Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • New Windows 7/8.1 updating method coming

    Home Forums AskWoody blog New Windows 7/8.1 updating method coming

    This topic contains 115 replies, has 39 voices, and was last updated by  walker 6 days, 6 hours ago.

    • Author
      Posts
    • #115927 Reply

      woody
      Da Boss

      It’s almost time to move the MS-DEFCON level, but when I do, I want to get it right – and get your input. As you all know, I’ve recommended “Group A”
      [See the full post at: New Windows 7/8.1 updating method coming]

      7 users thanked author for this post.
    • #115936 Reply

      zero2dash
      AskWoody Lounger

      I still feel that group W is a reasonable option. You can install updates as needed, and forego the rest. Let me also expand upon that by saying that some AV’s (I know of Bitdefender) protected against WannaCry almost immediately, which was a great help to our corporate home office. In that regard, you may be unpatched, but depending on what your tertiary security measures are, it may not be as critical.

      Furthermore, I’m curious (and have mentioned this before) of the idea that you can limit or remove the telemetry from group A. Again, as far as I know, the updates are “all or nothing”, and you either have them all (group A), or none (group B).

      Group B is annoying compared to group A, yes. However, after being acclimated to group B since October 2016, I’m not abandoning it. IMHO, the easiest thing you can do (as a group B’er) is run Windows Update, see what updates you need, and then find the Security Only variants of each. Typically that’s 3 a month; 1 for Windows, 1 for IE, and 1 for .NET. Once done, hide the Security and Quality versions in WU. I can deal with that.

      • This reply was modified 1 week, 3 days ago by  zero2dash.
      5 users thanked author for this post.
      • #116057 Reply

        anonymous

        @zero2dash

        Agree.

        Bear in mind that in Oct 2016, M$ imposed monthly Security-Only Patches to accommodate the Enterprise-users who are very sensitive to non-security updates and who also happen to be M$’s VIP-goose that lay golden egg$.

        1 user thanked author for this post.
    • #115937 Reply

      Charlie
      AskWoody Lounger

      Win 7, Group B – being in this group is a real pain in the butt.  But then I don’t like the possibility of having my graphics card, audio card, keyboard, or mouse updated without my permission.  Am I way off key or does this kind of thing not happen anymore?  It’s been what has kept me in Group B.

      • This reply was modified 1 week, 3 days ago by  Charlie.
      4 users thanked author for this post.
      • #115948 Reply

        woody
        Da Boss

        It certainly does happen.

        With luck, we’ll be able to catch those early in the update cycle. I still figure it’ll take 2 weeks or more before the move from MS-DEFCON 2 to MS-DEFCON 3 (or 4).

        6 users thanked author for this post.
      • #115957 Reply

        ch100
        AskWoody MVP

        In 2017 you should update your drivers especially for old machines from Windows Update.
        I know it is a controversial point of view, but it is the only way forward for old machines especially moving on through various releases of Windows 10.
        By now everyone should plan to move on either to Windows 10 or leave Windows and return if they figure out that they didn’t choose wisely.
        There is no perfect operating system and while MacOS is by far the closest to the ideal among the commercially supported ones, it is not perfect either.

        • #115986 Reply

          fp
          AskWoody Lounger

          I don’t see why.

          Group B is a very reasonable strategy for the time being. What you suggest may become an issue when the old system starts to have problems, but not before then. It took me years to customize, optimize and set up app config that suits me and I am not gonna drop that and take few more years to redo it for no benefit whatsoever just to satisfy MS’s greed.

          8 users thanked author for this post.
        • #115992 Reply

          anonymous

          “By now everyone should plan to move on either to Windows 10 or leave Windows and return if they figure out that they didn’t choose wisely.” Does this statement go to the heart of the attack on the ‘Group B’ method of updating? The view expressed here reminds me of an argument I came to this website to escape, called GWX. I have been sensing the ethos of the Lounge change.

          4 users thanked author for this post.
        • #116059 Reply

          anonymous

          EOL for Win 7/8.1 is in 2020/2023, and not 2017.

          Is M$-Windows Update a ‘ransomware’ to push Win 7/8.1 users onto Win 10?

          • This reply was modified 1 week, 2 days ago by  Kirsty.
          • This reply was modified 1 week, 2 days ago by  Kirsty.
          • This reply was modified 1 week, 2 days ago by  woody.
        • #116148 Reply

          radosuaf
          AskWoody Lounger

          In 2017 you should update your drivers especially for old machines from Windows Update … By now everyone should plan to move on either to Windows 10 or leave Windows

          Why would be WU better than manufacturer’s site? The only thing that is better about it is convenience – but the price you pay for it may seem too high for many.

          99% of Windows software works on 8.1 (100% of software I am interested in), it gets all the necessary updates for the next 6 years – why would I need or want to change?

          MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile (Lumia 735)
      • #115999 Reply

        Geo
        AskWoody Lounger

        The Nvidia graphics update  today was listed as optional so it didn`t automatically  download.

        • #116065 Reply

          AJNorth
          AskWoody Lounger

          For NVIDIA drivers, I always go directly to their download site: https://www.nvidia.com/Download/index.aspx?lang=en-us .

          3 users thanked author for this post.
          • #116443 Reply

            James Bond 007
            AskWoody Lounger

            For NVIDIA drivers, I always go directly to their download site: https://www.nvidia.com/Download/index.aspx?lang=en-us .

            Agreed. I never use Windows Update or any kind of vendor “automatic updates” for updating drivers, especially video drivers. I never install “Nvidia Update” or “GeForce Experience” when installing or updating drivers (updating drivers only when necessary).

            However, since I run non-English versions of Windows, I can’t go to the Nvidia US site for drivers, as the US drivers do not support other languages. I need to go to, say, the UK or TW site to download the International drivers which contain support for multiple languages.

            Hope for the best. Prepare for the worst.

            1 user thanked author for this post.
          • #116514 Reply

            walker
            AskWoody Lounger

            @ajnorth:   What is NVIDIA?  I don’t have it insofar as I know and have no idea what it is.  Thank you for any information you may have on this one.

            • #116517 Reply

              anonymous

              @ walker

              Nvidia is a brand of usually high-performance GPU(graphics power unit) adapter cards for gaming, video-editing, game development, etc. The graphics card needs a software driver to work, ie display things on the screen.
              The other famous brand for GPU are AMD and Intel. GPU are mostly used in high-end computers.

              For online gaming, if your computer is not powerful and fast enough to display game progress in milli-seconds(= fps = frames per second), you will lose the game because the screen display caused you to press a key a few micro-seconds slower than your opponents.

              2 users thanked author for this post.
            • #117302 Reply

              walker
              AskWoody Lounger

              @anonymous:    My apology for being so far behind with “everything”.  I knew I owed a big “thank you” to you for your excellent response to my question.    Thank you very, very much for taking the time to reply.    Your expertise and knowledge is sincerely appreciated!!    🙂

    • #115940 Reply

      scregio
      AskWoody Lounger

      For Group B I would recommend downloading SpyBot Anti-Beacon for telemetry because it is easy to use. I will wait a couple of weeks to download the updates.

      • #115958 Reply

        ch100
        AskWoody MVP

        Install what third-party software you wish on your machine, but do not come back for advice when your machine and registry keys are modified and you will not know how to revert to a good state. 🙂

        1 user thanked author for this post.
        • #116053 Reply

          lizzytish
          AskWoody Lounger

          With due respect, CH100, your views are YOUR views. Woody’s Lounge works according to Woody, and
          I believe he respects the other’s point of view and does not make disparaging remarks about them in the process. We are a diversified group coming from different points of view and opinion, and he encourages that because in the end we get to hear and discuss all sides of the argument. Maybe
          that is what you intended by your remarks………… but alas it didn’t come over that way to me.
          Just my 2 bits. LT

          10 users thanked author for this post.
          • #116081 Reply

            ch100
            AskWoody MVP

            @LT
            Windows is a piece of engineering and using it as it was designed is not subject to a popularity contest.
            If you or anyone else is in the fan business, that’s fine.
            I am not.

            • #116097 Reply

              samak
              AskWoody Lounger

              So somebody recommends something (“For Group B I would recommend downloading SpyBot Anti-Beacon for telemetry because it is easy to use. I will wait a couple of weeks to download the updates.”) and all you can do is come up with some  comments?

              Save those  comments and show some evidence why this recommendation is not a good idea.

              Edit
              Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

              W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

              • This reply was modified 1 week, 2 days ago by  PKCano.
              3 users thanked author for this post.
            • #116108 Reply

              GoTheSaints
              AskWoody Lounger

              I don’t know what PKCano edited out of your reply but also in the Lounge Rules it stipulates “…dislike wading through reams of repetition…”. I’m sorry but I consider ch100’s stance as repetitive (even if I have taken this out of context) and aired in so many threads, we’ve all heard it many times before.

              I respect ch100 and his knowledge / expertise but on the other hand he should respect ours whether it be wrong or right. We are free thinking individuals (we have that right) and do think for ourselves.

