Reminder: We’re still on MS-DEFCON 2, no reason to install any patches

Topic

New Reply

Looks like a lot of people are getting stampeded again this month. To repeat: We’re at MS-DEFCON 2. There are absolutely NO patches released this mont
[See the full post at: Reminder: We’re still on MS-DEFCON 2, no reason to install any patches]

Reply | Quote

Replies

Hi Woody,

Quick question. I have Windows 7 and recently removed /uninstalled Norton anti-virus (horrible experience).

I downloaded/installed Microsoft Security Essentials. All seems well. It seems that I have seen you recommend MSE for Windows 7?

Just one question. I have noticed that after running a manual update in MSE, and then run a manual scan in Windows update, there is an optional kb update regarding MSE definition updates.

Do I need to download/install this patch? Do I have to do this everyday?

Thanks for your advice. I really appreciate your website and all you do.

Thanks!

Reply | Quote

Logged in to WSUS this morning…I…I cant do this much longer, Microsoft.

Reply | Quote

Woody,

Normally I go strictly by your DefCon advice. But I’m going to be out of town for a couple of weeks up through October’s patch releases, and I’m thinking that I should update my machines with the September patches before I go, since the patching ballgame will be very different by the time I return. Any thoughts on this? (I suppose if there are no current patches worth installing, there’s no reason to proceed. On the other hand, I’ve at least found the “speed-up patches”, e.g., KB3185911 to be worthwhile.)

Many thanks.

Marty

Reply | Quote

I knew about avoiding Flash, but not Acrobat Reader. Is there another (recommended) way to view PDFs safely?

Reply | Quote

I use the built-in PDF viewer in Chrome. In Chrome, just drag ‘n drop the PDF file onto a new tab.

In Win10, I use Edge.

Reply | Quote

Sure. If you’re going to go with Group A, install only the checked patches. (The ones just released are all unchecked, except for the time zone change.) If you’re going to go with Group B, install only the patches that are clearly marked as Security Updates. If you want to sit on the Group W bench, don’t install anything.

In all cases, make sure Auto Update is set to Disable.

Reply | Quote

MSE is great. I do NOT recommend any third party AV products, because the free ones beg for money, and the paid ones charge way too much for way too little.

(That should get me some hate mail.)

The MSE patches come through every day and you don’t need to do a thing. They install themselves.

Reply | Quote

IE11 is already buggier than a Florida condominium. What’s one more bug amongst friends?

Reply | Quote

As Woody said, both Chrome and Firefox have built-in PDF reading support not.

If you want an app and all you need to do is open or print PDFs, use Sumatra PDF.

However, if you need to fill out PDF forms (one of the few things Sumatra PDF *cannot* do), use PDF-XChange Viewer (now replaced by PDF-XChange Editor which is a worse, more bloated version).

Reply | Quote

You can apply Virus Definition updates manually at any time in MSE, AND you can have a schedule set up where that happens automatically.

However, if you started up in the morning, and immediately updated MSE’s definitions to the latest-greatest – and THEN waited a couple of hours, it’s likely that there is an even more recent set of Definitions, which will appear in Windows Update. You can either update them from there, or directly (manually) from within MSE, which is my preference.

Reply | Quote

Hi Woody,

I would like to ask something about IE. You’ve always recommended that it be kept up-to-date, but I’ve actually had it disabled for years now from the “Turn Win features on or off.” WU never offers me any IE-related updates.

This is on 7 SP1. Last time I did a clean OS reinstall was Nov 2013, and at the time I installed the “updates” IE9 and IE10 through WU (but in the aforementioned “Turn Win features on or off” dialog it still says IE8 – go figure). I think the only reason even those got installed is because I hadn’t turned it off yet, considering updates to be higher priority. Most likely, I turned it off right after (in response to the nuisance of a never-ending stream of cumulative security updates to something I’d never use).

It’s been this way since then, so for almost 3 years. Should I start caring about updating it now? You’ve said that the system uses IE components for other stuff, but I don’t think I use any other Win components/services that use networking. WU is the exception, but soon that might be dropped altogether, too (I’m in Group B).

Thanks,
Nick.

Reply | Quote

Very good question. My advice to keep IE patched is from years ago, when some Windows components – formatted mail rendering, for example, relied on IE. Anybody have newer news?

Reply | Quote

I have read that Microsoft Money uses IE internally, even when not accessing the Web to synchronise with your bank. Which it does not do anymore, since it is a discontinued product.

Discontinued, but still excellent — and free, now available under the name Microsoft Money Plus Sunset (some people say it’s still the best in its category, beating even paid-for products). Since I use it, I suppose I’m one of those people who should take care to update IE no matter what.

As a matter of fact, I have now an Important KB 3185319 sitting in my WU scan, waiting to be downloaded. That’s a Cumulative Security Update for IE 11, Windows 7 x64, published Sept 13.

Reply | Quote

Here’s another little W7 twist for the eagle eyed – in the recent batch of updates, kb3179930 actually links to kb3179949 when you hit ‘more information’ in windows update. Go figure.

21/09/2016 – 19.54 UK time.

Reply | Quote

Cool!

Reply | Quote

Hi Woody,
Just to clarify (since I see a lot of comments re: windows 7/8.1), MS-DEFCON 2 is for all version of windows including Windows 10 build 1151, right?

Reply | Quote

Yes. When it’s time to install updates on ANY version of Windows, I’ll post a change in the MS-DEFCON status.

Reply | Quote

Using Windows 8.1 I have found there is a good reason to install the Flash patch- not for security, but to get Windows Update to work. I have two Windows 8.1 computers, and in recent months I have found that my update scans on both of them become very slow (or interminable) when there is a Flash update on the list of available patches. But if I get the Flash update off the list by installing it, WU works fine again. (I don’t use Flash, I wish I could get rid of it and its updates, but in Win8.1 it is not uninstallable.) This month on Patch Tuesday Windows Update ran for hours with no results. I installed the Flash update manually (nothing else, except Windows Defender definitions) and then WU worked fine again. I know I’m in a small minority using Windows 8.1, but I find it hard to believe I’m the only one with this problem, as this has occurred repeatedly on two different computers.

Reply | Quote

Thanks!!!

Reply | Quote

This is not hate mail, but as I’ve written here before, I disagree with you about Norton, both the cost of it and the quality of it, from my long-term personal experience with it. 🙂

Reply | Quote

That’s what I thought too part. Using WFN to turn on bi-dir win firewall. But as reported here there were some fishy Wu installs recently that referred to mse so I uninstalled it and after some research I installed zone alarm free that provides both 2way firewall and av.

I’m sure its not much better than others but not much worse than mse and the less Ms se I use the better.

Reply | Quote

Several months ago, there were some posts here about Sumatra PDF, which you might search for on this site, if you want to see what other AskWoody participants have said about it.

I posted here at that time (perhaps when I was using the username here of “D.” or “D.D.”) that it is the third-party pdf reader which is recommended by security expert Brian Krebs at krebsonsecurity.com.

I installed it in place of Acrobat Reader, and I have been happy with it (but I don’t need a pdf reader for anything but the basics).

Reply | Quote

You have every right to disagree!

What a boring world it would be if we all thought the same way…

Reply | Quote

Sumatra PDF http://www.sumatrapdfreader.org/free-pdf-reader.html

Reply | Quote

You may not have updates for IE because you did not install IE11 and all other versions are deprecated on Windows 7, although there seems to be some unofficial degree of tolerance still for IE10 on Windows 2008 R2 Server and this is for compatibility reasons with enterprise applications.
If you use your system in less common ways, you are likely to cause problems for yourself and have to address the problems yourself with very little support from community.
Do not disable IE because “disabling” it was only a cosmetic decision to please European politicians and has nothing to do with the OS itself.
Upgrade to IE11 when offered and use IE11 when needed on sites like Microsoft Update Catalog as IE11 is not worse or less secure than the other mainstream browsers.
This does not mean to use IE11 exclusively, use you preferred browser for most other tasks which do not require IE11.

