Win7 and 8.1 to get cumulative updates – you no longer control your Win7 or 8.1 machine

Topic

New Reply

InfoWorld Woody on Windows: Microsoft ‘simplifying’ Win 7 and 8.1 updates pushes even harder toward Windows 10. End of Windows as we know it? Hard to
[See the full post at: Win7 and 8.1 to get cumulative updates – you no longer control your Win7 or 8.1 machine]

Reply | Quote

Replies

So my enterprise of 5000+ machines will get whatever the H*LL MS wants to push out and now I can’t even easily determine which patch messed a machine?

Wow, just… wow

Reply | Quote

Soooooo….does this mean we are getting less updates on patch tuesday? I mean to simplify it-How many updates are we getting each patch tuesday?

Reply | Quote

“Hard to believe…”
Not hard to believe at all – telemetry and snooping can now be bundled up with updates. Just what I expect from Micros**t

Reply | Quote

Starting in October, it seems that we’ll get one combined security/non-security patch each month.

We’re all about to lose control over Windows 7 and 8.1.

Reply | Quote

Looks like it. You either get the whole monthly batch – in fact, the whole cumulative update – or you don’t get anything. That’s how I read the announcement anyway.

Reply | Quote

“We’re all about to lose control over Windows 7 and 8.1.”

Not really.
We can just stop patching altogether W7 and 8.1 machines.
Install a good AV and anti-malware software, use Chrome or FF only and don’t install anything, security or non-security patches, from this company. And then, buy a Chromebook. Just as I did the other day.

Reply | Quote

Though they’re offering a separate security patch mainly for businesses. I hope the monolithic Rollup is smart enough not to install security patches all over again, because I don’t see that they’re offering anyone a separate bundle of non-security patches. So if a business did opt for the security bundle and then later wanted the other updates too, the Rollup has to handle that properly and not waste time being redundant, or worse, screwing something up.

I can understand MS wanting to simplify the infinite number of patch combinations out there though. It must make troubleshooting extremely difficult. One step toward that end is what they did in more recent Windows editions: eliminate the ability to pick and choose in Windows Update.

This section was particularly interesting: “Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date.”

That’s a Service Pack.

Reply | Quote

So, regarding non-security updates, how will that affect older software? For instance, I use Office 2010 and have no intention of upgrading to 365 (and don’t want to be forced to download it). Thanks, Woody.

Reply | Quote

Very good question. Short answer: I don’t know!

Reply | Quote

Yep, in fact it sounds like a monthly Service Pack. With all the problems associated thereto.

Reply | Quote

Yep. Seems to be a reasonable approach – although Google snoops worse than anybody.

That said, I really like my Chromebook!

Reply | Quote

“We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.”

“Individual patches will no longer be available.”

You encourage us to move to the only model that will actually be available since you’re taking away individual patching? Good one, Microsoft!

Reply | Quote

“Based on your feedback, today we’re announcing”

That we’re going to do things the exact opposite way most normal people want them.

Seriously, is there anyone over at MS who actually stops and thinks about what they’re doing before they do it?

Reply | Quote

Well, I guess that does it for Windows.

So, which flavor of Linux is the easier to learn…

Reply | Quote

Not quite how i read it, there does at least seem to be the option of a Security Updates only roll up, all be it not available via the normal WU route.

Downloading the full rollup including both security and non security updates has to be a no no, otherwise who knows what we would get adverts, telemetry, fundamental changes to the software that we paid for ? The could just morph it into Windows 10.

Seriously, are they on a suicide trip !

Reply | Quote

Way to go Microsoft… instead of acknowledging the inherent problems with bundling (and forcing) of updates, let’s inflict the same pain on Windows 7/8/8.1 users.

Perhaps to enact revenge on those ~1 billion users who so summarily rejected the (IMO) failed Windows 10 “upgrade”?

Reply | Quote

It almost seems like MS is waging some sort of reverse-guerrilla warfare against its users!

I.e. instead of using small hit-and-run tactics in order to punish those of us who don’t want to/haven’t updated to their latest version of an “operating system,” they are using brute-force strategic warfare.

I *knew* this was going to be a problem as soon as whatzis-face from MS announced its vision as Windows 10 being the beginning of an “operating system as a service.”

Reply | Quote

My other concern here is that now if you need to do a clean install for Win 7 or 8.1 you’ll have no choice with how you install updates, unless you have older bootable isos with updates streamed in or drive images/clones of previous OS installs.

I’m going to download and backup the current simplix pack (Win 7) to get you up to speed to this month’s patches in the future without needing to bother with the future rollups.

https://translate.googleusercontent.com/translate_c?depth=1&hl=en&rurl=translate.google.com&sl=ru&tl=en&u=http://update7.simplix.info/&usg=ALkJrhjwwFnva5SerZlcWtViSoQ4vMjc_Q

I think some people have custom ISOs floating around without all the GWX/telemetry updates – will need to back those up, too.

Reply | Quote

So what about those of us who are smart and know that there are plenty of garbage updates like KB3161102? We’ll eventually get these PC breakers forced on this if we do WU, and we end up falling to viruses if we don’t do WU.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

What does the following mean?

“Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available.”

It seems to suggest that, in addition to the “rollup” update, M$ will offer a Security-only update each month. For those of us who have been installing only Security updates, why is not a good solution?

Also, I don’t see where it says that this option will only be for business.

Reply | Quote

I can’t say I’m surprised, it’s been coming for a while now – pretty much as a natural consequence of the changes already made for W10.

It’ll be interesting as more information becomes available to see whether Woody and others like Susan Bradley recommend (a) the combined security/non-security version, (b) the security-only version, or (c) neither! I hope they don’t aim the security-only version solely at business users and that it’s also offered to Home Editions.

The next step will presumably be to prevent 7/8.1 users from choosing whether and when to install these updates.

Reply | Quote

Initially I figured I would stick with Server 2012R2/Win7 until EOL in 2020, by then Linux desktop alternatives would be more refined. Obviously I won’t have that luxury.

In the interim, running a WSUS server I will opt for the Security Only roll up and only after enough time has passed for it to be vetted. If Microsoft pulls shenanigans and incorporates non-security updates… I’ll block them and be done with MS permanently.

Hey they gotta do what they gotta do and I gotta do what I gotta do… Move to the “Fast-Ring” for OS alternatives.

The irony is… as Microsoft lies in ruin, a shadow of it’s former self… Satan Nadella will deploy his golden parachute and walk away with several billion dollars. IMHO A CEO shouldn’t be rewarded for destroying a company…

Welcome to America!

Reply | Quote

This is just more MS thuggery designed to force users into having Win 10 jammed down their throats.

I may be at the end of the road when it comes to my Win7 updates. I’m not swallowing the unknown lock, stock, and barrel.

Reply | Quote

Now I’m in a real quandry!

Thank’s to Woody, I held off from allowing the Win 10 AU from visiting my PC.

Now that my PC’s manufacturer (HP) has excluded my model (a 5 year old 6200 Pro business desktop) from their list of gear they deem compatible with the Win 10 AU, that decision looks even more prudent.