              9 users thanked author for this post.
            • #116308 Reply

              ch100
              AskWoody MVP

              @samak
              We discuss Windows Update.
              You come with a proposal for a third-party product which is not mainstream, at least not for those understanding Windows at a certain level and which actually breaks Windows functionality, functionality which you may need or not, but other users may wish to keep as it was intended.
              Unless you monitor the registry keys and files which are modified by that software and explain to everyone which benefit this brings to the end user, then that software may produce changes which are not easily reverted by uninstalling.
              This is a well known side-effect of installing and uninstalling many utilities and only very few behave according to the standards.

            • #116105 Reply

              lizzytish
              AskWoody Lounger

              @ch100 ……. my comments were not related to Windows perse………… it was simply your tone
              and choice of words……. you could have perhaps worded your message more diplomatically.
              That’s all. And I am certainly no FAN of anything ….. enough said. LT

              Deal with the faults of others as gently as your own. — Chinese Proverb

              1 user thanked author for this post.
        • #116111 Reply

          woody
          Da Boss

          I agree with you – and that’s why I won’t recommend third party anti-snooping tools.

          I would hate to say to normal Windows users “install XYZ to protect your machine from snooping” and then have XYZ screw up the machine, fail to work, or turn into something sinister.

          Registry cleaners fall in the same category, for the same reason.

          I took a big gamble with GWX Control Panel, and it worked out very well. But I got to know Josh, see where he was coming from, and work with him the whole time. In addition, GWX Control Panel was pretty straightforward, with known consequences (Josh reverse engineered and corrected Microsoft’s documentation). The anti-snooping software I’ve seen isn’t nearly as straightforward.

          6 users thanked author for this post.
      • #115987 Reply

        fp
        AskWoody Lounger

        I have been using it, but I am not clear what it does and how effective it is. It provides no feedback.

        1 user thanked author for this post.
      • #116101 Reply

        Noel Carboni
        AskWoody MVP

        One thing SpyBot AntiBeacon does is modify your hosts file to “sink” resolutions of certain site names, effectively blacklisting some Microsoft-initiated communications. To be clear, that’s a way to block some, but not others, and it’s not strictly necessary to use 3rd party software to do it. Here are the Microsoft entries I keep in my own hosts files:

        # Unwanted Microsoft site contacts from IE
        
        0.0.0.0  iecvlist.microsoft.com             # Compatibility view list, contacted even though deconfigured
        0.0.0.0  ieonline.microsoft.com             # Something IE contacts that it shouldn't
        0.0.0.0  r20swj13mr.microsoft.com           # Unknown why this is contacted by IE when being shut down
        
        # Miscellaneous unwanted Microsoft comms
        
        0.0.0.0  spynet2.microsoft.com              # AV and MSRT telemetry
        0.0.0.0  spynetalt.microsoft.com            # AV and MSRT telemetry
        0.0.0.0  wdcp.microsoft.com                 # AV and MSRT telemetry
        0.0.0.0  wdcpalt.microsoft.com              # AV and MSRT telemetry
        0.0.0.0  www.bing.com                       # Microsoft's intrusive search engine
        0.0.0.0  bing.com                           # Microsoft's intrusive search engine
        

        Thing is, there’s not just one “telemetry” communications stream. What Windows does online is much, much more complex than that! And you really DON’T want to block all the comms – there are some very necessary sites that need to be contacted regularly or ad-hoc, for example for the purposes of certificate verification, or the download of malware definitions.

        Lastly, not every system has the same needs, because users have different uses for them, expectations from them, and run different software. Some commercial software has to do license checks online in order to continue to run properly (Adobe software for example).

        -Noel

        9 users thanked author for this post.
        • #116149 Reply

          thymej
          AskWoody Lounger

          Out of curiosity, do you know if any of MS “telemetry” communications streams skip the host file and communicate directly to a MS host?

          1 user thanked author for this post.
    • #115941 Reply

      fp
      AskWoody Lounger

      We’ll agree to disagree on this one. It is an acceptance of MS’s blackmailing users to accept telemetery and botched patches, which in most cases won’t protect because the malwarers are always several steps ahead of sw vendors.

      The core problem for Group A for Win10 users is that it forces the users to upgrade their system together with the patching to whatever MS chooses to add to monetize Windows. That cannot be an acceptable solution whichever way you look at it. In the Win10 case, since you cannot avoid upgrades with just security patches you MUST take frequent backups and restore in case of attack. IMO that’s maybe a less convenient but safer and freedom-focused bet. MS should not be rewarded and encouraged for most eggregious behavior.

      Those who want to use computers in total ignorance will choose Group A and take the consequences. Those who understand that a minimal effort is necessary to protect yourself from everybody trying to sc**w them  should make the effort and choose Group B for Win7/8 and Group W for Win10 pre-current version and take frequent system backups.

      There is absolutely NOBODY and NOTHING in the current system that protects the public–all the mechanisms for that are dismantled–so people must start to realize that they must invest resources into protecting themselves. If they don’t they deserve what they get.

      Edit for content

       

      • This reply was modified 1 week, 3 days ago by  PKCano.
      • #116112 Reply

        woody
        Da Boss

        We’ll agree to disagree on this one. It is an acceptance of MS’s blackmailing users to accept telemetery and botched patches, which in most cases won’t protect because the malwarers are always several steps ahead of sw vendors.

        Oh, I agree with you. Microsoft has control of Win7 and 8.1 machines. No question.

        I also agree that Win7 customers didn’t sign up for this… uh, stuff. Microsoft has grafted  telemetry/snooping stuff onto Win 7 as a “bonus feature.”

        Given that fact, I want to make the best recommendations I can for coping with the problems.

        6 users thanked author for this post.
    • #115945 Reply

      Canadian Tech
      AskWoody MVP

      I am following Group B minus. A sort of in-between B and W. I apply security only patches as outlined by pkcano, but a bit later. Woody, your warning about MS17-010 was timely and painted the picture. I immediately instructed my clients to install that one.

      At this point, the only hope for B is the pkcano instructions.

      Group W still has an option to bail anytime they wish. It would be easy if it was warranted to jump to Group A quite quickly = really just one cumulative update.

      None of my clients have Office versions later than 2010. I have refrained from installing those “updates” after January. I will eventually do them to, but only after I am confident the dust has settled.

      So far, I have installed Oct, Nov, Dec, Jan and Mar security only patches, .net, IE for March, and Office up to and including January. In another couple months, I will likely make another update pass.

      It has become way too complex for any average person to follow B. So, from a purely practical perspective, I do the updates on all those computers remotely for my clients.

      Status: Not a single one of my 150 client Win 7 computers has had a whimper of a problem since last Summer. In fact, they are more stable than I have ever seen them. I should add that all of them use Bitdefender Antivirus +. Changing from Norton AV a couple of years ago has turned out to be a hugely good move. I have not seen a single infection since then. Bitdefender has turned out to have an outstanding product. It is so outstanding that I do not have to deal with their “customer service” which is nothing short of pitifully worthless.

      CT

      8 users thanked author for this post.
      • #115950 Reply

        NetDef
        AskWoody Lounger

        Spooky simularities between you and I . . . .

        Like you, most of our clients are on Win 7 Pro, some are slowing moving to Windows 10 Pro and ENT (due to the fact that it’s become difficult to get new hardware that runs perfectly on Win 7.)

        Almost all of our clients use Office 2010.

        And, like you, Windows 7 seems to be doing VERY well lately, better than usual in fact.

        Unlike you, we are keeping Office 2010 fully patched.

        So far: no significant problems at all this year.  We are on Group A- (or B+) . . . see my other post below.

        The last Office 2010 patch that gave us any real problem was back in 2015!  It was KB3114409 for Outlook 2010. ( I remember that MS yanked it within the week from the update service. )

        2 users thanked author for this post.
      • #115970 Reply

        The Surfing Pensioner
        AskWoody Lounger

        Thanks for this. I evolved the “Group B” approach – or something very similar – for myself a year ago, on the suggestion of one particular P.C. technician, whom I was calling on at that time on a fairly regular basis to resolve various software issues which were rendering my computer difficult to use or to update. Discovering this website made life a whole lot easier, because instead of scratching my head and scrabbling around in the Update Catalog and Download Centre I could simply follow Woody’s excellent directions and links. The upshot? In the last year I have had no computer problems whatsoever – at least, nothing I couldn’t resolve myself with a little help from Google. I am no longer on first-name terms with all the P.C. technicians in my area, am far less stressed and saving a fortune. And you wonder why I don’t want to go back to installing everything that comes down the Windows Update chute!

        3 users thanked author for this post.
      • #115989 Reply

        fp
        AskWoody Lounger

        Since backups are a must anyway, why isn’t increasing the frequency of backups good enough for B-7/8 and W-10?

        • #116083 Reply

          ch100
          AskWoody MVP

          @fp
          Increasing the backup frequency (let’s say differential hourly backup for the sake of providing a real-life example, while minimising the load on the system during backup) is indeed a legitimate way to mitigate potential problems with malware if not patched.

          The issues are:
          – it is very difficult to backup in real time and some information would inherently be lost if a restore job is needed; in the example, only maximum of 1 hour worth of data would be lost; this may not be a significant problem for many environments
          – considering that the previous issue is not significant, the complications related to scheduling jobs and the potential loss of performance during the backup jobs makes this approach less practical.

