|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
.Spotted this on the listing of patches tonight…. https://support.microsoft.com/en-us/help/4056254/windows-10-update-facilitation-service This updat
[See the full post at: Patch Lady – Windows 10 update facilitation service]
Susan Bradley Patch Lady/Prudent patcher
Will be interesting to see if MS can break into my 1511 and, for at least the third time, attempt to alter the software on my machine without my express approval. I have WU service disabled. Got rid of the self healing stuff. Got rid of the tasks in Task Scheduler. Run SpyBot AntiBeacon. MS, stay away from my machine. I like it the way it is. And that, given the mutated smartphone user interface you bolted onto it, is almost a miracle in and of itself. And get rid of the ribbon too. Or at least give us the option to going back to a menu system that worked.
Maybe this turned into a rant. Apologies.
Stay tuned – if they get me I’ll try to send word for rescue. How do you guys keep track of what MS is doing to your machines? Courage!
At the rate things are going with Win 10, I’m thankful I’m still on Win 7. My prediction is AskWoody will be seeing more and more articles on Chrome, MacOS, and Linux.
PS:
MS bugged the heck out of me to upgrade, but when I tried to, my Win 10 wouldn’t run on my laptop.
Agreed, but I hope we’ll also begin to see articles on how to retain Windows 7 in the safest possible way, and so avoid all the problems associated with upgrading to the least secure version of Windows (as evidenced by every monthly summary of vulnerabilities). Chrome, MacOS and Linux aren’t viable operating systems for some users, and nor is Windows 10. Some, perhaps many, users will want to continue with Windows 7 beyond January 2020 and I hope that guidance will be offered on the best way of doing just that.
It will definitely be possible to run Win7 after EOL, but to be safe after that date it will need to remain offline.
I am still running WinXP, but it is sandboxed in a VM. I have some expensive old software that will either not install, or run, on a modern Windows.
So start making plans now for which OS you are going to run your online life with. There really is no alternative for that, if security and privacy are a concern. The solution could be as simple as an inexpensive Chromebook, or a tablet. Using one of the new gadgets will get you connected to most of the cloud and/or social apps that you need to manage your life with.
But if you want to keep running Windows 7, you had better keep it offline only, and move files the old school way, with a shared drive or an external drive. At least you can continue to use your Windows applications that way. 🙂
Windows 10 Pro 22H2
EOL in 2020 won’t make a mature OS like Windows 7 insecure. It will depend on what you are using your computer for and what exploits are discovered.
Safe practices will keep you secure after that date as they keep you secure now. There are people running Windows 7 now who don’t get updates and they can maintain security at a high level.
LOL, good luck then! You are entitled to your opinion, but many security experts would disagree with you. So if you are an expert and use sandboxing or other mitigations to secure your computer, then you do not represent the average user here.
Just look what happened with the XP exploits that were discovered after MS quit patching it. Any vulnerabilities that are discovered in Win7 after 2020 will never be fixed. https://www.computerworld.com/article/3196686/security/kill-switch-helps-slow-the-spread-of-wannacry-ransomware.html
So you can just about count on malware authors trying to exploit one of the most widely used Windows OS. It won’t be about zero-days anymore!
Some might argue that Win7 is more secure than XP ever was, and that may be true, but malware has evolved over the years and is now much more sophisticated too.
Windows 10 Pro 22H2
Back in 2014 there was a lot of FUD about XP going EOS and not getting updates any more, with dark predictions that hackers were stockpiling zero-day exploits to unleash in the weeks following the final Patch Tuesday for XP. Bazillions of XP users were set to get attacked and their computers taken over by the bad guys.
If any of this came to pass, I didn’t hear about it–and I keep up with the tech press.
It’s happening, just not in the breathless apocalyptic fashion that the media would love to rant about.
Look at the exploits on out of date systems running point of sale software and the data breaches of related customer data.
There are still many vulnerable systems running out there. Besides data breaches, ransomware is very popular these days.
Feeling lucky? We’ll see…
Windows 10 Pro 22H2
LOL we should all be paranoid the EOL monster is coming.
I consistently update Security Only updates on my Windows 7 64 bit systems and I can’t remember the last update that is keeping me secure.
Smart and safe practices will keep people secure after 2020. Many secure practices today are what you do in your browser regarding cookies, Javascript, sites you frequent, User Account Control, DNS settings and things you download.
It is probably more important to have updates for your browser than your system and running a good antivirus with regular malware scans should be part of the defenses.
If State hackers want to hack your system then they will do it and it doesn’t matter what system you use updated or not.
If you are running a sensitive server system or a remote desktop system obviously duty of care would be to have a fully updated system. Although this may not make any difference.
Saying that it will be interesting to see what exploits emerge and one needs to always be vigilant and visiting this website helps obviously. YMMV
KB4056254 looks like a morphing of March 2018’s KB4023057 which had unblocked disabled or blocked Windows Update on Win 10. …
This update includes reliability improvements that affect the update service components in Windows 10 Versions 1507, 1511, 1607, and 1703.
This update includes files and resources that address issues that affect the update processes in Windows 10. These improvements ensure that quality updates are installed seamlessly on your device and help to improve the reliability and security of devices running Windows 10.
This update includes a background service to facilitate Windows Update service on devices running Home or Pro editions of Windows 10 Versions 1507, 1511, 1607, and 1703.
This update includes files and resources to address issues affecting background update processes in the Windows Update servicing stack. Maintaining Window Update service health and performance helps ensure that quality updates are installed seamlessly on your device and help to improve the reliability and security of devices running Windows 10.
https://support.microsoft.com/en-us/help/4056254/windows-10-update-facilitation-service
.
Seems, from April to June 2018, some savvy Win 10 users have found new ways to disable or block Windows Update. So, M$ has to come out with KB4056254 to “neutralize” their efforts. It’s like a cat-and-mouse game.
Thx for this hint. I’ve covered the whole thing in Windows 10: Update Facilitation Service (KB4056254) – and I’ve also gave some background details about KB4023057 within my older blog post Windows 10 reliability update KB4023057 (02/08/2018)
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
A new post says about KB4056254 aka “Windows Update Facilitator”
I’m on 1709 and have just been offered this update (needless to say I blocked it). I checked the MS page for KB4056254 and it still clearly states “Only certain builds of Windows 10 Versions 1507, 1511, 1607, and 1703 require this update.”, no mention of 1709.”
The poster is absolutely correct; when this KB appeared in Feb it was to force feed us v1709; this version which appeared in June apparently wants to force feed us v1803. As reported, this is cojoined with Update Assistant V2 — the V2 obviously meaning for the next (v1803).
I despise Microsoft for this.
Edit to remove HTML
Patch Lady,
Not a user of Windows 10, but a fan of the Master Patch List, I give you my thanks for keeping it up to date and us all informed, in such a pithy way, about what is going on.
Group B, Windows 7 Pro, SP1 x64, Intel I-7 “sandy bridge.”
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
This looks to me like just another means of ensuring that you will update your Windows 10 version when Microsoft want you to.
Just what we need, another service running in the background…
…that does what Microsoft wants, not what the user wants or needs.
Of course, Microsoft would say that we all need Windows as a Service, but just don’t know it yet.
Never forget, just back in Win 8.1 one could trim a Windows system down to what, 39 processes to support desktop operations? Low 30s for Win 7? Now it’s what with Win 10, 100?
-Noel
ust what we need, another service running in the background.
That does what Microsoft wants, not what the user wants or needs.
Of course, Microsoft would say that we all need Windows as a Service, but just don’t know it yet.
This is an important point. It’s why I have come to say that the only acceptable role for an OS is to serve the hardware (upon which the OS runs) owner in a manner defined by that owner, without conflict, equivocation, or reservation.
An operating system, by necessity, has access to every bit of information stored on that PC, or that passes through it. It is a position that requires the utmost in trust.
If the PC was a government of a hypothetical country (this is an analogy, not political commentary!), the OS would have to have the very highest security clearance possible, because it would have access to every single bit of classified and top secret information in existence. I can’t even imagine what it would take to get that kind of security clearance, or if it would even exist– but if so, it would not be an easy thing to acquire, nor to keep.
