Horowitz: Defending against Win10 bug fixes

Topic

New Reply

One of my favorite security writers, Michael Horowitz, has a new blog post, Defending against Windows 10 bug fixes. Those of you who follow along on t
[See the full post at: Horowitz: Defending against Win10 bug fixes]

13 users thanked author for this post.

Norio, Elly, AlexEiffel, lmacri, geekdom, Karlston, lanceboil, wdburt1, WildBill, Cybertooth, GreatAndPowerfulTech, Pepsiboy, lurks about

Reply | Quote

Replies

Woody, that’s an excellent article detailing the obfuscations and impenetrable language MS uses to get people to install Windows 10 patches even if they want to be cautious about updating. Thanks for linking to it.

The following paragraph leapt out at me:

In Windows 10 Professional, the user interface for delaying bug fixes and service packs is about as confusing as it could possibly be. In my opinion, this is not an accident, I feel that the user interface was purposely designed to trick as many people as possible into not delaying anything. In this regard, I regard Microsoft as the enemy, not the friend of Windows users.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Elly

Reply | Quote

One of the harshest truths about Microsoft, is that they may be doing this on purpouse so that your computer one day may break, and you buy another computer from them.

In fact I believe that’s the whole purpouse of feature updates, breaking computers so that you are constantly buying new ones.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

Just because you suspect they MAY be doing that does not make it a truth!

You believe buggy updates are a good selling point for Windows computers?

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

Kirsty

Reply | Quote

Leverage is not always a pleasant process. Being unpleasant does not reduce the effectiveness of a leveraged position. The advice on AskWoody would not be necessary at all, and the audience would be very small, if everyone felt free to move to another operating system environment. The limitations are the pain, and the pain is the pressure on the working end of the lever.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

And equally b,

unless you have current, strategic level knowledge of Microsoft thinking, just because you believe it may not be the case does not make the reverse true either.

Many people with experience of how organisation behave, not just from a tech/system admin point of view, think that Microsoft is showing all the signs of having “mentally/culturally” exited the desktop OS market without actually admitting it – maybe even to themselves properly.

Organisations as well resourced as Microsoft do not produce the stream of errors/misjudgements that have happened in Windows over the last few years by accident. It is because money, talent, and management focus has been moved elsewhere. That happens through a series of speciic decisions mde at the highest level over an extended period of time.

As I have said several times I just wish Microsoft would make a structured, dignified exit from a market that they essentially created but seems not to be part of their future plans.

“We are moving on from the locally controlled, desktop OS and this is how we will do it, this the timing and these are some ways we intend to help….”

No worries – everyone can plan and move on.

What we are experiencing now is the worst of all worlds.

5 users thanked author for this post.

Elly, AlexEiffel, wdburt1, flackcatcher, RamRod

Reply | Quote

“Many people think…” Who? Where? Oh, here!

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

b wrote:

“Many people think…” Who? Where? Oh, here!

AskWoody is a reflection of the Windows-using community at large.  If people think something here, you can bet that many others, people whose experiences matter even though they may not have posted on a web forum about them, are the same.

I’ve seen posts from people who agree with the idea that Windows 10 updates are something to be defended against all over the web, and more and more articles to that effect are appearing from major tech site authors who do not (as far as anyone knows) have a presence on AskWoody, like the one mentioned in the thread title.  People generally become active users of AskWoody (or any other site that expresses a given point of view) because they’ve reached the same conclusion.

Of course, there will often be some who don’t agree and who stick around to counter that point of view.  Most people are not in that category, though.  If you think Windows Update is working fine and Windows 10 is the best product ever, there’s not likely to be much content here that you will appreciate.  People aren’t coming here thinking Windows Update is working fine, only to be convinced otherwise by the various people here who don’t agree.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

6 users thanked author for this post.

Elly, Sessh, Ed, flackcatcher, Cybertooth, lurks about

Reply | Quote

But only the odd few here think that Microsoft is wrecking Windows on purpose.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

It’s either that they are wrecking it on purpose or that they are wrecking it accidentally.  The level of incompetence it would take to think that what they are doing is not going to destroy Windows simply defies belief.  I can’t think of a reasonable scenario in which a company would think it can treat its customers like this and keep them as customers.

Take your pick: either MS is crafty and is trying to exit the Windows market (which is clearly now a sideline for “cloudy” Microsoft) in a way that will allow them to make as much money as possible in the short term as a means of liquidating that 90% market share (an asset of considerable value), or else MS has lost its collective mind, and thinks that giving customers a third-rate product that they can’t control and that forces consumers to beta test it themselves is somehow a good idea– and continues to believe so three years into the process that hasn’t gotten any more workable than it was in the beginning.

The open letter that Susan Bradley wrote to MS has gotten a lot of attention on the tech sites, so you can bet MS has taken note.  The calls for Microsoft to stop the madness have been loud and clear for years, and only get louder with time, but MS only makes token gestures and refuses to solve the actual problem that is infuriating their customers.  The two articles linked today are just another sign of the discontent with the continuing problems with Windows.

It’s not plausible that MS does not know that what the customers really want is another Windows 7, not… this.  It’s not plausible to think that MS has already forgotten their experience with IE, which had similar market share in the browser market as Windows now does in the desktop OS market, and is now a discontinued legacy product.  It’s not plausible that they don’t know that monopolies weaponized against their customers historically do not last very long.

Microsoft is many things, but stupid is not one of them.

This site is far from the only one where people think such things.  I know I post in places other than here, and I’ve seen a lot of the same names I see here when out and about. I can assure you that I’ve had this discussion on other sites, and I’d be shocked if the other regulars here haven’t.

Articles like the ones we’re discussing are becoming more frequent and more blunt in their assessment.  They’ve just now gotten to where AskWoody was a couple of years ago.  They’ll do it again eventually.  We’re ahead of the curve.

On top of that, in a practical sense, it doesn’t really matter why MS is destroying Windows.  The point is, they are, and they’ve had three years in which to listen to customers and stop what they are doing to them.  They refuse.  Take that as you will!

Regardless of the reasons behind Microsoft’s observed behavior, It’s reasonable to expect that the pattern we’ve seen thus far will continue, so while it may be interesting for us to read the tea leaves and try to guess what Microsoft’s motives may be, the fact remains that Windows and WaaS are not getting any better in a way that matters to most Windows users, and thus are not likely to get any better going forward.  Three years is enough time for MS to give some concrete sign that they get it.  It hasn’t come.

The state of Windows has gotten to the point that many users who have been loyal Windows users for decades won’t touch it anymore.  Woody, a person who has quite literally written the book on Windows many times over, remarked earlier that he no longer recommends Windows to anyone.  If MS doesn’t recognize by now that Windows is in distress, they’re not nearly as smart as I think they are.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

8 users thanked author for this post.

Norio, Elly, AlexEiffel, woody, Sessh, RetiredGeek, flackcatcher, Cybertooth

Reply | Quote

I couldn’t agree more.

And in the final analysis, its not what they say, its what they DO that counts.

1 user thanked author for this post.

Elly

Reply | Quote

It’s not just the “odd few” anymore.  As Michael Horowitz says:

When your big fans turn against you, that’s bad. Leo Notenboom wrote Microsoft, We Deserve Better on Oct. 24, 2018. Quoting: “In recent weeks, I’ve seen calls from several sources suggesting that Microsoft stop, take a breath, and seriously review their update process. I agree. This madness must end … I still believe that most people should take all updates, albeit with extra attention to backing up first … [but] since updates are forced, it’s a little like playing Russian Roulette. There’s no real predicting whether or not the barrel is loaded when you’re forced to pull the Windows Update trigger … Even if your chances of experiencing a problem are one in ten thousand (aka 0.01%), it’s certainly enough to make people nervous.”

When it gets to the point that even Microsoft fanboys call the update process “madness,” it’s not madness to suggest there’s a monetary reason MS continues with it.

Reply | Quote

I think you misundertood what I said B, what I meant to say is that  Microsoft may have the silly idea that they may increase the selling of its OS by doing that horrible updating cycle.

Who in its right mind would think breaking people computers is something good?

Just someone who don't want Windows to mess with its computer.

Reply | Quote

Zaphyrus wrote:

I think you misundertood what I said B, what I meant to say is that Microsoft may have the silly idea that they may increase the selling of its OS by doing that horrible updating cycle. Who in its right mind would think breaking people computers is something good?

If you’re the one providing the hardware, of course you want your customers to need to replace it as often as possible.

Totally a tinfoil hat-level conspiracy theory, but MS has driven Windows Update to a level that only MS techs might have a full grasp of, while simultaneously advertising their new “Desktop as a Service” to push people to adopt hardware they don’t have to manage themselves, and also ensuring their own hardware falls out of usefulness by forced obsolescence at maximum rate, due to the shoddy longevity of their own hardware.

It’s a trifecta of maximum profit.  1. Make Windows so messy that you have to hire Microsoft to run it for you.  2. Offer package deals that give you cheap Microsoft-branded hardware that they can manage for you along with the OS itself.  3. Make sure that the upgrade pace drives people to buy new hardware as often as possible.

None of those points require any kind of long-term quality to succeed.  As long as the failure rate of the hardware and software is lower than the rate of forced obsolescence, there won’t be any problems, and everything will be constantly up to date!

Sucks to be a consumer though.

I’m not saying this is actually what is going on.  As mentioned in another recent article, it’s entirely possible that MS just flat out does not have the capability to produce stable and reliable software (or hardware), and the quick development and update cycle is finally revealing Windows for what it has been for a long time.

It’s just awfully convenient that Microsoft is starting to push all these “___ as a Service” options, at the same time as they drive the complexity and difficulty of keeping a Windows PC running smoothly through the roof, and far beyond what an average consumer wants to deal with.

Reply | Quote

I thought that was a telling thought also Cybertooth. It is a long drawn out article, thought out and presented well enough so even the merely, kinda advanced M$ user could get his point, even if he did make it numerous times.

I have asked [different thread] how to disable M$ updates on my Win 10 Home machine, the main response is DON’T DO IT, or you can’t.[ I know the “metered” trick ]. Okay, I listened and didn’t do the horrid registry tricks totally disabling WSUS by deleting the entity. I did add gpedit and went through the steps to delay WSUS even though I was told it didn’t matter, windows wouldn’t recognize this on a Home setup.  Never say die!

I found a tiny program at,
http://greatis.com/blog/stopupdates10 … and I installed it. It may use a small, small amount of my system resources [Task Manager shows 1.3Mb memory allocated] but if it works, it is a small price to pay vrs possible known headaches allowing M$ to run amok. The really cool thing is you can turn it on and off with far less clicks (2) than the gp route. [If that route were available to me]

To test this program I opened Update and clicked “check for updates”, sadly for M$ there was an issue preventing them from providing me with their latest, greatest [patches]. I can’t imagine what that could have been 🙂 I have Spybot Anti-Beacon zapping the telemetry M$ forces on us, I have to reset that at every boot. This one stayed put where I left it.

My apologies for the minor segue.

I thought this was very telling in the article:

by the time you have something that you can put in front of customers to use, new features have been baked into the final product, making them hard to change in response to feedback.

Hello! Maybe I am missing something, it seems they ask for feedback then gripe it’s to hard or late in the process to undo known reported bugs. Even if the respondents didn’t cross the t’s and dot the i’s in the exact spot, the gist of their reports “should” be apparent. eh, whadda I know, I am only a lowly Win10 home user. (and Linux Mint Tara wanna-be user in the making via VM for now)

Very nice link Mr Woody, thank you!

3 users thanked author for this post.

HiFlyer, flackcatcher, Cybertooth

Reply | Quote

I have asked [different thread] how to disable M$ updates on my Win 10 Home machine, the main response is DON’T DO IT, or you can’t.[ I know the “metered” trick ].

…

I am only a lowly Win10 home user. (and Linux Mint Tara wanna-be user in the making via VM for now)

I’d suggest that you set up your system the other way around:

1. Install Linux Mint and then run W10 as a VM
2. Once you get W10 working, disable the network (in W10 and the VM Manager)

My W10 1703 Pro VM (using VMware Player) has run flawlessly since its network access was blocked.

-lehnerus2000

Reply | Quote

People are generally not buying PCs from MS and buggy updated are the worst thing that can happen to their own line.

The issue is MS believes Insider programme is enough to have things tested and assumes bugs will not be critical – with that assumptions and telemetry the best idea is to push them as quickly as possible. To be able to gather data and fix those (in theory) minor bugs before Enterprise users will step in.

This is the first time I believe having the Pro version is of a real benefit to me. Until W10, I always sticked to Home.

Antec P7 Silent * Corsair RM550x * ASUS TUF GAMING B560M-PLUS * Intel Core i5-11400F * 4 x 8 GB G.Skill Aegis DDR4 3200 MHz CL16 * Sapphire Radeon 6700 10GB * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit

Reply | Quote

woody wrote:

One of my favorite security writers, Michael Horowitz, has a new blog post, Defending against Windows 10 bug fixes.

Good stuff.

He is completely wrong about;

TWO MORE LAND MINES TO AVOID

There are still two more Windows Update gotchas to be aware of.

The first is that the just-discussed delaying settings are ignored if you explicitly ask Windows to check for updates. This was not always the case, but it is now and Microsoft clearly does not want their customers to know this.

No one got 1809 if their channel was set to “plain Semi-Annual” OR if their feature update was set to defer. So the “just-discussed delaying settings” are NOT ignored.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

Woody himself wrote about this 2 weeks ago

Word to the Win10 wise: Don’t click ‘Check for updates’
https://www.computerworld.com/article/3310361/microsoft-windows/word-to-the-win10-wise-don-t-click-check-for-updates.html

Reply | Quote

It’s interesting to note how long it has taken for these columnists and bloggers to catch up to a perspective on Microsoft that has been virtually a consensus on this forum for at least a year, and arguably more.

It resembles what I used to see in the transportation trade press–many big name columnists and magazines were slow to catch on, or perhaps slow to acknowledge publicly what they saw.  I knew some of them.  The all-too-human desire to be in the mainstream dovetailed with a reluctance of criticize companies that served as their principal sources and paid the bills through advertising.

1 user thanked author for this post.

Norio

Reply | Quote

The tech press can be fanboish at times, particularly when a new product or major  version is released. But it reports problems and concerns fairly quickly overall. It has been reporting concerns and problems with W10 from day with varying degrees of concern. Some have been more hopeful that MS shakes the bugs out of the system and others have been more dubious about the whole procedure; fair enough at the beginning. Now I see a consensus emerging across the tech press – MS has fundamentally s***d the pooch with W10. Again while some have more guarded optimism as they report the problems while stating the fault for the mess lies with MS not the users or the insiders.

Reply | Quote

Fully agree – it was VERY easy to see the direction Windows 10 is going to back in 2015 (even though the current state back then was a bit different). I’m kind of surprised people woke up in 2018.

HMTL edited

Antec P7 Silent * Corsair RM550x * ASUS TUF GAMING B560M-PLUS * Intel Core i5-11400F * 4 x 8 GB G.Skill Aegis DDR4 3200 MHz CL16 * Sapphire Radeon 6700 10GB * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit

1 user thanked author for this post.

Cybertooth

Reply | Quote

“Defending against Win10 Bug fixes”.  WOW!!

The cure is worse than the disease.  How the mighty have fallen!

Reply | Quote

I said it once before, some time ago. But it might be a good idea for producers of AV-software to built in an option for blocking unwanted (feature) updates, telemetry and the alike. In fact, An antivirus-program has probably the best cards to continuously monitor unwanted behavior. Since Windows 10 starts to act more and more as a virus itself, it might be the only option. Updating of virus signatures could also add new tricks Microsoft uses to attack Windows users.

Reply | Quote

I made this suggestion in an antivirus forum a couple of years ago and was told where I could go.  The general assumption was that the AV makers are so dependent on Microsoft that they couldn’t start treating its products like malware if they wanted to.

Reply | Quote

Good article and understand and empathise with the sentiments expressed in there, small point, well not really a complaint @woody please don’t link an article with a George Carlin youtube link in it. It took me 2 hours to finish rolling around with mirth to the point I had to read and re-read it over again 😉

2 users thanked author for this post.

Elly, woody

Reply | Quote

Good article. The only thing I disagree with is that Windows 10 feature updates aren’t really considered to be service packs. They’re whole new operating systems. Therefore, the installation is the equivalent of doing an upgrade from Windows Vista to Windows 7, with all of the problems that a Windows upgrade entails.

Reply | Quote

Feature upgrades and service packs are the same, even if Microsoft doesn’t say so, and they are applied the same way (see Windows.old folder).

1 user thanked author for this post.

ch100

Reply | Quote

Great article and I can agree to some degree.

Quoting you Woody, “[…] Unless you really want Candy Crush Soda Saga installed for the umpteenth time”

In fact 1809 is the first ever Windows 10 release that will not reinstall any games during upgrade if they have been uninstalled in 1803

@defensivecomput

One small step for man…

What concerns me most:
No one of you yet brought up that WSUS have never seen ANY patch to make it (the acknowledgement wizard, filters) compatible with branches (SAC, SAC targeted).

With the Windows 10 release cadence, the automatic approval process does not allow to block certain architectures like ARM64, Itanium, nor to prevent acknowledgement of updates for unused Windows releases (like 1511, 1607).

Nothing in WSUS is honoring the condition users that automatically want to block preview updates, and there is no method put acknowledgement on hold by time rules, as in Windows 10 Pro / Enterprise, for any WSUS user – so to setup rules on WSUS.

There are so many “cumulative” shortcomings in WSUS today, that I have hard times to declare it still useful in corporate environments, yet I am sure MS want’s anyone to buy SCCM or adapt an Azure driven Update Management. No deal, Mr. Nadella.

Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

1 user thanked author for this post.

woody

Reply | Quote

May be worth a re-read. Article has been updated numerous times since. It is an excellent article, kudos Mr. Horowitz.

1 user thanked author for this post.

woody

Reply | Quote

Yes, definitely worth a re-read.
And may I suggest to bloggers & columnists that they stop saying “Windows as a service” and refer instead to “Windows as a disservice.”

1 user thanked author for this post.

Cybertooth

Reply | Quote

If you disable WIndows Updates in Services it has a tendency to become undisabled. I’ve found a sure-fire way to disable it, provided nothing replaces the Windows Update executable.
Very simple.
First go to Services and shut off Windows Update and disable it. Refresh Services to make sure it isn’t running.

Now navigate to \windows\system32\ and find files wuaueng.dll and wuauclt.exe. If you can find the former, then look for wuauserv.dll.

For each, go to properties, security, advanced.
Click change owner and type in your user name, Click Check Names to select your user name and Click ok. Then Click Apply or Ok on the main window and close it and reopen it.
Now, you can change permissions for all users.
Delete/Remove permissions from all users and Click Ok.

If that doesn’t work, then change owner to Administrator, close the window and try again.

That’s it.
To re-enable, add “Read/Execute” permissions to System on wuaueng.dll or whichever dll you have. Doesn’t need it on wuauclt.exe for some reason.

Reply | Quote

[Alex5723]

anonymous wrote:

First go to Services and shut off Windows Update and disable it. Refresh Services to make sure it isn’t running.

Too much trouble. Just use one of the 3rd party Windows update blocker. It is much easier.

https://www.askwoody.com/forums/topic/win10-home-4-update-stop-delay-programs-that-work/

• This reply was modified 4 years, 3 months ago by Alex5723.
• This reply was modified 4 years, 3 months ago by PKCano.

Reply | Quote