Jump to content

Update Win 7, or Not ?


Recommended Posts

2 hours ago, cc333 said:

@greenhillmaniac Yes, but are POSReady 7's updates compatible with plain 7, either directly or with minor modifications?

If they are, then you're correct!


Even though updates directed at Windows Embedded 7 are structurally different, because they have to target individual packages since the OS is entirely modular, unlike standard Windows 7, they will be providing extended support to Professional and Enterprise users. Although we probably won't have access to those updates, I very much doubt that MS will go to the trouble of doing different kinds of updates for POSReady 7 and the paying volume license costumers who are using the Extended Support. My guess is that POSReady 7 updates will be identical to those supplied to Professional and Enterprise users after EOL, like it has been so far.

Edited by greenhillmaniac
Link to comment
Share on other sites

On 1/11/2019 at 6:01 AM, cc333 said:


An OS is only worthless when it loses all software support; this happened with Win2k; it is largely the same as XP, and indeed, at first, many programs, unless specifically written for one version or the other, were 100% compatible with both. After XP SP2, however, it and 2k diverged quite a bit, with the eventual result being that they became mostly incompatible with one another on an API level (2k-era programs mostly ran fine on XP, but but trying to run many XP programs (aside from the simplest) on 2k was hit or miss). Again, thanks to Black Wing Cat, this disadvantage has been largely negated (many things still don't work 100%, but the important stuff does, like newish browsers).

TL;DR is that when there's a certain percentage of very dedicated people who want to use a certain Windows version, no matter how unsupported it may become, they'll find a way to make it work.

XP has no Anti-Virus support and won't work with many of the latest Firefoxes.

Link to comment
Share on other sites

  • 2 weeks later...
On 7/13/2018 at 3:03 PM, taos said:

I’ve been thinking about this for a few days.

I’m doing fresh installs of win7pro-sp1 on three machines and have been wondering if I should bother with any updates.

To begin with, I don’t use other MS products like Office, Defender, and Security Essentials, etc.  Nor do I plan to upgrade to a newer OS.  I also don't use Internet explorer.

What I had in mind was only updates for OS security

The lack of user-control and transparency with the MS update process really annoys me.  From reading at the RyanVM & MDL sites, it seems that, in order to gain control over the update process, one must waste a good amount of valuable time identifying good and bad updates, and downloading 3rd party tools.

So far I’ve been lucky with the many XPpro-sp3 setups (without further updates) that I’ve done for friends & family.  In 12 years I’ve only had to reinstall OS on one machine.  And that’s because the user was baited and clicked on some bad stuff.

Looking at the wider picture I think what worries me more than hackers is MS.  They’re the menace.  They’re the ones who are actively taking away user control, actively trying to change BIOS to not accept legacy products, actively outdating existing hardware via updates, actively trying to upgrade OS to an unwanted product.  

It seems this is the sort of cat and mouse ‘game’ that one gets into when joining the MS update ‘game’


I only have Windows 7 installed with  SP1, and IE 11 installed with the current cumulative update (11.0.105 as of January 2019). No other updates, not even to Office 2016. (I use Chrome as my browser)

I don't trust Microsoft's updates, if Win10 has been any indication. The mass layoffs of quality assurance (QA) employees in 2016 reinforces my beliefs. This isn't the Microsoft of Steve Ballmer and Bill Gates anymore. I have become very apprehensive about the quality of products coming out of Redmond nowadays. The buggy Win10 updates, and what I consider "heavy-handed" or unethical methods to push people to Win10, compromise the confidence I have in the company.

Woman wins $10,000 judgment against Microsoft for forced Windows 10 upgrade

Microsoft lays off hundreds of employees this week, largely in Redmond, London

Edited by sdfox7
Link to comment
Share on other sites

  • 2 months later...

I'm making this post in this thread in case followers of this thread missed important information on another thread that is relevant to this thread. The information regards what seem to be two essential updates that should be installed to Windows 7 SP1 systems that will still make them update-able in the future (should you so wish to selectively install any other Microsoft Updates in the future). Information is a follows:

Microsoft are going to start signing future Microsoft Updates using (what they call) SHA-2 only (so SHA-1 signing is being dropped). This change for Windows 7 starts on August 13, 2019. To accommodate this Microsoft have now released two Windows Updates that will make Windows 7 SP1 capable of reading the new SHA-2 signed Microsoft Updates. If after the August deadline you find out that there is some other new Microsoft Update that is essential to install to your system then you won't be able to install it if you don't, now, install the two current Microsoft Update SHA-2 patches. For more information see this webpage: 2019 SHA-2 Code Signing Support requirement for Windows and WSUS

The two patches that need to be installed to Windows 7 SP1 to accommodate this change are as follows:

SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008 (KB4474419)
Standalone Install Download: Microsoft Update Catalog - KB4474419

Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019 (KB4490628)
Standalone Install Download: Microsoft Update Catalog - KB4490628

The original thread that I got some of this information from is: https://msfn.org/board/topic/178186-looking-for-info-about-the-upcoming-standalone-sha-2-patch-for-win7/

It is worth reading that thread as there is mention towards the end of a someone running into difficulties when installing KB4474419.

I installed both updates on my system, in the order given above - doing a reboot after each separate install, and experienced no difficulties at all. That brings my tally of manually installed by me Windows Updates on my Win7 SP1 x64 up to five. System is still purring nicely, yahoo!

Hope this helps.

Edited by Radish
Updated KB4474419 Link Text to Reflect Recent Changes
Link to comment
Share on other sites

10 hours ago, Radish said:

That brings my tally of manually installed by me Windows Updates on my Win7 SP1 x64 up to five.

And those five are?  These perhaps?

KB3033929 (download can be accessed via here):
KB3071756 update (MS15-085) for Win7 
MicrosoftFixit50688.msi not easily available anymore, But I found it here.  [Thanks @alacran!]
Standalone Install Download: Microsoft Update Catalog - KB4474419
Standalone Install Download: Microsoft Update Catalog - KB4490628

I assume you keep .NET and IE up to date. [Since I'm not aware of any nasty updates in those two categories.] If so, do you have a list of the appropriate current updates available? [Just to keep things handy in as few posts as possible for those that want to use the minimum Win 7 updates as possible while still maintaining the maximum usability and performance.] TIA. I also realize that this approach is only recommended for careful, intelligent, and thoughtful users that use other precautions to protect themselves and don't wander in inappropriate area, don't add every possible browser extension, don't blindly click on every link in every email they receive, and don't install software from sources they are not sure of.

If @taos wouldn't mind, it would be handy if he would summarize in the first post the three or four apparent different approaches that seem to be proposed in this thread to answer his original question: [Again, just to be handy.]

1) The five or so listed above (plus ,Net and IE?)
2) Nothing except SP1 unless your software requires it (and maybe some of 1?)
3) Everything up to Dec 2017 via either Simplex or WSUS Offline Update (and maybe some of 1?)
4) Keep up to date but only security updates using WSUS Offline Update (and .NET and IE?)

That would kind of echo the approach that @dencorso uses in the thread "How to avoid being "upgraded to Win 10" against your will". Just a thought.

Cheers and Regards

Link to comment
Share on other sites

12 hours ago, bphlpt said:

And those five are?  These perhaps?