In such a hypothetical country, one would expect security clearances to regularly be denied to individuals who possess potential conflicts of interest. They don’t even have to be real conflicts; if a person’s acquaintances, friends, family, opinions, hobbies, etc., suggest even a potential conflict, the person would be denied clearance to prevent any situation where a person might be torn between allegiances. There can’t be more than one allegiance.
In terms of Windows 10, there clearly is more than one allegiance. It’s supposed to be serving the owner of the PC, but it also tries to serve the interests of Microsoft. That often creates a conflict of interest, like when the owner of the PC wants to skip a given feature update. Microsoft, of course, wants this PC on the latest build, and they have the means to make that happen regardless of what the PC owner wants (especially with the Home edition).
In situations like that, it’s very easy to get into the line of thinking where that conflict is resolved by telling yourself that you ARE serving the interests of the owner by updating his PC against his wishes, because he’s safer and he doesn’t understand how great this new build is and blah blah blah. Human minds (and MS is made up of people that have those) are wonderful at finding reasons to justify what they want to do when it doesn’t match what they know they should do! And once the questionable action is taken, they will cling religiously to the justification to avoid having that vanquished conflict make itself known once again.
That’s why an OS must unequivocally serve exactly one entity, and that’s the one who owns the PC. It’s not good enough to say that it should serve the owner to the greatest degree possible, but also Microsoft if it doesn’t conflict with the interests of the PC owner in any way. That would be a huge improvement over what we have now with Windows 10, but it’s still not good enough. If serving Microsoft is in the to-do list at all, the tendency to define the owner’s interests in a way that happens to also serve Microsoft’s interests will always be there. The OS needs to serve only the owner of the PC, and only in the manner defined by that owner. Anything else is grounds to deny that security clearance, and an OS that does not have security clearance is good for nothing.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
At the very least, with a very pragmatic view, Microsoft could offer the choice of being on the high development bandwagon or not. I would not be offended if they tried hard to patch you for security, but left a few advanced ways for those who want to control patching at a finer level for various valid reasons like hardware incompatibility.
The biggest problem is they push new features and their related hardware obsolescence and mix that with patching for security and bugs they keep introducing. So, in reality, most people get a constantly not so stable OS, and less secure OS too because of the constant influx of new vulnerabilities due to constant adding of stuff. In the end, the product, called Windows 10, is an experience in issues of varying degree, plus a tool of monetization. This is not a great value proposition, compared to what Windows 7 has been for so many of us. The product they sell you now is a disposable, potentially less safe, tool for Microsoft.
Right now, we are far from the good intentions of keeping us more safe through highly suggested patching for security reasons only.
I will cite our friend here, David da Neve, that developer who tried to sum up the reasons why Microsoft does it that way and defend the corporate agenda that he drinks happily, responding to a criticism about the model, saying that everybody adopted this rapid development model and they were late to the party so it is only normal they do things that way. It is that kind of attitude, nothing personal against the guy who seems nice, that creates this ridiculous situation for Windows. Everybody does it, so we should do it, just like with the monetization aspect of Windows. This is done with complete disregard for how well it fits with the needs of the customers, that creates this tentatively perfect rapid development process (which they still struggle to perfect to say the least), that requires third-party software providers to not not hop along with them, that fills a need that doesn’t exist at the customer level and ends up resulting in a product that many don’t want. Sure, some people like some gamers or insiders that don’t care too much about security and prefer new features might be happy if the issues don’t affect their gaming, but the market for Windows is much larger than those people. I still wonder why people would ask that much for that kind of development model for Windows. The only thing I see on the field is either indifference or annoyance.
What happens when a perfect process produces the wrong product in the long run when there are alternatives? I can’t believe there won’t be some company that won’t realizes it can pick up the ball at some point. The market, despite being mature, is huge and unlike in the Windows 98 era where we didn’t know better, since XP we got to experience a much better OS landscape long enough to expect better than what Windows 10 is as an OS.
I will cite our friend here, David da Neve, that developer who tried to sum up the reasons why Microsoft does it that way and defend the corporate agenda that he drinks happily, responding to a criticism about the model, saying that everybody adopted this rapid development model and they were late to the party so it is only normal they do things that way.
As everyone’s mom used to say, “If everyone else jumped off a bridge, would you do it too?”
The devil, as usual, is in the details. Ubuntu (to use an example with which I am familiar) has twice a year releases, but some of those (one every other year) are LTS releases that are fully supported for five years. Not only that, but there’s never any pressure to upgrade… do it if you want, or don’t; it’s up to you. It’s your computer, after all!
If Microsoft offered users the chance to remain on one version for five years with full security and bugfix support, and made it (like all other updates) completely optional, there would be far fewer complaints about the update schedule.
In Windows, the whole rapid update schedule seems to be about marketing. MS decided that Windows 10 was going to get “feature updates” twice a year, so every six months, they have to come up with enough features to fill a press release and to get the tech journos talking, which benefits Microsoft in several ways (not the least of which is the free advertising, but it also serves to distract everyone from the new monetization methods and attempts to control people’s PCs that may be in any given version). It doesn’t really matter if the users of Windows 10 actually had any desire for any of these features. It’s not about them!
Ubuntu, on the other hand, doesn’t even code the vast majority of the changes that go into a new release. A Linux distro is not one project… it’s dozens or hundreds of mostly unrelated smaller projects that keep right on moving with their own updates according to their own update schedules. The Ubuntu devs know that no matter what they do (or don’t do), there will always be lots of changes coming from upstream. Some of those changes are tested and added to the repo for the current versions of Ubuntu, which makes them appear as updates for users of that version. Some things, like a new version of X11, don’t work so well with that system (they have a greater chance to break software their users have installed, which defeats the purpose of LTS), so they’re reserved for the next point update, where they can be tested with all of the other new components that have come along since the previous release. And, of course, you can avoid any version you wish.
In Ubuntu, it is the code changes from upstream that necessitate the new releases. In Windows 10, it’s all developed by one company; there’s no “upstream” about it. It’s silly to copy a release schedule that’s based on the “bazaar” development method used in a Linux distro (and by open source software in general) and to try to apply it to the “cathedral.” (I refer to Eric S. Raymond’s famous essay here).
Microsoft may have copied the rapid release schedule, but they didn’t copy what makes it work. Those kinds of things are bound to happen when you try to copy things you don’t understand, as Microsoft quite evidently does not when it comes to open source.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
Facilitation sounds very helpful, doesn’t it.
When you want to control people, you want to facilitate aids to may sure they stay within your boundaries.
Back in January, @abbodi86 gave us a list of the “patches you don’t want” in Win10. KB4056254 was one of them.
BIG HEADS UP FOLKS
The June 2018 Cumulative KB4284874 for Win10 v1703 from the Windows Update Catalog contains and installs the dreaded Windows 10 Update Assistant V2.
It installs in the ?:\Windows\UpdateAssistantV2 folder which should be deleted before the horror show in the folder can execute.
If memory serves the sole purpose this delightful piece of MS designed MalWare is to undo and /or reset every single User set or altered Service / PC Setting / Group Policy impediment to a forced version upgrade.
It’s also included in KB4284880 June 2018 cumulative update for v1607 as well, Viperjohn.
Hey Y’all,
I’m on 1709 and I found the UpdateAssistantV2 folder on my machine, but it is empty!
HTH 😎
Yup, I got that same empty folder thing on 1709.
Windows 10 Pro 22H2
I installed 1607 Pro in a VM, then installed KB4056254 to see what Win10 Update Facilitation Service is. The new (but out since since february, a few months ago) service I found was “OS Remediation System Service” (osrss). It depends on windows/system32/osrss.dll since with osrss.dll disabled the service can’t start. I read that it occasionally creates folders in %temp% with a random number as names that contains two files, osrss.dll and osrssupdate.exe which I suspect is responsible for the “Important fix for Windows Update” dialog box, but I have no way of knowing that for sure yet.
I’m on 1709 and have just been offered this updated (needless to say I blocked it). I checked the MS page for KB4056254 and it still clearly states “Only certain builds of Windows 10 Versions 1507, 1511, 1607, and 1703 require this update.”, no mention of 1709.
See @abbodi86 ‘s list of patches that assist upgrades in Win10
Many thanks, the list of update related patches is getting quite complex!
My point here though was that KB4056254 isn’t supposed to be offered to 1709, only to earlier versions.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