Reply | Quote

You just never know.

Despite having Firefox as my default browser, I had Chrome use IE to deliver a survey asking why when I uninstalled it.

Reply | Quote

Is Money Sunset still available and functional? I used Money many years ago and found it good enough.
If you want to look for alternatives, give GNUCash (for Windows) a chance. It is more complicated to use though, but it is the real thing.
https://www.gnucash.org/

Reply | Quote

I get a black screen after I install KB3175024. I already have the first version installed, but the new and improved one will not finish configuring itself properly. Windows will not boot afterwards, so I have to use my W7 product disc to remove it.

I first installed KB3175024 with all the other security updates for last month, except the IE one, and got the black screen. I then installed every security update one at a time. KB3175024 was the only one to black screen. I installed the IE update (biggie) right after that and had no problem. Then installed the non-security stuff without problems.

Reply | Quote

This is an interesting one, as I was not aware that Sumatra PDF cannot fill forms.
I suppose for this particular situation, a copy of Adobe Reader 11 (not DC) patched up to date is the way to go.

Reply | Quote

It is the supersedence at work again.
People who decide to be in Group B for completely subjective reasons, please be aware!

Reply | Quote

I have used Norton for 5 computers and never paid over $29.95 for it and in fact I downloaded the last one onto my android smart phone and it has worked very good on all five units. But I am also running both, Norton and MSE, on my HP. Both are doing their job very nicely. I thought that they would not run together but oddly enough they are and no trouble. $29.95 is not expensive for the service rendered for a full year. Just a impartial comment..

Reply | Quote

@Woody:

I’m probably misreading this term from your message: “make sure Auto Update is set to Disable.”

I keep mine the same always – – – “Check but let me choose whether to download and install”. I think it’s been noted that this is “the same” as “NEVER UPDATE”????

Just want to be certain that I the way I have it set is correct. Thank you for the clarification. Having MS changing everything “now” has been very disconcerting. It’s not October 1st, however it appears that there are “roll-up patches” appearing already.

Thank you for all of your help. 🙂

Reply | Quote

Yeah, I’m not going back to norton at all, ever since it let 4 trojans through without so much as a peep…

Reply | Quote

Thanks for the reminder – I remember the recommendation from Krebs but never did anything about it until today.
Uninstalled Adobe Reader: 220Mb
Installed Sumatra: 11Mb
Saved space: 209Mb
Can’t be bad!

Reply | Quote

“Check but let me choose” and “Never update” are functionally equivalent. You can use either.

(I should’ve said “Never update” instead of “Disable.”)

Reply | Quote

@Woody: Thank you so much!! 🙂 🙂

Reply | Quote

Is it possible this is related to the EMET/EAF problem?

See https://support.microsoft.com/en-us/kb/3175024

Reply | Quote

JA: FINALLY…Someone else to confirm what I’ve been saying on this forum re: a direct connection between 8.1 long scan times and the Flash patch!

Since Flash is embedded in 8.1 please tell me how you were able to install it manually.

I’ve been enduring one long scan time to install it through WU, thereby making subsequent WU’s fast. But, your manual method would be vastly better. Please share!

Thanks for confirming this!!!

Reply | Quote

I turn mine back to “never check for updates” after I put it on “Check but let me choose whether to download and install” and I usually have updates show up and I install or hid them then I change it back to “Never check for updates” and don’t open it until I am ready to check again. I run Win 7 Sp 1. Whole process takes abo9ut 6 or 7 minutes including restart, depending on number and size of update(s)

Reply | Quote

Just a test.

Reply | Quote

MSE is worse than having nothing at all. It degrades your performance (slightly) and offers little to no protection and the false sense of security that is dangerous to the modern Internet.

You should know better Woody. Avira, Avast, AVG. Pick one. Avira has had some previous run-ins with bundling adware but they retreated on it after the outrage shamed them into doing so. So pick Avast or AVG. They’re both user-friendly and do a much better job than MSE at actually detecting and removing malware.

Reply | Quote

Hate to break the news to you but both McAffee and Symantec/Norton are complete garbage. You’re being swindled for inferior trashware compared to what you can get for free.

Better (free) products from Avast and AVG while better (paid) products from Kapersky and a few others.

Reply | Quote

Just got a bugcheck (USB Driver error) after installing the latest round of patches.

KB3185278
KB3184143
KB3181988
KB3182203 – Sometimes randomly fails to install
KB3177467 – possibly safe but still better to wait

So one of those first 3 caused a USB bugcheck. I had my Windows Update set to always CHECK but something must’ve been done to cause it to switch to Automatic. Don’t know.

For now, I’ve completely disabled the related Windows Update services and only check for updates once a month (previous month updates) after the dust has settled.

I’m thinking DEFCON-2 might be too generous. Might need to drop that to DEFCON-1 if other users report similar issues.

Reply | Quote

Before last year, I generally got the then-equivalent of Norton Internet Security (for 3 devices then) annually for anything from $0/free (using a Norton rebate offer) to about $12 (maximum $15), usually with Amazon as the seller, and for the last 2 years I’ve gotten NIS for 5 devices for something like $20 (I bought it via Amazon as the seller; you will almost always pay a lot more for the very same Norton package if you buy it from a Norton entity, especially if you click links within your Norton program in order to buy a new subscription, than if you compare prices at outside retailers) — which is not a bad price at all.
The 5-device allowance lets me put it on a relative’s mobile phone and computer, as well as on my devices. For $4 a year per device, given all it does, I am a fan.
I even once had a helpdesk telephone call with a friendly, helpful, US-located Norton guy who helped me for an *hour*, for free, with a weird security problem that my newish computer was found by Norton to be having.

Reply | Quote

I used WHDownloader. (Nice little program. Available on the Major Geeks website.) It downloads lists of all available updates, then you can select the ones you want to download. Once you have the downloaded file, just open it and it will install. I did find that this month I had to change the WU setting to “never check for updates”, and then do a restart to get WU to quit scanning. After I got the Flash update installed (kb3188128), I changed it back to “check but let me choose whether to download”.

Reply | Quote

OK, I’ll bite: why 11 over DC? IIRC, I have 11 on the seldom-used laptop, but DC replaced 10 on my desktop. I usually keep it updated through the application.

Reply | Quote

I’ve hear good things about kmymoney. Supposedly much better than Gnucash, but I have no first hand experience with either.

Reply | Quote

I did not use any antivirus and antimalware products, not even MSE or Windows Defender. They are ALL disabled on ALL my computers. These products cause more problems than they attempt to solve in my opinion : interference with other programs, false positives etc.

I believe I am pretty careful about what websites to visit, and I use Noscript with Firefox to block scripts.

I have not had any problems since I took on this approach. No need to worry about any antivirus updates causing problems.

I am sure there will be many people, including you Woody, who disagrees with me, haha.

Hope for the best. Prepare for the worst.

Reply | Quote

Manual installation of Flash Update means in this case downloading the Microsoft patch from the download site or Microsoft update Catalog and installing it.

Reply | Quote

I booted into Windows 8.1 on my computer (Yes, I have multiple versions of Windows installed on my computer) just to see if it has the problem you mentioned.

And no, there is no such problem. After I booted into Windows 8.1 and launched Windows Update, the update list appeared pretty quickly, including the Flash update KB3188128.

In previous months I did install the Flash updates as part of the patches installed.

Hope for the best. Prepare for the worst.

Reply | Quote

@ch100

Quite right: SumatraPDF cannot fill forms… BUT since Adobe Reader Free doesn’t let you save filled-in PDF forms, you might consider Nitro PDF Free which does let you save filled-in PDF forms.

Reply | Quote

You could use this permalink to get latest patch:
x86
http://go.microsoft.com/fwlink/?LinkId=328650
x64
http://go.microsoft.com/fwlink/?LinkId=328651

Reply | Quote

There are no first or second version, KB3175024-v2 is the only released version

Reply | Quote

This may be of interest:

I am running Win7 x64 Home premium with WU set to never.

There are no Windows patches installed after 5/12 2016.

Today I downloaded and installed manually the critical IE11 fix KB3185319 for Windows 7 x64.

Soon thereafter the GWX control panel — yes, I am still running it — detected Win10 files and shut down the system. So unless MS is slipping stuff invisibly … ?

Reply | Quote

After many years as a Norton customer I uninstalled it.

Symantec’s quality control went down the tubes. Customers were used as unwitting beta testers, the software caused more problems than it solved, and the turnaround time for resolvingcritical issues like recurring BSODs stretched to weeks.

And that’s just the tip of the iceberg. Good riddance.

Reply | Quote

I use outlook mail and the ebay recommended “app” pinned site is also explorer – thoughts?

Reply | Quote

I am doing B. If necessary, how do you install updates one at a time?

Reply | Quote

Microsoft has been criticized over its Windows 10 software by consumer rights group Which?.

http://www.bbc.co.uk/news/technology-37431343

Reply | Quote

You don’t. when MS has made its methods more clear, I’ll be publishing details in InfoWorld.

Reply | Quote

I don’t disagree. Antivirus isn’t nearly as important as it once was. That said, I’ve never had a problem with MSE.

Reply | Quote

First time I’ve seen this.

I’m not sure what a USB bugcheck looks like. Details?

Reply | Quote

I suspect the report refers to the pre AU version as there’s no reference to the forced adware crap on the tiles for Home and Pro users

Reply | Quote

DC is too heavy, bloated if you want.
It tends to cause a lot of load, although v11 is not perfect either. The last really good Adobe Reader was 5.05, but there are good chances that it is now obsolete and potentially insecure. Maybe 9.5.5 to be the last good one in the recent history.

Reply | Quote

Then you don’t have the same problem. The OP said that the previous Flash patches were not installed and this is what caused the slow scanning.

Reply | Quote

It’s all well and good to toss off the recommendation to ‘dump’ flash and Adobe reader but… I work in an environment where it is required. Several programs we have to use depend on flash. We are working at moving from it but it takes a lot of time (short staffed so it is always a second priority) and money which never seems to be available.

That said, the environment is rather restricted and we have not had any real problems so our continued use has not been an issue.

Reply | Quote

KB3181988 is the one that updates USB drivers
it’s mainly intended to fix issue in Convenience Rollup KB3125574
so if you don’t have CR installed, you better not install KB3181988

Reply | Quote

I learned long ago that trying to diagnose a problem in a computer that had a “security” program installed was a waste of time. I discovered that by removing the software, diagnosis became much easier and more effective.

I have not permitted anything but antivirus only software on my 150 client PCs for years now.

For a very long time, I used Norton Antivirus and thought it worked well. Then Symantec dropped the product. I looked for an alternative and found one in Bitdefender Antivirus +.

It has been nearly 2 years since. I have not seen a single infected PC among my 150 client PCs in 2 years. BD is an excellent product that requires no maintenance, very low resource demand and just does its job silently, quietly. Clearly superior to Norton. This conclusion is based on a lot of experience — lots of computers, lots of years.

You can buy a retail product for $70 list, $40 on sale at WorstBuy for 3 computers for 2 years. Net price per year per computer is very low.

All the other stuff in the “security” products disables the corresponding features built-in to Win7 and provides no real advantage, just higher cost.

CT

Reply | Quote

Safest way to use Flash (arguably) is through Chrome or Firefox, clicking to allow the Flash program to run on a site-by-site basis. I also use it in a similar way on Edge, but haven’t formed an opinion on which platform is safest.

Google will be pulling Flash support from Chrome by the end of the year, although it’ll continue to enable Chrome on YouTube (which Google owns), Facebook, Yahoo, Amazon and several others.

https://groups.google.com/a/chromium.org/forum/#!searchin/chromium-dev/HTML5$20by$20default/chromium-dev/0wWoRRhTA_E/__E3jf40OAAJ

Reply | Quote

You might be right. I have EMET installed but I do not know how to temporarily disable it so I can install the update. The workaround has nothing to do with what I am experiencing, re: freezing apps. If there is a service that I should disable just for the install I’d appreciate knowing what that is.

Reply | Quote

I have found it best to leave the setting temporarily at “Check but let me choose whether to download and install”, until all desired updates have been installed (at which point it can be changed to “Never check for updates”). If you don’t do that, and you install updates selectively, the list of remaining available updates will have disappeared after the initial batch has been installed, thereby requiring a new manual check.

Reply | Quote

I strongly agree about staying away from DC. Too much bloat and loss of control. You will have to dig for the non-DC patches, but Adobe is still supporting 11.0.17. (Reader XI)

I do not want the auto-updating of DC or the more robust cloud aspects. I disable all cloud features in all my programs. I especially hate the image editing programs with automated Facebook posting features (click to post).

K.I.S.S. I have found “convenience” often leads to mistakes.

Reply | Quote

No idea. This is a good one for the Microsoft Answers forum.

Reply | Quote

I alwsys tell people if a website on IE asks for a flash upgrade DO NOT say yes and get off the site and run an AV and malware scan since it is very likely to be an attempt to install malware. I recommend strongly for them to go directly to Adobe and download it from there and then retry the website IF it is a major, well-known website, otherwise beware.

Of course, I usually ‘bundle’ this with advice telling them that they really should consider moving to using Firefox.

Reply | Quote

I use FlashBlock, an add-in for Firefox. It blocks all Flash activity, unless I click on the “allow” button. I have found that this is a good way to do it, because Flash is right at hand if I need it, but blocked otherwise.

The only complaint I have is that it seems that videos which would run when I had Flash uninstalled now require that I “allow” them. I probably have something configured wrong.

Reply | Quote

Woody, I have only used Flash thru Google Chrome for the about 2 years and it has worked well on my Win 7 SP 1 machine. I hadn’t read about Google dumping flash in Jan 2017 so I will look for an acceptable replacement. I wonder if one could find a “One shoe fits all” p.s. Flash had always given me trouble in IE

Reply | Quote

Woody, I found your page a while ago and have been reading. I just found out about the Windows Update changes to happen in Oct. and about the Rollup updates and the Security Only updates. I would definitely want only the security updates; however I found this in an article on computerworld below. It sounds like I won’t have a choice to get security only updates being a home user?! Is this true? Is there a way I could get just security updates only? My biggest concern is the telemetry patches that I don’t want.

“Starting in October, still-supported versions of Windows with the exception of Vista, will be offered only cumulative packages. One of those packages will bundle security and non-security fixes, while the other will be security patches only.

Customers who receive patches and bug fixes via Windows Update — the consumer-grade maintenance service — will automatically get the security/non-security cumulative update; they will not have a choice. However, businesses deploying updates using Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM) or the Update Catalog download site, may pick between the security-only or the combined security/non-security updates.”

http://www.computerworld.com/article/3108380/windows-pcs/microsoft-to-end-decades-old-pick-a-patch-practice-in-windows-7.html

Reply | Quote

Google Chrome and Flash have been good for me for about two years since Flash ruptured IE in 2014 on my computer. I probably will not ever turn on IE again. It seems to not serve any purpose on this machine HP Win 7 x 64 SP 1 (2009).

Reply | Quote

My AVAST catches 5 to 10 lockey downloader SPAM/VIRUS emails every day (ransomware). Not that I’d click on any anonymous emails that said “Your Invoice is attached” … but it’s nice to have the confirmation (for free).

Reply | Quote

No. You will have a choice to either

(1) Install all updates, including older updates (I call it Group A)
(2) Install monthly security-only updates, one month at a time (“Group B”)
(3) Don’t install anything (“Group W”)

Gregg’s article is accurate, but you will always have those options. Or so we’ve been promised.

Reply | Quote

A new version of KB3179949 is being offered to my Vista box today.

The KB article says revision 2.0 and refers to .NET 4.6 and 4.6.1, neither of which is installed on my computer. I have 4.5.2 installed.

Going by your IW article yesterday, I should be offered KB3179930 for .NET 4.5.2. No sign of it.

Windows Update says KB3179949 applies to all three of 4.5.2, 4.6, and 4.6.1.

Either the KB articles are wrong, or Windows Update is wrong.

I would normally lean towards WU being correct; except it keeps offering me the MSRT despite the fact it’s sitting on my hard drive and I’ve run it 3 times this month. That’s happened for a couple months now.

Reply | Quote

The KB article is probably wrong. The Windows Update list says 3179949 is for 4.5.2 on Vista.

https://support.microsoft.com/en-us/kb/894199

Ain’t it fun to have consistent documentation?

Reply | Quote

Since we’re talking so much about Adobe –

I get Adobe Flash Player updates directly from the Adobe download site. I have to get one for Firefox and one for IE-11. I set the flash player on Firefox to “Ask to Activate” and I have the one on IE-11 disabled.

I have Win 7 x 64 SP1. I also have Acrobat Reader XI which I update myself manually. I don’t get any Adobe updates for anything offered to me in Windows Updates.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

@Marty;

Thanks for that tip. Obvious timesaver

Reply | Quote

@Woody;

How about Foxit Phantom PDF?

It came pre-installed on my ASUS Win8.1 laptop

Reply | Quote

OK, I hid the lot of them which includes the important DST update for some remote part of Russia. I don’t understand why that would be important in the first place,

Reply | Quote

Just sharing a UK news article I saw today.

( _Which?_ is a British magazine and consumer organization that is similar to _Consumer Reports_ in the US. )

——
“Computer users blighted by Microsoft Windows 10 software trouble should get compensation, consumer body argues

-Customers ‘nagged’ by Microsoft to install software now facing problems
-Some have lost files and e-mail accounts, while others face printer trouble
-Which? says customers should receive compensation from Microsoft

After being ‘nagged’ by Microsoft to install the updated software, hundreds of customers have told Which? the installation caused them to lose files and e-mail accounts. It has also created a host of other problems, including defunct printer and wi-fi connections, and speakers troubles. In some cases, Windows 10 customers have had to fork out their own cash to get their computer repaired after installing the software, Which? said.

[…]

Having surveyed more than 5,000 people in June, Which? said 12 per cent had reverted back to an older system after installing Windows 10. Customers also flagged ‘poor customer service’ from Microsoft when they contacted the company about the problems they were experiencing.

Under the Consumer Rights Act 2015, shoppers have certain rights when it comes to ‘digital content’ like Windows 10. The digital content has to be of satisfactory quality, fit for a particular purpose and be as described by the seller. According to Which?, ‘in many cases, if the faulty digital content damages your device or other digital content, you can have these repaired or be compensated.’

Alex Neil, Which? Director of Campaigns and Policy, said: ‘We rely heavily on our computers to carry out daily activities so, when they stop working, it is frustrating and stressful. Many people are having issues with Windows 10 and we believe Microsoft should be doing more to fix the problem.’ ”

article link: http://www.dailymail.co.uk/money/news/article-3801622/Computer-users-blighted-Microsoft-Windows-10-software-trouble-compensation-consumer-body-argues.html

Reply | Quote

For MSRT, try running Disk Cleanup while selecting to remove the obsolete updates and Service Pack and anything else that you may need.
If that does not resolve the issue, run SFC /scannow few times until there are no more errors – hopefully there is none at all from the first run.

Reply | Quote

@Jim: I use Firefox, and the Shockwave Flash is an “add-on” which Firefox always keeps updated to the newest version. You can always check all of your add-ons at any time to show if they are up-to-date.

It’s under the Add-Ons if you click on “Tools”. Once it’s been added, you can set it to how you want to control it (i.e. “ask to activate/always activate/ or never activate). It was last updated Sept. 14th. Hope this helps.

Reply | Quote

And this solves the purported purpose of eliminating fragmentation exactly how?

Reply | Quote

So if you you are running EMET on Windows 7 Service Pack 1 (SP1) on a computer on which update 3175024 is installed, when you try to start an application, the application freezes very early in the process and does not completely start. The solution apparently is “to disable the EAF mitigation on all applications.”
Interestingly I found that disabling the EAF mitigation on all applications WITHOUT having the KB installed produces the same freezing effect and re-enabling fixes the problem.
Group B leaning towards W…

Reply | Quote

Thanks Woody, i always check here first for your observations and others opinions..

Reply | Quote

I don’t have any direct experience with it…

Gizmo Richards has a good rundown here:

http://www.techsupportalert.com/content/best-free-pdf-tools.htm

Reply | Quote

Once, sometime early this year or late last year, I saw an update come out that was couched as something like a time zone update and when I refreshed the page just hours after it was made available it morphed before my eyes into something completely different – one of the telemetry updates, as I recall.

It brings to mind the question:

Time zone patch documentation: Just a convenient template that is turned into something else (and for some reason published online before it’s changed), or a smokescreen for something completely different that Microsoft doesn’t want people asking questions about?

That sounds positively “tin foil hat”, doesn’t it? Thing is, I’m not wearing one.

-Noel

Reply | Quote

I am normally a patient person, but I am so tired from the last 18 months of Windows Update torture that protecting my Windows 7 machine has involved
that I went ahead and installed the important/security September patches yesterday —
after giving them each a quick look-up online (including on Susan Bradley’s massive excel spreadsheet of patch info) to see if any big problems have been reported, which none had.

…There were a couple of reports about the Novosibirsk time zone patch doing something about creating temporary user profiles at the enterprise level or something, but it was apparently down to having “Bit Defender” installed as well (according to Reddit) or maybe just required a reset (according to other comments); anyway, that was nothing to do with my tiny personal setup — just me and my woebegone Lenovo — so I installed the time zone patch too, even though it was only a day old.
[btw, it’s an Omsk time zone change too — Novosibirsk might have caused a few raised eyebrows “in the West”, but no one even mentions Omsk, tsk tsk — so just thought I’d give a respectful shout-out to Omskians, Omskers, Omskites.
Omsk might well be the last place I’m going to be ‘on time’ until January 2020, if there are any future time zone changes and I go with Group C.
For some reason, when installing a Windows time zone update, I always think of the They Might Be Giants song that goes, “So if you’ve got a date in Constantinople, she’ll be waiting in Istanbul”. Not sure why, since that’s not about a time zone change.]

—
After installing everything yesterday that I found acceptable, my W.U. looks like this:

My optional list of patches numbers about 23. Nearly all of them are aggressively italicized, but that doesn’t rattle my nerves – they are simply not invited.

Nothing is hidden.

