MS-DEFCON 2: Lock down Windows updates

Topic

New Reply

With the August Patch Tuesday coming up tomorrow, now’s a good time to make sure you have automatic updating turned off. Follow the instructions on th
[See the full post at: MS-DEFCON 2: Lock down Windows updates]

Reply | Quote

Replies

Had windows update turned off after I installed the July updates. 🙂

And thanks Woody-I’ll install the speed up scan update tomorrow when you post it. 🙂

Reply | Quote

Thanks Woody. That’s reminded me that I didn’t get offered any non-security updates last Tuesday so far as I can recall.

Reply | Quote

I’ll post it if there will be any, otherwise please check the trusted site http://wu.krelay.de/en/
However even so, I think you should wait for another month until Woody moves to MS-DEFCON 3 or (hopefully) higher.

Reply | Quote

My advice: Set Windows Update to NEVER and never change it. The only updates you want are those labeled Security, and those are suspect. Wait for Woody’s advice on when and whether to install those.

Windows Update has become more of a malware threat than any other bad actor in the Windows world.

For those of you who do not realize it: Windows Update is a MONTHLY process. It starts the 2nd Tuesday. Trying to do Windows Update in between those Tuesday’s is a fools errand because it is extremely unlikely to be worthwhile and could even mess up your system.

On Office: Office 2010 was the best ever. Ever since then there has been nothing to offer but higher cost and more bugs. Actually there is very little difference between Office 2010 and 2000, let alone 365, from a functional perspective. Only a very tiny portion of users (like less than 1%) need to “upgrade” office from what they already have. And if you do not have MS Office, there are lots of alternatives that may be better for you.

CT

Reply | Quote

Windows Update is no longer started on the 2nd Tuesday, non-security Office updates are now offered on the 1st Tuesday, it’s been that way for a few months now.

https://blogs.technet.microsoft.com/office_sustained_engineering/2016/03/28/upcoming-change-to-the-release-schedule-for-non-security-updates/

I agree with you on the malware threat aspect, it’s certainly essential to vet the updates before installing them and I do wait for both Woody and Susan Bradley to research them and advise on whether and when to install them, although I don’t consider it necessary to set the Updates to NEVER as I do like to see what I’m being offered and to note the KB numbers so I know what I’m looking for in the recommendations made.

I also use Office 2010 on one of my computers, and don’t bother with Office on the other one which is my main gaming machine. I haven’t tried any later version of Office but both when I was working and after my retirement I have never found any need to do so as Office 2010 does everything I need it to, and does it well.

Reply | Quote

Some users, including this one, believe that Office 2003 (no longer supported, but I use it) was the best one.

Reply | Quote

A great suite of programs to control the Win monster at http://www.kls-soft.com/wscc/ Windows System Control Center – Priceless! Much more control than “God Mode” if you have gotten that far into Win.

Reply | Quote

So true, at least as far as Outlook is concerned. Still using Outlook 2003 with Win 7, along with Word ’97 and Excel ’97.

Reply | Quote

@Ken J. Boyd;

Re: “A great suite of programs to control the Win monster”.

Thanks a million. Super info.

JF

Reply | Quote

Office 2003 may have been the best, but you are likely to run into compatibility issues with the new formats based on XML, the .docx, xlsx etc. files.

Reply | Quote

I think that blog post mentioned is only related to Office updates. There is no change yet announced for Windows updates.
However I noticed that after the public backlash in relation to the Windows 10 Anniversary Update and the way it was handled, there has been a kind of freeze for the Optional Windows updates which were released many times outside of the regular schedule in the past. Same for Office which did not get any update last Tuesday.
We may be in for a big surprise tomorrow.

Reply | Quote

My additional advice would be to backup (1st rule of thumb in computing) via a system image on an external drive or SSD prior to patch Tuesday. Doesn’t need to be every month, I do it every 2 months.

Fortunately, I have ALL my important files on a second SSD so that doesn’t need backing up, only the OS.

I call it ‘Image Monday’ for my two Windows 7 devices.
If the system is ‘borked’ beyond repair, restore from an image.
Been doing this since July 2015 and is painless once your in the routine.

On two occasions this has saved me a system/ programs re-installation.

Reply | Quote

A complicating factor is for those who use MS Security Essentials. It uses some of the same resources as Windows Updates, and definition updates will show in the “Optional” list after an update.

When WU is screwed up, MSE updates can be affected. I’m not sure if it always goes down with WU is hosed, but it’s at least “mostly”.

I use Malwarebytes Antimalware as a supplement, but one of these days, I’ll get a non MS AV program.

Reply | Quote

Windows 10 Update Tuesday Noob here … (Win 10 Pro since 7/29).

Monday:
1. Took complete system disk image backup
2. Verified Windows update is set to “defer feature updates”
3. Activated “metered wi-fi hack”

Tuesday:
1. Downloaded “wushowhide”
2. Set gpedit to “Automatic updates: Disabled”
3. Waiting patiently … hoping all that Windows voodoo-fu will keep away evil spirits 🙂

Reply | Quote

Follow-up to last comment … just looked at Settings>Update & Security>Windows Update and lo and behold!

“Some settings are managed by your organization”

Advanced Options>Choose how updates are installed
“Never check for updates(not recommended)”

Your organization has turned off automatic updates

It appears that the gpedit hack may work (for now)on Win 10 Pro 🙂

Win 10 Pro(x64) 1511-10586.494

Reply | Quote

You’re fully protected. Now, a strand of garlic and wooden stake in hand wouldn’t hurt…

Reply | Quote

OK, just ran wushowhide. It found 3 updates for Win 10. A cumulative update to build 1511, a security update, and the windows malicious software removal tool.

Told wushowhide to hide all but the malicious software removal tool.

Cool! It worked!!!

Ran check for updates on Windows Update and it only came back with the malicious software removal tool. So I ran it.

Now it says my system is up to date. No nags to install anything else!!!

FYI, I’ve not seen any sign of the Anniversary Update being offered to my box yet.

Reply | Quote

Windows 10 Home hide updates with wushowhide:

Ran wushowhida on my Win 10 Home laptop, and performed the same steps as with Pro. Hid the 8/9 updates, except for the malicious software removal tool. Same results … it just works 🙂

I did set my wi-fi to a metered connection to prevent downloading evil spirits. So I had to expressly request via Windows update the download for the malicious software removal tool.

When I ran the check for updates again, it said my PC was up to date. So the hidden updates stayed hidden. Still have not seen the AU upgrade show up, but since I was a last minute Win10 upgrader, I am probably low on the list for the roll-out. But I am ready to stop it now 🙂

Reply | Quote

The registry should work with 1511. The issue seems to be with 1607, still to be confirmed though.

Reply | Quote

The update is being offered on a rolling basis. Some folks will see it before others.

FRankly, I’m glad to be missing out on this update for now.

Reply | Quote