You were missing one, bphlpt. My complete list of manually installed (essential) MS Updates is as follows (in the order that I installed them) but you missed the first one, I think because you are counting Fixit50688 as a Microsoft Update, which I don't think it is, so I didn't count it. However, for the list that follows I have included the 'Fixit' as if it was an Update:

(1) KB3177467
2) KB3071756
(3) KB3033929
(4) MicrosoftFixIt50688.msi (Strictly speaking this isn't a MS Update and may not be essential on your system. See note below for some details.)
(5) KB4474419
(6) KB4490628

If I look in Control Panel\Programs\Programs and Features\View installed updates I find (in addition to the above) the following four MS Updates were also installed (note that the 'Fixit' doesn't appear in the list of installed Updates at all because it isn't an MS Update):

KB958488 (This seems to have something to do with fixing a problem in .NET Framework 3.5 SP1 Update.)
Kernel-Mode Driver Framework v1.11 KB2685811
Hotfix for Microsoft Windows KB2534111
Update for Microsoft Windows KB976902

How those above four Updates were installed to my system I have no idea. Perhaps they were installed as part of Windows 7 Pro. x64 SP1 - at the time that I installed the system. Perhaps they were installed as part of a sub-package of the Updates that I manually installed. In any case the system works fine and has done for years (with one non-critical caveat that I don't know about until fairly recently).

Note on FixIt: The caveat concerns the install of FixIt50688. I had occasion to use Windows Event Viewer to check something. I normally never use Event Viewer (though I do occasionally now) and I found the Application log was littered with errors for Event ID 10. I didn't know what that was so did some research and came across this page Event ID 10 is logged in the Application log after you install Service Pack 1 for Windows 7 or Windows Server 2008 R2 While researching at other sites there was mention that this only affected some installs of Windows 7 SP1, some installs were supposedly unaffected. So I only used the FixIt50688 because it looked like I had an affected system - and, yes, it fixed it. So anyone thinking of applying the FixIt should, I would think, check in Event Viewer first to see if it looks like there is recurring issue with Event ID 10 as described in webpage above. If there isn't an obvious issue it would be up to you, personally if there didn't seem to be a recurring issue I wouldn't 'fix it'.

14 hours ago, bphlpt said:

I assume you keep .NET and IE up to date. [Since I'm not aware of any nasty updates in those two categories.]

Windows Programs and Features says I have the following .NET components on my system:
(1) Microsoft .NET Framework 4 Client Profile
(2) Microsoft .NET Framework Extended
From memory I manually installed .NET 4.0 because my VPN needed it. If it wasn't for that I wouldn't have anything to do with .NET. If I come across software that requires a higher version of .NET then I just avoid that software (SnagIt for example) and find a program that gives similar functionality without relying on .NET. This is just personal preference on my part - wouldn't suit everyone.

IE on my system is as installed by the Windows 7 Pro. SP1 x64 installer. I have never updated it as I never use it, too paranoid about what MS is up to with their 'your data is our data' attitude - prefer Firefox by far anyway.

14 hours ago, bphlpt said:

I also realize that this approach is only recommended for careful, intelligent, and thoughtful users that use other precautions to protect themselves and don't wander in inappropriate area, don't add every possible browser extension, don't blindly click on every link in every email they receive, and don't install software from sources they are not sure of.

Yes, I'm careful and don't so silly things. That said, anti-virus software constantly running in the background dragging the system down, and causing problems elsewhere at times, is a bug-bear so I only use an on-demand scanner, ClamWin (or from PortableApps, which is what I use). I am totally scrupulous in checking downloaded files with ClamWin.

Link to comment
Share on other sites

16 hours ago, quadriped said:

What's SHA?

Secure Hash Algorithm

To be sure the technical details are beyond my pay-grade. However, in short, signing installer software with a SHA code allows the system to check if an installer file is valid, or has been somehow corrupted or perhaps (maliciously) altered in some way. If the file checks as valid the system attempts to install the software. If the file is not valid then, one would hope, the system aborts the attempt to install the software. This aborting happened with one piece of third-party software that I tried to install ages ago and doing that led to me researching, and with magnificent help from others in this thread and some information from other forums, identifying which MS Updates to install that allowed me to install the software I otherwise couldn't install. The reason the software wouldn't install in the first place was that its installer had been signed only with SHA-2 and Windows 7 SP1 does not natively support validating SHA-2 signed software, as far as I'm aware, natively, it only supports SHA-1 (which Microsoft and third-party companies are now abandoning in favour of SHA-2, which is more secure than SHA-1). Three of the essential updates flagged in this thread are to do with validating SHA-2 signed software, one for third-party installer software, and (now) two to deal with future Microsoft Updates. (From memory I think the other two essential Updates (and only the updates not the FixIt patch) that are flagged were dependencies for the SHA stuff to work properly. You'd have to read the whole thread as the details are foggy in my memory.)

