Third time they’ve pulled this “Gawrsh” garbage in the past four months. Post coming in Computerworld.[See the full post at: Microsoft admits that it forced Win10 1703 machines to upgrade to Win10 1709, even with updates blocked]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Microsoft admits that it forced Win10 1703 machines to upgrade to Win10 1709, even with updates blocked
- This topic has 106 replies, 34 voices, and was last updated 4 years, 9 months ago.
Viewing 33 reply threadsAuthor-
We knew it was GWX all over again. How can you have an “accident” when you give a pop-up notice that it’s going to happen with no way to exit. At least they didn’t use the “Red X means install” trick again.
They are simply preying on their customers – wish someone (with more money than I have) would take them to court. But it doesn’t undo the harm they have done in the last three years and it won’t be nearly timely enough if it happens.
-
-
Exactly right and people continue to reward Microsoft by continuing to use Windows 10 and encourage others to switch to it. They prey on their customers and their customers reward them for it.
So long as people continue to try to live with Windows 10, MS will continue to do this and it will only continue to get worse. IMO, if you use Windows 10, you’re kind of part of the problem because the message you’re sending to Microsoft is “I’m fine with this! Prey on me all you want!” Microsoft will continue to oblige you as they have absolutely no reason to change so long as those people continue to support these actions by using Windows 10.
That’s it in a nutshell. They will continue to get away with this indefinitely so long as people are convinced that using Windows has to be this way now and being treated like this is acceptable. It isn’t. Not by anyone, corporation or not.
Expect this to continue so long as people continue to accept and support this.
-
I think that for most people, they don’t see any option other than MAC, and even that is too much of a change for them.
I am considering getting a bunch of flash drives and setting them up for Linux Live with persistent storage, and then giving them away to friends, so that they can try out Linux. Once they get a taste of something like Linux Mint, I think a lot of people will seriously consider switching to Linux Mint.
Group "L" (Linux Mint)
with Windows 8.1 running in a VM1 user thanked author for this post.
-
-
What exactly is Microsoft hoping to accomplish here? All they’ve been doing is stabbing themselves in the chest.
You think this is how you get more customers? You think this is how you keep existing customers? Even your most loyal customers have completely lost faith in you!
Microsoft has just done a very foolish thing here, with no good reason and clearly no thought in the matter.
3 users thanked author for this post.
-
Keep in mind as we on AskWoody are alarmed over these transgressions, the average user who is NOT using the home machine for work, is most likely oblivious, except for maybe waiting for the completion of the endless update/reboot cycles unless it actually makes the device unusable.
Most home users turn off the PC when they are done. Sometimes this happens even during the update process (usually once if it borks the machine – then once burned, now learned), due to habit or impatience. Many, many are not using CAD, complex spreadsheets, databases, etc. Their idea of work on the computer is from their job, which is usually on a managed machine. If they have an urgent issue, usually email or looking something up, doing YouTube or Facebook, they just pull out the smartphone or iPad and do it – because it always works versus is always updating, and it is in their pocket where ever they are. I have heard so many people complaining not about botched updates, but just the frequency and time it takes. I cannot even imagine what it must be like for Win10 users on other than true high speed broadband internet, and we must remember the US is at the back of the pack on both speed and cost of internet access compared to other nations.
So in a nutshell, until MS shenanigans, mistakes, strategy, or negligence wake the “Sleeping Giant” of the “Enterprise” it will be full speed ahead (courtesy of Adm. Yamamoto’s assessment of America’s reaction to the Pearl Harbor attack). Even then MS will throw a few admin-type bones or new collaboration features to the IT management folks, and nothing will ever work its way down to the average home PC user.
Those who do care about these issues will seek other alternatives, probably Chromebooks for those needing real keyboards, and tablets or phones. Some will try Linux, but I do not see “the Year of Linux” materializing, to home users anytime soon.
-
-
Those who do care about these issues will seek other alternatives, probably Chromebooks for those needing real keyboards, and tablets or phones. Some will try Linux, but I do not see “the Year of Linux” materializing, to home users anytime soon.
ChromeOS is a bona fide Linux distro (as opposed to Android, which isn’t considered a Linux distro despite using the Linux kernel).
The thing is, it doesn’t have to be the year of the Linux desktop. If it’s the year of Linux on your desktop, that’s good enough. It’s not about being a part of a movement or ending Microsoft’s stranglehold over the desktop. It’s about being free of them yourself, and realizing, for the first time, that you don’t need Microsoft. Even if the “year of Linux” never gets here, you’re still free. Linux doesn’t need to catch on in a big way on the desktop to succeed. It already has!
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, OpenSUSE Tumbleweed5 users thanked author for this post.
-
I’m thinking about setting up Linux Live on some flash drives and giving them away to friends, so that they can try out Linux. Most people will never try another OS if they have to install it themselves; but if they can simply plug in a flash drive, then hit ENTER when prompted, they just might try it.
If enough IT professionals make it easy for regular folks to switch, we just might see some big movement away from Windows in the home user market.
Group "L" (Linux Mint)
with Windows 8.1 running in a VM -
Years ago I dabbled with the ‘Knoppix’ live Linux distro CDs. I was fascinated that you could boot an entire OS from your CD drive.
I think it was the ‘gateway drug’, LOL! 🙂
-
-
“It’s easier to ask forgiveness than it is to get permission” (Grace Hopper).
César
5 users thanked author for this post.
-
Maybe so, but they don’t even do that!
2 users thanked author for this post.
MS really needs to quit with this “if you run our OS, we own your hardware” c**p.
