Windows 10 - Deeper Impressions

[Glenn9999]

9 hours ago, JorgeA said:

That sounds interesting, I wasn't aware of it! 

For Win10 purposes, the key is whether the tool can be utilized by the user to pick and choose the updates he will put on his machine.

Also, the user would need to keep the Windows Update service disabled at all times other than when using the tool, so that Win10 couldn't find and install the patches itself.

--JorgeA

Ironically when I was writing that (main reason for it being never having the ULZ problem of certain other software and not having to fight Update Catalog by entering in KB numbers ad infinitum to get the updates), the question of the service itself being disabled (2nd page of the post, "Minimum Requirements" note #3 in the CHM).  I debated disabling and enabling the service while the program was getting the update list, but ultimately decided against doing it for doing the same things that Microsoft is doing now with Windows 10 (fun huh?).  Besides for those that are swearing by that, how do you know Microsoft's own stuff isn't doing that behind your back now?

Of course the problem is going to come on whether Microsoft allows the service to be disabled into the future (this function is very much controlled by the service itself), or honors the "Never check for updates" setting into the future, especially if we start putting out things that will expose both on Windows 10.  Ironically though, I was surprised BatchPatcher Downloader worked so well on Windows 8.1 when I ended up with it (conversely the rote offline patcher is what I really had to work on so I could use it in Windows 8.1 without issues).  

That said, the "Control Panel applet" thing was an idea to (more or less) put some of these suggestions into automated form for those that might not want to keep checking it constantly, and maybe put some of the settings back like they were.

Edited June 19, 2016 by Glenn9999

[NoelC]

1 hour ago, Glenn9999 said:

how do you know Microsoft's own stuff isn't doing that behind your back now?

That's a fair question, and it cuts to the crux of why Windows becomes difficult to approve for secure use in an era where one doesn't implicitly trust the OS vendor.

I personally know every attempted communication from any of my systems by both monitoring my DNS resolution log (I have my own DNS server) and more specifically because I run 3rd party firewall software (Sphinx) that is set to "block outgoing connections by default".  It will both block unwanted comms and let me know they were attempted.  When I don't see such attempts I can be sure they are not occurring, and I am sure they will not occur if they should be attempted.

The only update-like process I do still see occur with this setup is the update of Windows Defender definitions, which if the Windows Update service is disabled is done by the "Microsoft Malware Protection Command Line Utility" (C:\program files\microsoft security client\mpcmdrun.exe).  Apparently this is fallback behavior inside Windows Defender if the update service is off.  In that case these specific servers are contacted using http: comms:

• www.microsoft.com
• definitionupdates.microsoft.com
• go.microsoft.com

Do I know that Microsoft will never start up some process to request/install OS updates even with the wuauserv process disabled?  No.  But I do know that my system won't allow it to succeed if they do - and you can bet I will report it here, and far and wide. 

FWIW, this is the list of servers that must be enabled for the various recent versions of Windows to be able to do an update.  In my case, I only reassign this zone, which specifically allows these comms only if I'm preparing to do Windows Updates.

There are some other servers I *never* allow to be resolved or contacted, including these wildcarded names from my DNS server setup files...

• *vortex.data.microsoft.com=0.0.0.0
• *vortex-win.data.microsoft.com=0.0.0.0
• *settings-win.data.microsoft.com=0.0.0.0
• *.vo.msecnd.net=0.0.0.0
• *telemetry.microsoft.com=0.0.0.0

I can go into even more detail if you'd like.

-Noel

Edited June 19, 2016 by NoelC

[Glenn9999]

6 hours ago, NoelC said:

That's a fair question, and it cuts to the crux of why Windows becomes difficult to approve for secure use in an era where one doesn't implicitly trust the OS vendor.

All of which is wholly irrelevant to the point I was trying to make.  Most all of what is suggested in here (disabling the WU service, changing settings, host files, etc) is very non-permanent and is on the par of someone setting read-only attributes to files thinking that it will stop them from being deleted, which is the point I was trying to make.  In fact, with a significant portion of the technically inclined Windows 10 user base actively arguing that forced updates, telemetry, etc gains them trust from Microsoft (the whole virus inoculation argument basically), and would claim that the suggestions here are from people actively trying to erode the security of Windows, I wouldn't be surprised that Microsoft would force the issue at the behest of this "satisfied" portion of their user base and remove any options of these things altogether.  Simply put, it depends on what you definition of "secure" is.

Ultimately with all the "ink" spilled here, it's been an amusing read, but I'm surprised that so much trouble is being put out for things that are ultimately moot in the end if Microsoft so chooses.

There's always Linux.  If you can get it to work.

[dencorso]

45 minutes ago, Glenn9999 said:

There's always Linux.  If you can get it to work.

20 years ago today digital (aka DEC) was still alive and kicking, the commercial internet was in its infacncy, and there already were linux, FreeBSD, NetBSD and OpenBSD, and yet, most of us didn't go that way, even when used to working on unix workstations and the like... who can really know what we'll actually decide to do when using both XP sp3 and 7 sp1 become impossible, many years hence?

[NoelC]

3 hours ago, Glenn9999 said:

All of which is wholly irrelevant to the point I was trying to make. 

Not really, no, it's not at all irrelevant when you consider timing.  You make the mistake of thinking that nothing we do can thwart Microsoft's control over what we already have.  There's a reason some of us haven't adopted the "free" upgrade for anything more than testing in VMs.

Dencorso has it right.  When the last of the permanently licensed operating systems can no longer be kept on life support or they are just too irrelevant to be useful any more for real development or content production use we can only hope that another shining star has arisen.

I like the slogan Wikipedia shows along with the logo...

-Noel

Edited June 20, 2016 by NoelC

[rn10950]

6 hours ago, NoelC said:

Dencorso has it right.  When the last of the permanently licensed operating systems can no longer be kept on life support or they are just too irrelevant to be useful any more for real development or content production use we can only hope that another shining star has arisen.

Well, we can only hope that most developers and content producers will remain on Windows 7 (or 8.1 or XP). As long as third-party developers remain on the older OSes, there will be software for them. I don't see that many people that know what's actually going on moving to 10 anytime soon. I can see third-party support for Windows 7 going into the late 2020s, possibly the 2030s. (Look at XP, it's fifteen years old and still perfectly usable in the modern world, and it has a worthwhile successor, something that Windows 7/8.1 doesn't)

[ralcool]

Well, moving forward.. I can't see IMHO, why the connections to the outside world can't be purely virtual in a sand boxed VM.. and the bare OS running on metal could be any almost generation. The catch is going too far and sand boxing everything... we end up in a XAML or Apple ecosystem. VMware and others could become a more complete host enviroment and do away with the underlying OS altogether.

If the real threat is the outside world for an 'obsolete' operating system, and a possibly similarly critical environment based on that system- then a permanently licensed system with an air gap is the only option.  The legacy of legacy systems is they tend not to rely on the actual internet.... just old fashioned networking itself.

Some random thoughts....

[NoelC]

4 hours ago, rn10950 said:

Look at XP, it's fifteen years old and still perfectly usable in the modern world

Unfortunately, not quite.  It can't run any recent version of Adobe software (e.g., Photoshop) after CS6, for example.  And I believe a lot of games require newer graphics implementations than XP can offer.  I have moved my own graphics products (which are pretty much tied to Photoshop) ahead so that they simply refuse to install on Windows XP.  It's not because I dislike XP - I need a modern OpenGL implementation, guaranteed SSE2 instruction support for performance, the GDI+ subsystem for UI work, and a number of other things under the covers such as solid 64 bit support (and yes, I know about XP x64 and used it for a long time).

In short, technology marches on, and software starts to need advancements the older system doesn't support.

However, if you look at XAML/UWP/the App ecology in a hard light, there's really no technology advancement, just rearrangement of the chairs - which equates pretty clearly to no "must have" Apps becoming available so far.  That being said, there IS only one place you can run DirectX 12, so it's clear Microsoft isn't completely unaware of how things play out.  And, looking forward, they like to think everyone's going to want a Hololens and to talk with Cortana.  They're not completely wrong about that.  So the present situation of "Win7/8.1 is good enough to keep using" isn't going to keep forever.

I think their main shortcoming is simply their limitations of technical capability.  Doing software and systems that are truly useful just isn't easy.

Does Win 10 have enough "new innovation" to start becoming an attractive environment for cutting edge software that can/will only run exclusively on Win 10 and above?  That's the ultimate question.  So far, since Microsoft simply isn't able to execute at a cutting edge level, not so much.  I haven't heard of any App yet that I want or need or can't find an alternative for in the desktop world. 

But time will change that.  In time, Microsoft will ultimately succeed at changing the definition of "normal".  I'm not playing devil's advocate, just taking a realistic look ahead - much as what Glenn9999 has done above. 

The bottom line question is this:  How many years do we have for Microsoft to mold Windows 10 into something we want / need?

-Noel

Edited June 20, 2016 by NoelC

[jaclaz]

Ok, perfectly usable for anything but top-end graphics and games.

You know, quite a few people use computers to write text, make calculations on spreadsheets, and similar activities in which the 64 bits are totally irrelevant, and the SSE2, GDI+ and a number of other new technologies are even less relevant .

You (and your software thingies) are surely on the "cutting edge", but the rest of the world is less advanced than that.

jaclaz
 

[JorgeA]

From a vigorous Win10 defender, an interesting tidbit about the perceived value of mobile apps -- and, by extension, about the value of the whole Windows 10 model. Discussion starts at 30:42:
 

Quote

Interesting little stat about mobile apps: I've seen something like this before but this one popped back up last week in a new study, but they say 25 percent of people abandon a mobile app after just one use. So a lot of apps might get downloaded, but 25 percent don't ever go back to that app again, and that's a large chunk of people...

All this talk about apps... I forget the stats that I read before, but it was something like after two or three months, 65-70 percent of users never go back to those apps that they used on a regular basis at that point either...

--JorgeA

[JorgeA]

On Sunday, June 19, 2016 at 6:50 AM, zolotron said:

I've been using Win Update MiniTool updates for a few months and so far it's working very well. I'm able to hide updates, install offline and select what I want on a pro x64 and yes I do disable updates in between and can't understand why people on various forums get so excited about new updates as well as new betas coming out on the various rings. It's like they forget the OS should be working for them so once set and running it's just used to do the needed work be it surfing or much more complex stuff but Win 10 forever needs to be worked on and modified and when you finish it's updated again and the whole thing restarts. Kind of why bother to use it for anything more than maybe entertainment while the real work is done on 7 or 8.1 or Linux. Win 10 is like being a slave to satisfying Microsoft rather than a tool for work

[emphasis added]

Fantastic observations! 

--JorgeA

[NoelC]

1 hour ago, jaclaz said:

Ok, perfectly usable for anything but top-end graphics and games.

That's a very good point.  There certainly DOES need to be a balance between change in technology that ENABLES new things that are needed, vs. CAUSES TROUBLE with existing things that are needed.  The number of those existing things is growing as we all become more dependent, while the number of new things is shrinking.

Another way to put it:  Would we be just as well off without the most cutting-edge tech?  It's pretty clear we'd be generally better off without things going in the direction of Windows 10.  Where could you draw the line?  Maybe an OS should be left alone for 30 years so that a nice, complete ecology can grow around it.  One of the reasons any of us can have a really complete, functional computer system to do whatever it is we do is because Windows has been careful to maintain compatibility for decades.

If anything, now is the time to polish what's there, not try to throw it all out and start with something else (and which happens to be inferior).

-Noel

Edited June 20, 2016 by NoelC

[JorgeA]

On Sunday, June 19, 2016 at 6:39 AM, xpclient said:

Because starting and stopping the WU service is one more headache. I don't want to manage the updates service. Why should I have to do that? In earlier versions like Win7, a balloon told me updates were available. When I felt like it, I went to WU which was pinned to my Start menu, installed them and forgot about it. In Windows 10, I get a hideously ugly annoying notification which overlays all other windows and says "Requires updates need to be downloaded". It opens WU even if I press Esc or Alt+F4 on it.

It's undeniably true that getting to run Windows 10 the way that XP, Vista, or 7 run is a lot of work -- see the enormous effort that NoelC has put into tamping down the Win10 telemetry. And in the end you still end up with a number of drawbacks, including the Settings app that spaces out the category labels as if screen real estate were cheap.

Other than simply accepting whatever the Lords of Microsoft choose to dispense to us peasants, there are three different ways we can approach the situation:

1. Hang on to a previous version of Windows and fortify it against emerging threats as well as we can for as long as we can;
2. Migrate to a different OS family altogether;
3. Mitigate the unacceptable aspects of Windows 10 as best we can.

In this thread we've covered all three strategies. Use of the Windows Update MiniTool would fall under #3. A user adopting that approach would install Classic Shell and Aero Glass; disable or uninstall UWP apps; implement NoelC's advice regarding firewalls and the hosts file; and now (possibly) use the WUMT, all in the attempt to preserve as much as possible the Windows experience as we know it. And there has been considerable interest in this third approach, as the success of Classic Shell and the length of the Aero Glass threads here on MSFN attest.

Microsoft could probably destroy #3 anytime they wanted by removing from Windows the bits that make those mitigations possible, and then those who went that route would have some hard choices to make. But in the meantime, #3 is one way to try to make staying in your home tolerable enough without digging a moat or going into exile.

--JorgeA

[NoelC]

And let's not forget that they are seriously attacking the "tweak the OS to be acceptable" approach by keeping Windows a moving target (releases every 6 months, more often for "insiders").

-Noel

[BudwS]

On 6/19/2016 at 3:50 AM, zolotron said:

Kind of why bother to use it for anything more than maybe entertainment while the real work is done on 7 or 8.1 or Linux. Win 10 is like being a slave to satisfying Microsoft rather than a tool for work

Or OS X 10.11         Yup, where the real work is done.   Win 10 is for smiles so it has a use.