My main list of patches just has 2:

1. The monthly MSRT, which I don’t install anymore, and which is changed every month, and I’m not worried about it

2. An important patch from a couple of years ago that caused me the blue screen of death and a time-consuming system restore, and which still does not have a solution for people/computers in my situation (there is, apparently, one solution for people/computers that are in a slightly different situation, but that doesn’t help me).

I looked into that patch last night to see what the people who were affected like me when it was first issued ended up doing, and there has not seemed to be anything offered since the initial, really serious problems that a certain percentage of Windows customers were having with it.

I had asked two well-described questions about this on the Microsoft support site, and didn’t get any help, so it’s not for lack of trying to fix it that it remains unsolved on my computer.

Last night I checked out the Lenovo support website about it, and they give a standard description of the problem and then they refer customers to an external site for more information:
What was that external site? Ha ha, it was Woody’s article about that bad patch on InfoWorld.com!
That is the very link that first led me to discover Woody, actually.
Woody’s article about it describes the problem, but doesn’t give a solution for people in my boat.
By referring people to a different website, Lenovo was just trying to make it look like they were being helpful and covering the problem thoroughly, when they were leaving customers still up in the air.

Due to the weirdness of my computer’s configuration as it came from the factory and which I certainly don’t know enough about I.T. to mess with, there is no fix for that problematic patch for me, and I guess that nothing has gone wrong in two years, so it’ll be okay for me to carry on without that patch.

Installing that patch again would definitely give me another blue screen of death, so I can’t do it.
Not being able to install that important/security patch is going to prevent me from ever being in Group A (accepting the normal Monthly Rollup that contains all future patches and will probably, in time, contain all historical patches) when Microsoft switches Windows 7 Windows Updates to the Rollup model.

—-
I would urge everyone to look into their computers’ patching histories and think about any problems that Windows Update ever gave them, to find out if there are any past patches which they cannot install because they cause big problems for their computers — because if there is anything in the past that you discovered that you must not install, whether it be designated by Microsoft as “optional”, “important/security”, or “hidden”, that probably means that you will not want to start down the Group A path, because of the risk that Microsoft will, sooner or later, push absolutely everything from Windows Update onto the typical, passive, “compliant” user’s machine when they accept the joint, standard Monthly Rollup that will be sent through Windows Update on the Patch Tuesdays.

—-
I’d like to be as safe as possible, as most of us wish to be, so I’m inclined to go with Group B — accepting (or denying) each month’s security-only patches on a month-by-month, discrete, non-cumulative basis. This will be possible for me only if Microsoft will offer that non-cumulative, Security-only Rollup on Patch Tuesdays through the Windows Update Catalog and will allow normal, individual, non-professional Windows 7/8 customers to access it there.

If Microsoft closes access to the Update Catalog to individuals like me, or if they make the Security-only monthly patches cumulative (in other words, to include the historical security/important patches also), then that will force me from Group B into Group C (W): no patches, no updating, walking the straight-and-narrow in one’s computer & online behaviors, hunkering down and hoping for the best.

—-
If/when this Win 7 laptop conks out on me, I won’t have any great alternative:
a. Go with Windows 10, which sounds inherently terrible and mistake-prone, and also has an unacceptable level (to me) of advertising and privacy-betrayal.
b. Go with Chromebook, but I don’t like Google and there’s no privacy with them. I avoid the cloud as much as possible, plus I like to have a dvd contraption in my computer.
c. Go with Linux, but I did use it a little bit (Ubuntu something) and it’s nice, but moving over to Linux for everything would be WAY more than I can handle or would EVER want to learn about. I’m not a computer person and I don’t want to be.
d. Go with Apple, which apparently also has privacy problems, though I would probably trust them more than Google and Microsoft (for no concrete reason), but I decided against taking the Apple path 28 years ago, when I had the opportunity of choosing the Mac lab at uni or the other lab (whatever Microsoft’s option was called then), and I went for the stolid, non-mouse, singular-font, no-colors, C-prompt, non-flashy path — so it would be a big jolt to try to trek on over to the Apple path after all the MS drama, expenditure, love and nurturing, growing up together, this long partnership between me and MS, but MS has changed, midlife crisis, thrown his toys out of the pram, convertibles and speedos, chasing after all that glitters, forgetting the fundamentals in life, throwing away our future….
Though mainly the thing with Apple is that it’s so expensive, and all my software, files, peripherals, etc. are for Windows. Sigh.

—
By the way, if you want to buy a backup Windows 7 computer to have on hand, I think that October is the deadline that Microsoft has given retailers, and they cannot sell them after that.
I checked a month ago, and you can still get some Windows 7 models, esp. if you look at the “business” laptops sort of area on some of the manufacturer’s websites (Dell, Lenovo, etc.)

Reply | Quote

@Jim: the website itself detects that Flash is installed and then switches to offering a Flash video instead of HTML5. Not sure why they default like that, but it isn’t anything that you did.

Reply | Quote

My experience has been that in Windows 7 “disabling” IE is more than just cosmetics.

Before I “disabled” IE11, I sometimes had sites open a window in IE even though I was visiting them with my default browser (Firefox). Since “disabling” IE11, this annoying behavior has stopped.

ch100 is right about receiving updates, though; I still get IE11 updates in WU.

Reply | Quote

It seems to be from the same software company which developed Foxit Reader. https://www.foxitsoftware.com/products/pdf-reader/
The reader used to be the standard alternative to Adobe (Acrobat) Reader, until they started bloating it and a lot of their followers started using SumatraPDF.
The Phantom product seems to be a product creating PDF documents. I think nothing beats the full Acrobat but for lighter tasks, other products can do the job and do it well.

Reply | Quote

I suppose those who use Adobe Cloud should be OK with DC. For anyone else, a less Cloud involved version is preferable. Reader 11 with update 11.0.17 is still fully supported and the latest update is recent.
If you really want to use DC and block the auto-updater, there is documentation well-hidden from Adobe how to configure this in the registry. There is no GUI equivalent.

Reply | Quote

I read somewhere that version 9.5.5 was the last one allowing to save forms. Not sure if this is the case, but if it is, maybe 9.5.5 would be preferable.
I don’t think there is much improvement from version 9 to version 11, maybe except for security enhancements.

Reply | Quote

Is there a version of KMyMoney for Windows? Few years ago when I checked last time there was none, only for GNUCash. I read the reviews at that time pointing that KMyMoney was better, but GNUCash had its own followers. I think they belong to different major branches of Linux and as such not easy to change one with the other. But I am not a Linux expert, I may be wrong.

Reply | Quote

Wouldn’t surprise me too much – although it’s more likely that this specific incident was just a case of Microsoft getting the KB articles mixed up, which happens all too frequently.

KB 3035583 – the Get Windows 10 patch – was initially described as “Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1”

http://www.infoworld.com/article/2903005/operating-systems/what-we-don-t-know-about-mystery-windows-patch-kb-3035583.html

Reply | Quote

I would think that Windows 7 complies with the settings under Control PanelAll Control Panel ItemsDefault ProgramsSet Default Programs
If you set let’s say Firefox to “Set this program as default” and it shows “This program has all its defaults”, then it does not matter if IE is deselected from the list of Windows Components or not.
Do you get IE11 updates even if IE is “disabled” under “Turn Windows features on or off”?
I have never tested as I am convinced that disabling IE11 is not a genuine setting.

Reply | Quote

This is a subject which I sometimes argued against Woody’s generic recommendation.
In an ideal world, we should get rid of Java (over the Internet, there is still a case for using this technology internally), Flash, Silverlight, QuickTime or even Adobe Reader, although this last one is less critical from my perspective. I may not see the full picture for Adobe Reader though and any information proving me to be wrong is more than welcome.
In the real world, we have mainstream sites like bbc.com using Flash or InfoWorld infoworld.com or even this one 🙂 http://www.infoworld.com/blog/woody-on-windows/, although Flash on InfoWorld is not critical content, like in the case of the BBC web site.
Government web sites, at least in Australia, but I think there are at least Local Government sites in US doing the same, still use Java.
Certain technologies, most notable Netflix recently, use Silverlight. There is mainstream conference software using Silverlight, however this is normally based on Enterprise Intranet and in theory secure enough.
The computers are to be used and not to be kept hidden in a cupboard, which means a certain degree of calculated risk is acceptable, if the benefit of taking that risk potentially outweighs the risk.
This subject is open for debate and will likely not get a definitive answer soon.

Reply | Quote

GACK! Guilty as charged…

Reply | Quote

Firefox does not use an ActiveX control for Flash,but wouldn’t the behaviour from an end-user perspective be the same for IE or Firefox? How is it different? I use Firefox as my preferred browser, however I am not against IE just based on principle. IE is as good as Firefox and Chrome, only that it is too complicated to configure correctly, which is something where Chrome excels. There are lot of grey areas on the Internet.

Reply | Quote

This is currently built-in functionality in Firefox, although the FlashBlock add-on may have extra features.
When you say “The only complaint I have is that it seems that videos which would run when I had Flash uninstalled now require that I “allow” them.” is this related to non-Flash content? Like HTML5 perhaps?

Reply | Quote

OK, that is good to understand. It must be how the web site is designed, Flash is still perceived as more efficient and this may override the remote perception of less security.
The society as is, is more biased in favour of reactive action rather than proactive. “if it ain’t broke…” is a good example for this predominant mentality.

Reply | Quote

🙂

Reply | Quote

‘We rely heavily on our computers to carry out daily activities so, when they stop working, it is frustrating and stressful. Many people are having issues with Windows 10 and we believe Microsoft should be doing more to fix the problem.’

Microsoft should advise business customers to roll-back to Windows 7 until Windows 10 is ready for business.
It is not ready yet, although I am looking into it with huge interest.

Reply | Quote

Pooh, I too am one like you; not an IT and only know what I have picked up myself over the last 20 years, with help of some company IT’s. I have a 2009 HP p6520y series desktop w/ 6GB Ram, 1 TB HHD. Everything is original. I have pick and chosen updates (sometimes good and sometimes bad) for install for the last 4 to 5 years. So far I have been in fairly safe shape, Thanks to Woody and all commenters on this site and some branch sites. Last night I read a comment by person that has knowledge of what is going on with MS and it was startling that MS might or probably is in bed with the NSA. I am going to find it again and give a link on this site. I am sure that Woody already knows about it but I haven’t asked him.

Reply | Quote

MS has contact with NSA all the time. Exactly what they give to NSA is completely unknown – and can’t be divulged, to a first approximation anyway, by US law.

MS is fighting to make more information about government requests available.

It’s a complex issue.

Reply | Quote

Woody – I’m on Windows 7 still and I’m one of those lucky people that can’t even get Windows Updates to install anything – even when I try to to install them one at a time – and I need one of the updates.

I saw your articles on InfoWorld about what updates are needed (I have them all installed) and I’ve read a few recent posts by MS to download KB3172605 and KB3020369 (http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c).

Will this fix the install problem or will it just try to install more Win10 nagware?

Any other solutions to fix this problem if Windows Updates won’t work (I already have the automatic install turned off)?

Reply | Quote

Yes it a complex issue. MS has and supposedly is still participating in NSA’s PRISM program. The post I was referring to was 33 days old and I am till trying to find it. While the post was starling, it was very interesting. When I find it I will Email you with the link.

Reply | Quote

“By the way, if you want to buy a backup Windows 7 computer to have on hand, I think that October is the deadline that Microsoft has given retailers, and they cannot sell them after that.

I checked a month ago, and you can still get some Windows 7 models, esp. if you look at the “business” laptops sort of area on some of the manufacturer’s websites (Dell, Lenovo, etc.)”

Yes, you can still buy brand new Windows 7 PCs. But I’m not sure if you can get them with the Gen 4 (Haswell) or Gen 5 (Broadwell) chips. In other words, if you buy one of these PCs, will you get bit by the Gen 6 (Skylake) “bug”?

A few months ago, I purchased a brand new Haswell Windows 7 PC from Dell. It is fast, and I’m very happy with the Haswell chip. I had a feeling that they would eventually run out of Haswell chips, and a current look at their inventory confirms that they likely have. (There weren’t very many Broadwell chips made.)

Reply | Quote

tl;dr

Reply | Quote

Post it here! Let everybody take a whack at it. 🙂

Reply | Quote

As far as I know, Canadian Tech’s solution works fine.

Win10 nagware is slowly going away. I wouldn’t worry about it much any more.

Reply | Quote

“If you set let’s say Firefox to ‘Set this program as default’ and it shows ‘This program has all its defaults’, then it does not matter if IE is deselected from the list of Windows Components or not.” — You are wrong. Let me clarify what I said in my original post by saying: 1) After I set Firefox as the default browser, Windows showed ”This program has all its defaults.” 2) Websites were still able to open a window in IE11.

“Do you get IE11 updates even if IE is ‘disabled’ under ‘Turn Windows features on or off’?” — I don’t know what you don’t understand about “I still get IE11 updates in WU.” In any event, the answer to your question is yes.

Reply | Quote

Yes, if one or more updates had caused serious problems and have not been superceded by a working one, then you risk having serious problems in the future if you install Microsoft’s “rollup”.

I have several computers running Windows 7 that I build myself from buying various components and installing Windows myself. (I don’t like ready-made OEM computers from Lenovo/Dell etc.) Except for one which uses a 6 core CPU with a new X99 motherboard, all others run from motherboards made in 2011-2013, which still provide sufficient performance for my other uses. I also have several other spare motherboards from the same era that were bought second hand and can be used as ready replacements should any of the motherboards in my other computers fail. So I can see myself using Windows 7 (and 8.1 later) for at least several more years, well beyond the end of support if necessary.

Hope for the best. Prepare for the worst.

Reply | Quote

2cents rant –

think its worse than that –
Home and Prof essentially has NO CONTROL whatsoever
never on Wu is merely cosmetic for the user’s eyes only

if you are keen, you may want to –
1) disable from regedit
2)block w firewall
3) search the net for a magic software to wrestle back group policy control (home and prof has been denied access and hidden) and disable wu there too
(still its not as much control as ultimate en enterprise are allow and can access)

*** BE WARN – it may brake your system if bill and friend dont like what you are doing (perhaps re-activation issue) and depends on other system settings conflict on your machine

then you have more confidence and ACTUAL control over your machine
– mine worked after some ‘adjustment’ but I decide to go with non-ms for dependability and in fear of future breakage

even then i suspect they still ‘mess’ with the system/machine
just that no KBs show up

QUESTION? do they need to tell you/the user they have added something to the system?
and broadcast it as KBs?
with or without wu turn on or off?

its essentially about ethics and law –
and the user of ms has none when we all tick the user agreement

anyhow just rant – nobody can actually ‘prove anything’
and those who “prove something” probably be better off just to switch to other OS
and keep the peace and wasted time

good luck & hv a gd wkend

peace2u

Reply | Quote

I must tell you I am sooo glad to have found this site. I used to be a windows secrets subscriber and always enjoyed your contributions there, Woody. Also because of reading through threads today I became aware of patchmanagement.org and have subscribed. Thank you very much.

Now back to your regularly scheduled content.

Reply | Quote

Well, if the disabling is just cosmetics, then I’m not really using the system in a less common way, am I? But I am inclined to believe that it is not a true disable because that does not seem like MS’s style. In any case, as far as I can tell, it is quite impossible to launch it in any way when it is disabled. Whether any of its libraries are used by other system processes, I don’t know.

I appreciate your input, and I may enable IE just to update it, but then it gets turned back off right away (if for now other reason than so it will be as far out of sight as possible).

However, that sentence about using the system in less common ways – while I understand its validity, I can’t help pointing out – isn’t that the very essence of peer pressure? I remember when the standard was that software should be customizable. Nowadays, the most commonly used products, if customizable at all, usually focus those efforts on appearance, not functionality. Google was one of the leaders in that paradigm shift, and how I hated it when Chrome got so popular that Firefox started to try to be more like it! That d*** hamburger button! What happened to proper menus, and actual words? So, if the majority of people are happy to deal in icons and emoticons, we should all forget how to communicate with abstract language? Maybe just grunt and point, that’s where this is going…

I know I am taking your statement further than its intended context and I apologize for the slightly off-topic rant, but I reckon it has a lot in common with MS’s recent policy. Isn’t that the core of their strategy – peer pressure? The expectation that most users won’t want to do the less common thing and would just go with it, be “it” W10 or whatever else they are offered “for free.”

Reply | Quote

Happy to help – and glad you found us!

Reply | Quote

A heartfelt lament, Poohsticks. As for me, after the October Surprise I’ll probably keep a Windows 7 machine offline in order to do things that I can’t easily do with other computers (e.g., copy CDs, maintain financial records in Quicken). Beyond that it will be a ChromeBook or a Mac. Having grown up with DOS in those halcyon days of edlin, and having endured M$ all the way up to now, the parting will not be easy. But, as you suggest, the M$ of today is not the M$ for which we once showed a modicum of trust and respect, even if our love was always limited.

Reply | Quote

Which important patch is the one causing major problems on your computer and you have in the list of “not to install”?

Reply | Quote

@poohsticks You may not know it, but the Security patches have always been cumulative to some extent, although it is not a one to one relation, like a big cumulative rollup including certain patches.
The new ones rather supersede the version of individual files included in other older patches and this is why I keep saying that it is difficult for any user to keep track of everything in the selection process.
Just check for yourself (with IE) https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3185911 under Package details/This update replaces the following updates.
The long list of previous replaced patches is exactly the reason why this patch functions as “speed-up patch”.

Reply | Quote

np;yl

🙂

Reply | Quote

the only thing 10 is ready for is the junkpile

Reply | Quote

Yes, I know that security patches are cumulative in a way, because they often build on each other and intertwine with each other deep in the system.

I have said many times here that I have installed all security patches on my relative’s machine, and all but one (that I simply cannot install because it kills my computer) on my own machine.

There seems to be a false impression that I have not installed every one that I ought to, and an urge to explain that I don’t understand how dangerous it is going to be for me.

But no worries, my computer has all of the security patches but one, and my relative’s computer (that I look after) has them all.

Reply | Quote

It is this one:

kb3033929
[*and* kb3035131 (they are linked)]

This was one of Woody’s articles/blogposts about it:
http://www.infoworld.com/article/2895906/patch-management/new-kb-3033929-patch-install-fails-at-72-complete-with-errors-80004005-800b0100-80070002-80070005.html

—
For my own records, I have filled 3 pages in a Word document with the reasons that this patch is particularly troublesome on my from-the-factory-already-screwed-up laptop, my internet research on it, what other experts have said about it, what other affected customers have said about it on different forums, what Woody and security expert Brian Krebs said about it, what my computer manufacturer Lenovo said about it, what my two requests for help on the Microsoft support forum about it contained, and the steps I took to try to fix it.

What is worse, I cannot install the “companion” patch that was issued along with it that Microsoft made the huge mistake of requiring it to immediate supercede, because unlike many experts’ reassurances that if you simply had let Windows Update decide what order to install the messed-up patches in that month, W.U. would have installed them in the right order — that totally didn’t happen on my machine. I did let Windows Update install every Patch Tuesday patch (both security and optional) that month simultaneously, which I had always done in my life up to that point, and W.U. decided the patching order for itself, but Windows Update did not install those 2 patches in the right order — it installed the screwed-up one, and it never installed the other one.

Later after the reboot loop, the blue screen of death, and the system restore I had to do, when I tried to manually install from the update catalog the secondary patch that covered most of the same area as the screwed-up one, which was offered simultaneously with it on the same Patch Tuesday, my computer will not install that one because it says that I don’t need it. But it was not in my update history. I don’t have either one of those patches.

There were other threads about this problem by other customers on the Microsoft support forum, including one that was 9 pages long.

Unfortunately, it does not seem that they ever fixed this problematic patch since the date on the kb-number that appears in my Windows Update yet today is still the very first date that the patch was first rolled out.

Microsoft now gives one solution on the information page for that patch, but that solution isn’t for my problem. Other people also have commented on the internet that this one solution that has been offered does not solve their problem with this patch.

—-
There was also a thread about this problem on a different Microsoft forum:
https://social.technet.microsoft.com/Forums/windows/en-US/a08ad884-6b05-4632-8f28-2568eb97b636/update-kb3033929-fails-with-error-code-80004005

These three observations from that thread were interesting/applicable to me:

“I speculate that the patch installation failures are limited to systems where the previously released version of the patch had been applied. Note that the October release was SO problematic that MS had to rescind the patch. I suspect that the original patch created the folder with flawed permissions and was left behind in an altered state. In such a case, the new version of the patch finds the existing (flawed) folder and therefore does not created it. It also fails to insure that the folder permissions are in fact correctly set”

and

“This update is known for reboot loop. Do not install it until Microsoft correct it. There is no reason for testing current version of update as there is a massive failure is variety of users.”

and

“”If you’re not running a dual-boot setup and you’re encountering problems installing KB3033929, then it may be due to a manufacturer-installed recovery partition…
I’d suggest waiting for a newer version of the update, as it may do more harm than good if you try anything else.”

The problem is, my computer has a manufacturer-installed recovery partition which has caused me a WORLD OF PAIN already (the computer arrived “brand new” from the Chinese factory with its manufacturer-installed recovery partition really screwed up, and after a couple of weeks of having big problems with it, I had to get factory install discs and reinstall the whole computer from scratch. Then I tried to re-size the partition to give it more room, and the computer totally freaked out, so I had to do a factory install AGAIN. I am not going to tinker with it any more.

I am pretty sure the screwy manufacturer-installed recovery partition is the reason that my computer had trouble with that security update.

I am resigned to not being able to fix it, not being able to install that patch. In the meantime, nearly 2 years have passed and nothing has gone wrong.

Reply | Quote

Sadly, this could never be a “New Coke” scenario, where the brand loses a big % of its value because customers don’t want the new version, so the company backtracks and reinstates the classic recipe.

This is just dumb dumb dumb, like ripping up all the valuable train tracks that we had laid in our vast country and closing many of the passenger stations and passenger lines forever (there are none where I live, not in a vast radius from me) because the “car is (always gonna be) king”.
So now my city has an ugly overgrown municipal footpath to nowhere (except for the adventure of possibly being attacked by a meth-head as you jog) along the former passenger rail line, where there used to be 2 local stations, a flurry of activity, and tickets to Chicago, St. Louis, New York, you name it.

—
Maybe Win 10 was jinxed from the start because they skipped over the 9 / “nein” version.
😉

Reply | Quote

@ch100 I installed the speed up patch KB3185911 on 9/22. Out of curiosity after reading what you said I searched the catalog for KB3185911 and then copied the list of updates it replaces… The thing is the following 3 updates are still shown as installed on my system in WU, KB3177725 installed 8/29, KB3161664 installed 6/14, and KB 3153199 installed 5/12. As for the rest of the 33 replaced updates non of them exist on my system.

Reply | Quote

My reply was not in relation to your number of installed patches or their structure, i.e. Security, Recommended and so on.
It was trying to clarify the comment below which is a quote from your post and which appears to consider that all Security patches are independent from each other.
Maybe I misread your previous comment or taken it out of the context, which is entirely possible.

“I’d like to be as safe as possible, as most of us wish to be, so I’m inclined to go with Group B — accepting (or denying) each month’s security-only patches on a month-by-month, discrete, non-cumulative basis. This will be possible for me only if Microsoft will offer that non-cumulative, Security-only Rollup on Patch Tuesdays through the Windows Update Catalog and will allow normal, individual, non-professional Windows 7/8 customers to access it there.

If Microsoft closes access to the Update Catalog to individuals like me, or if they make the Security-only monthly patches cumulative (in other words, to include the historical security/important patches also), then that will force me from Group B into Group C (W): no patches, no updating, walking the straight-and-narrow in one’s computer & online behaviors, hunkering down and hoping for the best.”

Reply | Quote

Thank you, I was interested in the patch number for my research and for a possible solution for you either from me or from anyone else who has experience with similar issues. When I will have a little bit more time to go into the details, I will look at it and will let you know if I find anything.
You may have lost interest since the patch was released and placed in quarantine which is completely normal, for me is more like Noel presented it, some of us may be conditioned to some extent by this WU thing 🙂

Reply | Quote

@Tom Unless you use Disk Cleanup or manually uninstall the superseded patches, they will stay there on the system. This is normal and useful in situations in which you may want to rollback the newer patches.

Reply | Quote

>It is not ready yet, although I am looking into
>it with huge interest.

Bravo to you for doing your own background work to know, not just suspect or infer, what Windows 10 – and more importantly Microsoft – are capable of.

I’m well down this road myself.

To date, like several above I’ve just not found it ready to become the centerpiece of a serious, modern, professional computing environment.

Older software already does it better.

It has always been beneficial to “keep current”, even if the benefits are largely intangible. We’d like to hope Microsoft could continue to be a good partner.

While some of us are capable, we actually have better things to do than to code our own operating systems. What made prior versions better was that we COULD do a measure of that to overcome Microsoft’s in-built deficiencies. That Microsoft is now blocking that at every turn is a problem!

I suppose their “Windows As A Service” idea could have some merit – except that for intelligent businesspeople to choose it there need to be TWO THINGS that we don’t currently have:

1. An adept technical implementation – it’s only mediocre now at best.

2. A partner we can trust not to screw our businesses up. As ridiculous as this sounds, every move Microsoft makes seems to say otherwise.

They need to get back to making money by facilitating our work, not by sucking the life out of it.

-Noel

Reply | Quote

That’s FAR to conscientious and thoughtful a post. You do not appear to fit Microsoft’s model. In short, you think too much.

Microsoft’s take on it will be to make a note to embark on more campaigns to marginalize thinking.

Windows As A Service! No one could do it better than Microsoft, right? It was written on the Internet, I saw it.

-Noel

Reply | Quote

Now I’m becoming slightly paranoid about installing any updates. I did install one for Windows Defender, since that seems to be the safe one.

The only issue I’m having now (as I followed Canadian Tech’s recent post about fixing the Windows Update issue prior to October) is that every couple of days, I go into the Services to make sure it that hasn’t automatically started, but inevitably it does, so I have right click and manually stop it from automatically starting, even though I already have it set to “Manual Start” to begin with.

Reply | Quote

Defender will auto-start as it is antimalware. Other antivirus services cannot even be stopped via normal methods unless going to Safe Mode or operating on Registry permissions etc.
I assume you are on Windows 7 if you mentioned Canadian Tech’s method.
Here is how you completely stop Defender in the supported way.
– Open Control Panel.
– Under View by: select Small icons
– Click on Windows Defender
– Under Tools, select Options
– Under Administrator, deselect Use this program

Note: It is not recommended to disable all antimalware on your PC, even if Defender on Windows 7 is very basic.
The other way Defender will get disabled is if you install one of the certified Antivirus software on the computer.

Reply | Quote

Gotcha. Sounds like I should leave well enough alone then, if it’s Windows Defender that is automatically starting up.

Many thanks for the advice.

Reply | Quote

You may want to consider installing Microsoft Security Essentials which is a superset of Windows Defender.
https://www.microsoft.com/en-us/download/details.aspx?id=5201
https://support.microsoft.com/en-us/help/14210/security-essentials-download
At minimum you should keep at least the original Defender running if you don’t wish to install another more complete antimalware product.

Reply | Quote

Thanks for the tip. I do have some anti-virus in addition to the Windows Defender as well. I have left the Windows Update alone in my services screen and just kept it as a manual start. However, should I change that back to an Automatic Start or Automatic (Delay), or just keep it at Manual?

Reply | Quote

New out of band non security update for IE11 on W7/W8.1. Apparently cumulative update MS16-104 breaks ActiveX installation.

https://support.microsoft.com/en-us/kb/3192665

Reply | Quote

Good catch. Looks like MS has released a hotfix for Win10, and there’s a patch in the Update Catalog for Win 7 and 8.1.

Reply | Quote

Change Windows Update back to Automatic (Delayed).
Configure Windows Update for Never check for upddates and scan for updates manually only when required, ideally follow Woody’s MS-DEFCON rating.
Disable Windows Defender as in my previous post if you have an alternative antivirus. Multiple antimalware solutions are never going to work well together as they may access the same files locked by the other product while scanning and so on.

Reply | Quote

Will implement that change to WU and again, thanks for the advice.

Reply | Quote

With reference to “do not install flash” Using firefox what are my alternatives please?

Reply | Quote

So we are at defcon 2 for September. What about prior to September?

Reply | Quote

I just read on another site that KB3193414 is ransomware, is this true?

Reply | Quote

Do you have a link? I haven’t seen anything about it – and it’s VERY hard to to believe.

Reply | Quote

Broken maybe, but not ransomware.

Reply | Quote

Hi guys. Finally, I’m a bit lost. On w7 pro, was offered 4 optional updates.
KB3181988
KB3184143
KB3185278
KB3179930
Past months, I hide many w10 related updates. More some I was unsure. Finally, I’m not totally ‘patched’ so I’m a bit lost with these optional updates.

I did not installed the KB3125574 apparently. so I’m not sure about the 3181988 ???

For KB3184143, about the w10 removal thingies, when the mess began, I renamed the gwx file for something else, so I got rid of most w10 annoyance. Is this update can cause trouble in this particular case??? Your opinion might help me to decide!

For KB3179930, I have Framework 4.5.2 and the latest update I installed was august 16, 2016. Why it is in optional update, first? I need it or not? I still use paint LOL

Pretty complicated to figure it out when you’re a neophyte like me… I really don’t have the abilities you have 🙁 Don’t want to mess up with my computer, just got it perfectly cleaned and optimized yesterday. It runs perfectly for now. And english isn’t my first language, the help you can get in french is really not the same. No site like Askwoody in french…

I’m afraid, if I hide these 4 optional updates, next month will be a kind of nightmare and it will really mess up. I became a bit paranoid about WU. Are they trying to trick us??? Maybe it’s time to NEVER INSTALL any more updates???

Thanks for your help. Thanks Woody for this site!

Reply | Quote