17 hours ago, quadriped said:

The other vital question is: are you a radish or a dragon?

I guess I'm both. Radish my nickname for this forum. The dragon? Well I live in Scotland and not everyone knows of Scotland, but most have heard of the Loch Ness Monster, so I decided that would be a reasonable humorous avatar.

Link to comment
Share on other sites

8 hours ago, Radish said:

You were missing one, bphlpt. My complete list of manually installed (essential) MS Updates is as follows (in the order that I installed them) but you missed the first one, ...

(1) KB3177467
(6) KB4490628

It ends up that first one might not be needed after all. According to this: (look in the "Package Details" tab) KB3177467 has been replaced by KB4490628.  The "Package Details" info of KB4490628 confirms that it replaces KB3177467.  So unless KB3177467 is required as a prerequisite for one of the other updates, it looks like it can be left off.  Or you might just change the installation order.

I also need .NET for my VPN. I don't go out of my way to either use or avoid .NET, but I prefer to have it fully updated in case it is needed.

Like you, I avoid IE completely, but since I think other parts of the OS might use aspects of IE behind the scene, I choose to keep it updated, but NEVER use it on purpose.



8 hours ago, Radish said:

Hotfix for Microsoft Windows KB2534111
Update for Microsoft Windows KB976902

I THINK that one or both of those were involved in fixing the "Windows Update takes forever" problem, along with manually installing the latest IE updates and perhaps MS Office updates? I've forgotten what the solution ended up being, and how it might apply to this thread. Perhaps @dencorso can remind us? On the one hand, if you're not going to install updates you might not care how long it takes to come up with the potential update list, but on the other hand, having the computer stuck in a loop for several hours definitely indicates something is very wrong.

I have no problem with having:

8 hours ago, Radish said:

Kernel-Mode Driver Framework v1.11 KB2685811

installed, and since I keep .NET up to date that will address KB958488 that you have installed.

Cheers and Regards

Edited by bphlpt
Added discussion regarding "Windows Update takes forever"
Link to comment
Share on other sites

"If it ain't broke, don't fix it"

For several years I've chosen a totally different procedure to ensure the functioning of my Windows 7 SP1, as follows:
1.- Deactivate any kind of updates until you are sure that you need one. Many updates may not be a need for you and even have collateral unwanted effects.
2 .- Use an external USB to run Windows 7 PE and Just Manager or Free Commander as file manager to save a copy of the whole operating system into a partition of an external HDD  (just copy and paste) and another one of all your user files into a different one. When you introduce changes into your OS or into any of your folders you may format the corresponding partition and create a new copy, or simply update the modified folders or files by deleting the copied one and copy/paste the new one.

In case of need you may run again Windows PE from the external USB and any of both file managers to rebuild any damaged or modified file or folder, or even format and restore the whole OS or all your folders in a few minutes.

Fast and easy.

I also use the same security procedure for Windows 10 with excellent results . 




Edited by cannie
Link to comment
Share on other sites

I ran into a situation while travelling, that may have been exascerbated by my OS update preferences. I was unable to use the hotel guest wireless networks. Although I was away for two weeks, each week I had different computers with me but they both generally had the same problem. They could connect to the guest network, but wouldn't allow me to go anywhere via a browser. Either the guest portal wouldn't open (because it uses XSS and I have XSS blocked) or I received certificate errors.

So one casualty of trying to keep a computer under your control or secure, is that it can't be easily used in the real world.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...