Since I’m still within the 30 day grace period to rollback my PC from Win 10 Pro to Win 7 Pro, I was prepared to initiate that rollrack this week.

Now I read that jumping back to Win 7 is no refuge from the Vole meddling with my PC!

Unwanted patches. Loss of printing!

I’m dammed if I stay put, I’m dammed if do!

NUTS! 🙁

Reply | Quote

The writing was on the wall when Microskank started bundling security updates with non-security updates without giving users any means of controlling the contents of the bundle.

I nearly fell off my chair laughing when I read the phrase “Based on your feedback….”. I guess they weren’t listening with their good ear. If they still have one, that is.

I’m thoroughly disgusted, but not a bit surprised at this move by the the Biggest Bully of All Time.

Reply | Quote

I find it ironic that this gets announced at the same time that it is becoming more than a little obvious that running Win 10 is tantamount to becoming a perpetual beta tester for MS. The Win 10 Anniversary update is causing PC lockups for many users with no fix available. Every build of Win 10 is like a cracker jack box with a different surprise inside. Well, I suppose it’s better than being a crash test dummy for an auto maker?

Reply | Quote

I will be switching to Linux Mint next month.
I thought that after July 29 I wouldn’t have to, but I guess it was inevitable. Once I switch, I won’t come back to Windows, even if Microsoft changes its mind later.

I did not install the Secure Boot patches in case I was prevented by them from installing Linux.

Reply | Quote

Probably pays better.

Reply | Quote

Reading the full announcement, I note that there will actually be a second monthly update:-

“The .NET Framework will also follow the Monthly Rollup model with a monthly release known as the .NET Framework Monthly Rollup.”

Also, the announcement states “Several update types aren’t included in a rollup, such as those for Servicing Stack and Adobe Flash” so there could well be other updates as well. Incidentally, what does “Servicing Stack” mean?

Reply | Quote

Servicing stack is basically windows update itself.

Reply | Quote

This is one way to resolve the slow scanning for Windows Update. If this gets implemented like in Windows 10, then the supersedence is no longer relevant.

Reply | Quote

With Windows 10 taking only about 3 to 9 percent of the computers that are active (microsoft greatly inflated their percent of win 10 take), they (MS) will invariably attempt to negate Win 7, 8 and 8.1 systems and substitute Win 10 onto those computers. Win 10 is MS’s floppy disk; it flopped. Us,little people have tried to fight the good fight but the cloud is almost over us. I will probably run what I have, after D-Day I will run with no shoes.

Reply | Quote

My understanding is that it will be one Security Patch (non-CU but bundled with all patches for the month) and one CU for Recommended (and possible Optional) patches. This is what the Convenience Rollup KB3125574 is now. Express updates are just deltas. For WSUS it actually creates larger downloads to cater for all needs, only the client machines get the smaller updates.
The troubleshooting is easier rather than more difficult if we have less patches.
KB3125574 may even get published to Windows Update and WSUS and become the new baseline, the Service Pack 1.5 if you want, as it does not contain any Security updates or functional changes to the baseline set by Service Pack 1.
There are a million reasons why someone would still choose Windows 7 over Windows 10, patching is a only a tiny difference between the 2 operating systems.

Reply | Quote

I read it as there are 2 patches, not one. One security and one CU for non-security, i.e functional updates and bug fixes. Those are what are now known as “Updates”.

Reply | Quote

You will likely be able to get it from MS on one of their websites. From what I understand in reading Woodys’ article, the big difference is for everyone who keeps their machines updated via Windows Update – the security-only rollup will not be made available through that distribution channel.

Reply | Quote

Windows 7 is quite a mature OS, been around since what, 2009? Windows 8.1 is also coming along and aging too.

For us “die-hard” win7SP1 users, the OS has all the bugs worked out of it by now I would **suppose**. So, if one were to rebuild his system, all that is really needed now is the original OS + SP1 + the pseudo-SP2 KB3125574; then just the usual security rollups that will come out until 2020. Thereafter, turn off WindowsUpdate service forever and get/install the security rollup’s manually as they become available. Would that not be sufficient to have a functionally stable and secure Windows 7 installation until support finally runs out?

Reply | Quote

Good question. I’m looking for details.

Reply | Quote

The troubleshooting is easier until something goes wrong in a single update buried within a monolithic patch, then it’ll be much harder to figure out which patch within a monthly SP is causing havoc. All you can then do is uninstall the whole thing and hope it doesn’t break.

Reply | Quote

@wdburt1 I read it in the same way with you and the conclusion is the same.

Reply | Quote

“Based on your feedback, ” the main thing holding you back from going Windows 10 is these mega-rollups. So we’re going to force them on you for Windows 7/8.1 so you have one less reason NOT to upgrade. Mwahahahahaha!

That’s how I read it.

Reply | Quote

I guess now is a good time to run wsusoffline, and stockpile that collection of updates for the cold dark winter of the future.

Reply | Quote

The question is, if you use mainstream software, do you have a choice?

I use Windows 7 because:
1) it runs my MMO
2) my VPN provider only has Windows client
3) I use certain file sharing client software
4) play video very heavily reliant on the latest codecs (and with subtitles).

Do all of those work well under Linux? 1 and 2 not at all, 3 very unlikely, and 4 I haven’t seen anywhere near the codec update support that Klite has on Windows.

Reply | Quote

The MS release states the Security-only update will NOT be offered on WU, only WSUS, SCCM and the Microsoft Update Catalog. My interpretation of this is that it will not be available to the masses because, in general, they have no idea how to use anything but WU.

The audience on this website is interested in protecting their computers. But the GWX experience has taught me that the majority of Windows users are not even able to deal with “Search for updates but let me decode whether to download and install them” And who knows, that option may be removed from Windows Update altogether in the near future as it has been from Win10.

For the minority, those of us who do not have access to WSUS but still want to have control of our PCs, the Microsoft Update Catalog may become the haven. But for the average User it’s going to be forced updates or nothing.

Reply | Quote

Dear Mr. Leonhard,

We started following your website after the initial news of Microsoft’s attempts to convince users to upgrade from their current operating system to Windows 10 (Win10). I can not thank you enough about introducing us to Josh Mayfield’s GWX Control Panel, to guard against a forced upgrade to Windows 10. I have placed it on more than 60 machines, from family, friends, neighbors and co-workers. I enjoy the recommendations you make to take concrete action. I look forward to seeing more articles or news announcements contain an ending with actions we can take to make improvements.

Onto the meat and potatoes.

We (a local group of system administrators, technology enthusiasts and consultants) have been continually surprised by the repeated attempts to move additional users to Win10. At some point, all of us thought Microsoft would cease these poor business practices.

Luckily, this has finally galvanized many die-hard Microsoft supporters in our circles to contemplate moving to other options, including Linux. I have supported Windows-based systems and networks since Windows 3.11 for Workgroups. A Microsoft Windows machine has been the anchor of our family from Windows 95a (Win95) until Windows 8.1 (Win8). We grew concerned with the privacy issues of Win8 reporting unknown data back to Microsoft-controlled internet addresses. We continued to utilize the product based on past experience.

