taos Posted July 13, 2018 Posted July 13, 2018 (edited) I’ve been thinking about this for a few days. I’m doing fresh installs of win7pro-sp1 on three machines and have been wondering if I should bother with any updates. To begin with, I don’t use other MS products like Office, Defender, and Security Essentials, etc. Nor do I plan to upgrade to a newer OS. I also don't use Internet explorer. What I had in mind was only updates for OS security The lack of user-control and transparency with the MS update process really annoys me. From reading at the RyanVM & MDL sites, it seems that, in order to gain control over the update process, one must waste a good amount of valuable time identifying good and bad updates, and downloading 3rd party tools. So far I’ve been lucky with the many XPpro-sp3 setups (without further updates) that I’ve done for friends & family. In 12 years I’ve only had to reinstall OS on one machine. And that’s because the user was baited and clicked on some bad stuff. Looking at the wider picture I think what worries me more than hackers is MS. They’re the menace. They’re the ones who are actively taking away user control, actively trying to change BIOS to not accept legacy products, actively outdating existing hardware via updates, actively trying to upgrade OS to an unwanted product. It seems this is the sort of cat and mouse ‘game’ that one gets into when joining the MS update ‘game’ * * * * * * * * * * * * * EDIT ... Here's some of the proposals that have emerged in this thread: > Operate with only SP1, unless your software requires something more. > Stay current only with security updates, via WSUS offline update. > Load all updates through Dec 2017, via Simplex or WSUS offline update. > Minimalist approach, just 5 updates: KB3177467 KB3071756 KB3033929 KB4474419 KB4490628 > Install 2 essential patches to read future updates with new SHA-2 code signing, which will be implemented on August 13th, 2019 SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7: March 12, 2019 KB4474419 Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019 KB4490628 Thanks Radish Edited May 3, 2019 by taos
alacran Posted July 14, 2018 Posted July 14, 2018 (edited) You may download and install Simplix UpdatePack7R2 v17.12.15(x86/x64) from Dec/15th/2017. This pack do not contain telemetry updates and this Dec. update do not contain any updates related to Meltdown and Spectre yet (they started on Jan. 2018) , so no performance impact. Source: https://forums.mydigitallife.net/threads/simplix-pack-to-update-live-win7-system-integrate-hotfixes-into-win7-distribution.45005/ Dec. Update: https://forums.mydigitallife.net/threads/simplix-pack-to-update-live-win7-system-integrate-hotfixes-into-win7-distribution.45005/page-76#post-1397574 Previous links may require register on that forum, for your convenience I copied here for you the download link. Download Link: https://update7.simplix.info/UpdatePack7R2-17.12.15.exe Edited July 14, 2018 by alacran 1
Tripredacus Posted July 16, 2018 Posted July 16, 2018 I only install updates as need be. On my newest build, it has just the service pack for Windows 7 in it, and any updates that were "required" when installing specific programs, or any that were redists that were installed by programs. 1
taos Posted July 17, 2018 Author Posted July 17, 2018 On 7/14/2018 at 11:37 AM, alacran said: Download Link: https://update7.simplix.info/UpdatePack7R2-17.12.15.exe Thank you for the simplix link alacran. I gave the simplix updater a test run on a spare disk. After I installed the OS, I went to installed updates, and there were only two listed. I then ran the simplix updater (17.12.15), which added 178 updates (it also removed one of my existing updates). The update process lasted almost two hours. It restarted itself 3 times, as it only seems to process 80 updates max per session. I'll see how it goes... Thanks again
taos Posted July 17, 2018 Author Posted July 17, 2018 16 hours ago, Tripredacus said: I only install updates as need be. On my newest build, it has just the service pack for Windows 7 in it, and any updates that were "required" when installing specific programs, or any that were redists that were installed by programs. Thank you Tripredacus. So you install Windows 7 SP1 and disable auto updates. I like that method, too :) I noticed that my Win7pro-sp1 disks can include varying amounts of additional updates: * Undated generic, ebay DVD contains two additional updates, kb976902 & kb2534111 * 2010-nov. Dell DVD contains one additional update, kb976902 * 2011-dec. Lenovo DVD contains kb976902, IE 9, and 42 more updates
Tripredacus Posted July 17, 2018 Posted July 17, 2018 Certainly install media may have some in there. I do not remember exactly, but it is likely the image I used had some updates in it already, more than stock DVD would. You will likely find that OEM Recovery DVDs will not have a lot of updates in them, because those increase the ISO size and it is more expensive to have the Replicator press onto Dual Layer discs... 1
