have to resort to the courts to enforce such promises, when the party that made the promise incurs direct costs and derives only indirect benefits (in this case, reputational benefits) by keeping its promise. In business liability cases, for instance, often when an insurer is presented with a large claim the first thing they do it is look for a way to avoid paying it. Such insurance is merely a ticket to litigation against your insurer.

It’s worse than that here. Desperate to show that the world is adopting Win10, Microsoft has a real, live incentive to withdraw and qualify support for older versions (or worse). You, Woody, have said many times that for about the last two years you do not believe that Microsoft’s patches have contained anything that is useful to users, as opposed to promoting Microsoft’s interests in compelling them to adopt Win10 or spying on them.

Before going down this road we need also to recognize that while the theory advanced by @ch100 may be correct in concept, we have no empirical proof that it matters in practice.

Even more than “history, tests” etc., we need some hardheaded thinking about the theory that all patches must be installed. Those who say so should step up:

1. Has Microsoft demonstrated that “it” consistently knows what “it” is doing with patches, or is it instead the case that we have a bunch of individual developers doing their thing, probably under time pressure and with limited corporate support? How do you know? Are you assuming that there exists a single all-knowing person who oversees all this and has perfect control, when other high-level corporate managers struggle to keep control? Because I don’t think it’s Satya Nadella.

2. Have Microsoft’s non-security patches provided anything much of value TO USERS in recent years?

Reply | Quote

Woody: There will be a lot of perspectives on how the individual users view this.

Since there is absolutely nothing that anyone can do, this is a purely “hypothetical” comment. I fully realize that; however I have thought about the current “rating system” for quite some time.

***I think that the following issue related to the roll-up changes could begin with:

How MS arrives at its ratings for update patches:

For example we’ve seen updates which are listed as Optional that are actually “Important” insofar as the effect on other updates (existing, pending, or hidden).

The rating system should be flawless and every patch should be categorized in a very strict manner which does not deviate from a specific criterion.

When we are now considering the issues of having roll-up patches which contain a group of updates that no one has any control over, it could possibly become a very serious situation in some cases.

There is no questioning those updates which are deemed “critical”. It is the Optional, and Important updates which should be reviewed very closely, and clearly defined with specific criteria.

Under the circumstances, is there really a “choice”?? We’re between a rock and a hard place.

*****I would opt for only the “Security Patches” IF I were CERTAIN that this included EVERYTHING for Security*****

Reply | Quote

p.s. love the photo. Though the later Nixon proved to be more authoritarian than supporter of free choice, Khrushchev certainly represents what M$ is trying to achieve.

Reply | Quote

Starting in October, yes, there IS something people can do. Stay tuned.

Reply | Quote

I’m tracing through the options myself. Expect a thorough vetting in InfoWorld in a couple of weeks.

Reply | Quote

And I think we’ll quickly see the monthly patch rollup to approach the Convenience Rollup in size and content.

Reply | Quote

AHA! Group Thwack!

Reply | Quote

Not to suggest a new group designation, but I’m one of the group B by way of WSUS-Offline. One+ years and counting, assuming I wait a few days after patch Tuesday to download and apply, all is well. WU is set to Never Check, manual check takes ~4 min. It’s only security updates (Office included), sans MSRT wich is usually small (10MB). BTW, I chose WSUS-Offline due to very restricted bandwidth and multiple WIN7 machines. Using this method, all three local WIN7 machines are up to date with no issues.

I don’t expect an answer here from anyone, at least not before mid October, but I am very interested in how WSUS-Offline will handle the new update implementation.

Reply | Quote

ana wan ana two

Reply | Quote

+1

Reply | Quote

Most of the times the security patches are those breaking things.

Reply | Quote

It looks likely, that’s why they brought to attention the idea of Express patches. They are not as reliable sometimes like the full patches (because they may miss required components) and not usually implemented in WSUS, except for patching over very slow network links. Downloading Express patches in WSUS would increase the size of each download on the server anywhere from 3 to 10 times, reducing at the same time the download on the client.

Reply | Quote

Not stuck in Group A, but if you start in Group A, you would need to uninstall a lot of other patches to be purely in Group B. Otherwise you would end with a hybrid “fragmented” model.

Reply | Quote

Strictly speaking, many security updates are released just to protect Microsoft, as they do not relate to real-case scenarios, but rather to highly theoretical and extreme situations.
The problem is that it is too much work for most people to go through the documentation or the files affected and make the correct decision.
Rarely a Firewall or AV product will protect you from the same attack vectors like a properly patched system. A firewall with outgoing rules managed properly is the most likely product to offer protection in a scenario with unpatched systems.

Reply | Quote

I have applied patches selectively on numerous computers for many years, and I have *never* experienced a problem from doing so. Normally, I apply security patches (after an appropriate vetting period), and virtually no “optional” or “recommended” patches. There may be situations where selective patching has caused problems, but I believe that that scenario is vastly overblown and has simply become a rationale for Microsoft to take greater control over Windows machines.

Reply | Quote

I concur. This has been my modus operandi for years on my personal machines and I’ve never had any problems.

Reply | Quote

… and that’s assuming it will be possible to uninstall the cumulative patches in succession – uninstall October’s, then uninstall September’s, then uninstall August’s, and so on.

We’re going to have some interesting times in October.

Reply | Quote

Once my machines failed the Windows 10 mandatory upgrade a few times, I turned of the GWX s$#@ storm. Now that the storm has passed, I re-enabled it and haven’t seen GWX since. But I have turned down a some recommended bloatware like skipping skype and leaving silverlight in the dark, without any ill effects (yet). YMMV

Reply | Quote

There is a huge difference between corporate and individual Microsoft clients. Only after this division we can talk about a and b groups. Microsoft simply ignores problems of individual clients and individual clients must agree with automatic updates, automatic errors and so on, and user support of individual clients must work with this automatic mess. Corporate clients has a small option to control, test and then maybe safely get updates. Microsoft can’t so simply ignore big clients, because they provide a profit. I can’t understand why Microsoft goes illogical and difficult development path.

Reply | Quote

You’re assuming that Group A knows about this site.

There really is:

Group A: as you described it
Group B: as you described it

And then there’s
Group (or Patient) 0: non-technical people who have no idea what Update settings are and just get the patches installed when the system finds them.

Reply | Quote

Some food for thought:

HOW CAN WE POSSIBLY KNOW Microsoft’s competence to continue to update our older systems?

It requires critical thinking. There are hints.

Microsoft programmers were the ones who built in the problems the patches are needed to fix, right?

Or rather, their PREDECESSORS were – you know, the smart ones who actually designed operating system software. And they had a team of system testers backing them up.

Now it’s about delivery of the software from the programmer’s PC to yours in mere days. Do we suspect today’s programmers of greater capability?Greater caring for our needs?

Patches are supposed to only fix things, right? Yet we’re here, reading this site, because in actual fact patches break other things. What is it that makes anyone think that any part of what they’re doing today improves their odds of getting it right, without downsides?

Think about it – it is the day and age where:

– Microsoft’s programmers are first and foremost App designers.
– Microsoft doesn’t want you running your older system.
– Microsoft isn’t testing things before delivery.
– Microsoft is working hard to take control away from us.
– Microsoft is pulling stunts like GWX and ridiculously long Windows Updates.
– Trust is (and has been) easily lost yet cannot easily be earned back.

-Noel

Reply | Quote

Oops didn’t know that. Usually follow Woody and install or not per his recommendations. I do have some outstanding hidden ones. I usually find out what they are before deciding to install or not. Might have to rethink this

Reply | Quote

What has gotten me into Group A for Windows 7 updates is thinking about Service Packs. If Microsoft did release an official SP2 Service Pack for Windows 7, wouldn’t most of us install it (after waiting a while to become aware of reported problems)? I think most people accepted official Service Packs in Windows XP and Windows 7 without an outcry to slice & dice them into individual KB updates. What has caused the current fear and mistrust is how Microsoft impacted stable Windows 7 systems with their “free” Windows 10 staging. I am hoping that now that we are past the troublesome “free Windows 10” offerings that things may settle back to be more reliable. I hated what Microsoft did with the “free Windows 10” offer and would have far preferred to pay for an OS upgrade that left me in control of my existing system. The “free Windows 10” upgrade turned out to be far more expensive in time and problems caused than simply paying cash for an OS upgrade. It was not worth it in my opinion.

Reply | Quote

20% + 1
I am tempted to join “Group W”, that is to definitely prevent all Windows Updates, and this for two reasons :

1- Having to go through a deep analysis of updates, their deployment after install as described here and elsewhere by specialists, every month as I’ve endured it since May 2015 (though with a different update scheme) is a perspective I’ll associate with bother, time, uncertainty, possible uninstalls …. and that simply truly, deeply annoys me.

2- Windows 7 runs fine and is intended to survive until January 2020. Between now and then I will move to another OS, likely Linux, unlikely Windows 10. This means I’d be taking a 3 year chance on security verses monthly struggle. If I ever get to be 100% sure that the security risk is worth the monthly struggle I’ll join Group B, otherwise it’ll be so called Group W : Windows Updates sent to outer space.

Reply | Quote

Why do you say KB3138612 is ‘absolutely critical’? I have this on my list of hidden patches, there must have been a reason why originally (Woody? Susan Bradley?) but I can’t find it now.

For years now I’ve been installing (or hiding) patches as advised by Woody or Susan. This has kept me (and friends) from Win10 and also corrected the WU delay/no show. Given the forthcoming changes, at present time I have no intention of installing any of my hidden patches without good reason and have switched WU to ‘never check’.

It seems to me that roll-up updates mean that the only practical way forward is to be either in Group A (with delayed check/installation) or Group C (if it ain’t broke, don’t fix it). Group B smacks of ongoing work and heartache, of which I’ve had quite enough over the past twelve months or so.

Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.

Reply | Quote

Good point. The one who leave Auto Update turned on will be in Group A, like it or not. The ones who have Auto Update turned off, and never check manually, will be in Group W, I guess.

Reply | Quote

It’s true that Group A and Group B, as I’ve formulated them, only apply to computers that are not attached to corporate update servers.

But the admins for those servers are wondering, too. They’re in a real tight spot.

Reply | Quote

What is your understanding of “survive until January 2020”? Do you believe it will self-destruct somehow around that date?
If it is not clear, it will survive in the sense that it will be patched by then.
If you decide to stop patching, the date is no longer relevant to you like it is not relevant for those still using Windows XP that the system is past the end of support or so called end of life.

Reply | Quote

Groups A, B, W? Rather than an alphabet soup, could we have more meaningful names?

Reply | Quote

Does WSUS Offline handle only Security updates or the other updates as well?

Reply | Quote

What would you call them?

Reply | Quote

Group A: Naive fanbois, Group B: tinfoil-hat crew?

Reply | Quote

Noel, you present an interesting point of view, but I think it is relevant only for functional bug fixes, which in theory we should not get any after January 2015. In practice we received via Windows Update few Windows Update clients which may have been developed primarily to align Windows 7 with Windows 10, but at the same time fixed performance issues with the agent. We also received .NET Framework 4.6.1, although this is not a Windows 7 component strictly speaking.
Due to the nature of the Internet and the way things develop in this age, Security patches are supposed to address so called newly discovered vulnerability. It certainly would be desirable that those vulnerabilities were picked up during OS design, but this has not been achieved by any of the other competitors that Microsoft has, like Apple or Google or even the more secure Firefox.
So my point is that new patches are not necessary bug fixes which could have been prevented during design, but many are trying to proactively address security concerns in the ever changing landscape which is the Internet.

Reply | Quote

HA! Well put.

Reply | Quote

This is one of the few less emotional replies here, purely addressing the subject of this discussion and reaching the correct conclusion.

Reply | Quote

I may have sounded paradoxical when at the same time I evoke abandoning Windows Updates and consider Windows 7 as alive as long as it will be “patchable”, that is January 2020. The fact is Windows 7 (and Win8.1 to a lesser degree) is already less and less evoked in technology sites, blogs and January 2020 was perceived less as the end of Win7 patches than as a boundary marker because of a need of a reference in time.

Now indeed, in the same way some still run XP others as myself could run Win7 free of a limit date, especially if not having patched the OS until January 2020 since there would be then a simple uninterrupted continuation.

I’ll hold on to that reference, Jan. 2020, should I patch or not until then. Because an OS is not only valid in terms of it being updated but also because with time the differential with what is required from and proposed for an OS gets too important : I just can’t imagine running XP nowadays …

Reply | Quote

Let’s face it. Much of the so called “paranoia” with Microsoft and Windows has had more to do with general reliability.
That paranoia now seems totally justified in light of the perpetual Windows 10 failures and faulty updates.
Unfortunately, as MS has managed to purchase and destroy successful enterprises such as aQuantive, Skype, Nokia and others [incurring losses of $15B-$20B,it might be wishful thinking to expect any improvement from them in the near future.

Reply | Quote

I would prefer Trusting Sceptics for Group A, Naive Fanbois are those on Automatic Updates :)!

Reply | Quote

W7 and W8 are no longer in Mainstream support. They are both in Extended support.

Mainstream support is the typically five-year period when Microsoft provides free patches and fixes, including but not limited to security updates, for its products. When a product exits the mainstream support phase, Microsoft continues to provide a period (also often five years) of extended support, which means users get free security fixes but other types of updates are paid and require specific licensing deals.

So this debate is about how the average user deals with Extended support. Should they go to the Microsoft Update Catalog to acquire and install the security-only bundle or should they install all the updates that WU sends their way? Non-security updates are cosmetic updates, the telemetry KBs or the fix that fixes the fix ( MS probably broke it with a security fix).

What puts W7 and W8 at risk? The vast majority of targeted exploit kits that W7 and W8 faces is from Java, Flash and Internet Explorer. Installing the security-only bundle from the Microsoft Update Catalog and the IE cumulative updates will significantly lessen the attack surface. This approach is prudent and also meets the definition of Extended support.

The reason that patches are uninstalled or hidden is because they break business critical applications, third party apps and/or peripherals (scanners, printers etc.).

My position on this debate is that novice users should consider dumping MS and go for a Chromebook or a Linux distro if they have ongoing help from someone who knows the product. Knowledgeable consumers and businesses without IT should only install security updates to maintain a stable environment. Just three and one half years in a safe space – then all hell breaks loose. To W10 or not to W10.

Reply | Quote

I tend to agree with everything you’ve said.

The problem, of course, is that Windows 7 customers have a reasonable expectation that their computer will continue working without Microsoft snooping.

For those who can afford $200 or $300, and don’t have any Windows-specific programs they need — and those who don’t mind Google snooping – the Chromebook is an excellent choice, and it’ll be getting better as Android apps become available on ChromeOS.

Reply | Quote

Big question in my mind is how they can deal with the big IT folks differently. Whatever they provide them might well be available to the informed individuals.

OR

There may be coming a much bigger change between the IT group and ordinary individuals.

There is no question that they have to deal with IT differently, AND with kid gloves because they represent far more than half the profit and much more profit per seat.

CT

Reply | Quote

@Woody,
I agree with the possible migration to Chromebook for many consumers to avoid the maintenance burden that has been a part of Windows, particularly of late. MS has always relied heavily on corporate IT departments to sort out the worst of their mischief and identify problems for them. Consumers normally do not maintain dedicated test systems and system images and do really need more stability than is now provided by MS. I am afraid W10 will not be a stable environment for some time and comes with all the system level snooping BS. I do not consider myself a “tinfoil hat” person as much of the snooping Google does on my android phone is search related and location based stuff. W10 takes it to a more unlimited level and the loss of control disturbs me. The inability to get a straight answer out of Redmond on much of anything these days is rightly viewed as a form of “loss of control” as no reliable documentation is tantamount to no control.

Reply | Quote

… and it would be so much easier if Win10 simply had a “Turn snooping off” switch that we could trust.

It’s already in the Enterprise version. But I guess that’s the price people pay for Home and Pro.

Reply | Quote

@Woody: I’ve noted a few references to having updates set at “NEVER”.

Is this what YOU are currently recommending? I’ve seen these references however do not recall that you specifically recommended it. ??? I’ve always used the “Check for updates but let me choose whether to download and install them”.

Thank you for the your current advice as it relates to the updates setting.

Reply | Quote

I don’t differentiate between a “deficient functionality” bug and a “security vulnerability” bug.

It takes changes to the software, possibly even to the design, to correct both.

My main point is that Microsoft has already shown that it is no more capable of making software changes well and right today than at the worst times in its history.

Why?

Because they’re less competent than ever, because they have less desire to support older systems than ever, and because for some reason their management has decreed that they shall release software at intervals of months instead of setting multi-year goals and striving purposefully for them.

As a software engineer with 40 years experience, it is my considered opinion that none of these things add up to a better new operating system, nor a reasonable support structure for an older operating system.

The ONLY thing they have going for them (and for us all) is that they have better hardware on which to develop – and that only goes so far (and unfortunately doesn’t substitute for thinking).

-Noel

Reply | Quote

@Woody:

I would appreciate knowing what the correct settings are in the Control Panel/Windows Update screen for each of the Groups; i.e., A and B.

Thank you, flavet

Reply | Quote

When we finally get some more guidance from Microsoft, I’ll be publishing that and detailed instructions.

Reply | Quote

Both “Never” and “Check but don’t install” are functionally equivalent. The only difference that I can see is that “Check but don’t install” may (or may not) put a notification down in the system tray.

You’re fine with either.

Reply | Quote

How about Apple. Is it a good choice for us novice users? Do they do any snooping on their customers?

Reply | Quote

Does anyone know of an effort to review all the Win7 updates, say for the past couple years, and score them based on criteria such as enhancing security, stability, functionality or convenience (good for users) vs whether likely to contain telemetry, snooping, ads and pushes toward MS revenue streams (good for Microsoft)? I think a number of us have stopped updates, and would like a resource to hand-pick updates for the last time before they become unavailable in October. BTW, what is “Group W”?

Reply | Quote

“…that we could trust.”

THAT is the thing people want when partnering with a high tech company.

Why does it have to be that making money is at odds with that?

-Noel

Reply | Quote

@ch100

http://www.wsusoffline.net/

” At this site, the open source project formerly known as “c’t offline update” or “DIY Service Pack” and published at “The H”, will be continued by its original author, Torsten Wittrock.

Using “WSUS Offline Update”, you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection.
Please note the patch coverage information.

As licensed under “GNU GPL”, you still may download and use the software from this site for free. Nevertheless, your donation would help to keep this state.”

https://www.rz.uni-kiel.de/de/ueber-uns/a-z/twittrock

http://forums.wsusoffline.net/memberlist.php?mode=viewprofile&u=23485

Reply | Quote

@ch100

Added

T. Wittrock’s email is on his page

https://www.rz.uni-kiel.de/de/ueber-uns/a-z/twittrock

Reply | Quote

Using the GUI, WSUS Offline will only download Secuity updates, with optional C++ runtime libraries and .NET frameworks, MSE, Essentials (2012), Defender definitions, and “Service Packs”. The separate installer GUI (USB or ISO) will apply the Security updates, with optional C++ RL’s, .NET, Silverlight, MSE, etc. I have not witnessed the basic installer apply any “optional” updates.

There is an exclusion folder and a “custom” folder with .txt files which can be used to exclude specific Security updates or add KB’s if you know the URL. There is a FAQ .txt file in the program’s “doc” folder which covers most topics, and a forum for announcements and troubleshooting.

From the “coverage” .txt file (wsusoffline/doc):
“WSUS Offline Update uses Microsoft’s update catalog file wsusscn2.cab to dynamically determine the required patches. This catalog file contains at least all the updates classified as “critical” and “security relevant”, but it does not necessarily contain all “important” and “optional” ones.”
…
“The disadvantage of this implementation is that computers updated by WSUS Offline Update will hardly ever completely satisfy Microsoft’s Online Update afterwards, but the patch coverage does completely satisfy Microsoft’s Baseline Security Analyzer (see http://technet.microsoft.com/en-us/security/cc184924.aspx), and you also may add any optional update of your choice to both download and installation parts using statical definitions.

Furthermore, as WSUS Offline Update uses “Windows Update Agent” (WUA) to determine the patches to install on client/target side, there won’t be any way to support deprecated systems like Windows 95/98/ME and NT. “(Support for XP has also been dropped since this was written)

Reply | Quote

I agree largely with Noel. I accept that true security issues come to the surface over time. But at this point, my confidence in Microsoft is shattered with regard to accepting Win7/8.1 updates carte blanche. It just appears there has been a tectonic shift within MS over the past few years from an intent to earn customer loyalty by doing a job well, to doing everything to garner as much revenue and intel as possible within the limits of legality and user tolerance. It’s as if they took cues from Google, and one-upped by taking advantage of their dominant share for Office and OS. Rejecting Win10 and non-security updates seems a good way to protest the new paradigm. Who knows, maybe MS will listen and pay attention. But until then, I’ll stay with the best stuff they’ve made, which unfortunately isn’t the latest.

Reply | Quote

@Woody: Thank you for the information. I feel much more “at ease” now

Reply | Quote

FYI, just spent some time on Amazon checking out Chromebooks.
I was a bit surprised at the number of buyer reviews that mentioned they had been Windows users until MS screwed up their Win 7, 8 or 10 systems.
Looks like the migration has started, but we ain’t seen nuttin’ yet…October?

Reply | Quote

It’d be impossible to review all of them for all of the “bad” things. Just far too many permutations – and what’s bad for you may be good for somebody else.

Group W is my nickname for people who just stop updating. Borrowed from Arlo Guthrie’s “Group W bench”

Reply | Quote

Apple does snoop, but it claims to have a better way of snooping.

See http://blog.cryptographyengineering.com/2016/06/what-is-differential-privacy.html

If you don’t absolutely need any Windows-only programs (fewer and fewer people do), the iPad is a very compelling alternative. If you’re thinking about getting a MacBook, wait a couple of months and see if there are better machines coming down the pike.

My family and I use iPads all the time.

Reply | Quote

@TinHatMan

+1

” Who knows, maybe MS will listen and pay attention.”

When Pigs Fly

Reply | Quote

I’d settle for a list of really bad updates that appear to serve no one but Microsoft, even if that list was crowd-sourced and subject to some debate. The clock is ticking for Group W to act…

Reply | Quote

Idealists for Group A,
Realists for group B,
Cynics for Group W

Reply | Quote

HA! Right on!

Reply | Quote

My first paragraph wasn’t very clear, regarding “optional”. The optional C++ RL, .NET, MSE, etc. can be deselected in the GUI. When I said that I haven’t witnessed WSUS Offline install any “optional” updates, I mean the KB’s WU considers “optional” as opposed to “important”. However, I did chose to add the C++ and .NET framework updates as a few of my 3rd party applications require them. I did not chose Silverlight or MSE and they were not installed.

Reply | Quote

A justified paranoia is simply awareness

And for those who are authentically inclined to paranoia I remember Woody Allen’s word (though borrowed to a less famous thinker) that could be paraphrased as “It’s not because you’re paranoid that it means Microsoft is your friend”

On the other hand we may be aware and occasionally excessively, which is the road to paranoia. To resume, if you ain’t paranoid (yet), using Microsoft’s products may very well show you the way

Reply | Quote

I don’t see any reason to install all of the patches. The only ones you need are the security patches.

Microsoft has had years to get all of the non-security bugs out of Windows 7 (and a bit less time with Windows 8.1). The only “bugs” that they are still working on are those which keep them from being able to listen in and monitor what you do.

Reply | Quote

Let me start off by saying that I am an individual user and the main computer support for family and some friends. It probably would be a different story if I were doing this as my livelihood, where my job is dependent on not making mistakes that affect other workers or the company’s bottom line. Were that the case, I might go along with ch100’s position of installing ALL Windows updates based on the view that Microsoft designed a product to be a complete package and assumes that that is so when it sends out its updates. Remember the phrase from the old days: “No one ever got fired for buying IBM”? I see a similarity here with the strategy of installing ALL WUs in a corporate or governmental environment.

It’s been mentioned a number of times here that Win7 no longer receives any improvements or new features; in fact, we count ourselves lucky that a WU doesn’t break it.

Given those things as my starting point, here is why I have chosen to sit on the Group W bench.

Ever since the GWX nonsense began, I have found myself spending an ever-increasing amount of time reading about Windows Updates, which ones to install, which ones to hide, which to research further. I spent countless hours of time just here on AskWoody making notes and formulating strategies for the next Defcon change. The past few months, the topics have gotten more intense and the posts dramatically increasing in number, many of which required additional editing of my WU notes. Finding out which magic WU would allow the updates to complete in minutes instead of hours or days took still more time and added yet more stress to my life. Instead of checking the AskWoody site for new posts a handful of times a week, I found myself spending hours every day and noticing my stress level increasing as the all the different KB numbers started to look the same to me.

When the Win10 free period ended and I fully and firmly decided Win10 would be installed on my PCs only over my cold dead body, I stopped reading the Win10 posts here and gained back some time to my day.

When the news hit that WU would be pushed to Win7 in bulk ala Win10 come October, I began the usual ritual of studying the posts here to decide if I would choose Group A or Group B.

Group A seemed to me to require either trust for Microsnot or naiveté on my part or perhaps, having gone through the whole GWX fiasco, the two were really one and the same.

Group B seemed to require the same amount of work as before, having to learn a new process to download just certain groups of updates that were desired. But there were still questions like “Would a specific update still be required to speed up WU and would that update even be available as an individual download?” I would still have to trust Microsnot to include only security updates in the group they called “Security” and not slip in timebombs like ads or telemetry.

In the end, I chose Group W.

Mainly because I no longer trust Microsnot and also because I’m tired of all this. For all the time and energy I’ve spent in the past year, I could have done something way more productive. And that is what I intend to do now. I have stopped worrying about WU because I will no longer run it. It is set to Never and until or unless I see news here that Microsnot has done something concrete to regain my trust and confidence, I will not run WU again.

Instead, I will harness the time and energy saved by not stressing out over WU and use it for something more productive — learning how to replace all the Win7 PCs that I, my family and my friends have and move us all over to Linux. More importantly, I’ll also finally get to spend some time relaxing and playing Justin’s TWO games!

Reply | Quote

As a non-techy starting out in Group B, I won’t know whether there’s a good reason to install all the Win7 patches till I see how the following categories of updates are handled. In 2015 and 2016, the updates offered to my Win7 Pro x64 computer were (in addition to security, snooping/upgrade, and rollup updates):

1) Time Zone updates
2) Fixes for botched Security Updates
3) About 20 technical fixes for obscure problems. To non-techy me, they look like they would be encountered by programmers, IT professionals, etc. (The only reason I have Win7 Pro is so I’ll have the option of later expanding RAM beyond 16GB.)
4) Miscellaneous: Lithuanian currency symbol, MP4 file cannot be played (KB3009736), support copying .mkv files to Windows Phone, Lenovo USB Blocker, Azerbaijani Manat and Georgian Lari currency symbols.

I’ve always followed your advice, Woody, and have never had problems with any updates. (That includes successfully blocking GWX and all Win10 ads.) In 2015 I generally installed all updates that didn’t have any problems (to minimize hidden updates), and in 2016 I’ve installed only those I knew I needed (plus time zone updates).

So, starting out in Group B, I’ll be asking, at a minimum:
Are the above categories of updates available outside of the monthly cumulative update rollup in Windows Update?
If not, do I want to stay in Group B and get along without them, or get them by switching to Group A?
And also, if switching to Group A, will it be possible to switch off snooping/ads, either from within Windows or by using 3rd party software?

So for me, only time will tell!

Reply | Quote

Maybe these 2 URLs would assist your “novice” users to understand your argument.
https://cybermap.kaspersky.com/
http://map.norsecorp.com/#/

Reply | Quote

Those who consider switching to another commercial product should also read the very balanced point of view which Ed Bott expresses in the article for which you posted the URL earlier http://www.zdnet.com/article/take-control-of-your-privacy-in-windows-10/

Reply | Quote

Yep. That’s the right attitude!

Reply | Quote

AWWWWRIGHT!

(Justin actually has three, but he’s in the throes of re-branding them at the moment. Should have more info shortly, but Dr Hiatus Lotus, Ph.D. is in final form.)

Reply | Quote

Micros%*t isn’t the only one whose updates you need to be afraid of. HP as well:
http://www.bbc.com/news/technology-37408173
Definitely Group B or W for me!

Reply | Quote

“… and it would be so much easier if Win10 simply had a “Turn snooping off” switch that we could trust.

It’s already in the Enterprise version. But I guess that’s the price people pay for Home and Pro.”

– woody.

Woody, what’s your opinion about these ‘anti snooping’ tools for Windows 10? Some say they (sort of) work, others say they don’t.

One of the most highly recommended ones is O&O’s ShutUp10.

https://www.oo-software.com/en/shutup10

Does this really work? I used it myself while I was running Windows 10 for a short time earlier this year.

It seems to shut off most of the ‘snooping’ but (tinfoil hat time again) I always wonder if MS have anticipated tools like this and set Windows 10 up in such a way that it has 2 groups of ‘snooping’ functions – one that they expected people to find and disable while the second hidden and not easily accessible group continues with the ‘snooping’ unseen and uninterrupted.

Just wondering because someone from MS did say a while back that you cannot disable the telemetry, etc. in W10 (unless you’re using Enterprise – and, I wonder if even that works properly sometimes).

Reply | Quote

In Post #15 I challenged those in Group A, having identified @ch100 as their leader. Though he/she has responded to several other posts, he/she has not responded to mine.

I see an attempt to deprecate dissent as “emotional.” That’s all, and it doesn’t cut it.

I take the foregoing as evidence that while @ch100 may have mastered the technical aspects of this discussion, he/she cannot provide evidence of the validity of his/her position, as the questions were posed in my post.

On other words: He/she seems unaware of what he/she does not know.

Thus: We have no reason to believe that Microsoft’s patches are competently designed. And we have no reason to believe that the non -security patches are intended for USERS’ best interests, rather than as adware and spyware.

Reply | Quote

If they have a more technically inclined friend or relative they could go with Linux (Linux Mint is good choice). It will take about an afternoon to migrate data around and install. But no concerns about corporate spyware and snooping. The good news is the total cost is for the distro is $0, the install media <$5 (depends what you used), and whatever deal one made (pizza and beer maybe).

Again this predicated on them not needing any Windows specific application.

Reply | Quote

I had an elderly friend go Mac (expensive yes) and after the learning curve for both of us (I do not have a Mac) the support calls have completely stopped. It was a monthly ritual to have go over and give the old box some TLC for some goofy reason.

Reply | Quote

I assure you that @ch100 knows a great deal about the implications of traveling in Group A.

There’s a large body of evidence that Group A will likely have fewer problems. There’s also a large body of evidence that those in Group A will be divulging more of their personal information to Microsoft. Since we have no idea what’s being sent to Microsoft, I think it’s mostly a question of trust.

That said, I think there are very good reasons for Group A, good reasons for Group B, and good reasons for Group W. I wouldn’t deign to make that decision for anyone. I just want people to understand what they’re getting into.

@ch100 makes a very convincing case for Group A (perhaps modified Group A) and I’m interested in learning what he has to say. Likewise, I’m interested in what you have to say.

Reply | Quote

I’m watching the anti-snooping tools evolve – but we’re all shooting in the dark because we, truly, haven’t a clue what Microsoft’s gathering.

Reply | Quote

“I think it’s mostly a question of trust.”

I don’t see how we can trust Microsoft again especially after the GWX nonsense. And unlike most of you, I think there is a chance GWX or something like it may be launched again in the future, and that I will be on my guard against any updates Microsoft sends to me in the future.

That’s why I am wholly against the idea that we shall install ALL updates from Microsoft. Remember that KB3035583 update that causes unwanted Windows 10 upgrades?

I am leaning towards installing only security updates at the moment and I will set Windows Update to Never Check after installing the September updates. However, if at any time in the future I find that Microsoft attempts to sneak any rubbish into the security updates, that will be the time I completely stop updating.

Woody, I believe you have said before that there is no worthy new functionality for Windows 7 / Windows 8.1 in the past few years from these “updates”, so I don’t think I will lose anything by stopping updates altogether, should such a need arises.

Hope for the best. Prepare for the worst.

Reply | Quote

If there were any competence @ms nothing of what has been and is happening wouldn’t have happened. Not to mention the arrogance with which they shove their desperation down our throats. Anybody who trusts them I have bridge in Brooklyn and a tower in Paris to sell them.

Reply | Quote

Here’s my previously posted list (last update 20160701)

Debate or suggestions for additions welcome.

KB3035583
KB3123862
KB3173040
KB3163589
KB3146449
KB3022345
KB3068708
KB3080149
KB3075249
KB3090045
KB3150513

(Win 7 only)
KB2952664
KB3021917
KB2977759
KB3081954

(Win 8.x only)
KB2976978
KB3072318

Reply | Quote

I hear they botched it and it causes CBS conflicts.

Reply | Quote

If it isn’t telemetry, windows 10 prep, or a botched update that breaks something I would generally install it. Which group is that again?

That’s only in the ballpark of 6 updates on Windows 7, that doesn’t sound too fragmented to me.

Reply | Quote

Didn’t install any patches last tuesday (w764) and now they’ve disappeared and WU saying windows is up to date. MSE updated properly for the first time since last tuesday too.

Reply | Quote

I have not questioned @ch100’s knowledge. But expertise without knowing (or at least having an adequate sense of) what you do not know is worse than useless.

It is a bit like failing to understand that even though the calculator can give a result to ten decimal places, the figures being used as inputs may not permit that level of precision.

The record of the past couple of years demonstrates that Microsoft updates are not 100% competently designed and may not be intended for the user’s benefit. These facts undercut the Group A theory.

I have previously acknowledged that the case for Group A makes sense conceptually. However, I have yet to see the case made, much less “a large body of evidence,” that the Group A approach must be adopted in order to maintain the functionality of one’s computers.

When and if such a case is made in full, it’s quite possible that it will be over my head, but it would quite enough to see some qualified person make the attempt. That at least would make an impression, much more so than dismissing doubters as “emotional.”

Reply | Quote

Well said! Let’s hope that us W Bench people will be able to ignore WU and not cause grief for ourselves.

Reply | Quote

Some of them, the GWX related, have disappeared without leaving any trace behind.
Might be a good time for reviewing the list.

Reply | Quote

@Daniel… I’ve made this statement numerous times and I will repeat it again now.

Do NOT take for granted that there are no updates available and Windows is up to date the first time you see this message!

From the screen you see this message on click the “Check for updates” link in the left panel and you’ll most likely see a list of available updates appear.

If you see that same message AGAIN you’re likely up to date, but don’t take the first one for granted.

Reply | Quote

Lighten up, Burt. There’s no need to start a war over A vs B, nor over the content of ch100’s posts.

ch100, like the rest of us, are simply voluntarily contributing our knowledge and opinions. For me, sometimes I just don’t feel like responding to everyone who comments about my posts. My guess is that that’s probably why he didn’t respond to your “challenge”.

Reply | Quote

I’ll let that be the last word.

Reply | Quote

Thanks Bob? – that list is a great place to start. I turned off updates about 6-9 months ago, so I plan to check manually over the next few weekends for all the machines in my family. I’ll watch out for those on your list. It’s even possible a few already got through.

Reply | Quote

Agreed, I’m trying to be generous. I still hold out a distant hope for a day when either MS (or a worthy competitor) will return to some respect toward customers that want to control what happens with their computer and data.

Reply | Quote

Woody, I appreciate your invitation to consider all sides, but I’m surprised you seem agnostic on which group is your preference. I think many of us look to you as helping many of your readers be on alert and fight effectively in a kind of war to retain control over our machines. And in my opinion, the move toward rolled-up patches could be well viewed as a counterstrike from MS to prevent us from selectively choosing our updates.

As a programmer myself, I fully understand the MS argument that support becomes difficult when you’re not sure what patches are in place. The problem is we have too much evidence that the MS corporate mindset has turned away from viewing individual users as customers to whom they are accountable, and instead as targets for possible future revenue streams. Now more than ever, MS is not being our friend.

I cite as evidence the shortened end-of-life of several products, the forceful shutdown of XP, the whole GWX fiasco, the new telemetry we’re finding, the movement away from software ownership toward client-based services, the continued pressure to expose data to their cloud, links to MS Store in my Office 365 Outlook (work laptop), Apps that lead you to buying prints of photos, ads that are beginning to appear in Windows 10, and the apparent infrastructure being laid for much more of the same in the future.

Then there’s the issue of lack of transparency, such as that we’re not being told what’s in windows updates until after they deploy. Visual Studio was discovered to be inserting telemetry callbacks to MS without disclosure to software developers. Back to GWX, I found it very illuminating that the red X was treated as a “Yes” at one point, and that offering Win10 for free appears carefully crafted from a legal standpoint to remove standing from a class action suit to claim financial losses.

As a loosely-related sidenote, I’m actively maintaining a WinXP machine, quite successfully I might add. I’m using kiosk mode for security updates, and just MS Security Essentials otherwise. Opera just announced end of support for XP a couple of months ago, but O36 still works great. This machine has served as my “canary in the cave”, and so far my suspicions have been utterly confirmed that you really don’t have to fix what isn’t broken!

Reply | Quote

There’s no doubt this is a full-on assault on Win7 and 8.1 customers to control which updates are applied. All-or-nothing patches are always bad for everybody – including the software manufacturer. But it’ll take Microsoft many years to realize that.

In the meantime, I’m going to remain agnostic unless there’s an overwhelming reason to recommend Group A, B, or W. The most important point is that people understand the tradeoffs. I’m trying to understand them myself.

Once we have better information from Microsoft about the October changes, I’ll put together a big story in InfoWorld, and fill in as many details as I can.

Reply | Quote

BTW, wave of new updates are in their way:
KB3177467: Servicing Stack Update – Win7
KB3181988: USB Drivers – Win7
KB3182203: DST and TimeZones
KB3184143: GWX Remover – Win7, Win8.1
KB3185278: September Update Rollup – Win7
KB3185279: September Update Rollup – Win8.1

Reply | Quote

Any idea when they’ll hit?

Reply | Quote

I just did a manual run of WU and got Windows Update error 8024402C.

The official line is: “If you receive Windows Update error 8024402C while checking for updates, you might need to do one of the following:

This error might be caused by a program running on your computer that’s preventing Windows Update Services (SVCHOST) from accessing the Internet. Programs that might do this include firewalls, antispyware software, web accelerators, Internet security or antivirus programs. and proxy servers.

If you have any of these programs running, you might need to turn them off while downloading and installing updates. We recommend that you turn them back on after updating your computer. For more information, see Windows Update error 80072efd.”

It checked today without error. I have it set to Check, but do not download, let me choose. Win7Pro-64 SP1 with MSE and Malwarebytes.

I hope it is just a momentary thing. Machine has been working fine since Patch Tuesday. I will reboot and retry.

Reply | Quote

They’ve hit. While resolutely in the B camp, I’ve installed all the recent updates as they haven’t been obvious adware or telemetry. I’ve had no problems on either my laptop or PC. Microsnot has behaved itself except that when I hide Silverlight, they play hide and seek with me for a while. It finally stops, only to repeat the process at the next update.

I could never get Linux with it’s multiple downloads and command line installations even though I have a passing familiarity with Unix. However, my PC is now dual boot with Win7 and Linux Mint Cinnamon 18. Mint is so easy to install and use. It’s now my preferred OS. Updating is not automatic but even my cats can do it. Mint’s what Windows should have been. Microsnot had a lot of years to make it so but apparently didn’t even try. Try Mint with a flash drive first.

Reply | Quote

They already hit

i took them from Microsoft Download Center earlier before they are released through WU

Reply | Quote

Did a reboot and WU worked. Here is what showed up at 2:15PM EDT. (See Post 17 by Aboddi86 above.

https://support.microsoft.com/en-us/kb/3182203
September 2016 time zone change for Novosibirsk

https://support.microsoft.com/en-us/kb/3179949
Reliability Rollup 3179949 for the .NET Framework 4.6 and 4.6.1 on Windows Vista SP2, Windows 7 SP1, Windows Server 2008 SP2, and Windows Server 2008 R2 SP1

https://support.microsoft.com/en-us/kb/3181988
SFC integrity scan reports and fixes an error in the usbhub.sys.mui file in Windows 7 SP1 and Windows Server 2008 R2 SP1

https://support.microsoft.com/en-us/kb/3184143
Remove software related to the Windows 10 free upgrade offer. Update replacement information. This update replaces the following previously-released software:

KB 3035583 — Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
KB 3064683 — Windows 8.1 OOBE modifications to reserve Windows 10
KB 3072318 — Update for Windows 8.1 OOBE to upgrade to Windows 10
KB 3090045 — Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
KB 3123862 — Updated capabilities to upgrade Windows 8.1 and Windows 7
KB 3173040 — Windows 8.1 and Windows 7 SP1 end of free upgrade offer notification
KB 3146449 — Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7

https://support.microsoft.com/en-us/kb/3185278
September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. Known issues in this update. Symptoms

Assume that you are running Enhanced Mitigation Experience Toolkit (EMET) on Windows 7 Service Pack 1 (SP1) on a computer on which update 3175024 is installed. When you try to start an application, the application freezes very early in the process and does not completely start.

Interesting. KB3184143 could prove interesting since it replaces some and removes other GWX stuff.

Reply | Quote

To add: All were optional except the first time zone change, which was important.

Reply | Quote

Botched what? Convenience Rollup KB3125574?
yes it has few small issues
actually, they just fixed 3 of 5 of these issues in updates KB3181988 and KB3185278

Reply | Quote

AHA! That’s where you found them…

Reply | Quote

OMG. Just another tiny bit of patching. Blech.

Reply | Quote

@Marmy: If you want to see fast and easy, you should see a Linux update (I have Ubuntu 16.04LTS) on an i7 laptop with an SSD and cable modem. 198MB took under 2 minutes to download and install. Mint and Ubuntu are rock solid.

I eagerly await the dawning of the Age of Linux Gaming. That is currently its only drawback. Unless you have a few very essential Windows programs you cannot lose, for which there is no Linux program, it will do it all.

Reply | Quote

Woody: Regarding the security and non-security updates that a user has hidden, i.e. not installed, over the course of time PRIOR to October 2016 and reaching all the way back to when the computer was first updated — what should a user do with those hidden updates before he joins a group in October 2016? Leave all of them hidden? Install all of them? Install some of them? If so, which ones? Do we know which ones must be installed in order to bring a system up to Microsoft’s “baseline” (so that the system is able to receive updates in October 2016 and thereafter)? Could you answer separately for: a user who joins Group A, a user who joins Group B, and a user who joins Group W. (FYI: I’m running Windows 8.1. Are these good questions, or am I overthinking this?)

Reply | Quote

I have a windows 8.1 tablet, which I though was fully patched yesterday August 19 with all security patches, including this month’s. This is a machine where GWX control panel is still installed.

I just did a recheck today, was offered optional KB3184143. M$ says this removes the GWX patches and lists these as what gets removed:
KB3035583
KB3064683
KB3072318
KB3090045
KB3123862
KB3173040
KB3146449
Seems strange that I was offered these, however, since I rechecked installed patches and none of above were there.

Reply | Quote

I have seen Malwarebytes conflict with other antivirus programs.

CT

Reply | Quote

There is certainly no technical difference between the various types of bugs. The only difference is the predictability to discover such a bug in the design stage, otherwise either is still a fault. Unfortunately the less visible of them is the one that if exploited, is potentially more dangerous for the user but for the Internet community as well.

Reply | Quote

Yep. Details coming up momentarily in InfoWorld.

Reply | Quote

You’re probably – but not definitely – overthinking it.

Sit back and relax, and let’s see what Microsoft comes up with.

Reply | Quote

“The ONLY thing they have going for them (and for us all) is that they have better hardware on which to develop – and that only goes so far (and unfortunately doesn’t substitute for thinking).”

It is all going down to labour cost which tends to be high in those countries which develop software vs code design to perfection. I wish all software was efficient like Steve Gibson’s software https://www.grc.com/ or like the recently mentioned Disk Snapshot, a very good and portable live disk imaging utility with no installation needed http://www.drivesnapshot.de/en/

Reply | Quote

KB3184143 is like KB3161102 that removes Windows Journal
it doesn’t really uninstall these GWX patches, it replaces their contents with new versions which makes them superseded and thus removed by Windows Update Cleanup

even if you don’t have them installed, KB3184143 insure they don’t get installed later
and it also removes the upgrade code in the components

Reply | Quote

It may be the cleanup operation due since early August 2016. Thanks for posting this info and when looking at all patches released, it appears to me that this mid-cycle release is a preview for the announced change in October.

Reply | Quote

It is the market that determined the shift in Microsoft’s behaviour with the advent of Apple and Google and other smaller players too.
Satya Nadella was tasked to run a business and not a non-profit social charity and this is what some of the most vocal end-users, maybe with a legal background, don’t see and tend to live in the past from this point of view. Mr Nadella does a great job for Microsoft’s investors and for those seeing the future as being more and more embedded in the Cloud.
Those who are not pleased any longer with Microsoft’s products should prepare and move to alternative products if those products better suit their needs or wants. Until then, Windows 7 is well and alive and perfectly usable until the end of the official live and most enterprises still rely on it and its bigger brother Windows 2008 R2 for most of their business.
I had an experience about 18 years ago when a retired lady asked me to participate in a class action against an airline which was selling cheaper tickets online than those sold over the counter, based on what she was perceiving as discrimination against the poor who could not afford access to a computer at that time. I don’t know the outcome of that action.

Reply | Quote

This is an ongoing issue in the Internet forums for at least 20 years, i.e. people threatening to move to Linux. The migration away from Microsoft desktop OS is in fact determined by other major historical events like the development of the relatively cheap smartphones rather than the declared intention of some users. Those users may migrate but this does not make it a mass phenomenon. Some will even be disappointed by their newer choice and return silently to Windows.

Reply | Quote

@cn This statemnt says it all “I’ve always followed your advice, Woody, and have never had problems with any updates.”

Keep on doing the right thing.

Reply | Quote

Love the maps!! War Games -;)

Reply | Quote

Like KB3024777.

Reply | Quote

@Jim I think you are right in theory about the security patches being the only patches needed at this stage in the life of Windows 7.
However, the practical issue is that there is an inter-relation between the different types of patches previously released and likely to happen in the future and it is difficult to separate between them based on title only.
There is supersedence information for each of them in the Microsoft Catalog which shows that sometimes other types of updates supersede the security patches and the other way around.
The supersedence metadata may only be for the end-user/administrator information as the code verifies at the installation time which version each component installed on the system has and adjusts the installed components accordingly.
For example, by analysing major rollup packs released for Windows 8.1 and 2012 R2 after Microsoft decided to discontinue Service Packs for Windows, you will see that there is not only one type of patches or another released in the package, but a combination of them all, although not everything released until that date. Check for yourself KB3000850 as a relevant example. This patchs acts like SP2 for Windows 8.1 and 2012 R2 and is the baseline for the update 4 of the released ISO for Windows 2012 R2. https://support.microsoft.com/en-au/kb/3000850

Reply | Quote

@Woody:

I’ve been trying to wade through all of the postings, and I just have one question since I see there are more updates, including 4 more Optional ones (none checked). Still have the KB3172605 (italicized & not checked).

Will you be providing guidance on all of these updates, insofar as an “all-clear”. There are 3 of these which are big MB’s. Is this an example of the “roll-ups”?

I see a few references to the KB3172605 being one that “should” be installed to replace the older one.

Please advise. I’m becoming “lost”, and more confused. Thank you very much for all of your hard work.

Reply | Quote

Sit tight. Wait for the MS-DEFCON level to go down….

Reply | Quote

@Ed – Yep, you were on the money there, *they came back (les Revenants)

Reply | Quote

Note: This is intended as a legitimate question…

After you switch them all over to Linux, how are you going to ensure that their patches/packages are current?

Trust the sources, study the packages and select which are worth doing/required, wait until you hear something bad has been discovered and then react, or ???

Reply | Quote

First off I belong to group B, THEN – as a hadrware guy I would never have thought that i would be saying this BUT MSFT is writing code to be compliant with just about all of their past code. To do that and still have “most programs” written years ago STILL work is an achievement,

I think we know now where new CEO is headed – company owned by stockholders, not nerds so biggest bang for the buck is goal. MSFT keeps trying to stay current, keep most large business with THEIR model PC on desktops. They took the masses from dumb terminals to terminal emulation / then individual pc’s to networking, then Workstations, back to powerful PC’s/workstations and now cloud computing. Until the early 2000’s that worked fine for them but since the XP days there is really no NEED for a “basic” home PC to upgrade. You know people that only read Email, twittter, Facebook and maybe TurboTax and they don’t “need” a 64-BIT quad processor running virtual OSes.
Seeing that, their answer now is to get people back online and “BECOME the mainframe” / “leasing disk space” for a monthly fee. Sell you an app, etc.
That’s why Win10 is free – get EVERYONE onto their new platform, phase out the old stuff ( as well as the support folks ) and SELL apps – known elsewhere as Apple Store/ Google Play .

A lot of those casual users will be buying a new pc ( eventually) and they’ll become ONGOING customers / subscribers to ” The Microsoft Way “.

MSFT BECOMES the OLD mainframes – the pc’s become the old dumb terminals.

Meanwhile ,they keep their corporate base by STILL being compliant to those old scripts that local support desks have written. Office docs still readable etc.

Tough challenge.

Reply | Quote

They either have to radically change Win10, which they will not, produce another product that works in Corporate IT (Win12 anybody?), or keep Win7 alive for a long time.

This is a repeat story: XP to Vista; Win7 to Win8.

I can not see how they can prosper with just the consumer side of the business. Apple and Google will eat Microsoft’s lunch as they continuously do. Corp IT business is way more than half the profits (half the installed base).

My big hope is that corporate IT will reject Win10 and demand something better/different.

They sure can’t get away with Windows Update the way they are lousing it up every day, and their plans to change it, just don’t work for corporate IT.

CT

Reply | Quote

@Seff,

A couple of things you mentioned I’d like to comment on —

A. I think there is a misunderstanding in your following comment:
“Putting the WU settings on “Never” and relying on the MS catalogue to get the security updates manually will mean you won’t automatically be offered all the other updates so will have to track them down and install them manually too.”

Putting the WU setting on “Never” does not mean that you cannot run Windows Update yourself manually, whenever you want to, to see what Microsoft suggests for your computer. You will then be offered all the updates that Microsoft has for your computer.

You do not have to go to the MS catalog to get patches when you have the WU setting set to “Never”. That isn’t what “Never” means.
The “Never” command is only to tell Microsoft that it can never run Windows Update on its own, on your machine, without your express involvement.

Having the “Never” command in place does not keep the computer owner from freely running Windows Update, which checks with the Microsoft servers for ALL the patches that are recommended for the computer at that point in time.

When the computer owner wants to manually check Windows Update, she/he doesn’t even have to turn off the “Never” command, but just needs to press the button in Windows Update that says “check for updates”, then Windows Update will run.

I have had my WU set to tell Microsoft that they can “Never check” without my say-so for a year already, and it’s worked out great.

—
B. I think there is a misunderstanding in your comment that “The main differences will [include] the increased difficulty in… accessing the non-security ones as they won’t be offered under WU as they are now….”

The non-security updates in the future WILL be offered under Windows Update like they are now. That will not change.

They will always be included in the joint Monthly Rollup that will be released on Patch Tuesday via Windows Update,
and they will probably be released in the “Preview Rollup” on the third Tuesday of the month via Windows Update which will preview some of the non-security patches that will be included in the following month’s Patch Tuesday joint Monthly Rollup.

Reply | Quote

@Simpson,
I think you didn’t see a comment I left for you last week: https://www.askwoody.com/2016/ms-defcon-2-make-sure-windows-automatic-update-is-locked-down/#comment-98850

Reply | Quote

At first I thought it was a still photo of Ricky and Fred in a nondescript scene from I Love Lucy. Seriously, I did!

Then quite quickly I realized that the likenesses were a little similar (don’t you think?), but not exact, so the photo must be of other folks and have some kind of historical import, though I didn’t know what.

Somewhat in my defense, I was born some years after that photo was apparently taken.

Reply | Quote

Not everyone in support will be phased out, there is a need for someone supporting the Cloud too.
Based on what some users post here, I think those few would really be better off by moving entirely into the mainframe concept and not be required to administer complex machines which are essentially cut down servers. This has become much too complicated.

Reply | Quote

@Woody,
I have a recollection, but I don’t know if it’s accurate, that some months ago, some people who had selected “check but don’t install” were bamboozled by Microsoft into having updates show up on their computer that they didn’t want. Am I mis-remembering?

Reply | Quote

Generally speaking, the replies by various contributors under this blogpost of Woody’s have not been “emotional”, they have not strayed from the “subject of this discussion”, and they have not been incorrect.

Reply | Quote

But “idealism” has nothing to do with the reasons people will go with Group A.
Being idealistic doesn’t mean having blind acceptance, taking the easy way, being afraid of messing something up if you take an uncharted path, trusting authority to know best, or other reasons people might go for Group A.

I am idealistic, realistic, AND cynical, and I’m leaning towards Group C — not installing any patches from now on!

Reply | Quote

Group A is the same as those on Automatic Updates

Reply | Quote

@Anonymous,

When you say
“Non-security updates are cosmetic updates, the telemetry KBs or the fix that fixes the fix ( MS probably broke it with a security fix)” —

It makes me wonder,
How is being in Group B going to work if MS breaks something with a security fix (as you postulate could happen), but to fix that, we need the “fix that fixes the fix”, which happens to be in a non-security patch?

–
Also, were not some of the telemetry patches earlier this year actually marked by Microsoft as “important”/or “security”? I know that I had some checked updates sitting for several months in my Windows Update main folder that I deliberately did not install because of their contents, and I thought that was for telemetry reasons as well as Get-Windows-10 reasons. (But I don’t have a clear memory about it now.)

Reply | Quote

TinHatMan,

In addition to Bob’s list, there have been a number of lists presented here by different below-the-line contributors on AskWoody.com in the last 6 months; Woody has even done one or two above-the-line blogposts here on this topic.
If you look here, starting with the most recent mentions of the topic (since they are more up-to-date with what is being offered by Microsoft Windows Update now), you’ll find other lists that have been put together, which you can check out.
(The built-in WordPress search function here is not so great, but you can search askwoody.com with an external search engine too.)

Reply | Quote

External Google search works much, much better. I use it all the time.

Reply | Quote

Since you said that “I’d settle for a list of really bad updates that appear to serve no one but Microsoft, even if that list was crowd-sourced and subject to some debate”, you might also wish to check out other people’s lists on the Windows 7 discussion forums at sites like sevenforums.com and wilderssecurity.com.

Reply | Quote

That’s how it’s looking – with “Give me recommended” checked.

Things may change by next month.

Reply | Quote

I’ve seen lots of complaints about it happening, but never have confirmed it. In most cases, something weird happened – most frequently, an antivirus package got installed that took it upon itself to flip the Auto Update setting.

Reply | Quote

Nixon and Khruschev at the “Kitchen debate.”

https://en.wikipedia.org/wiki/Kitchen_Debate

(Tip: Right-click on the picture while in Chrome and choose Search Google for image.)

Reply | Quote

The current situation with Windows is a unique one that has certainly not occurred before in the last 20 years.

Many of the intelligent, thoughtful people, such as those who populate AskWoody.com’s discussions, who are now saying, in complete frustration, exhaustion, and disappointment, that up to now they have been Microsoft Windows adherents _to the core_, but are newly feeling practically forced to make the difficult, time-consuming, risky, wholesale switch to a different operating system, are not just issuing “empty threats” and grousing for the sake of grousing.

Reply | Quote

@poohsticks

I am happy to see you talk about Never. I am a staunch proponent of the Never setting.

To me, Never means: Microsoft never has permission to change my computer. I hold that right and take the responsibility for myself.

It does not imply I will never update.

CT

Reply | Quote

+1

Reply | Quote

+200

CT

Reply | Quote

@poohsticks.

It might be much easier to identify the good updates. I think they number a lot less.

My own strategy has been to ignore/refuse ALL Windows updates that are not labeled security with the exception of stuff like C++. This strategy has been far easier to implement.

CT

Reply | Quote

@Harris,

I don’t think you are overthinking it — and some other contributors here have asked the same question in the last couple of weeks.

Woody has said previously that if you know you want to be in Group A,
if you want to, you can go ahead and unhide and install all the updates that you had hidden, because Group A will eventually get the whole gamut anyway.

—
Contributor Ch100 has given reasons for the past few months as to why he thinks no update should be hidden – he says that hiding updates might cause Windows Update to have some problems.

After I read a post by him about that, I could see the potential logic in that position, and since there was little downside, I unhid all the updates that I had hidden.
When all of one’s updates are either in the main/important WU list or in the optional list, it is not that difficult to keep a note of the ones that you don’t want to install and to avoid choosing them when you install the ones that you want to install.

To me — and I am not an IT expert, this is just the opinion of a random civilian — it makes sense to me that all folks (no matter if choosing Group A/B/C) might clear out the cobwebs of their Windows Update, and get it pared-down and prepared for the coming changes in October.

I’m not sure how Microsoft is going to change the presentation/layout/functions of Windows Update in October to adapt it to their new Rollup milieu,
but it’s clear that Microsoft has put out some half-baked, sneaky, unorthodox, error-hampered stuff in the last 12-18 months, and I want to make my computer’s Windows Update environment as uncomplicated and clean as possible, to give MS fewer things they could conceivably mess up/tie up in knots.

Reply | Quote

Following Woody’s recommendations is the best simple advice that you can get. The security updates that Woody clears are very unlikely to break anything. It is just that statistically and by the nature of what they are supposed to do, they are the most likely candidates to break things.
The main reasons that some readers here do not like to install other patches than Security are:
– Adverse functionality, like promoting or pushing for Windows 10 Upgrade or telemetry (“snooping”) patches
– Considering that they are not needed for functionality. Those people have the least justification in avoiding those patches, because effectively nobody here knows exactly what they do, although we can make qualified guesses based on the files involved. And those of us who make that effort, reached the conclusion that it is more often than not that those additional patches do serve a useful purpose.

Reply | Quote

There is a “Service Pack 1.5” https://support.microsoft.com/en-us/kb/2775511
which was not very popular, unlike the current one which seems to become trendy, although I advise against installing it for regular users, unless it becomes published on Windows Update.
The current one which supersedes KB2775511, https://support.microsoft.com/en-us/kb/3125574 contains internal patches in addition to the public ones. The internal patches are the so-called LDRs and it is generally accepted that most of the public do not need the LDR versions, those addressing specific issues and released most of the times as hotfixes.
Saying that, Susan Bradley advised in favour of installing KB2775511 and now advises in favour of installing KB3125574. However, Susan has a different target audience for her newsletters and posts.
Even if I am not in favour of installing KB3125574, at the same time I don’t consider bad practice installing it either. It is largely a matter of choice.

Reply | Quote

I am posting for those who read this site

Reply | Quote

This depends on how you define Group A.
Auto Updates users will receive only what is checked by default, this means sooner or later everything Important (for me this is Group B) or Important plus Recommended, depending on the configuration, which is close to Group A (or this is the true Group A?).
Full Group A would be to install the Optional unchecked updates in addition to the Important and Recommended. Not much difference though…

Reply | Quote

Thanks for clarifying what was meant by end date. In addition to patching, I suppsoe a lot of newer software will stop functioning on Windows 7 around that date.
You may not imagine and I may not imagine or Woody may not imagine either, but there are still about 25% of Windows users worldwide who still use Windows XP according to statistics. I don’t know if they accurate, but this is the best info available.

Reply | Quote

Thank you

Reply | Quote

Thank you, it is clear now.
Out of the box without other configuration, it uses wsusscn2.cab and is compliant with the MBSA requirements. This is what Woody designates as Group B.
I was under the impression that WSUS Offline is supposed to patch very much like Windows Update or Microsoft WSUS, which in addition to the MBSA baseline, have the other patches too.
Nevertheless, WSUS Offline is a very good tool for those who have become familiar with it and are particularly interested only in the security baseline aspect of patching Windows.

Reply | Quote

Can be a new installation of Office, MSE or as one user confirmed, a configuration done by the user in Windows Update MiniTool, a third-party GUI for Windows Update with few extra options, which modified Windows Update settings. In that specific case it was expected functionality of that product, only that the description which originally was provided by Microsoft in Group Policies Help was not very intuitive.

Reply | Quote

Windows 8.1 is still in Mainstream support until January 2018, I believe.

Hope for the best. Prepare for the worst.

Reply | Quote

Correct, and extended support until 2023.

https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

Reply | Quote

In my mind, Group A is a completely off-hands option, with “Give me recommended” checked.

Folks who install optional patches are just unpaid beta testers.

Reply | Quote

… and it’s worth emphasizing that we haven’t a clue what kind of snooping MS is installing on Win7 computers. Not even a hint of enlightenment from MS.

Reply | Quote

Well put.

Reply | Quote

Thanks @poohsticks

I don’t think it will be a revolution on Windows Update starting October 2016, rather an evolution which has already started. It will look more like Windows 10 style of updating, but not entirely, at least for the first few months.
Windows 7 is the last Microsoft desktop-not-a-phone operating system and has its own particularities.

Reply | Quote

@poohsticks: I’m definitely lacking in computer skills and have never unhidden an update without installing it.

My question, how do you “unhide” an update without installing it? Thank you for any guidance you may be able to provide.

Reply | Quote

But haven’t I read that ~90% of iPhone/ Android “free” apps snoop/buggy? That’s where they “make their money”. SO it’s not JUST Apple to be concerned about,but everyone in the iStore.

As for those free apps, I have no idea HOW they make money by pop-up ads – who BUYS those ? Maybe I’m a minority – have you EVER bought something from a popup ad that appeared unexpectedly ? ESPECIALLY the ones for cars. Yeah I’m looking at a website for a coupon to get save $5 off a case of motor oil and I see an ad for the “New Lexus”. You know, I was GONNA change my oil but i think I’ll buy a Lexus instead ! But the content providers have decided THAT is the future – to get into our heads slowly.

Historically , When Microsoft announced “Windows 95” I thought THAT was a marketing coup BECAUSE I thought they would THEN sell Windows 96,97… THAT was a BIG opportunity that they missed. Yeah they updated each year but everyone had dial-up. Selling the latest version WITH all the updates could have been a moneymaker AND gotten users USED to buying it occasionally. Instead they had to DRAG users from 2000 to XP, Vista..

Reply | Quote

What is Important for Microsoft, may not be Important for a certain number of users, or even worse, may be damaging to the same group of users. Important non-security in general is meant to represent a critical functional fix. Those updates which are presented as Important but not security are presented as Critical Updates in the enterprise tools from Microsoft. The Recommended and Optional are presented just as Update in the same enterprise tools.
Update Rollups are a special class as they can be anywhere, but in general they are under the Important category and have their own category in the enterprise tools.

Reply | Quote

Thanks
Next time when I will install an Optional patch, especially an early one, I will send a invoice to Microsoft.

Reply | Quote

FYI, all Windows 7 updates switched to “the so-called LDR” since March 2016, normal GDR branch is dead

in my opinion, this was one of the best decisions in Windows 7 history, and they should have taken it at least since the mainstream support ended in January 2015

GDR is already bloated, and most updates issues in the past comes from it

Reply | Quote

@Poohsticks

Amen

Reply | Quote

Equal pay for equal work, sez I.

Reply | Quote

A lot depends on what you mean by “snoop.” It’s true that many, many iOS and Android apps look for your location, and some will record what you do. But ads and in-app purchases are still the most common way to make money.

FWIW, I, too, hate pop-up ads.

Reply | Quote

My question, how do you “unhide” an update without installing it? Thank you for any guidance you may be able to provide. ?

On Win Update page Clk’ing “Restore Hidden Updates” ONLY REVEALS THEM – You have to put a Check by each and Clk “Restore” to Install.

Reply | Quote

After revealing the updates, just rerun check for updates. That’s what I do, anyway.

Reply | Quote

@Craig Stark & @Woody: Thank you both for this information. It’s a great help to me!

Reply | Quote

” Snoop” = just did a google browse – article like so:

“Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps”

http://techscience.org/a/2015103001/

…Results summary: We found that the average Android app sends potentially sensitive data to 3.1 third-party domains, and the average iOS app connects to 2.6 third-party domains. Android apps are more likely than iOS apps to share with a third party personally identifying information such as name (73% of Android apps vs. 16% of iOS apps) and email address (73% vs. 16%). For location data, including geo-coordinates, more iOS apps (47%) than Android apps (33%) share that data with a third party. In terms of potentially sensitive behavioral data, …

this one has some really funky charts, like so:
http://techscience.org/a/2015103001/images/fig1.png

…..

I’ve just found since my first android 2.2 each app asks for more and (and quite often unnecessary) privileges, Why does a standalone game that I’ve used for years now need (want)access to my contact list, my location etc ? … snooping

Reply | Quote

Very true.

Reply | Quote

@Walker,

Follow Craig Stark’s and Woody’s steps in their replies to your post.

To test this on your computer, first of all you can try these steps with just 1 hidden update, to make sure that it is restored back into one of your two main Windows Update lists (the “security/important” list, and the “optional” list) correctly
(which I believe it will be).

If by mistake that 1 update goes all the way and gets installed
(which I do *not* think will happen, because too many button-clicks and permissions are involved before any update is actually installed),
you can uninstall it right away.

If that test works, which it should, then you can unhide all the other updates at the same time by checking them all and hitting the “unhide” button (or whatever that button is called).

Reply | Quote

After seeing wdburt1’s comment, I had looked up “nixon kruschev” and found the wikipedia entry!

I don’t use Chrome and I don’t use Google, but appreciate the reminder about their spooky image-search capabilities!
(spooky capabilities, not spooky images, although could be both)

Reply | Quote

Competition to the bottom. Just wait for the Windows 10 updated stats to see how it fares compared to Apple and Google.
Which proves the fact that for those who require privacy beyond what is available, the only way to achieve it is to pull all electric cables from all sockets and the landline phone and everything else and turn the candles on instead. Also check under the table if there is no snooping wireless device powered by batteries and branded Google, Apple, Microsoft or else.

Reply | Quote

@poohsticks: Thank you so much for the very detailed information about how to unhide the hidden updates without installing them, and the explicit steps to follow. WONDERFUL!!

I plan on working on this over the weekend, as I am unable to do it sooner.

I can’t begin to say “thank you” enough for taking the time to provide all of this guidance !! I know how busy you must be.

You consistently provide a wealth of information in your posts, which I always read from “top to bottom”.

Thank you so very, very much!!

Reply | Quote

Resistance is futile, eh?

Reply | Quote

Canadian, eh?

CT

Reply | Quote

@poosticks & @Woody:

I’ve started to try to restore the hidden updates, and have a problem because I get an error message on all of those I’ve tried (3 so far), which are “older ones”. When I close the window and “check the “Important” and “Optional” lists these are listed there as applicable (1 on Optional & 2 on Important). It appears to me that they have been removed or superceded.

In that case, should I “re-hide” them? These are the ones that I’ve gotten the error message (#80244019 with:

KB3006121

KB3011780

KB 3139398

Your help will be most appreciated, as always. Thank you

Reply | Quote

No need to re-hide anything. In Win7 and 8.1, hiding is useful to keep Windows from nagging you. (In Win10 it’s a different story.) You can always uncheck anything that you used to hide, if it’s still applicable to your system.

Reply | Quote

@Woody: I thought that those thinking about going with Group B or C (or whatever it’s called), it wasn’t necessary to uninstall the hidden updates.

It seems that I’ve missed some advice along the way somehow. Thought Group B didn’t need to unhide.

Definitely don’t want Group A. My hard drive is only about 1/4 to 1/3 full (it’s a “terabyte” drive), so if necessary I can have part of the drive set up to use another OS if necessary.

If I misread the directions about the “hidden updates”, my apology. Thank you for your help.

Reply | Quote

Right now, there’s no reason to install (much less unhide) any recent patches.

Wait for MS-DEFCON to change.

Reply | Quote

@Woody:

I re-read your original post at:

https://www.askwoody.com/2016/ms-defcon-3-get-windows-patched-gingerly/comment-page-4/#comment-97996

and it references the following instructions:

“I have no idea how updates to Vista will roll out. For now, I suggest you choose between Group A or Group B.”

**** “If you encounter very slow Windows Update scan speeds on Windows 7 or Vista, I suggest that you use Canadian Tech’s speedup method, posted on the Microsoft Answers forum.

***For Group A – the ones who are willing to let Microsoft snoop

Go into Windows Update (in Win7, Start > Control Panel > System and Security > under Windows Update, click Check for updates – in Win8.1, right-click Start). Click the link that says “XX important updates are available.” Make sure all of those patches are checked (they should be). Then on the left, click Optional, and make sure all of those patches are checked. (WARNING: Don’t check Silverlight and Skype, don’t check any drivers – see below – and don’t check any language packs). Click OK, then Install updates. Reboot.

***For Group B – the ones who don’t want to let Microsoft snoop

Go into Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates – in Win 8.1, right-click Start). Click the link that says “XX important updates are available.” CHECK the boxes next to items that say “Security Update,” “Windows Defender” and “Malicious Software Removal Tool.” UNCHECK the boxes next to any items that aren’t specifically marked as “Security Update.”

On the left, click the link that says Optional. Uncheck every box that you see, except “Windows Defender,” which should stay checked. Yes, I’m saying that if a box is checked, uncheck it. Click OK, then Install updates. Reboot. ****

Did I misinterpret this information?

****Are we supposed to WAIT until October 1st and/or AFTER October 1st, and just leave everything the way we have it now?****

Running Win 7, Home Premium) set at
“Check but let me choose whether to download and install them”. I’ve not changed anything and was just “waiting”.

My most sincere apologies if I misunderstood these instructions. I will continue to WAIT to choose which “Group”, and then follow the instructions to get into that Group (A, B, or C/W).

Thank you for all of your help and guidance.

Reply | Quote

Wait. Watch the Defcon level.

Reply | Quote

You can see where Microsoft is headed with the enterprise version of Win 10 compared to the consumer versions.

The enterprise customers were spared the GWX nagware, as the free upgrade didn’t apply to the enterprise versions of Windows anyway.

Enterprise customers get the magic “off” button for telemetry that is denied to home users. They get to defer updates that may or may not be stable. The group policies that block the Windows store still work in the enterprise version, as do those that turn off ads in the lock screen and the start menu (along with unwanted downloads of certain things Microsoft thinks you need, like Candy Crush Soda Saga).

Non-enterprise versions of Win 10 don’t get any of those “luxuries.” All of the worst abuses of Windows 10 are reserved for home and SOHO users; for the most part, enterprise customers are treated like MS actually wants their business, which can’t be said of consumer-level Windows customers.

You have to wonder whether MS even wants to be in the consumer OS market anymore. The only rational explanation for their hyper-aggression against their own home customers is that Microsoft is executing a cynical exit strategy– squeeze the customers for all they are worth now, even to the point of abuse, with the full expectation that these customers will eventually seek to leave the Windows platform… but not until they’ve been “monetized” for a few years.

Once enough people leave Windows, MS can turn it into an enterprise-only product, eventually evolving it into nothing more than a thin-client frontend for its cloud services. Those customers who have fled the Windows platform will still be potential MS customers at that point, since cloud services will work on whatever OS to which they have migrated.

Reply | Quote

But don’t forget consumers’ primary function – as unpaid beta testers.

Okay, that’s unnecessarily cynical. But there’s a lot of truth to it.

Think of it as the latest incarnation of cackling geese saving Rome…

Reply | Quote

@Ascaris;

+1

Reply | Quote

@Woody;

“Okay, that’s unnecessarily cynical.”

Not by a long shot! Ascaris has nailed it.

“It’s not personal, it’s strictly business.”

JF

Reply | Quote

I agree Woody and Ascaris.

You stated it very well and accurately. In fact, earlier, I copied it and sent it out to some of my colleagues. It represents a very good description of what I think is going on as well.

CT

Reply | Quote

You cannot completely disable telemetry in Enterprise versions as far as I know, only most of it. The details are here https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization. Also this White Paper https://gallery.technet.microsoft.com/Windows-Server-and-System-d8d98dc6/file/152666/1/Windows%20Server%20and%20System%20Center%202016%20Telemetry%20whitepaper_final.docx
It is true that the enterprises use firewalls which can shield the system from the Internet, but again there is always the risk that the OS becomes slow due to time-outs. In the same ways end-users can use firewalls and try to block undesired communication.
Current server products like SQL Server 2016 have a dedicated service for telemetry and although there is documented procedure to disable the telemetry, not the service, it is not intuitive and it is suggested that it is better to leave it alone. In the previous versions of SQL Server there was a pop-up and the default was telemetry disabled.
I am not convinced that this is a major issue for the regular businesses which do not have special security requirements and it is a lot more an issue for end-users due to the perceived secrecy surrounding telemetry and data collected and also the recent years revelations which are not really news, but this time the claims are backed by evidence.
Firefox has telemetry services built-in for which the lighter form, Enable Firefox Health Report is enabled by default. Also Crash Reporter is enabled by default and it was difficult to disable it in past versions. Firefox is always rated as the most secure mainstream browser of all.

Reply | Quote

@Ascaris, Woody, Canadian Tech, nematode et al.

Re: https://www.askwoody.com/2016/debate-how-important-is-it-to-install-all-win78-1-patches/comment-page-2/#comment-100066
************

M$ and Adobe CEOs. Both heads are in the cloud.

Satya Nadella and Shantana Narayen were on CNN today (Money Views Nina dos Santos) talking up the big changes in their companies future and all the wonders and good things they are planning….just for us.

http://smallbiztrends.com/2016/09/adobe-cloud-on-microsoft-azure.html

Reply | Quote

Looks like a follow-on to their Ignite announcement

Reply | Quote

@woody;

Yep 48 videos on demand here:

https://myignite.microsoft.com/videos

Reply | Quote