Slashdot Mirror
'Don't Tell People To Turn Off Windows Update, Just Don't' (troyhunt.com)
Security researchers Troy Hunt, writing on his blog: Often, the updates these products deliver patch some pretty nasty security flaws. If you had any version of Windows since Vista running the default Windows Update, you would have had the critical Microsoft Security Bulletin known as "MS17-010" pushed down to your PC and automatically installed. Without doing a thing, when WannaCry came along almost 2 months later, the machine was protected because the exploit it targeted had already been patched. It's because of this essential protection provided by automatic updates that those advocating for disabling the process are being labelled the IT equivalents of anti-vaxxers and whilst I don't fully agree with real world analogies like this, you can certainly see where they're coming from. As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don't understand. This is how consumer software these days should be: self-updating with zero input required from the user. As soon as they're required to do something, it'll be neglected which is why Windows Update is so critical.
Pretty much. I had to take some fairly convoluted measures to keep my wife's laptop on 8.1 or some of my various other systems on 7 without entirely disabling updates. It's not that I liked 8.1, but I did not like what I read about 10.
The easiest way to avoid having 10 forced on me would have been to just disable updates. Instead I had to read up on every individual update that would push 10, and ultimately resorted to third-party software to block or remove those specific nuggets from Microsoft so that my platforms would be left in the state I wanted them in.
Do not look into laser with remaining eye.
the continual additions of resource-heavy snooping spyware and telemetry services for in-app advertising delivery hammer many institutions that would otherwise happily install security patches, if they were JUST security patches.
But many of the Important patches we have recieved from MSFT are just that. Ads, telemetry to try to sell us stuff that blows out the bandwidth in mission critical software and pops up things that get in the way of doing actual work.
There's your problem. That and the "patching" of things in a way that breaks apps that believe the public documentation instead of the actual way MSFT codes and tests its apps.
-- Tigger warning: This post may contain tiggers! --
Microsoft only have themselves to blame for people disabling Windows Updates because they made it untrustworthy:
Because of other faults of Microsoft pushing updates that don't benefit the end user. Like void your installed windows, change your settings, or even broke your system.
MS can't be trusted. They use security updates to force what ever they want on end users.
The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
Yah blame the user for the virus exploits and not the vendor that created the software with huge holes and the vendor who is blocking updates when running new gen CPU's on older OS versions just to try and push people to W10.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
It's not fun, it costs money and it can still break other dependencies, but the alternative is quite possibly ending up like the NHS or even worse. Bottom line is that it's an essential part of running a desktop environment in a modern business.
He's a fly-around shill just trying to look good in the eyes of Sales. His "workshops" are an insanely expensive way of selling low-calorie information that's already discussed online in much finer detail. His Ghost-powered blog site doesn't offer a search feature, but I'd bet it wouldn't return any meaningful results for two-factor authentication, separation-of-concerns, what certifications exist for software security, or the track record of non-MS products. Quick example: There's no mention of Google's recent publishing of security flaws in open-source projects. Instead we get a pass-the-buck, blame-the-victim blog post that ignores the annoyances of MS Update and tells everyone to "just deal with it".
I turn off Windows update on the boxes that I still have. I recommend everyone I know disable Windows update on all boxes that they have.
If you leave Windows update on, and just take the security updates by default, you will get owned by Microsoft. Constant telemetry will stream from your box.
I also recommend people look up how to stop this on Windows 7 and 8, where it is possible to stop it. It is not possible in 10, though some people have had some success at limiting it.
The article's advice is horseshit. WU should be disabled for personal computers if privacy is any manner of concern. Microsoft has revectored their security update mechanism to: try to upgrade you to Windows 10. Install sleeper services that only months after installation began transmitting telemetry. Remove useful names from KBs to prevent successful system administration. Transmit information about what programs you use, when you use them, how often you use them. Transmit information regarding crashes. Broadly expose envelope information about your non-Microsoft related activities to Microsoft and anyone they choose to share that information with.
Disable WU on 7 and 8. Tear out the bad patches. Only EVER manually apply patches that you actually require for security and functioinality.
Comparing being a sensible system administrator who doesn't want to transfer control over their personal activities to Microsoft to antivaxxers is disgusting. Anyone making this comparison is irresponsible.
https://superuser.com/question...
The list of KBs that you must manually remove (and prevent reinstallation of) to keep Windows without telemetry is provided on that su post. The list is:
KB3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015 more info .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7 more info
KB3083325 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: September 2015 more info
KB3083324 Windows Update Client for Windows 7 and Windows Server 2008 R2: September 2015 more info
KB2976978 Compatibility update for Windows 8.1 and Windows 8 more info
KB3075853 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015 more info
KB3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015 more info
KB3050265 Windows Update Client for Windows 7: June 2015 more info
KB3050267 Windows Update Client for Windows 8.1: June 2015 more info
KB3075851 Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015 more info
KB2902907 MS Security Essentials/Windows Defender related update [no description/information available]
KB3068708 Update for customer experience and diagnostic telemetry more info
KB3022345 Update for customer experience and diagnostic telemetry more info
KB2952664 Compatibility update for upgrading Windows 7 more info
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows more info
KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1 more info
KB971033 Description of the update for Windows Activation Technologies more info
KB3021917 Update to Windows 7 SP1 for performance improvements more info
KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows more info
KB3046480 Update helps to determine whether to migrate the
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 more info
KB3080149 Update for customer experience and diagnostic telemetry more info
KB3083324 Windows Update Client for Windows 7 and Windows Server 2008 R2: September 2015 more info
KB3083325 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: September 2015 more info
KB3083710 Windows Update Client for Windows 7 and Windows Server 2008 R2: Octobe
You do understand that the majority of professional work is done by small businesses, and most of those don't have dedicated IT teams at all, right?
Enterprise IT is actually the exception, not the norm.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
unwanted telemetry
Most of that telemetry has been backported; you're not protecting yourself by avoiding Windows 10. All of Microsoft's supported operating systems are spyware and what distinctions exist between versions are trivial; if you care about keeping clear of Microsoft's collection system you're not running any contemporary Microsoft operating system. If you're clinging to Win7/Vista/whatever because you think you're saving your privacy then you're an idiot.
Maw! Fire up the karma burner!
Windows update(10) all the way back to XP, is horribly slow is part of the problem and it has just gotten worse. Run into a problems with windows update and you can lose 1-3 days, just because it takes forever for it to eventually fail. I went to update the windows load on my dual boot machine and it took 3 freaking hours on 4.5Ghz machine, ssd and 32GB of RAM. Same machine with Ubuntu updates took all of 2-3 minutes even with multiple dkms modules being built. Microsoft there is no excuse for it being that slow, I can just have btrfs root, take a snapshot before updates and have the equivalent of your system restore and your horrible over engineered windows installer without the headaches.
You can trick windows from messing with it and bios that only look for a windows efi boot file. This will boot to grub and allow you to select windows if you want, and windows update doesn't mess with it. /s
open cmd.exe as Administrator and lunch the command vmount s:
go to s: and navigate the directories until you find where the grubx64.efi is located. Mine was under s:\EFI\debian\.
go to s:\EFI\Microsoft\boot and create a backup of the bootmgfw.efi file and then overwrite it with the grubx64.efi.
reboot. Now you should be able to reach the grub menu and boot to Linux but you'll be unable to boot to Windows. Boot to Linux then.
On linux you /boot/efi/EFI/Microsoft/Boot and restore the previously backed up bootmgfw.efi.
open a shell and go to
run grub-install (it may require root privilege - sudo)
run update-grub2 (it may require root privilege - sudo)
I *have* to disable the update service on my laptop. Win 10 insists on installing newer Intel graphics drivers, except they don't work with the Optimus setup on my laptop. With the newer Intel drivers, any 3D game I start crashes when it tries to use the Nvidia card. So I have to let Windows 10 update my laptop, disable the update service, then reinstall the Intel GPU drivers provided by my laptop vendor (and also the Nvidia drivers if Windows 10 has auto-updated those).
When Win 10 first came out, it gave you the option to disable updates to a specific device driver. But for some inexplicable reason, Microsoft removed this option in the Oct 2016 update. Because of Microsoft's brain-dead update policies, I literally cannot use my gaming laptop to play games if I have Windows Update enabled.