          Otherwise, as I said above, this is a perfectly legitimate approach.

          I appreciate that you mentioned this approach as a very good alternative to patching when this is not practical or desired.

          • #116165 Reply

            RCPete
            AskWoody Lounger

            The big concern I have over backups is the fact that any writable drive on a Windows machine (barring some approaches I haven’t encountered) is always mounted. I don’t see why it would be immune to mal-encryption.

            On Linux, my backup drive is unmounted (not available, with only root having the ability to mount it) unless the backups are actually in process. The differential backups usually take under a minute unless I’ve downloaded a rather large source file. (note to self, check the next time you get Pale Moon source code).

            Because of this concern, I’ve gone to an extreme version of Group W on my sole Windows 7 machine. It hasn’t been updated since the March Defcon reduction, but it hasn’t been on line. It’s not near the wired LAN, and I seldom activate wireless, and not when that machine is on. (I still have to disable the wireless adapter. I use sneakernet for printing and file transfer.) It’s a specialty machine, only used for running Quicken and a couple other applications that don’t have Linux alternatives. I’m not recommending this approach for anybody else, but it works for me.

            Beyond plugging/unplugging the USB drive, is there a good way to keep a Windows backup from exposure to malware? Anybody considering moving from Group W to A or B should know…

    • #115944 Reply

      anonymous

      I think Group B  should be left as is now, there’s nothing wrong with it, and has been very valuable advice, to change it  is letting this alleged hacker group (who could be MS paid) win ,

      If you have a reputable  paid security suite installed on your  machine and also use other  tools to scan  files  such as Hitman pro, or Malwarebytes free versions, and you exercise some common sense and caution whilst using the internet  the chances are that you will not end up with ransomware  on your machine’s

      • #115949 Reply

        woody
        Da Boss

        Group B isn’t going away. I’ll still discuss it. But I’m going to recommend Group A for most Win 7/8.1 users, with additional advice for those who don’t want much of the snooping.

        5 users thanked author for this post.
        • #116056 Reply

          lizzytish
          AskWoody Lounger

          That’s good, glad to hear that Woody. I’m one of the non-techy kind……… and so far I feel that I have been capable enough (thanks to you and PKCano) to keep my machines, both Win7 and Win8.1, in Group B successfully. As someone else mentioned 3 patches a month basically, with the Security, IE, and possibly .NET…..oh! and of course the Office patches. But honestly it’s not a big deal is it…… because you and PKCano do all the leg work for us……. it’s relatively easy.
          Both my machines are running well……… and some of the stories that one is led to believe that if ones doesn’t update per Group A………. then you are looking for trouble…… and that some of the less technically minded are leading other’s astray with their biased opinions. At the end of the day, it’s up to each of us to decide and carry out what we think is best. For me right or wrong depending on which side of the fence you are on, Group B. is working for me and that’s where I plan to stay for the rest of the ride. Many thanks Woody and PKCano for your help…….. from one grateful Lounger with much appreciation. LT

          I don’t know why I should learn Algebra, I’m never likely to go there! Billy Connolly

          4 users thanked author for this post.
        • #116352 Reply

          MrToad28
          AskWoody Lounger

          I’m group A with a delay  using Spybot Anti-beacon to  limit unwanted telemetry. A few days after a patch  is released, I generally go to several sites to follow patching…infworld and askWoody are favorites. I also check if Microsoft is disclosing known  issues and  google “MAY 2017” PATCH TUESDAY “WINDOWS 7” issues OR PROBLEMS. If nothing ugly turns up,  I patch a test box after creating 2 restore points. I apply 1 patch at a time and create restore  points between patches. If nothing goes wrong, I follow same procedure 1 PC at a time of several days.

          There are many sites that introduce and describe patches..redundant and not terribly helpful.

          What would  be helpful would an  aggregation of  the real world problems people are having organized by operating system…I don’t  have Win 10 so I rather not waste time  reading about Win10 specific  issues.

          Maybe some sort of poll might be useful.

        • #116446 Reply

          James Bond 007
          AskWoody Lounger

          Group B isn’t going away. I’ll still discuss it. But I’m going to recommend Group A for most Win 7/8.1 users, with additional advice for those who don’t want much of the snooping.

          Good. I can accept that. I will ignore your “recommendation” and stay with B. It is fine with me so far. I see no reason to change to A.

          Actually, I can find the updates myself, with the help of lists that Microsoft has made up:
          https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history
          https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history

          So I can probably keep with B myself even if you stop discussing it here. But still your promise of keeping and discussing B is good. I am happy with your decision.

          Hope for the best. Prepare for the worst.

          2 users thanked author for this post.
    • #115947 Reply

      NetDef
      AskWoody Lounger

      I can’t figure out how our model works on Woody nominations.  Group A- maybe?

      We deploy critical security and definition updates the night they are released.

      Normal security updates and Important updates weekly the Friday night after patch Tuesday.

      Most other updates we defer until the last Friday of the month.

      We never deploy Driver updates from Microsoft except for Microsoft devices (think Surface.)

      Feature updates and Service Packs: Only when they get promoted to CBB (typically four months.)

       

      2 users thanked author for this post.
    • #115951 Reply

      cmar6
      AskWoody Lounger

      Woody, the first seems simplest but how will you expect us to implement it?  “A short list of KB numbers, listing patches that should be removed. @pkcano has an example in the AKB 200003 documentation”?

      Are we supposed to do the monthly Security-only updates or monthly rollup patches (as you recommend) and then afterwards remove the KB #s that you list?

      My experience with removing patches has been worrisome, e.g. could not get into Win7 GUI and had to restore Windows.

      • #115962 Reply

        ch100
        AskWoody MVP

        You don’t have to remove anything.
        That one is a sweetener for those paranoid types who believe in zombies.
        Hope you are not among them and prefer to have a fully functional computer instead. 🙂

        1 user thanked author for this post.
        • #115990 Reply

          fp
          AskWoody Lounger

          > Hope you are not among them and prefer to have a fully functional computer instead.

          This sentence in a MS context — I dk whether to laugh or cry.

          1 user thanked author for this post.
        • #116136 Reply

          woody
          Da Boss

          I don’t think I believe in zombies…. 🙂 … but there are legitimate concerns about privacy that should be addressed.

          Life would be so much easier if Microsoft would just tell us what data it’s collecting. Even if we got a dump of 1,966 data items – like we now have for the Creators Update Basic level Diagnostics setting.

          I’m reasonably sure that the EU is going to take Microsoft to task for excessive snooping in Win10. It’s highly unlikely they’ll try to take on Win7.

          Some people are more sensitive to privacy concerns than others. In the end, it may be a losing battle. But those who don’t want Microsoft to collect information about them should have a fighting chance at blocking the onslaught – particularly with Win7.

          I remember the halcyon days of Dr Watson, and Windows asking politely if it could send data back to the mothership…

          7 users thanked author for this post.
    • #115952 Reply

      Seff
      AskWoody Lounger

      My only concern with the suggested changes is that we appear to be moving away from Group B on the grounds that it’s become very complex while adding increased complexity to Group A whose supporters are the least likely (after those on automatic downloading) to want to get involved in such complexities as dismantling the rollups in order to e.g. remove the telemetry. I suspect that the main reason some of us opt for Group A is because it’s the simplest way of installing the updates we’re offered through WU rather than the more cumbersome approach of accessing individual updates in the MS catalog while allowing greater control especially over timing than is  provided with automatic downloading.

      As a Group A user I’d personally prefer the Group A advice to be kept as brief and simple as possible, if people want a different way of approaching Group A rollups by way of dismantling the bits they don’t want then they should either switch to Group B or else have a link to separate advice elsewhere than in the main “Defcon raised” article.

      • This reply was modified 1 week, 3 days ago by  Seff.
      4 users thanked author for this post.
    • #115954 Reply

      ch100
      AskWoody MVP

      It is the right time, although a bit late if you ask me.
      Unfortunately, promoting and maintaining Group B with huge efforts primarily by @pkcano since October 2016 has attracted a large number of users with limited understanding of the security implications of not doing it right and some of them are quite vocal in this sense and have influenced other unsuspecting users who now are getting confused not knowing who to follow.
      To be clear:

      – Group W is not an option
      – Group B, while correct for securing the computers, altohugh less useful for resolving functionality problems, is only for those who use management tools. Technet and MSDN articles are not for amateur users who are not interested in the technical details. Technet is for IT Professionals (Engineers, Administrators, Enterprise support people). MSDN is for Developers and to some extent for the categories mentioned above. Anyone else can get information from those sites, but unless getting into the deep details, they should not generally follow Technet instructions. Group B style of updating has been presented and never recommended as the option of choice only on Technet.
      – This leaves end-users who cannot design a method for themselves to use the old time tested Windows Update with its own quirks. Using officially supported methods like configuring Group Policies where available is acceptable and recommended if it resolves issues. Anyone who expects others to tell them what to do and what to install, is not suitable to follow Group B by definition.

      Other considerations:

      – Telemetry as malware is an urban myth.
      – The “threat” to being upgraded to Windows 10 is another myth. Microsoft’s procedures for achieving this may not be ethical, but the end result useful to most end users who should be on Windows 10 already by now, or alternatively leave the Windows world.
      – KB2952664 functionality is part of the Operating System for the latest server OS – see the frequent updates for its companion updating definitions KB3150513 for Windows Server 2016 and there is no reason not to install it.

      What is good for organisations with 10,000 + users moving in mass to Windows 10 should be good enough for someone who has no idea about technology but somehow feels compelled to give advice in this matter, while expecting others to tell them what specific patches to install to suit their self-designed frame of reference.

      3 users thanked author for this post.
      • #116142 Reply

        woody
        Da Boss

        I think you’re right – although it pains me to admit it.

        – Telemetry as malware is an urban myth.

        True, but telemetry as snooping is not an urban myth. It’s a sign of the times, yes, but there are many people who, reasonably, don’t want to go gentle into that good night.

        – The “threat” to being upgraded to Windows 10 is another myth. Microsoft’s procedures for achieving this may not be ethical, but the end result useful to most end users who should be on Windows 10 already by now, or alternatively leave the Windows world.

        The Get Windows 10 campaign was unethical. But we’re beyond GWX now. I don’t think Win10 is a “my way or the highway” version — people can still be productive with Win7 and (shudder) 8.1. That’s going to change over the next 2.5 years, as support for Win7 disappears, but for now, half of all Windows users are on Win7.

        The problems with Win10, as opposed to Win7, are diminishing. Both now have an equally unwieldy patching model. At the same time, quality of patches is improving for both. Win10 snooping has decreased, largely as a result of EU threats, as Win7 snooping has increased. There are some very good reasons for staying with Win7 – program and driver compatibility being a main one. And there’s at least one reason for avoiding Win10, with it’s new-version-every-six-months forced upgrade pace. (Yes, I know you can skip one version, but only by stretching things quite a bit.)

        I think in the next 2.5 years you’re going to see even more people dumping Windows – although all of the alternatives have congenital flaws.

        – KB2952664 functionality is part of the Operating System for the latest server OS – see the frequent updates for its companion updating definitions KB3150513 for Windows Server 2016 and there is no reason not to install it.

        That’s a good point, but it’s open to debate for folks who don’t connect to Windows Server.

        3 users thanked author for this post.
    • #115955 Reply

      MrJimPhelps
      AskWoody MVP

      I’m in group A, on full automatic, for my two Windows machines (7 and 8.1). My 7 machine is dual-booted with Xubuntu Linux, and I rarely run Windows on that machine. I am currently setting up a disconnected (i.e. offline) VM in my Linux system, with W7 in the VM. No Windows updates needed, if it stays disconnected.

      Here’s what I advise others to do:
      1. Set your machine to check for, but not download, Windows and Office updates.
      2. Wait about a week or two after the updates are released, before installing them on your machine, to see how it went for everyone else.
      3. Be sure to do a full backup before installing updates.

      I probably should practice what I preach, but I am lazy.

      1 user thanked author for this post.
      • #115993 Reply

        BobbyB
        AskWoody Lounger

        Yep you do the same as I basically waiting for the fuss/problems about the latest crop of updates to die down. I run a multi-boot here in a similar fashion storing critical files elsewhere in other partitions/OS’s including off the machine if needs be. Should the “Horror of Horrors” occur necessitating a reinstall the back up images are updated to Oct 2016 and a couple of SYSPEPed images should I need to be further along on the reinstall curve. Yeah its a bit of work storing/filing stuff away each update session. Theres a fair amount of Maliase here also rather than go through a backup every crop of updates.
        Just wondering if any of the exploits out there actually will infect .esd or .wim files as its a real breeze to reinstall/apply, I personally havent seen any mentioned anywhere. 🙂

    • #115959 Reply

      ch100
      AskWoody MVP

      It would be easy if it was warranted to jump to Group A quite quickly = really just one cumulative update.

      Unfortunately we are not there yet.

    • #115961 Reply

      ch100
      AskWoody MVP

      As a Group A user I’d personally prefer the Group A advice to be kept as brief and simple as possible

      The easiest way is the classical and the only supported way.

      – Use Windows Update with the tweak that in most situations a delay is useful, either few days or follow MS-DEFCON which was designed specifically for that purpose.
      – Install all Important patches. They are mandatory except for those unselected by default, which should be treated same as Optional.
      – Install all Recommended patches except for those unselected by default, see above.
      – Install selected Optional patches if needed or all if feeling adventurous. They are Optional.
      – The only recommendation here is to not install the Preview Patches as they are a sort of later beta (i.e. release candidate) which will get rolled-up during the next main release. All other Optional patches are OK to install, but not mandatory.

      This is general advice suitable for almost everyone following this site.

      1 user thanked author for this post.
      • #115964 Reply

        Seff
        AskWoody Lounger

        Exactly.

        Keep it simple like that for Group A, and let those who want to fiddle about dismantling this bit for telemetry and that bit for something else do so under Group B.

        2 users thanked author for this post.
      • #116143 Reply

        woody
        Da Boss

        I believe that’s the way to go….

    • #115966 Reply

      anonymous

      Quote

      There are three approaches that have caught my eye:

      • A short list . . .

      • A simple batch script, like the one @abbodi86 maintains. The problem is that some people will have a hard time figuring out how to run it.

      I believe that abbodi86’s script isn’t maintained but always just works. So I would suggest that you recommend using abbodi86’s script and give a detailed explanation of what needs to be done in order to run it.

      Advantage: the instructions remain the same every month.

      2 users thanked author for this post.
    • #115976 Reply

      anonymous

      Hi all, like on many blogs I follow, I am a lurker. A one-way, consumer only, that values every different viewpoint I find. I collect the thoughtful information, and distill it to arrive at my own opinion on what best fits my machine, in the way I use it.

      The reduction in stress I have felt since finding this blog — hat-tip Canadian Tech and your efforts at the Win7\answers forum — is beyond measure. For my use, I find CT to be over-cautious. But I recognize why that is. I do not have to ‘underwrite’ the potential losses in a fleet of machines.

      As a suggestion, I would feel most comfortable with the install all ‘important’, and disable bad ‘features’ after the fact. I recognize all the drawbacks in this approach. It is just my preferred balance point between maintaining operational status while minimizing impact. I regret I am unclear on how to label this approach in the current groupspeak. I think A- has been suggested, but see that that may be different.

      My voice is redundant, because others with more knowledge are already going to make this happen.

      Just as MSRedmond may license the use of their code but they do not own my machine, and GNU/Linux is a few keystrokes away. I respect your knowledge, ch100, and use it in my decision process.

      Thanks for your time,
      Paul

      Edit
      Please follow the –Lounge Rulesno personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

      2 users thanked author for this post.
      • #115996 Reply

        anonymous

        Apologies, Moderator.

        I thought I had struck the proper balance. But I respect the task you have set for yourself.

        Thank you,
        Paul

      • #116000 Reply

        ch100
        AskWoody MVP

        You have defined the Group B as it should be. All important, no Recommended, all from Windows Update. You will get Recommended inside of the Rollups which are defined as Security and this is how it should be.

        • #116004 Reply

          anonymous

          I fear you mistook me, which the edited portion would have made clear.

          I respect your knowledge, not your approach. And plan to read more of same.

          Regards,
          Paul

    • #115994 Reply

      alpha128
      AskWoody Lounger

      I’m a user of Windows 7 Professional 64-bit.  I’ve been in what I call Group A# (A-sharp)  since November 2016.

      I’ve been installing the roll-ups through Windows Update, but used a very simple batch file to disable telemetry.  I have another batch file to monitor changes to telemetry, but there have been none since I initially disabled it.

      I also have not been installing any recommended updates.  Let’s not forget that GWX had that classification.

      The two batch files I use are called FINDEYE (monitor) and POKEYE (disable).

      FINDEYE.BAT

      @echo off
      cls
      sc query DiagTrack
      echo.
      dir %ProgramData%\Microsoft\Diagnosis\*.rbs
      echo.
      dir %ProgramData%\Microsoft\Diagnosis\ETLLogs\*.* /s
      pause

      POKEYE.BAT

      @echo off
      cls
      sc config DiagTrack start= disabled
      sc stop DiagTrack
      pause

      POKEYE is simple and effective.

      1 user thanked author for this post.
    • #116006 Reply

      MrBrian
      AskWoody MVP

      What telemetry-related functionality is known to be present in the Windows monthly rollups that is not present in the security-only updates? Diagnostics Tracking Service is a known one, but Diagnostics Tracking Service might not be a gatherer of telemetry, other than telemetry related to the functioning of Diagnostics Tracking Service itself. (More research needs to be done on this.)

      • This reply was modified 1 week, 3 days ago by  MrBrian.
      • #116150 Reply

        woody
        Da Boss

        I don’t know.

        You’re the expert. 🙂

        1 user thanked author for this post.
        • #116579 Reply

          MrBrian
          AskWoody MVP

          I never investigated that question in depth. I’m trying to establish if there is a known factual basis for avoiding the Windows monthly rollups.

          • #116605 Reply

            ch100
            AskWoody MVP

            @mrbrian It is all imaginary if abbodi86 and few others which are well known here and I understand Windows well enough.
            I understand that you are trying to prove everything, but there are people in this world who “feel” Windows to say so (I think you are among them, but you just try to be nice and provide an additional service to those who are not) 🙂 . They are the types who would find a solution to any issue, find registry keys which are undocumented and “know” somehow if those keys have been implemented by the Windows designers and if it is worth looking for them.
            Windows is as is while most of what is posted here belong to a political forum, not to a technical one.
            Some people just don’t get it and confound the two.

    • #116011 Reply

      MrBrian
      AskWoody MVP

      In my opinion, those who want less telemetry, including those that are in Group B because of wanting less telemetry, should at least set the operating system’s Customer Experience Improvement Program setting = No.

      • This reply was modified 1 week, 3 days ago by  MrBrian.
      • This reply was modified 1 week, 2 days ago by  MrBrian.
      4 users thanked author for this post.
      • #116327 Reply

        anonymous

        Hi Mr Brian,

        This action is often recommended but sadly without explaining how to do it. I have disabled Customer Experience Improvement’s subprograms in Task Scheduler but other than that I can’t find the program elsewhere ( it’s not in services) to turn it to NO .

        Also it’d be great if I could get Windows Defender engine to update, even pausing ESET security I can’t get Windows Defender to start up at all. I’ve tried with Windows Update disabled and with WU enabled. ESET’s site was useless concerning this issue – no information about this windows defender issue at all.

        I was hoping that it would magically update itself through some secret MS background updating service as suggested by Noel C’s experience but alas nada.

        Thanks for everything you are doing on this site

        1 user thanked author for this post.
        • #116338 Reply

          PKCano
          AskWoody MVP

          This action is often recommended but sadly without explaining how to do it. I have disabled Customer Experience Improvement’s subprograms in Task Scheduler but other than that I can’t find the program elsewhere ( it’s not in services) to turn it to NO .

          Type in the taskbar Searchbox “Experience” (without quotes), click on CEIP.

          For Windows Defender try:
          Turn off ESET
          Control Panel\Action Center\Security – there should be a choice to show malware programs on your PC. Turn on Defender, open and update

          1 user thanked author for this post.
    • #116014 Reply

      MrBrian
      AskWoody MVP

      I recommend that those who are privacy-conscious look at Links: Microsoft privacy statements and Windows network connections to Microsoft.

      • This reply was modified 1 week, 3 days ago by  MrBrian.
      3 users thanked author for this post.
    • #116020 Reply

      abbodi86
      AskWoody MVP

      As i said, telemetry on Windows 7/8.1 is extremely overrated and exaggerated

      it’s only a few components that can be easily disabled/neuturalized

      i have not saw a solid proof that MSFT sneaks it in undocumented components

      anyway, May the Force be with you 🙂

      5 users thanked author for this post.
    • #116022 Reply

      flackcatcher
      AskWoody Lounger

      Look, a bad situation just got a lot more complex. Woody just wants us be ready for it. For what it’s worth, my I.T. team brought me and my staff the exact same message Woody did. If there is a silver lining to all this, it is every  tech company got a major head slap this week.  Best practices exist for a reason, and  throwing away years of hard earned knowledge comes with a price. (As my I.T. guys reminded me over and over, while discussing  updating policy.)

      1 user thanked author for this post.
    • #116025 Reply

      gkarasik
      AskWoody Lounger

      It’s Group A for me. I don’t care about telemetry.

      I think MS has gone off the rails.

      I will continue to use Win7 until a) I die or b) it dies.

      GaryK

      • This reply was modified 1 week, 3 days ago by  gkarasik.
    • #116027 Reply

      amraybt
      AskWoody Lounger

      My feeling is that people who are in Group B are more informed about Windows Update and general tech/OS/security news. Otherwise they probably wouldn’t be in Group B or even be aware of it, since most users probably just use Windows Update and install the available patches (including the main security + quality rollup).

      So I understand that for Woody it makes more sense to focus on Group A instructions, major bugs/issues, and whether to install or wait, rather than potentially confusing people with the Group B instructions.

      I plan to stay in Group B. My concern these days is less the telemetry and more with reducing the chance that an update will screw something up. This post in the Group B topic is more or less my philosophy:

      Group B is simple if you just:
      1) manually install the monthly security update and IE update
      2) let WU handle .Net, Office 2010, etc.
      3) hide any drivers that might show up

      The biggest hurdle for anybody doing updates, Group A or B, is just installing the right update for fresh systems so that WU doesn’t tax the CPU and eat loads of RAM for hours and hours.

      If MS does roll all the pre-October 2016 updates into one giant service pack, or those updates eventually make their way into the monthly rollups, then the next time I do clean installs my systems would possibly move to Group A. Life is too short to spend so much time on stressing about Windows Update like I have done in the last couple years (with good reason). Plus it will probably be more difficult and cumbersome to do a clean install for 7 or 8.1 and update it through Group B, compared to just having to install a few updates plus a giant rollup.

      With various scripts to turn off telemetry (I haven’t tried them yet) and projects like Simplix, I’m confident that people will be able to join Group A and enjoy simpler updating (perhaps with giant rollups or updated service packs) but also disable some of the unwanted telemetry services. If evil updates like KB2952664 and KB2976978 are in those rollups/service packs, as I expect them to be, someone will create a simple solution for users like me to get rid of them.

      • This reply was modified 1 week, 3 days ago by  amraybt.
      • This reply was modified 1 week, 3 days ago by  amraybt.
      2 users thanked author for this post.
    • #116031 Reply

      MrBrian
      AskWoody MVP

      My thoughts on the script mentioned here:

      1. The first part of the script nukes Diagnostics Tracking Service. My current thoughts are that this service should be kept enabled and not nuked, if it is true that Diagnostics Tracking Service does not gather telemetry (except for telemetry related to the functioning of Diagnostics Tracking Service itself). Third-party programs can use Diagnostics Tracking Service to transmit telemetry. Windows Defender can use Diagnostics Tracking Service to transmit telemetry, at least in newer version(s) of Windows. There could perhaps even be legal repercussions of disabling this service, although that would be best to ask a lawyer about.

      2. The second part of the script deals with nuking Compatibility Telemetry Appraiser (installed in updates KB2952664, KB2977759, or KB2976978) . The problem with this is this is an after-the-fact action. The Compatibility Telemetry Appraiser is set to run at 3am every day, or the first available time after that. On its first run, a full load of telemetry is transmitted to Microsoft if the operating system’s Customer Experience Improvement Program setting = Yes. The better way to handle Compatibility Telemetry Appraiser, in my opinion, is to not install it (if possible).

       

      2 users thanked author for this post.
    • #116032 Reply

      MrBrian
      AskWoody MVP

      “Here is the full list of what I found for Windows 7 x64 that violates the operating system’s Customer Experience Improvement Program setting”

      It’s debatable whether the Compatibility Telemetry Appraiser telemetry transmission mentioned in the link above (detailed here) is something to be concerned about. The CPU and disk usage that occurs due to Compatibility Telemetry Appraiser, which happens even when the operating system’s Customer Experience Improvement Program setting = No, might be the bigger concern.

       

       

      • This reply was modified 1 week, 3 days ago by  MrBrian.
      2 users thanked author for this post.
    • #116036 Reply

      Bill C.
      AskWoody Lounger

      Win7Pro-64_SP1 and MS Office 2010 here. Only 2 Windows machines left, as the rest have gone to penguins. I have evolved to a hybrid patching. I am group B+. I have not installed the big 4 telemetry patches. But I have also unhid them. I am solid B for the Monthly Security Only patch and the IE rollup patch via the MS Update Catalog. However, I am group A for .NET rollups, and use WU for Office 2010, but am very careful to check (here) for issues before I patch. I rely on Woody’s articles and the PKCano maintained AKB200003 documentation.

      I download the monthly and the IE from the catalog when they are released. I wait until the dust has settled and then check to make sure the original update was not modified. The rest come from WU. My setting for WU is NEVER check, however I regularly check manually at the key times (Patch Tuesday, etc.) or if there is news. I do not ask for optional updates to be presented the same as important.

      I also NEVER use WU for any hardware driver updates, but go right to the manufacturer site. I have also learned the hard way that unless the driver is a vulnerability or a new one gives MUCH greater reliability or performance, (or is needed to restore what a MS update broke) just let it be. (Besides most driver updates are to fix issues with newer OS or hardware and not older systems) Only Graphics drivers are routinely updated – but never via WU. The Intel WU and BT issue and the hard road to fixing it have been lessons well learned.

      I have convinced some of the folks I know that unless they want to learn how to do and learn about non-group A updating, that Group A is best for them. For me B still works. My main objection to the telemetry and the big 4, other than spying without saying WHAT is being sent, was they caused a lot of disk thrashing and slowed down the PC by grabbing resources at the worst times. I have the article(s) about what is sent, but that is obtuse and vague Better to not facilitate than try to stop it after the fact.

      I will keep monitoring MrBrian’s and Abbodi86’s techniques and scripts, since once I am comfortable doing that I suspect it is a worthwhile tool (and easier).

      For me Win10 is not the future, for telemetry yes, but also as a rolling update OS it is not for me. I would love to be on the LTSB, and my Linux machines are all LTS (Long Term Support) versions. When it works, I want it to keep working.

      5 users thanked author for this post.
    • #116038 Reply

      anonymous

      Oy, this is starting to make my eyes spin around all loony toons or comedy anime style. I want to avoid being spied on.

      That and wanting more of my old games to work is why I stayed on 7. That and “free” anything that usually costs like 100+ dollars rings alarm bells. NOTHING is ever free, there’s always a cost of some sort, using us as beta testers if nothing else, and I don’t really like doing free beta testing for someone on an OS.

      The issue is this has me worried at this point. I’m not even sure if you can get win 10 for free anymore, this pc is a bit outdated to a certain degree now, my MOBO can’t even accept a better CPU than the one I have in it…..

      I’m not really that good at this stuff, so should I just suck it up and install all MS updates not counting installing device drivers?

      Edit: please respect the Lounge Rules

      • #116151 Reply

        woody
        Da Boss

        Relax, grasshopper. I’ll have full instructions when the time comes. 🙂

    • #116043 Reply

      MarkB4
      AskWoody Lounger

      Thanks for the work Woody.

      I have been in group B but I think it is getting too complex, for me as a relatively unconnected home user (of Win 7, XP and 10 around the house that I maintain).

      I think I will now join group A, still watching the MS-DEFCON recommendation, and hope there would be a updated list of anything I should uninstall/delete (if I can) maintained.

      I really don’t like to be snooped, as a matter of principle, and I’d rather err on the side of caution.

      1 user thanked author for this post.
    • #116064 Reply

      Rick R
      AskWoody Lounger

      Having read some of the comments, and Woody’s recommendation to Group A, I’ll stay with group B plan; Windows 7×64 pro. This will be my last windows machine. Who knows, maybe we’ll all be running Android desktops in a few years.

      As I’ve said often, snooping bothers me less than the bugs, crashes and blue screens that come too often with bad updates. Maybe it’s just me, but WU’s have too often created more problem than they solve. For the last few years of Windows XP, I went full Group W. I had few minor infections during that time. Yes, that was less painful than the botched updates.

      I realize that the DEFCON system Woody uses is intended to avoid that very issue, but as I recently mentioned, an Office 2010 update caused all kinds of issues with Excel. I’ve hidden the offending updates. Point being the DEFCON system didn’t help with that one.

      Never the less, Group B is just fine. I can handle the .NET updates, and avoid Internet Explorer like the plague (Firefox instead). Actually, I don’t see the problem. It’s simply a matter of doing the updates instead of having them done for you. When did computers ever NOT need baby sitting? Users seem to expect less care and maintenance, but that’s not the reality. It’s still in the hands of users. So what? A little extra fiddling each month.

      Having been a novice tech support for an internet provider, I get it that many are baffled by their devices. So go Group A, it’s best. Don’t know if that adds anything to the conversation, but there it is.

      3 users thanked author for this post.
    • #116084 Reply

      anonymous

      (Just commenting on the post, didn’t read the other comments.)

      This is a very unpleasant development and attitude to see. I was taking AskWoody to be mainly a for group B sort of thing, looking for the month’s links to show up right away in the post and then checking comments in it over the next 24-48h for (other) early installers of the security only Win 7 patch to see if issues are reported. Now one can assume that with the switch, there will be less of those comments in those posts as well, since they won’t be about that anymore.

      And fail to see what the great difficulty with group B is if you keep to it month by month. It is an issue on a new install, but otherwise, each month you just have one security-only bundle, one IE patch and then, if it exists, you get to decide between using Windows Update for the .NET bundle, which should probably be safe, or getting individual security-only ones for the versions installed (which you’ll probably only need to figure out once, then write down if need be) if you want to be extra careful about that as well.

      6 users thanked author for this post.
      • #116152 Reply

        woody
        Da Boss

        I was taking AskWoody to be mainly a for group B sort of thing,

        Group B isn’t going anywhere! I’m just not going to write it up in so much detail, in InfoWorld. Those who want to be in Group B should be able to identify themselves in the write-ups, then click on the link to get detailed instructions, just as we have now – but with one additional hop.

        BTW, in case I haven’t been clear, I’m a Win10 user. Have been for years. I don’t like the Win10 snooping, but I’ll put up with it. Until I’m ready to switch to ChromeOS or an iPad – both of which are looking more inviting every day.

        6 users thanked author for this post.
    • #116085 Reply

      anonymous

      just run this batch as scheduled task every other week or after updating:

      https://github.com/inbi/wouc/blob/master/wouc_cleanup_tasks_services.cmd.txt

    • #116092 Reply

      MrBrian
      AskWoody MVP

      Background info (some of this info applies only to Windows 10):

      Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking)

      Configure Windows telemetry in your organization

      From the first link:

      “There are a few more settings that you can turn off that may send telemetry information:

      To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

      Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

      Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article 891716.”

      1 user thanked author for this post.
      • #116096 Reply

        MrBrian
        AskWoody MVP

        From the second link:

        “In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows.”

    • #116119 Reply

      Noel Carboni
      AskWoody MVP

      I’ll wager I know what communications a desktop system does online as well as anyone, as understanding and controlling such communications is a passion of mine. A career in data communications and software engineering tends to do that to you.

      Thing is, there’s not just one “telemetry” communications stream. What Windows does online is much, much more complex than that! Insanely more complicated.

      Presuming you want to do at least SOME things online with your system you actually DON’T want to block all the comms – there are some very necessary sites that MUST be contacted by a typical system regularly, e.g., for the purposes of certificate verification, time sync, license management…

      That’s not to say Windows can’t be made very private. I myself maintain Windows 7, 8.1, and 10 systems that don’t spill the beans online. But it’s no small, simple, turnkey task. Windows is a complex beast, and it takes some geek chops to do it along with ongoing effort.

      As an example, here’s a list of all the sites my Windows 10 test system at LAN address 192.168.2.26, allowed to sit idle all day, contacted. I ran the command (on my Win 8.1 workstation) to search my DNS log at near midnight last night. You can see that the only communication initiated in the 24 hour period was to get the time from the National Institute of Standards and Technology via a task I have scheduled (I have disabled the out-of-box Windows time service).

      ScreenGrab_NoelC4_2017_05_18_000041

      Most folks, however, wouldn’t find my Windows 10 system, above, acceptable. Why? Because I have shunned all the Apps and cloud-integration entirely. But it DOES illustrate that the beast can be controlled, and my techniques are applicable to purely desktop-oriented Windows 7 and 8.1 systems also.

      What have I found that it takes to accomplish this reduction/elimination of Microsoft-initiated online communications?

      • Reconfiguration of all provided settings to their most private choices.
      • Being willing to do without (or reduced function from) some services Windows seeks to provide.
      • Configuration through the local Group Policy editor a number of settings.
      • Configuration through the registry of a number of settings that have no UI.
      • Disabling of scheduled tasks involved with telemetry and online comms.
      • Disabling of services involved with telemetry and online comms.
      • Adding entries to the hosts file to blacklist some sites.
      • Watching vigilantly for any of these things to be reverted by updates.
      • Outfitting with extra software to monitor and police communication attempts.

      The list above may seem daunting, but we haven’t even gotten to the part where the devil is in the details. The lists of how to accomplish the above things are long and complex.

      Ideally I imagine people want a fully private system that still allows them to do everything they want. That’s not gonna happen. You have to be willing to compromise.

      What does one have to consider doing without?

      • Apps. The very nature of Apps is that they’re web-integrated and they require an infrastructure to keep them functional. If you want to run Apps, stop reading now.
      • Cortana. A personal digital assistant COULD work entirely from local data, but Cortana doesn’t. If you want a personal digital assistant that talks to you, stop here.
      • Cloud-integration, such as OneDrive, except for user-initiated operations e.g., in a browser. The good news is that you can use a OneDrive server to store/retrieve files through a browser without ANY of the system-level integration
      • Automatic updates. You have to be willing to install them yourself from the catalog if you want a truly subservient system.
      • Some security features such as the “Smartscreen Filter”. But you can’t rely on luck; you need a GOOD alternate plan to stay safe online.
      • Suggestions that pop up while you type. Your keystrokes are sent to Bing or Google or whatever search engine to make that happen.
      • “Continuously online” communications / networking applications. If you don’t want your computer communicating with who knows whom, such cloud-integrated services (e.g., Skype) have to be avoided.
      • Generally speaking, subscription and high-end commercial software communicates regularly online to do things like verify its licensing. Either you need to allow this or choose software that doesn’t do that.
      • Some software seeks to be cloud-integrated (late versions of Office, for example). You have to avoid this software or specific features within it, and be able to differentiate wanted comms from unwanted comms. That’s no small feat!
      • Online backups. Uh, no, get one or more external USB drives and make your own local backups, where you maintain full control of your data.

      This has gotten long already, yet I’m sure there are things I’ve missed and I haven’t even begun to get into the list of actual technical things to do to get to a secure, private system that doesn’t try overmuch to send your data abroad. It’s a challenging task even for a career software engineer. It’s not going to be feasible at all to provide a “have your cake and eat it too, set it and forget it” solution for an average user.

      -Noel

      Attachments:
      You must be logged in to view attached files.
      6 users thanked author for this post.
    • #116128 Reply

      David F
      AskWoody Lounger

      (My apologies if this appears as a duplicate, I tried to edit the original and it appears to have disappeared when saved)

      I suspect some of the submissions in this thread have been prompted by the weekend’s ransomware events, however nothing has in fact changed since Monday last week (or the week before)

      Both Group A and Group B would have been protected since late March when DEFCON dropped to 3, it is now mid-May. Group W will know the risks they run and will mitigate (or accept) the risks accordingly.

      Outside of that, anyone else that hasn’t patched clearly doesn’t care what happens and will suffer the consequences.

      Group A is theoretically the least risky (until the next zero-day exploit), Group B carries a marginally higher level of risk though not necessarily significant assuming all the correct patches have been installed correctly and clearly Group W will bear some significant risk which they will need to manage.

      Every single user in this forum is constantly at risk, right now, simply by using any form of IT and is simply part of the cost of using it. It is really down to the user to decide how comfortable they are with each level of risk, but risk will not go away, it cannot no matter which group you fall into.

      9 users thanked author for this post.
      • #116130 Reply

        PKCano
        AskWoody MVP

        Your posts ended up in the Sp*m bucket. We think it has to do with the rapidity of the submit/edit/submit sequence. If you slow down and give the system time to update in between, it works better.
        I retrieved them and deleted the duplicates.

        2 users thanked author for this post.
    • #116139 Reply

      Canadian Tech
      AskWoody MVP

      Woody, Another aspect to this WU thing relates to the vast majority who give about as much thought to their PCs as they do their electric toothbrushes.

      Many of those machines, maybe even the majority have not been updated either ever or in many, many months for a whole variety of reasons. Those users either are not aware of that fact and/or do not care. The biggest contributor to this quagmire is the update engine itself.

      That means a lot of people who you will recommend take the A course, don’t even know or care that they are already W.

      CT

      3 users thanked author for this post.
    • #116145 Reply

      zero2dash
      AskWoody Lounger

      – Group B, while correct for securing the computers, altohugh less useful for resolving functionality problems, is only for those who use management tools.

      Strongly disagree.
      Finding out what updates to install and running the .msu manually (or using a batch file and using wsus) is no different than using WU in Group A.

      The onus is on the user to actually maintain, instead of it being done for them. That’s about the only difference IMHO.

      – Telemetry as malware is an urban myth.

      Maybe not by definition, but for most people, telemetry is something they don’t want, and do want to limit or cut off entirely.

      – The “threat” to being upgraded to Windows 10 is another myth.

      After the last 2 years, I’m not putting anything past them.
      There is no upgrade program currently, yes; however, I see no reason to believe that they won’t possibly bring it back at some point.

      – KB2952664 functionality is part of the Operating System for the latest server OS – see the frequent updates for its companion updating definitions KB3150513 for Windows Server 2016 and there is no reason not to install it.

      2 wrongs don’t make a right.
      Secondly, a server OS should not be phoning home for anything other than updates.
      MS can keep its nose out of the servers I manage just like they can keep their nose out of my personal workstations.

      What is good for organisations with 10,000 + users moving in mass to Windows 10 should be good enough for someone who has no idea about technology but somehow feels compelled to give advice in this matter, while expecting others to tell them what specific patches to install to suit their self-designed frame of reference.

      Again, 2 wrongs don’t make a right.
      Right now we have no plans on what to do at a corporate level.
      I can assure you that upgrading every 7 box to 10 and ever 2008 R2 server to 2016 in our domain is not going to happen; not under my boss’ watch, and (if he quits), not under mine.
      We’d be more likely to get a VL for 8.1 (which we probably already have) and create a corp image including Classic Shell, and upgrade all the 7 boxes to that.

      4 users thanked author for this post.
      • #116160 Reply

        woody
        Da Boss

        There is no upgrade program currently, yes; however, I see no reason to believe that they won’t possibly bring it back at some point.

        I doubt that MS will bring back a GWX-like program at this point. They already have one – end of support. They’re also getting sued for the original GWX.

        The upgrade is still free, by the way. Use any valid Win7/8.1 key and you can install and activate Win10 directly.

        • This reply was modified 1 week, 2 days ago by  woody.
        • This reply was modified 1 week, 2 days ago by  woody.
        • This reply was modified 1 week, 2 days ago by  woody.
        2 users thanked author for this post.
    • #116146 Reply

      Jan K.
      AskWoody Lounger

      … I’m reasonably sure that the EU is going to take Microsoft to task for excessive snooping in Win10. It’s highly unlikely they’ll try to take on Win7…

      Oh! The upcoming privacy laws will have nothing to do with OSes… all that matters is, that if you collect any info on me or my behavior, you’ll have to tell me exactly which data – and where they “end”. Much more important to me is, that you can only collect, what I’ve allowed you to collect! And default answer is “no”, btw.

      In other words: unless I in advance say “yes” to allow you to collect anything, that means, you collect nothing. If you still collect anything, then just wait form the hammer to fall.

      The fines are not insignificant… so come May 25 2018.

      3 users thanked author for this post.
    • #116178 Reply

      NetDef
      AskWoody Lounger

      There is no upgrade program currently, yes; however, I see no reason to believe that they won’t possibly bring it back at some point.

      I doubt that MS will bring back a GWX-like program at this point. They already have one – end of support. They’re also getting sued for the original GWX. The upgrade is still free, by the way. Use any valid Win7/8.1 key and you can install and activate Win10 directly.

      Even if they do bring it back, unless a policy changes, you should be able to easily opt-out or block it.  In fact, if you have NOT blocked it using the supported method on a recently built machine on Windows 7 or 8.1 – you should go and do that NOW.  It should become a part of your build procedure.

      Blocking the Upgrade option (formerly GWX) on Windows 7:

      For stand alone machines:

      -There’s Gibson’s Never10 at https://www.grc.com/never10.htm

      – Or you can insert reg keys yourself,

      – Or if you manage a network you can use Group Policy.

      Apologies for referring to my own site, but for the last two above options you can follow the directions step by step to block upgrades here: (and I promise that if these steps change, I will update info there!)

      https://networkdefend.blogspot.com/2016/02/disable-windows-10-upgrade-for.html

       

      3 users thanked author for this post.
    • #116199 Reply

      radosuaf
      AskWoody Lounger

      The upgrade is still free, by the way. Use any valid Win7/8.1 key and you can install and activate Win10 directly.

      I haven’t come across any site that would confirm it’s LEGAL. What if MS one day (when they reach 50 – 60% market share for example) decide all W10 installations activated after July 29, 2016 are deactivated (they surely have the info when activation was done), because the offer expired on that day (this is still an official MS statement)?

      https://support.microsoft.com/en-us/help/12435/windows-10-upgrade-faq

       

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile (Lumia 735)
      • #116311 Reply

        woody
        Da Boss

        Press Windows key and +

        There. You’ve used an assistive technology.

        It’s in Microsoft’s best interests to get you to move from Win7 or 8.1 to 10. They are well aware of the fact that Win7 keys will validate Win10 installations – and they’ve done nothing to stand in the way.

        Nods, winks, blind horses.

        1 user thanked author for this post.
        b
        • #116409 Reply

          radosuaf
          AskWoody Lounger

          It’s in Microsoft’s best interests to get you to move from Win7 or 8.1 to 10. They are well aware of the fact that Win7 keys will validate Win10 installations – and they’ve done nothing to stand in the way.

          Sure, fully agree. But you never know what happens, when W10 reaches 60% market share. Then they’ll tell you: “you activated past the deadline, we’re sorry, pay 50 USD or you’re left with not activated W10 or W10 S” :). With MS you never know.

          They do allow to activate W10 with older keys – but they also keep the June 29th, 2016 deadline at their website – and you may expect it’s for a reason.

           

          BTW, thanks for the tip – I just used the Magnifier :).

          MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile (Lumia 735)
          • This reply was modified 1 week, 1 day ago by  radosuaf.
          1 user thanked author for this post.
    • #116324 Reply

      wdburt1
      AskWoody Lounger

      “There are some very good reasons for staying with Win7 – program and driver compatibility being a main one.”

      And inertia.  If it works, don’t fix it. Why does this continually slip out of awareness? People have other things to do, a life to live, a business to run.  If Win10 works only about as well (0nly after you perform some major tweaks on it) as Win7, that’s NOT enough reason to take on all the other issues.

      4 users thanked author for this post.
    • #116355 Reply

      anonymous

      Bear in mind that most corporations who had previously leased/subscribed Win 7/8.1 Ent Volume Licenses have upgraded to Win 10 Ent VL for “free” and renewed their 3-year term M$ Enterprise Agreements and Software Assurance/Insurance. This kind of VL leasing/subscription is like Office 365 subscriptions which get free and perpetual upgrades as long as the subscriptions are paid to M$.
      … So, the Windows system admins of such corporations running Win 10 Ent VL under lease/subscription tend to advocate for Win 10 because these admins are like saltwater fish who cannot survive without the saltiness of Win 10.

      In comparison, most corporations who had paid more money to M$ to buy Win 7/8.1 Ent VL have not upgraded to Win 10 Ent VL and intend to stay on Win 7/8.1 Ent VL until EOL in 2020/2023, in order to get their money’s worth.
      … Similarly for most home-users of Win 7/8.1, ie they have bought OEM or Retail Win 7/8.1 licenses and intend to stay on Win 7/8.1 until EOL in 2020/2023.
      … That is why, after nearly 2 years of Win 10, there are still about 60% of Windows users on Win 7/8.1.

      1 user thanked author for this post.
    • #116419 Reply

      anonymous

      I was doing Group B on Windows 8.1 since January 2016, when I got the laptop. Only one non-security update, which I did have to do some searching on, for updating WU. It was easy under the old system of WU. And never had any problems. Its not like that now, with the “new” updating system. Yes, it can be done, and this site is great for information and how to. (If you can get the updates to install).

      I can understand ch100’s stance on this, it would be easy to lose services and functionality doing Group B, and that is why he posts what he does. The thing is, its getting harder and harder, and maybe PKCano and others don’t want to do this forever. It really is easier to run Ubuntu and Linux Mint than a Windows system once you have learned a few things, compared to the updating paradigm we have now. (Not even counting problems with WU under the old system). (You would go into shock over how easy updates are on Linux). The other thing that readers here may want to think about is that Windows 10 is a rolling distribution, eats huge data, needs upgrading routinely. How many home users are up to this? What to do? It may be that users here would be better served by investigating either Ubuntu or Linux Mint while running 7 or 8.1 till 2020/23.

      4 users thanked author for this post.
    • #116529 Reply

      anonymous

      ” It may be that users here would be better served by investigating either Ubuntu or Linux Mint while running 7 or 8.1 till 2020/23.”

      +1

      This is something that I will continue researching.  How I long to be free of some of these issues.

    • #116650 Reply

      Geo
      AskWoody Lounger

      My Microsoft security essentials update is back working .  I`m group A, Win 7 x64Home premium.  When I did the May roll up it quit updating.  I reinstalled MSE and it still did not up date for a couple days.

      • This reply was modified 5 days, 21 hours ago by  Kirsty. Reason: Removed BBCode triggers
    • #116672 Reply

      anonymous

      …so, if I just want to make sure I don’t get the often-botched first patches (the ones that makes all who install them into beta testers without knowing about it), but don’t really care enough about the snooping, how would I go about updating now?

      Also: Have it become harder to patch for ‘Group B’ since last month (would explain the recommendation for many people to move to ‘Group A’), or is there another reason?

      Yet another question: What is this about WannaCry I’m hearing?

      Edited for content

      • #116673 Reply

        anonymous

        Also

        (I’m the person who posted #116672 asking about what to do and if Group B patching have gotten harder lately)

        I have KB4012213 installed btw, does that mean I’m protected?

        I also run Kaspersky Internet Security, and I would assume that as long as I don’t lose my common sense, I should be doing pretty well, no?

        • #116682 Reply

          PKCano
          AskWoody MVP

          …so, if I just want to make sure I don’t get the often-botched first patches (the ones that makes all who install them into beta testers without knowing about it), but don’t really care enough about the snooping, how would I go about updating now?

          If you don’t care about the snoopoig, this describes Group A. Group A installs all the important and recommended updates. That includes the “Security Monthly Quality Rollup for Windows” that is delivered through Windows Update. That is the easiest – just wait until the DEFCON number goes to 3 or above (to avoid problem patches) and install everything that is checked according to Woody’s directions.

          Also: Have it become harder to patch for ‘Group B’ since last month (would explain the recommendation for many people to move to ‘Group A’), or is there another reason?

          Group B patching has not changed at this point. However, downloading updates and manually installing them is beyond the ability of many Users, even many who try to follow that method. So they get confused.

          I have KB4012213 installed btw, does that mean I’m protected?

          KB4012213 is the March Security Only Quality Update for Win8.1. Yes you are protected.

          1 user thanked author for this post.
          • #116683 Reply

            anonymous

            Ah, so if I have done this before, there is no reason to go to Group A?

            Does that mean the following instructions I wrote for myself some time ago is still viable?

            “1. Check the Windows 8.1 and Windows Server 2012 R2 update history for the relevant file. (I’m using Win 8.1, just for the record.)

            1a. Check around the net if there are problems with the relevant Security Only update, and act thereafter.
            1b. Install if has been given a green light, wait if unsure.

            2.Check for Updates via Windows Update.

            2a. Ignore all the non-program-specific Security Rollups and whatever they are called.
            2b. Ignore all Optional Updates unless they are for some reason explicitly relevant to a product i am using (within reason of course).

            2c. Check around the net for more input on entries in the “Important” list concerning software like .NET, Office, Adobe Flash Player a.s.o., generally installing them unless a web search reveals major problems with one of them.
            (BTW, should all “Monthly” Rollups be avoided, or just the non-program-specific ones?)

            2d. Check around the net for more input on any other entries in the “Important” list, but avoiding them unless they seem relevant and/or critically needed.

            3. If all is OK, install updates, check that things didn’t break a.s.o.

            4. Keep an eye out on this website (and on the net in general), in case the situation changes.”

            • #116687 Reply

              PKCano
              AskWoody MVP

              I see one glaring omission. The Cumulative Update for IE11 was included in the Security Only Quality Update for Win8.1 prior to March 2017. Microsoft has split that out to a separate update beginning in March. So you need the Cumulative Update for IE11, which must be downloaded and manually installed like the security only update for Win8.1.

              2c. Check around the net for more input on entries in the “Important” list concerning software like .NET, Office, Adobe Flash Player a.s.o., generally installing them unless a web search reveals major problems with one of them.

              Barring problems, these should be installed if they are CHECKED by default.

              (BTW, should all “Monthly” Rollups be avoided

              If you are in Group B, that is the current recommendation.

            • #116694 Reply

              anonymous

              I’m really happy for your help!

              Just one last question: Is it recommended/obligatory to restart the computer in-between installing each Security Update, or should it be fine with not restarting until all of them are installed?

            • #116699 Reply

              PKCano
              AskWoody MVP

              If you are installing security-only updates for Windows, they are not cumulative, so you can just close the box and install the next one. I usually install the Cumulative Update for IE11 last, then reboot. The rest should be handled through Windows Update and it takes care of the reboots.

            • #116703 Reply

              anonymous

              Just what I did 🙂 Thanks again!

      • #116681 Reply

        Canadian Tech
        AskWoody MVP

        anonymous who just wrote in at 12:48

        Set your Windows Update setting to NEVER…. Leave it that way permanently.

        Go to http://www.askwoody.com to find out WHEN to update. Watch for the MS-Defcon rating that Woody sets. Read is advice there.

        When it is time as he advises, start Windows Update and click check for updates. Since you have chosen Group A, accept all updates offered.

        An additional bit of advice: Do NOT accept driver updates from the Windows Update. Driver updates should not be updated unless there is a specific problem you need to solve. Then only that update should be updated. Your source of driver updates should ONLY be the OEM of your equipment.

        The specific update that dealt with Wanna cry is:
        http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu
        http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_6bb04d3971bb58ae4bac44219e7169812914df3f.msu

        However, if you are in Group A, you will automatically be receiving the appropriate update anyway.

        CT

        2 users thanked author for this post.
        • #116684 Reply

          anonymous

          I see, thanks for your answer (even though I knew the things said in it already), but since Group B patching haven’t really changed, I think I’ll stay in that camp for now. 🙂

    • #117383 Reply

      anonymous

      As a Win 7 home-user, I am staying put in Group C/W…

      The SMBv1 vulnerability only affects those whose port 445 are open to the Internet and who are susceptible to email-phishing through unsafe-browsing practices. Eg the former infection method only affects Enterprise servers that subscribe to MS Remote Desktop Service = their port 445 are purposely set open to the Internet; it does not affect nearly all home-users and some Enterprise servers. The Wannacry hackers did not use the email-phishing method and only targeted Win 7 computers. Hence, only 200,000 mostly corporate computers (out of about 1 billion Win 7 computers = 0.02%) were affected worldwide by the Wannacry ransomware, eg the NHS, Renault and Spain’s Telefonica.

      Port 3389 is open to the Internet if Windows Remote Desktop Connection is enabled, eg for M$’s tech support staff to access your computer through the Internet for trouble-shooting purposes. Similarly, port 8080 is open to the Internet if the router’s Remote Management is enabled. Hackers like to scan/ping for such open ports that give Remote Internet access because they carry Admin privileges = remote execution of malware.
      Normally, only port 80 and 443 in home-routers are open to the Internet for http and https Internet traffic.

      Anyway, I take personal responsibility for my choice, ie “To each, his/her own”. I practice safe-browsing and have my Win 7 Install DVD and System Image ready for any malware/ransomware infection since 2012. So far, so good.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: New Windows 7/8.1 updating method coming

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.