I tried Linux about 15 years ago. The experience was so bad with Ubuntu that I quickly returned to Windows 2000. All computers in our house were Microsoft Windows until this spring. Watching Microsoft violate their implied contract with Windows 7 (Win7) and Win8 users for normal and extended support until the end of life cycle, added urgency to find an alternative.

Many in our professional circle are considering, planning or currently migrating business infrastructure to Linux-based systems. The idea of saving between $300 to $500 or more, per machine is jaw-dropping. Remove the Windows license ($100 – $200), Microsoft Office ($120 – $400) with free alternatives that work as well. Take those savings across 20, 50, 100+ machines and that adds up to significant savings.

They expressed mostly positive reviews of the desktop environments of Ubuntu, Mint and SUSE. The complaints mainly revolved around a specific driver for one device or finding an open source alternative to a paid program. If this is the worst that some of the most detail-orientated people I know can say, I am open to an trying Linux on a personal computer. Our choice to use Microsoft Windows, to remove a maintenance headache, no longer applys.

I installed Ubuntu, a Linux distribution by Canonical, on a family computer in early 2016. The shock of a usable desktop, even with games through SteamOS by Valve, is hard to describe. My biggest concern of locating useful programs and keeping entertaining games installed was a molehill in hindsight. Since then, I have installed a Linux distribution on two neighbor’s machines. I guided 3 other family friends through using Linux via live-boot to ultimately replacing their Win7 or Win8 with Ubuntu or Mint.

I realize now that new things do spread through a community slowly but gain traction with each adopter. If neighbors in their 70s and 80s are able to adjust to Linux, using their current hardware. I believe we can as a family as well. I feel fortunate that I listened to my instincts regarding Microsoft’s actions toward their customers. This new information forcing customers to install both security and cosmetic updates in one package or else is sad.

I understand now that Microsoft is not a technology company, near as much as a marvel at marketing. I personally do not understand how Microsoft sees violating customer’s trust of a reliable product is good for the long-term future of the company. Redefining an agreement, a meeting of the minds, on a continuing basis seems to generate distrust, a feeling of betrayal, and movement toward alternatives.

I hope other people take a look at Linux or ChromeOS by Google. Use a live-based (USB bootable) Linux distribution to try it out. We did and love it. Do not feel trapped into a choice of lesser evils, you deserve better. It is your time, money and family. You control it, not someone who says “take this or else”. Vote with your wallet.

Sincerely,
A former lifetime Windows user

Reply | Quote

This is precisely what I intend to do w my w7 system and probably after sec rollups end until the system dies.

W my w10 system I will update only for critical reasons and/or very late. [No to] security updates if they are not separate

Reply | Quote

Mint …

Reply | Quote

I have one burning question: where did they get that feedback, since I’ve always heard the opposite when it cones to MS patches????

Nice to see they finally realized that they can’t tell people to use Edge and avoid Active-X if the Download Catalog uses Active-X

Reply | Quote

Hmmm… I suspect that this is the “official” fix for the slow update scanning. Ram the “magic” patch down the chute, along with everything else. Efficient, eh?

Reply | Quote

It looks like Win 7 & 8.1 still have an advantage over Win 10 regarding updates. You can choose the “Security-only” update each month and skip the Monthly Rollup, until 2020(Win7) or 2023(Win8.1) if desired.

The Win 10 Cumulative updates includes everything, so if you hide it, you won’t get the security updates.

So it looks like MS-Defcon could become two-tiered after September. One tier for security updates only, and the other tier for rollups. The all clear could be specific to one or both, as necessary.

Reply | Quote

I audibly swore reading this. I’m not surprised really but one bad patch in there and we’re screwed, aren’t we? Utterly stupid decision.

Reply | Quote

Uncontrollable monthly roll-ups, “based on your [negative?] feedback”. Sounds great. Not that they asked me.

Bad patch –> BSOD and no boot. Solution: Find a Mac, download the fix onto a USB drive, boot Windows from CD (if you have one), apply USB fix.

Bad driver update? Hah, we know better than the manufacturers, so stick with us (not that you have a choice).

Can’t print? No worry. We’ll fix that sometime in the future, maybe.

I’ve been with M$ operating systems for 30+ years, but I am now preparing for divorce. Porting Windows software/data to another platform ain’t gonna be a picnic, but maybe it will take less time than it’s taken to watch Windows Update churn away while accomplishing nothing.

Truly, a sad turn of events.

Reply | Quote

With Linux Mint, you always have the option of using free Oracle Virtualbox to install a guest OS as a Virtual Machine (VM), such as Windows XP, Win 7, or Win 8.1. You will still need a Microsoft activation key to install Windows as a VM.

Just use the Windows VM to run any Windows only applications that you still need. Do all of your other online stuff directly from Mint, for security and privacy.

Lock down the Windows updates on the VM’s and use the Windows firewall to limit most network access, except for what it absolutely necessary.

I have an old Windows XP VM running on both my Win 10 and my Linux Mint PC’s. Works great!!!

Reply | Quote

Most likely the August updates will be the last I do for this Win 8.1 x64 laptop. Afterwards, I’ll set it to never check & be done with it. No more updates for me.

I’ve read great things about Linux Mint. I’ll probably experiment with Linux Puppy first, so I can have a flash drive only version to experiment with.

I was hoping I’d have more time to wade in with Linux. The latests developments have now forced me to get going sooner.

Woody, I am very grateful to you for making this place for us to congregate. It has been really handy to come here every day to find great information.

Thank you to you regulars for adding your wisdom. It is much appreciated. You guys & gals are an awesome bunch.

Reply | Quote

Obviously MS wants to crush Win7
Some updates I refuse to install because they slowed down my machine badly.

KB3146706 is one such piece of garbage.

Reply | Quote

The linked article says the security-only update “will allow enterprises to download as small of an update as possible while still maintaining more secure devices”
So I wonder if only enterprise versions will be able to use that…

Reply | Quote

Probably the most user friendly is Linux Mint. It comes with a good repertoire of already installed programs–for example Libre Office, which can replace most if not all of MS Office functions (there are occasionally problems saving Libre Office documents in MS-compatible format but it’s not a deal-breaker).

Linux has a variety of Desktops. The one which is closest to Windows in user experience is probably KDE although, especially for older machines, some of the others such as XFCE are not much different from KDE and are much lighter.

Probably the best thing to do is to download an iso from the Mint website containing one or another Desktop and try each of them until (and if) you find one you’re comfortable with. You burn the iso to a USB stick and boot from the USB stick. You don’t need to install until you’re happy. Some distros have persistent storage on the USB stick (also depends on the utility you use to put the O/S on the USB stick)but some don’t. If you’re going to do a thorough functionality test of the O/S you would want persistent storage on the USB stick once it’s loaded with the Linux O/S.

DON’T mix Desktops–say by installing KDE and Cinnamon together. You’ll be sorry…. You can sometimes install programs (especially utilities) designed to run on one Desktop (say KDE) on another Desktop (say Gnome). The installer will install a load of extra programs for compatibility reasons but this is not the same as including two desktops in the same installation.

Problem with Linux Mint is that it is based on Ubuntu, which is in turn based on Debian. That means in the long term you have a rather weak chain of software provisioning (not to cast aspersions on anyone; it’s just the chaining that’s problematical). However, Debian, while it is at the base of these and many other distributions, is a little more difficult to use and requires some computer savvy. Otherwise it’s a perfectly acceptable O/S.

The only problem with turning to Linux comes with software that won’t run on Linux and requires a Win environment. You can try to install such a Win-oriented program in Linux under Wine–sometimes it works and sometimes it doesn’t–or you can install a Win 7 virtual machine in Linux using Virtual Box or VMware Player, depending on your needs and preferences. But then you’re back to dealing with the Windows issues addressed in this post of Woody’s. The only reason to have Win in a virtual box on a Linux machine is to run programs that you can’t otherwise run. Presumably using the Win 7 virtual machine to run one or two programs would minimize your exposure to MS telemetry and so on–unless of course those programs are precisely the ones you don’t want MS to monitor.

In such a case just refusing to go along with the new MS update policy by not updating at all might be a solution. It all depends on how much interaction with the Internet will be needed by the programs you run in the Win virtual box. If the programs are not contacting the Internet, then not being up-to-date in security and functionality patches is less dangerous. After all you would be doing most of your interaction with the Internet through your Linux host.

Reply | Quote

Likely. MS doesn’t seem to be throwing any bones to Home users, and Pro is kind of an unknown.

Reply | Quote

I’m mobile data only – does this mean expensive high data updates?

Reply | Quote

+1

Reply | Quote

It isn’t yet clear to me who will get the two-tier option. Win7 Home, clearly, will not get two tiers. More in the morning.

Reply | Quote

I believe your interpretation is correct.

Reply | Quote

Does this process also affect Windows 7 Enterprise? I’ve heard of Banks and Insurance companies with tens (if not hundreds) of thousand PCs. I can’t believe that they would succumb to this sort of non-transparency. And moving from Windows 7 to Windows 10 for these companies is measured in years…

Reply | Quote

“Based on your feedback…”

LIARS.

Reply | Quote

I don’t want the telemetry that I’ve hidden installed.

Reply | Quote

Woody,

This new policy suggests that beginning in October, there will be no individually accessible “magic patch”. If this is the case, then just getting to the updates will be a problem (or impossibility!)

Did the July W7 update roll-up (KB3172605) resolve the scan forever problem beyond the current month??? Notwithstanding the bundling and bluetooth issue, is it time to hold one’s nose and install this roll-up before it’s too late?

Am interested in your and other’s thoughts.

Reply | Quote

What is so difficult to uninstall the patch like it has always been done? It is also possible that the patch behaves badly, but what is so different from the current state of things?

Reply | Quote

It is a reference to the Express packages which I explained in a different post.

Reply | Quote

> I’ve read great things about Linux Mint.
> I’ll probably experiment with Linux Puppy
> first, so I can have a flash drive only
> version to experiment with.

You will do yourself a favour if you pick a ‘genealogical line’ and stick to it. Puppy Linux is a very different Linux distribution to Linux Mint — although they share much of the core stuff, of course, the implementation is not the same.

Use VirtualBox to try out a selection of the big distros and find one that suits you. Look at the respective community forums (always a good measure of a FOSS software project) and make sure that you can understand advice that’s being offered: you’ll be living on those forums for a few months.

On the whole, Linux Mint really does produce an operating system based on _your_ feedback and I would heartily recommend it, both as a starting point and for long-term satisfaction.

Reply | Quote

There is no “magic” patch. This is a convenient way to present to less technical users a patch which supersedes a large number of old patches. A Cumulative (Rollup) Update does just that, it supersedes a number of patches released before which are now obsolete.

Reply | Quote

> The idea of saving between $300 to $500 or more,
> per machine is jaw-dropping. Remove the Windows
> license ($100 – $200), Microsoft Office ($120 – $400)
> with free alternatives that work as well. Take
> those savings across 20, 50, 100+ machines and
> that adds up to significant savings.

Hear, hear.

Not to mention the manhours wasted on analysis, research and triage every Patch Tuesday. My FTJ is supporting Windows users and it’s a relief to get back to my Debian full-time desktop.

Reply | Quote

@PKCano I think you are the only one here who actually read correctly the fine print. At the second reading, it appears that the Security-only update will be offered only as a separate download and not as part of the Automatic Update tools, either of WU/MU, WSUS, SCCM.

Reply | Quote

So……. wow……… that’s a big mouthful of so called info……… from MS…. initially found all that sooooooooo depressing……… especially to think after all the effort of holding Win10 at bay for this last year……….. that it seems more or less that we on Win7 and 8.1 are going to be treated the same………. but, but……… wait on….. we may be getting our updates rolled up together……. but we can still choose when or if to install… and
by holding off as we do now before updating……. learn of any bugs/muckups that are generated by said updates…. can’t we…….. or am I not reading correctly. At least for the moment anyway. Also there are those who are able to
inspect/read said rollups and possibly be able to tell us what is included in them…. So perhaps we just need to be a bit more savvy that MS… mean to say if MS had a good record of their patches especially recently…….. one would perhaps think not too much about it…….. but because of their recent behaviour both with trying to force Win10 down people’s throats and also because of their lousy patches……… one becomes a bit reticent about the whole thing.

My experience with Linux has been interesting…..
Currently I’m running it in a VB on an ext. hard drive….Using Mint/Cinnamon/Sarah …. only thing I’m battling against is trying to figure if my programmes on Windows will cross over. I’ve got Office 2000 on it successfully…… but my graphics programme is having a hiccough….. whether that’s because I’m using a VB…. I don’t know……. but guess gradually I’ll learn. One thing that bugs me is when you download say Samba which is a file sharing prog. you find you need something else also…. why can’t a programme download work out of the box…. perse…. instead having to look for stuff….. also their tips and tricks they talk about is mostly DOS…….. now for someone who’s not really used to that…. it becomes rather convoluted specially when the Terminal (Command Prompt in Wins) asks you if you are in ROOT……. I don’t know do I? And I would rather not do something to create a problem…… so I just back out! But guess this is all part of the learning curve……… and as I told myself I have 4 years to get to know Linux……. hopefully before MS erode more and more of our privileges. LT

PS Interestingly enough the company my son works for apparently run Linux throughout their Head Office……… and have been for quite some time.

Reply | Quote

+1

Reply | Quote

Does this signal ‘Rogue’ spyware Microsoft patches to decay working systems with these roll-ups for Windows 7/8.1?

What about end-users who are on metered connections?

Dodgy patches within roll-ups..whether intentional or not means a re-download once eventually fixed.

What lies within?

We don’t know whether the evil KB2952664 will be buried within the roll-up patches..or others for that matter which will lay dormant until..BANG you guessed it, something installed in the next roll-up you did not want and the only way to get rid of it is to uninstall the roll-up (If that will be possible, unable to revert back)

The GWX campaign is testiment to our suspicions with good cause for concern.

Well it looks like our Windows Updates will be switched off, come October.

Trust & Integrity seems to be sudo-apt-get these days..

Your toes lay scattered Microsoft..

Reply | Quote

“Better put some ice on that lip” he said as he left.

Reply | Quote

Simple solution:

Dual boot Windows 7 and a Linux distro of your choice.

Windows 7 kept at SP1 level only with no Internet access allowed.

All online activities done with Linux.

Reply | Quote

Does that mean the users will have to download 500mb+ behemoths every month for a couple of small files which have been updated?

Reply | Quote

Microsoft got that “feedback” by using the oldest trick in the arsenal of marketeers; they lied.

Reply | Quote

Naw, they’ve already perfected that with Windows 10. Only the files that are needed actually get downloaded.

Reply | Quote

More coming in InfoWorld in a few hours.

Reply | Quote

Hi Woody,

I really really thank you for the past year for information regarding Windows updates and other topics. I am not not that tech savvy (Win7). I do not understand the announcement in that article. My question is will patch Tuesday be the only the thing that will be required? Or will I have to do other tasks?

Reply | Quote

Woody asks: “If you can no longer control what Microsoft puts on your Win7 or 8.1 machine, is there any reason to avoid Windows 10?”

Absolutely yes! The update issues are only one small part of the Windows 10 problems. As Gibson at GRC aptly put it, “Windows 10 is a flying turd.”

Reply | Quote

I’ll repeat here what I said a couple of threads ago:

If you crowdsource your operating system instead of engineering it, maybe you should crowdsource your fixes as well (Har Har).

Reply | Quote

Post coming up in InfoWorld shortly….

Reply | Quote

No. At least I don’t think so.

Reply | Quote

My prediction for where MS is headed – will take a few years to get there (maybe by 2020).

Our computers will become dumb terminals used only to access the Windows (or whatever it’s called then) operating system in VMs on Azure. We will not be able to install any programs (they would all go away when you closed the VM anyway) and the only ones available will be those Universal crapps that your paid contract specifies.

I suspect MS is trying to use Windows Update to make everyone’s operating system a clone in order to make this transition easier for them.

Reply | Quote

One would think a “cumulative security rollup patch” would be appropriate, but then feature patches should still be individual. Forced feature patches for a feature that one does not have enabled is simply idiotic

Reply | Quote

Well read with great interest the article that you linked its really hard to see what dear “ole micro$nooze” is driving at. couple of thoughts to share if I may. I surely would love to know where they are getting they’re feedback from for sure it isn’t in here. The proposed model for future updates is simple and I like simple as I am sure many of us out there do. if I am reading this right you install October’s then everything is fine then it comes to November’s update and life is no longer good (sys crash BSOD)you name it anything to ruin your day. so you recover with a sigh ohh well not installing that again, “but there’s always next month.” Is there? because the errant update is rolled up into the next months etc etc you could always keep logging in sporadically for a “hot fix” should there be one. Isnt that defeating the point of update which was supposed to work seamlessly, tirelessly in the background to ensure we have the best computing experience (hahaha) ohh well just some musings on this whole sorry state of affairs pls forgive my sarcasm & keep up the good work Woody. 🙂

Reply | Quote

Sounds like some useful suggestions. I’m going to file this away. With only one of two computers regularly on the web, this would permit me essentially to use Mint as the interface for the web, and Windows 7 for everything else.

Reply | Quote

@James Hmmm, very interesting point of view. “This new policy suggests that beginning in October, there will be no individually accessible “magic patch”. If this is the case, then just getting to the updates will be a problem (or impossibility!)”

There is no such thing as a “magic” patch. This is only a catch-up patch for those who are not up-to-date. Those who are up-to-date don’t need any “magic” patch at all, regardless of anything else that is posted here.
But this obviously raises the question about what is the practical approach for those not up-to-date yet for various reasons, but want to get there. There are very legitimate reasons not to be up-to-date like new builds or simply neglecting to update for reasons like not wasting time with what is perceived as nonsense.

Reply | Quote

If we could just grab the security only update from the catalog then that would be preferable to the monolithic roll up offered through update with who knows what crapware bundled in after those of us who have studiously avoided them. But the announcement seems to suggest only enterprise users will be able to use it, or am I fundamentally misunderstanding what an enterprise user is? Which is more than possible.

Reply | Quote

LT, unless you are really interested in technology and interested in spending a lot of time with Linux and low-level (in the good and highly efficient sense) software, I would suggest you to stay with a commercial package. It does not have to be Windows, can be Apple Mac OSX or even Chromebook, of which I don’t know much, but if Woody says it is OK, then it must be.
Linux is not for regular end-users.

Reply | Quote

Perhaps third-party applications such as WSUS might prove useful work-arounds… .

Reply | Quote

This is what the so-called Express files are. Only deltas will go to end users, depending on what is currently installed.I think this dates back to Windows 7 / Server 2008 R2 SP1 if not earlier, when those patched up to a certain level were getting only what was missing and not the whole package.

Reply | Quote

@HypnoticFreddy Just watch Woody’s posts for the real info, anything else here is banter… seriously.

Reply | Quote

@Jerry S. I think you are overreacting. This site is dealing with home user issues primarily, although it is touching a little bit the Enterprise side of things when complexity and better understanding require it.
The banks and insurance companies have reliable means to deal with this sort of issues.

Reply | Quote

Unfortunately this is the new corporate attitude. They have such a large base the few 100,000[?] “independent” thinkers can drop dead as far as MS is concerned. Any customer losses will be more than offset by pushing everyone onto 10 with paid advertising and subscriptions.

Nearly 70 and been using MS Windows etc since the mid 1990’s. Have now had it up to here with Microsoft..
I have started looking into a chromebook that is ready for the system merger, to see how compatible it would be with my work/programs.
Anyway, compared to what one of of your commenters said, it its peanuts compared to the MS Windows/Office pricing.
Just have to make sure I market my three Windows systems before 8.1 is no longer maintainable.

Reply | Quote

So my routine changes from running Windows Update to checking the Microsoft Update Catalog. How hard can that be?

Reply | Quote

Google seach: goverment agencies around the world switch to linux

About 1,739,847 results

List of Linux adopters
https://en.wikipedia.org/wiki/List_of_Linux_adopters (last updated 6 Aug 16)

Worth reading.

Reply | Quote

EDIT: I found the FAQ’s for Microsoft Update Catalog. I take it that updates there must be downloaded to server-type programs that are not typically used by home users, thus the Security-only Rollup Update would be unavailable to them. Correct?

Reply | Quote

added from Wiki article.k

“…The cost factor is not the only one being considered though – many governmental institutions (in public and military sectors) from North America and European Union make the transition to Linux due to its superior stability and openness of the source code which in its turn leverages information security.”

Reply | Quote

After Ms past devious dealings, dirty tricks, complete disregard for their Win 7 customers.Do i want to get a Win 10 from a company i don’t trust, gives the customer no regard and they themselves will go as low as they possibly can go, no i will never have a Win 10, or anything else they manufacture or are associated with. Putting it politely MS can go forth and multiply !

Reply | Quote

I don’t agree with the title “you no longer control your [Win7 or 8.1] machine”.

Yes you do, you absolutely do.
You can still delay downloading and installing these updates until the smoke clears.

It’s questionable (at best) that they’re lumping all of the updates into 1 patch, but, you still have control over whether you accept the patch, or remain patch-less. That alone means you’re still in control.

JMHO.

Reply | Quote

Highly likely.

Reply | Quote

It may be impossible. Let’s see.

Reply | Quote

Looking forward to it. 🙂

Reply | Quote

I think you mean WSUSoffline – which is very different from WSUS.

Reply | Quote

+1

Reply | Quote

The best solution that I have found for running Windows programs in Linux is to install an old copy of Windows XP as a guest VM in VirtualBox.

You can set up shared folders for documents, etc. that are accessible from either the Host or Guest OS.

Most of the Windows programs that I need to run with Wine on Linux are either not supported, or don’t install or run reliably.

That said there are plenty of free open source applications that are drop-in replacements for many of Windows productivity and entertainment apps. Tons of educational and development software.

It’s just the crossover problem really exists with expensive Windows only software suites that are used by professional and creative folks, such as Microsoft Office and Adobe Creative Suite, etc. But you may find that XP can still run this stuff!

Reply | Quote

Here’s how the MS blog post ended:
“We hope these changes further simply your patching of Windows 7 & 8.1 systems.”

Here was my reply (we’ll see if it moderates through)

They will only simplify things if:
1) Quality control of Microsoft patches improves. In the new model, if one patch breaks something, the entire cumulative patch will be “broken”.
2) Microsoft does not use cumulative patches to release features and changes detrimental to customers (e.g., telemetry updates, the reduction-in-features of GPOs for Windows Professional editions), with the knowledge that customers will be forced to accept them to get the necessary security patches
3) Microsoft fully documents their patches. Currently, about 10% of Microsoft KBs have nothing other than “This update improves the reliability and performance of and then only tells me how to download and apply the update. No documentation of what it fixes or behavior it changes. I refuse to apply these updates, and I provide negative feedback every time, as they do not tell me how they will affect my clients’ systems.

Reply | Quote

Unfreaking believable…

Based on the Trust that MS has squandered in how it approached Win10 and deceptive business practices, this is par for the course.

I currently do two full disk backups of my C Drive Monthly to offline stored disks, run Spybot/Anti Virus, MalwareBytes, CCleaner, another Antivirus program, and PIA proxy and system restore points prior to updating any software or MS updates.

Many sophisticated users don’t want to install certain patches until they are tested in the wild (after a few weeks of release by users) and some patches not at all.

Question for Woody/Users:

1. I currently have not installed Cumulative Updates for IE since MS started it’s Win10 additional stuff, should I now install these in the future because other processes (Chrome/Firefox/Etc?) might use some parts for processing?

2. I turned off Windows Malicious Tool program just basically due to not trusting MS to *not* include other non-security changes. Should I turn it back on?

3. I still have GWX Control Panel Running automatically. I tend to want to keep it running. Should I keep it running?

My view is that I want some assurance from users after installing these new “cumulative updates” that supposed to start in October that it doesn’t include other telemetry tracking and non-security features.

I simply can not trust MS at this point.

Reply | Quote

Yep, you need to install the IE patches, sooner or later, because Windows uses pieces of IE.

No reason to block the MSRT. It’s always been good.

Josh Mayfield recommends that you continue running GWX Control Panel. I don’t run it, but still have it handy, should some other MS patch come along that’ll follow the rules.

Frankly, I think there’s not much chance. Looks like we’re all in for a sea change in Win7 and 8.1.

Reply | Quote

That’s true – it’s control in a fashion, but if you skip this month’s patch, what happens next month?

It’s binary: You either let Microsoft take control, or you don’t get any more patches.

Reply | Quote

In hindsight I think that’s where we’re all screwed, because I assume these patches will be cumulative and include everything in the previous patches…so, eventually you either accept, or you run unpatched.

Ah, the benefits of computing in 2016 and beyond, I guess. [sigh]

Reply | Quote

If you want control as i do, then dont upload any updates. I havent in nearly in 5-6 months. Only uploaded security updates but the latest applied to win 10. I feel that many updates actually create problems needing more updates to fix it. I watch for specific cleared ok updates for my system if needed. But why download if i dont have issues and how can i trust an update to prevent issues? You cant

Reply | Quote

I did a re-read of that article and like several others here, now see the fine print that the Security-only update will not be offered via Windows update.

Security-only updates

The Security-only update will be available to download and deploy from WSUS, SCCM, and the MICROSOFT UPDATE CATALOG. Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update. The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.

Microsoft Update Catalog

The Microsoft Update Catalog website is being updated to remove the ActiveX requirement so it can work with any browser. Currently, Microsoft Update Catalog still requires that you use Internet Explorer. We are working to remove the ActiveX control requirement, and expect to launch the updated site soon.

The Microsoft Update Catalog is here, http://catalog.update.microsoft.com/ but I am not familiar with it’s use.
Also took a look here and found what looks like all of the current security updates seem to be here (sorted by date, need to click through a few pages to see Aug 9 updates)
https://www.microsoft.com/en-us/search/DownloadResults.aspx?FORM=DLC&ftapplicableproducts=%5e%22Windows%22&sortby=-availabledate&q=

Will probably either have to use the above to manage the one Win 7 PC that I have remaining … 🙁

Reply | Quote

The W7/8 Home and Pro user will get this new policy imposed on them no matter what, but is it the same for the Enterprise and Education licensees?

The corporate world tests and retests all patches before they are released to their thousands of users, mostly because of compatibility issues. Testing a package is a whole different methodology and not always bullet proof. These users represent the overwhelming bulk of W7 users (90% or close to it).

If there is no restriction on only accepting the security rollup it may be the get out of jail card for MS. Otherwise, I think the hangman might as well just set up the scaffold now.

Reply | Quote

You’re right. The choice is mine — what shall I choose? Death by Fire? Death by Water? Death by Firing squad?

It’s good to be in control.

Reply | Quote

The Windows Update Catalog, as currently constituted, makes individually installable files (MSUs) available. For the most part it only feeds update servers, such as WSUS.

Remains to be seen if third party tools like WSUSOffline will adapt.

The Download Results do, indeed, include all of the latest security patches. But it’s not at all clear if Microsoft will continue to release them that way. My guess is that they won’t but, hey, we’re talkin’ Microsoft here.

Reply | Quote

Thanks ch100 for your thoughts…….. understand what you’re saying………and yes although technical things interest me……. it’s not really what makes me tick so to speak…. (I’m a Virgo…. a troubleshooter- ha!) and thought need to try it out to see what it’s like……. before deciding whether to go with it or not. It’s got a nice interface etc…… but as I said the programmes I use have become so second nature to me…… to change would be a big step…. and it’s not only the programmes but the plugins that go with them etc….so there’s a lot of stuff I would be missing or wanting to replicate exactly.
But you know for those that merely wish to use their machines for emailing and browsing and playing the occasional game…. and perhaps a bit of social networking Linux would be a great alternative….. so long as you use whatever they have on offer and keep it simple at the beginning.
yes…….. we’ve (or I’ve) become so reliant on Windows…. that moving along so to speak becomes a stumbling block at the beginning…. and I’m not sure whether switching to Apple or Chrome would be any better privacy wise than MS…..
But what the heck……. going to celebrate my 80th next month….. so I tell myself….. play it by ear…… take it as it comes… and enjoy as best one can!! LT

Reply | Quote

@ch100

What you’re saying about Linux used very much to be true. However I installed Linux Mint on a machine for an all-thumbs old man and he’s quite happy with it. Times have changed.

Reply | Quote

If in fact the deal is that updates will be all-or-nothing for users not attached to an update server, then what we have here is Microsoft reneging on its commitment to support Win7 until 2020. Or, more precisely, imposing conditions after the fact on that commitment.

It’s one more thing to add to the class action lawsuit–the argument being that users purchased their software licenses in reliance upon Microsoft’s commitment to support it until 2020. M$ cannot plausibly argue that these changes are a mere technicality, within its reasonable latitude to devise and adjust the means of supporting its software; they are too big and too fundamental for that.

Reply | Quote

It does apply to the W7 Enterprise users. They are not exempt. MS knows they own them too.

Reply | Quote

I’ve turned off CEIP and specifically *did not* install the patch that was a “Telemetry Agreement” (KB3075249) and other telemetry patches.

Since MS felt it necessary to release a Telemetry agreement patch, they must have thought that previous agreements needed that amendment. Or what changed? 🙂

That would be interesting to see discussed in a future suit.

I wonder if this and other patches that some users specifically did not agree to will be included in future cumulative updates without adequate documentation and/or consent notification?

For some reason I get the impression that the actions of MS are due to several different factors and the servicing of multiple masters.

Ability to service users and streamlining costs/support.

Marketing (Ad Serving)

Future Support Models

Tracking/Telemetry

Governmental agency agreements that can’t be disclosed by MS.

Reply | Quote

I’m sure enjoying Linux Mint! Doesn’t leave a bad taste in the mouth. I do occasionally boot into Win 7, but I don’t need to go online with it, so no more updates for me.

It is amazing to me how much goodwill Microsoft has squandered in the past year. I went from preferring Microsoft products to loathing them, all in the space of a few months.

Reply | Quote

There are choices in Windows Update to “Search for updates but let me decide whether to download and install them” and Download updates but let me choose when to install them.” My guess is that MS will patch these choices out of existence or render them inoperable. So even delaying patching till the bugs shake out may not be an option. And who’s to say MS will even fix the bugs if you delay.

I have been using Win10 Tech Preview since Oct 2014. Even with what MS is doing to Win7 & 8, is a move to Win10 an option for me? Not NO, but HEQQ NO!!!!

How can this legally be called SUPPORT?

Reply | Quote

Ha, I can’t wait for Microsoft’s implementation of this change in how updates are delivered. I’m sure it’ll go as smoothly as the Windows 10 roll out and its bundled updates. If this is the future of Windows, my current Windows 7 system will most likely my last running Windows. If there continues to be a mechanism to stop the updates in October, I won’t install the updates through Windows update.

Reply | Quote

Quite right (http://www.wsusoffline.net/).

🙂

Of course, it remains to be seen what compatibility / flexibility the new M$ updating system will offer… .

Question, Woody: if at the end of the day one chooses to install a roll-up patch that contains objectionable components (for example, telemetry), would it not still be possible, in general, to disable many (if not all) of them through Services and / or the Registry (perhaps with a regularly-updated application similar to the GWX Control Panel)?

Reply | Quote

GWX Control Panel is based on registry entries that Microsoft itself set out as disablers. They had to be prodded by Josh before they got the documentation right – but in the end, all of the registry entries were established by, and adhered to by, Microsoft.

I doubt that Microsoft’s going to give us the same flexibility with the post-October updates. I think the old switches – Customer Experience Improvement Program, for example – aren’t going to do much to the new order.

But who knows? We may be pleasantly surprised.

Reply | Quote

@Nick

“Yes you do, you absolutely do.
You can still delay downloading and installing these updates until the smoke clears.”

1. Smoke ain’t never gonna clear.

2. What if one of the patches you finally install removes your options to “never check” etc.?

Reply | Quote

What about MBSA 2.3 post October 2016? Any use?

Reply | Quote

Per the earlier remarks by a commenter,the
time has finally come to begin planning for migration to a new non-MS operating system.

This is all you will need:

http://www.majorgeeks.com/files/details/universal_usb_installer.html

Universal USB Installer allows you to pick a
form of Linux you like-for example Mint
Cinnamon.

It then downloads it and puts it on a USB
memory stick that you can boot to,allowing
normal use of Windows until you are ready
(or when MS forces you) to leave Windows.

The entire thing took less than 10 minutes
and it works fine.

Thanks a lot,MS.

Reply | Quote

Every container can be prised open, give it time..

Reply | Quote

My two humble copper coins:

I usually install the security update for IE 11 within a few days, because it’s always “critical” and I do use IE once in a while. I check in here for a few days before doing so to see if said update is causing calamity.

I always hide the MSRT simply because it does send what it finds/doesn’t find from the scan to MS. I’m sure that third-party malware scanners do too, but any telemetry that I can avoid with MS is a relief.

But I’m pretty neurotic. 🙂

Reply | Quote

As I only want the ‘security-only’ update and due to the fact that MS will not be delivering it through the windows update service, I will be turning off windows update at the end of August.

Unfortunately it means I have to go to the MS catalog every month to get the security-only package but I see it as keeping W7 as it is, and not a W10 wannabe.

Reply | Quote

Microsoft, I know you don’t read these comments or care, but now it’s official: I SINCERELY HATE YOU. You need to understand that there are intelligent computer users out there who do not need to be treated like infants!!! That’s exactly what this is. You’re treating all of us like infants! This is extremely insulting and offensive to computer users like me. I know how to use my computer. I know what I do and don’t want to be installed onto my computer. I don’t need this!!!

Microsoft, it’s official: you suck. I used to like you because of Windows 7, but now I hate you because of this. You are the worst! This is absolutely stupid! I have been avoiding Windows 10 FOR THIS EXACT REASON (among others), and now you bring it to Windows 7 and Windows 8.1?!?! WHAT TH8E HELL IS WRONG WITH YOU? Aren’t you paying attention to anything anyone is saying about that crap you call Windows 10?!

Good grief. If you think that this is going to make people like me get Windows 10, THEN YOU ARE SORELY MISTAKEN. Now I am even more determined to avoid that worthless and stupid operating system. You need to realize that not all of your customers are computer-illiterate invalids who are just glad they know how to turn their computer on.

Reply | Quote

No idea if it’ll persist past October.

Reply | Quote

Will those cumulative updates also include the drivers? If there will be mandatory driver updates then windows 7 / 8.1 may become unusable on old computers equipped with older hardware that is incompatible with newer versions of drivers.

Reply | Quote

Here Here!

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

Reply | Quote

“based on your feedback”

Nobody asked me! Linux or Mac or Android – that is the question .

Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.