Unless you come to my door with a check to pay for all my hardware, no, you don’t own it. And last I checked, you haven’t went to other people’s doors with checks to pay for their hardware either.As Woody said in the article:
“Except, golly, Microsoft hasn’t followed any of those settings.”
Really makes me start to wonder more and more if these settings are being put in there with no actual weight or acceptance, for 2 very simple reasons: 1) to shut people up who want the options/choices and 2) to provide some legal leeway in case of lawsuits. Obviously these settings are not being valued or followed by MS – at least not with past history being acknowledged.5 users thanked author for this post.
‘Never 10’ was appropriately named by Steve Gibson and it still rings true.
Keep IT Lean, Clean and Mean!3 users thanked author for this post.
-
With the 10 fiasco, Steve Gibson will do for 7 what he did for XP to keep it running.
1 user thanked author for this post.
-
..and not forgetting W8.1 when it nears EOL
Keep IT Lean, Clean and Mean!1 user thanked author for this post.
-
Many years past, the landline phone company split into many smaller companies. The landline smaller companies were monopolies charging rather fierce rates for enhancements, long distance calls, and installations. There was no choice.
The advent of the cell phone reduced landline phone company lock on the market.
Wait. Watch. There will be a new technology that replaces Microsoft’s operating systems. It will come from nowhere and gain traction. Some things will go missing — I miss phone books and I don’t like having to charge my phone — but autonomy will be regained.
Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefenderThe common User is at the mercy of Microsoft. Most have Home Edition, witch doesn’t even have sufficient tools to block forced updates. They are innocent of what’s happening because they don’t keep up with things-techy. And they haven’t a clue how to fix the damage or even how to roll back within the “magnanamous 10 days” the MS gives them.
The push is going to have to come from Small Businesses and Enterprise. I know these forced upgrades are costing them money as well. They have the enough money and clout to make a difference if they will just speak up.
Legally I don’t see how they can keep doing this. They “promised” after GWX not to do it again. But it keeps happening over and over.
Thank you, Apple, for my Macs!!!
& This is why I haven’t upgraded from Windows 8.1 to Win 10 whatever in over 2 1/2 years. Trust is the issue!
- If I can trust Microsoft to deliver a stable & dependable version of Windows 10,
- If I can trust Microsoft to update & upgrade Windows 10 Pro when I schedule it (or to not update Home if I am set to a “metered” connection),
- If I can trust Microsoft to deliver what they promise, when they promise it,
THEN I will upgrade to Windows 10 Pro whatever. Without trust, I will stay on Win 8.1 until end of life, researching other options in the meantime.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...4 users thanked author for this post.
“Windows 10 version 1607 and version 1703 are not yet at “end of service.” However, they must be updated to the latest versions of Windows 10 to ensure protection from the latest security threats.” – it’s nice that my Windows 8.1 does not need those kind of updates to ensure protection until 2023 :).
ASUS PRIME Z270-K * Intel Core i7-6700 * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * SanDisk Ultra 3D 1TB SSD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 21H2 64-bit5 users thanked author for this post.
-
Yeah, isn’t it “totally” strange that Microsoft’s not able to update older versions of Windows 10 but is still able to update Windows 7 and 8.1?
Wonder what their absurd excuse is for justifying this madness.
1 user thanked author for this post.
-
Actually, Windows 8 was forced to upgrade to Windows 8.1 Update in order to continue receiving security & quality patches. I was willing to go that route & still be supported, rather than stay on Windows 8 Jekyll & Hyde, or switch to another OS. It was (& still is) less complicated than the Win 10 clusterforks that exist now.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...1 user thanked author for this post.
-
-
-
I found a few versions of KB4023814 via Google. I downloaded and installed this version on a Windows 7 virtual machine: http://7.au.download.windowsupdate.com/d/msdownload/update/software/updt/2017/11/windows10.0-kb4023814-x86_edf6004393cb8cd72f85bd4c173220c96a53f62a.cab. It was digitally signed by Microsoft on November 7, 2017.
Files added by this version of this update:
c:\windows\updateassistant\updateassistant.exe
c:\windows\updateassistant\windows10upgrade.exe
c:\windows\updateassistant\task.xml
c:\windows\updateassistant\calendartask.xml
Tasks added by this version of this update:
\microsoft\windows\updateorchestrator\UpdateAssistant
\microsoft\windows\updateorchestrator\UpdateAssistantCalendarRun
As abbodi86 mentioned, KB4023814 appears to be the Windows 10 Update Assistant.
-
-
-
There are various web references that newer versions of KB4023814 can additionally add a task named UpdateAssistantWakeupRun.
Also, the installation folder for newer versions of KB4023814 can be \windows\updateassistantv2 instead of \windows\updateassistant.1 user thanked author for this post.
-
UpdateAssistantV2 belongs to GWE component, which is delivered via OOBE updates like KB4054505/KB4054506/KB4054507
GWE is also bundled with CU for 1607 and 1703
1 user thanked author for this post.
