• Must read: The connection between GWX’s 3035583 and 2952664

    Home » Forums » Newsletter and Homepage topics » Must read: The connection between GWX’s 3035583 and 2952664


    Excellent detective work by Andrew Orlowski at The Register.
    [See the full post at: Must read: The connection between GWX’s 3035583 and 2952664]

    Viewing 20 reply threads
    • #45852

      Wow….”How Microsoft copied malware techniques…”

      What more need be said?

    • #45853

      Yep. That’s stating the obvious, to a first approximation anyway, far as I’m concerned.

      What wasn’t obvious (at least to me) is the complicity of KB 2952664.

      BTW, the discussion between Mary Jo, Paul and Leo in this week’s Windows Weekly is absolutely right-on.

    • #45854

      Right on in what way?

      To me it sounded like they were advocating the position that user error was responsible for unintended Win 10 installations.

    • #45855

      They talked about the interaction between the two KBs – and gave a long list of changes….

      (Don’t think they said user error was responsible… I’ll have to go back and read it.)

    • #45856

      I’ve been using the term “GWX Virus” for a while. Nice to see an article explaining what this menace does. Now I’m hoping that Mr. Orlowski will do some research into the Cortana Virus.

    • #45857

      I think Eric was referring to the Windows Weekly discussion, and I also got the impression from that that Paul and Mary Jo thought it was at least *possible* that it was mostly (if not entirely) a “user error” thing, albeit against a background where MSFT was setting things up to make those kinds of “errors” easy to inadvertently make.

    • #45858

      I’ve said here before that Microsoft has become the single greatest threat to the security and integrity of my Windows 7 systems. It’s my opinion that Orlowski’s work tends to support my position.

    • #45859

      Ah, now that is true. In the end, I think Paul and Mary Jo (and Leo!) decided that it’s just, simply, impossible to tell if somebody clicked something – even three or six months ago. If I hadn’t seen it myself, I wouldn’t have believed it. And it’s important to remember that Win10 did NOT install on my VM. It failed to install (although I did nothing to bring it on).

    • #45860

      Wow just… wow. I’ve been using the phrase ‘malware distributor’ to describe microsoft for a while now and i’m not entirely sure i’m happy to get confirmation. I had to use powershell commands to strip out the various instances of package_2952664. I’m sure it’s still lurking in the registry though.

      The windows weekly cast was also extremely interesting to watch – their initial scepticism turning to outright horror over what microsoft have been up to. They weren’t very clued up on Josh Mayfield’s gwx control panel though, not realising that it does a lot more than what they thought it did. Speaking of… Josh deserves some sort of humanitarian award for making that, or at least lots of free beers, please buy him lots of beers when you see him.

    • #45861

      That’s correct…it was the video presentation that left that impression. Makes me wonder if they hang out at sevenforums…

    • #45862

      Frankly, I must admit I was not very surprised by the article in the “Register” as I felt GWX was behaving very much like malware. If it walks like a duck; it’s a duck! I really feel disappointed at MS resorting to tactics like these even if they can get away with it. Just because you think you can get away with doing something does not make doing it right. There has to be some moral center of gravity to guide one’s behavior. That said, I have been skeptical regarding the wisdom of installing the March IE11 cumulative security update (KB3139929) because of the possibility of opening up a “new vector” in the GWX assault games. I know you have recommended we hold our nose and install the update but does this new info change your opinion in any way. The apparent new propensity of MS to abuse security updates with potential nagware additions is very troubling in my opinion.

    • #45863

      I’ve never met Josh face-to-face. (I’m something of a recluse.) But I’m going back to his site and making another donation. No telling how much time he’s put into GWX Control Panel. It’s a tremendous product.

    • #45864

      Or a donation! Of course. I shall do that promptly, thanks for the reminder.

    • #45865

      He’s earned it.

    • #45866

      Excellent find Woody! I knew about the inter-relation between the 2 patches as KB2952664 is a pre-requisite for the Windows 10 upgrade adware according to the official documentation which I found generally accurate but difficult to be understood in the finest detail which may be this way on purpose. What I didn’t realise though was how a newer version of KB2952664 reinstalls KB3035583 although we fully understood here how KB2952664 changes every time to avoid being hidden/blocked by the user. KB3035583 does not change.
      I think the article over-reacts in recommending dangerous procedures for the deletion of the CBS registry keys which is extremely dangerous and can mess up the whole Windows Update mechanism. I do all the time registry changes in professional setting, many undocumented but time tested, however CBS is one of the areas where the end-user or system administrator should not interfere directly, but by using Microsoft’s APIs and commands like dism.exe, pkmgr.exe, wusa.exe when the normal uninstallation procedures from Control Panel fail.
      I still think Josh’s approach for blocking GWX is the correct one making it easy for everyone to implement fully supported and documented functionality.

    • #45867

      (GWX Control Panel) ‘It’s a tremendous product.’
      Guaranteed it is. Next move, Microsoft acquires it for an undisclosed amount and discontinues it 🙂

    • #45868

      I’m not recommending that people zap their registry keys. But it is an interesting observation….

    • #45869

      It is not you Woody, it is The Register.

    • #45870

      This is what The Register says:
      Unless the user gets rid of ALL of the “Get Windows 10” system updates and its helpers, the GWX popup will persist. These are:

      ALL registry entries for KB2952664 and
      (optionally) KB3035583

    • #45871

      I hope this whole disaster goes away when we hit July 30. After all, if people have to pay for it, and Microsoft still force-push it, there could be some lawsuits coming.

      (Sadly, I still think at that point Microsoft will just extend the free period for either another 12 months or will just make upgrades free forever and we’ll be stuck in this hell forever.)

    • #45872

      I have had it with Microsoft. When my Vista is no longer supported early next year I am going to purchase an Apple Computer. I know I will need to reconfigure all my files to Apple’s format, but it will be worth it.

    Viewing 20 reply threads
    Reply To: Must read: The connection between GWX’s 3035583 and 2952664

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: