• New directions for Win 7 and 8.1 patching

    Home » Forums » Newsletter and Homepage topics » New directions for Win 7 and 8.1 patching


    I think it’s time to re-evaluate the “Group A” and “Group B” instructions for updating Windows 7 and 8.1. It’s been one year since Microsoft announced
    [See the full post at: New directions for Win 7 and 8.1 patching]

    6 users thanked author for this post.
    Viewing 76 reply threads
    • #138998

      My view is that Group A and Group B are still fine to use but that the existing instructions need to be modified. Basically, every update in Windows Update needs to be either installed or hidden (at least temporarily). For the reasons why, please see this post.

      Here is an outline of my unofficial recommendations for new instructions for Group A and Group B:

      1. Get your settings right. See existing Group A or Group B instructions for the settings to use.
      2. If you’re in Group B, then download the updates from the Group B update list that you haven’t installed yet. You need only one Cumulative Update for Internet Explorer because it’s cumulative.
      3. If you’re in Group B, then install the updates that you downloaded in step 2.
      4. If you’re in Group B, then if the system asks whether to restart the computer, then choose to restart the computer.
      5. Click “Check for updates” in Windows Update.
      6. The goal of this step is to hide all updates that you don’t intend to install today. On the Important tab, hide updates that are unticked by default. On the Important tab, hide updates that Woody has declared are problematic. On the Optional tab, hide all updates. If you are in Group B, then hide updates on the Important tab with “Security Monthly Quality Rollup for Windows” in the title.
      7. If you hid any updates the last time you did step 6, then go to step 5.
      8. Unhide hidden updates that you intend to install today.
      9. If you unhid any updates the last time you did step 8, then go to either step 5 (if the system did not start an update check the last time you unhid updates in step 8) or step 6 (if the system started an update check the last time you unhid updates in step 8).
      10. If you see message “Windows is up to date. There are no updates available for your computer” then go to step 14.
      11. Install Windows updates.
      12. If the system asks whether to restart the computer, then choose to restart the computer.
      13. Go to step 5.
      14. Close Windows Update.

      Note: To save time, you may wish to consider using Windows Update MiniTool (download) to hide and unhide updates in one pass. If you choose to do this, then instead of doing steps 5-9, close Windows Update, then use Windows Update MiniTool with checkbox “Include superseded” ticked to hide and unhide updates, then close Windows Update MiniTool, then go to step 5.

      • #139023

        @MrBrian, thanks for the concise overviews.

        This appears to very nearly be a roll-up of the various articles from January 2017 on how to install Windows 7 from scratch, or might it be about that time to formally revisit the procedure, consolidating everything into one article (and perhaps doing the same for Windows 8.1, as well)?

        1 user thanked author for this post.
        • #139094

          The install Windows 7 from scratch article indeed probably needs to be modified.

          5 users thanked author for this post.
        • #139108

          Over a week ago I said the same thing here, along with some other observations.

          What worked for a Clean install for Group B in the past has now become a nightmare. I still haven’t come up with a procedure to replace my suggested Clean Install method. And it needs replacing.

          3 users thanked author for this post.
          • #139152

            Thank you @PKCano!

            Somehow I missed that topic altogether, along with your excellent comprehensive three-part overview.

            And just to make things even more challenging, although the site is back up, my subscriptions are not (according to @Kirsty, this seems to be an issue for those of us fortunate enough to have Outlook.com [Hotmail] addresses; pity that M$ saw fit to “improve” it, starting about two years ago…). Sigh.

            • #139157

              It’s broken for me, too, and I have an @AskWoody.com email address!

              3 users thanked author for this post.
            • #139549

              It appears as if both email notifications of topic activity, and email notifications of Direct Messages, are broken.

              We’re workin’ on it. Sigh.

              2 users thanked author for this post.
          • #139194

            I have not checked all your “missing” updates on MS Catalog Update, but those I did check were all from before October 2016, i.e., before there were “Security Only Quality Updates”.

            I did a clean install about six months ago with Windows Update by installing the latest Servicing Stack update, repeatedly hiding the ‘Rollups” until there were none left, and then installing all the patches marked “security” from September 2016 and earlier. It was time-consuming, but not difficult. Then I used the Update Catalog to install the SOQUs. Again, time-consuming, but not difficult.

            May I suggest that:

            1. It is still possible to do a clean install Group B style, and

            2. Group B people aren’t missing security patches, after all


            • #139199
              1 user thanked author for this post.
            • #139201

              I read skimmed through your three part article before I made my post (the “missing” updates I referred to were the ones mentioned in that article). Maybe I missed something?


            • #139231

              Let me clarify that the ”missing updates”, some of which I checked, were these:

              Of the original list of updates that Group B was “missing” by not hiding the Monthly Rollups, “final important updates list” still had these “missing” updates.
              2676562 Security
              3005607 Security
              3033929 Security
              3123479 Security
              3138962 Security
              3149090 Security
              3168965 Security
              2868116 Win Update
              3021917 Win Update
              3118401 Win Update


              1 user thanked author for this post.
            • #139308

              “I did a clean install about six months ago with Windows Update by installing the latest Servicing Stack update, repeatedly hiding the ‘Rollups” until there were none left, and then installing all the patches marked “security” from September 2016 and earlier. It was time-consuming, but not difficult.”

              The reason you weren’t missing any updates is because you hid all of the Windows monthly rollups, which is what I suggest that Group B users ought to do.

              5 users thanked author for this post.
      • #139334

        WSUS offline http://download.wsusoffline.net

      • #142155

        Windows Update MiniTool has a setting called “Automatic Updates” that can be confusing. I recommend to not change it from default. List item “Automatically” is poorly named and wrongly documented at https://wumt.blogspot.com/ in my opinion; its real meaning seems to be “This setting is managed by me in Windows Update settings, not by group policy.” This setting sets this group policy. If in doubt, home users probably should use “Automatically”.

        1 user thanked author for this post.
      • #178703
        2 users thanked author for this post.
    • #139000

      For those interested in why every update in Windows Update needs to be either installed or hidden (at least temporarily), here are the two reasons.

      Here are two related topics:

      Group B – Win7/8.1 “Missing” updates, Hiding Rollups, Security-only patches

      Group A (Win 7 and 8.1) might be missing updates if don’t hide unwanted updates

      6 users thanked author for this post.
    • #139006

      I’m Win7 Home Premium 64-bit, and a Group B guy, and I have a non-computer-savvy friend (also Win7 Home Premium 64-bit) who I guide through the Group B process each month, and it really hasn’t been what I’d call difficult or overly complicated — and MrBrian’s post makes it sound a little more complicated than what I do, because I typically don’t hide anything, or use the mini-tool, and I haven’t found it necessary to “get my settings right” each month, because Windows hasn’t been messing with them.

      My process is:

      1. Download the two msu files for the Security-Only Win7 and IE11 updates, and then run each (rebooting after each).

      2. Pull up Windows Update and uncheck the big rollup, and uncheck any other updates that Woody’s flagged as problematic. For me, there haven’t been any of the latter in a while, other than one bad Outlook update and good old KB3138612, which I uncheck each month rather than hiding, probably for no good reason (and I did hide quite a few GWX-related updates back when they were running wild.)

      So… if the Windows Update list stays the same between now and Woody’s all-clear for the October updates, I’ll end up running four Office 2010 updates (2 for Office, 1 for Outlook, 1 for Word) and the Malicious Software Removal Tool as part of the Windows Update process (after first running the two msu’s).

      ADDED: I see it’s possible I’ve missed out on some desirable updates by not hiding those monthly roll-ups, so I guess I’ll add that step to the process (rather than just unchecking it) from here on.

      7 users thanked author for this post.
      • #139048

        Always hide, instead of unchecking updates which you do not want. And never install new updates without FIRST checking if the new update KB number is the SAME as an already hidden update. Why? Because Microsoft has a penchant for releasing new “flavors” of the SAME hidden update. These new “flavors” of the same hidden update KB number WILL NOT be automatically hidden. Yep, Microsoft continues to try to force new flavors of telemetry updates down the throats of all Group B people. This is beyond shameful, and it is all related to Microsoft’s desire to surpass Google as the #1 advertising revenue stream. Hmm…Microsoft tried the same thing in the cell phone industry. It took Microsoft years to finally realize that you can’t force your way into an industry which has many competitors who were and are way ahead of Microsoft. Actually, I am quite certain that Microsoft realized this rather early on, yet they kept praying on a fictional horse named Miracle to eventually reach the finish line. The delusional business sense of Microsoft is only exceeded by the auto company which the US government bailed out twice. I don’t recall that auto company’s name. I think it started with the letter C?

      • #139245

        This is basically what I do too.  Group B. I read woody’s forum to see if anything is very bad. If not, then after a week or 10 days I get the Cumulative IE11 and Win 7 security only updates from the catalog,  a security only for dot Net if needed for my version of dot Net used, and then install. Afterwards I install the MSRT for good measure and then hide everything offered to have “zero updates available”.  This has worked fine for the last year. Everything just works. It is not that hard, just look for the security only for your OS, download and install (Group B). I don’t check settings or run a mini tool either. For Group A people, all I can say is install and then use Spybot Anti-Beacon.


        2 users thanked author for this post.
    • #139024

      I repeated the hide, rescan experiment & got the same results as before.  Essentially replicating the experiment.

      Six important updates available.
      4041693 – Oct.Rollup
      4049179 – Adobe flash security update
      3172729 – MS16-100: Description of the security update for Secure Boot (080816-security update for W8.1×64).  This is the one that duped, so the second failed.  Had I paid better attention it might’ve disappeard like the dupes in GWX did.  Still strange that it occurred in the offered list & not from hiding.
      3034348 – “Access denied” error when you use a Windows Store app to configure printer property settings in Windows (111015-update for W8.1×64)
      3044374 – Update that enables you to upgrade from Windows 8.1 to Windows 10 (081115-update for W8.1×64)
      890830 – MSRT

      Hidden blank again, the rollups & IE’s that I missed from Aug & Sep are all gone.

      Rehide just the non-essentials from the six.  Keeping adobe & MSRT, rescan…it gave me back 4038792 (2017-09 Security Monthly Quality rollup for windows 8.1 for x64 based systems.  Hid it, rescanned.

      2017-08 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4034681) showed up, hid it, rescanned.

      2017-07 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4025336) showed up, hid it, rescanned.

      2017-06 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4022726) showed up, hid it, rescanned.

      2017-05 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4019215) showed up, hid it, rescanned.

      April, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4015550) showed up, hid it, rescanned.

      March, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4012216) showed up.
      So did these two: 3162835 (non-security June 2016 DST and time zone update) & 3182203 (non-security September 2016 time zone change for Novosibirsk).
      Hid all three & rescanned.

      December, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3205401) showed up & three more non-security updates: 3148851 (time-zone-changes-for-russia), 3153731 (may-2016-dst-update-for-azerbaijan–chile–haiti–and-morocco), 3177723 (2016-egypt-cancels-dst).
      Hid all four & rescanned.

      November, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3197874) showed up, hid it, rescanned.

      October, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3185331) showed up, hid it, rescanned.

      Cumulative Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB3185319-091216) showed up, hid it, rescanned.

      Cumulative Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB3175443-080816) showed up, hid it, rescanned.

      4049179 Adobe & 890830 MSRT are the only two left, so for grins I hid them & rescanned.
      Your PC is up to date.

      Restarted laptop, hidden updates still at 23, nothing disappeared like it did once before (not sure why).  Checked for updates & it said my PC is up to date.  I restored the adobe & MSRT & the count went back to 2 important updates.

      Here is the screenshot of the 20 hidden updates list dated 101117 because the results were identical minus the october rollup.

      I don’t think I’m going to get any more.  There is the slight possibility that something out of the ordinary might show up.  I’m not banking on it.

      These are the same results I had the last time I ran this test.  Both times nothing was presented that I had any use for as a group B adherant.

      For Win8.1 it’s still a quick process for me to run the windows update scan from the action center.  Install the typical two or three security only updates (adobe, MSRT, .NET or servicing stack).  Then install the catalog security only & IE updates.  So easy even a cave man can do it.  Proof that group B is still quite viable from a laymans perspective.

      My conclusion is that it is perhaps premature to consider group B unviable.  With respect to Mr.Brian, he is the only one it would seem that has called for this alteration.  PKCano was the only other person I saw that ran the same test.  So the idea of “many others” eludes me.  Like I said, the hiding revealed nothing critical.

      Maybe I’m thrown off by the clean install business.  I haven’t done that on this machine yet.  For those of us that have kept up with updates without a clean install, this might be a non-issue, shrugs.

      Maybe get a few more MVP’s to try it & compare the results in a staff forum & report the results if needbe to the rest of the membership & guests.

      Those are my two cents on the matter.  I’ll most likely continue with what I do from a group B standpoint regardless.

      Win 8.1 (home & pro) Group B, Linux Dabbler

      4 users thanked author for this post.
    • #139027

      I’ve made practice of the following and have wonderfully stable Windows systems, which are powerful, productive, fully under my control, and quite private…

      • I normally install, after a delay of weeks and sometimes months, all patches offered, except for a VERY few that I’ve overtly hidden. So far, other than a few very bad things like GWX that I’ve chosen to hide, it seems that this “install all updates available at a well timed and planned moment” strategy is workable at keeping my Windows 7 and 8.1 systems running smoothly. They run today as efficiently and reliably as years ago when I installed them.
      • I have instituted security measures beyond the typical norm, including DNS blacklisting, restrictions on what browsers are allowed to do, setting up an outgoing deny-by-default firewall configuration, among others… Lo and behold besides keeping badware out, these measures also help me keep my systems from spilling their beans to anyone out there trying to take my data AND from being updated at any time except for when I say so.
      • I maintain several virtual machines via VMware Workstation on which I test patches before I roll them out to my hardware systems. These test VMs are set up similarly to my actual hardware systems, and so far they’ve been good at helping me verify that patches don’t interrupt my workflow.

      I mention these things because I can say beyond a shadow of a doubt based on my experience that it’s COMPLETELY POSSIBLE to have one’s older system remain under strict control, and to be up to date with the latest patches, yet still be functional and fun. Plus, I honestly don’t spend much time maintaining my systems. They just work.

      In short, it’s doable. Keep at it and you’ll get there.


      9 users thanked author for this post.
      • #139253

        NoelC  Hear hear!

        While I do NOT install all patches offered, if it fixes something that I do not have then why? I have about 40 hidden updates on a reimaged “clean install” of win 7. If it is critical then OK, I will wait for days or weeks like NoelC said. If it is optional, I look closely to see if it applies to my setup, programs used or issues. If not, it is hidden. I also use Ad Block Plus, Spybot SD and a Hosts file.

    • #139005

      ? says:

      Glad to hear that group b is still viable. I guess I’ve always been a group b type. I thank my lucky stars we have askwoody and company to sort through all the kb’s as they slide down the chute. Only two years and change to deal with Win7 unless it goes on extended life support like my still ticking XP. I just updated my ubuntu 16.04.1 LTS live usb stick with all the current security patches (180 updates) in the terminal, and “they” said it couldn’t be done. Some day maybe we will have a trustworthy automated patch system. Until then, keep smiling.

    • #139025

      Been group W from day 1 of the “Day when M$ turned to the dark side”

      Since that momentous change I do not trust M$ (and that has been proven as a valid point of view day in, day out, since) and so what I have got is better than what they are giving/shoving down out throats.

      To me, there is no other choice!

      3 users thanked author for this post.
    • #139040

      I always thought Group W wasn’t a good idea to begin with. Just all the stuff you can get through a drive by download. I feel that it shouldn’t have even been an option in the first place. No matter how careful you are, or how safe you think you might be, something can always slip through that could have prevented simply by patching your system.

      I get why people don’t want to install Windows Updates, they can break stuff, they’re loaded with telemetry, and can even block future updates. But security updates are important. But if you don’t install them, then it’s just begging for trouble. On a Windows system, not patching is just too dangerous if you ask me.

      But hey if people want their computer to be vulnerable then it’s their business.

      3 users thanked author for this post.
      • #139046

        I so totally agree. Group W should never have been an option since no AV software can catch everything, and since it has been proven time and time again that all AV software is much more effective if Windows is kept updated. There are tricks out there to completely defeat DEP in undetectable ways, and tricks out there to defeat other installed software which has processes which run every time you boot up your computer.

    • #139047

      About 2 years ago, my Vista laptop began burning up. Turns out Windows Update was constantly searching for updates using almost 100% of my cpu. I set it for “never check for updates”, but then realized I needed to make sure I got updates.

      Up to that time I was fairly oblivious. I turned the computer on for a few hours each day, it did whatever it did, and I did whatever I did. In short, a typical home user.

      I was aware of Patch Tuesday so the first time that came around I googled it and wound up at a MS page of technical bulletins. This was before Rollups, so there would literally be 200 or so listed updates. I slogged through the page and picked out the updates relevant to my system. It was very tedious but not what I would call difficult. I did have to concentrate and pay attention to details. Initially, I was shell-shocked with the number of updates, but it didn’t seem so bad after a while. One evening I would compile a list and download the updates, and the next I would manually install them. Spent a total of maybe 3 to 5 hours a month.

      In April 2016 I bought a new Win 7 laptop and also inherited an older Win 7 desktop. By this time I was aware of this website and also MS snooping. I deleted the suggested updates from the desktop and switched to Group B. On the laptop I installed everything given to me in Windows update when I first turned the machine on except the ones given here at AskWoody regarding snooping, then started doing Group B.

      Yes, I know, that was logically inconsistent; why didn’t I just start doing Group B from the get-go. I’ll admit, I don’t have a good reason.

      Anyway, I did for both computers what I had been doing for Vista, except that I had Windows Update on and set for “check for updates but wait for me to OK before downloading and installing”. I did that just to see what it would suggest for updates. Of course, I never did download and install from WU, but rather did it all manually just like with my Vista machine. I unchecked updates in WU and hid them, all to no apparent ill-effect.

      When Rollups came it seemed almost trivial to get the small number of updates, especially after consulting this site and a few others. If you google Patch Tuesday for the current month, any number of sites show up with a rundown of all the KB numbers; I find AskWoody and Martin Brinkman at ghacks to be most useful. I still do all the downloading and installing manually. Usually the checked updates in WU simply go away and are replaced with new ones the next month.

      For me, getting and installing the updates is easy. What I find awful is the uncertainty of whether any given update is going to trash my machine(s) since I would be hard pressed to deal with a BSOD, etc. Since Rollups have appeared, I spend far more time every month sorting through the awful things that are reported, and deciding when the best time for me is to update.

      So, it’s really the complete incompetence of MS that is causing me grief. They have managed to alienate me so much that I will never spend another penny on one of their products. I now have converted my old Vista machine to Ubuntu (I’ve learned enough to be able to do this and overcome my oblivious days), and bought a new iMac. If I’ve missed an update or 2, I no longer care, and if my Win 7 machines go belly-up tonight, … well I don’t care about that either, I’ll just slide over to my other computers. So far, though, my Win 7 machines are still running like new. The shame of it is that I actually enjoy using Win 7, but the price to pay is just too high now, thanks to MS.

      Anyway, that’s how I do it, and to me Group B is still very doable. A side benefit is that at some level I feel like I’m beating NS at their own game by having things done MY way, not theirs.

    • #139051

      “Group B doesn’t work either”  Bummer!  So, if you are going to throw in the towel, and hoist the white flag, this is where we part company.  I will shift into post-MS-Win7-support mode sooner than I had planned:

      1)  I will roll up the drawbridge and stop patching cold;

      2)  I will do a complete system image once a month (doing it once a quarter now);

      3)  I will save personal files to a memory stick at least once per week (already doing this now).

      Yes, I may be exposed;  yes, I may get hacked;  yes, I may even get ransomed.  But if I do, I will have the tools to restore a system no older than 30 days from scratch, and I will lose, at most, a week’s worth of work in my personal files.  Some inconvenience, yes.  But it’s a price I am willing to pay to thumb my nose at the relentless snoops at MS who have forgotten a very basic rule of commerce:  that I am the customer, and that they are supposed to ASK ME what I want, not force things I DON’T want down my throat because they unilaterally and arrogantly decide those things are necessary “to serve our customers better”.

      Something has gone terribly wrong, my friends:  the tail is wagging the dog.  Adam Smith’s notion of a competitive enterprise system (erroneously called a “free” enterprise system – there is nothing “free” about it) assumes many buyers, many sellers, perfect information and rational decision-making.  Market discipline is supposed to result from buyers rewarding sellers who deliver superior products and treat them with respect, and avoiding sellers who don’t.  That gets bad actors to change their tune pretty quick.  The trouble is, the only respect in which the economy we have reflects the premise of a competitive enterprise system is that we are many buyers.  MS is an effective monopoly – how many people are going to abandon Windows for Mac OS or Linux?

      But even there, the premise breaks down, because among buyers are the largely clueless, those who do not act rationally, those who are unwilling to endure hardship or inconvenience to resist a paternalistic company in order to assert an important principle, and many who are susceptible to insidious marketing campaigns which manufacture “needs” they didn’t know they have until a slick ad convinces them they do.  The corporations are smarter than we are, folks – they have successfully undermined the market power of buyers.