alacran Posted July 17, 2018 Posted July 17, 2018 (edited) 11 hours ago, taos said: Thank you for the simplix link alacran. I gave the simplix updater a test run on a spare disk. After I installed the OS, I went to installed updates, and there were only two listed. I then ran the simplix updater (17.12.15), which added 178 updates (it also removed one of my existing updates). The update process lasted almost two hours. It restarted itself 3 times, as it only seems to process 80 updates max per session. I'll see how it goes... Thanks again You may integrate the Update Pack to your selected install image index or all if you want (it takes long time for all indexes) on your ISO in a single run, see: http://forum.oszone.net/post-2609527-2478.html (Use Google translate to read it in your own language). Download Link: http://files.simplix.ks.ua/boss911/UP7Integrator.7z This way you only apply the pack once and not every install, but you may also apply the more recent pack on line after installing your December/2017 updated ISO if you want, and it will only apply the required updates (not the 178 updates), taking only a few minutes to run it. And control Spectre and Meltdown mitigations patchs using InSpectre: https://www.grc.com/inspectre.htm alacran Edited July 17, 2018 by alacran 2
taos Posted July 19, 2018 Author Posted July 19, 2018 Continuing with my test setup…. From the simplix blog site, I downloaded patch 18.6.15, ran it, and then ran the new 18.6.15 updater it created. I began with 178 updates (from simplix 17.12.15). The 18.6.15 updater scanned the system and determined I needed 7 new updates. After the install and restarts the new total was 170 updates. 3 of the 7 new updates didn't show up in the list. And 12 previous updates are now missing from the list. Is that normal behavior of simplix update process ? * * * * * Also downloaded InSpectre, release #8. Do I now look for Intel download for Ivy Bridge processor ?
Radish Posted July 19, 2018 Posted July 19, 2018 Hi toas, I'm mildly chuckling (in a good way) at what you are letting yourself be dragged into as this thread progresses. You start off just wondering if installing Win7 SP1 is okay. Then you fire yourself into a process of trying different options to see if you can update the 'good' stuff and miss the bad stuff. Not the best way to go in my opinion. I have installed Win7 Pro. x64 SP1 on my computer and, after, now, several years of use, have never had a problem with it -- rock-solid stable. I have Win Updates blocked at a couple of points on the system, so this is never going to update, ever. Of course your system will be different from mine so that might not work for you. But if it was me I'd just try try the bare install of Win7 with SP1, see if it is okay, and don't tie myself in knots trying to work around a problem that doesn't exist for my machine. On 7/13/2018 at 8:03 PM, taos said: The lack of user-control and transparency with the MS update process really annoys me. From reading at the RyanVM & MDL sites, it seems that, in order to gain control over the update process, one must waste a good amount of valuable time identifying good and bad updates, and downloading 3rd party tools. Yup, this is what I avoid! On 7/13/2018 at 8:03 PM, taos said: Looking at the wider picture I think what worries me more than hackers is MS. They’re the menace. They’re the ones who are actively taking away user control . . . Yup, too! Don't dance with the Devil unless you are utterly, utterly pressed into it. All the above said, having read this thread I do like the advice you are getting from others about how to update 'safely'. I've bookmarked this thread for my own use in case I ever need it in the future. But I'd never do it unless completely pressed to it. 1
taos Posted July 20, 2018 Author Posted July 20, 2018 21 hours ago, Radish said: Don't dance with the Devil unless you are utterly, utterly pressed into it. a kindred spirit Yes, the advice has been good here. * * * * * * * * It took almost 3 hours to install the 2 update packages onto my test setup. 170 updates. Blind trust was necessary. All I see is the update label (security, hotfix, etc). I'm not given any meaningful information about them. I suppose I could look up each one individually and, perhaps, uninstall individually
Nomen Posted July 22, 2018 Posted July 22, 2018 Starting in, I guess it was spring 2016 I got serious about making a win-7 install image using RT7. My focus was 32-bit win-7 ultimate. I started with win-7 SP1 installation disk and acquired a ton of individual KB's, and separated out the "bad" kb's (win-10 nags, telemetry, etc). By mid to late August 2016 I had my "final" version, which was SP1 + 281 KB's rolled in. The last kb (numerically speaking) was 3179573. The last kb I was keeping track of (but not installed) was 3173040. So at that point it would have been early September 2016, and that's when (I think) MS changed to a monthly cumulative rollup - a single update that contains god knows what. At the time I was asking if anyone was taking those things apart to get at (and maybe evaluate) the individual kb's but my impression was (and continues to be) - no - nobody is doing that. So that's when I stopped caring (because with MS there is no trust) so on the handful of win-7 systems I either use or manage, I've not done any updating on them AT ALL since August 2016.
Osan Posted July 23, 2018 Posted July 23, 2018 On 7/22/2018 at 2:12 AM, Nomen said: Starting in, I guess it was spring 2016 I got serious about making a win-7 install image using RT7. My focus was 32-bit win-7 ultimate. I started with win-7 SP1 installation disk and acquired a ton of individual KB's, and separated out the "bad" kb's (win-10 nags, telemetry, etc). By mid to late August 2016 I had my "final" version, which was SP1 + 281 KB's rolled in. The last kb (numerically speaking) was 3179573. The last kb I was keeping track of (but not installed) was 3173040. So at that point it would have been early September 2016, and that's when (I think) MS changed to a monthly cumulative rollup - a single update that contains god knows what. At the time I was asking if anyone was taking those things apart to get at (and maybe evaluate) the individual kb's but my impression was (and continues to be) - no - nobody is doing that. So that's when I stopped caring (because with MS there is no trust) so on the handful of win-7 systems I either use or manage, I've not done any updating on them AT ALL since August 2016. On 7/19/2018 at 2:10 AM, taos said: Continuing with my test setup…. From the simplix blog site, I downloaded patch 18.6.15, ran it, and then ran the new 18.6.15 updater it created. I began with 178 updates (from simplix 17.12.15). The 18.6.15 updater scanned the system and determined I needed 7 new updates. After the install and restarts the new total was 170 updates. 3 of the 7 new updates didn't show up in the list. And 12 previous updates are now missing from the list. Is that normal behavior of simplix update process ? * * * * * Also downloaded InSpectre, release #8. Do I now look for Intel download for Ivy Bridge processor ? In december 2017 i installed Updatepack and my list was 190 updates, now in july 2018 178. There are several superseded i guess.
taos Posted July 26, 2018 Author Posted July 26, 2018 On 7/21/2018 at 9:12 PM, Nomen said: ...I've not done any updating AT ALL since August 2016. Another vote for 'don't bother' On 7/23/2018 at 2:46 PM, Osan said: ...my list was 190 updates, now (in july 2018) 178.... superseded i guess. Thanks, that makes sense.
taos Posted July 26, 2018 Author Posted July 26, 2018 (edited) I've come across another freeware updater called WSUS Offline Update. http://download.wsusoffline.net/ Since version 10, it added the ability to download only security updates. Looks like it can also create an iso: But... a couple of people on their forum have said that MS has introduced unwanted updates by masquerading them as security updates. Edited July 26, 2018 by taos
risk_reversal Posted July 29, 2018 Posted July 29, 2018 (edited) +1 for 'don't bother'. I also only install any KB's as and when absolutely necessary. The thing I found most irritating about Win7 was not only having to shut off Services that were not required but also having to spend an inordinate amount of time turning off items in the Task Scheduler and Start Scheduler which report back to MS on a regular basis unless disabled. However, having done all that as well as installing the Ram patch (have win7 x86) which can now detect and use 8GB of ram, I find the system is running nicely. I dual boot with XP SP3 and also did not bother with any updates on that o/s either. Good Luck Edited July 29, 2018 by risk_reversal
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now