News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

    Home Forums AskWoody blog MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

    Viewing 14 reply threads
    • Author
      Posts
      • #323774 Reply
        woody
        Da Boss

        Tomorrow’s Patch Tuesday so that means today is… Block Monday. As in blockhead. Don’t be one. Make sure you have Automatic Update well and thoroughl
        [See the full post at: MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked]

        9 users thanked author for this post.
      • #324155 Reply
        Mr. Natural
        AskWoody Plus

        By golly, I think Woody has come up with new terminology. Block Monday. Or maybe Blockhead Monday…….. yeah!  🙂

        Red Ruffnsore reporting from the front lines.

        5 users thanked author for this post.
      • #324181 Reply
        WildBill
        AskWoody Plus

        It’s Block Monday… & Blockhead Tuesday for those willing to let Microsoft update their machines automatically. Love the Johnny Carson/Carnac reference, Woody! Very appropriate for Win10 Home…

        Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V2004. As long as it's a Lot Less Buggy!
        Wild Bill Rides Again...

        1 user thanked author for this post.
      • #324241 Reply
        b
        AskWoody Plus

        The current beta test version of the next (“19H1” or “1903”) version of Win10 Home includes the ability to Pause updates for seven days. … that’s basically useless.

        I have a sneaking suspicion that if/when this arrives with 1903 for non-Insiders in a couple of months it will be for 35 days (and therefore not nearly so useless).

        Because all Insider rings (even Release Preview) for any edition can only pause updates for seven days.

        2 users thanked author for this post.
        • #324308 Reply
          Microfix
          AskWoody MVP

          IMO It makes no sense delaying updates in a preview/ insider ring, it’s what people opted in for..beta testing!
          OTOH this could well be a trial which may be removed completely.
          As for the 35 day grace period/ pause once RTM, I’ll believe it when I see it.

          | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
        • #324414 Reply
          NetDef
          AskWoody_MVP

          My peers here are betting it will be 30 days, and in the same UI as Pro where you can defer updates and feature upgrades, just minus the feature upgrade control.

          Crossing our fingers . . .

          ~ Group "Weekend" ~

        • #324471 Reply
          woody
          Da Boss

          Man, I hope you and NetDef are right.

          I’ve been watching closely to see if the beta builds get modified…

          Oh, somewhere in this favored land the sun is shining bright; 
          The band is playing somewhere, and somewhere hearts are light,
          And somewhere men are laughing, and little children shout; 
          But there is no joy in Mudville- mighty Casey has struck out. 

          2 users thanked author for this post.
      • #324267 Reply
        PKCano
        Da Boss

        If I’m not mistaken (and I very well could be), Pause is useless because….

        At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.

        2 users thanked author for this post.
        • #324305 Reply
          b
          AskWoody Plus

          Why does that make Pause useless? That’s what Woody is advising everyone to do every month; pause for a few weeks, unpause and update last month’s, then re-pause before the next month’s patch day.

          • #324310 Reply
            PKCano
            Da Boss

            Does Woody recommend “Pause“?

            • #324349 Reply
              b
              AskWoody Plus

              No, pause.

              • #324366 Reply
                PKCano
                Da Boss

                I see his recommendation for “deferral” but not for “pause.” As I read it, he says:

                All of which makes Win10 Home “Pause updates” a really nifty marketing setting (“Look! You can pause updates in Win10 Home!”) that’s basically useless. Unless you’re Carnac the Magnificent.

              • #324406 Reply
                b
                AskWoody Plus

                It appears that for complete clarity I should have said, “In effect…”, but I was hoping that the “every month” would have been a hint as we’re discussing an unreleased feature here (as far as Home users are concerned).

            • #324393 Reply
              Kirsty
              Da Boss

              Does Woody recommend “Pause“?

              To quote Woody (3rd. Ed, Windows 10 All-in-One, p. 619):

              “Don’t move the slider marked Pause Updates unless you absolutely have no other way to keep Windows Update’s filthy hands off your machine.”

              1 user thanked author for this post.
              • #324413 Reply
                b
                AskWoody Plus

                Slider? Can’t be for Home users as they’ve never had one.

                1 user thanked author for this post.
              • #324472 Reply
                woody
                Da Boss

                Yeah, I was working under something of a handicap at that point. Writing for version 1803….

        • #324415 Reply
          Chronocidal Guy
          AskWoody Lounger

          If I’m not mistaken (and I very well could be), Pause is useless because…. At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.

          A key question about the “Pause” functionality.. how does it apply to current updates in the queue?

