Competent IT shops have configured their systems to patch through a locally-maintained WSUS server.
A corporate desktop should never install the updates that enable telemetry or GWX prompts on Windows 7/8. Even if they did, there is a Group Policy option to suppress OS upgrades through Windows Update. They have to fail twice as hard as a home user to end up in that situation.
The GWX upgrade being set to "Recommended" still doesn't result in auto-installation with the default options.
Ignorance or incompetence are the only explanations for someone who finds an unexpected Windows 10 installation.
The update cache is for new updates, and it is typically too small to make such a difference.
The uninstallers for previous updates occupy the WinSxS folder, and that folder can bloat significantly over the lifetime of a Windows install. I have personally seen 12+ GB, so this is a much more likely culprit.
Windows 7 and 8 have different methods for removing old update files. In 7, you install KB2852386 and run the Disk Cleanup wizard. In 8, you have to run DISM from the command line with the resetbase option.
In either case, Microsoft could have configured the installer to prep the system by performing similar operations in the background.
I had this happen once. The installation GUI is very limited compared to the standard disk utilities.
The simple solution is to do a secure wipe of the boot disk using whatever utility the SSD manufacturer supplies. In my case, they had a bootable ISO. It took all of 5 minutes once I decided to try it.
It is likely that running diskpart would expose the underlying partitions and volumes. Nuking everything from there would probably also work.
I did the secure wipe because I ran diagnostics on the drive first, and the option was right there. Diskpart should work as well; I just haven't personally verified it.
You have to have Windows configured to automatically install updates. By default, this only includes critical updates. (There are three tiers: critical, recommended, and optional.)
There is a second option to receive recommended updates the same way as critical updates. This must be enabled too, as the Windows 10 update was only bumped up to recommended.
So you must have two settings for it to happen like that---one of which is not a default, and neither of which I'd expect a typical Slashdot user to have.
Windows 7 and 8 have their own implementations of telemetry. There is no reason for Microsoft to leave the telemetry code from another OS when it rolls back---and several reasons not to.
If OP has the associated Windows 7/8 updates, they can be uninstalled and blocked in Windows Update easily.
If your full-disk encryption protects the symmetric volume key using certificates (e.g., users with Smart Cards), then you are still vulnerable.
There are a lot of use cases where symmetric keys are protected or transferred using asymmetric encryption, so breaking RSA will have far-reaching consequences.
Your personal workstation is probably not one of those cases. That doesn't mean it isn't a big deal for everyone regardless.
No, they're not "dependent on a direct competitor". Do you even know how it works?
Mainboard manufacturers and OEMs can put whatever keys they want into their UEFI firmware for Secure Boot.
For Windows 10 certification, Microsoft requires that their keys be included in the signature database and the KEK database. This lets them boot their own code (signature) and add new software signing keys in the future so newer code can run (KEK). There are no restrictions or requirements pertaining to keys for other vendors or operating systems.
If an OEM decides to be cheap, that is only a problem for their customers. A manufacturer could include only MS keys and provide no means for users to add their own keys to the signature or KEK databases. But that's on the manufacturer alone, and most of them are not that stupid.
So, if you want to go off your list, absolutely no problem? Stupid meaningless list, then.
Yeah, not how it works. The same people who approved the list have to approve your exception. So you need a reason that is more important than the rationale behind the original requirement.
Everybody in the free software community benefits from strong GPL enforcement. E.g., when Microsoft reused GPL code in one of their tools, they were forced to release their source when it was discovered.
The ZFS license forbids releasing it under GPL. The Ubuntu binary distribution must be all GPL in order to satisfy the GPL's requirements.
If Ubuntu starts picking which parts of the license it follows, you can bet everyone from minor devs to major corporations will start doing the same thing. Proprietary shops will absorb open source contributions in whatever predatory manner they can.
The way to prevent it is simple. Enforce 100% of the requirements in the open source license 100% of the time, and set legal precedent whenever possible to establish those obligations as legally binding.
If they publish their method with sufficient details for others to duplicate it, the cheaters will be able to use it as well.
