NoelC

As a Jedi you need to let go of the fondness you feel for your data. Fondness leads to privacy, and privacy leads to bankruptcy. -Noel

Windows Update? Are there people still running that? Some perspective for those who still think continuing to allow Windows Update on their older systems is reasonable: Forgetting that it's Microsoft we're talking about for a moment... A company has demonstrated - repeatedly - that it tries to install unwanted software through the door in which it's foot is firmly jammed. They've co-opted an interface that was well-trusted before to improve YOUR computing environment and are now openly using it for THEIR own advantage. Do you continue to allow them to do so - or do you remove their foot with prejudice? A company has created a new version of their product that's not as functional as their older version (to the point of being visibly brain damaged), and it's less efficient - yet they claim it's better at every turn. They can't even charge money for it, it's so bad. They clearly aren't even very good application programmers, let alone OS engineers. Now, should you continue trust them to be technically competent to change the already working OS software you have? Even putting technical incompetence aside, a company has so thoroughly changed their business model that it will no longer be an advantage to them in any way for you to continue to run your older system trouble-free. Assuming it's running trouble-free now, should you trust them to change It in ways that do not cause you new problems? -Noel

The Sphinx Windows Firewall Control product, which was recommended to me by XPClient, is a deny-by-default product, and it pops up and tells you about new programs it has detected attempting network access (and which are denied). It controls, via its own service, the Windows Base Filtering Engine (BFE), so the protection is quite solid under the covers. It's a *little* different than what you think in that the detected access has already been denied by the time you see the pop-up, and so that particular network access has failed. You will accumulate failures for a while until you get the setup customized for your own use. It's quite "arcane and geeky" if you want to call it that, but once understood (and it does take a little while to catch on to the way it works) it is powerful enough for even a networking expert to use. And it does have several "bypass" modes (EnableUnknown, EnableAll) that can help get you through things like complex installs. They have a good forum where the author of the software will answer your questions, and they have been ultra-responsive to problem reports. There is already a new beta and will be a new release soon with a number of bugfixes and feature enhancements for things I've submitted. At this point based on my experience, like xpclient before me, I recommend the Sphinx Windows 10 Firewall Control product (the name is a bit of a misnomer, it does run on Vista and above), with caveats: 1. Don't expect an easy end-user product. Networking is not trivial. But if you're prepared to study it to where you understand it fully, and take some time to develop your own rules, zones and application assignments, you'll be able to know everything about what your system is doing and shut down the Windows Firewall service entirely, which has other advantages. 2. With ANY deny-by-default firewall setup you're expected to take an ongoing active role in your system's communications processes. In other words, if you don't do anything, things won't work. It gives you tools to find out why, and to manage your setup, but you'll have to work at it. It's not a setup a passive user who just wants to play will want! 3. Run the most expensive high-end product (Network/Cloud Edition) which offers the most control functionality, even if you're only going to control one system with it. If you have more systems, it does offer convenient remote control (something an IT network guy would want). It's like just having a remote interface to each system. While you can't directly share rules in real time between different systems, you CAN easily save the whole config from one system and load it into another. 4. It has a free trial period, and you'll want to take full advantage of that. It may be that you and the Sphinx product just don't get along. As I mentioned, it's pretty geeky, and I wouldn't blame anyone for losing interest in why communication with www.startssl.com was attempted via TCP at address 97.74.232.97 port 80 (http) at 1:38am by svchost. I've been using the Sphinx product since August 20, 2015 and I've learned more since then about Windows security than I have in a long time prior. At this point I have a nice set of my own rules, zones, and application assignments that facilitate secure, private system operations on my multiple different Windows 7, 8.1, and 10 systems, and quite often days go by when I do not have to do anything to maintain the firewall setup at all. It has also facilitated my finding and tweaking any number of hidden privacy settings so that my Windows systems don't even TRY to spill the beans online any more. If catching Microsoft sending your data abroad motivates you and learning how things work excites you, a deny-by-default firewall could give you ongoing pleasure. It has done so for me. -Noel

Huh, that's interesting (and a bit frightening). What sorts of security tweaks are actually frowned upon by security experts? Some months ago I posted a thread on this forum about practical security and was challenged several times. One who claims to be an expert even went so far, regarding my use of the hosts file, as to directly say "don't do that". I don't really want to open that can of worms back up in detail but to paraphrase a famous quote, "A man who claims it is impossible should not get in the way of a man actually doing it." Part of my strategy revolves around blacklisting name resolution of known malware sites, and I have recently beefed it up even more by implementing my own DNS server. There have been some security packages that dabble in the area of managing blacklists, but I've seen none that come even close to the result I've gotten. At the moment, my systems simply won't visit some 54,000 online sites that are known to serve malware, scams, ads, and tracking. And the list comes from sources that are actively managed - it changes virtually every day (for example, hm-revenue-gov-tax-refund.service-org-gov.org and many others have been added within the last 24 hours). Another part involves reconfiguring the default Internet Explorer settings in which ActiveX is allowed to run from sites on the wild Internet. With all the browsers nowadays that don't support ActiveX, there is simply no reason to allow executable software to run whenever any web page wants it, especially not within iFrames, which is where most ads are presented. Yet another security initiative of mine involves employing a deny-by-default firewall setup for outgoing network communications. The default setting in Windows is to ALLOW all outgoing connection attempts, which brings convenience at the expense of security and privacy. There are a LOT of attempted communications by a default system setup, most of which are NOT actually needed (but serve only to benefit others) and can actually be deconfigured. I not only have the firewall block unwanted communications, but I also strive to reconfigure so they're not even attempted in the future. Possibly most importantly I use my HEAD when computing, and do responsible things. Learning how technical things work (and how the world works) is not impossible, even for non-computer geeks, and it's not infinitely complex. Thinking comes first, and everything else follows nicely. Not surprisingly, I have an efficient, stable, private computing environment that has never been infected by anything (according to my safety nets not having been exercised at all, nothing has even come close). Most importantly, my system doesn't cost me much time in maintaining it - hence my ability to get my work done and contribute meaningfully to places like this forum. It just works! And it applies equally well to Windows 7, 8.1, and 10. These things, with the exception of a 3rd party firewall management package I bought for $40, are all available for free to anyone right now, just by reconfiguring settings and manipulating files, and by thinking. -Noel

Just experimenting with insider build. Installed build 14251.1000 as an in-place upgrade to 10586.71 just as an experiment. Observations: Telemetry settings are turned back on (per O&O ShutUp10).All Apps are reinstalled.OneDrive, settings sync, Cortana all reinstated.Services that had been disabled are re-enabled.Scheduled tasks that had been disabled are re-enabled.My firewall shows lots more connections being attempted again (I had 10586 quiet). Looks like it's going to be pretty much the same experience as the upgrade to version 10586 from 10240. After removing all the Apps Cortana kept trying to come back on reboot this time around, so in frustration I swept through the registry and wiped her the hell out. Now she doesn't try to come back, but I may have cut too deep and now some stuff doesn't work - I can't seem to start the Services.msc snap-in any longer, for example. I believe I'm going to restore my pre-App removal snapshot and go through it again carefully when I'm more fresh. For anyone seriously considering following down the Redmond yellow brick road, it really does seem to warrant the development of an automated tweaker / re-tweaker script or program, if that's possible. I can see where getting a Win 10 system back into shape after each in-place upgrade really is going to take days. This exercise has me all the more convinced I really don't want to get on the track to receive what Microsoft is shoveling. Thank goodness I have got my Win 8.1 and 7 systems under control to where they're not trying to become Win 10 systems. At least it looks to be still possible using the tricks and tweaks in this thread to remove all the Apps... -Noel

I'm sorry, somehow I missed this response before. Thanks for the tip. I'll have a look at it when I can. -Noel

Thanks, Chrome got it. See above. Now off to play... -Noel

It offers a "download through browser" option, but won't act on it. I suspect you may be allowing more things to run than you realize. I have Chrome on a VM, so perhaps I'll try that, but I don't have trouble downloading anything else. This site is "special". Edit: Chrome got it, via the "download via browser" option. 5 minutes and done. -Noel

Don't forget Windows Live Gallery and Gadgets too. -Noel

Thank you kindly for the effort, but that site demands I install something in any browser I try to use and reports "Error: File too big to be reliably handled..." if I refuse. I'm sorry, but I won't allow mega.nz to coerce me into installing a browser add-on. I do appreciate your trying. While it strives to look legit, I suggest that mega.nz may not be completely on the up and up, given the aggressiveness with which it is trying to install things. -Noel

Yes, indeed. And it's nothing new. It's a herding tactic (and strategy). What's sad is that any system can be made MUCH more secure from practical threats with just a few tweaks with almost no downside. And yet it's not done, and is not widely known. It's even challenged by so-called experts! Further, as an example Microsoft has been releasing Internet Explorer with the ability to run ActiveX since the beginning, and that's STILL the default setting today! How could anyone begin to hope that a company that does something like that has any security expertise whatsoever, or is looking after anything like the user's best interests? Not long ago I asked for folks to comment on whether they're seeing Windows 10 systems infected in the real world. I didn't get a lot of responses, but from what I did get, and from everything else I'm reading, Windows 10 isn't really any less apt to get infected by hapless, ignorant users than any other version. In short, its practical "security" level is no better, and in fact Microsoft may well be running headlong into creating any number of heretofore unexploited new ways for security to be breached. A breakneck pace of change does not a secure system make. -Noel P.S., let us not forget that there is a whole realm of "security flaws" that we DON'T know about.

You and I are mostly of a like mind on this, Drugwash, except that I don't really anticipate users saying "Enough!" They are bred to be passive and accept that Mother Microsoft knows best about things for which they are ignorant. It's hard to fix ignorance in a world where ignorance is highly valued by corporations seeking to separate the ignorant from their money. -Noel

No doubt they track how many have seen ads and how many have purchased and/or downloaded Apps from the App Store. I'd be the first in line to download good Apps, and I'd even pay to be absolved of having to see Ads in an otherwise valuable piece of software. We just don't have that situation yet. The App Store software simply isn't valuable enough to endure any kind of intrusion. -Noel P.S., Food for thought: Do you pay through the nose for cable TV, and do you still see commercials?

Someone please define "fundamentally insecure". Secure from what? Running anything the user wants or allows? Inasmuch as EVERYONE would emotionally agree with the comment "more security is better", there is a very real possibility that we could "secure ourselves to death" and end up in a place we REALLY don't want, all to thunderous applause along the way. Let us never forget that. -Noel

Dhjohns, have you seen any of the crashes Microsoft has warned of, because of the known memory management problems in the latest build? I keep waiting for an ISO so I can dabble a bit on the insider track, but so far none has been published. Just a SWAG... Since Microsoft radically advanced the build numbers to accommodate the Windows Phone baseline, I predict that the next build released to the public could be 15360 (just because 1536 is a somewhat "special" number with regard to binary numbers == 1024 + 512). Build 14285 (100000 divided by 7, truncated) seems too close at hand to be a viable candidate. Another "significant" number that comes to mind and is closer to the current number could be 14400. By the way, just to contribute something on-topic: For me Aero Glass for Win 8+ continues to work flawlessly with the fully-updated public release build 10586.71. -Noel

I have successfully uninstalled all but two of the App packages Microsoft packaged with Windows, and I've managed to keep them from coming back. I consider this a triumph (owing to the good work done by intika here), and frankly it needs to be done by everyone - but it's probably also a fluke. I'll BET it won't be possible, or if it is it will be more difficult, after the next OS in-place upgrade, which I'm sad to say is JUST around the corner! We need more sophisticated tweaking software to be developed, which will allow a savvy user to TAKE CONTROL and be done with the Windows Store crapware once and for all. It needs to be easy to download and easy to use. I keep hoping Classic Shell will make the logical leap to being able to REALLY uninstall things - since it generally tries to manipulate settings behind the scenes in order to accomplish a "user is back in the driver's seat" type operation. Such tweaking software needs to be UBIQUITOUS - available everywhere, from multiple sources. This "adware" business model really, really has to be stopped! Of course, Microsoft's cesspool of lawyers will attack anyone creating such an application. My recommendation to all at this point: Just STOP using the adware in Windows 10. Don't support this kind of business model. En masse, it's the only approach that will really show Microsoft that we absolutely don't want - can't STAND - to allow them to do this kind of thing. -Noel

I suspect that if you were to set your system up so that Windows Updates are only applied when you initiate the activity, then Hide the update EACH TIME, it would not be loaded by Windows Update. But that's just a guess, as I have not had to deal with the issue. Have you already tried that? How have you got Windows Updates set up to install? I always review the first panel above BEFORE initiating an actual Windows Update, then read online about whether the updates are causing others problems. Such problems (with driver updates causing problems) certainly seem like a good reason for taking control over when Windows Updates are allowed to download and whether certain updates need to be hidden, but if in the end the Hide Updates tool does not actually work (or is just unmanageable) that makes everything moot and makes the whole process of updating unacceptable. -Noel

Much as I dislike Win 10, the latest updates seemed to go in smoothly here. I'd really start looking hard at the environment in which you're running Win 10, BudwS. Besides running this in a VMware virtual machine on a really stable Win 8.1 workstation, I'm doing nothing at all with Apps. Perhaps the secret to Win 10 stability is to shun everything to do with Apps. I realize that the choice to use Windows 10 at all becomes pretty much moot with that decision, since it's no better a desktop system than Win 8.1 or 7 - hence my only running it in a VM. FYI, I downloaded the file list from the KB article... 630 files are listed with a 16-January date (10586.71)! Note that all those don't go into any one system, but by gosh these are no small updates! -Noel

I know, right? It's vanishing as we speak and we are indeed sad. Most folks don't realize how big a deal it is that Microsoft decided to concentrate on frivolity and leave the work to someone else. It MEANS something, and it might well change the world - for the worse! -Noel

I've been sayin' that for a long time. No professional OS is available from Microsoft. Not EXTERNALLY. But what will they be developing future versions of Windows with? That being said, Visual Studio 2015 Community Edition is now free for small business users, and it DOES seem to be a bit improved over 2013 - so it's hard to complain too loudly just yet. You have to wonder what a company like Adobe (given all the content creation stuff they offer) thinks about all this... Well, it's pretty clear they're embracing Macintosh in a big way, so maybe they're not that worried. Imagine that: Macs to create serious/business content, and PCs to consume it. -Noel

I know EXACTLY what you mean. Windows 10: Making mild people profane since 2015 -Noel

Oh, and let's never forget that even though it's no longer new news, Windows 10 STILL doesn't give us all the functionality that the older systems did. Think "the ability to play media", and any number of other features that got discussed hotly when Win 10 first reared its ugly head. -Noel

Microsoft and the high tech world are conspiring to make Windows 10 impossible to do without. If we want to continue to live in a world where we can see clearly where high tech is going, we have some options that range from extremes: Shun high tech altogether and move to a cabin in the woods.Choose to use an older OS (Win 8.1 or 7) and hope that some new development will ultimately save us.Adopt Windows 10 and develop a strategy for continuing to keep control, knowing this will be more work.Adopt Windows 10, just go with the flow (and lose the requisite 30 points of IQ). This will be less work. Since it's a 4 dimensional world, we must not only decide things now, but also re-evaluate the above list continuously. At the moment I've stopped at "Choose to use an older OS" and am dabbling with "developing a strategy for continuing to keep control". For ME, that seems prudent. The answer will be different for each person. Amongst us all this IS actually causing ongoing work, stress, and could indeed be likened to hitting oneself repeatedly with a heavy object. And I hate to say it but there's nothing we can do about it. The high tech world is bigger than any of us, or even a group of us. Microsoft, through their greed and avarice, has chosen to make running Windows about running Windows and no longer about what the user wants to do. There is not an unlimited amount of spying and malice being done by the software, and it's still quite possible to run Windows 10 in a way that thwarts Microsoft's plans. Perhaps someone could even roll up all that knowledge into something even bigger than the Anti-Spyware packages (I don't know, a Windows 10 Re-Tweaker package maybe). It might be that continuing to try to wrest control back away from Microsoft will be SO much work that IQ 70 people who just opt for the last option above will be equally productive and successful, at which point we fail. How many have pondered their own existence in all this? Somehow I find it oddly comforting that I will probably not live past about around 2030 or 2035 and then I will no longer have to deal with all this Microsoft garbage. -Noel

We're close to being on the same page. An OS is "stable enough" if it doesn't crash AT ALL, is protected from ill-behaved applications, never loses or corrupts data, doesn't have quirks where you have to worry about doing certain activities together, and you never have to reboot it because for every open there's a close coded, and for every allocate there's a deallocate (everything from Microsoft before NT violated this last one). This is nothing special. We've already seen this level of quality in Win 8.1 and earlier. Microsoft cannot be allowed to get away with one bit less stability/quality going forward. -Noel

There is no such thing as "cannot happen". An application should not be able to crash or hang the system. Just bear in mind that "should not" is not the same as "cannot". Driver software - which I imagine to be the source of many/most of the problems - can easily crash or hang or corrupt the system. Operating system software actually has to be very robust. You can't just have some dipsy application programmer throw together some code and make it part of an operating system. Well you CAN, but you just get an unstable system if you allow that. Thing is, those in the know have been saying for a long time that this business of Microsoft continually changing the code and re-releasing an in-place upgrade every 4 months will never allow the system to stabilize. Even if Microsoft could pull it off internally, think of the ongoing stress on driver makers, anti-virus makers, etc. So, if you're having crash/hang problems, you should probably try to seek out the best drivers you can, and just get used to your system not being as stable as Windows has been in past years. Backups have always been important, and they are now more than ever. That being said, the OS itself, without much add-on software and with a lot of its own unneeded components specifically disabled or removed, lightly used, DOES seem to be pretty stable for me... -Noel