          Is this a case of “I’m going to wait and not download any updates for 7 days”, or is it going to say “I’m going to download everything, and then not install for 7 days”?

          The first is great to avoid potentially bad patches, but the second could potentially have you install broken updates even if they’ve already been pulled from release in that 7 day period.

          Either way, now I can’t shake the image of hitting the “Pause” button, and immediately getting a phone call with a creepy voice saying “Sevennn daaayyyssss…”

          • #324462 Reply
            b
            AskWoody Plus

            A key question about the “Pause” functionality.. how does it apply to current updates in the queue?

            Is this a case of “I’m going to wait and not download any updates for 7 days”,

            Yes:

            If you’re using Windows 10 Pro or Windows 10 Enterprise, you can choose to temporarily pause updates from being downloaded and installed:

            Pause updates in Windows 10

            1 user thanked author for this post.
          • #324477 Reply
            NetDef
            AskWoody_MVP

            Disclaimer, we are talking about a feature that’s not yet final, is on Insider builds only, and may or may not change or be yanked.  Given the nature of Insider builds, the seven day pause may be increased on general release.  Or not.

            Here’s the way it’s supposed to work.

            When you hit pause (for seven days):

            All pending updates that have not yet been installed are stopped.

            All released updates that come out during the seven day period are ignored.  They are not downloaded, nor presented to you. (Unless you are a seeker . . .)

            If you are a seeker, which means you manually click the check for updates button – we think you just might get more than you thought you were asking for – but that’s not been confirmed on the pause feature yet. (I plan to try to test this tomorrow!)

            Once the pause expires, on this new model (not to be confused with the old deferral setting in Windows 10 Pro) the system is supposed to do the following:

            1) Re-run a live online check for updates – this means that if MS yanked a bad patch from WU during your pause; you won’t see it at all.

            2) Install all pending updates found that you have not received since the pause (minus the ones MS yanked, see above.)

            And that’s the “simple” explanation . . .

             

            ~ Group "Weekend" ~

            2 users thanked author for this post.
      • #324307 Reply
        Morty
        AskWoody Plus

        Oy. As we speak, I’m backing up my other (Win7) computer to make it safe to update.

        I tried to back it up last week, but I broke my old backup drive and had to buy a new one.

        Can I still safely get the January updates?

        • #324312 Reply
          PKCano
          Da Boss

          Yes, Jan updates are still available.

          1 user thanked author for this post.
        • #324316 Reply
          Microfix
          AskWoody MVP

          Yes you should be able to get the January updates required within the next 23 hours AFAIK

          | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
          1 user thanked author for this post.
      • #324313 Reply
        Noel Carboni
        AskWoody_MVP

        Heh, and here I just put the January updates in for Windows 10 v1809 this morning. All’s well so far.

        ScreenGrab_CarboniPC_2019_02_11_124611_491

        -Noel

        Attachments:
        1 user thanked author for this post.
        • #325339 Reply
          mn–
          AskWoody Lounger

          Although, I’m fairly sure 17763.292 is having memory management problems.

          I’ve seen loss of all graphics output when there’s a low-memory condition on that build version, which is sort of nasty… not getting graphics back either even after going back and freeing memory (killing processes) by remote.

          I mean, sheesh, I’ve heard Microsoft loves Linux these days, but I could’ve done without this particular failure mode… computer running but no graphics output… especially as it doesn’t look like we got text-mode virtual consoles either.

          Would be nice to get a fix for that in this week’s updates. (And the Access file format problem too, but no one cares about Edge much…)

      • #324317 Reply
        Susan Bradley
        AskWoody MVP

        BUT they then have the ability to pull off an update from the WU servers.  7 days is actually a good pause time.  By Friday of the dead body week, we know if there are dead bodies.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
        • #324478 Reply
          woody
          Da Boss

          That’s true for the spectacular bugs.

          The other ones can crawl around for a bit before they’re identified… but you’re probably right in that the number of bugs that appear between 7 days and 15 days isn’t great.

          Assuming MS yanks the patches. They don’t always do that.

      • #324336 Reply
        Morty
        AskWoody Plus

        Thank you all.

        Just checked. The backup and system image is about halfway done. Started around 9:30 this morning. It’s 1:53 now. … Waiting and praying.

        1 user thanked author for this post.
      • #324479 Reply
        Geo
        AskWoody Lounger

        Normally I use ” check for up dates but let me choose”  This time  I’ll be setting it to ” Don’t check” because of Microsoft’s  insistence on trying to force you to update Silverlight  even when you try to hide it.  It comes back everyday.

