Jump to content

Update Win 7, or Not ?


taos

Recommended Posts

I’ve been thinking about this for a few days.

I’m doing fresh installs of win7pro-sp1 on three machines and have been wondering if I should bother with any updates.

To begin with, I don’t use other MS products like Office, Defender, and Security Essentials, etc.  Nor do I plan to upgrade to a newer OS.  I also don't use Internet explorer.

What I had in mind was only updates for OS security

The lack of user-control and transparency with the MS update process really annoys me.  From reading at the RyanVM & MDL sites, it seems that, in order to gain control over the update process, one must waste a good amount of valuable time identifying good and bad updates, and downloading 3rd party tools.

So far I’ve been lucky with the many XPpro-sp3 setups (without further updates) that I’ve done for friends & family.  In 12 years I’ve only had to reinstall OS on one machine.  And that’s because the user was baited and clicked on some bad stuff.

Looking at the wider picture I think what worries me more than hackers is MS.  They’re the menace.  They’re the ones who are actively taking away user control, actively trying to change BIOS to not accept legacy products, actively outdating existing hardware via updates, actively trying to upgrade OS to an unwanted product.  

It seems this is the sort of cat and mouse ‘game’ that one gets into when joining the MS update ‘game’

 

*  *  *  *  *  *  *  *  *  *  *  *  *

EDIT ...

Here's some of the proposals that have emerged in this thread:

 

>  Operate with only SP1, unless your software requires something more.

 

>  Stay current only with security updates, via WSUS offline update.

 

>  Load all updates through Dec 2017, via Simplex or WSUS offline update.

 

>  Minimalist approach, just 5 updates:

    KB3177467    KB3071756    KB3033929    KB4474419    KB4490628

 

>  Install 2 essential patches to read future updates with new SHA-2 code signing, which will be implemented on August 13th, 2019

    SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7: March 12, 2019  KB4474419

    Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019  KB4490628

 

      Thanks Radish  :)

Edited by taos
Link to comment
Share on other sites


You may download and install Simplix UpdatePack7R2 v17.12.15(x86/x64) from Dec/15th/2017.  This pack do not contain telemetry updates and this Dec. update do not contain any updates related to Meltdown and Spectre yet (they started on Jan. 2018) , so no performance impact.

Source: https://forums.mydigitallife.net/threads/simplix-pack-to-update-live-win7-system-integrate-hotfixes-into-win7-distribution.45005/

Dec. Update: https://forums.mydigitallife.net/threads/simplix-pack-to-update-live-win7-system-integrate-hotfixes-into-win7-distribution.45005/page-76#post-1397574

Previous links may require register on that forum, for your convenience I copied here for you the download link.

Download Link: https://update7.simplix.info/UpdatePack7R2-17.12.15.exe

Edited by alacran
Link to comment
Share on other sites

I only install updates as need be. On my newest build, it has just the service pack for Windows 7 in it, and any updates that were "required" when installing specific programs, or any that were redists that were installed by programs.

Link to comment
Share on other sites

On 7/14/2018 at 11:37 AM, alacran said:

Thank you for the simplix link alacran.

I gave the simplix updater a test run on a spare disk.

After I installed the OS, I went to installed updates, and there were only two listed.

I then ran the simplix updater (17.12.15), which added 178 updates (it also removed one of my existing updates).

The update process lasted almost two hours. It restarted itself 3 times, as it only seems to process 80 updates max per session.

I'll see how it goes... Thanks again

Link to comment
Share on other sites

16 hours ago, Tripredacus said:

I only install updates as need be. On my newest build, it has just the service pack for Windows 7 in it, and any updates that were "required" when installing specific programs, or any that were redists that were installed by programs.

Thank you Tripredacus.

So you install Windows 7 SP1 and disable auto updates.  I like that method, too :)

I noticed that my Win7pro-sp1 disks can include varying amounts of additional updates:

* Undated generic, ebay DVD contains two additional updates, kb976902 & kb2534111

* 2010-nov.  Dell DVD contains one additional update, kb976902

* 2011-dec.  Lenovo DVD contains kb976902, IE 9, and 42 more updates

Link to comment
Share on other sites

Certainly install media may have some in there. I do not remember exactly, but it is likely the image I used had some updates in it already, more than stock DVD would.

You will likely find that OEM Recovery DVDs will not have a lot of updates in them, because those increase the ISO size and it is more expensive to have the Replicator press onto Dual Layer discs...

Link to comment
Share on other sites

11 hours ago, taos said:

Thank you for the simplix link alacran.

I gave the simplix updater a test run on a spare disk.

After I installed the OS, I went to installed updates, and there were only two listed.

I then ran the simplix updater (17.12.15), which added 178 updates (it also removed one of my existing updates).

The update process lasted almost two hours. It restarted itself 3 times, as it only seems to process 80 updates max per session.

I'll see how it goes... Thanks again

You may integrate the Update Pack to your selected install image index or all if you want (it takes long time for all indexes) on your ISO in a single run, see: http://forum.oszone.net/post-2609527-2478.html (Use Google translate to read it in your own language).

Download Link: http://files.simplix.ks.ua/boss911/UP7Integrator.7z

This way you only apply the pack once and not every install, but you may also apply the more recent pack on line after installing your December/2017 updated ISO  if you want, and it will only apply the required updates (not the 178 updates), taking only a few minutes to run it.  And control Spectre and Meltdown mitigations patchs using InSpectre: https://www.grc.com/inspectre.htm

 

alacran

Edited by alacran
Link to comment
Share on other sites

Continuing with my test setup….

 

From the simplix blog site, I downloaded patch 18.6.15,  ran it,  and then ran the new 18.6.15 updater it created.

I began with 178 updates (from simplix 17.12.15).

The 18.6.15 updater scanned the system and determined I needed 7 new updates.

After the install and restarts the new total was 170 updates.

3 of the 7 new updates didn't show up in the list.

And 12 previous updates are now missing from the list.

Is that normal behavior of simplix update process ?

* * * * *

Also downloaded InSpectre, release #8.

Do I now look for Intel download for Ivy Bridge processor ?

Link to comment
Share on other sites

Hi toas,

I'm mildly chuckling (in a good way) at what you are letting yourself be dragged into as this thread progresses. You start off just wondering if installing Win7 SP1 is okay. Then you fire yourself into a process of trying different options to see if you can update the 'good' stuff and miss the bad stuff. Not the best way to go in my opinion. I have installed Win7 Pro. x64 SP1 on my computer and, after, now, several years of use, have never had a problem with it -- rock-solid stable. I have Win Updates blocked at a couple of points on the system, so this is never going to update, ever. Of course your system will be different from mine so that might not work for you. But if it was me I'd just try try the bare install of Win7 with SP1, see if it is okay, and don't tie myself in knots trying to work around a problem that doesn't exist for my machine.

On 7/13/2018 at 8:03 PM, taos said:

The lack of user-control and transparency with the MS update process really annoys me.  From reading at the RyanVM & MDL sites, it seems that, in order to gain control over the update process, one must waste a good amount of valuable time identifying good and bad updates, and downloading 3rd party tools. 

Yup, this is what I avoid!

On 7/13/2018 at 8:03 PM, taos said:

Looking at the wider picture I think what worries me more than hackers is MS.  They’re the menace.  They’re the ones who are actively taking away user control . . .

Yup, too! Don't dance with the Devil unless you are utterly, utterly pressed into it.

All the above said, having read this thread I do like the advice you are getting from others about how to update 'safely'. I've bookmarked this thread for my own use in case I ever need it in the future. But I'd never do it unless completely pressed to it.

Link to comment
Share on other sites

21 hours ago, Radish said:

Don't dance with the Devil unless you are utterly, utterly pressed into it.

a kindred spirit :D

Yes, the advice has been good here. 

* * * * * * * *

It took almost 3 hours to install the 2 update packages onto my test setup.

170 updates. 

Blind trust was necessary.  All I see is the update label (security, hotfix, etc).

I'm not given any meaningful information about them.  

