Slashdot Mirror
Ask Slashdot: Make Windows Update Install Only Security Updates Automatically?
An anonymous reader writes: After the news earlier this month about Microsoft forcing the Windows 10 upgrade on people who don't want it, my sizeable extended family has been coming to me for a solution. They don't want to be guinea pigs this early in the Windows 10 release cycle, but it looks like Microsoft may not be giving them a choice. My reading of Woody Leonhard's advice is that the only way to ensure the upgrade doesn't happen is to disable Windows Update, but that seems extreme. I want my family to install security updates, but I don't relish the idea of explaining to them how to install just those and hide the less-desireable updates.
The ideal solution would be to have only security updates install automatically, but it looks like it's easier said than done. I've looked at third-party tools like Autopatcher and Portable Update, but a security-only option doesn't seem to be very standard. From what I've read, Microsoft doesn't even package security updates separately, sometimes mixing merely Important and Recommended updates in the downloaded CAB file. I wish I could get them off Windows, but it's not an option. They use Windows at work or school, and don't want to go through the process of learning another OS. Maybe the current situation with Windows 10 will convince them eventually, but they need something now. I would really like to come up with a solution before the next Patch Tuesday on October 13. Do any of the more knowledgeable Slashdotters out there have any advice?
The ideal solution would be to have only security updates install automatically, but it looks like it's easier said than done. I've looked at third-party tools like Autopatcher and Portable Update, but a security-only option doesn't seem to be very standard. From what I've read, Microsoft doesn't even package security updates separately, sometimes mixing merely Important and Recommended updates in the downloaded CAB file. I wish I could get them off Windows, but it's not an option. They use Windows at work or school, and don't want to go through the process of learning another OS. Maybe the current situation with Windows 10 will convince them eventually, but they need something now. I would really like to come up with a solution before the next Patch Tuesday on October 13. Do any of the more knowledgeable Slashdotters out there have any advice?
But, as Scar told the mouse, "Life isn't fair, is it?".
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Now, of course, I read the descriptions.
Don't worry, Microsoft has a solution for that: with Windows 10, they simply don't offer descriptions. They've also started bundling feature updates and security updates into single patches. Probably. From what people have been able to determine that existing patches do.
There's no reason they can't decide to start doing that for all updates. Will KB414140 force you to install Windows 10? Include telemetry? Fix a zero-day exploit that's being actively exploited? All of the above? Who knows!
They "don't want to go through the process of learning another OS".
What do they think moving to Win 10 will be like?
Move them to Linux Mint Cinnamon, that's more like what they are used to than any of Win 7, Win 8, or Win 10.
"Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
You'll get what Microsoft wants and like it, or not - they don't care about your preferences anymore.
If you want to send them a message, stop buying their software. This is a less painful option than it used to be, believe it or not.
--
Not only stop buying, but STOP USING their software.. The reason Windows 10 is free is because YOU ARE THE PRODUCT that MS is *selling* to
anybody with the right # of $, plus I have to imagine they're in tight with the NSA, since the NSA needs to fill that giant datacenter in Utah, and what better
data than EVERYTHING you type, say and see on the computer that *used* to be YOURS and now belongs to MS.. Its a proven fact that 10 keylogs and captures large quantities of video/audio from any microphones/cameras on said system.. I used/admin'ed Windows for over 25 years (1991-2010) and when I retired I swore I'd quit using MS products and stay on Linux. It pains me to see how Americans have become nothing but lemmings running full-tilt off the cliff when it comes to computers... I have no fear either, that *if* enough of us non-lemmings skip sucking on MS's tit, and instead use of the many Linux/BSD distros, it won't be long before we're branded terrorists by this "government".... Hope I'm dead and buried by then (65 now..)
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
"Zorin OS is a multi-functional operating system designed specifically for Windows users who want to have easy and smooth access to Linux."
Can't you pick and choose updates with the corp version? Only home edition forces them on you.
You can pick and choose updates in the home version, too. By default, you get all updates, including recommended ones. But you can tell it to just notify you and not download or install updates. Then you can run windows update manually, and click on each patch, then click the link for more info, then read about it in your web browser. If you don't want an update, you can hide it in windows update, and it will no longer appear and you will no longer be nagged to install it. All very straightforward, except that useful patch descriptions aren't actually given in the windows update app, you have to keep going to the browser. And microsoft will no longer give you that information without enabling javascript for their domain, their basic site functionality now requires javascript, either because they want to run malicious code on your PC or because they are completely incompetent and forgot how to put content into a webpage without javascript, take your pick.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Just out of curiosity, why don't you just use turbotax's website? It's just a bunch of forms anyway. Even on my Windows devices I never had to download anything.
Patently false. It is free for one year to those who validly bought Win 7/8. It reatails for $119/$199 for Home or Pro if you need a fresh license.
The three registry keys to disable GWX and the GWX advert in Windows Update are these...
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX]
"DisableGwx"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DisableOSUpgrade"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade]
"ReservationsAllowed"=dword:00000000
Then open an elevated command prompt (search for cmd in the start menu, right click and Run as Administrator) and uninstall the following telemetry KBs...
wusa /uninstall /kb:3068708 /norestart /uninstall /kb:3022345 /norestart /uninstall /kb:3075249 /norestart /uninstall /kb:3080149 /norestart
wusa
wusa
wusa
In Control Panel > Windows Update > Change Settings, untick "Give me recommended updates the same way as I receive important updates" as some optional updates have been used to send down unwanted GWX/Telemetry updates.
Also in Control Panel > Windows Update, search for updates, then view the optional ones, then hide three of those KBs above (3022345 shouldn't appear as it's superseded) by right-clicking on them and choosing the hide option.
Now reboot the computer, search for CEIP in the start menu, run it, and change the setting to disable telemetry to MS.
If the C:\$WINDOWS.~BT then your computer is downloading Windows 10 in the background. Search for CleanMgr in the start menu and run it to remove the "Windows Update temporary files" category. Although that may unhide those three KBs above and you many need to rehide them.
Telemetry info from http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/
Unless MS send a recommended update which adds more GWX or Telemetry stuff to Windows 7/8, your extended family's computers will look after themselves from now on.
The only real way to protect yourself is external to Microsoft software, such as at the router. The router will not know if it is a security update or a simple "lets beta test the next release on the non-commercial chumps" software release. But the real issue is who are you concerned about security protection from? The only evil doers who have ever done me real harm are Microsoft themselves, back in XP SP1 days they rewrote my NIC EEPROM during a "security update" so that it would come up in an illegal default state and not work properly in Linux (and temporarily reset the NIC state to ordinary defaults when Windows was booted). I have to question who I'm trying to protect my system from, and the biggest evil out there seems to be Microsoft. So I no longer accept any Microsoft "security updates".
I'm an American. I love this country and the freedoms that we used to have.
If staying on Windows is a must, simply get the Enterprise version. It allows to manage the updates the updates the way it was in Windows 7.