        • #324643 Reply
          b
          AskWoody Plus

          Even if you uninstall Silverlight?

          • #324705 Reply
            Geo
            AskWoody Lounger

            Yes, I uninstalled Silverlight but still get unchecked updates daily.  I keep trying to hide it.

          • #324756 Reply
            PaulK
            AskWoody Lounger

            Even when Silverlight has been removed, apparently there is/are trace/s in the computer. There are a dozen or more updates that Windows will attempt to download. If you look at each one offered you will see that the KB numbers are different. Just keep hiding them; once the queue has regressed to the oldest one, they will stop being offered.
            Except: I just did a new Updates test, and KB4481252, for the new Japanese calendar eras, was offered. Hid it.

      • #324653 Reply
        KarenS
        AskWoody Lounger

        May I ask where we stand on the outstanding January Office updates (KB2553332 – Security office 2010, KB44461623 – Security Outlook 2010, KB44461625 – Security Word 2010, KB4462157 – Update Office 2010 and of course the “unchecked” KB4461614 – Security office 2010. Are some or all safe to install or should I wait? I now have the February updates which are unchecked as well but I know we are still in wait mode for those. Thanks for your advice in advance.

        • #324703 Reply
          PKCano
          Da Boss

          I hid KB4462157 and KB4461614. I installed the rest of Jan 2010 updates. That is not a recommendation, but only what I did personally. I’ll probably pull those two out when MS gets the Japanese calendar thing sorted out (if they are not superceded by then).

          1 user thanked author for this post.
      • #324696 Reply
        BobT
        AskWoody Lounger

        Bwahahahah, you guys on 10 actually accept someone telling you what to do in your own house with your own equipment?

        I mean what the heck is this c***, really?:

        “You can only Pause once, and only for seven days
        You can’t Pause again without accepting all backed-up updates in the interim”

        Why is it not YOUR decision, are you not the admin? The customer? Did you pay for this OS at all? If yes, then why is this ok?

        • #324807 Reply
          joep517
          AskWoody MVP

          You have purchased a license to use Windows according to the terms of use. You agreed to the terms of use. If you don’t like switch to a different Windows SKU or a different OS platform.

          --Joe

        • #325081 Reply
          warrenrumak
          AskWoody Plus

          None of us really happy about this whole “Pause” situation….. but it’s built this way to avoid machines getting significantly out of date.

          Out-of-date machines are the #1 largest contributor to botnets.  It’s vanishing rare on machines that are 1-2 weeks behind the bleeding edge of patches, but after 6 weeks or so, you’re really starting to take unnecessary risks.

          If you’re really concerned about “your equipment”, then you do need to keep up with the fixes.  All the machismo in the world along the lines of “I don’t need updates, I know how to protect myself!” won’t help f an attack uses a novel vector you aren’t watching out for, such as web fonts, an exploit on your ISP-provided router / switching equipment, or DNS hijacking.  Attacks take some time to be developed and get into circulation in an automated fashion, but they do get out there eventually.

           

          1 user thanked author for this post.
          b
      • #324700 Reply
        abbodi86
        AskWoody_MVP

        It seems ver 1809 Cumulative Update for this month can be fetched early with Media Creation Tool

        17763.316 (KB4487044)

        1 user thanked author for this post.
        • #325251 Reply
          woody
          Da Boss

          Interesting. I wonder why. Maybe somebody just jumped the gun?

      • #324838 Reply
        OscarCP
        AskWoody Plus

        Is it better to wait always (unless there is something that clearly requires urgent action) until after the third Tuesday following Patch Tuesday, in case off-band patches (such as patches to patches), come out and to give MS time to pull out some buggy ones?

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        • #324865 Reply
          anonymous
          Guest

          It is best for each individual to follow their own council after consulting the advisors they trust. But if you are seeking to define yet another argument in support of the MS-DEFCON system used here, that is one of the good reasons for waiting, yes. Woody’s own case can be read here: https://www.askwoody.com/ms-defcon-system/

          3 users thanked author for this post.
      • #336844 Reply
        ram5thwheel
        AskWoody Plus

        I have all of my update settings as per recommendation and this morning I noticed that KB4487044 somehow got pushed to my PC and it is now waiting for me to schedule or restart my computer to finalize the patch.  Not quite sure why it ran the patch as I have been avoiding hitting the “Update Now” button until the MS-DEFCON status was changed.

        A share all of the frustration with fellow Windows users as to the method of updating.

        ram5thwheel

    Viewing 14 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel