Updates of questionable value

Topic

New Reply

Periodically I publish lists from folks who have different ideas about what constitutes a good patch, as opposed to a useless or even harmful patch. I
[See the full post at: Updates of questionable value]

Reply | Quote

Replies

Hmmm, Woody and Bob(maybe)OrNot
I would compare this task with trying to drive in an unknown place based on Google Maps or Apple Maps and somewhere mid way stopping using the navigation system and instead continuing based on instinct, without actually knowing that road and not being able to fully assess if the navigation system is right or not.
If so many users mistrust Microsoft updates, I am wondering why do they keep updating Windows and in a more extreme situation why do they keep using Windows?
Some things are inter-related as part of a system and can’t be done partially.

Reply | Quote

The conclusion to be drawn from this is that we must therefore accept all updates.

This obviously overreaches. The writer no more knows that each and every update is essential to the operation of Windows than we know that it is not.

To start with the top item on the list, is KB3035583 essential?

Truth is, practically no one outside the inner sanctum at Microsoft knows whether it is or not. We can spin all the analogies we want about navigation etc., but in the absence of much more extensive documentation (and faced with occasional misrepresentation of updates by M$), that is the situation in which Windows users find themselves–one that requires them to proceed by trial and error, learning from others’ experience as they go.

And yes, there is an unacceptably high probability that somewhere along the way this trial and error process will screw up Windows. But it still may be better than the alternative of blindly accepting everything M$ pushes at us.

Reply | Quote

Well put… and you have to add into the mix the likelihood that Microsoft is retroactively changing its approach to snooping in both Win7 and 8.1.

Reply | Quote

Yes I agree – the update situation has become too complex in many peoples’ minds and I think that people worry too much. Personally I install all the updates about 3 weeks after they have been released and run GWX control panel afterwards. I haven’t got much time for all the conspiracy theories and associated worries – also my Win 7 computers all continue to run OK as does my Win 10 test machine.

Because of excessive caution I think that many people missed out on the very helpful updates that made the actual update process run much faster – and they certainly made a huge difference on all my computers.

I also have the Customer Experience Improvement Programs turned off and the Diagnostic Tracking telemetry service disabled, although I am not really that worried about Microsoft knowing what I do online – it would probably bore them to tears!

Reply | Quote

In addition to most of the above……
I have both Win7 and Win8.1. My list will include Win7 patch first, followed by the Win8.1 equivalent.

There was a discussion a couple of weeks ago connecting the installation of Security patch KB3145379 and the latest Windows Update Client patch (KB3138612 on Win7 and KB3138615 on Win81), installed together, as a fix for the slow Windows Update search. I have installed KB3145739 but hidden the Win Update Client patches on my machines, and have seen the search time drastically reduced anyway. The absence of the Update Client patches seems to make no difference. The upcoming May patches will verify this – or not. That being said, my list of junk patches includes the Windows Update Client patches:
KB3050265, 3050267 (June 2015)
KB3065987, 3065988 (7/2015)
KB3075851, 3075853 (8/2015)
KB3083324, 3083325 (9/2015)
KB3083710, 3083711 (10/2015)
KB3102810, 3102812 (11/2015)
KB3112343, 3112336 (12/2015)
KB3135445, 3135449 (2/2016)
KB3138612, 3138615 (3/2016)

Also, two patches enabling Win10 upgrade:
KB2990214, 3044374 (4/2015)

Reply | Quote

Yes, but… Ed Bott ran tests earlier this year on updating Win7. He applied all the updates. All of them. And he ended up having to wait hours and hours.

Installing all of the checked updates is certainly a valid approach. I’m doing it on one of my test machines (and running GWX Control Panel afterwards, just like you).

Turning off CEIP and DTS is a good idea. But I think Microsoft has largely moved beyond CEIP and DTS. I can’t prove it, of course – nobody can. But it seems likely to me that they’ve stepped up snooping.

When it comes to harvesting data, the industry is changing. What would’ve been unacceptable in the early days of Dr Watson is now ordinary. Big question is whether you – or any individual customer – is comfortable with the change. I, for one, have come to accept it. Informed consent, to me, is key: Microsoft shouldn’t change its data collection techniques without asking and receiving permission. Nor should Google, or your ISP, or anybody else…

Reply | Quote

It’s not merely a matter of what M$ promises to do. Data breaches at businesses and government agencies have become almost routine. The potential consequences include unauthorized charges to your credit cards and other forms of identity theft.

Reply | Quote

Thanks for re-posting your list!

Reply | Quote

I have not encountered KB3139929, 3072318, or 3081954

Reply | Quote

“Microsoft released this update, but they don’t know what it does yet” Show how little Microsoft knows what they are shoving on us to put in our computers.

Reply | Quote

I think I said elsewhere that I would not install KB3035583 and KB2952664.
It is worth mentioning here what I said elsewhere on this site that there are few differences in what is offered by Microsoft to end-users and to managed environments in relation to Windows 7.
– KB3055583 is not offered on WSUS to Pro and Enterprise and not offered to Windows 7 Enterprise at all on WSUS or Microsoft Update online. This indicates to me that this update can be skipped safely.
– KB971033 which is an old update for Windows Activation is not offered on WSUS but offered on Microsoft Update to all editions, currently and consistently for the last few years as unchecked by default. It is entirely Optional, missing it may affect user experience with downloading from Microsoft, but if this is the case, it will be offered at that time. Can be skipped safely or installed safely for users with legitimate versions of Windows 7.
– KB2533552 is a special one and I think what I will describe next is a minor bug. This update is mandatory update post Service Pack 1, however it is now superseded by KB3020369 for Windows 7 64-bit and not clear if this is the case with 32-bit. However, even with the later update installed, Microsoft Update will offer “Service Pack 1” while only installing the missing bits from KB2533552 which will appears in the list under Programs and Features. In Update History it will appear as Service Pack 1, although Service Pack was previously installed. WSUS will not offer it under the same conditions, but will do it in other conditions, which means it has to be installed. This is a bug for the metadata in various levels of Windows Update only, not for the update itself, as this update needs to be installed to fix issues with Service Pack 1. I am installing it always first manually if I do a clean install of Windows 7 with Service Pack 1 integrated.
Note: The behaviour with KB2533552 and Windows Update may differ for different install media.

Another approach may be to compare the updates for Windows Server 2008 R2 with those for Windows 7 and avoid those which are offered only to Windows 7. This is complex and time consuming for little benefit and I have never done it except for research purpose in analysing individual updates to understand them better.

Most businesses do not normally tune to block snooping specifically, but rather to reduce the network traffic which is causing slowing down of the systems and networks, in particular in virtualised environments. The end result may be the same, achieved by disabling CEIP and sometimes disabling the Scheduled Tasks associated.

It is everyone’s ultimate choice what is to be installed or not, however I think that over-analysing has more to do with a hobby, which is OK as long as it is acknowledged as such, rather than what can be eventually achieved.

Reply | Quote

I’m sure they know perfectly well what they’re shoving on us to put in our computers, they just don’t want us to know!

Reply | Quote

KB3139929 is superseded by KB3148198. But bad idea to avoid KB3102810 for Win7, PkCano.

I did install KB3145739 and used old WU client v7.6.7600.320 from KB2887535 on my bro’s Sony laptop w/ Win7 SP1 (as an experiment). Did a WU scan on there and svchost.exe chewed up almost 3Gb (gigs) of RAM and made the hard drive work so hard (man it was grinding) – that’s what happens when using old versions of the WU client or WU agent app. Installing KB3102810 or higher did reduce the amount of RAM the svchost.exe file used for a WU scan combined with the fixes from KB3145739, and the hard drive on my bro’s Sony laptop didn’t make that much sound.

Reply | Quote

I am an example of a non-technical (though a logical and careful) person who has reluctantly had to wade into this subject matter in the last year for defensive/protective purposes.
My first aim is to be able to keep my computer and operating system functioning well – to keep using it happily in the way I have used it since I purchased it – at least until the end of the operating system’s promised, supported lifecycle.
My second aim is to protect my privacy and security as much as I can, given the knowledge I have, given that I don’t have unlimited time or money to throw at it, given that I can’t live cloistered like a medieval monk (though some acquaintances may say that I don’t do such a bad job of approximating that, ha ha).
I do not claim to know much about computing, and I consult a variety of sources when deciding what to do.
In this particular matter, I tend to be conservative and cautious, because complex computer fixes often take me way out of my comfort zone, but I realize that leaving something in or out (a particular update installed or not) could be seen by some to be conservative and others to be reckless.

This is what I have cobbled together:

From my Excel list of updates (both important and optional updates) that I have avoided installing on my Windows 7 computer in the last 12 months,
below are the kb numbers that I have recorded that I was avoiding specifically for the two reasons of avoiding unwanted telemetry and/or of avoiding get-Windows-10 preparatory stuff.

(Many of them have been withdrawn or replaced by Microsoft since being published.)

kb2952664
kb2990214
kb2999226
kb3021917
kb3022345
kb3035583
kb3050265
kb3065987
kb3068708
kb3075249
kb3080149
kb3083324
kb3112343
kb3123862
kb3135445
kb3138612

And I have these noted as “windows update client”, which I did not install:
kb3075851
kb3083710

I may have missed noting down a few because I wasn’t diligent about keeping this Excel list until I realized that this ordeal has become a monthly certainty over the medium-to-long term, rather than being a momentary inconvenience that would surely end when Microsoft got its act together and regained a sense of professionalism, fairness, and proportion. ?

Additionally, in the past year, I’ve avoided a handful of other updates for other reasons, such as the currently-offered time zone cumulative update kb3148851 which is mainly to fix the time in some Russian regions, and most of those were “optional” anyway. I didn’t list those above.

==========================================
I have my updates set to manual updating, and usually dive into it for an afternoon at the end of each calendar month.

The following are the webpages/resources that I usually check out every month before deciding which patches to install.
They are of varying usefulness, and certainly none of them at an individual level have been as helpful to me as Woody’s reports have been.

A. Woody Leonhard’s advice at askwoody.com
https://www.askwoody.com/

B. Woody Leonhard’s articles at InfoWorld.com
http://www.infoworld.com/blog/woody-on-windows/

C. Susan Bradley’s articles at Windows Secret
(Note that only the first couple of paragraphs are free to read – the rest of the content is behind a paywall.)
http://windowssecrets.com/author/susan-bradley/

D. Susan Bradley’s Excel spreadsheet of patches
https://onedrive.live.com/view.aspx?resid=C756C44362CD94AD!2257&ithint=file%2cxlsx&app=Excel&authkey=!AIOQkIu7flF7lPE

E. Martin Brinkmann’s overview of monthly patches at Ghacks
http://www.ghacks.net/2016/04/12/microsoft-security-bulletins-april-2016/

F. Wilders Security Forum’s running thread about “Bork Tuesday”
http://www.wilderssecurity.com/threads/bork-tuesday-any-problems-yet.370217/page-88

G. Windows Seven Forums’ subset of discussion threads on “windows updates and activation”
[Note: There was an unpleasant incident on a thread in that forum recently where Woody was treated unprofessionally and rudely by the moderator/owner of the site, which was naturally very surprising and disappointing]
http://www.sevenforums.com/windows-updates-activation/

H. Softpedia’s articles by Bogdan Popa about Microsoft “patches and vulnerabilities”
http://news.softpedia.com/cat/Microsoft/Patches-and-Vulnerabilities/

Reply | Quote

When looking for updates to avoid, I’ve encountered this neat little thread: http://www.dslreports.com/forum/r30348398-WIN7-Win-7-updates-to-avoid-or-be-careful-with
Which incidentally is also how I found your blog

Reply | Quote

There are other potential consequences as well.

Two days ago, I found out that a database which was hacked and is for sale on criminal sites contains dozens of exact identifiers about me (and of thousands of other people), as well as many personal messages written between those individuals, written back when no one thought that private messages that were dashed off between friends and romantic partners would become openly available to the entire world for the rest of human history.

Faced with something like that, one isn’t even sure what to do first, and there isn’t much that one can do anyway.
Much of it is closing the barn door after the horse has bolted.
One can spend days and days to change email addresses and passwords at hundreds of sites and organizations, change credit card numbers — okay,
but one can’t change residential address, name, birthdate, SSN, job, income, appearance in photographs, what one wrote in personal communications.

Until this extensive type of data leak happens to almost everyone, which likely it will in time (even if it takes a generation), it is awfully worrying and unpleasant to those it happens to.

It can lead to social shunning or bullying, being fired, suicide, etc. Serious stuff.

Reply | Quote

wdburt1: “And yes, there is an unacceptably high probability that somewhere along the way this trial and error process will screw up Windows. But it still may be better than the alternative of blindly accepting everything M$ pushes at us.”

Totally agree, well-said!

There are risks with both approaches (trusting them completely vs. forging an untested path by feeling one’s way across the minefield), but what they have been doing in the last year, and what they plan to do from now on, sometimes has been/is beyond the pale. It’s not paranoia, it’s a rational reaction to the facts.

Reply | Quote

Additionally, at an even more terrifying level (“civilization” level), most the data that have ever been collected about us, including emails, envelope info of physical letters, location/physical movement identifiers, purchases, web searches, biological data from blood tests and medical records, and so forth —
it’s out there, it’s digitalized, it’s recorded for the rest of our lifetimes, in several places, by friends and foes, and many would not hesitate to use it if they could find a way to.

Anything that humans have ever done to each other in history can and probably will be done again, but more effectively next time because of the power of technology.
We only need to glance at the 20th century for examples of unspeakable horrors in modern times. Crazy politics, unhinged/unintelligent leaders, wars, mob mentality, social movements, severe economic crises, food/water/climate crises, etc., can flip things around so quickly.
There is nothing to be complacent about, even “here” (wherever your “here” is).

Reply | Quote

DS:LReports is a great site. I used to refer to them frequently when I lived in Thailand.

Reply | Quote

Updates of questionable value – Windows 10

Reply | Quote

I remember the days when they had that very useful and perfectly working utility named DrTCP in the XP/2003 times.

Reply | Quote

If they (Microsoft) don’t know, who else does?
That would be even more worrying!

Reply | Quote

KB3142042, KB3135983, KB3148198, and KB3140527 are ones I am still wondering about. The first three say security, but I think there were questions from Woody about them at some point, and I’m not sure what the final verdict was.

Reply | Quote

I think the security patches are all ready for prime time.

3140527 is an update to Microsoft Security Essentials. It was failing to install on many machines, but the original report of a significant problem (http://answers.microsoft.com/en-us/protect/forum/mse-protect_updating/microsoft-security-essentials-update-error/233b21d7-b994-4dcb-973f-07b23f1a6282) was resolved, I think.

Reply | Quote

As far as I can tell KB3102810 was the last time MS fixed MSupdates in such a way that it helped.

Starting May 2015 windows updates suddenly started taking 2.5GB of ram and 100%(core) CPU for an extended period of time. KB3102810(Oct2015) supposedly fixes the high CPU problem, but in reality it fixes the 2.5GB ram usage(not generally paged out) problem.

I’m impressed that the single intern they have in charge of ALL of Windows 7 managed even that one…

Too bad they aren’t still trying to fix the 2.5GB ram problem(since it is fixed already), otherwise they might fix the CPU usage issue by mistake.

Reply | Quote

That was intended as a jab at microsoft for releasing an update with a KB article that says:

“try searching for what you need”
“this page doesn’t exist”

When this link was gotten to from the more info link on a windows update they propose we should install.

MS:”Install this.”
“What is it?”
MS:”Never heard of it, try searching.”

Reply | Quote

KB2990214 MS:”This update is applicable to your systems even if you’re not planning to migrate to Windows 10, so don’t think you can skip it.”

KB3050265 (MSupdates client, Jun2015?) superseded by
KB3065987 (MSupdates client, Jul2015?) superseded by
KB3075851 (MSupdates client, Aug2015?) superseded by
KB3083324 (MSupdates client, Sep2015?) superseded by
KB3083710 (Oct 2015 MSupdates client, reduces ram usage by 2.5GB) superseded by
KB3112343 (MSupdates client, Dec2015?) superseded by
KB3135445 (MSupdates client, Feb2016?) superseded by
KB3138612 (MSupdates client, Mar2016?)

Suggest having at least KB3083710 to free up 2.5GB of ram.

Update for Universal C Runtime in Windows
KB2999226
There are two of this one, both with the same name. One 32-bit, one 64-bit. Installs weird sometimes (first installs 32-bit, 64-bit part fails, then the update is available again, then it just installs 64-bit), but I’ve never had it totally fail on me or cause real trouble.

Reply | Quote

Reply | Quote

Bob, while they fixed the RAM issue and this greatly assists those with limited amounts of RAM, I am wondering if this “fix” is actually causing even longer scan times for those with enough RAM available due to the need for paging on disk or other limitations introduced by the fix. There must be a trade-off somewhere, especially if designed as you suggested by an “intern” by accident.

Reply | Quote

Responding to Bob(maybe)OrNot’s comment:

“KB2990214 MS: ‘This update is applicable to your systems even if you’re not planning to migrate to Windows 10, so don’t think you can skip it.’
…Suggest having at least KB3083710 to free up 2.5GB of ram.”

Yes, a year ago I had seen the Microsoft guy’s “don’t think you can skip it” warning about 2990214.
This is the link to that post: https://blogs.technet.microsoft.com/joscon/2015/04/14/windows-servicing-releases-april-14-2015/
(I was hoping he’d be another go-to source, from the horse’s mouth, during my monthly Windows 7 updates researching, but he never posted again on his blog.)

Based on his warning, I duly installed 2990214.
It gave me problems (I don’t remember what they were now because I didn’t write them down.)
I uninstalled it and my computer was happier.

Throughout the year I have avoided that one, and all the ones you mentioned that superceded it.

Last week, I installed 3145739 by itself, without co-installing 3138612 (the decendant of 2990214).

After that, my Windows Update manual searches have taken 7 minutes and I do not have a problem with 2.5 GB of ram (as far as I know).

Can you tell me what to look at, in terms of the 2.5 GB ram problem that you are saying that 2990214/3138612 fixes, so I can see if that is a problem on my computer?

==========
“Update for Universal C Runtime in Windows
KB2999226
…I’ve never had it totally fail on me or cause real trouble.”

I didn’t install 2999226 because it is “universal CRT for win10”.

I assumed that it does not apply to my win7 machine because I will not be installing win10 on my machine.

Microsoft: “The Windows 10 Universal CRT is a Windows operating system component that enables CRT functionality on the Windows operating system.
This update allows Windows desktop applications that depend on the Windows 10 Universal CRT release to run on earlier Windows operating systems.”
https://support.microsoft.com/en-us/kb/2999226

Woody: “KB 2999226 is a nonsecurity patch for Windows 8.1 that, according to the KB article, sticks a new Universal C Runtime on Windows 8.1 machines. The new Universal C Runtime is needed when programmers use the new Windows 10 Software Development Kit to build Universal/Metro apps and you try to run them on Windows 8.1.”
http://www.infoworld.com/article/2992476/microsoft-windows/what-happened-to-windows-patches-kb-2999226-and-kb-3083710.html

Reply | Quote

Sorry, I left out a bit in my above comment that I left earlier tonight.

After I wrote the sentence “I assumed that it does not apply to my win7 machine because I will not be installing win10 on my machine,”

I meant to go on to say:
I also do not plan to use on my computer any “Universal/Metro apps” or “Windows desktop applications” that are built with “the new Windows 10 Software Development Kit”, which is what this “Universal CRT” update 2999226 appears to be for.

…It is possible that I entirely misunderstood what a “Windows desktop application” “Universal/Metro app” is, but if it’s any kind of not-wholly-necessary software program that is voluntarily downloaded by the customer, which I assume it is, I expect that it is 99% likely that I will not be interested in putting that sort of thing on my Windows 7 computer in the next few years.

Reply | Quote

I took it as just the newest (not a separate branch) of the CRT runtime, as in things complied with Visual Studio 2015. Most good software installers would check for this dependency and install the version they were packaged with so the install succeeds. Having the latest version installed (and updated) means you don’t install an old CRT2015 with software package and then need a windows update.

Reply | Quote

Hadn’t realized that KB2990214 had been rolled into the windows update client updates. Someone needs to generate a supersedence tree for all windows OSes. Such a pre-calculation would be interesting to look at and if used(by MS) in the windows update client would spare the client the need to do supersedence work (just need to have a list of installed updates, that takes about 40 seconds).

Reply | Quote

Great, for the second time in a week, I find out that really private info has been shared without my knowledge or permission.

“When it was revealed that Google’s London-based company DeepMind would be able to access the NHS records of 1.6 million patients who use three London hospitals run by the Royal Free NHS trust – Barnet, Chase Farm and the Royal Free – it rang alarm bells.
Not just because the British fiercely guard their intimate medical histories. Not just because Google, a sprawling octopus of a company with tentacles in all our lives, wishes to “organise the world’s information”. Not just because patients are unlikely to have consented to Google having this information.”

excerpted from “Google’s DeepMind shouldn’t suck up our NHS records in secret”
http://www.theguardian.com/commentisfree/2016/may/04/googles-deepmind-shouldnt-be-sucking-up-our-nhs-records-in-secret

“…the agreement on patient record sharing has caused concern among those who have already been concerned about Google’s moves in the healthcare sector.
A spokesperson for the Royal Free [Hospital] said patients would not be aware that data was being made available….”
https://www.theguardian.com/technology/2016/may/04/google-deepmind-access-healthcare-data-patients

Reply | Quote

NotReallyBob(fromanothercomputer) There is this URL with all the Visual C++ runtimes, including the 2015 version https://support.microsoft.com/en-au/kb/2977003
Then where does it leave the Universal C Runtime?
Is the Universal CRT one only for Universal Apps and if this is the case, why is it offered on Windows 7?
Just legitimate questions trying to understand better Microsoft’s strategy in this area.

Reply | Quote