-
-
-
-
Here are latest releases
http://download.windowsupdate.com/d/msdownload/update/software/updt/2018/01/windows10.0-kb4023814-x86_f75ad19c952bb75fbd4a47885c061ef821152fff.cab
http://download.windowsupdate.com/c/msdownload/update/software/updt/2018/02/windows10.0-kb4023814-x86_6b9a76c3b2ab76f36fb5b2f0b3a7603570403c8c.cab
http://download.windowsupdate.com/c/msdownload/update/software/updt/2018/03/windows10.0-kb4023814-x86_dcf44d4e5d8714e87da9433f702ab7bdd5576bdd.cabthey don’t differ much, as it just wrapper for Windows10Upgrade.exe, which can be obtained directly
http://go.microsoft.com/fwlink/?LinkId=760799for the sake of completence, here are various releases of remshell
http://download.windowsupdate.com/c/msdownload/update/software/crup/2017/08/windows10.0-kb4023057-x86_234017811c9a0503499586a5f57b29ba2bc63083.cab
http://download.windowsupdate.com/d/msdownload/update/software/crup/2017/09/windows10.0-kb4023057-x86_82783906e7c946b01624d4d230c2000e805c0dce.cab
http://download.windowsupdate.com/c/msdownload/update/software/crup/2017/10/windows10.0-kb4023057-x86_de9ba76f1958697be33d8027bddcb394e601c835.cab
http://download.windowsupdate.com/d/msdownload/update/software/crup/2017/10/windows10.0-kb4023057-x86_08fb3988b57610ef28e78fa3581474c1067d0595.cab
http://download.windowsupdate.com/d/msdownload/update/software/crup/2017/11/windows10.0-kb4023057-x86_1c970337067b58ab8a0df6dcb2f0ad6364727745.cab
http://download.windowsupdate.com/d/msdownload/update/software/crup/2017/11/windows10.0-kb4023057-x86_cf3105245d4a4f2cd199a943b20ed9ef14f75606.cab
http://download.windowsupdate.com/d/msdownload/update/software/crup/2018/01/windows10.0-kb4023057-x86_7c6894fdd300b310b64209de449450006b374498.cab
http://download.windowsupdate.com/d/msdownload/update/software/crup/2018/03/windows10.0-kb4023057-x86_6e5e90cfaeb3532fc1ee4d23645dda4f74b42c41.cab -
-
No, i did not post them before, no one want upgraders updates 🙂
i use WUMT to copy links without downloading or installing updates
i have Pro 10240 VM to check for these nasty updates1 user thanked author for this post.
-
Inevitably some people are probably going to look at this and say, “So what’s the big deal if you get upgraded?”
While I’m sure many people on this site are willing to let you know the errors of your ways, I have my own thing to say to such people. Windows 10 upgrades are messy things. Essentially when you install one of these feature upgrades, you’re basically installing a brand new version of Windows on top of your existing programs and files. This process is messy and it’s been known to break programs and cause all sorts of havoc on your computer — I’ve been a victim of such shenanigans.
When Vista, Windows 7, etc. came out, people had the option to upgrade their older computers to these newer systems without losing all of their files. The risk was theirs to take, but Microsoft didn’t force them to upgrade. When Vista came out, Microsoft really screwed up with the “Vista Capable” program, but you could still stay with XP if you wanted to. It wasn’t forced, and if you wanted to take the risk, the option was there. In short, the choice was YOURS. Same goes for other versions of Windows. You could always do a clean install of Windows, which would mean you’d lose all your existing programs and files, but those were at least less messy than keeping your existing files and folders. Still, upgrading is a messy thing to do, and definitely a nail-biter.
With Windows 10, you no longer have the choice to stay with your old OS. Microsoft now forces you to perform this risky upgrade procedure on their own schedule, which is not every several years, or even once a year, but EVERY SIX MONTHS! That means that, twice a year, if you kiss Microsoft’s feet, you’d have to risk breaking your entire system with this risky upgrade procedure!! And Microsoft doesn’t care if you break your computer, because if your computer won’t boot up after a botched upgrade process, there’s no point in Microsoft releasing a “patch” to “fix it” — your computer won’t boot up to install that patch, duh!! And if you’re not tech-savvy enough to restore it, you’re probably just going to give up and buy another computer, which means MORE MONEY TO MICROSOFT!!!
I don’t know about you but this laptop I’m using right now isn’t cheap, so for Microsoft to break it carelessly and then expect me to shell out more money to buy another is simply preposterous. Upgrades are messy things and users should NEVER be forced to upgrade, if only because an upgraded system is little more than a brick if you can’t do anything with it. Companies are wary of upgrades for a good reason: a botched upgrade will destroy productivity and could result in massive losses of profit… that is, if the upgrade doesn’t screw anything else up. So it is with me: I need this computer every single day for school and for work; Microsoft bricking my computer isn’t as simple as me just getting a new one, and even if I did get a new one, there would be a HUGE disruption in my life. I already use Google Drive for all of my school and work so the damage there would be minimalized, but heaven knows what would happen if I kept all of my work locally and then lost access to them because Microsoft broke my computer because they insisted on basically playing Russian Roulette with my computer. WITHOUT MY PERMISSION.
Note that I distinguish upgrades differently from UPDATES, which are the classic Patch Tuesday security patches and bug fixes Microsoft releases. Those are important, and they generally install a lot more seamlessly than upgrades do (They don’t install a WHOLE NEW OS onto your system is what I mean), even though Microsoft screws them up pretty often as well. But updates are easier to digest than upgrades, nevertheless. Absolutely Microsoft should keep their updates coming. They just need to stop with these mandatory upgrades. And if I need to upgrade in order to update… I don’t know what Microsoft is smoking. Probably burnt Smarties. But they should just forget about calling me a customer if they continue with this, cause I’ve already given up calling Microsoft “good people”. They’re about as malicious to me as some unidentified hacker on the other side of the world wanting access to my bank account.
13 users thanked author for this post.
-
I would like to add a little more to what the Op anon posted:
Even if you have a laptop/PC just for gaming and unimportant stuff, there is no excuse to release a feature update that haven’t been properly tested in all systems.
Ok supposedly the insiders tested it first and was debugged, but I would like to bring a few questions: what if all insiders dont really have all kinds of computers? what if insiders only use certain type of computers?
that’s why I said feature updates aren’t truly tested
1 user thanked author for this post.