If they vet their fabricated data to ensure it passes muster, we will have a real problem.
I fear this could end up like the arms race between malware coders and antivirus vendors. Because I doubt the good guys would have much of a chance here either.
It had absolutely no hint of the city being fictional.
If they're willing to bomb a city and kill people without even knowing the specific reason for that bombing, their ignorance is truly dangerous to the world.
If they cannot immediately recall the "where" and "why" to justify homicide, they deserve to be embarrassed.
The only conceivable justification for their position is the lack of an option for indicating "unsure" or "no opinion". And I'd be shocked if a modern survey didn't include that.
They could have both false positives and false negatives.
They eliminated studies which had a prima facie case for having highly similar responses. However, it is possible for them to miss a study which generates fairly consistent response patterns for non-obvious reasons.
I can buy the 17% number. A sizable majority are legitimate scientific endeavors, but there are enough bad actors that you need to actively seek them out.
I seem to recall about 9% of Americans have a felony conviction. If you assume that's the dumber half of the felons being caught, you end up in roughly the same ballpark.
Your response will most likely be washed out by a sea of honest responses.
Most participants respond to the best of their ability---although it cannot be assumed they are always correct. Respondent error, even about themselves, is more common than outright deception.
Researchers are aware that participants lie due to self-deception, social desirability, deliberate sabotage, and other reasons. Surveys often incorporate measures to detect deception.
If you answer in a nonsensical fashion, the worst you'll do is reduce the likelihood of the results being significant---assuming your results are contrary to the hypothesis and are not eliminated for being invalid or an outlier. It's not like the entire survey method is going away; its weaknesses are well-known, and it is generally used as a last resort.
Note that this behavior can only hurt honest scientists. If someone is manipulating data, they will purge your result or fabricate enough desirable results that your behavior is irrelevant. You are literally helping no one.
And when the doctor needs to submit information to the insurance company so they will pay for procedures, is he supposed to handwrite a duplicate? Or maybe he should use a typewriter? Surely he shouldn't fax a copy over the insecure POTS network.
Healthcare costs are already exploding, and now we're going to handle all records and payment processing by hand? Efficiency is one thing that no industry ever gives up willingly.
Modern doctors even use digital prescriptions. The last time I needed one, the doctor asked me if I would pick it up at a nearby pharmacy. I identified the CVS that was on my way home, and he sent it from his laptop. It was ready for pickup by the time I got there.
Given the convenience for both the doctor and the patient, the move to digital is not going to reverse even if you could ignore the economic benefits.
Talk up breaches and security and privacy so things can get fixed, but don't even bother trying to take it back offline. It simply won't happen.
Enterprises don't, and they're the ones who still pay money for Windows.
I don't. There are Steam and GoG for games in general, and most major publishers have their own purchase and distribution infrastructure. Blizzard, for example, lets you create an account, pay on their web site, and download the installers for any/all games you own.
Professional apps are available directly from the publisher's site, even in cases where purchases must be made through resellers.
The physical software market is dying for all platforms. The Windows market is still quite robust---Valve pulled in nearly a billion in revenue from Steam alone.
Guaranteeing a return path from some transmitter on a PC or mobile phone is going to be real tough.
You cannot put a dozen transmitters in mobile devices to guarantee clear line of sight---the cost will skyrocket, there will be some impact on battery life, and there is not much free space in most mobile devices to begin with.
This could be useful as a broadcast technology though. With the line-of-sight requirement, it should be very easy to limit your range and avoid interference with anything outside of your property.
I like this a lot for local broadcast. I see no viable way to deploy it as a Wi-fi replacement.
The old school books covered the architecture in much more detail than any of those.
The old books would cover things like which subsystems require the new credential providers, how many and what types of credentials are stored in LSASS, the boot process from BIOS/EFI initiation until user session creation, etc.
In-depth technical guides like OP wants are almost impossible to find. Current guides---and especially the "For Dummies" series---are not even interesting to the same audience. I'm sure they sell more since they are accessible to the average PC enthusiast.
Even the "Missing Manual" series, which used to be phenomenal, is watered down to appeal to masses.
Bottom line, if you think half of that list is a substitute then you don't understand what OP is asking for.
I'd say the Missing Manual is probably the closest and recommend it as the best option in print, but TechNet and the associated MS blog has more overall information in addition to being both current and searchable.
That book market no longer exists. The vast majority of books are exam prep now.
Now it's all about finding the right resources online.
A proper search targeted at technet.microsoft.com (for admin issues) or msdn.microsoft.com (for dev issues) will usually be helpful.
I've found technet to be more frequently helpful, and Stack Overflow or Stack Exchange are good alternatives to MSDN. Technet has an exhaustive, option-by-option descriptions of the modern CLI commands. This is the closest thing you'll probably find to those old books.
If you are interested in scripting, you should probably familiarize yourself with PowerShell, as it is far more powerful and flexible than the traditional Windows CLI.
Other nations may have been willing to sacrifice freedom and choice in exchange for reduced efficiency, but Americans aren't quite stupid enough to choose that, yet
We have already chosen that.
Americans pay the most per capita for health insurance and yet we rank 31st in actual healthcare. (That assessment was pre-Obamacare, so those numbers may have changed. I am not aware of a post-Obamacare analysis.)
When someone decided to do the calculations, we ranked 37th in efficiency---behind a bunch of nations with public healthcare, and right above Slovenia. The WHO efficiency report is here for reference: www.who.int/healthinfo/paper30.pdf
Oddly enough, even with its extremely open market economy, Singapore managed to snag sixth place. It is nestled in the top tier among those nations with public healthcare.
Oh wait---my mistake, Singapore actually has public healthcare in spite of the fact that it ranks as the second freest economy in the world. And before I hear a hint of bluster, the US is #10 in economic freedom. (Freedom rankings are courtesy of the Heritage Foundation's Index of Economic Freedom.)
A lot of this relies on the major software companies supporting non-Windows platforms.
E.g., the VMware vSphere client would only run on Windows. Likewise, Virtual Center itself ran on Windows Server. Now vSphere has a web client, and Virtual Center is distributed as a Linux-based VM.
And just like that, the premiere enterprise virtualization infrastructure went from requiring Microsoft operating systems to being vendor-agnostic. Most of our admins kept their Windows desktops, but now it's their choice.
PS---The WinSxS "nightmare" is fixed, provided you have Win7 or later. You either remove old update files through the UI (Win7), or you run DISM with the/resetbase flag (Win8+).
The only exception is that I would leave the Application Experience service and scheduled tasks as-is. It provides transparent compatibility for applications that might not work right otherwise. If you are really set on removal, I would disable the service and run all of my applications first to ensure there is no adverse affect.
Actually, I would disable all services rather than delete them---just in case. A disabled service cannot run, and it takes only second to revert to automatic startup if it's ever needed.
Slashdot Mirror
Competent IT shops have configured their systems to patch through a locally-maintained WSUS server.
A corporate desktop should never install the updates that enable telemetry or GWX prompts on Windows 7/8. Even if they did, there is a Group Policy option to suppress OS upgrades through Windows Update. They have to fail twice as hard as a home user to end up in that situation.
The GWX upgrade being set to "Recommended" still doesn't result in auto-installation with the default options.
Ignorance or incompetence are the only explanations for someone who finds an unexpected Windows 10 installation.
The update cache is for new updates, and it is typically too small to make such a difference.
The uninstallers for previous updates occupy the WinSxS folder, and that folder can bloat significantly over the lifetime of a Windows install. I have personally seen 12+ GB, so this is a much more likely culprit.
Windows 7 and 8 have different methods for removing old update files. In 7, you install KB2852386 and run the Disk Cleanup wizard. In 8, you have to run DISM from the command line with the resetbase option.
In either case, Microsoft could have configured the installer to prep the system by performing similar operations in the background.
I had this happen once. The installation GUI is very limited compared to the standard disk utilities.
The simple solution is to do a secure wipe of the boot disk using whatever utility the SSD manufacturer supplies. In my case, they had a bootable ISO. It took all of 5 minutes once I decided to try it.
It is likely that running diskpart would expose the underlying partitions and volumes. Nuking everything from there would probably also work.
I did the secure wipe because I ran diagnostics on the drive first, and the option was right there. Diskpart should work as well; I just haven't personally verified it.
Probably no one here.
You have to have Windows configured to automatically install updates. By default, this only includes critical updates. (There are three tiers: critical, recommended, and optional.)
There is a second option to receive recommended updates the same way as critical updates. This must be enabled too, as the Windows 10 update was only bumped up to recommended.
So you must have two settings for it to happen like that---one of which is not a default, and neither of which I'd expect a typical Slashdot user to have.
No, you can't "Bet on it"
Windows 7 and 8 have their own implementations of telemetry. There is no reason for Microsoft to leave the telemetry code from another OS when it rolls back---and several reasons not to.
If OP has the associated Windows 7/8 updates, they can be uninstalled and blocked in Windows Update easily.
Your internet connection doesn't pay Youtube---or any other site.
Your internet provider needs to make money; Youtube needs to make money. You have to pay them both.
If you pay one with money and the other with a few seconds of ad-watching, well, that's their decision on how they want to operate.
If your full-disk encryption protects the symmetric volume key using certificates (e.g., users with Smart Cards), then you are still vulnerable.
There are a lot of use cases where symmetric keys are protected or transferred using asymmetric encryption, so breaking RSA will have far-reaching consequences.
Your personal workstation is probably not one of those cases. That doesn't mean it isn't a big deal for everyone regardless.
No, they're not "dependent on a direct competitor". Do you even know how it works?
Mainboard manufacturers and OEMs can put whatever keys they want into their UEFI firmware for Secure Boot.
For Windows 10 certification, Microsoft requires that their keys be included in the signature database and the KEK database. This lets them boot their own code (signature) and add new software signing keys in the future so newer code can run (KEK). There are no restrictions or requirements pertaining to keys for other vendors or operating systems.
If an OEM decides to be cheap, that is only a problem for their customers. A manufacturer could include only MS keys and provide no means for users to add their own keys to the signature or KEK databases. But that's on the manufacturer alone, and most of them are not that stupid.
So, if you want to go off your list, absolutely no problem? Stupid meaningless list, then.
Yeah, not how it works. The same people who approved the list have to approve your exception. So you need a reason that is more important than the rationale behind the original requirement.
Nobody. But plenty of people take the train from Paris to Lyon, or from Brussels to Antwerp.
Brussels to Antwerp is 30 miles. Paris to Lyon is 300.
Our major population centers are further apart than Europe's.
In the US, LA to NYC is 2700 miles. Even a Chicago-NYC line would be about 800 miles.
High speed rail is about 200 MPH, so you're looking at 4 hours for Chicago-NYC and 10-15 hours for LA-NYC.
Flying is the same speed or faster---generally faster---and it is only affected by ground conditions at the takeoff and landing sites.
To justify the enormous capital expense of high-speed rail, it needs to offer something big since travel time and convenience won't be among them.
The article explains why it is not ridiculous.
Everybody in the free software community benefits from strong GPL enforcement. E.g., when Microsoft reused GPL code in one of their tools, they were forced to release their source when it was discovered.
The ZFS license forbids releasing it under GPL. The Ubuntu binary distribution must be all GPL in order to satisfy the GPL's requirements.
If Ubuntu starts picking which parts of the license it follows, you can bet everyone from minor devs to major corporations will start doing the same thing. Proprietary shops will absorb open source contributions in whatever predatory manner they can.
The way to prevent it is simple. Enforce 100% of the requirements in the open source license 100% of the time, and set legal precedent whenever possible to establish those obligations as legally binding.
If they publish their method with sufficient details for others to duplicate it, the cheaters will be able to use it as well.
If they vet their fabricated data to ensure it passes muster, we will have a real problem.
I fear this could end up like the arms race between malware coders and antivirus vendors. Because I doubt the good guys would have much of a chance here either.
It had absolutely no hint of the city being fictional.
If they're willing to bomb a city and kill people without even knowing the specific reason for that bombing, their ignorance is truly dangerous to the world.
If they cannot immediately recall the "where" and "why" to justify homicide, they deserve to be embarrassed.
The only conceivable justification for their position is the lack of an option for indicating "unsure" or "no opinion". And I'd be shocked if a modern survey didn't include that.
They could have both false positives and false negatives.
They eliminated studies which had a prima facie case for having highly similar responses. However, it is possible for them to miss a study which generates fairly consistent response patterns for non-obvious reasons.
I can buy the 17% number. A sizable majority are legitimate scientific endeavors, but there are enough bad actors that you need to actively seek them out.
I seem to recall about 9% of Americans have a felony conviction. If you assume that's the dumber half of the felons being caught, you end up in roughly the same ballpark.
Your response will most likely be washed out by a sea of honest responses.
Most participants respond to the best of their ability---although it cannot be assumed they are always correct. Respondent error, even about themselves, is more common than outright deception.
Researchers are aware that participants lie due to self-deception, social desirability, deliberate sabotage, and other reasons. Surveys often incorporate measures to detect deception.
If you answer in a nonsensical fashion, the worst you'll do is reduce the likelihood of the results being significant---assuming your results are contrary to the hypothesis and are not eliminated for being invalid or an outlier. It's not like the entire survey method is going away; its weaknesses are well-known, and it is generally used as a last resort.
Note that this behavior can only hurt honest scientists. If someone is manipulating data, they will purge your result or fabricate enough desirable results that your behavior is irrelevant. You are literally helping no one.
And when the doctor needs to submit information to the insurance company so they will pay for procedures, is he supposed to handwrite a duplicate? Or maybe he should use a typewriter? Surely he shouldn't fax a copy over the insecure POTS network.
Healthcare costs are already exploding, and now we're going to handle all records and payment processing by hand? Efficiency is one thing that no industry ever gives up willingly.
Modern doctors even use digital prescriptions. The last time I needed one, the doctor asked me if I would pick it up at a nearby pharmacy. I identified the CVS that was on my way home, and he sent it from his laptop. It was ready for pickup by the time I got there.
Given the convenience for both the doctor and the patient, the move to digital is not going to reverse even if you could ignore the economic benefits.
Talk up breaches and security and privacy so things can get fixed, but don't even bother trying to take it back offline. It simply won't happen.
That means basically nothing.
Who buys boxed software anymore?
Enterprises don't, and they're the ones who still pay money for Windows.
I don't. There are Steam and GoG for games in general, and most major publishers have their own purchase and distribution infrastructure. Blizzard, for example, lets you create an account, pay on their web site, and download the installers for any/all games you own.
Professional apps are available directly from the publisher's site, even in cases where purchases must be made through resellers.
The physical software market is dying for all platforms. The Windows market is still quite robust---Valve pulled in nearly a billion in revenue from Steam alone.
Guaranteeing a return path from some transmitter on a PC or mobile phone is going to be real tough.
You cannot put a dozen transmitters in mobile devices to guarantee clear line of sight---the cost will skyrocket, there will be some impact on battery life, and there is not much free space in most mobile devices to begin with.
This could be useful as a broadcast technology though. With the line-of-sight requirement, it should be very easy to limit your range and avoid interference with anything outside of your property.
I like this a lot for local broadcast. I see no viable way to deploy it as a Wi-fi replacement.
EMET is a baseline requirement if you are focused at all on security.
As with any security measure, it can cause issues with applications. Because of this, sane people are conservative in deploying new versions.
The notes on the EMET 5.5 release and download pages mention this vulnerability nowhere.
A critical flaw in a security tool is a very important thing to know about. This information should be prominent and obvious.
I even checked the user guide in case it is buried somewhere, and there is not a hint of security-related bugfixes in there either.
The old school books covered the architecture in much more detail than any of those.
The old books would cover things like which subsystems require the new credential providers, how many and what types of credentials are stored in LSASS, the boot process from BIOS/EFI initiation until user session creation, etc.
In-depth technical guides like OP wants are almost impossible to find. Current guides---and especially the "For Dummies" series---are not even interesting to the same audience. I'm sure they sell more since they are accessible to the average PC enthusiast.
Even the "Missing Manual" series, which used to be phenomenal, is watered down to appeal to masses.
Bottom line, if you think half of that list is a substitute then you don't understand what OP is asking for.
I'd say the Missing Manual is probably the closest and recommend it as the best option in print, but TechNet and the associated MS blog has more overall information in addition to being both current and searchable.
That book market no longer exists. The vast majority of books are exam prep now.
Now it's all about finding the right resources online.
A proper search targeted at technet.microsoft.com (for admin issues) or msdn.microsoft.com (for dev issues) will usually be helpful.
I've found technet to be more frequently helpful, and Stack Overflow or Stack Exchange are good alternatives to MSDN. Technet has an exhaustive, option-by-option descriptions of the modern CLI commands. This is the closest thing you'll probably find to those old books.
If you are interested in scripting, you should probably familiarize yourself with PowerShell, as it is far more powerful and flexible than the traditional Windows CLI.
Other nations may have been willing to sacrifice freedom and choice in exchange for reduced efficiency, but Americans aren't quite stupid enough to choose that, yet
We have already chosen that.
Americans pay the most per capita for health insurance and yet we rank 31st in actual healthcare. (That assessment was pre-Obamacare, so those numbers may have changed. I am not aware of a post-Obamacare analysis.)
When someone decided to do the calculations, we ranked 37th in efficiency---behind a bunch of nations with public healthcare, and right above Slovenia. The WHO efficiency report is here for reference: www.who.int/healthinfo/paper30.pdf
Oddly enough, even with its extremely open market economy, Singapore managed to snag sixth place. It is nestled in the top tier among those nations with public healthcare.
Oh wait---my mistake, Singapore actually has public healthcare in spite of the fact that it ranks as the second freest economy in the world. And before I hear a hint of bluster, the US is #10 in economic freedom. (Freedom rankings are courtesy of the Heritage Foundation's Index of Economic Freedom.)
So what were you saying about stupid decisions?
There is no "OFF" setting for telemetry.
It's a scale from 0-4, with an explanation that non-Enterprise editions cannot be set to 0 (and will treat a setting of 0 as 1 if that does happen).
In the policy console, it spends a few sentences describing what each level does.
If someone can't understand that Home/Professional cannot be set to 0, and levels 1-4 send some data to Microsoft... well, that's his own problem.
A lot of this relies on the major software companies supporting non-Windows platforms.
E.g., the VMware vSphere client would only run on Windows. Likewise, Virtual Center itself ran on Windows Server. Now vSphere has a web client, and Virtual Center is distributed as a Linux-based VM.
And just like that, the premiere enterprise virtualization infrastructure went from requiring Microsoft operating systems to being vendor-agnostic. Most of our admins kept their Windows desktops, but now it's their choice.
PS---The WinSxS "nightmare" is fixed, provided you have Win7 or later. You either remove old update files through the UI (Win7), or you run DISM with the /resetbase flag (Win8+).
Your slow shutdown issue is likely unrelated to telemetry.
The computer is always "engaging in 'Telemetry'" since it is always recording data if the feature is enabled.
Windows 7 transmits telemetry data on a weekly basis. If you are seeing a slow shutdown every day, you have a different problem.
The best summary of how to address telemetry collection on Windows 7/8/10 I've seen is the top reply to this superuser thread:
http://superuser.com/questions...
The only exception is that I would leave the Application Experience service and scheduled tasks as-is. It provides transparent compatibility for applications that might not work right otherwise. If you are really set on removal, I would disable the service and run all of my applications first to ensure there is no adverse affect.
Actually, I would disable all services rather than delete them---just in case. A disabled service cannot run, and it takes only second to revert to automatic startup if it's ever needed.