      Yeah, I get it:  concerted resistance to MS is a pipe dream.  But I refuse to be defeated, and I will boldly walk my own path.  Wish me luck!  I wish you the same…

      • #139116

        2) I will do a complete system image once a month (doing it once a quarter now);

        Stepping up your backup frequency is a good idea.

        Just FYI, because my systems stay on 24/7, I do system images of my Win 7 and 8.1 systems once a night, along with about 7 different kinds of file backup. External drives are cheeeeeap for the amount of storage you get, and VSS-integrated system image backups actually become incremental – meaning if you back up to the same drive it generally doesn’t take long, except for infrequently when the system decides it needs to do another full copy.

        For example, I have a 2 TB C: volume. Last night’s 2:00 am system image backup to a permanently connected USB 2 (not 3) drive finished at 3:10 am. Only the data I changed during the prior day had to be stored.

        And, even better… If you should need to restore something (via the restoral features in the bootup WinRE, System Restore, or Previous Versions), again courtesy the VSS integration, you have a choice of a number of snapshots to restore.


        That all this integrated backup goodness is being deprecated by Microsoft in the new version of Windows is a travesty.


        2 users thanked author for this post.
    • #139053

      Actually, there are just a few things to consider to make any Windows system secure and ‘almost’ private, even if not a single Windows update has been applied.

      1) Disable JavaScript (only allow for trusted sites),

      2) block well-known ‘telemetry’ domains (Microsoft offers a lot references to such domains) including http://www.bing.com (!),

      3) sign off of ‘customer experience’ programs,

      4) disable anti-privacy scheduled tasks,

      5) and, finally, do not browse untrusted and junk sites (especially sites cheered by the mainstream media), do not click links without checking the target first, do not download and install junkware, and do not open untrusted files.

      Having above measures in place worked very well in the past and still do today. Agreed, if you’re an I-am-all-in [edited], scratch the above and let others take care of your life.

      1 user thanked author for this post.
    • #139065

      Group B is working fine for this non-techie and I see no reason to change. Thanks to this site.

      Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

      8 users thanked author for this post.
    • #139072

      Although I am somewhat tech-savvy, and was a follower of Group B until recently, I find hiding patches (which ones to hide, unhide) and jumping through hoops to be shades of GWX. My life is too short. So I offer this information for anyone interested.

      Here are the steps I took to move from Group B to Group A, with some additional information I use to reduce telemetry. What I’ve done is basically what @ch100 recommends with the exception that I leave the UNCHECKED optional updates list alone. I DO NOT hide UNCHECKED optionals.

      I switched over to Group A with the September patch set. I can tell you what I did and how I have my computers set up. Understand this is NOT gospel, and I’m certainly not telling anyone this is what they have to do.

      Settings external to Windows Update (to reduce telemetry):
      1. In Action Center\Maintenance\Settings – Windows Error Reporting is set to “Never check for solutions.”
      2. In Action Center\Change Action Center settings\Related settings: CEIP is set to “No” and Problem reporting is set to “No.”
      3. In Administrative Tools\Services – Diagnostics Tracking Service is Disabled. (If is’t not there, it WILL be installed once you start using the Monthly Rollups.)
      4. In Administrative Tools\Task Scheduler\Library\Microsoft\Windows – all tasks under Application Experience, Autochk, and CEIP are Disabled.
      5. Smart Screen Filter is turned OFF in IE11 in Win7/8.1 and on the desktop in Win8.1
      6. Bing is not the default search engine in IE11 and IE11 is not my default browser.

      Windows Update Settings:
      1. CHECKED “Give me recommended updates the same way I receive important updates”
      2. CHECKED “Give me updates for other MS products”
      3. Windows Updates set to “Never” or “Let me choose when to download and install”
      4. ONLY hidden updates are telemetry related: Win7 KB2952664/3150513, 3021917, 3068708, 3080149; Win8.1 KB2976978/KB3150513, KB3044374, KB3068708, KB3080149. Unhide everything else.

      1. Search for updates. If the telemetry patches are not to be installed, check to be sure they are removed (hidden) before installing anything.
      2. For Win7 only, UNCHECK MS .NET Framework 4.7 KB3186497 (reason: the Monthly Rollup for Win7 supplies the D3D Compiler that needs to be installed for .NET 4.7)
      3. Install the patches in the “important updates” list (Monthly Rollup, .NET Rollups, MSRT, IE Flash (Win8.1) .NET4.7 (Win 8.1), Office, etc.). If  “Give me recommended” was NOT checked in the past, there may be a quite a few recommended updates. Reboot.
      4. About 10 min. after login, search for updates. install any important updates, Win7 also install .NET 4.7 KB3186497, reboot.
      5. About 10 min. after login, search for updates. install any important updates, reboot, repeat #5 until there are no important updates.
      6. After the last reboot, wait 30 minutes. Run Disk Cleanup, click “Clean up system files” and be sure “Windows Update Cleanup” is checked
      7. Now in Group A. Monthly – install all after problems have been assessed (DEFCON 3-5) – no pending important updates.


      7 users thanked author for this post.
      • #139129

        @PKCano:  This is waaaaaaaaaaaaaaay over my head,  however my “experiences” with updating have been really “horrendous”.    If I could restore my computer to an earlier time it would be before we were forced to begin to DL & install from the catalog.  This goes back quite a long way.

        In my circumstances (extremely lacking in computer skills), I have no idea how we could by some “miracle” return to the time when it was simple to do  the updating.   However it would be wonderful if we could.   Thank you for all of the information your provide for everyone.   It is sincerely appreciated.    🙂

      • #139140

        I went through your checklist and while I think it does the job much better than most other recommendations on this site I would have few observations.
        I do not recommend disabling the Diagnostic Tracking Service as it may have side effects.
        I find the list of disabled Scheduled Tasks somehow excessive, as most would be not acted on by disabling CEIP. Disabling those tasks is not harmful though, being recommended and supported by optimisation powerhouses for other reasons which are related to performance.
        I believe that 3068708, 3080149 should be left alone as their functionality is likely included in later updates. There may be interdependencies now or in the future related to those updates.

        The question remains for the readers of this site (other than the well-known contributors – MVPs who also provide supporting arguments for their recommendations) which produce their own methods, why do they believe that they know better than a massive corporation designing an operating system and using their product at the same time? One tweak here and there is in order, but beyond that, it all turns into waste of time and non-sense in an engineering sense.

        3 users thanked author for this post.
        • #139151

          I do not recommend disabling the Diagnostic Tracking Service as it may have side effects.

          Out of curiosity, can you expand on what you’re thinking there?

          I haven’t been able to discern, on Win 7 or 8.1, any negative side effects after not only disabling the Diagnostics Tracking Service (years ago), but also disabling scheduled tasks that could seek to re-enable it and blocking specific telemetric communications should it be started… My motto: No half measures; if you’re going to do something, do it thoroughly.

          Well, I guess I HAVE seen some what I’d call positive side effects of my systems doing less unexpected computing and communications on their own and thus having more resources at the ready to do what I need when I need it. 😉


          3 users thanked author for this post.
        • #139697

          What is the purpose of this site if its members are denied the right to maintain their own equipment according to their individual preferences, provided they do so responsibly? What is the point of any debate, if we are supposed to let MS do our thinking for us?

          2 users thanked author for this post.
          • #139705

            Hah after their recent fiasco and attitude, I do not trust them AT ALL to do ANY kind of thinking for me.

            Besides who cares? This is my PERSONAL computer, it should run how ‘I’ want it to, and any consequences or negative would be by my judgement and my responsibility. Microsoft already absolve themselves of literally everything with all their legal BS so it’s not like I’m going to, (or could) sue them by messing my own computer up.

            Sure you can say this may not be a good idea, but “Microsoft knows best” is PROVEN to be NOT fact lately, especially regarding telemetry, GWX, WaaS and the rest.

            1 user thanked author for this post.
      • #139146

        Thank you for sharing your thoughts and choices!

        …I am somewhat tech-savvy…

        This is an important point; the corner of a big concept: The context of the discussion.

        Every approach listed here is necessarily in the context of the user applying (or considering applying) it, to the hardware and software they have, with their skills being what they are, given their computing needs and goals.

        Ceratainly, the things you need from or do with Windows are not the things I need/do. Nor do we all do all we possibly could want to do, if only we knew about those things, and knew how to do them (or had time to do them).

        Extrapolating a bit on that, we often discuss these things in the context of a “generic Windows user (who visits AskWoody.com)” – but when you break it down is it even possible to define “someone that needs Windows for some kinds of computing, on some kind of computer, and has some skills but not others”?

        There’s a P at the front of PC that stands for “Personal”, after all.

        Not only is it going to be impossible for us to discern a “one size fits all” plan for everyone to manage updates, but Microsoft isn’t going to be able to reduce configurability and customizability to zero to turn that PC into a C (with WaaS).

        The best thing is – as PKCano has done here and as Woody has asked – for everyone to share what they have chosen to do, how they have chosen to do it, and what advantages they feel they get from doing it. We all can grow and learn.


        5 users thanked author for this post.
    • #139069

      Group B Is the right way, since I can decide, what I wish to be installed in my PC. But in real, most valuable Is something else. To read askwoody.com and then do/install. Doing this nasty job, understanding diff between rollups and secu.only.rollups IS THAT weapon against M$

    • #139077

      Woody’s 1st question: Is it ever going to be possible for “normal” people – by which I mean people who don’t have time to spend hours every day – to manually download and install all of the patches they need?

      Yes, it’s possible. I’m one of the “normal” people and I don’t have problems with the Group B patching methods that Woody and others kindly shared in (https://askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/). Systematic and simple instructions. AFAIK, the problems/bugs in every month’s update are usually affecting windows programs/functions that advanced win users or app devs (definitely not normal people there) would use. So, even if I installed those buggy patches after Woody gives the green flag, it pretty much didn’t affect my daily work. As long as I’m willing to dedicate a few hours of my free time during the weekends/holidays to look up into askwoody.com to see whether updates are safe or not to install, then I’m always good.

      Woody’s 2nd question is not applicable to me (Group B), so idk 🙂

      p.s. I had stumbled upon this site (http://forum.notebookreview.com/threads/windows7-8-updates-to-hide-to-prevent-windows-10-upgrade-disable-telemetry.780476/) about a year ago to only solve the problem with my machine infected by win10 GWX virus. It seems that now they updated the post about avoiding win updates that has telemetry and other bugs or problems which ofcourse i’d rather lookup from askwoody.com because your instruction are much simpler and easier to understand and do 😉 Go check it out only if you’re interested to learn extra details of certain telemetry updates but never try to follow the instructions provided unless you’re certain yourself that whatever they claim there is legit or not. Once again, just as an extra knowledge for those that are interested (read-only attribute ok?). (Caution: Very long detailed and complicated post. For Group B super enthusiasts only :D).

      2 users thanked author for this post.
    • #139078

      Everyone always talks about getting the updates for IE11. But as someone who never uses IE at all, is there any reason for me to even allow the optional update to IE11 in the first place (on Win7 64)? I never did. (Or, if I did, I uninstalled it, because it was causing problems with Desktop Widgets, but I no longer use those. Point is, it’s still in my list of optional updates.)

      At one point, I would occasionally have to deal with apps starting up IE instead of my default browser. But that time seems to have passed. So my question is, I guess, whether any IE components are used when I’m just using my computer normally, and if I need to worry about patching. I assumed an optional update was just that, optional.

      • #139084

        IE is an integral part of the Windows Operating System. Even if you do not use IE as your browser, other processes in the Windows OS do use it. So, if you do not patch IE, you leave your system open to all it’s vulnerabilities.

        Patching IE is not optional.

        7 users thanked author for this post.
    • #139067

      Woody says, … Now it looks like my old instructions for Group A aren’t going to work any more, either.

      Maybe, it’s by design by M$, ie to push Win 7/8.1 users onto Win 10, even well before their EOL in 2020/2023.

      Remember, M$ are only getting new revenue stream from the sales of Win 10 licenses and/or subscriptions, and are not getting much revenue from the sales of Win 7/8.1 licenses.

      Win 7/8.1 are not as user-friendly anymore because of the complicated updating procedures since Oct 2016, eg see MrBrian’s 1st post above. The main advantage of non-free Windows over free OS like Linux may be gone.
      … Of course, Win 10 is even worse.

    • #139093

      From https://askwoody.com/forums/topic/group-b-win78-1-missing-updates-hiding-rollups-security-only-patches/#post-137004:

      “Question: Is everybody reading this who uses Windows 7 or 8.1 and doesn’t follow my algorithm […] missing applicable updates?

      Answer: Not necessarily. However, I believe I have established that there are scenarios in which those who don’t follow my algorithm […] are missing applicable updates.”


      4 users thanked author for this post.
    • #139095

      A while back I switched from group “B” to group “A” for my two Windows computers (7 and 8.1). I “download but don’t install” updates on each of these machines. When I am ready, I install the updates. Meanwhile, I do periodic backups of each machine, so that I can recover if needed.

      In my opinion, there isn’t much likelihood of a bad update messing something up for a home user, because home users don’t do very much that is out of the ordinary. But if an update messes me up, I can restore the latest backup.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      2 users thanked author for this post.
      • #139123

        Group A from the start.Win 7.  I use the computer for the internet,email and print.  Had my updates set for notify but dont down load.  Any updates related to eastern European and middle east currency changes I hid.  Never had a problem.  In 2020 Ill switch to a Chromebox.

    • #139109

      I don’t think the question is so much “Is Group B still viable?” as “Does Group B still serve any real purpose?”. I say that because at least one of the main reasons people opt for Group B seems to be to avoid telemetry, but given the amount of snooping and feedback-gathering that is going on in society as a whole these days I’m not fully convinced that switching from Group A to Group B on Windows Updates really makes that much of a difference in the overall scheme of things.

      Doubtless there are other reasons people use Group B, and perhaps the first point of discussion about its viability is to establish exactly why people use Group B and the extent to which they feel it’s been a worthwhile option for them thus far.

      Personally, as a Group A user, I feel that the rolling up of most updates into a single one has been pretty successful, given that although there have been a few problematic updates they’ve probably been fewer in number and more easily avoided/removed than back in the days when a good month was one with fewer than a dozen separate updates to research and prioritise!

      My two tips for installing updates under Windows 7 are simply (a) not to rush into it but wait for the dust to settle while checking out sites like this one for information and advice, and (b) install different categories of updates separately – e.g. I install the Quality Security Update first, then any .Net Framework update, then any Office updates. I do that on one of my two computers and only repeat the exercise on the other one when a couple of days have passed without any issues arising on the first one. It doesn’t guarantee that either machine will run the updates successfully, but it is a lot safer than installing the whole lot in one batch on both machines simultaneously!

      I also hide all unchecked and optional updates unless there is a specific reason to maintain a watching brief on them. I never forget that they are unchecked and optional for a reason!

      3 users thanked author for this post.
      • #139144

        I don’t think the question is so much “Is Group B still viable?” as “Does Group B still serve any real purpose?”

        This is exactly what each reader here should ask themselves. 🙂

        3 users thanked author for this post.
      • #139195

        My purpose is to keep my PC running smoothly and problem-free without undue hassle, and the Group B approach is certainly serving it well.

        3 users thanked author for this post.
      • #139321

        Well put Seff.  My friends and I read woody’s posts and wait for a week or more. I use to wait 4 days, but now I wait about 10 days, unless many are shouting. It is wise as others have said the same here. I don’t know if I want to wait three and a half weeks though. Most normal users don’t have an issue, but some specialty (video/font) or business users (excel) may have an issue with an update (for example I cannot import my excel spreadsheet…etc.)  But if this “issue” only affects them, and not the common user, then why should the common user hold off on the update if it does not affect them? Careful slow progression is the key with Woody and other VIPs here examining updates.


    • #139119

      Windows 7 user here.

      Before the so-called patchocalypse, I would spend each month at least an hour or so feverishly going over all the patches, checking which ones I needed, which might bork my system, and then hoping they would all install in a tedious, lengthy, stressful process. After the patchocalypse, adopting type B patching, I go to the archive page, download and install the security-only stuff (takes a minute or two), reboot, run windows update, and install whatever .NET patches are listed (another minute or two(I don’t run any other Microsoft products)).

      The patchocalypse route B for me has meant massive time-saving, less complexity and much less stress. Which is why I continue to scratch my head in utter bewilderment whenever another of these articles pops up about the “difficulties” of route B. It’s never been easier! Both my system and my sanity as regards Windows updates are more stable than ever before.

      4 users thanked author for this post.
    • #139120

      Sticking with Group B. Not that difficult. Would appreciate .Net Security Only update links added to Group B after the last MS .Net Rollup fiasco. Will only install ANY of the above after it’s demonstrated that nothing blows up and after all MS fixes are in.

      Win7 Pro Zbook workstation on .Net 4.6.1 and see no pressing need for 4.7 anything unless this site assures me that there is some pressing need to install.

      The ONLY hangs and system repairs I’ve EVER needed in 4 years on this Zbook were ALL Windows Update-related…


    • #139125

      I and my roughly 120 clients computers are most certainly Group W (c) and expect that is it, essentially forever. The only end date for Windows 7 is when the system no longer functions for what ever reason. If a system needs to be re-installed, I will do that using the system image that is available for each. As a matter of fact, one just yesterday had a new hard drive installed.

      After a few years of struggling with the WU mess and watching as MS continues to be messing up royally again and again, I have decided that the risk of MS messing up my clients’ computers is almost certain. Whereas the risk of not applying any of MS updates at all is a far lower risk.
      I have applied Security only updates as outlined in


      up to and including May 2017, including MS Office updates and .net. I plan to do no more. NONE! In other words, we went from B to C.

      We are well protected with Bitdefender Antivirus +. Our systems have WU set to Never and that will not be changed. All systems have “customer participation” turned off.

      My clients’ systems are incredibly stable and reliable. I have not seen a single infection or major incursion in the 3 years since I switched all over to Bitdefender AV — note well, I do not permit any “security” program, only AV only software.

      When re-building Win7 systems I use WU, but refuse all non-security updates issued after Dec 31, 2014 and all “roll-ups” I have a list of 20 or so Win10 related updates that I routinely refuse and/or remove.

      Please understand that none of my clients are businesses or security sensitive.

      I do not think the vast majority of people in this forum understand what a typical “normal” Windows 7 owner is like. Most of these people are not interested or capable of understanding anything about Windows Update. Their systems are no more complicated than an electric toothbrush to them. These systems are either updating automatically because that is the way it came to them or not updating at all because of some problem. These users are totally unaware of Windows Update.


      5 users thanked author for this post.
      • #139405

        Hello CT.  A very moving post! I am shocked to see you have 120 clients and no updates. I do understand your position, but it is a bold decision to never update. I DO also understand that if one has proper backups as one here said, copying data to a thumb drive (flash drive) once a week and a complete image once a month. If he gets a virus or ransomware, he will restore from backups. Yes that works. I remember people all yelling that XP users are going to bring down the internet with a non update-able OS. Didn’t happen. I even have XP. Never had a virus, and still use it. If one is smart and has a good AV, other antispyware items, use a HOSTS file and have a 3rd party firewall (like NoelC)  and just be careful, you will be fine. BUT, you must either have backups just in case or be willing to accept the loss with a format and reimage if need be.

        If you are a business, you need to patch because of the possibility of ingress of someone into the entire business network. That is different from a single average user’s PC at home. Individual people and businesses/organizations with obligations to others or consumers (like a CPA, medical, or bank) must do patches or may be negligent!

    • #139147

      Is this the forth time or fifth time that his subject has been offered up for discussion? I see no reason to flog this dead horse anymore.

      Fact: MS does offer security-only (Group B) for W7 and W8.1 users.

      Group B is not complicated. Select, download and install.

      If you are a novice go with Group A. If you are a fanboy, go with Group A. Simple.

      • #139155

        The whole point of this topic is that the method you describe is no longer valid, NOT how easy it is. The past Group B method is now under construction, and the result will NOT be the way it has been in the past.

        3 users thanked author for this post.
        • #139179

          @PKCano, in this thread here are we talking about Group B for people who already have an ongoing Windows 7 or 8.1 system and want to keep it up to date without submitting to telemetry; or are we talking about people who are considering installing Windows from scratch; or are we talking about both groups? Are their respective needs the same?

          • #139183

            We’re talking about people in Group B AND Group A.
            Clean Install is a different matter and an even bigger challenge.

            3 users thanked author for this post.
            • #139191

              It’s an absolute [pain] to do a fresh install as I found out yesterday after a hardware failure (mobo capacitor and smell of burning substrate) on a Tux PC which I converted to W8.1 group B, then 10 hours later, an internet ready PC with all our programs on it and a new offline backup system image. The website walkthrough still works as the servicing stack hasn’t changed since it was written.
              Woody’s Service Packs for Group B W7 and W8.1  …wishful thinking!
              Group B still works for us albeit time consuming on the other PC’s.

              WaaS = Windows as a Syphon...suckers!

    • #139185

      Oh no, are we back to Cold Comfort Farm with Group B representing Something Nasty in the Woodshed? I wish someone would explain to me where the problem lies! Every month I manually install two security-only patches, one for IE and the other for Windows 7. Takes about 15 minutes if I make a cup of coffee at the same time. Then I update Office, MSRT, .Net, etc, via Windows Update. Might take another 15 minutes if I make a phone call whilst I drink the coffee. I do tend to hide any important/recommended updates I don’t install: I like things tidy. That’s it for the month. And this is too difficult to continue? Of course, I am greatly indebted to this site for the broad spectrum of information and guidance I receive here – that’s why I visit regularly. But I do wish someone would explain to me why my approach is no longer viable! Added to which, I haven’t had a computer glitsch I couldn’t resolve myself in the last two years, so I reckon I must be doing something right.

      2 users thanked author for this post.
      • #139409

        Well put Surfing Pensioner! Hear Hear!!

    • #139181

      “IE is an integral part of the Windows Operating System. Even if you do not use IE as your browser, other processes in the Windows OS do use it. So, if you do not patch IE, you leave your system open to all it’s vulnerabilities.

      Patching IE is not optional.”

      What other processes use IE may I ask? Not being sarcastic here, just curious as I don’t even have IE 11 installed on my Win 7 desktop

      • #139243

        I did not mention IE11 in my reply. It applies to any version of IE, whatever version.

        1 user thanked author for this post.
      • #139232

        All I can offer is to reiterate the already stated fact “…“IE is an integral part of the Windows Operating System.”…” My limited memory and perhaps flawed understanding of this statement is that when Microsoft’s OS of the day had matured to the point that it became useful to send information and receive improvements via the world wide web using the hypertext transfer protocol, Microsoft added that function deep in the OS using their proprietary ‘web browser’ application called uncreatively Internet Explorer. Because it suited the purpose.

        Hue and cry abounded, Mr. Gates was threatened from the most powerful rostrums in the country for using a solution developed in house. Even though it was the same approach used by competitive operating systems of the day. Mr. Gates answer was to offer a switch that you can still access in Win7 by navigating according to your favorite method to the page ‘Turn Windows features on or off’. It is essentially a dummy switch, like the thermostat that does not actually affect the zone heating system in your office. By deselecting Internet Explorer from these options, you will no longer see any IE icons, or titles listed in various menus. You will not be able to launch the application in a visible window and use the engine to browse or surf, and must replace that functionality with a third party application, if that is your desire.

        But when the Windows7 operating system itself has some functionality triggered by any form of transfer protocol, it will not use Chrome or Firefox. It will use the same Trident engine and associated functions that have been hidden from your view to complete these tasks. If you have chosen to not keep this engine and associated programming current with security patches, then you are still vulnerable to all exploits exposed in IE. But worse, because you are convinced they do not exist.

        Please, people who know better than I, correct as needed.

        2 users thanked author for this post.
        • #140044

          Thank you very much to anonymous for the info on patching IE on my Win 7 desktop. I just installed IE 11 (I had IE 6) even though I do not use it ever… Both of my newer Win 8.1 laptops already had the latest IE installed and those I keep up-to-date. I dont use IE on them either.

          Now one last question: Now that I have IE 11 on the desktop, do I install the latest Security i.e Sept or Oct. patch or do I have to go back and start with the March 2017 patch and then April etc..

          Sorry, I know it’s a pretty stupid question but I thought I’d ask anyways

          • #140059

            I am the anonymous #139232 (and a couple others, but not all of them), and glad that my approach made sense to you. This is not a stupid question. It shows you are thinking through to the end, and concerned enough to make sure.

            Direct answer first: Internet Explorer updates are cumulative, each update brings you current to that published time, without the need to get them all. So if you have installed September, which already cleared the MSDefcon3 bar, you are as current as I am.

            Now the wiggle room disclaimer: I am anonymous. I don’t write the code but I learn to use it by reading smart people. I believe I am quoting or interpreting an MVP contributor here, when I write that all IE updates are cumulative, now that you have IE11. The only way that is possible with a small filesize is if there is an inquiry and response of current status before the appropriate package is delivered and installed. This occurs during the check for updates, as the offerings list is populated. If I am mistaken, I hope to be corrected.

            You are also anonymous, and I have to be careful to not assume too much about your system and habits. The cumulative nature applies only to this instance of your new IE11. If you have not been updating regularly, you may have more research to do in other areas. I suggest you start a question topic for those concerns, separate from this busy topic.

            But if you mean you have been updating regularly, just without having IE11. And you have come current to September 2017 again, now, after the successful installation. Then yes, your job is done.

            Last, an observation, this could be checked and verified by actually launching the IE11 browser, and viewing information in ‘About Internet Explorer’ option of the gear shaped icon. A check will be performed every time. Or, any intervening updates, will be included in the next monthly update package. (After MSDefcon3 or better, of course)

            1 user thanked author for this post.
            • #140068

              Internet Explorer updates are cumulative

              For confirmation that IE11 updates are cumulative, KB 4036586 is titled, “Cumulative security update for Internet Explorer: September 12, 2017″.

              Article ID: 4036586 – Last Review: Sep 21, 2017 – Revision: 27
              Applies to: Internet Explorer 11

            • #140123

              Any way I could convince you to become un-anonymous?

              You’re posting great stuff here, and it would be nice to be able to follow it…

              You can register with a burner email address. I won’t mind. 🙂 Or you can email me directly and I’ll set the account up for you, manually. woody@askwoody.com

              2 users thanked author for this post.
            • #140331

              Thanks for the nod, Woody. And Kirsty for the rock solid reference to support. Glad I could help, but wanted original voices to get the credit for accurate advice. I just filled in the blank spaces in between to bridge the gaps. Hoping I kept my voice different enough to stand separate from others with the same name. Cheers.

            • #140342

              Thks @anon #140331.
              If Woody can’t convince you to register (we’d really love you to!), perhaps you could at least sign-off your posts with your own handle (nom de plume)?

      • #139242

        I failed to close comment #139232 by repeating again, the very sound advice given many times: “Patching IE is not optional.”

        4 users thanked author for this post.
    • #139205

      If I were a project manager I would set up four groups.

      1.  Win 7 clean install
      2.  Win 8.1 clean install
      3.  Win 7 currently up to date
      4.  Win 8.1 currently up to date.

      Ideally each group would need three to six people that have not run the update hiding experiment.*

      After comparing the results it should be possible to develop a method to properly update those four groups.

      Regardless of the results, there are still going to be those that go their own way or that might not fit neatly into either of those groupings.  The loose definition of group A or group B still stands.  All others will simply be hybrids or something else altogether.


      Edit note (2:42pm CT):  * important updates only.  If said project manager wants to include optional updates, this might make for a different experiment altogether.

      Win 8.1 (home & pro) Group B, Linux Dabbler

      1 user thanked author for this post.
    • #139217

      On a fresh install of 7, first boot to desktop, I install:
      1) Servicing Stack Update September 2016 (KB3177467)
      2) July 2016 Rollup (KB3172605)
      3) IE11 (IE11-Windows6.1-x64-en-us.exe)

      Use gpedit.msc, registry, or the WU control panel window to set Windows Update to “notify for updates and notify to download”, and “show recommended updates”.

      Run WU, install everything that is checked.
      Reboot. Repeat ad nauseum until all that’s left is:
      1) The current month’s updates (unless it’s DEFCON 3 or higher and they’re safe to install)
      2) Updates that are not checked by default
      Now you sit and wait for DEFCON to improve before you touch WU again.

      Anything under Optional updates is left there to stew and rot for all eternity, because I don’t want those updates since they’re not important or recommended enough to move into the “important” category.

      Never install drivers from WU either. Get them from NVIDIA, AMD, Intel, Gigabyte, Asus, MSI, Corsair, Logitech, or whatever vendor the hardware is from that you need drivers.

      • #139225

        OK, how did you avoid installing the current month’s updates that are important updates? By unchecking them or hiding them?

        • #139265

          That’s a good question, and I need to revise my post.
          What I do is, if the current month’s updates are not safe to install, I manually download the previous month’s update (the Monthly Rollup) using the links here: https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history

          I actually had to do this for a fresh install last month, grabbing the September update (after the October update was already presented in WU). I download the update file, install it, reboot, and then let the current month’s update sit and rot in WU until the DEFCON improves.

          I don’t hide updates, as I haven’t found a reason to – and I think hiding them causes confusion anyway, because then I start wondering if I’ve hidden something that I now need. I just leave them alone, unchecked.

    • #139255

      1. Get your settings right (including turning off Customer Experience Improvement Program if you don’t want it on).

      What settings? Other than the one mentioned, and the usual prompt for restart / check but not download or install / give me recommended the same as important ones.

      4. On the Important tab, hide any updates that Woody has declared are problematic

      Do we have an up-to-date list? I only know of those Here and Here.

      We’re talking about people in Group B AND Group A.
      Clean Install is a different matter and an even bigger challenge.

      Isn’t it just a matter of HIDING (rather than unchecking) the ones you don’t want though? I don’t mind that and usually do so anyway. (I’m aware MS relaunches the same KB numbers often, and you have to re-hide it each time). I’m a Software Engineer so fairly tech savvy, but my home computer is only for general use / gaming. I don’t see a problem with manually installing updates and hiding those I don’t want as it’s only once a month. I generally give it a week after updates come out anyways and check Woody’s posts before installing them, (ever since GWX).

      As mentioned in other topics, I’m imminently about to do a clean-install of W7 Ultimate x64, (As I’m finally moving to SSDs).

      I’ve previously been pretty much group A (grudgingly accepting rollups, but rejecting telemetry / GWX & drivers), but will be scrutinizing more this time and going with a more Group B approach (Outright rejecting rollups, telemetry, drivers, and any specific patches with content I don’t want, such as the recent IE11 Search Bar, accepting everything else + security stuff).

      I presume I’ll have to download updates manually from some kinda MS Catalogue page? (As in rejecting the rollups through WU won’t show the normal ones separately in the panel). Does anyone have a link to where you normally obtain your updates from if not from WU.

      I’ll link my assumed approach of what I’ll need to do in the reply to this post.

      • #139266

        and any specific patches with content I don’t want, such as the recent IE11 Search Bar,

        The IE11 patches are cumulative. The search bar change was in the Sept (I think) patch. So if you don’t want that, you will probably have to stop patching IE.

        The Rollups are composed of three parts: security, non-security, and IE11 cumulative. If you go the Group B route, they install the security-only update and the IE11 CU manually. They have been available in AKB2000003 on this site or you can download them from the MS Update Catalog by entering the numerical part of the KB number in the search box.

        2 users thanked author for this post.
        • #139278

          That’s a b*****. There’s no separate IE updates as they are with the general Windows Update ones? Why the heck can’t they just give an option to turn something like that OFF? (Search bar is completely redundant anyway. I normally search by entering ?mysearchquery into the address bar.). I’m aware it’s hidden when showing tabs on the same line btw, but I like them separate.

          Thanks v much for the link btw. I’ll be looking at that method in future.

          Is there anywhere that shows all the separate updates IN the rollups? I think I can just click on the rollup in WU and select More Info, and hopefully get a list of all the separate KB patches (to download from the Catalogue) can’t I?

          • #139297

            If you do not set tabs on a separate row, the search bar goes away.

            Sorry, there are no more individual patches after Oct 2016.

            1 user thanked author for this post.
            • #139307

              heh I HATE Microsoft lately. Shame there’s no way to ignore the cumulative ones. Ah well.

              Patching IE is likely a good thing so I’ll just have to put up with it and hope they make an option to hide it, as I like my tabs on a separate row.

      • #139289

        So here’s what I’m planning on going with, for a CLEAN INSTALL from: en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso with a combination of steps from these posts. This is pure assumption since it’s been 5 years since I last did a clean install, so things might have changed, (such as ignoring the Convenience Rollup).

        1. Install Windows.

        2. Set Windows Updates to “Notify but do not download or install.”

        3. Set Windows Updates to “Give me Recommended Updates the same way I receive as Important Updates”

        4. Set Windows Updates to “Give me Updates for Microsoft Products and check for Microsoft Software when I Update Windows”.

        5. Set Windows Updates to “Give me detailed notifications when new Microsoft Software is Available” – (What does this do again?)

        6. Set Windows to only Prompt for Reboot after Update Installation (not auto reboot). – (I think I did this in the Registry, or Group Policy).

        7. Check for Updates.

        8. Hide any Updates I definitely don’t want. – (Telemetry, Drivers, Rollups).

        9. Hide any Updates I don’t plan on installing right now. (Since I’ll likely do this in batches).

        10. Unhide any that I DO want to install right now.

        11. Go back & Repeat Steps 711 Until only the updates I want to install now remain.

        12. Install batch of Updates & Reboot PC.

        13. Go back & Repeat Steps 713 Until caught up to when the Rollups started.

        14. Download ALL remaining Updates from the Microsoft Windows Catalogue – (This is the bit I’m fuzzy about. This is the only way to do it if you don’t want rollups ya?)

        15. Simulate steps 810 by manually scrutinizing & deleting the ones I don’t want.

        16. Install the remaining updates in batches. Rebooting in-between.

        17. Check for Windows Update. None should remain. Now up to date!

        18. (Should I do the following, before or after the above steps?)

        19. In Action Center\Maintenance\Settings, Set “Windows Error Reporting” to “Never check for solutions.”

        20. In Action Center\Change Action Center settings\Related settings, Set “Customer Experience Improvement Program” to “No”.

        21. In Action Center\Change Action Center settings\Related settings, Set “Problem reporting” to “No.”

        22. In Administrative Tools\Services, Disable “Diagnostics Tracking Service”.

        23. In Administrative Tools\Task Scheduler\Library\Microsoft\Windows , Disable ALL Tasks under “Application Experience”.

        24. In Administrative Tools\Task Scheduler\Library\Microsoft\Windows , Disable ALL Tasks under “Autochk”.

        25. In Administrative Tools\Task Scheduler\Library\Microsoft\Windows , Disable ALL Tasks under “Customer Experience Improvement Program”.

        26. In IE11 Security Settings – Internet Zone, Disable “Use Smart Screen Filter”.

        27. Setup IE11, changing Default Search Engine etc.

        28. Reboot PC, wait 30 minutes.

        29. In System Tools\Disk Cleanup, click “Clean up system files” and “Windows Update Cleanup” is checked.

        30. Reboot PC. Give Windows Updates a Final Check.

        31. Enjoy myself.

        32. After Patch Tuesday every Month, check Woody’s page for Update fallout / Hilarity. Wait a week-ish if anything looks dodgy. Check for Updates, hide Rollups, Repeat Steps 1417 & Step 31.

        Have I missed anything, is anything wrong there? Again I’m unclear about the non-rollup bit since I’ve currently been using them, but won’t be in future.

        The Updates I currently have hidden (before rebuild, and excluding Language Packs and Drivers which I of course always hide) are:
        KB971033 – (Windows Activation, is this one necessary since my installs are genuine?)
        KB3021917 – Telemetry(?)
        KB3068708 – Telemetry(?)
        KB3080149 – Telemetry(?)
        KB2952664 – (GWX. The one that led me to start reading Woody’s pages…)
        (This also excludes the Convenience update, as my current install is from around 5 years ago. I presume I’ll be hiding this one as soon as I see it after the Clean Install).

        I’ll make a new list, containing actual taken steps, after I’ve completed the Clean Install.

        1 user thanked author for this post.
        • #139290

          Between #6 and #7 (see see instructions here) to make WU work right

          I did an OFFLINE clean install of Windows Home Premium SP1 32-bit. Still OFFLINE, I installed KB3020369, KB3138612, KB3177467, and KB3172605.

          #19-26 Do these after the clean install but before installing the rest. You won’t see the Diagnostic Tracking Service unless you install a Rollup after Oct 2016.

          since they contain some changes I DO NOT WANT, (such as the redundant IE11 Search bar).

          This function was in the Sept (I think) IE11 Cumulative Update. You will need to stop patching IE11 after Aug, since the patches are cumulative, ie, the latest contains all the ones prior.

          2 users thanked author for this post.
          • #139310

            I did an OFFLINE clean install of Windows Home Premium SP1 32-bit. Still OFFLINE, I installed KB3020369, KB3138612, KB3177467, and KB3172605.

            Thanks, I’ll add these steps to my private list, then likely add them to the “Actual Steps Taken” post I’ll make after reinstalling.

            From what I can see:

            KB3020369 – Fixes Windows Update install failures. Good.

            KB3138612 – Updates Windows Update client. Good.

            KB3177467 – Speeds up Windows Update. Good.

            KB3172605 – Isn’t this a Rollup? Is this one needed, apparently what it contains is:

            This update includes quality improvements. No new operating system features are being introduced and no new security updates are included. Key changes include:

            • Improved support in Microsoft Cryptographic Application Programming Interface (CryptoAPI) to help identify websites that use Secure Hash Algorithm 1 (SHA-1).
            • Addressed issue in Microsoft Secure Channel (SChannel) that sometime causes Transport Layer Security (TLS) 1.2 connections to fail depending on whether the root certificate is configured as part of the certificate chain for server authentication. 

            From here.

            So unsure about that last one. I can see why you’d install the other 3 (where possible) before doing any other updates though, as they state that they improve Windows Update itself.

            What’s the reason to stay offline during & prior to this? Aside from telling Windows Updates to never auto-download of course.

        • #139293

          If you edit/submit/edit/submit too quickly, Your post gets sent to the spambucket. Slow down and let the system update in between.

          1 user thanked author for this post.
          • #139294

            A-ha that will be why. Thanks!

            Ah well I ended up copying it before submitting the first time anyway.

            • #139299

              Which one do you want me to delete, the first or the second?

            • #139303

              If none are now in the spambucket, it should be sorted.

              I’ve trashed the duplicate one. The remaining post here should be the definitive version. Thanks!

              You can nuke these 4 replies too if you wish. (Posts #139293, #139294, #139299 & #139303)

            • #140125

              When y’all get this sorted out, it’d make a GREAT AKB….

            • #140332

              Which bit, Woody?

              The install order / routine, or the bit about editing posts / spambucket stuff.

              I’ve been speaking with @PKCano and @GoneToPlaid and preparing my Clean Install advice, updates to avoid list, which to do in order etc.

              Will be setting it going in an hour or so. I’ll try and document how it goes, so you guys can use the info to collate it into some proper instructions.

              I’ve also looked up a PowerShell script that lists Pending updates and exports to CSV. I successfully modified it to list Pending, but Non-Hidden ones, and attempted to make copies to list Hidden Only, and Installed updates. However no combination seems to work any more and returns no output. Even the original script from the page doesn’t work now. Strange. Any preferred way to share Zips on here? I note the attachments disallows the type.

        • #140343

          Alright it seems I was completely barking up the wrong tree with the Update Catalogue bit. I was under the impression that we could Hide the Rollups (even the Security Only) ones, and download the individual updates involved from the Microsoft Catalogue.

          However it seems this isn’t possible! The Rollup patch in the catalogue lists what updates it replaces (17 of them for the October 2017 one), but newer versions of those updates, or the files within are NOT offered in the catalogue, and ONLY available in the rollup!

          See below, where I picked a file at random (Winsrv.dll) from the Rollup:

          In the KB4041678 Security Rollup File Details there’s this listed:

          KB4041678 Winsrv.dll 6.1.7601.23915 215,552 13-Sep-2017 15:28 x64 None Not applicable

          I found this file only in the File Details for the following two patches involved in that rollup. Check the dates of the file:

          KB3153171 Winsrv.dll  6.1.7601.23418  215,552 09-Apr-2016  06:58  x64  None  Not applicable

          KB3175024 Winsrv.dll  6.1.7601.23539  215,552 02-Sep-2016  15:31  x64  None  Not applicable

          Therefore it seems the ONLY way to obtain the up-to-date version of that file is to install a whole rollup. @GoneToPlaid brought this to my attention, and has been working very hard to analyse and test the changes between each rollup and the updates involved.

          This completely changes my assumed installation strategy, in that there now seems to be NO way to install only individual fixes from when the Rollups started. This now means you really have to accept EVERYTHING or nothing from Rollups. I thought this applied to the Update Client only.

          This isn’t a good situation as even with “Security Only” ones they could slip in telemetry, unwanted features or outright break things and the only way to avoid this would be to avoid the ENTIRE Rollup itself. Therefore I’ll have to revise the following steps from the list above and have a big re-think of how to deal with this:

          13. Go back & Repeat Steps 713 Until caught up to when the Rollups started.

          14. Download ALL remaining Updates from the Microsoft Windows Catalogue – (This is the bit I’m fuzzy about. This is the only way to do it if you don’t want rollups ya?)

          15. Simulate steps 810 by manually scrutinizing & deleting the ones I don’t want.

          16. Install the remaining updates in batches. Rebooting in-between.

          • #140351

            You certainly weren’t exaggerating about this being a “Patchoocalypse”, Woody. Even after reading the article I thought the separate sub-patches would be available for those with the time / knowledge to install them manually, in the right order, with all the precursors etc.

            Just how do server admins go on now with Rollups, where just one bit fails. You have to forsake the entire b***** rollup patch? Just what are MS thinking?

          • #140515

            The above can now be ignored. MrBrian has clarified the situation and resolved my confusion here: https://askwoody.com/forums/topic/new-directions-for-win-7-and-8-1-patching/#post-140476

      • #139315

        “What settings?”

        I meant that Group A should follow the existing Group A step for “Get your settings right” and Group B should follow the existing Group B step for “Get your settings right.”

        “Do we have an up-to-date list?”

        “Problematic updates” refers to any problematic updates that Woody has identified in his latest update advice post.

        “Isn’t it just a matter of HIDING (rather than unchecking) the ones you don’t want though?”

        Exactly! The basic idea is that all updates in Windows Updates must either be installed or hidden (at least temporarily). It’s a bit more involved though because after hiding unwanted updates, you must continue to check for updates and hide unwanted updates until there are no more unwanted updates to hide.

        3 users thanked author for this post.
        • #139325

          Thanks! And yeah after reading this post thoroughly I understand what a lot of the terms in yours and PKCano’s posts were referring to now.

          Doesn’t seem too bad then, if the only change is to make sure all updates are either being installed or hidden, (rather than left as Pending), and re-check again after.

          Bit of an a*** around but easily do-able. Once finally get fully up to date, will only need to do it for a couple of updates once a month. Not like need to check every day etc.

          • #139333

            You’re welcome :).

            The first time might get tedious because if a Group B user is using Windows Update to hide updates, one must hide the October 2017 Windows monthly rollup, then check for updates, then hide the September 2017 Windows monthly rollup, then check for updates, and so forth. However, in my algorithms I mention using a program (Windows Update MiniTool) that can hide all unwanted updates in one pass. Alternatively, I made a script that hides all updates with a given description in one pass.

            2 users thanked author for this post.
    • #139264

      Woody asked 3 questions at the top of this thread.

      1) Can a “normal” person download and install all the patches they need without spending many hours a day? Certainly a normal person is capable of downloading and installing patches in a matter of minutes (perhaps an hour or more for a really big program); most every computer user has at one time or another installed software. The issue, I think, is “need”. Everyone has a different definition of what a needed patch is. In essence, most of the experiments that have been done here use Windows Update to determine how well Windows Update does in generating lists of “needed updates”. This seems circuitous to me, although unless one is an employee of MS one can’t do much else; we can only use the information that MS provides. I would think that normal users are not in the position to follow any of the algorithms given here. I could follow them but I admit I don’t really understand them. So, I think that a normal user would be OK if they were told what updates to install. I would suggest for them the security only updates in order to keep their computers as safe as possible with little or no thought, and tell them that if they want to start playing with their computers, then move up to the Rollups, but be prepared to spend more time learning about their computers. Unfortunately, we can’t trust MS to tell us what updates to install regardless of how one defines “need”. Regarding “needed patches”, I define needed patches as ones that keep my computer safe and those that keep my computer running “properly” or “like-new”. This is an operational definition and is, I think, less dependent on the whims of Windows Update. Using this definition, the method of updating I use and described above has worked very well for me. I intend to use my method until end of life for Win 7.

      2) Can a normal person avoid really bad patches? I don’t think so, unless they are prepared to spend some time reading web sites like this one. I don’t see any way of ANY user knowing beforehand which patches are bad; the only way to tell for sure is to try the patch and see.

      3) Is it possible to curtail MS’ snooping? I’ll leave that to the experts, but I would be inclined to say that in this day and age, if someone really wants to snoop on someone else, they probably can do it at least for some amount of time.

      2 users thanked author for this post.
    • #139269

      ch100 wrote:

      I do not recommend disabling the Diagnostic Tracking Service as it may have side effects.

      Out of curiosity, can you expand on what you’re thinking there?

      No particular reason. It is a service installed by a specific set of patches and it is better to be left alone as intended. Just based on common sense. Exactly because I don’t have a deep understanding of what this service does and does not, I cannot afford to recommend others who are ready to listen to follow a path against mainstream. I doubt anyone else posting on this site other than @abbodi86 does deep analysis of each patch and Windows component and is in the position to exactly tell what is happening behind the scenes.
      It is an operating SYSTEM after all and not a bunch of separate services thrown into the mix at random.

      • #139317

        I would agree that “It is an operating SYSTEM after all and not a bunch of separate services thrown into the mix at random.” up through Win7sp1. But since this topic also covers Win8.1, I would diverge from your point where Win8.0 brought us a new interface that felt distinctly random. Then came GWX, thrown forcefully into the mix. Then the hybrid Win10.x…, that seems unsure of its footing as a system three years in, or every six months, take your pick. But that product is beyond the current scope.

        I am glad that efforts made by abbodi86 meet your high standards of analysis and presentation. But I find it unfortunate that this reads as dismissive to the efforts of at least three other MVPs that are devoting many hours to the testing and comparative notes across different installations, in the hopes of catching out wrong assumptions based on too narrow a sample. Many loungers will never reach competence in your view. But their questions and observations have been the origin of many new discoveries in this product that Microsoft allows us to use, at their discretion.

        2 users thanked author for this post.
      • #140055

        I understand your point ch100 and I agree with it in theory.

        In practice, I quite regularly took the risk of side-effects with the joy of reducing other problems the giant OS maker intended or not.

        If you are willing to live with the risk and accept the consequence, disabling some things can be useful. It’s not like Microsoft is a one person deity knowing everything about its own OS and I can think that at least a few of their recommendations where more marketing driven than technically better.

        If I didn’t always disable that weird webclient service, I would have issues with my Unix applications emulating Samba. I always do it since Vista when I found it was causing issues.

        However, I agree about the specific Diagnostic service, as we don’t really know what is going on and with all the newer telemetry integrated everywhere in Studio for the new apps, I don’t know if there will be any side-effect to disabling parts of the whole system, especially for someone using the new Apps and not relying on that good ol’ Word 2010 for the good ol’ days where there wasn’t as much intensity on the the telemetry and related ideas. Maybe not on 7, but on 10, it could end up creating issues, maybe.

        Maybe it will work a while, maybe a feature update will break things, Noel will likely see it. Others might not. Makes sense to not make it a general recommendation. But I can tell you I disable it too and take the risk of issues (not on my main work computer, which runs 7).

        I also agree a bit about the whole group B thing. I jumped to group A after not remembering if I installed some patches or not and got sick to go verify if I skipped one by waiting to install and installed some in the wrong order. I just thought it would become more of a burden at work than whatever benefit that might not even be there or last. I still don’t think all of this is acceptable from Microsoft, but at this point I got pragmatic, worried that maybe it would just stop working later and I wouldn’t have time to get back to A if it proved to be harder later.

        The thing is, stability is my number one priority on my work computer. I have absolutely no time to loose with problems. I understand people are worried about telemetry and all the integration of marketing in their Windows experience. To those people, I just have the same advice as you: get on another OS. So, maybe what is best for those is to try to survive with Windows 7 until 2020 but plan ahead for something else, because fighting the giant with your rock in a sling is likely going to be time-consuming and useless. I have to stay with the giant at work, but at home, it is another story.

        Those really worried about privacy should not continue to use Microsoft’s OSes maybe instead of trying to fix them. They should switch to something else right now. It’s not fair, not right, maybe not easy, but technically, you can’t really know what is going on in this OS no more. I feel with each feature update, control is lost more and more. When you are not sure some GPs are applied or enforced, that the names in the GPs don’t even match the latest MS terminology, it doesn’t look good.

    • #139312

      As somebody who has been following Group B updating since it was started, I decided to experiment, inspired by MrBrian.

      From being up to date, I hid the Monthly Rollups and then ran Windows Update, month by month, all the way back to their beginning. The only thing that showed up was KB 2177467 3177467, a servicing stack update that only shows up when all updates are either installed or hidden. If I had been following the recommendation to hide, then rerun Windows update, at the time it was first offered, I would not have missed it.

      I don’t mind using MrBrians alogrithm to update, in order to avoid missing any more such updates for the current month, when it comes time to update. Group B updating is easy and painless for me.

      My Win 7 Home system is stable and just how I want it to work, day in and day out, and I can reinstall from back ups, if necessary. It has never been necessary.

      Non-techy Win 10 Pro and Linux Mint experimenter

      6 users thanked author for this post.
      • #139314

        Thanks Elly. So aside from having to hide them, and leaving no unchecked Pending ones in the list when installing (which is a practice I follow anyway), all went well?

        I’m about to attempt the same.

        • #139399

          All went well… pacing myself as I hid each successive month, and then running Windows Update each time… just worked through it systematically. I was surprised, given some of the statements, that I didn’t find more updates that I’d missed… but apparently I hadn’t missed them.

          Non-techy Win 10 Pro and Linux Mint experimenter

          2 users thanked author for this post.
      • #139318

        Thank you for your evidence in support that these are issues that truly do affect some users in practice :). (I remember you posted about this in a related topic that is now unavailable due to site issues).

        Small correction: You meant 3177467 not 2177467.

        1 user thanked author for this post.
        • #139407

          Yes, it was KB 3177467.

          And I did post previously, and it does seem to have vanished into the ethers…

          Hiding and rechecking for updates will be part of my routine from now on. Just hiding the update and waiting until next month will not have an update like KB 3177467 show up. You have to run Windows Update again and make sure nothing shows up.

          To address concerns that this is becoming more complicated for less techy people, is that something a few testers can do for the larger group, and exceptions like KB 3177467 added to the post, or something everyone should be doing, each and everytime?

          Has anyone tested this for Group A people? I think there are concerns that this might affect them as well.

          Non-techy Win 10 Pro and Linux Mint experimenter

          • #139411

            “To address concerns that this is becoming more complicated for less techy people, is that something a few testers can do for the larger group, and exceptions like KB 3177467 added to the post, or something everyone should be doing, each and everytime?

            Has anyone tested this for Group A people? I think there are concerns that this might affect them as well.”

            In my opinion, it’s something that everybody should do every time you update. Group A should be doing this as well.

            3 users thanked author for this post.
          • #139749

            Good find Elly. Hiding all unwanted updates has been my way all along. Yes there was one that would only pop up after one hid everything and before the next month rolled by. Like Surfing Pensioner, I like things tidy too. I will update my win7 (Group B) about 7 to 10 days after patch tuesday and hide everything else I do not want. Wait for WU to turn green and have no updates available, then I’m done for that month.

            1 user thanked author for this post.
    • #139376

      So… as I understand it, Elly has done my recursive-hide work for me, God bless ‘er — so I’ve just downloaded the msu for the Win7 64-bit version of KB 3177467, and now I should install it.

      Does that sound like a plan?

      • #139381

        Different users of the same operating system can be missing different updates. Some people may be missing no updates. In my test, I was missing 9 Important updates (not including KB3177467, which was found to be missing later).

        3 users thanked author for this post.
    • #139408

      If you doubt it, try a clean Windows 7 installation following the existing Group B instructions (not using my modified instructions in this topic), then compare the files in c:\windows\system32 to those in https://askwoody.com/forums/topic/group-b-win78-1-missing-updates-hiding-rollups-security-only-patches/#post-136989.

      Hello MrBrian,

      I have performed two Group B Win7 installs during the past few months. Note that I am on Group B+ since I also avoid installing Group B updates which cause other unwanted issues.

      When I relied, “Not so” to your post, I actually was replying in response to your provided Group B link. I apologize to everyone for any confusion in which you all might have thought that I replied “No so” with regards to the first sentence of MrBrian’s post, which reads, “For those interested in why every update in Windows Update needs to be either installed or hidden (at least temporarily), here are the two reasons.” I erroneously replied after a grueling 20 hour work day.

      So to MrBrian’s first sentence, I 100% agree. Yes, undesirable Windows Updates should first be hidden. And then the user should once again perform a Check for Updates, and then hide any new undesirable updates which magically show up, yet which were superseded by the set of undesirable updates which were hidden a few minutes earlier. Repeat until all undesirable updates have been hidden and subsequent checks for updates no longer show any undesirable updates. And then the user should update the computer.

      Logically, this is all based on supersedence. If you don’t hide undesirable updates, then quite logically, Windows Update must assume that you will want to install the unchecked updates after you finish installing some of the other available updates and have rebooted your computer. Keep in mind that most updates can be installed in any order. Also keep in mind that some updates have requirements that previous updates are already installed.

      If on the other hand, you hide undesirable updates and then once again check for new updates, additional updates may appear because you deliberately hid updates which supersede the updates which now have appeared. Again, this is pure logic. The logic is the fact, that since you deliberately hid some updates, Windows Update correctly assumes that you do not want to install them. And then Windows Update, after these undesirable updates have been hidden and after another check for updates has been been performed, will then logically and correctly show any additional updates which you should consider installing.

      Thus MrBrian is 100% correct. Hide undesirable updates and once again check for updates, and repeat until all undesirable updates have been hidden. Then install the updates. In other words, you are repetitively performing reverse supersedence in order to drill down to only the updates which you want to install.

      This is the best way that I can explain this, based on the logic of supersedence. Supersedence is based on a continual time line of updates, some of which eventually get superseded.

      Best regards to all,



      5 users thanked author for this post.
      • #139412

        Thank you for the clarification and support :).

        For those further interested in technical details of why hiding updates makes a difference, see https://askwoody.com/forums/topic/group-b-win78-1-missing-updates-hiding-rollups-security-only-patches/#post-136954.

        1 user thanked author for this post.
      • #139417

        Interesting. Can you do it this way though?

        Smaller batches:
        1. Check for Updates.
        2. Hide Rollup / Undesirables
        3. Install everything else that’s currently available. (Leaving none unchecked / pending)
        4. Repeat steps 14 until nothing left.

        Or do you have to do it this way (like you’re saying):
        Larger, consecutively built up Batches:
        1. Check for Updates.
        2. Hide Rollup / Undesirables.
        3. Repeat steps 13, Until no more are added to the list.
        4. Install all at once. (Leaving none unchecked / pending).
        5. Repeat steps 15 until nothing left.

        Just wondering if it’s based on the requirement to install EVERYTHING in the panel (that’s not hidden), or that you haveto build up the full list FIRST, then install everything at once. (I’m aware more will still appear though after those are installed).

        • #139420

          Are we to assume that in your install step, the user reboots if the system requests it before moving on to the next step?

          • #139422

            I would personally do so yes. If not immediately then at least rebooting & re-checking before attempting to install more.

            I’d not trust it to install anything else correctly without Rebooting first (if it’s asked me to), and there would very likely be more updates that appeared afterwards.

            • #139428

              If that assumption is fulfilled, then I think the answer is either way is ok provided that you can only exit the loop if the “check for updates” step reports that no updates are available.

              1 user thanked author for this post.
            • #139432

              Yup, I’d keep going until there were none left.

              Just thinking it might be easier to manage it in multiple, smaller batches, especially if the individual updates need to be scrutinized.

              I understand the requirement to HIDE any that aren’t being installed at that time either way. Not a problem for me since I don’t mind that.

              Understand that it might mean more reboots though in the end since more may appear each time, but since I’ll be doing this on SSDs from next time onwards that shouldn’t be much of a prob either.

              Just wanted to make sure you didn’t need to keep checking, hiding, checking, hiding etc BEFORE installing ANYTHING, to ensure nothing was missed.

    • #139454

      As noted in an earlier post, I’m a Group B guy (Win 7 Home Premium, 64-bit), and like Elly before me, I’ve now hidden the monthly rollups, month by month, back to the beginning.

      And like Elly, I ended up with one bonus update, but in my case it was non-security update KB3182203 (September 2016 time zone change for Novosibirsk) — which was one of the ones on MrBrian’s list of 9 — and it showed up after I hid the November 2016 rollup.

      ADDED: After I hid KB3182203 and checked for updates again, up popped non-security update 3177723 (2016 – Egypt cancels DST). And after I hid that one, up popped KB3162835 (June 2016 DST and time zone update for Windows). And after I hid that one, up popped KB3153731 (May 2016 DST update for Azerbaijan, Chile, Haiti, and Morocco in Windows). And then I said noooooo, I’m not doing this anymore, and I went to bed.

      2 users thanked author for this post.
      • #139694

        ADDED, PART DEUX: I doggedly continued the hiding process (with the time zone updates) the next day, and stopped uncovering superseded updates after just one more: KB3148851 (Time zone changes for Russia in Windows), from April 2016.

      • #139994

        Excellent Byteme!  I remember about 6  months ago someone here at woody’s was saying to NEVER hide an update, that they would be superseded and go away anyway and by hiding them they may get stuck as a hidden update area and never go away. I un-hid my updates and checked for updates. They all got offered up again, even back to october 2016, so I went back to hiding everything, just like I had been doing.

        Now MrBrian is advocating hiding all that you do not want. I agree. Just like I said to Elly and her test. Thanks for the post byteme and the long list of appearing updates (bundled in the monthly rollups) that came out when hid. win7user

        1 user thanked author for this post.
      • #141405

        ADDED, PART 3: Up through ADDED, PART DEUX, I’d never completely cleared out my Important Updates list, so I hadn’t uncovered any potential updates affected by MrBrian’s issue #2 — i.e., updates that have to run exclusively, and only show up if there’s nothing else there. So today, after installing the October updates, I completely cleared my list (by hiding the one remaining update), and at that point KB3177467 showed up, and it’s the same Sept. 2016 servicing stack update that Elly uncovered. (Hooray for consistency.)

        After installing KB3177467, I again checked for updates, and no further updates were found.

        PS: It has occurred to me that the reason some Group B members (including me) may have thought this thread was intended to be more discouraging of continuing Group B membership than it (probably) was is that we focused on the wrong meaning of the word “directions” in “New directions for Win 7 and 8.1 patching.”

        3 users thanked author for this post.
    • #139563

      This is really depressing. There seems to be no clear way forward, options

      1/ accept MS domination and move to 10, be a beta tester and be data mined

      2/ learn new OS, some linux flavour and have limited access to programmes/games

      3/ Give up and star at an android pad

      This is meant to be progress.


    • #139597

      I don’t think there’s a problem, really. It’s just a matter of hding the recommended/important updates you don’t want to install. Some of us do that anyway. Of course, the day will come when we each have to choose between W10 or an alternative to Windows. Yet more excitement!

      2 users thanked author for this post.
      • #139611

        I agree. Also, there are two alternatives that can greatly reduce the amount of time it takes to hide unwanted updates:

        1. Windows Update MiniTool with checkbox “Include superseded” checked.

        2. I have a script that hides all updates with a given description, including updates that supersede other updates. I’ll post it if anybody wants it.

        1 user thanked author for this post.
        • #139657

          I downloaded and ran the Windows Update MiniTool. I think the less techy should be warned that when first ran it showed all the updates I’d decided (one by one), through the years, not to install, things no longer showing up through Windows Update. It also included previews of the monthly rollups. It was a lot of stuff to wade through all at once. Why should the previews be included? No idea. But, no surprises (updates I needed and missed), and I hid all of them, one by one, within the tool. I’m compulsive enough that I researched them one more time. I didn’t find  anything that I hadn’t found by following MrBrian’s algorithm of hiding/checking/hiding/checking. Actually, I didn’t find anything, because it seems that procedure had already revealed the update missing on my system.

          , your offer of a script to block such updates is lovely… and I have to think that it would have to be easier than what I went through with the MiniTool… but running a script is beyond my ken…

          Thank you…

          Non-techy Win 10 Pro and Linux Mint experimenter

          5 users thanked author for this post.
          • #139672

            Ditto, here!

          • #139673

            Using Windows Update MiniTool or my script to hide updates is entirely optional and I mentioned them only because they can save one time when hiding many updates.

            3 users thanked author for this post.
        • #140430

          Mr.Brian:    If you could post the references you have cited, I would like to “try” either (or both if necessary) of them for “assistance”.  Thank you, if you can possibly find the time to do that.   🙂

    • #139661

      I’ve been kind of forgetful with my windows update patching the last update it says I did was


      while I haven’t noticed any issues, what do I need to do to get up to date from that point?

      I used to be W until that ransomware c***. It seems B isn’t viable with my knowledge so I GUESS I’m A on win 7.

      • #139676

        Wait until the DEFCON number is 3-5 (sometime before Nov 14 – watch for it)
        Open Windows Update, search for updates, then click on “important updates.”
        Decide if you want to install .NET 4.7: If you do not want to install it, right click and hide it. If you do want to install it, uncheck it.
        Install everything else (Monthly Rollup for Windows, updates for .NET, MSRT, and any other MS products like Office).
        Login, wait 5 minutes, in Windows Update search for updates and install everything under “important updates,” then reboot. Repeat this step till there is nothing left under “important updates.”

        You’re done.

        1 user thanked author for this post.
    • #139678

      I have heard of .net but I don’t really understand it is this new version unnecessary or particularly shady seeming?

      • #139686

        .Net is the basis for some programs. The initial caution with .Net 4.7 was, that it caused problems with Win7 because the D3D Compiler was not included/installed. But that has been rectified for those in Group A because the D3D Compiler is now included with the Monthly Rollups. That is why you need to install a current Rollup before installing .NET 4.7 (which is just a later version of .NET).

        .NET is not necessary for Win7 (unless you use a program that needs it), but there is nothing “shady” about it.

        3 users thanked author for this post.
        • #139703

          hmm is .Net 4.7 ONLY included in a rollup, or can it be found manually from the catalogue in one of the other patches?

          As I’m planning to go the Group B route, I’ll not be doing ANY rollups if possible.

          • #139713

            The .NET 4.7 Framework installer is KB3186497. The Rollups and security-only patches for .NET 4.7 are updates.

            If you install .NET 4.7 on Win7, and you are NOT installing the Security Monthly Quality Rollups (Group A), you will need to download from the Catalog and install manually the D3D Compiler KB4019990 first.

            1 user thanked author for this post.
            • #139720

              Thanks, easy enough then long as remember to do KB4019990 , then KB3186497. I’ll add it to my notes.

    • #139722

      Would it be feasible/legal to burn a DVD or BD with all the desired patches (for whichever OS & bitness), perhaps leaving the sketchy/undesirables/untouchables in a separate directory on the disc?


      • #139926

        There is a procedure known as “slip-streaming.” Among many others, here are two relatively recent how-to articles that describe the procedure in detail (the third article, at bottom, is supplemental):

        Create An Integrated Up To Date Windows 7 Install Disc (Raymond.CC – Updated 2017.09)

        The Last Windows 7 ISO You’ll Ever Need: How to Slipstream the Convenience Rollup (How-To Geek – 2016.04)

        The procedures outlined above are templates that one can customize, for example by using the Windows Update Minitool (described within various AskWoody topics) or one of the procedures in 4 Tools To Update Windows Offline and Install Hotfixes from a Local Source (Raymond.CC – 2017.02; see recent comments at end of article).

        (Of course, if one is “Group B,” then the appropriate adjustments will need to be made.)

        • #140151

          AJN, thanks much for the info in your Reply #139926. Good stuff.

          As I’m sure you’ve intuited, I’m trying to create a “me-friendly” install disc for (in my particular case) my Win7 x64 Home Premium rig. It’s been a couple of years and it’s time for a cleanup.

          Again, thanks much. 🙂


    • #139741

      2 cents;

      Long thread, read many of the MVPs comments, and it gets to be too much. However, I’m moderately tech savy, self taught, playing with systems since my first IBM 286.

      That said, Group B is a small amount of work and don’t see the need to change. The .NET updates can be confusing until you understand which versions of .NET you have. Other than that, Group B is fine.

      The question is “normal” users? I think a better term is “motivated” users. Some don’t want to fiddle; just jump in and turn the key. In that case, just let windows do everything for you. Turn on the automatic updates. You might be sorry. Beyond that, there’s no choice but to learn to fiddle. Once you do, it’s not that hard for John or Jane Normal.

      The only change to these I’d suggest is WAIT. Mentioned upstream, but there are times I wait a couple months before doing a “security only” patch if its been problematic. MS has become a [edited] with bad releases so I allow time for corrections to arrive (maybe). I’m a regular user and I went YEARS without updates to XP. I got infected a few times and cleaned it. Infections seem to be more potent now so I won’t do that with Win7, but I’m still unwilling to let MS dictate what my system does, so I am willing to do a little work.

      I see it as a simple choice. You’re either motivated to fiddle with it, or your not. If your not, just check that automatic update and let it fly, or do it manually and load everything.

      Okay maybe that was 3 cents.

      3 users thanked author for this post.
      • #139754

        there’s no choice but to learn to fiddle.

        That’s very true. If you want more control of your tech, you have to become more educated about your tech.


        3 users thanked author for this post.
    • #139760

      As a person who adopts the Group B approach right from the beginning of the new Rollup patching scheme in October 2016, I see little or no problems with it and absolutely no reason to change at all.

      I download the Security Only Update and IE Cumulative Update for Windows 7 and 8.1 each month, together with any .Net Security Only Update (NOT the .NET Rollup) available in that month to my computers. I then wait until a time I feel is appropriate (with reference to the DEFCON setting here) before installing the updates. Absolutely no problems so far. It even seems easier than before when I had to check what each available update was up to before deciding whether to install them. Now it is only 2 (may be 3 or 4 with .Net) updates each month. For Windows 8.1 I need to check Windows Update for any Flash security update additionally, but that’s all.

      As long as I know which updates to download and install (and which to avoid if necessary), Group B is fine with me.

      Hope for the best. Prepare for the worst.

      1 user thanked author for this post.
      • #139761

        @James Bond 007

        I wish I could share your confidence that M$ will not slip in under the carpet a bit of code that when eventually invoked will put you into a corner to upgrade to Win10.

        I just do not trust M$ after the GWX “click on X” underhanded trick to believe that they (after their mea culpa) are now ethical to not try something else to try and get the Win10 numbers up.

        I believe if a push comes to a shove, they will abandon all ethics to try and survive from this mess of their own making.

        I do not think I am alone in my thinking.

        • #140350

          @James Bond 007

          I wish I could share your confidence that M$ will not slip in under the carpet a bit of code that when eventually invoked will put you into a corner to upgrade to Win10.

          I just do not trust M$ after the GWX “click on X” underhanded trick to believe that they (after their mea culpa) are now ethical to not try something else to try and get the Win10 numbers up.

          I believe if a push comes to a shove, they will abandon all ethics to try and survive from this mess of their own making.

          I do not think I am alone in my thinking.

          Oh, did my post give you the impression that I have confidence in Microsoft? If I were confident in Microsoft I would have been a good sheep and install all the updates from Microsoft without question. The main reason I use the Group B approach is that I don’t want or trust the extra components in the Security Quality Rollups, no matter what they are.

          Regarding the Windows 10 upgrade fiasco, I am just as unhappy as you, and I have stayed away from Windows 10 from my Windows computers, with NO intention of using it for the next few years at least.

          The Group B approach works for me so far, but I will not hesitate to drop any of the Security-Only updates if they are found to cause problems on my systems.

          Hope for the best. Prepare for the worst.

          2 users thanked author for this post.
    • #139780

      My unofficial modifications for Group A and Group B in this post have been changed. Feedback appreciated.

      2 users thanked author for this post.
    • #139798

      Note for advanced users: In the Windows 7 test I just did, Windows 7 showed an Important exclusive update (KB3177467) when there were no unticked-by-default Important updates listed. Previously, I had assumed that even unticked-by-default Important updates had to be hidden to see an Important exclusive update.

      2 users thanked author for this post.
    • #139813

      If you did not address IE11, then you didn’t answer the question I asked. I specifically asked if I need to install IE11. You guys go on about IE11 patches, but I don’t even get offered them because I don’t have IE11. Is that okay or not?

      I was all ready to go install IE11, since that’s the only way I can receive any more IE patches. But now I am just as unclear as before. Do I need IE11 or not?

      Until I’m told otherwise, I’ll assume Microsoft is telling the truth when it has IE11 listed as an “optional update” and treat it as such. In other words, it will stay in the Optional updates. I would assume they’d change its status if it was required for Windows security.

      • #139818

        There have been several discussions on IE11 in recent months. Windows uses IE11 as part of its structure, so keeping it up to date is essential as it represents a security risk.
        If you have removed IE11, you will be harboring an older version; depending on your operating system that could be IE7 (Win7, from memory, if IE8 is unselected).

        PS Check out this discussion, for further information – per @CH100

        @ch100 recently confirmed that where IE11 has been uninstalled AND where IE8 has been deselected (unenabled) on a Win7 machine, the computer will be hiding IE7 as the “working version” (he also mentions other WinOS, for those interested).

        3 users thanked author for this post.
      • #139827

        The only version of IE that Microsoft supports (provides security patches and fixes) is IE11. So if you have not upgraded to IE11, whatever older version is currently on your machine is vulnerable to hacks, viruses, and malware.

        The answer is YES, you should install IE11.

        2 users thanked author for this post.
      • #139973

        For the anonymous comment #139813, I am sorry to read you feel your question has not been directly addressed.

        There is a persistent misunderstanding here. You believe in some way that you have removed, uninstalled, deleted, or turned off the Windows feature called Internet Explorer (version number not important in this sentence). This is not a separate application so easily removed from Windows7.

        If you have done any of those things, then the operating system itself is using a Very Old And Flawed version of the engine that IE(all numbers) uses. This is the problem that must be fixed. What follows in in support of everything written above, it does not contradict advice already given.

        The LAST AND ONLY CURRENT version of Internet Explorer is IE11. If this is not listed on your current page titled ‘Programs and Features’, then you have a decision to make from three choices.

        1\ Make arrangements to bring your operating system to current standards of protection. Overview, not detailed description, below ¬
        2\ Stop using Win7 in favor of a system that does not use IE at all, i.e. Mac/iOS, ChromeOS, or the wide world of other Unix-like options.
        3\ Continue to use Win7 the same way you have for years, and be exactly as well protected as you have been this entire time. That is to say, vulnerable to IE exploits that apparently have not affected you, yet.

        Options 2 and 3 are for other discussions. Option 1 is best answered by recognizing you may need to set aside some time, close all active tasks, have backups to date, all the usual precautions for an update process cycle.

        Then navigate by your preferred method to the page ‘Turn Windows features on or off’. This will require administrator privilege, either already in place or in response to a pop up window. Give a moments thought to what internal system process was triggered to reveal that page or series of pages you clicked through to get there. Hint, you are browsing and exploring through the system pages. Find the box next to Internet Explorer (mine reads Internet Explorer 11 and is checked, I do not know what your empty box may say) and fill it with a checked box. Hit the [OK] button. If you are returned to your familiar desktop, then just go on with life, you are already protected to the degree you are comfortable with, based on other decisions you have made. If Windows demands a restart to complete the changes made, then do it. There will be a delay in the restart process unusual from normal to accommodate the change.

        Now follow the update procedure of your choice all the way through to the end. Somewhere in there you will bring IE11 up to date.

        You may need to reset your preferred browser as default. When you do, understand this only affects file type associations that trigger an auto-launch for a visible browser window. It does not change how your Operating System operates as a system.

        If somehow this process has gone wrong, there were other underlying problems prior to beginning this change. This may require exhaustive repair, to the point that re-install may be preferred. This is the reason for the often stated caution to have backups current. I hope all goes well for you.

      • #140032

        Hello Anonymous,  Please see other responses to your IE11 question. Another Anonymous poster has a very good detailed response.  The point is YES you should get IE updates. As I remember MS officially dropped the lower IE’s in favor of the recommended IE11. There are still updates available, but MS wants everyone on IE11. IE11 was an optional update, but, I thought they got tougher and “demanded” it (I could be wrong). If you do not have IE11 but a lower version you should let MS update you to IE11 or better, go to the MS website and download the installer. https://www.microsoft.com/en-us/download/internet-explorer-11-for-windows-7-details.aspx

        Once installed and “turned on”, you should do as others have said and get the IE11 updates offered. Yes, IE is integrated into the OS and it needs to be updated too, even if you hate it or don’t use it or thought it was gone. Once updated use whatever browser you want, but keep updating Windows and IE.

    • #139858

      My unofficial modifications for Group A and Group B in this post have been changed again. I changed the steps for hiding and unhiding updates.

      4 users thanked author for this post.
    • #139863

      This is always a semi-divisive topic on here which is a good thing IMO. I have settled into my own strategy based on many things. It may have started with telemetry, but it is far more than that now for me. These patches create just as many problems as they appear to solve and if any program presented such potential for problems, I wouldn’t use it. I am closer to Group W than Group B. I download all the patches from this site, but whether I actually install them or not is another story. I do wish the NET patches were part of the AKB with the security only updates and stuff, though.

      Anyway, I fully employ Noel’s DNS Blacklisting layer as well as uBlock Origin and uMatrix on all browsers I use. I have automated backups run every night with full backups running once a week and incrementals for the other six with a rescue disk ready to go if needed. I have tested it and it all works great.

      Thing is, I don’t trust Microsoft with my PC anymore. I haven’t installed updates since the May ones and while I’m sure I will eventually get around to installing the others (I always download and store them), I am in no hurry. If any pressing patch is needed like the EternalBlue one, I will install it. Other than that, what’s the point? As I’ve said many times, I ran XP for almost three years past EOL and never had a single security problem and that was before I learned much of what I know now about effectively employing layers. Never had an issue, so forgive me if I don’t see the urgency of staying on the cutting edge of patching especially when they have the potential to cause so many problems.

      .. also, my computer runs beautifully. It does all I need it to do and I am protected VIA other methods I am using. Nothing is perfect, but I have more trust in those measures than I do MS. It is *my* PC after all and I’m fairly tech savvy though always learning new things. The choice is yours, not MS’s. I can’t see my views on this changing any time soon and I am comfortable with that.

      2 users thanked author for this post.
    • #139877

      Hello! A sort of newbie question – but in light of the KRACK vulnerability and the reports that the Oct 10 patches from MS would protect against this – is it “safe enough” to go ahead and apply the October patches? I generally wait till Defcon 3, but I am getting concerned about that vulnerability. I have a laptop and desktop, both running Win 7 and am in the A group as far as updating.

      Sorry if this has been addressed elsewhere – I didn’t seem to find anything directly addressing this issue.


      • #139980

        LHiggins, your nervousness stems from being unable to weigh the associated risks of two choices and you want a more experienced judgement that you have come to trust from the AskWoody crowd. Please believe that Woody Leonhard and his cadre do not declare MSDefcon2 and just ignore it for three weeks. He and they are reading, researching, and presenting details on these very same vulnerabilities.

        When the weight of evidence shifts to make that change to MSDefcon3 the right call, the ‘woody’ panel at the top of this page will show a new colored shield and at least one blog article with explicit commentary will appear. They live for this. It will be hard to miss because every decision yields more commentary.

        I am not better than they. Twice this year, I have gone off on my own and in my morning routine, based on prior reading and a good nights rest, thrown caution to the wind and updated. After cleanup, when I’ve free time to read blogs… There is AskWoody with a MSDefcon3 placard ready to confirm all was OK. I must be learning something here.

        1 user thanked author for this post.
        • #140135

          Hello 139980 and thanks for your reply! Indeed, my nervousness does stem from all of the press this issue has gotten and not knowing if I should just go ahead and apply the updates. I appreciate your insight, and after reading through many posts in various threads on this topic – I will just hang tight and wait for the go-ahead to patch!

          Thanks again!



      • #141181

        @LHiggins, not sure if you subscribed to this topic, or really even sure if email notifications are back to working now. I do think I’ve learned that anonymous posts will not trigger a notification, only signed in user postings. So I circled back to mention the bright green MSDefcon4, and the associated article https://www.computerworld.com/article/3235289/microsoft-windows/get-windows-and-office-patched-but-watch-out-for-creepy-crawlies.html

        I did not remember the 4 being such a gamma ray/nuclear sludge color green, but it has been a long time since seeing one loose in the wild.

        1 user thanked author for this post.
        • #141466

          Hi Paul,

          Thanks so much for remembering me and being sure that I saw the defcon notice! I do get the notifications, and did see your post! I did my updates and I am happy to report that all went well and they were accomplished on both of my computers in a fairly timely manner!

          Great that everyone here is willing to be sure that all are notified when that defcon changes. And I agree – very lime green and quite eye catching! I have never seen defcon 4 – only 3, so I was very confident that the updates would all be fine!

          Thanks again!


          1 user thanked author for this post.
    • #139897

      Windows 7 WU would have been less messy if they published Convenience Rollup KB3125574, even if as optional update

    • #139916

      Separate from the issues already discussed in this topic, in my opinion the instructions for Group B should be further modified to ensure that all Group B users have certain updates that may be listed in the Optional tab installed. For example, all Windows 7 Group B users should have Internet Explorer 11 installed. Another candidate for Windows 7 users: KB3172605.

      2 users thanked author for this post.
    • #139991

      I stopped installing updates when GWX came out. I haven’t had any trouble with viruses but things seem to be getting a little buggy. I’m not sure what I should do at this point.

      • #139996

        Hello anonymous.  Not updating since GWX? You need to read Canadian Techs post above. He has done very well with no updates, but he has other items he does for protection. I assume you do a “disk cleanup” (comes in windows) or use Ccleaner (I stopped at version 5.30). Another trick no one thinks about id letting the computer sit for an hour, and not go to sleep, so system “Process Idle Tasks” can run. This helps me out a lot, especially if you had installed a .NET update. Other poster ideas please chime in!


    • #139998

      I was anonymous above mainly because when I tried to click in the box that says “your information” nothing happened and I couldn’t type in it. I decided to register an account and comment here, there sure seems to be a lot of smart people and information here. I know just enough to get by on the computer, but enough to know I don’t want to be tracked and snooped on and I don’t want Windows 10. I have a lot of legacy programs that would be expensive to replace and they’ve worked fine with Windows 7. I got really fed up with the pushy GWX stuff and turned off updates. I’m pretty careful on my computer and with email and I run Norton fwiw so I haven’t seen any virus issues but like I said above, things are seeming kind of buggy. Maybe as browsers and other programs update they don’t work as well with my system? So, should I go through and install the security updates? Where do I start?

      1 user thanked author for this post.
      • #140023

        DriveBee, I apologize in turn for answering as annonymous. Confusingly, a different one from before. “Where do I start?” Big, big question complicated by not knowing your comfort level, recognizing that you are currently questioning your own comfort level, and that a standard answer is currently being rewritten and reviewed even as we post comments.

        Let’s backup. If you are new to AskWoody, let me suggest the AskWoody Knowledge Base:

        And also point you specifically to:

        But notice at the time I post this, the advice was written at the end of July and is currently changing, due to a new discovery that has been a hot topic for several days now. It would not hurt to follow those guidelines, they just might not be optimal.

        If you are currently operating OK, then I would advise you to look around in the AKB topics appropriate to your system, while also reading these current topics, until you are comfortable changing your routine.

        If you have a more specific question with a current difficulty, try to separate yourself from the crowd by finding the right category to start a question, here:

        Don’t worry if you have landed in the wrong area. As long as you made a reasonable effort then a friendly post should follow soon enough. It is the separate space with single focus that helps most.

        Otherwise, please lend your voice anywhere you feel confident. Sometimes corrections to ideas come from systems that are not working correctly. It is very difficult to fix a system with no problems at all.

        1 user thanked author for this post.
      • #140037

        Hello DriveBee, and welcome. I’m a non-techy, but been learning. I’m managing my Win 7 Home laptop. Anonymous Post# #140023 mentions some good starting points for you.

        Before you decide to do any updating on your system, decide if you want to be Group A or Group B. Group A takes monthly rollups, which are cumulative, and relatively easy to update with. Group B tries to avoid telemetry and non-security updates, but takes a little more effort to update with. You need to evaluate your values, time, and energy before committing to a group. You can switch to Group A fairly easily, but once you are Group A, it would be difficult to switch back to Group B.

        Both groups are being discussed and tested, because it has been found that there are updates that will only show up when all Windows Updates have been installed or hidden. I’ve followed Group B since the monthly rollups started (avoiding them, doing manual security updates). When I tested, I only found one update I had missed, but other people have found more.

        You will find MVPs who are advocating taking everything that Microsoft throws at you. Others have uniquely tweaked set-ups, and reasons for everything they do. The discussions here can be very educational. But when someone throws out “do this” or “do that” understand where they are coming from, and what your own values are, and then decide which advice to follow. Sometimes many non-techie people are encouraged to be Group A, and accept or block telemetry other ways, just because it is easier. However, I’ve been following Group B updating, and find it works smoothly and with no drama, since there will be links to the security only downloads posted for each month.

        Whatever you decide your approach to be (you have been following Group W, with no updates)… back up before you do anything!


        Non-techy Win 10 Pro and Linux Mint experimenter

        2 users thanked author for this post.
    • #140058

      On shut down, My Win 7 system  began a Windows update and completed (after 1 hard reset) on reboot. But I had two Windows services disabled: “Background Intelligent Transfer” & “Windows Update”. I don’t know how the update could have occurred.

      After the update, I had Build # 7601. When I checked Update History, there was no history at all. Was this some kind of bogus malware update and should I try to restore to the last good Windows update?

      • #140062

        After the update, I had Build # 7601

        I think it’s quite likely you were on build 7601 before the update – that appears to relate to Service Pack 1, which according to Wikipedia, was released 8 years ago. (Has it really been that long?!)

      • #140074

        A couple details that seem to be in conflict, or I am not reading you correctly.

        There is a difference between ‘disabled’ and ‘stopped’. On my machine it is normal for the Windows Update service to be stopped. When I navigate through Control Panel and select Windows Update, a window frame appears and stalls while the service is started. Then I am able to select ‘view update history’. I am presented with a reverse chronological list, per information saved in a system file. I can do any needed update functions, or none if I wish. But when I close that window, I must remember to ‘stop’ the windows service by command or the settings window. I am not sure any of that is possible when the service is fully ‘disabled’.

        Also, if you have located that system file through questionable practice, then deleted, moved, renamed, or viewed and erased its contents; then that would result in an empty ‘update history’. But again, the service must first start before being able to display the empty box.

        Finally if you navigate to ‘Installed Updates’ instead, you will find a list that is scanned and populated fresh each time, instead of relying on saved information. That is why this list is considered authoritative. However, it will not show every new MSE definition.

        Comments assume the stated Win7sp1, and presume Microsoft Security Essentials. Sorry if I am not understanding your intention.

        Otherwise, the activity you describe sounds like you have read recent comments and run Disk Cleanup with the box for Windows Cleanup checked, possibly for the first time ever. That function will create that activity on the NEXT shutdown/start cycle while it cleans out what can become a very large amount of unneeded data. This does not explain the disabled services or empty history.

        If this brief analysis satisfies, great. A more detailed analysis might be possible if you start a question topic, where an MVP might go over logs with you.

    • #140152

      “you have read recent comments and run Disk Cleanup with the box for Windows Cleanup checked, possibly for the first time ever. That function will create that activity on the NEXT shutdown/start cycle while it cleans out what can become a very large amount of unneeded data. This does not explain the disabled services or empty history.”

      Thanks for the detailed analysis. I believe that your correct guess hits the nail on the head. I was not aware that a Windows Cleanup can instigate what appears to be a normal Windows update cycle. That would also explain how that happened with the “Windows Update” service disabled and shut down.

      Edit to remove HTML

      • #140333

        I’m glad that part of the mystery is solved. And that you read right through my typo error of ‘Windows [Update] Cleanup’; oops. If that was the first time you’ve added that step to your routine, it was likely a very large chunk of accumulated junk cleared out. Also, if you use a spinning hard drive, now running Disk Defragmenter could result in larger blocks of freespace and faster disk access. It does not need to be done every month, maybe just a couple times a year. But will probably give a noticeable boost this time.

        This did not cause the empty update history. But that list is only for convenience and will now begin to rebuild with new entries going forward. Unless that function is still being blocked by a setting, or repeatedly dumped by a process put in place, either automated or manual.

        Hope you are enjoying faster response from your system now.

    • #140248

      Win 7: I have NOT PATCHED SINCE JUNE 2017 because there hasn’t been a “hair on fire” risk that was greater than the risk of patching…especially since I was traveling part of that time with no back up PC. I will next patch when we hit Defcon 3 using a modified Group A strategy – selective roll-ups. I will 1st update 2 win 7 PC’s that I don’t use. I will update all non-WU aspects: AVs, browser, etc. and make multiple restore points. Then I will do the main roll-up on one, test it. If ok, Create another restore pt then I will do the .net and office roll-ups. If ok I will create 2 more restore pts and repeat the same process with the next non-used box. If nothing blows up I will repeat the process on each of the 6 win 7 PC’s I do regularly use until all are patched. After the updates I will run spybot anti-beacon to turn off the most important windows spyware.

      Microsoft truly sucks for making such a cautious process necessary.

      To keep safe between Win updates, I have Avast, Malwarebytes AM, Malwarebytes anti-exploit, Mcafee WebAdvisor, 3 anti-ransomware, super-antispyware and various browser protecting add-ons. I never use IE and don’t go places where demons lurk or click links without checking them.

      Microsoft truly sucks for making it necessary to employ multiple levels of protection as described above…but that’s the way it is.

    • #140373

      Regarding my unofficial update algorithms in post #138998, for those who don’t want to hide all updates that you don’t plan to install during the current update session (at least temporarily), here are the minimums for hiding:

      Rule #1: Everybody should hide (at least temporarily) all ticked-by-default updates in the Important tab of Windows Update that you don’t plan to install during the current update session. Reason: issue #2.

      Rule #2: For those who use Windows security-only updates, hide (at least temporarily) all Windows monthly rollups on the Important tab that you don’t plan to install during the current update session. Reason: issue #1.

      Rule #3: For those who use .NET Framework security-only updates, hide (at least temporarily) all .NET Framework monthly rollups on the Important tab that you don’t plan to install during the current update session. Reason: issue #1.

      For those who don’t hide all updates that you don’t plan to install during the current update session (at least temporarily), I cannot guarantee that there are no other scenarios – other than those mentioned in Rule #2 and Rule #3 – in which issue #1 causes you to miss wanted updates.

      2 users thanked author for this post.
    • #140448

      Hello everyone,

      Wow. This thread had become really long since this topic is extremely interesting for all who want to stay on Group B. This last weekend, I decided to document exactly what previous update KB numbers actually get updated by each month’s Security Only rollups, and which get re-updated (or pushed out again in order to ensure that everyone gets the specific KB update) by subsequently released Security Only rollups. It was no small task to compile the list and then to put it into spreadsheet form.

      The following Dropbox link


      is for a ZIP file which is guaranteed to be clean and safe since I regularly scan my computers using three other AV/AM/AR utilities (including GMER) in addition to my primary AV program. The ZIP file contains the following four documents:

      Security Only Rollups rev11.xls — an Excel spreadsheet (contains no macros) which lists every Win7 2011 through May 2016 KB which is updated by the various Security Only rollups. Note that you can NOT download the latest versions of all listed individual updates from the Microsoft Update Catalog. Instead, you can only download whatever KB version (dated between 2011 and May 2016) which was available BEFORE Microsoft implemented its update rollup system back in June 2016. Thanks Microsoft for forcing us, since June 2016, to either accept all or nothing!

      Security Only Rollups rev11.pdf — a printable PDF version of the above Excel spreadsheet.

      Update Notes rev2.txt — a text file which simply documents the KBs which are updated by each consecutive Security Only rollup. Note that there were no “security only” versions for the July, August and September 2016 update rollups, and that I have not included these in either the spreadsheet or PDF of the spreadsheet.

      KB3175024 Notes.txt — worth reading, in conjunction with my notes in the Update Notes rev2.txt file about the somewhat mysterious September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. I like canaries.

      I color coded the spreadsheet and the equivalent PDF to help you to readily see what KB each rollup updates, and to readily see what KB each subsequent rollup once again updates. I am not sure if those individual KBs were further updated by  each subsequent rollup in order to fix reported issues, or whether the update for the KB was simply pushed out again via the subsequent rollup. Your guess is as good as mine.

      A Few Notes…

      The spreadsheet and equivalent PDF indicate the approximate dates when the original Microsoft Security Bulletins  were published, and which resulted in the specific 2011 though June 2016 KB updates being released in order to address the mentioned security issues. Each Microsoft Security Bulletin number indicates the year, followed by a bulletin number.

      The January 2017 Security Only rollup included only one KB update, which was superseded by all subsequent updates, yet Microsoft does not list the January 2017 update as being superseded when in fact it was, starting with the March rollup. If you try to reinstall the January 2017 Security Only rollup, and you have any subsequent rollups installed, then you will correctly get a popup message which states that “This update is not applicable to your computer.” I mention this so that users will not think that, somehow, their computer’s update installations are messed up.

      The March 2017 Security Only rollup contained the fix for the SMB1 vulnerability which was used by the WannaCry malware.

      The April 2017 Security Only rollup contains a ton of additional security fixes (81 in total), yet after I installed and tested this update, I discovered that while I could check for new updates using Windows Update, the ability to download new Windows Updates was broken! Presently I do not have the April 2017 Security Only rollup installed, and this represents a major security hole on my Win7 computers. Yet that may quickly change (see further below).

      My Next Steps In Order To Move Forward With Group B…

      I have all of the Security Only rollups, from September 2016 through October 2017, downloaded on all of my Win7 computers. My next step (assuming that subsequent Security Only updates also fix issues with previously released Security Only updates, is to sequentially install all of them on one of my Win7 Test Computers — well at least up through the  September Security Only rollups. My idea is to see if performing a sequential installation of all of the Security Only updates through September 2017 will fix the issues which were reported and which are associated with any given prior update. I will report on this.

      I might then get brave and then try installing the October 2017 Security Only update in order to see if any September bugs have been resolved, and report on this also. Yet from what I have read, the October 2017 Security Only rollup is introducing new issues?

      Best regards to all,




      4 users thanked author for this post.
      • #140454

        @GoneToPlaid has been helping me a lot with looking through this and providing advice, which is very relevant for me right now as I was imminently about to start a Clean Install of Win 7 (now postponed while we sort the update uncertainty), following more closely to Group B this time. Then GTP notified me of this:

        Note that you can NOT download the latest versions of all listed individual updates from the Microsoft Update Catalog. Instead, you can only download whatever KB version (dated between 2011 and May 2016) which was available BEFORE Microsoft implemented its update rollup system back in June 2016. Thanks Microsoft for forcing us, since June 2016, to either accept all or nothing!

        I can confirm that this is the case, as mentioned here: #140343
        This shows a file (picked at random) being updated twice in 2016 in two of the involved KB patches, but then having a newer, 2017 version available ONLY in the Rollup, and not being available anywhere else.

        As mentioned, even after reading Woody’s Patchocalypse article, I always assumed we’d be able to download the updated versions of the individual patches from the Rollups, at our own Risk / forfeit of time / effort to work out how to install them all manually, (rather than letting the WU Client handle it for us with the rollup). It seems that’s not the case and as GTP said, it’s either all or nothing if you want the most up to date (secure) versions of files.

        As to the rest, what a b***** mess. Shame this is all deliberate on the part of MS. We really didn’t need all this extra confusion. I can see why Group A will be the default for most, but there’s so many bugs and SO much telemetry (way more than I thought) in these patches, especially since 2016.

      • #140463

        I am confused by your terminology. There is not such thing as a “Security Only Rollup.” There is a “Security Only Quality UPDATE” which contains security-only patches, and a “Security Monthly Quality ROLLUP” which contains non-security, security, and IE11 patches.

        All that aside, that would explain the “missing” updates. They are superseded by the contents of the later patches we can’t dissect. So if you hide the later patches, the superseded single patches show up, but they are not really “missing,” just superseded and you can’t get to them individually to show you have them. Is that the correct interpretation?

        What I’m saying is, why hide a Rollup/Update, so that you install a superseded individual “missing” patch, when the “missing” patch is just going to be superseded again when you install the Rollup/Update?

        Edit to ask last question.

        3 users thanked author for this post.
        • #140469

          There are Windows 7 security updates not in GoneToPlaid’s list that do not have replacements in any of the Windows 7 security-only updates, nor any other security-related non-Windows monthly rollup update thus far. Example: KB3138962 (knowledge base article).

        • #140470

          Also, it’s not appropriate to use metadata-supersedence data to make conclusions about component-supersedence. They are different.

          4 users thanked author for this post.
        • #140472
        • #140473

          Sorry about the terminology mix-up, and it may be my misunderstanding, but it isn’t clear from Microsoft’s end either.

          The example I picked (at random) was KB4041678:
          Listed on MS Support page as “October 10, 2017—KB4041678 (Security-only update)”

          However in the Catalogue it’s listed as: “2017-10 Security Only Quality Update for Windows 7 for x64-based Systems (KB4041678)”

          Now this seems separate to the “OCT 10 2017 Monthly Rollup” (KB4041681) in that Support list (probably where I was going wrong), however apparently this Security patch “Replaces” the following 17 Updates:

          1. http://support.microsoft.com/kb/2840149
          2. http://support.microsoft.com/kb/2993651
          3. http://support.microsoft.com/kb/3033889
          4. http://support.microsoft.com/kb/3153199
          5. http://support.microsoft.com/kb/3156013
          6. http://support.microsoft.com/kb/3161561
          7. http://support.microsoft.com/kb/3161664
          8. http://support.microsoft.com/kb/3164035
          9. http://support.microsoft.com/kb/3167679
          10. http://support.microsoft.com/kb/3175024
          11. http://support.microsoft.com/kb/3177186
          12. http://support.microsoft.com/kb/3177725
          13. http://support.microsoft.com/kb/3121255
          14. http://support.microsoft.com/kb/3138901
          15. http://support.microsoft.com/kb/3156417
          16. http://support.microsoft.com/kb/2676562
          17. http://support.microsoft.com/kb/3153171

          Presumably because the contents of those have been all been updated, and included in this one patch, rather than providing updates to the individual ones. Seems I was getting mixed up with the terminology here.


          Microsoft’s terminology is listed here: https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro

          It seems the Monthly Rollups are classed as “Cumulative Packages” of fixes over time. (Though it does say this “This Monthly Rollup would be displayed under the title Security Monthly Quality Rollup when you download or install.”, which is probably what was tripping me up, with all the “Security, Monthly, Quality, Feature, whatever” terminology).

          I presume what I was looking at above was a “Security-Only Update“, which they define as a “collection of all the new security updates for a given month and for a given product”.

          The Issue:

          Now this might just be me being naïve, but I’d still presumed that if I hid the “mega-patch” (let’s not call it a rollup if it isn’t one then), that I would still be able to download & install all the individual updates in the collection, from the Windows Catalogue.

          However as @GonetoPlaid mentioned, this isn’t possible. It simply lists the Security patch as REPLACING all the individual previous updates in the “collection”, and updated versions of those individual ones are not offered. So you have to accept all or nothing in one big mega-patch.

          This has likely been known for a while, I just didn’t understand back then and thought the whole “Patchocalpse” issue apply only to Windows Update client, where only Rollups & mega-patches were offered, and that the catalogue would still show all the minor, individual updates that make up all these collections. Seems this is not the case. This leaves me flabbergasted as I’d always presumed the fixes would always be offered individually for I.T Admins to update their servers & machines with only desired changes (especially if there’s a problem with just one minor part!).

          • #140476
            1 user thanked author for this post.
            • #140501

              Thanks for that. I hate their terminology now. Especially with just whacking “Quality” everywhere. That could be improving quality of security, or quality of life (feature improvements) or [] what depending on the interpretation.

              Picked out these relevant bits from the first link, this is exactly what I’d missed and wasn’t understanding I think:

              This update collects all of the security patches for that month into a single update.

              (Ok, a mega-patch. So I can still download those individual ones from the collection manually of course….right?)

              Individual patches will no longer be available.


              [Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update.

              A-ha, this is where I was probably getting mixed up with Rollups, and why I expected the “Security Only” individual updates to be available in the catalogue.

              Instead I see it’s just the Monthly Rollups you can reject, and only the “Security Only” mega-patch that’s available in the catalogue, so you still have to take all or nothing (security-wise) with that, however it gives a slightly better degree of control than the Monthly Rollup at least I guess.

              Very disappointed control is COMPLETELY out of our hands now. This is really insane, especially regarding Microsoft’s track record of problems as of late. “Simplified” apparently. Sure..

              1 user thanked author for this post.
        • #140474

          ‘What I’m saying is, why hide a Rollup/Update, so that you install a superseded individual “missing” patch, when the “missing” patch is just going to be superseded again when you install the Rollup/Update?’

          Because some users don’t install the rollups :).

          3 users thanked author for this post.
          • #140507

            Indeed, and I see the practice of hiding unwanted Rollups will become even more necessary as more and more previous patches are included in the Rollups, where I presume the previous, single patches would then not be shown, (unless the rollup is hidden).

            I wonder how long it will be till they stop offering all the old patches altogether and ONLY give you the Rollup?

            I really disagree with their reasoning that:

            “Historically, we have released individual patches for these platforms, which allowed you to be selective with the updates you deployed.

            Yes, that’s exactly what I want.

            This resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems

            Or the specific updates applicable / wanted for MY machine actually prevents problems by allowing my software and tools to actually WORK the way I want it to, and also avoids Microsoft bugs..

            So it seems the choices available now are “Accept EVERYTHING” or “Accept everything Security-wise”, or “Accept NOTHING”. I always thought the point of the catalogue was that I.T admins & interested parties who don’t mind doing things manually would choose what was applicable to them, rather than being force-fed the whole lot. My mistake.

            Going to have to have a BIG rethink about what I apply. MS says this method will “minimize administrative overhead to install a large number of updates.”, yet it will cause me MORE administrative effort to consider the GARGANTUAN NUMBER OF CHANGES that throwing at me, rather than breaking them down into smaller, manageable batches.

            3 users thanked author for this post.
    • #140489

      It seems that for some people there is still doubt about the validity of issue #1. If you’re a doubter or are just curious, are a Windows 7 Group B user, and haven’t installed any of the Windows monthly rollups (including the Optional September 2016 Windows monthly rollup), I suggest you try the following experiment to convince yourself:

      1. Uninstall Windows Media Player security update KB3138962 (from March 2016) if it’s installed. Reboot if requested.

      2. Note your system’s version of Windows Media Player. 12.0.7601.19148 is the version installed by KB3138962. If your system has a version prior to this, your system is not protected from exploits of the vulnerability fixed by KB3138962.

      3. Run Windows Update. You should not see KB3138962 listed unless you’ve hidden all of the Windows monthly rollups.

      4. Install KB3138962 either manually, or with Windows Update after hiding all of the Windows monthly rollups. Reboot if requested.

      5. Note your system’s version of Windows Media Player. It should now be version 12.0.7601.19148.

      1 user thanked author for this post.
      • #142355

        Group B since day 1. Never had a problem on multiple machines.

        I’m not sure I understand the point here. I never hide updates (except drivers) – the rollup simply changes monthly and I just ignore and NEVER install them (previews or otherwise).

        I just checked my version of media player and it’s at 12.0.7601.23517. So, I assume its’ security is current. Anyhow, this is an application and not part of the OS. What’s the relevance?

        • #142374
        • #143065

          “I just checked my version of media player and it’s at 12.0.7601.23517. So, I assume its’ security is current. Anyhow, this is an application and not part of the OS. What’s the relevance?”

          I used Windows Media Player as a demonstration because Windows Media Player security update KB3138962 is missing in some circumstances for Group B users that don’t hide the Windows monthly rollups. You have a newer version of Windows Media Player than KB3138962 installs, perhaps because you installed the Optional September 2016 Windows monthly rollup.

          1 user thanked author for this post.
      • #142381

        Had a mission discovering what version of Windows Media Player I am running but when I did, lo! it was 12.0.7601.19148. Must’ve done something right.

    • #140571

      When I see the word “quality” I think of every EULA that says they are going to gather information about me in order to ‘improve the quality of my experience,’ which is just a euphemism for better targeting ads to me.

      1 user thanked author for this post.
    • #140577

      …What I’m saying is, why hide a Rollup/Update, so that you install a superseded individual “missing” patch, when the “missing” patch is just going to be superseded again when you install the Rollup/Update? Edit to ask last question.

      I apologize for my somewhat confusing terminology. BobT picked it up from me, since our focus is how to stay on Group B, and to figure out what Security Only Quality Updates can be installed without causing major issues, or if those issues get fixed by installing a subsequent Security Only Quality Update. In other words, this is the “Defcon waiting game” which everyone now should be familiar with.

      To answer your question, just look at my spreadsheet. You will see that there are many patches in each Security Only Quality Update which are NOT superseded by the installation of subsequent Security Only Quality Updates. In other words, each monthly Security Only Quality Update is NOT a cumulative update which also includes the updates from the previous months.

      Another thing which my spreadsheet also shows is how many security issues were fixed in each month’s Security Only Quality Update. For example, the April 2017 update was a big one, yet it caused issues for me. I want to get it installed on all of my Win7 computers, yet first I need to test if installing it, and then installing a subsequent update or updates, will fix the inherent issues of the April 2017 update which I encountered when it was released last April. Using the April 2017 update again as an example, it broke Windows Update for me. While I could check for new updates which did show up, I couldn’t download a single new update. Thus I had to uninstall the April 2017 update. The uninstall hosed up (locked up my computer). I had to perform a hard reboot, then Windows finished the uninstall and then had to reinstall several core updates, and then I finally got to my login screen. Microsoft repeatedly has had issues with installing updates one after the other. The new issue with the rollups is that uninstallation of all of the updates which were bundled in the rollup can cause issues as well.

      The upshot is that the entire rollup thing is a load of c*** which inherently creates many more degrees of freedom for flaws to crop up. What looks good, individually, doesn’t necessarily work as a whole. This is a good case of the sum of the parts actually adding up to less than the individual parts. Yet this is where Microsoft has chosen to go.

      1 user thanked author for this post.
      • #140686

        So what’s the plan now. Install up to March 2017 (following those notes you gave) of the Security Only Quality Updates (Security MegaPatch), and slowly test April + Onwards? Ignoring any specific months that have major issues.

        I presume at the same time hoping they don’t slip any telemetry or whatever into these, since you’ll haveto ignore the WHOLE month’s worth of security fixes. (Microsoft seems to think this is fine, as W10’s servicing model is superior. “Open a support case with them right away if you have any issues!”).

        Irritating also that if there’s a feature or two that I WANT in the standard Monthly Rollups, I have to not only accept the ENTIRE b***** rollup, but also the ENTIRE batch of security fixes as well.

        Therefore if I want 1/6 features in a Monthly Rollup, and 7/8 Security Fixes from the Security Only Patch, accepting the Rollup for that 1 Feature will give me 6/6 “Features” and 8/8 Security Patches, with literally NO CHOICE of exactly what we want from each, even from the MS Catalogue.

        So seems with patching now our only options for a given month are:

        1. 6/6 Features, 8/8 Security Fixes. – (Monthly Rollup. CUMULATIVE)
        2. 0/6 Features, 8/8 Security Fixes – (Security Only Patch. No Monthly Rollup)
        3. 0/6 Features, 0/0 Security Fixes – (No Rollup, No Security Patch).

        (Numbers are examples only.) Also bearing in mind that with:

        Option 1. You’re not only getting that month’s security fixes & features, but ALL of the previous month’s security fixes and features leading up to that date, since Monthly Rollups are cumulative. Can be downloaded from the WU Client.

        Option 2. You miss out on ALL features, but still have to take ALL security fixes for that month, even if one or two of them has a problem, or they include telemetry  or whatever. You can however pick and choose WHICH months to install, as these aren’t cumulative. These have to be downloaded from the MS Catalogue. Not available in WU Client.

        Option 3. You stay dry and take NOTHING for that month, leaving yourself vulnerable. However, (as with Option 2), if you decide to install a future Monthly Rollup to get some desired features, you’ll be forced to also take the changes for this month that you wanted to miss out on (inc features).

        I presume Group B HAS to go Option 2 now? (Unless you’re ok with getting EVERYTHING up to a certain point, where you’ll then start doing the Security Only Patches). As otherwise you have little control over what you’re getting.

        Absolutely mind-boggling. MS literally has NO focus on what the user wants anymore. Only what’s best for themselves. This shows they’re essentially treating versions of Windows prior to 10 as a “service” too, where you take everything or nothing.

        Apologies for my massive misunderstanding and naivety about this, even after reading about the Patchocalpyse, I never thought it would be this bad. (I’ve previously been going a delayed Group A with no telemetry, since was planning on doing a full reinstall anyway and been too busy to scrutinize further).

        This is also particularly noteworthy from the article MrBrian linked:

        Over time, Windows will also proactively add patches to the Monthly Rollup that have been released in the past. Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.

        Does this mean that once ALL those “older” individual patches are added to the Rollup, NONE will be shown until you hide each and every rollup? I presume so. However what happens when they straight up remove the older patches altogether (as they apparently have before). I can see it coming to the point where your ONLY update option is to take a single, mega “Convenience” rollup, telemetry and all. I wonder if it’s a good time to start manually downloading EVERY previous update .msu file, as laborious as that would be..

        • #140987

          ‘Does this mean that once ALL those “older” individual patches are added to the Rollup, NONE will be shown until you hide each and every rollup? I presume so.’

          I’ll guess Microsoft will consider those Windows monthly rollups to metadata-supersede those older updates, so indeed one will have to hide those Windows monthly rollups to see those older updates listed in Windows Update if they aren’t already installed.

          1 user thanked author for this post.
          • #141119

            @Mr.Brian:   Excellent advice, and logic.  Thank you for the excellent perspective.  🙂

    • #140579

      Also, it’s not appropriate to use metadata-supersedence data to make conclusions about component-supersedence. They are different.

      Very true! Thanks for mentioning that so that others hopefully will not make this false assumption.

      1 user thanked author for this post.
    • #140791

      Do you really want to spend all this time tinkering each month? Group B is viable, I would suggest copying every resource here in case assistance each month with Group B stops, not meant in a nasty way…

      Group W also works with good security practice, and I hate to put this in a Windows thread, but homeusers should seriously consider one of the more popular Linuxes…Ubuntu or Linux Mint.

      Install in 45 minutes? (If you check for updates each day, they only take a few seconds). Or, find a tech who can do install and set it up for you.

      This is starting to sound insane. Computers are for use….Why spend your life worrying about what MS may or may not be doing each month?

      TBH I am finding some sense also in ch100’s aversion to tweaking Windows too much. What security holes are opening up? Would MS even know? Ditto with missed updates…

      It all seems too much bother..Some here who call themselves non-techies have low self-esteem! You know a lot. To answer question, yes, Group B is viable, if you want to do it each month.

    • #140893

      Option 2. You miss out on ALL features, but still have to take ALL security fixes for that month, even if one or two of them has a problem, or they include telemetry or whatever. You can however pick and choose WHICH months to install, as these aren’t cumulative. These have to be downloaded from the MS Catalogue. Not available in WU Client.


      I presume Group B HAS to go Option 2 now? (Unless you’re ok with getting EVERYTHING up to a certain point, where you’ll then start doing the Security Only Patches). As otherwise you have little control over what you’re getting.

      Speaking as a Windows 7 SP1 Home Premium Group B-er from the start: remember that Windows 7 has not had any features for quite a while, so we won’t be missing out on any new features.  I am referencing a thread from September 4, 2016, when Woody first detailed the Group A ad Group B strategies [https://askwoody.com/2016/ms-defcon-3-get-windows-patched-gingerly/]: “… For those of you who want all the new features in Win7 and 8.1, but don’t want the snooping… I hate to break it to you, kid, but Microsoft hasn’t given us any new features in years. As best I can tell, all of the patches these days are either security fixes, advertisements for Windows 10 (which should be going away), snoop enablers, or fixes for problems created by one of those. …”

      Group B has always been about your Option 2: taking all security fixes (aka “Security Updates”) for that month.  By the time Woody gives the go-ahead (DEFCON 3 or higher), the updates (security and otherwise) have been vetted.  In the unlikely chance that there is an issue with any, we’re warned in advance and can elect to not install it at that time.  And then we continue to follow Group B’s instructions . . . that is, Group B’s new instructions 🙂

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
      4 users thanked author for this post.
      • #141105

        Yup, I just thought the whole reason why Group B was harder was that you had to mess around downloading all the “Security Patches” manually, as in each separate one, and figure out which you wanted, what order to install them etc. I never dreamed Microsoft would stop offering the separate patches ALTOGETHER.

        As to features, I meant “non-security fixes” really. I presume there’s been some of those? Otherwise what’s the point of the Monthly rollups (besides being cumulative).

        Or is all the non-security stuff really just GWX and telemetry c*** besides you mentioned heh. Haven’t had the chance to look through all the contents yet, (and they’re not always clear either).

        Still annoyed that you have to take the whole pack and have no choice WHICH security fixes you apply (despite the fact that just ONE of them could be a bad one or prevent installation altogether), and that Microsoft thinks this is GREAT..

        So I presume Group B is now basically, Hide all the monthly rollups, install the older, individual patches (besides telemetry), keep checking / rebooting where needed, and then install the Monthly Security Only Patches (from the catalogue), when it’s safe to do so.

        I presume / hope none of the monthly security patches have telemetry or anything dodgy? Since you have to accept the whole pack of fixes now.

        • #141109

          I recommend installing the Windows security-only updates first so that fewer older updates need to be installed.

          3 users thanked author for this post.
          • #141115

            Alrighty, as long as they’ve made no mistakes in which supersede others heh. (I know you’ve been looking into that one a lot).

    • #141336

      I’m surprised by this, I don’t really see the problem with group B (except that you need a lot of updates if you were to start from scratch). You also don’t list these ‘problems’, so it’s hard to react to them.

      So far, my (good) experience has been: read through your issue reports, and at some point where I feel safe enough, go to the group B article and download the win7 and ie update. After that look at what’s left on windows update (usually office updates) and go through those with your problem reports as a reference again. I leave them in the list until next month if I don’t feel good about them. I also go through the ‘recommended’ updates and ready what they are about. I usually end up not installing them (28 of them still in the list currently).

      That’s it. Not complicated, not technical (except maybe evaluating the recommended ones, but that’s pretty dead now I think, at least I don’t remember new ones except drivers), so not a problem?

      I’ve read the reports about how hiding updates will show superseded updates, I haven’t done anything with that yet. But the updates I don’t install are usually features (rdp8 for example) so I doubt I’m missing out on much.

      1 user thanked author for this post.
    • #141456

      So, we have gone from “Group B doesn’t work either” to “Group B isn’t dead”. Delighted to hear it! Was this just a scare tactic to assess community sentiment, between a shrug and yawn at one end, howls of protest and defiant refusal to capitulate to Group A at the other? If so, I thank my fellow Group B’s who joined me at the passionate end, and I thank Woody and his key compadres (@PKCano and others) for gracefully choosing to continue offering us refuseniks the only choice we are willing to accept. Woody, this is especially impressive and appreciated because, by your own declaration, you have been assimilated by the Borg, so no longer have a personal stake in the refusenik cause.

      When I first saw you declare “If you’re willing to bite the hand that feeds you…” in the introduction to customized Group B instructions, I recognized myself as the butt of the joke, and I responded the way a person with a healthy sense of humor (which includes the ability to laugh at oneself) would: I chuckled. But any joke loses its impact on repetition, and having now seen that jab repeated, I am beginning to wonder if perhaps it is being delivered with a hidden message, with intentional top spin on the ball, a friendly elbow in the side: “C’mon, mate, get with the program… assimilate!”

      Beggars can’t be choosy, so I am hardly in a position to push back. I consider myself lucky to have stumbled onto this vital and invaluable service you provide to the community of PC users through your IW/CW articles and numerous discussion threads on askwoody.com. So allow me to explain why such an effort, if one is underway, will not succeed with me.

      First a little about myself: I am a retired licensed professional engineer who considers the PC as just one among many tools that allow me to accomplish tasks I choose to tackle. Rephrasing that familiar formulation about eating, I am a”compute to live” kind of guy, not a “live to compute” one. With my background, I have a facility with cash flow and cost/benefit analyses through custom spreadsheets I write, now for personal rather than occupational use.

      For example, I have written one that helps me navigate the maze of baffling Medicare delivery options in an instant. While other seniors are scratching their heads, listening to self-serving advertising from insurance companies which obfuscates rather than clarifies, or consulting with advisers who themselves are out to cash in, I simply plug into my custom spreadsheet the following year’s pricing for everything including premiums, deductibles, and coinsurance rates, and everything in between, for both medical services and prescription medications. Then I run various scenarios for expected utilization, and – BOOM! – I see in an instant how the various plans stack up. Every time – without fail – one plan stands out, with annual savings of between $600 and $1,200 over the others. While my peers are scrambling to make a decision before open enrollment (Oct 15 to Dec 7) ends, I know on Oct 15 which plan I will use the following year, and I move on to other more enjoyable things.

      Those may seem like a modest saving to some, but I use the same approach in other areas of financial management, from administering retirement investments (mine and my son’s) to efficient travel planning to global destinations. The money I save is then available for any number of worthy causes, from charitable contributions to – yes! – supporting AskWoody.

      The only thing I expect from any tool I use, whether a torque wrench in the garage or a PC on my desk, is to do the job without breaking, and not transmit data about my personal habits, consumer preferences, spending patterns or political inclinations back to the home office, where they are packaged and monetized, then sold to others for profit – at my expense! I also choose my tools carefully, and I am willing to spend a little extra to buy quality and durability. Most importantly, I expect my tools to come without an expiration date, or a lifetime limited by design or intention. I expect not to have to keep paying for them just so they will keep functioning. That brings us back to Group B.

      Let me ask you a series of questions. I will use the Socratic method, omitting responses, because they should be obvious. If they are not, if there is some dispute about those responses, we have a much bigger problem than can be resolved here.

      If you buy a car, and a design or manufacturing defect affecting multiple vehicles (not just yours) comes to light, do you expect a timely recall by the manufacturer and complete rectification at no expense to you? Do you expect the manufacturer to remain similarly obligated for as long as you keep driving that vehicle you paid for? Would you be indifferent on discovering that, unrelated to the defect(s) being repaired, telemetric devices had been installed without your knowledge to listen in on your conversations in the cabin or your choice of radio stations? Would you feel guilty of being “willing to bite the hand that feeds you” if you insist on just the repairs, and nothing else?

      Now answer the questions again, with strategic substitutions for “car” and “vehicle”:

      If you buy a Windows operating system, and a design or manufacturing defect affecting multiple PCs (not just yours) comes to light, do you expect a quick response from the manufacturer and complete rectification at no expense to you? Do you expect the manufacturer to remain similarly obligated for as long as you keep using that operating system you paid for? Would you be indifferent on discovering that, unrelated to the defect(s) being repaired, telemetric devices had been installed without your knowledge to monitor your web interactions or your choice of web sites? Would you feel guilty of being “willing to bite the hand that feeds you” if you insist on just the repairs, and nothing else?

      This could give rise to an argument about whether vehicles built to accommodate known and unchanging physical forces can be compared to computer operating systems whose vulnerabilities are more difficult to predict, and only emerge over time, to which I would respond by pointing out that neither can the massive investment in plants, equipment, supply chains and dealer networks of vehicle manufacturing be compared to a handful of geeks typing out code and guzzling soft drinks in a warehouse. Software vulnerabilities are much more easily and cost-effectively fixed and distributed, and should be.

      The real problem is that M$ is committed more to a business model of rolling obsolescence than to servicing products they sell. As soon as they market a version of their operating system, they hang a support expiration date on it and lose interest, focusing on the next one, often another ill-considered monstrosity which will sprout a whole new category of problems, ad infinitum. They are committed to the trend of moving operating systems out of the product category, and into the service category. I, for one, paid good money for my Windows 7 Home Premium, and I expect to be able to use it until I – not M$ – decide to make a change.

      So, Woody, if you have read this far, I think addressing Group B’s with “If you’re willing to bite the hand that feeds you”, if intended as anything other than a joke, is completely off base. I respect the choices others in this community have made. I would not preface instructions to Group A with “If you’re willing to kiss the a$$ that defecates on you…”, nor to Group W with “If you are in the grip of a death wish…” A healthy community of autonomous individuals tolerates differences of opinion, and respects principled positions taken in good faith. In our current social and political climate, that is a rare thing, worthy of nurturing.

      Thanks again to you and your compadres for keeping Group B alive. I appreciate your informative articles, and the often wry humor in which they are wrapped, and I will remain on board as a card carrying member of Group B as long as it endures.

      Please note: if a duplicate of this message appears as “anonymous”, it’s because I had a heckuva time with formatting and getting out of visual mode under my moniker, finally succeeded – sorry!


      4 users thanked author for this post.
      • #141505

        Hi @NorthwestRick, I’m not going to answer for Woody or address any personal message you have received. In fact I agree with the passion you show, and even the possibly legal implications of Microsoft failing to fulfill their contract implicit in your purchase of equipment and lease of their license. I only wish I had better understood the nature of that arrangement way back when.

        Your Socratic method is of course designed to eliminate all disagreement before allowing a response. But it was not necessary for me, I already agree and admire some of your method to explain things. I have struggled with creating an analogous demonstration, so I will seize on to your automotive metaphor and harken back to shadetree mechanic days long gone. The manufacturer had many responsibilities under law and explicit under warranty. I could use any oil I wanted. But if I ignored published guidelines on viscosity then I should expect a poor outcome. I could mount any tire that fit the rim and did not rub in the wheel well. But if it did not meet other specifications, or I did not keep it inflated correctly then my ride experience would suffer. Possibly to the point where loss of control would cause catastrophic damage. I do not think I need to chase down other examples.

        One of the differences in this analogy that fails is an automotive manufacturer delivered a finished product. And would never come to my garage years later and install a smaller oil pan or change out the wheel hub. Consumer pressure has demanded that Microsoft continue to provide new features and secure against threats that were not even developed at the time they delivered their product. I will grant that they marketed an impossible dream. But I am willing to meet them half-way in their effort to keep that promise by maintaining my installation in the way they describe to me as most fitting. While I also go about finding my next operating system among the Free and Open Source Software, where I have better standing in controlling every aspect of installed code.

        I feel my statement is incomplete, but hope I have started to make a point. The product is theirs, and I will follow their guidelines in maintenance. Until I replace it with a better model. One that more closely suits my needs and my methods.

        My only leverage that I exert from outside is the wait and see method found here at AskWoody. Not that it makes me invincible against Microsoft. More of a ‘to be forewarned is to be forearmed’ if I am groping for the correct quotation exhorting the positive effect of knowlegable preparation.

        Now on your separate and not really related displeasure. If there was an agreement or terms of service wherein AskWoody.com as a blog is required to maintain redundant Microsoft documentation on your behalf, well I must have missed it. AskWoody made the idea of GroupB famous. But the process can be followed without the AskWoody blessing, so long as Microsoft allows it. And if Microsoft ends it tomorrow this blog would not be able to change that fact. Be thankful this group of people made it possible for you to do. Do not require them to do it for you. It can endure on your system through your efforts.

        Thanks to anyone for reading my opinion all the way through.

        2 users thanked author for this post.
    • #141611

      A year ago, I went into Group W (for Windows 7).

      For the 2 years before that, I had struggled, as a non-technical person, to intently follow, understand, and implement most things that Woody (and a handful of other sources) described and recommended for Windows 7.  Many, many hours of time spent on that.

      But come the Patchocalypse, I could not take it any more — I didn’t want to spend the personal time and do the above-and-beyond work required of the ordinary person to be organized and on top of it all, and deal with the twists and turns (trying to make sense of nonsensical terminology and wacky decisions and Calvin-type rule changes — as mentioned on a more recent blog post) and the increasing frustration.

      I did try to keep my computing/computer protected in all sorts of other ways, I wasn’t reckless.

      So for a year, I’ve been (mainly) BLISSFULLY unoccupied with all this stuff.  And nothing bad, thank goodness, has happened to my system.

      But what I am running into now is websites that won’t work very well or at all with my configuration (which don’t even allow Win 7 with IE 11 at all now, which say they work best with Win 8.1 or higher plus Chrome, etc.)  I am using programs that are quite old and no longer supported (like Office 2007).  I am aware that my pleasing ignorance of Win 10 (and Win 8) has me out of step with most people, and it’s possibly only a matter of time before I will find myself in a situation where I will need to be pretty proficient with it in some random work context and won’t have the luxury to learn about it at an easy pace.  My Win 7 computer is aging and could conk out at any time.

      The beyond-Win 7 options do not seem to have gotten more palatable/affordable/doable for the non-technical person in the last year:  Win 10, scrounging up a Win 8.1 and customizing it with not-negligible tweaks (and it may be good for only another year or two, really, considering how heavy-handed MS has been in trying to force people to ditch 7 well before 2020), move to Apple, move to Linux.

      I think they have worn me down, I think I have to go to Win 10 on a new machine, just start from scratch.  I don’t want to — I hate the privacy intrusions, I hate the update mess that they continue to make, I will really miss some of my Win 7 programs and methods that are not a part of Win 10, I will have to buy some new software programs and several pieces of equipment and spend AGES setting it all up and learning how to use it.  But I think that I have squeezed most of the last sweet nectar out of my trusty 7 setup, and I need to face up to the harsh reality and get inured to the 10 pain while my current system is still working “okay”.

      So here I am, back to swallow the bitter medicine.

      I really appreciate this site and the contributors; all of Woody’s work, tireless efforts to inform and advice, and honesty.  🙂




      • #141687

        Hope it works well for you mate.

        I’ve been in the same situation though, (my thoughts chronicled here) with thinking of “upgrading” to 10.

        In the end I decided it just wouldn’t be an “upgrade” at all. All the new “features” I had no interest in, (emojis, really?..) and everything I hate now about the patching is doubled on 10.

        Just the sheer thought of having to sit and tweak MULTIPLE screens just to turn off spying and advertisements was bad enough, but the fact that I’d have to do it allover again every time they pushed out a (forced) major OS upgrade was just too much.

        Aside from some (alleged) performance improvements, Win10 would be litterally a detriment in almost every angle, usability wise. I’d sit down to use my home computer and HATE using it every day. That’s not what I want in my life.

        So I decided to stay on 7, which I know well. The OS is familiar, ALL my programs work, and I can configure everything exactly to my liking with minimal work, and above all I have full CONTROL over my own Personal Computer. I am however doing a fresh install, which I think should speed it up a lot. It’s not like there’s that many programs that are still incompatible, heck most of the stuff I use still lists XP as a compatible version, so should be ok for a good 5 years or so yet (though I’m aware “support” cuts off in 2020, though since they’re not fully honouring that lately, I don’t care). Hopefully low sales and people giving in and moving to 10, (or moving FROM it) will force MS to think differently in future.

        3 users thanked author for this post.
        • #141776


          Thank you for your empathetic response.

          “Win10 would be litterally a detriment in almost every angle, usability wise. I’d sit down to use my home computer and HATE using it every day. That’s not what I want in my life.”

          I know what you mean!

          Well, actually, I don’t know what you mean, since I have not tried Win10 yet, but this is what I fear.

          The last couple of years, when I was diligently updating Win 7 and having to keep track of and make allowances for some idiosyncracies that my computer displayed regarding a couple of updates, I felt that the wasted hours, sometimes-extreme and long-lasting demands on the CPU, and continuous vigilance required of me were excessively detrimental to my user experience and peaceful enjoyment of the computer.

          I realize that Win10 monthly updates are also riddled with problems, that MS forces a change in the whole kit & caboodle every 6 to 12 months, and that tweaking for the most privacy and normalcy possible is going to take a lot of effort

          (this is why I asked in another spot in the forums if there exists a privacy-focused, cold-start beginner’s guide of how to approach one’s first Win10 installation at

          https://askwoody.com/forums/topic/is-there-a-thread-on-how-to-intelligently-install-windows-10-for-the-1st-time/#post-141593   ).

          But I am running into websites that I don’t want to do without which do not accept Win 7 and IE (or even Win 7 and Firefox etc.), and in general I can feel that my computer/OS are in their twilight.

          I also suspect that being familiar with Win10 is something that I need to brush up on, since it’s a major part of our societies’ infrastructure (like it, or not).

          In terms of keeping up with the tweaking and the new versions that they pump out which take the computer back to default settings, I will just have to keep good notes of everything I do and learn, and follow those when personalizing each version — plus heed Woody’s contemporaneous instructions — every time an MS tidal wave destroys my sandcastle.

