How to purge KB3139929 (MS16-023) from its KB3146449 infestation?

[dencorso]

Ditto. Any ideas?

[dencorso]

** reserved **

[NoelC]

And so it has come down to it...  A choice between "Security" and "Functionality". 

Does the Fear, Uncertainty, and Doubt inflicted by such statements as "Maximum Security Impact: Remote Code Execution" and "Aggregate Severity Rating: Critical" outweigh the downside of allowing Microsoft's unwanted programming into your system?  Presumably the reduction of that fear is the reason for wanting something like MS16-023.

Let's think about this for a minute...

What do we fear more?

Here we have Microsoft KNOWN to be loading unwanted "GET WINDOWS 10" functionality into our systems.  I haven't seen full and complete documentation describing exactly what that does, have you?

But even without knowing whether it's seriously malicious or just an annoyance, those of us continuing to use perfectly viable, permanently activated operating systems on our still quite viable computers and who have not already taken advantage of the "FREE! UPGRADE!!!" clearly don't want Windows 10.  I mean, I guess there could be the odd person just returning from a year-long African safari who doesn't know about Windows 10 yet, but...  The rest of us already know we don't want it, and why.

It boils down to this:  WHOSE Remote Code Execution should we allow, then?

Microsoft, definitely loading unwanted malware - the devil we know - or the potential risk of some malware author loading up just the right stuff on just the right web site and our browser succumbing to infection.  Sorry to burst Microsoft's FUD bubble, but that risk is not 100%!  If it were, we'd all have been infected long ago via all the vulnerabilities that were (and still are) in the system.

And, there's something else to think about...

There is always the unquestioned assumption that these "security updates" are perfect.  That they correct the bug perfectly without ANY downsides.  No negative performance impact, no new security flaws introduced...  All good, right?

Are Microsoft's programmers actually capable of that?

They weren't when they wrote the code that's being patched...

-Noel

[dencorso]

While I repect your opinion, and agree with you along most of it, I'm trying to cater for those, like me, who still are not decided to just stop updating. What I'm pointing to here is that KB3146449 must be a subset of the files in KB3139929, which can be removed, substituted by dummies, or otherwise inactivated. The aim of this thread is to fion out how to do it, and provide a solution. It's always better to light a candle, than to curse the darkness... unless the room is full of illuminating gas, of course!

[NoelC]

Using your analogy, I just don't go into the room, as the door is pretty clearly marked "Abandon all hope ye who enter here".  The room I'm already in is brightly lit and cheerful.

Trust me, if I had ideas how to deal with it I'd let you (and the world) know here.  It occurred to me that if Microsoft has built one set of source code that contains both GWX components and security fixes, it may just be possible the two are inextricably linked.  Not that they HAVE to be linked, but they may well be just owing to the way Microsoft's programmers work.  Never forget, these are not the brightest candles in the room any longer.

Up above, I was just trying to give perspective.  I've long believed that the security FUD machine is leading up to this moment, when Microsoft tries to turn their old shoddy work into a reason people find it NECESSARY to accept their new shoddy work.

-Noel

Edited March 13, 2016 by NoelC