Is it possible Microsoft will install telemetry in a Security-only update?

Topic

New Reply

Interesting question from MA: This is a question about the “Group B” approach to safely updating Windows 7. If I understand correctly, the Group B app
[See the full post at: Is it possible Microsoft will install telemetry in a Security-only update?]

Reply | Quote

Replies

Everyone by now should realize that if you truly want customization in Windows from now on. Your only going to get that in enterprise editions. Obviously Microsoft doesn’t want to hurt it’s cash cow enterprise but has no concern about forcing anything and everything on consumer grade Windows. Is it worth spending $100 upgrading to Windows Pro 10 on your device to get more flexibility? I certainly think Microsoft believes a update system like Chrome OS uses on its devices is justified. Given that it’s meant to get security updates on devices faster and it does have other pluses having everyone on the same Windows version. But one thing differs between a predictable ecosystem like Chrome OS devices and Windows PC’s. That is a vast amount of configurations that make things complicated in releasing major updates. Sadly the inability to customize my Win 10 install to my liking in any significant way is troubling to me.

Reply | Quote

+1. I think the ChromeOS updating model is vastly superior to Windows 10’s. But then, Google doesn’t have to worry about the enormous legacy weight of old Windows.

Reply | Quote

Microsoft could simply offer security-only as an option in Windows update, with the ability to not install an update and the subsequent ones but preventing the installation of a patchwork of updates released at different times. That would be much better than asking users to go to the Update catalog and manually find what they want. I feel this would make less of the fragmented landscape they complained about to have people easily follow the patching roadmap unless there is a problem with one, in which case they wait until it is fixed and then install all cumulative security updates.

Reply | Quote

Telemetry in Security-only updates would make Group B strategy a bad idea, if your objective is to avoid telemetry and that is the reason you chose B to begin with.

Fixes to defective Security-only patches delivered in non-security roll-ups makes Group B strategy impractical, if not down-right dangerous. Resulting in inoperable systems. I am not certain that MS, in their current way of doing WU, will be able to make this differentiation.

It is looking more and more like MS relentless drive to Windows 10 no matter what, is going to force us to make a choice between A and C.

I am getting the impression that MS has no intent in trying to keep A and B streams a practical choice for non-techies.

To the uninformed, A will be the default choice. To the informed, C will be the default choice.

Bottom line is that MS is telling us that it cannot “afford” to deliver on its promise to support Windows 7 through January 2020. The only way they are prepared to “support” Windows 7 is to essentially turn our Windows 7 systems into Windows 10. Accepting this kind of “support” essentially means the product we bought and paid for will be converted to another that we have no choice but to accept.

Reply | Quote

“Microsoft has promised thousands of corporate customers that it won’t play games with the Security-only updates.”

At this point a promise from Microsoft is worth its weight in lead.

Reply | Quote

🙂

Reply | Quote

That’s the dystopian future. I remain optimistic that MS will fix its Security-only bugs with Security-only patches.

“Optimistic” being the key term.

Reply | Quote

That would be an excellent idea.

I won’t hold my breath. Microsoft sees Windows 7 as a resources-sink.

Reply | Quote

Woody and all vommentors : It is my opinion that ‘what Microsoft says :’ to can’t be taken at face value. Be very cautious of your choice from now on

Reply | Quote

I hope your optimism is well-placed. My concern is that if I start on the B strategy, will I get caught with a mess as a result of them not doing this. I am not certain how long I can hang on before I make this choice.

Reply | Quote

I’m worried about exactly the same thing.

Microsoft just needs to keep it clean for four years. “Just” he says…

Reply | Quote

No, it’s impossible 🙂

Reply | Quote

🙂

May I quote you?

Reply | Quote

🙂

Reply | Quote

Dumb question: Can anyone else cobble together a way to provide Security-only patches? Or is Windows 7 immune from being reverse-engineered, technically or legally or both?

It would seem to represent a business opportunity, and the providers of anti-virus software would seem to have a leg up, though we are accustomed to thinking that they are joined at the hip with M$. I keep reading that anti-virus software is a declining business, so perhaps one or more such firm would be motivated.

Reply | Quote

Not sure if the AV industry is declining, but it wouldn’t surprise me.

WSUS Offline seems to be doing a good job of turning out the patches. I’m still skeptical, but I may be swayed.

Still…. if there’s a telemetry component in a Security-only update, we’re hosed.

Reply | Quote

QUOTE; …”But I think it’s highly unlikely. Microsoft has promised thousands of corporate customers that it won’t play games with the Security-only updates. It’s hard to imagine shenanigans that would cause Microsoft’s credibility with the industry to fall even lower. This would be one of them.”
.
.
M$ are not making money$$$$ when corporate customers stay on Win 7/8.1 Ent. If by incorporating Telemetry into Win 7/8.1 Ent with the Security-only updates can push corporate customers into upgrading to Win 10 Ent, thereby making more money$$$$ for M$, why not.?
……. M$ hv already done the same by introducing non-optional monthly Patch Rollups for Win 7/8.1 in Oct 2016 where corporate customers could not hide a buggy update n had to forego the other security updates in the Patch Rollup = this inconvenience might push them to upgrade to Win 10 Ent.

Reply | Quote

They are actually not asking most users to go to the Update catalog and manually get security-only updates —
they are giving that option mainly to institutional/professional IT customers who have too many problems/misgivings about taking the complete monthly Rollups.

Microsoft has not mentioned the security-only path as being suitable for regular home computer owners/users. Indeed, they would strongly recommend against it (naturally!)

Those of us who follow Woody’s articles know about the security-only path, and, if we are trying it out, we are doing it at our own risk, knowing that it is not a Microsoft-supported pathway.

–
Microsoft will not consider making it easier for ‘regular’ people to do security-only patching, because that would be against their objectives (in more ways than one).

–
They used “fragmentation” as a big reason for moving the the Windows-10-like updating system, but the new system doesn’t eliminate it.

There are some very good reasons that some customers did not accept some prior patches (my Lenovo computer is an example of that), and if those historical patches are forced onto those machines now, it may break part of their functionality, or break the whole thing.

When the Rollups become truly cumulative with all historical patches in them, I expect there will be a percentage of customers who are going to be surprised and unhappy with the effect it has on their computers.
(It might be a small percentage in the scheme of things, and Microsoft obviously thinks that it is worth it to sacrifice/inconvenience those people and organizations, but if you end up being in that small unlucky group, especially if you don’t understand what is happening, it’s a pain to deal with.)

Reply | Quote

@Canadian Tech,

You probably know from my prior posts that I am broadly in agreement with you. I have made similar choices so far, and I am worried about the same issues.

However, to stick up for some people (although I personally am not in their camp) — there are quite a few “informed” people around, who know this stuff inside and out, who are going to opt for Path A.

Either they will deem that the safety/security/convenience are worth the risks of the telemetry and the tightening grip of MS,
or they will not even be worried in the first place about the telemetry and the tightening grip.

And, I can see how it is Microsoft’s position, and some other people’s position, that making Win 7 and 8 more like Win 10, especially in terms of automated updates and streamlining possible configurations is a benefit and a step on the path to progress; they are not neglecting their duty, they are doing the best that they can imagine doing for those customers.

Offering to upgrade customers to the new operating system for free, or to make an old operating system work much more like the latest one, is a bonus and a benefit (as they see it).

I don’t think that Microsoft ever had the intent to make the security-only path (Group B) a practical choice for non-techies.

They are offering it to institutional/IT-professional customers, who have to have special knowledge/procedures to undertake going down that path, and Microsoft is not promising them that it will go without hitches, only that if there are hitches, those customers can tell MS about them and wait to see if MS will deign to fix them.

It is a cheeky, risky move for non-techies to even try Group B. (And to “drop out” by going into Group C.)
And good on them/on us, I say! But we need to understand that each of us must accept the inherent risks in doing so: Although there are wonderful people on this site and other sites who give advice to non-techies when we run into trouble, we are mostly going to be on our own if something goes wrong with our computers during our attempts to be in Group B or C.

—
I am not disagreeing with you at all, just wanted to be a devil’s advocate and mention some of the arguments of the “other side(s)”, especially for new visitors to AskWoody.com whose heads might be spinning as they learn about all these new issues and decisions that we all now must cope with (welcome to the club!)

Reply | Quote

But Woody, is WSUS Offline putting out individual patches now, from the new post-September updating system?

Surely they aren’t able to do that, or we’d all know about it. ?

Reply | Quote

Woody, it’s for 3 years and 2 months, right? Jan 2020.

Sigh, that’s not far away.

Reply | Quote

or in toxic sludge

😉

Reply | Quote

Yep. Three years is all she wrote.

But that’s 200 years in internet time. I fully expect to see ChromeOS with Android apps widely available by then.

Reply | Quote

I don’t know. When I get some time (breathe slowly) I’ll take a look.

Your general point is correct, though – it takes the magic of Abbodi to break apart the new Monthly rollups into individual patches.

Reply | Quote

MS definitely IS making money from corporate Win7/8.1 installations. Most of them have volume licenses, which they pay for by the month.

Telemetry in the Enterprise (and Education) editions of Win10 on domain-joined machines is very, very different from telemetry with Win10 Home and Win10 Pro.

As for the rollups… the situation’s more nuanced than that. See

http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

Reply | Quote

@ woody ……. From what I understand, since 2009 a corporation might hv bought or rented/subscribed for Win 7/8.1 Ent Volume Licenses. The upfront costs for buying Win 7/8.1 VL is much higher compared to renting/subscribing, similar to the difference between buying a home/car in cash vs renting or leasing a home/car.
.
The rental/subscription for Win 7/8.1 Ent VL is called Enterprise Agreement n is for a minimum of 3 years – contract. The corporate renter may pay for the 3-yr rental/subscription in a lump sum/cash or by installment.
.
Since 2014, all new Win 7/8.1 Ent VL buyers or renters/subscribers were required by M$ to also buy the 3-yr Software Assurance or Upgrade Insurance, which entitled the users to upgrade to a newer Windows version for free within 3 years. SA costs about 29% of the full Win 7/8.1 Ent license fee per user per year.
.
So, M$ are not making any money$$$$ if the buyers of Win 7/8.1 Ent VL do not upgrade to Win 10 Ent VL.
……. For renters/subscribers of Win 7/8.1 Ent VL or Win 10 Ent VL, there is no difference in the rental/subscription money being made by M$. Eg M$ give free n everlasting upgrades to Office 365 subscribers/renters, but not to buyers of Office 2003/2007/2010/2013/2016.

Many corporations were buyers of Win 7/8.1 Ent VL n hv chosen to not upgrade to Win 10 Ent until EOL in 2020/2023. So, M$ hv likely been trying to counteract this by “killing” off or degrading Win 7/8.1 b4 2020/2023.
.
Most people prefer to buy their own homes/cars rather than renting.

Reply | Quote

We are on the same page, so to speak Poohsticks.

I feel it is my duty to my clients to inform them of their alternatives and the pros and cons of each choice. Then it is up to them to make that choice. I have no intention of directing or leading that choice. In fact, I have told them and will support them in whatever choice they make.

What is very wrong here is Microsoft not being forthcoming and presenting its customers with choices.

More and more, as I think about it, I have come to the conclusion that B is not for the “average” Windows user who makes up about 98% of the population.

Most of those people want a PC to do email and browse the web. They just want a stable platform that they can rely on. Many, have felt assaulted when confronted with an ad for something they just browsed the web for. That is the nub of this privacy thing.

Many of them have an excel spreadsheet with their financial investments and consider that to be sacrosanct and the very thought of someone looking at it without their permission is just plain unacceptable to the extreme.

Reply | Quote

I wouldn’t put it passed Microsoft. But what would they do? Not use Windows? Kind of hard to do.

Reply | Quote

Microsoft is a company. So they of course want to make money. I’m not sure what you guys expect.

Reply | Quote

Woody, there is a way to redirect the telemetry data or at least part of it from Microsoft servers to internal Enterprise servers. I am not extremely interested in this subject, but someone who is more interested than me might want to experiment to look into what is collected.

Reply | Quote

Yes, but the point for many of us is that Microsoft already made its money – when we bought ‘n paid for Win7. Snooping changes the way Windows works. “We didn’t sign up for this.”

Reply | Quote

If they are in Group C, are you having people move from IE 11 to Firefox browser? (Or were they not on IE anyway?)

—
But isn’t IE used by Windows and is somewhat vulnerable if unpatched, even if the computer user doesn’t use it as a browser?

Reply | Quote

Bottom line: Value for the money I already gave them, and meeting the expectations I have a right to.

Absolutely Woody is right. I and my clients paid good money for our Windows licences. When we bought them, we thought we knew what we were buying. Microsoft has that money.

The problem is the people we bought them from (Microsoft) have decided unilaterally to change the product we bought to another product that we would not have purchased.

A lot of people who understand what is going on (and admittedly not many do) are very upset about this.

It is sort of like signing a lease and having the landlord make massive changes to the home after I moved in, without consulting with me or having my permission.

Reply | Quote

Poohsticks,

That is a very good question. The vast majority of my clients use IE. I strongly suspect, from what I have learned in these forums that C implies shifting to an alternative browser. That way their browser would be patched by other than Microsoft.

Reply | Quote

You can check if a given security-only update installs Diagnostics Tracking Service by checking for the presence of file diagtrack.dll in Microsoft’s list of files in the given security-only update. Example: diagtrack.dll isn’t listed at https://support.microsoft.com/en-us/kb/3197867.

Reply | Quote

Yes it is possible. If there is a security-related issue fixed in a telemetry-related file, I would expect that file to be included in a security-only update, given that a Microsoft employee has stated (at https://blogs.technet.microsoft.com/configmgrdogs/2016/12/07/update-to-supersedence-behaviour-for-security-only-and-security-monthly-quality-rollup-updates/) that in effect it’s fine to go from Group A to Group B without first uninstalling the monthly rollups.

Example: The November 2016 monthly rollup includes the telemetry-related Diagnostics Tracking Service. Suppose a security-related issue is found in the file that contains the code for Diagnostics Tracking Service, and a fixed version of this file is included in the December 2016 monthly rollup. Consider a user who installs the November 2016 monthly rollup, and then the December 2016 security-only update. If a fixed version of the file is not included in the December 2016 security-only update, then this user will be vulnerable.

Reply | Quote

Wheels within wheels….

Reply | Quote

From comments at “More on Windows 7 and Windows 8.1 servicing changes” (https://blogs.technet.microsoft.com/windowsitpro/2016/10/07/more-on-windows-7-and-windows-8-1-servicing-changes/#comment-26197):
“[Question] Is it possible that a future security-only update could include the Diagnostics Tracking Service component?

[Answer from Microsoft employee Nathan Mercer] since that component is not a security update, no it would not be included in a security-only update.”

We’ll see if the follow-up question changes his answer.

Reply | Quote

Good one.

I think most of Microsoft is out on vacation for the next three weeks.

Reply | Quote

I would really like to get you to document this stuff, and post as a series of Knowledge Base articles in the new Lounge. You’ve done some extraordinary research, and it should be preserved.

Reply | Quote

I bet it won’t change 😀

Reply | Quote

I will definitely help with this. Thank you for the kind words :).

Maybe there could be a blog post “What do you think should be in the New Woody Knowledge Base?” in which people could list things they believe belong in the Knowledge Base, and others could give their opinion about the worthiness of proposed articles?

Reply | Quote