-
The problem with using Windows Insiders to test W10 is that the Insiders don’t seem to use the WI versions for real-life things. For example, serious USB and Kindle issues snuck past them. Do no Insiders use USB or Kindles? Did they report problems? Did Microsoft ignore the reports?
I suspect most are in the WI scheme because they’re addicted to having the ‘latest and greatest’.
And who then, if anyone, tests Windows 7 and 8.1 updates? The users, it seems.
Meanwhile blinkered Microsoft lives in another world where all updates and Windows 10 are perfect.
Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.
5 users thanked author for this post.
-
-
I now believe that even telephone scammers who misrepresent themselves as microsoft in order to gain access to your computer will hang up when you tell them you have windows 10.
Windows 10 may have it’s benefits after all!
Keep IT Lean, Clean and Mean!7 users thanked author for this post.
Not even 2 years ago, my aunt bought a cheap laptop because she felt she needed to learn how to use a computer since more and more interactions with government or other entities require it. She bought a laptop with 4GB of RAM, 500GB HD, 15.6 and a Pentium dual core processor. Since then, she often had issues with “updates”. “Google” disappeared, she said when I saw her on Christmas 2016. She got help from some knowledgeable relative that spent hours fixing things after updates and help her learn how to bookmark websites.
Finally, two weeks ago, she asked my mom if I could help as the other relative didn’t know what to do anymore. She was ready to just throw the computer to the bin because it was out of the one year warranty and she wasn’t sure she would pay someone to fix it and have it broken again in a few weeks. This computer was just problems for her since the beginning and she is exactly the kind of people Microsoft targets when they want things unexplained and simple so even someone who never used computers can enjoy Windows. To her, the computer was just this very scary thing that keeps updating and breaking.
When I got the computer, it was restarting constantly saying it had to complete the install of the latest Windows, but it couldn’t complete. You could press Ok and it would restart and do the same thing. What an horrible experience for a normal home user!
I didn’t see any easy fix for that. I thought maybe I could dig here to find a solution, I quickly googled solutions using dism but nothing worked. And I am not the most newbie about computers, eh? Of course, I don’t often have to fix computers that way because I usually set them in a way that either prevents this kind of behavior or I have restore points, images, etc. Once I found the secret key combination to boot the restore partition, I was disappointed to see there was no restore point to go to before remembering it is now a feature to not have restore points by default. Anyway, the computer would maybe have tried to reinstall the update as soon as I would have restored, maybe?
Luckily, my aunt has nothing on this computer except 5 pictures, some bookmarks, and a few app store games. So I just refreshed the computer instead of trying real hard to make it boot again which is what I would have done on a computer where I would care to keep what was there in the first place. It kept the pictures, the login picture, the games were lost, the bloatware was all there. Oddly, it was almost fully patched on 1709. I did all the few remaining updates with no issue. So that is the new way, à la Apple. Don’t try to understand. If it breaks a bit, just wipe everything and start from scratch, loose your time redoing all the customization and settings that we think you shouldn’t do in the first place.
Anytime I typed something, I would have to wait to see what I write because the poor CPU would struggle too much running all the default installed bloat in parallel. Now, I had a choice to make. I could have spent several hours cleaning this initial default setup mess and set it the way I do for people I normally manage the computer. But I didn’t know if I could remove the wildtangent thing because she played a game on it or not. The machine was a mess of adware and low quality preinstalled software. I didn’t know if I could cut the store like I normally do, if turning off some of the things I turn off would be an issue for her. I was also afraid I would do all that only to end up with her not being able to use her computer in a few months during the next upgrade that would fail.
So I left everything like this and decided to let her deal with the problem the way she had done before by having the relative help use the computer. After all, it didn’t cost her anything and she would have her brand new computer thanks to me. I just couldn’t take that responsibility since I don’t see her often enough and if there was issues with what I did thinking I would do it for the best, she would feel too bad calling me again. I thought it was the best thing to do. I gave her back a working computer.
But don’t worry, I am not that mean.
Honestly, the motivation to invest a lot of time only to see it maybe ruined in a few months wasn’t there. Also, as a new computer user, I thought she didn’t have too much legacy in the Windows ecosystem and I honestly thought she wasn’t well served by this new WaaS. She told me she considered buying an Ipad instead when she thought she would ditch the computer, saying apparently it is more like her phone.
So I didn’t tweak or tried to tame the Windows initial install with third-party bloat. I did something else. For the first time for someone else, I installed Linux Mint xcfe dual booting. And considering that my aunt has no printer, that she only uses web mail, browse the web and play a few games, I suggested to her she only uses that OS from now on and she would be done with update issues. I easily installed a Mahjong and Solitaire replacement, adjusted Firefox a little bit and wow this OS that is supposed to be the lightweight uglier Mint looked so nice. It was simple. Nothing difficult to use and it was also very fast. It looked a bit more like a Mac. This very basic hardware suddenly looked a very good deal for the price and the usage scenario. I could type and see the letters I typed as I typed them. The browser didn’t take 30 seconds to launch. So now my aunt will use Linux Mint and I offered to help if there was anything that was difficult with it for her.
Somehow, I felt like this would be time well invested compared to the prospect of leaving her with a tweaked Windows that will certainly break again in a few weeks.
11 users thanked author for this post.
-
-
What did you do about AV on Mint for your aunt since she will be doing financial transactions on that laptop?
1 user thanked author for this post.
-
I don’t know anybody that uses AV on Mint, or any other Linux distro.
Linux cannot get a Windows virus. Smart computer and surfing habits, a good password, never running in root account, and a few browser privacy extensions is all you need. 🙂
-
There are various Anti-Virus solutions for Linux, here’s a link:
https://www.tecmint.com/best-antivirus-programs-for-linux/
If it were me, I’d setup a chron job with Clam anti virus, and also setup clam to auto scan USB drives . That’s really to protect Window users for the most part, though, as most Viruses don’t execute under Linux (you’d have to give them permission to execute, and most Viruses are expecting a Windows device).
Malware can be a problem, though, so if she’s Banking, make sure her favorite browser has UBlock Origin
And either NoScript (or equivalent, like SafeScript). You can configure NoScript to trust her bank, and other trusted sites (Same with UBlock, which I think is better now than AdBlock). Also, she should be comfortable with Mint Update, or set her up for automatic updates .
OS security updates are not only vital for securing your PC, but pretty safe as well in Mint, and are easily reverted if needed. I’d also make sure that the Intel Microcode appropriate for your device is selected (under Driver Manager), to protect the PC from Spectre/Meltdown (it’s easy to uninstall, if there’s an issue with the code…much safer than a bios update!)
1 user thanked author for this post.
-
While I love Mint, and you can harden it, the best way to do online banking is with a distro designed for security by the US Department of Defense and US Air Force:
Trusted End Node Security (TENS)
This can be installed on a CD or USB stick (and it can boot right off the stick or CD, so Windows users can use it as well); it’s as safe as you’re going to get. Here’s an article about it in Wikipedia, under it’s old name Lightweight Portable Security (LPS)
2 users thanked author for this post.
-
-
-
-
Very good question and that was the first one my aunt asked. She was scared to get a virus and wanted to make sure she had a good antivirus.
I will give you my opinion. I think I am not the least informed here regarding security, but I would gladly receive MrBrian’s opinion about it. To me, and maybe it is because I didn’t see enough amazing posts from other very knowledgeable users, MrBrian should get a special Security MVP badge. I don’t see anybody here that have a knowledge remotely close to his deep knowledge about security. I would always defer to his informal authority on this. I don’t know what he does for a living and where he got his training, but he is very well-informed and have a really good understanding of security issues. He will flat out tell you that you are not as secure as you think if you are not and expose the theoretical risk that you can then choose to accept or not depending on the balance of convenience/performance/security you want.
So, hopefully my facts are not too out of date. Here we go. I didn’t install an antivirus. I think antivirus are way overrated on Windows already. They provide a dangerous fake sense of security to less knowledgeable users. Most users I see infected use an antivirus. They are not useless at all, but they are only a part of a larger set of tools to lower your risk. Much more importantly, on Windows, you need to have patched software. This is rule number 1 for me. I will cite Brian Krebs 3 rules for security here :
https://krebsonsecurity.com/2011/05/krebss-3-basic-rules-for-online-safety/
1) If you didn’t go looking for it, don’t install it.
2) If you installed it, update it.
3) If you no longer need it, remove it.
The thing is, antivirus only detects maybe one out of three new viruses. So you might get lucky, or not. If you are a careful user that doesn’t install new software or only very well-known software and you don’t click on suspicious attachments in email, what is your greatest risk? Running into a tainted website. It might be a legitimate website infected by a third-party malicious ad. There is no way to avoid this risk. So what can you do ? Patch your computers so those drive-by downloads might be unable to hit you without you doing anything other than having clicked on a legitimate link to show you the tainted web page. Realize that new viruses exploiting a known vulnerability that has been patched and that would not be detected by your antivirus will be blocked.
Does it mean to patch as soon as patches are released? No. Too much risk nowadays with that strategy. Some programs like Firefox autopatch quite well and I let it patch. Windows, follow Woody’s strategy. The browser and any wide-open Internet facing app is a very important part of your security strategy.
Rule number 2 : disable anything not needed in the browser and maybe add some protections there. Using Firefox, I only enable Flash on demand and only enable it out of extreme necessity. Flash will be gone in 2020 anyway. Get rid of it if you can or leave it on ask to enable for every site. No Java plugin in your main browser, it’s dead for me (Java is not Javascript, you can’t really turn off javascript and have a decent web experience for lots of sites). In Firefox, you can install an adblocker (adblock plus or maybe better ublock?). You can install Noscript to only enable scripting where you want. For home users, I install Noscript but it can ruin their web experience having to constantly allow so I enable all script globally within Noscript and at least it still protect against some cross-scripting attacks, which is better than nothing.
Another important step you can do to prevent malware undetected by traditional antivirus is to use the free Microsoft EMET (on Windows 7 or 8) or its replacement the new built-in Exploit Guard in Windows 10. This is like preventing vulnerabilities from being exploited, a bit like having a general patch before the specific patch is issued. It is far from perfect, it can be circumvented by fancy code, but it is much better than nothing. Some third-party package promise similar anti-exploit protection. I personally use EMET and a traditional antivirus only on Windows, plus healthy patching and the Firefox add-ons I discussed.
Having UAC turned on is something that could also help alert you to some unexpected program behavior. I leave it to maximum setting and it really doesn’t bother me. It is far from perfect and it is not a real security protection, but it can help prevent some bad code that is not too fancy from installing deeper into your OS and do other bad things that a normal user can’t do. However, it doesn’t protect you from a ransomware who would encrypt all the files that you as a user have access.
As for two-ways Firewalls, I abandoned that years ago, especially for home users. It is too cumbersome to operate for few added benefits if any, to home users. Once you have malware in anyway, to me the station is doomed, two-way firewall or not, you had failure somewhere in your security chain and I will reinstall, not “clean” as you can’t ever know for sure that you cleaned perfectly and there is no hidden encrypted code somewhere that you can’t detect. I know Avast will alert you if rogue software tries to contact some illegitimate IP and block it, so that plays a bit in the league of the two-way firewall, but asking users to respond to questions about which software component or service to allow outside is too much for most normal users and risk hurting functionality.
So, having all that in mind, here comes Linux. How do you translate all that? Malware almost always target the Windows platform. Running an antivirus to protect your Linux computer from it seems unnecessary to me, at least for the usage scenario of my aunt, which won’t install anything and will mostly be exposed to drive-by downloads that doesn’t target her. Keep Linux patched, use Firefox without Flash or Flash on demand only, an adblocker and I would put my hand on fire that she is less likely to get infected than running Windows with a full security suite like normal Joes/Janes do. I don’t know if there is an EMET equivalent on Linux, but the risk profile of a Linux desktop is so different than Windows, I am not sure we are there yet in term of practical needs. That doesn’t mean it won’t change if Linux desktop gets more love, but for now, maybe it is not only good enough, it is better than Windows due to the different specific context under which both OS operate.
If you carry the laptop on the road, a useful thing would be to have some inbound firewall like Windows for Linux. I didn’t investigate that yet, but my aunt won’t move it I think. I will look into this anyway later. I know there is something called iptables, maybe it is there by default, configured or not, I don’t know about Linux enough yet.
The best protection is also to have regular backups and not leave them connected to the main computer so you don’t end up with a ransomware that encrypts your backup or even your always-on cloud backup while it encrypts the files on your computer.
Last, I am not one to say Linux users are irresponsible if they don’t block Windows virus on their computer. A careful user will not likely transmit viruses and since its biggest risk is exploit based, those are not something you transmit to someone else if you are not infected. So, not running a traditional antivirus on Linux is not a crime, to me, for fellow Windows users. Bonus: added performance. You could always download an antivirus to do a once a week scan of your drive to check for problem files instead of real-time protection. That would make sense. I use a real-time antivirus on Windows + a weekly full scan to check for viruses that were not detected the first time and that the antivirus learned in the meantime. It is far from perfect, as if the virus successfully infected you, it might have encrypted itself and become undetectable or have already caused issues to your antivirus or Windows, but it is better than nothing and something it can catch minor annoyances installed in the user space to display ads or other annoyance.
So, hopefully, that answer your question in a satisfactory manner or it helps a bit in your search for doing what you need to feel secure.
4 users thanked author for this post.
-
Very nice rundown of how to harden a Windows system.
Especially for a non-techie user, I would recommend setting her up in a standard account rather than an administrator account. This is analogous to the typical Linux setup where you have limited rights and need to sudo in order to affect the system.
I’ve seen statistics indicating that upwards of 90 percent of vulnerabilities patched by Windows updates would be closed by simply using a standard account.
-
-
-
gufw is the gui for Linux Mint iptables firewall…easy to install from Synaptic (or Software Manager), easy to setup. Here’s a link:
https://community.linuxmint.com/software/view/gufw
And here’s how to set it up under the GUI:
https://www.linux.com/learn/create-firewall-configurations-easily-gufw-ubuntu
2 users thanked author for this post.
-
A nice summary, and thanks for the kind words :).
“If you installed it, update it.”
I tend to install program updates only when there is a security fix, or an important new feature available.
1 user thanked author for this post.
Another though here on secure Linux. Use a bootable Linux distro that you download as an .iso file and burn it to optical disk.
CD/DVD-ROM is read-only, so nothing can be altered on that image. It runs in RAM when it is booted, and when you power off all changes are gone!
So unless you set up persistent file storage on another drive, you will get a fresh, unaltered copy of the OS every time you boot!
Perfect for online banking! If you only visit your bank during a session, it is highly unlikely you can pick up a keylogger or some type of banking trojan that wants to hide on the system. I’m not even sure that is possible with Linux. And if it did, it would be your bank’s website that was compromised anyhow. Even in theory, if it made it into memory somehow, it would be erased with the next reboot! Read-only boot drive! 🙂
2 users thanked author for this post.
I use Sophos A/V for Linux:
https://www.askwoody.com/forums/topic/sophos-antivirus-for-linux/Group "L" (Linux Mint)
with Windows 8.1 running in a VM1 user thanked author for this post.
@ AlexEiffel
Problem is, Win 10’s forced updates/upgrades will often break Linux’s Grub bootloader in the dual-boot system, resulting in the computer booting straight into Win 10 and Linux Mint “disappearing”. The likely fix for this problem is to reinstall Grub.
A workaround is to install LM on an external USB hard-drive but doing so in UEFI mode is quite complicated. Unplugging the internal hard-drive will simplify the process. This used to be easily done in Legacy BIOS mode.
Seems, the only solution to prevent Win 10 updates/upgrades from breaking Linux’s Grub is to run a Live LM USB flash-drive with persistent storage.
1 user thanked author for this post.
-
-
Or install Linux and clone Windows.(In case she wants it in the future).
Set up a guest account for her. If she’s not installing software at all, should be o k.
If she only browses the web and does email, look into Firejail and just lock down the browser.
John W’s advice for firewall is important – and remember to enable it. Search for how to do this.Set up a guest account for her. If she’s not installing software at all, should be o k. (after you have set up the firewall). You could also investigate remote software options for her distro, so that you can download something for her. Install Clam (Antivirus (gui and base available from Software Manager)- do a search on it – right-click to scan, you can just scan home folder).
1 user thanked author for this post.
-
-
Sorry, my bad, but it is the Windows 10 forced upgrade that soft bricked the laptop and caused this “should I invest a lot of time fixing Windows until the next issue or should I try to see if Mint would be a better solution” question.
By the way, I never found how to fix the issue of the rebooting install that never completes. I got tired of looking for it maybe a bit fast but still it is telling that someone who is at least a bit computer saavy can’t even quickly find a solution for a problem that seems to happen quite often to other folks. To me, reinstalling with a refresh would only be a last resort solution and not an acceptable one if it was my computer.
One thing that gave me the courage to try Mint for a Jane user was that story of a girl at the office from customer service that told me she was running Linux about 4-5 years ago. I wondered why this very normal user would run Linux. She said a friend installed it for her and it was faster and simpler and she never had issue to enjoy her facebook machine. Quite surprising and telling. I remembered that when I wondered what I should do with my aunt’s computer.
1 user thanked author for this post.
-
“By the way, I never found how to fix the issue of the rebooting install that never completes.”
2000009: Getting out of a no-boot situation after installing Windows updates
1 user thanked author for this post.
-
Woody: “Some would argue (and I still do) that the ability to readily block updates is the most important feature of 1703 — and the single reason why individual Window 10 customers should spring for Win10 Pro, instead of Win10 Home.”
No need to update to Win 10 Pro. I’ve kept three computers on Win Home at version 1703, by following Woody’s advice on locking them down. If I don’t recognize an update displayed by Wushowhide, I search for it by KB number in the Lounge. I only open the metered connection for updates when the Defcon permits.
There were a few scares last fall when WU threatened to install 1709, but after rebooting the threat was gone.
1 user thanked author for this post.
-
-
Woody: “Some would argue (and I still do) that the ability to readily block updates is the most important feature of 1703 — and the single reason why individual Window 10 customers should spring for Win10 Pro, instead of Win10 Home.”
I’ll just add that it works only when Microsoft wants it to ;).
ASUS PRIME Z270-K * Intel Core i7-6700 * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * SanDisk Ultra 3D 1TB SSD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 21H2 64-bit1 user thanked author for this post.
Windows 10 Forces Early Upgrade, Behaves Like a Virus has section “Killing and Blocking the Update Assistant.”
4 users thanked author for this post.
Just wanted to add my two cents here. On my Win10 Pro 1703 PC, I have configured the automatic update policy in GPEDIT to ‘Disabled’, so that it has disabled the deferral options in my Windows Advanced Update Options. Notice that they are asterisked and grayed out.
The result of this is that I was not offered the 1709 upgrade on 3/6/2018. I manually requested the download of the two available Win10 updates from Windows Update.
https://i.imgur.com/m78RDsS.png
https://i.imgur.com/rmPsAkC.png
-
Did you try ‘gpedit.msc’ in search, or run?
-
-
Probably not, because you agreed to the EULA that the MS lawyers wrote. Good luck!
Those were a lot of “accidents” in one rollout.
Ignores options blocking automatic updates
Installs update assistant on your machine without permission
Starts downloading updates without giving you the option to stop other than killing the process (which just restarts again in a few minutes)
Re-installs update assistant if you try to delete/uninstall or break it
Re-starts update service within minutes even if you keep disabling it
Re-boots your machine without your permission
Some of this behavior was on par with most viruses I’ve come across…
Seems MS were really desperate to get this update out.
Will be upgrading to windows 7/8.1 as soon as I get the time(until I am hopefully able to jump ship to linux).Edit to remove HTML. Please use the “text” tab at the top of the entry box when you copy/paste.
1 user thanked author for this post.
Does anyone know if Microsoft has been taken to court over forced updates which fail, and result in lost productivity?
Microsoft’s heavy handed update mistakes are certainly actionable. Given that I live in Canada instead of the USA, that type of error is actionable, and I wonder whether such practices might be an act of war?
It certainly appears to me that with forethought and malice, Microsoft sought to install software across international borders which I did not want, which I had taken active measures to prevent being installed, and which, never-the-less attempted to install. When the installation failed, it deprived me of the lawful use of hardware I own, and applications I own the right to use. I ended up paying a consultant to rebuild a PC, and lost days of time.
Chatter about Linux is fun, but a lot of people use applications which only operate in a Windows environment. It is totally unacceptable for M$ to blow-up a time consuming 3D print run, and even worse when the target PC is rendered unbootable – all in the name of patching an OS.
Once upon a time, the M$ defence rested on it being our choice to accept their patches. We no longer have that choice. Our businesses and, for some, their livelihoods, now depend on Microsoft upgrades being applied successfully on Microsoft’s schedule.
So, back to my original question: Does anybody know whether Microsoft is being taken to court over their patch installation policy or, patch installation failures?
McLachT
2 users thanked author for this post.
600 comments regarding Woody’s article at https://www.reddit.com/r/sysadmin/comments/843esj/for_the_third_time_in_the_past_four_months/.
1 user thanked author for this post.
-
So that explains why our “visitors” number yesterday went through the roof. Busiest day ever. And I can see that things are sluggish on AskWoody already today.
Ah well. I’ll see if we can throw more hardware at it.
2 users thanked author for this post.
-
-
I keep getting pages with error codes. I guess the site is extremely busy. Looks like you are going to need more hardware again, Woody. I predicted your site would only get more popular as Windows evolve. I just hope the ad revenu from this added traffic will cover more than the cost of hardware. In the last few days I often can’t get a response fast enough and I get a timeout.
1 user thanked author for this post.
-
as Windows evolve
Maybe “devolves” is more appropriate in this context…
1 user thanked author for this post.
-
-
[–]siclikSysadmin 2 points 1 day ago
Suspicion? Today I was talking directly to a Microsoft licensing specialist and he told me it’s a sure thing. There are internal memos stating this will start in June 2018. Win 10 Enterprise, Server OS, and the likes WILL be subscription-only soon enough, guaranteed.
If true, this means companies will no longer be able to buy or lease Win 10 Ent Volume Licenses together with the additional 3-years Software Assurance or Upgrade Insurance.
Wonder whether Win 10 Ent LTSC/LTSB will also be subscription-only.
1 user thanked author for this post.
How to solve the Windows 10 problem? Get rid of it, and switch to Linux Mint! It is free! and it aqlways will be. It is easy to use! It only gives You updates You want, and gives You updates with risk numbers beside them from 1-5, the higher the number the bigger the risk. But that is the good part of Mint, it tells You the risk! and You decide if You want to install them or not! You don’t have to buy security software to keep Mint safe to use, because Your chance of ever getting a virus is about 10,000 to 1. Am I saying it is not possible? No! but even with Mcafee or Norton! or any other anti virus, You can still get hacked! besides, if You decide You want an anti virus on Mint, You can get one free! Yes free of charge! Yes it is true that some on line programs don’t work on Mint, Like VUDU!, and some software doesn’t work, but we are talking about ones privacy here are we not? Netflix works! Fandango Now works, and if You like VLC media player, it even works! If You decide that Linux Mint is something You would like to try, they’re is tutorials online to show You all You need to know! An the good part about Linux Mint, if something does go wrong, You can wipe the system and reinstall it in around 20 minutes, but that depends on how fast Your PC/Laptop is. You will have to install more updates after You install Linux! Hey if You have Your Windows on a backup disc, Give Mint a Try! If You don’t like it, then You can always go back to Windows! You won’t lose anything but time, and who knows, You may fall in love with it! I did, and to me Linux Mint, runs a lot faster then Windows 10. Why? Because it is not loaded down with CrapWare! Just Saying!
1 user thanked author for this post.
I am a newcomer to this forum and a relatively novice win10 user so please excuse the amatuer writing.
WIN10 has been a pain with the forced updates after which all my settings are messed up and WIN10 can’t find multiple displays. I have had to roll back at least 3 or 4 times and it kills close to half a day each time. Unfortunately I use many apps that are only available for Windows (current app versions for WIN10) so changing to Linux seems not to be an option though I have wondered if running Windows under Linux would be able to contain the constant updates problem. Also a lot of the time my computer is running at 35% cpu, sometimes 100% disk, without any of my apps started.
It seems MS does pretty much what it likes and takes over machines without a care in the world. I wonder if any one has thought about a users class action against MS as a way to get them to take notice?
1 user thanked author for this post.
@srj I am voting with my feet, as they call it over here; meening: I will travel with Linux Mint Cinnamon as companion this summer; not as much programs as at home, though reliable.If necessary I will have to buy a large SSD to run W10 (free HA!!) in virtual mode; W10 is not reliable anymore.
Regards fred
* _ the metaverse is poisonous _ *1 user thanked author for this post.
Viewing 33 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Dribble?
by 1 hour, 18 minutes ago
-
Allow defenderbootstrapper.exe to phone home?
by 3 hours, 33 minutes ago
-
KB 5022836 will not install
by 16 hours, 20 minutes ago
-
Windows 11 desktop for Windows 10 user
by 1 hour, 11 minutes ago
-
GNOME 44 ‘Kuala Lumpur’ released
by 21 hours, 6 minutes ago
-
Emotet adopts Microsoft OneNote attachments
by 21 hours, 15 minutes ago
-
US : The Spy Law That Big Tech Wants to Limit
by 6 hours, 20 minutes ago
-
Ferrari confirms customer data breached following ransomware attack
by 22 hours, 2 minutes ago
-
Outlook bookmarks redirects to a different location, Help!
by 23 hours, 39 minutes ago
-
Should I go to win11?
by 34 minutes ago
-
The Framework Laptop – Fully Modular
by 1 day, 5 hours ago
-
Windows Snipping Tool is vulnerable to Acropalypse too.
by 23 hours, 13 minutes ago
-
Pale Moon updates
by 1 day, 8 hours ago
-
“Local Security Authority protection is off.” with persistent restart
by 21 hours, 45 minutes ago
-
Self-encrypting drive setup on Linux
by 1 day, 9 hours ago
-
Windows 11 Moments and local account setup
by 3 hours, 20 minutes ago
-
Older versions of Roboform
by 1 hour, 5 minutes ago
-
Long string filenames
by 1 day, 14 hours ago
-
Windows 11 Build 22621.1483 released to Release Preview
by 1 day, 17 hours ago
-
Will adding RAM to re-purposed PCs trigger activation again?
by 3 hours, 24 minutes ago
-
Digital Photography Review to close
by 1 day, 5 hours ago
-
Dish Network Hacked
by 21 hours, 9 minutes ago
-
NewQ 16-in-1 USB C/TB4 Docking Station
by 1 day, 22 hours ago
-
Is Office 2007 compromised by Windows 10?
by 1 day, 6 hours ago
-
ZippyShare to shut down at end of month
by 2 days, 2 hours ago
-
Odd monitor issue since last update…
by 2 days, 17 hours ago
-
Powershell
by 1 day, 17 hours ago
-
M1 Pro MacBook Pro running Parallels and Windows 11 on ARM
by 2 days, 4 hours ago
-
Make Google Maps Android full screen (without overlays)
by 1 day, 2 hours ago
-
How do I most easily see replies made to posts rather than to the topic?
by 19 hours, 21 minutes ago