I suppose I could look up each one individually and, perhaps, uninstall  individually :thumbdown

Link to comment
Share on other sites

Starting in, I guess it was spring 2016 I got serious about making a win-7 install image using RT7.  My focus was 32-bit win-7 ultimate.  I started with win-7 SP1 installation disk and acquired a ton of individual KB's, and separated out the "bad" kb's (win-10 nags, telemetry, etc).   By mid to late August 2016 I had my "final" version, which was SP1 + 281 KB's rolled in.  The last kb (numerically speaking) was 3179573.  The last kb I was keeping track of (but not installed) was 3173040.  So at that point it would have been early September 2016, and that's when (I think) MS changed to a monthly cumulative rollup - a single update that contains god knows what.  At the time I was asking if anyone was taking those things apart to get at (and maybe evaluate) the individual kb's but my impression was (and continues to be) - no - nobody is doing that.  So that's when I stopped caring (because with MS there is no trust) so on the handful of win-7 systems I either use or manage, I've not done any updating on them AT ALL since August 2016.

Link to comment
Share on other sites

On 7/22/2018 at 2:12 AM, Nomen said:

Starting in, I guess it was spring 2016 I got serious about making a win-7 install image using RT7.  My focus was 32-bit win-7 ultimate.  I started with win-7 SP1 installation disk and acquired a ton of individual KB's, and separated out the "bad" kb's (win-10 nags, telemetry, etc).   By mid to late August 2016 I had my "final" version, which was SP1 + 281 KB's rolled in.  The last kb (numerically speaking) was 3179573.  The last kb I was keeping track of (but not installed) was 3173040.  So at that point it would have been early September 2016, and that's when (I think) MS changed to a monthly cumulative rollup - a single update that contains god knows what.  At the time I was asking if anyone was taking those things apart to get at (and maybe evaluate) the individual kb's but my impression was (and continues to be) - no - nobody is doing that.  So that's when I stopped caring (because with MS there is no trust) so on the handful of win-7 systems I either use or manage, I've not done any updating on them AT ALL since August 2016.

 

On 7/19/2018 at 2:10 AM, taos said:

Continuing with my test setup….

 

From the simplix blog site, I downloaded patch 18.6.15,  ran it,  and then ran the new 18.6.15 updater it created.

I began with 178 updates (from simplix 17.12.15).

The 18.6.15 updater scanned the system and determined I needed 7 new updates.

After the install and restarts the new total was 170 updates.

3 of the 7 new updates didn't show up in the list.

And 12 previous updates are now missing from the list.

Is that normal behavior of simplix update process ?

* * * * *

Also downloaded InSpectre, release #8.

Do I now look for Intel download for Ivy Bridge processor ?

In december 2017 i installed Updatepack and my list was 190 updates, now in july 2018 178. There are several superseded i guess.

Link to comment
Share on other sites

On 7/21/2018 at 9:12 PM, Nomen said:

...I've not done any updating AT ALL since August 2016.

Another vote for 'don't bother' :D

 

On 7/23/2018 at 2:46 PM, Osan said:

...my list was 190 updates, now (in july 2018) 178.... superseded i guess.

Thanks, that makes sense.

Link to comment
Share on other sites

I've come across another freeware updater called WSUS Offline Update.

http://download.wsusoffline.net/

Since version 10, it added the ability to download only security updates.  Looks like it can also create an iso:

68370693_WSUSofflineupdates.png.8af8ff502fa3ad51bd4aec415a0f8e56.png

 

But...  a couple of people on their forum have said that MS has introduced unwanted updates by masquerading them as security updates.

 

 

 

Edited by taos
Link to comment
Share on other sites

+1 for 'don't bother'. I also only install any KB's as and when absolutely necessary.

The thing I found most irritating about Win7 was not only having to shut off Services that were not required but also having to spend an inordinate amount of time turning off items in the Task Scheduler and Start Scheduler which report back to MS on a regular basis unless disabled.

However, having done all that as well as installing the Ram patch (have win7 x86) which can now detect and use 8GB of ram, I find the system is running nicely.

I dual boot with XP SP3 and also did not bother with any updates on that o/s either.

Good Luck

Edited by risk_reversal
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...