          Even realizing that it is more like an ephemeral sandcastle on a public beach (that I had to pay a hefty entrance fee to be on) rather than a solidly-constructed bomb shelter hidden underground on private land is a step forward in my coming to terms with grieving for the way my computer/OS/setup/rights/privacy used to seem.

          …What are the “5 stages of grief” — denial, anger, bargaining, multiple containers of Haagen Dazs, nihilism — something like that.  😉

          1 user thanked author for this post.
        • #142211

          Since our exchange of a day or two ago, I’ve been looking more into Win 10 and into Office 2016 (which is expensive, offers only 1 installation per purchase, Outlook is not sold separately, an MS log-in account is necessary to install, and insists apparently on ongoing internet observation by Microsoft) —
          I’ve been checking out prices and customer comments for Win 10 Pro and Office 2016 Home & Business, at a number of different retailer sites, including MS itself —

          I’ve been checking out more columns by Woody and more participant comments here.

          I have also re-read your thread on the topic (https://askwoody.com/forums/topic/shall-i-bother-upgrading-from-win7-to-win10/), and I appreciate the information there.

          From beginner to expert, people are struggling to cope and are putting in so much time and effort to make the best of things, but still there are so many complaints and disappointments.

          It’s just dire, it really is – this Win situation.

          Or, I suppose, it’s more like a No-Win situation, in more ways than one!

          I think that I am changing my mind, I just think I don’t want to leave Win 7 and go to Win 10.
          No. It sounds like it would be a miserable experience.
          Especially since, I guess, customers who buy new systems are put right into the most recent Win 10, which for a laptop purchase in November would apparently be the newly-issued Fall Creator’s Update, which reviewers have said has a number of things that need to be fixed.

          One downside to staying with 7 is that I am running into some websites that don’t work with Win 7 and IE 11, and I’m not sure what to do there. This situation will probably get worse for the next 2 years (until Win 7’s end-support date of Jan 2020).

          I’ve taken on board what Noel said about his 8.1 setup, which sounds like a good compromise to get several more years of MS support. However, that ship has probably sailed – I don’t think they are available to buy anymore.

          In any case, I think that I must get a newer Office version, because Office 2007 stopped being supported and patched earlier this month.
          It sounds like Office 2016 is quite invasive about privacy, so I tried to see if I could buy an Office 2010 or 2013.
          I need to have Outlook as well as Word, Excel, and Powerpoint.
          Most listings look like they are selling used/dodgy/fake goods.
          There are a couple of listings for prior years’ Office software on Amazon that appear to possibly be genuine, but they are all for the Home & Student version, which doesn’t include Outlook — and I can’t find a a separate Outlook of 2010, 2013, or 2016 (they didn’t do a standalone one for 2016, it seems).


          • #142375

            Tbh if you have the time then you may as well give it a try on a VM or Dual Boot setup or something.

            For me though I’m not going to bother, as mentioned up top:

            I’m really happy with my Win 7’s UI, especially with how I’ve got it customised. If they’d have just made something like this, but with some performance and security improvements, I’d be all over it! Instead we get a horrible UI, c***-tonne of bloatware, “Microsoft Store”, forced updates, privacy intrusions, blablabla… Nothanks.

            I was strongly considering it a bit ago, but there’s just TOO much that I’d not like in there. Sure I have access to a version where a lot of it can be tuned and tweaked, but what good is that when a big update comes every few months and re-sets everything? It’s annoying enough having to scrutinize and be constantly on guard for telemetry / GWX type stuff in Win 7, I certainly ain’t got the time to devote to even more of that with an OS where I have even less control.

            And again for me it’s time, I’m back to work in 2 days and just do not have the time to devote to dealing with all Win10’s issues, if they wanted me to use it, they shouldn’t have put up so many blocks and discouragements for the average user.

            Also the main thing is that I alone control my PERSONAL Computer. I’m not having some tw@ from Microsoft thinking that just cause I use their Software, they own my entire ****** PC and what I do with it, and also demanding they have rights to my personal data and when I update it. NO OTHER software package on my entire machine tries that on, why should I put up with it from Microsoft?

            Sure it’s an operating system, a bit of software that lets me use the disparate components, and other software. It ISN’T my PC, I could uninstall the {deleted] thing and put Linux or whatever else on whenever, that very fact means they cannot just come and think they can tell me what to do when I sit at my machine in the evening in the limited time I have to myself.

            If my machine was some “sealed box” model from them which ONLY ran Windows then fine, but I built it myself, it didn’t even come with an OS, I bought it separately like any other software package. They really need to pull their heads out and back off, because at the rate they’re going, I won’t be moving off 7 at all unless they change their attitude.

            It all boils down to, if I have something that works well, why would I buy (or move to) something that doesn’t. Their entire mantra they keep chanting about WaaS is:

            Our commitment to keeping Windows secure remains steadfast. We’re making these servicing changes because overtime we have seen that the piecemeal approach to patching has been one of the biggest challenges in achieving high quality servicing.

            We’ve found over time in our experience on Windows 10 that we’re better able to deliver quality servicing and better able to respond to any issues with this approach.

            I don’t CARE. That’s THEIR problem, not mine. If something doesn’t work as well for me, the average user sitting down at his personal computer in the evenings, then I ain’t using it. Couldn’t give a toss whatever MS finds “easier” for them.

            Therefore on my clean Install I’ve just made and about to switch online & begin updating, I’ll be hiding all rollups, and downloading security patches manually. If I see anything I don’t like, I’m not installing it.
            I’ll ensure I have Anti-Virus/Malware software installed and other security tools to handle any issues, as well as backing up regularly. Such will be a lot less headache to me than caving to Microsoft, and leave me, (the actual user) in control.

            EDITED for language – please observe Lounge Rules

            1 user thanked author for this post.
    • #141784

      Post #141776 was meant to be a reply to @BobT ‘s #141687, but it showed up as a general entry on the thread instead of being nested below his specific comment.

      (When I click the “reply” link at the top right of a post, it doesn’t take me anywhere different on the page, so I expect it’s my ad/tracker blocking that is stopping that function from working.)



      • #141786

        I have moved your reply to where you intended.
        Because the topic is so long, it takes a while for the system to drop to the reply box at the bottom. (I usually watch until the circle stops spinning in the browser tab). Then it takes another while for the system to post the nested reply.

        The site has had problems while you were away.

        1 user thanked author for this post.
        • #141884

          I have moved your reply to where you intended.
          Thank you.

          Because the topic is so long, it takes a while for the system to drop to the reply box at the bottom. (I usually watch until the circle stops spinning in the browser tab). Then it takes another while for the system to post the nested reply.

          My problem is not a time-lag issue – there is no dropping to the reply box, there is no spinning circle in the browser tab.  What happens is that when I click the reply link, it’s as if nothing happens at all no matter how long I wait, so I manually move down to the reply area, but when I am there, I cannot even click in the reply box with my mouse — the cursor does not show up, so I can’t type anything.  It’s as if the page is frozen.  What I have to do then is refresh the thread, which apparently takes me out of the stuck reply mode, and then I am able to click in the reply box and type what I want to say — and I learned this evening that doing that page refresh simply puts me in the position to create a new top-level comment, rather than letting me go ahead with my intended nested reply to a prior comment.

          The site has had problems while you were away.

          I appreciate that.  Actually though, I never really participated on this new-style forum, as I hermited myself away from all the Windows madness in late November or so.  The niggles that I am experiencing now could very well have been what I would have experienced at the start of this new iteration, this past spring.

          Plus, I expect that the problems are mainly on my side, because I have lately had trouble with several different internet forums — they are about different topics, and they use different software from each other — but all of them used to let me use more functions within their discussion areas (with my ad/tracker/strange IP blocking settings, it’s been rare that I could ever use *all* of the functions on any discussion sites, but I used to be able to use more functions on those sites a few months ago, than I can use today).

          I think this is from a combination of my ad/tracker/strange IP blocking settings and of my IE 11 and Win 7 combo (which is starting to be rejected, in big and small ways, by some websites — and even when I take off all my IP blocking and other internet protections and just allow everything through, as a test to try to pinpoint what is going wrong, that does not always improve my experience at some sites, not anymore).

          It’s okay – these website difficulties are pushing me to seek alternatives in OS and browser, and I think the way forward is for me to finally move to Win10, despite its frustrations and impositions.

          In the meantime, it looks like I won’t be able to create nested replies here, so I’ll “@” the username of the person I am responding to.



          • #141905

            so I’ll “@” the username of the person I am responding to

            If you also add the post # of the reply you are replying to (top right had corner of each reply), that would help us thread them while you remain unregistered (i.e. while your posts need moderating).

          • #142131

            Same for me, I’m using IE11 also, (can you Reply to anything on Reddit btw? The Reply button there does nothing, I think an Update bodged it at some point).

            This only happens when Replying though, Quote works fine. However an easy way to sort it is to click the “Text” button (next to Visual button above the reply box), and then click Reply again, and it should take you to the correct reply box with the caret waiting.

            Once you’ve posted something, you can go into Edit mode and then click Visual. Doesn’t work when first posting though for some reason (Shows blank). Have to post in Text mode first.

            Dunno why it does this heh.

            • #142201

              Wow BobT, thank you for your tip about clicking on the Text tab, after I have hit “reply” and find that I am not allowed to put my cursor in the reply box (which has the the Visual tab on top by default).

              This is my first attempt at making a reply that way, and it seems to be working! 🙂

              (With the above 2 paragraphs present in the Text tab, I clicked back on the Visual tab to see what would happen, and it is blank. I clicked back to the Text tab, and my comment showed up again.)

              I also am a little relieved to hear that with your Win 7 + IE11, you’ve also been having trouble recently on discussion forums — I’m glad to know that it’s not just my computer that is acting oddly.

    • #142065

      Aside from some (alleged) performance improvements, Win10 would be litterally a detriment in almost every angle, usability wise. I’d sit down to use my home computer and HATE using it every day. That’s not what I want in my life.

      I used to feel like my computer was something I’d bought and paid for, a tool I really enjoyed learning about and using. Now I feel that it’s something I have to pay a hefty amount just to “borrow” or rent for awhile, it’s not really my own. And ditto all of the programs – sorry, “apps” – that I use. You no longer buy them and own them, you rent them, and if you can’t pay the rent anymore, you lose access to them. For me, this takes the enjoyment out of it. I feel like computing has gone the way of tv and magazines, it’s become simply a vehicle for advertising. The purpose of the content is simply to carry ads and sell more things to you.

      I do have a Windows 10 machine that was my husband’s.  I have little control over it or what it does, it’s all about collecting information to sell, it’s not enjoyable to me, so I don’t use it. I still have a Windows xp machine which I don’t connect to the internet. It is superior to working with audio files since they hadn’t removed the ability to record what you hear yet and I still think it is the most fun to work on- it makes so much sense and you can do things with the least amount of clicks. I have an old notebook that is barely functional that I resurrected by installing Linux that works great as a music server now. I never throw anything out, lol! I think it’s fun to fix things and see how they work and what I can use them for.

      But, anyways, I am at the point where I have tweaked Windows 7 to where I enjoy working on it and I know I don’t want to move to Windows 10. I have a lot of programs that were expensive to buy and that I can’t afford to replace, I would just lose the ability to use them. But they work fine for what I do. I can’t afford to buy a new car or house every year and I can’t afford to replace my computer, my OS, and all the programs I use either. Computing has become necessary to life but it’s also become an ongoing expense and not a small one, either. It is really perplexing.

      Oh, and then there is my android tablet which is the most frustrating thing ever, there is such a limit on what you can customize or block, it drives me crazy, I’m sorry I even spent money on it.

      On the other hand, there are a lot of people using computers/devices who have no sense of what is legitimate or a scam, who will click on anything, wire money to strangers, and have no desire or ability to learn how the system actually works. MS has to try to create a system that will work for and protect them and I can only imagine how challenging that is. And at the same time, the constant assault from those who are trying to break the system and hijack it for ulterior purposes. So, I can understand why they want to simplify their end of it and try to make it idiot-proof.


      4 users thanked author for this post.
    • #142172

      I was curious why so many Windows 7 Group B users are missing “must be installed exclusively” update KB3177467. Looking at https://support.microsoft.com/en-us/help/3215781/description-of-software-update-services-and-windows-server-update-serv, KB3177467 changed from an Optional update to an Important update on October 11, 2016, which is the same day of the availability of the first Windows monthly rollup. Aha!

      2 users thanked author for this post.
      • #142380

        Are you sure it isn’t spelled “MrBrain”? 🙂

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
        3 users thanked author for this post.
    • #142282

      Hi @DriveBee,

      I had to register because your post resonated with me quite a bit. Apologies to  everyone else because my response is not really on topic.

      I used to feel like my computer was something I’d bought and paid for, a tool I really enjoyed learning about and using. Now I feel that it’s something I have to pay a hefty amount just to “borrow” or rent for awhile, it’s not really my own. And ditto all of the programs – sorry, “apps” – that I use. You no longer buy them and own them, you rent them, and if you can’t pay the rent anymore, you lose access to them. For me, this takes the enjoyment out of it. I feel like computing has gone the way of tv and magazines, it’s become simply a vehicle for advertising. The purpose of the content is simply to carry ads and sell more things to you.

      You touch on a lot of aspects that are the basis of my frustration with computers and technology these days. What it boils down to is that the current state of  hard- and software cancels out the natural enthusiasm I have for technology. It’s depressing that we actually have the means and creativity to build perfect devices but in the end there’s always a catch with the products actually available to us.

      It feels like nothing is really made anymore on the basis of what people need or want. I cannot remember the last time I bought a tech product that was ‘whole’ or truely mine to own. Even if it seems nice at first, I unconsciously fear the day of the update that ruins it.

      I do have a Windows 10 machine that was my husband’s. I have little control over it or what it does, it’s all about collecting information to sell, it’s not enjoyable to me, so I don’t use it.

      Nowadays the premise for new produts seems to be: “How much actual functionality do we have to build into our big-data collection and advertising device so we can start calling it something else and people will put up with it?”

      Another thing that greatly diminishes my enthusiasm for the more recent Windows OS and MS Office products is the atrocious flat design! There are simply insufficient visual clues to effectivly guide you through a more complex UI. Every time I have to use Outlook 2013/16 I feel like I’m using an unfinished frontend or wireframe some intern created as a mockup.

      I feel I should stop now or I’ll go on forever.


      5 users thanked author for this post.
      • #142372

        Another thing that greatly diminishes my enthusiasm for the more recent Windows OS and MS Office products is the atrocious flat design! There are simply insufficient visual clues to effectively guide you through a more complex UI. Every time I have to use Outlook 2013/16 I feel like I’m using an unfinished frontend or wireframe some intern created as a mockup.

        Yup, I HATE that too. Jacob Nielsen (one of the famous usability gurus) had a lot to say about Win 8 / 10’s “flat” design, “charms” and general non-usability. It’s clear that again they think everyone is using a tablet, and everything should be based around that.

        I mean heck they introduced Themes years ago, why couldn’t they just make a Flat theme that was the default for tablets, and let the rest of us have the nice, rounded, 3d aero? Oh yeah because they’re still in that “We have to say everyone LOVES it and it’s been a GREAT SUCCESS, so we must force everyone to use it!” mentality.

        I’m really happy with my Win 7’s UI, especially with how I’ve got it customised. If they’d have just made something like this, but with some performance and security improvements, I’d be all over it! Instead we get a horrible UI, c***-tonne of bloatware, “Microsoft Store”, forced updates, privacy intrusions, blablabla… Nothanks.

        6 users thanked author for this post.
    • #144198

      Group B seems to have worked OK for me so far.  About a year ago (on Nov. 29, 2016),  I posted a question to Woody on this website which read as follows:  “Are you going to keep providing us Group B people with instructions on what to do?  I’d like to stay in Group B as long as you provide instructions for Group B.”    Here is Woody’s response:  “Yes,  I’ll continue to provide instructions for Group B,  as long as my fingers keep working or Microsoft cuts off patches,  whichever comes first.”

      I’m greatly appreciative to Woody and the others who provide the instructions, and I hope that Woody can hold true to his response of one year ago.

      5 users thanked author for this post.
    • #148836

      Yup, I’m going to stay Group B as long as Windows 7 is supported. In the Office, I’ll run WSUS to control the patches, at home I use WSUSOffline to patch my home network appropriately.

      No matter where you go, there you are.

      1 user thanked author for this post.
    • #152838

      I reworked my unofficial instructions because there were several logic bugs in the old instructions. I also consolidated the Group A and Group B instructions into one set of instructions.

      7 users thanked author for this post.
      • #152855


        I received 2 email notifications, on one the time reflected is 7:45 a.m. and the 2nd one is 8:11 a.m.   I can’t see any difference between the two, however there is a lot of dialogue.   I’ll just wait a while and there may be a reason.   Good to see you back once again.    Your very helpful information, expertise, and knowledge are always welcome to see.   Thank you for all!!   🙂  🙂

        • #152873

          I deleted my first post in this topic today because it was “indented,” and I figured more people would see the “unindented” second post.

          1 user thanked author for this post.
          • #152935

            @Mr.Brian:    I was so “out of it” earlier today, I read both of the messages, and need to return to the last one.  Thank you for the information.  I appreciate you taking the time to send the details.    I want to ensure that I have the updated version to view.  Thank you once again for the clarification.    🙂  🙂

      • #154110

        It was the steps 9 & 10 subroutine that seemed new to me. This illustrates that some items on the hidden list might be removed if checked again. Thank you for pointing it out. However, on my Win7sp1x64 the action of restoring any items forces a new check for updates before displaying the Windows Update options screen. Is this unusual behavior?

        I sometimes restore items temporarily to see if there has been a change in the published date associated with prohibited items. Curiosity and feline fatalities springs to mind. Earlier this year I relearned not to restore all, because this requires a tedious cycling to rehide the long list of sixteen Silverlight editions. If settings are to show other Microsoft products, then the Windows Update Minitool that you recommend could be helpful with this.

        2 users thanked author for this post.
        • #154125

          “However, on my Win7sp1x64 the action of restoring any items forces a new check for updates before displaying the Windows Update options screen. Is this unusual behavior?”

          That’s the same behavior that I observed, but I wasn’t sure if that behavior is guaranteed in all situations.

          2 users thanked author for this post.
        • #154241

          I just changed step 9 as a result of your post. Feedback appreciated.

          1 user thanked author for this post.
    • #154891

      I refer to MrBrian’s “unofficial” recommendations for new instructions for Group A and Group B”.
      The way I understand Steps 5, 6, 7 and 8 is as follows: Steps 5, 6 and 7 form a loop whereby, every time you perform Step 6, you hide updates that you don’t intend to install today. If you reach Step 7 and did not hide any updates the last time you performed Step 6, you go on to Step 8, where you are instructed to unhide updates that you intend to install today. But, surely, there aren’t any? By repeating Step 6 in the loop, all you have done is hide updates that you DON’T intend to install today. I am confused.

      Edit to remove HTML.
      Please convert to plain text before copy/paste.

      2 users thanked author for this post.
      • #154908

        This is intentional. You may have hidden updates on a previous day that you didn’t want to install on the previous day, but may want to install today.

        1 user thanked author for this post.
    • #166431

      What is the current status of MrBrian’s “unofficial” recommendations for new instructions for Group A and Group B?

      If they are widely accepted, would it be possible please to incorporate them into Topic 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1? In this way, there would be just one document with the instructions for Group B.

      Furthermore, I find it confusing to have the merged instructions for both Group A and Group B in the same document. It is difficult to pick out just the information you need depending on which group you are in. Updating Topic 2000003 as suggested above would remove this problem.

      1 user thanked author for this post.
    • #166433

      If they are widely accepted, would it be possible please to incorporate them into Topic 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1? In this way, there would be just one document with the instructions for Group B.

      AKB2000003 is the original instructions for Group B. @MrBrian has been working on the changes that need to be made to that group. His “unofficial” version is on page 1 of this topic and has been revised several times. We have not published the final version of the revision yet.

      AKB2000004 is the instructions for Group A.

      3 users thanked author for this post.
    • #166507

      What is the current status of MrBrian’s “unofficial” recommendations for new instructions for Group A and Group B?

      I haven’t changed the unofficial instructions in about 6 weeks. I don’t know of any issues with the current unofficial instructions, but on the other hand, when I looked at the previous unofficial instructions about 6 weeks ago, I found a number of issues that nobody else mentioned, so who knows if there are issues with the current unofficial instructions.

      2 users thanked author for this post.
      • #166516

        They work for me.

        2 users thanked author for this post.
      • #166580

        @Mr.Brian:  This may be “off-topic”, however the Windows Defender has now been referenced as possibly removing programs MS doesn’t want on our computers.  I’m behind however haven’t seen anything more specific about this.   If I’m off-topic I apologize, I’m having a terrible time trying to learn the “new threadless system”.   Thank you if you can shed any light upon this “pending issue”.  I have one older Win defender update which I have not installed, just to be safe.   Thank you once again for all of the help you provide for us all.   🙂

    Viewing 76 reply threads
    Reply To: New directions for Win 7 and 8.1 patching

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: