Jump to content

How to avoid being "upgraded to Win 10" against your will:


dencorso

Recommended Posts

Look at my list (Post #1)... the undesirable updates included in KB3125574 are now marked "(also in CR)". Then you tell me what you think I think about roll-ups in general, OK?

However, in particular, this KB3156417 seems to be harmless, AFAICS.

Edited by dencorso
Corrected answer after I realized I'd misread your question. Sorry!
Link to comment
Share on other sites


???? "This article describes a convenience rollup for Windows 7 Service Pack 1 (SP1)-based and Windows Server 2008 R2 SP1-based computers. This rollup package includes almost all the updates that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2, through April 2016. This convenience rollup is intended to make it easy to integrate fixes that were released after SP1 for Windows 7 and Windows Server 2008 R2. We recommend that you include this rollup package in the image creation process to make it easier to quickly set up a computer."

So, is this some kind of "rollup" like ye olde Win2K/XP-MCE but *may* include stuff you don't want? It kind of imples if you install this at a clean install/integrate you'll be up-to-date? (but with slipped-in telemetry and GWX, the dirty barstoods)

Also "To get the package for this update, go to the Microsoft Update Catalog website" and "Prerequisites"...

:ph34r:

Hrrmmm... Your post in here says A-OK (mostly)...

http://www.msfn.org/board/topic/175618-convenience-rollup-update-for-win-7-sp1/

Edited by submix8c
Link to comment
Share on other sites

  • 3 weeks later...

I suggest waiting a few weeks at least, or dropping off the update cycle altogether (on that Woody Leonhard and I disagree).

I've personally adopted a "not unless I'm convinced of a real need" moving forward.

  • Microsoft is no longer trustworthy - they've proven it, it's not hype.
     
  • I don't personally believe they any longer have the desire or talent to deliver bug-free patches.  Remember that they've adopted a "let the customers test it" philosophy.  Why would you assume that software delivered by Windows Update is any less buggy than the software it replaces?

Yes, there comes a time of anxiety, but understand that it's largely hype-driven.  If you're conscientious, there's really no reason to feel "OMG, my system is now insecure!"  If there are latent vulnerabilities, you've had them all along.  If you're exposing your system's vulnerabilities to the wild internet by, I don't know, just browsing and downloading with abandon (i.e., allowing any old site to run any old program) then you're the vulnerability, not the system.

If security concerns you, please see my lastest HostsCompiler script for improving your security picture FAR MORE than any Windows Update.

-Noel

Link to comment
Share on other sites

On 4/12/2016 at 6:03 AM, JorgeA said:

Huh, so when Intel and Microsoft announced that they would stop supporting Windows 7 on Skylake next April, it was not entirely unprecedented.

I was going to write that it was not unprecedented "except for" the fact that support was ending before Win7 went EOS, but even that doesn't seem to be true: Vista doesn't go EOS until next year, and yet AMD stopped supporting it three years ago. So this sort of thing has already happened?  :unsure:

Bummer.

LOl This things are done as ms is giving them some money. Nothing rather than forcing users to 10.

everyone know nvdia"s geforce pakage of xp can run newer cards still they are not including any inf entries so that no one can use any thing higher than gtx960

Link to comment
Share on other sites

On the Win 7 Pro SP1 64-bit machine in my wife's mini-office, Windows Update has a "Rollup" update as "Optional", and it would install the following - what do you all think?

This update package fixes the issues that are documented in the following Microsoft Knowledge Base articles:
•KB3154228 32-bit icons can't be loaded in OleLoadPictureEx in Windows
•KB3153727 Windows Installer with certain actions can't be installed on Windows Server 2012 R2 or Windows Server 2008 R2 SP1
•KB3161647 Windows Update Client for Windows 7 and Windows Server 2008 R2: June 2016
•KB3161897 WDS deployment fails when UEFI clients are in routed environments in Windows Server 2008 R2 SP1
•KB3161639 Update to add new cipher suites to Internet Explorer and Microsoft Edge in Windows
•KB3163644 Microsoft Office 2010 doesn't start when EMET is enabled in Windows 7 or Windows Server 2008 R2

Of course, I'm suspicious about "•KB3161647 Windows Update Client for Windows 7 and Windows Server 2008 R2: June 2016".

Thanks.

Link to comment
Share on other sites

dencorso - thanks.  I get the impression from your other thread that
KB3161647 Windows Update Client for Windows 7 and Windows Server 2008 R2: June 2016
is OK and might even help with the update delays.

But does anyone here see a GWX effect after it's installed?

(And I understand we cannot uninstall an individual KB from a rollup using, for example, wusa /uninstall /kb:3161647 .  Am I correct about that?)

Link to comment
Share on other sites

The problem is that KB3161647 is not available by itself, but only as part of KB3161608, which from all reports does fix the endless wait times to update Windows 7 - at least this month.  There are no GWX components to KB3161608, but there might be some minor telemetry aspects in it ( I have heard that it includes KB3138612 but I'm not sure if that's true).  So you have to decide if it's worth it, or maybe wait until next month and see if it still fixes the issue or if there is another "solution".

Cheers and Regards

Link to comment
Share on other sites

Or you could just set the Windows Update bag of bricks down and walk happily away.  :) 

Microsoft WANTS us to worry about updates, to obsess over them, to incessantly make running Windows all about them, and not about what we're trying to use the operating system to accomplish.

As a side benefit you can start to explore long uptimes...

ScreenGrab_SVN_2016_06_26_081259.png

-Noel

Edited by NoelC
Link to comment
Share on other sites

On Sunday, June 26, 2016 at 4:24 AM, bphlpt said:

The problem is that KB3161647 is not available by itself, but only as part of KB3161608, which from all reports does fix the endless wait times to update Windows 7 - at least this month.  There are no GWX components to KB3161608, but there might be some minor telemetry aspects in it ( I have heard that it includes KB3138612 but I'm not sure if that's true).  So you have to decide if it's worth it, or maybe wait until next month and see if it still fixes the issue or if there is another "solution".

Cheers and Regards

My concern with 3161608/3161647 is telemetry: presumably all updates to the WU client include 3112343, listed on post 1 as "This update also improves the ability of Microsoft to monitor the quality of the upgrade experience."

But if it's the only fix for days-long WU downloads, our only realistic choices may be either to live with it or live without updates.

Or maybe not. Has anyone tried this from Safer-Networking.org?

 

Edited by Mathwiz
Link to comment
Share on other sites

1 hour ago, Mathwiz said:

Or maybe not. Has anyone tried this from Safer-Networking.org?

I tried it on my Win10 test system. It seems to have worked fine without any issues, but then I didn't perform comparative monitoring/testing of outgoing connections before and after installing it.

--JorgeA

Link to comment
Share on other sites

Y'know, having a system gather telemetry data, then just block the sending of it is a bit like living on the edge...

1.  It takes system resources (CPU, disk space) to gather it.  At the very least it's going to slightly reduce the goodness of your computing experience.

2.  It's then poised and ready to take advantage of any momentary hole that appears in your blocking strategy.  Let's say you have to do an in-place upgrade to recover from a problem, or install some other new update that reverts privacy settings, or...   Boom, a few megabytes/gigabytes get through the crack in the dam before you know it, and then the cat's out of the bag; it's all been for nothing.

Oh, and one more thing...  Regarding blocking telemetry via hosts...  There are some telemetry servers that can't easily be blocked by entries in your hosts file - for example there are a whole bunch of Azure telemetry servers that have the form az______.vo.msecnd.net.  For that reason I've added wildcarded entries in my DNS server.  Note that most people don't run their own DNS server or have wildcarding capabiliity:

*vortex.data.microsoft.com=0.0.0.0
*vortex-win.data.microsoft.com=0.0.0.0
*settings-win.data.microsoft.com=0.0.0.0
*vo.msecnd.net=0.0.0.0
*telemetry.microsoft.com=0.0.0.0

And some applications - such as Visual Studio - don't actually heed the system telemetry settings you may have set.

With all my system settings tweaked for greatest privacy, owing to the above settings I have STILL seen these attempts blocked (noting "not found")...

C:\TEMP>checkdnslogs "(vortex.data.microsoft.com|vortex-win.data.microsoft.com|settings-win.data.microsoft.com|.vo.msecnd.net|telemetry.microsoft.com).*not found" | sed -e "s/^.*\, //g" | gsort -u
az361816.vo.msecnd.net A not found
az416426.vo.msecnd.net A not found
az512334.vo.msecnd.net A not found
az590556.vo.msecnd.net A not found
az616578.vo.msecnd.net A not found
az623152.vo.msecnd.net A not found
az648995.vo.msecnd.net A not found
az667904.vo.msecnd.net A not found
az700632.vo.msecnd.net A not found
az705183.vo.msecnd.net A not found
az712685.vo.msecnd.net A not found
az725175.vo.msecnd.net A not found
az743373.vo.msecnd.net A not found
az743556.vo.msecnd.net A not found
az803469.vo.msecnd.net A not found
az835927.vo.msecnd.net A not found
az840064.vo.msecnd.net A not found
mscomajax.vo.msecnd.net A not found
settings-win.data.microsoft.com A not found
sqm.telemetry.microsoft.com A not found
telemetry.microsoft.com A not found
v10.vortex-win.data.microsoft.com A not found
vortex-win.data.microsoft.com A not found
vortex.data.microsoft.com A not found
web.vortex.data.microsoft.com A not found

Vortex indeed...  Yes, Microsoft technically admits that it sucks!

-Noel

Link to comment
Share on other sites

4 hours ago, NoelC said:

... There are some telemetry servers that can't easily be blocked by entries in your hosts file - for example there are a whole bunch of Azure telemetry servers that have the form az______.vo.msecnd.net.  For that reason I've added wildcarded entries in my DNS server.  Note that most people don't run their own DNS server or have wildcarding capability:

*vortex.data.microsoft.com=0.0.0.0
*vortex-win.data.microsoft.com=0.0.0.0
*settings-win.data.microsoft.com=0.0.0.0
*vo.msecnd.net=0.0.0.0
*telemetry.microsoft.com=0.0.0.0

-Noel

Back in my Win98 days (and I still use my Win98 PC once in a while), I needed a similar wild-card capability for ad blocking, and used a freeware program called DNSKong for this purpose. I just Googled it and apparently, it still exists - and it seems to run fine on Win 7 (someone will need to try it on Win 8 through 10): http://www.pyrenean.com/Filtering. If you set up DNSKong, add the above domains (w/o the * or "=0.0.0.0" parts) to DNSKong's named.txt file and, in combination with the numerous hosts entries added by Spybot Anti-Beacon, you should be set.

Depending on your router, you may also be able to set up the above blocks there; but that process varies greatly from one router to another and isn't possible on all of them.

BTW, I agree we should try to avoid telemetry updates in the first place if/when feasible. But for those of us not quite ready to ditch Windows updates altogether, updates with telemetry are likely to sneak through on occasion. (In particular, the latest "Windows update update" appears necessary for updates to finish in a reasonable amount of time, and is likely to include the WU telemetry introduced back in December.) So a combination of strategies - both blocking bad updates and blocking telemetry servers - seems more prudent than relying on either strategy alone.
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...