Reply | Quote

Woody;

Perhaps you or the many other tech experts who post here can suggest ways to reduce M$ spying by using third party software and/or hardware.

Router firewalls?

Sophos XG Firewall Home Edition

https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

“Our Free Home Use XG Firewall is a fully equipped software version of the Sophos XG firewall, available at no cost for home users – no strings attached. Features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more.

NOTE: The Sophos XG Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process. Therefore, a separate, dedicated computer is needed, which will change into a fully functional security appliance. Just right for the spare PC you have sitting in the corner!”

Reply | Quote

This is outrageous. I guess it’s time for me to shut off Windows Updates again and permanently disconnect the ethernet cable. I use my PC mainly as an oversized Xbox and I have a Linux laptop and Android tablet I can use for internet stuff, so I won’t be inconvenienced much at all.

Reply | Quote

Woody, how would we be able to re-build a Win7 OS? I am speaking here from the perspective of a non-corporate.

CT

Reply | Quote

Highly unlikely they’ll contain driver updates.

Reply | Quote

Details aren’t clear, but I assume you’d install “SP2” then let the cumulative updates rip, until MS catches up by rolling the old patches into the new cumulative patches.

Reply | Quote

SP2. Does that exist yet?

CT

Reply | Quote

Sorta. See http://www.infoworld.com/article/3071689/microsoft-windows/new-windows-7-and-81-patches-usher-in-the-future-of-rollup-updating.html

Reply | Quote

I am not surprised one bit, months ago I told you guys that to block any connection to Microsoft servers sooner or later will be the last option remaining, which always implies to migrate to another OS and keep your isolated older Windows version only for that one indispensable purpose for which you think it still is needed. For me, that are some simulations and games exclusively, for others, it may be other software, graphics editors or whatever.

You may want to consider to stick with older versions of software you use that are more easily compatible with Windows running in a VM and under a foreign OS.

I think people have to really try harder to understand that they are no longer an appreciated customer of Microsoft, but a nuisance, a pest. MS cannot make money with Windows and Office anymore, their bets for hardware – tablets and phones – more or less exploded them into their faces, and they have shifted their business focus to big business and especially servers fundamentally. >>They do not want you any longer, you cost them money, and give no returns<<. Private customers using Windows just force them to spend on patching where there are no more possibilities to make financial gains. If you leave Wndows behind, or threaten to do so, you do not hurt them, you do not intimdiate them – but you do them a favour, for they can leave behind a non-profitable business branch then. So you have to understand that you can curse and hope and pray and threaten them with boycotts as much as you want: you are weaponless there, since the object of your threat is no threat, but would be a relief for them. If they could, they would press the magic button and have all Windows customers disappearing, simply.

Get it, guys. Windows is dead. The era of Windows is over. Come to terms with it, and ready yourself to base on software not basing on Microsoft. The earlier you do, the earlier software developers will realise what hour the clock is showing – and will start to develope their programs for other OS. If you try hard to keep Windows alive, you are counter-productive, you block the needed transition.

FORGET MICROSOFT. Do no longer invest in hardware basing on Microsoft code, Windows. Demand producers to develope for non-Windows OS.

Sorry, Woody, nothing is meant personally against you here, I do not mean to ridicule or minimise what you are doing here and in your efforts to inform people on workaround and imporvised broken inteirm solutions. In the 10 months or so since I discovered your blog, thignbs turned worse and worse, for W7, for W8 nand for W10. Your battle is in vein. You are putting your money not on a wrong horse, but on a dead horse. Again, I do not mean to attack you, by far not. I appreciate the good intentuon – but I think you allow to have it being turned against you. Let peoppe feel the stings of MS' policies. Let them experience the dilemma. Patients feeling no pain are hard to treat, not before they scream peoppe start to consider getting proper therapy. And the only proper therapy is – abandon Windows.

Those of you being adminstrators for companies: better invest your energy into convincing your superiors, than into keeping a dead horse running. Its dead. And then talk to them again, and again, and again. Microsoft will do its share to help you – by implementing more and more problems into its enforced updated Windows.

I am so serious here that I have ended my Linux test via dual boot on one system, and have now embarked onto getting a second system for Linux, and only for Linux. Everything, all and evertyhing except launching Flightsims will be done from that one on. And if one day W7 does not work anymore on new hardware when my current PC breaks down, I will leave Windows-depending gaming behind, and move some games like Assetto Corsa to consoles, where a very few PC simulations work 1:1 like they did on PC. I'm done with Windows and Microsoft. Never again.

Best wishes to you all, and to Woody, but I will never comment again in this blog. There is no need to maintain it or the commenting any longer, I think.

1 user thanked author for this post.

WSkenarmstrong

Reply | Quote

So, back in May, they announced this roll-up combo patch thing.

The best I can figure out, that means when I re-install a system, after September, I will have no choice but to include all patches including the ones that grease the slides to win10 and install intelligence gathering?

CT

Reply | Quote

I can probably live with the security-only update, that is, if it really is only a security update.

I wonder what will be included in the name of “security”?

Reply | Quote

Will this be an option? If so I’ll probably do the same and just download the security-only package every month manually since I won’t be able to get it through WU.

Reply | Quote

Nobody knows just yet.

Reply | Quote

The patches that grease the skids are likely to be pulled. But as for the rest… yes, I’m sure that’s part of the plan.

Reply | Quote

You’re welcome back, any time.

You might’ve noticed that I have a special respect for Linux proselytizers…

Reply | Quote

Not on desktops. It is mostly about servers and primarily web servers which have been based on *x systems in the past too.

Reply | Quote

Use the installation CD with SP1 and run Windows Update on Automatic until it catches up. Install everything and you will be absolutely fine. But do this sometime before the next round of updates.
Another method more involved is to use of the other settings for WU and not installing only the last months patches, while installing everything else.
No point in looking for complications where there are none at the moment.
Once you have a full build, take a disk image with one of the known tool and replicate if not in a domain – you already mentioned this is for non-corporate. In a domain, you need to use Pro or Enterprise and sysprep the image before sealing yet.

Reply | Quote

Well, here’s hoping it will be *crosses fingers*

Reply | Quote

Yes we do know. In the TechNet article, the Security-only update can be downloaded from the Microsoft Update Catalog which will be updated to remove the ActiveX requirement so it can work with any browser (by the end of September).

Reply | Quote

The era of mass “personal computing” is coming to an end, to be replaced by “centralized computing” model similar to back in the 1970s & 1980s.

“All hail the Master Control Program!”

I’ve been grumbling about moving to Linux for years and years, and since MS has eliminated any remaining hope of me having any control over a Windows computer, I think it is finally time to move on. Win7 machine will be unplugged from network and used only for games & programs that only work properly on Windows.

Reply | Quote

But how do you know non-enterprise users will be able to use it? I would not place even a penny bet on microsoft allowing pro and home users to install this. You’ll probably get a ‘this update is not applicable to your system’ message when trying to install it. My fear is we’ll have two choices: either accept the monolithic rollup with security patches and all the other crap or nothing at all. And going even further than that, as pkcano said…

‘There are choices in Windows Update to “Search for updates but let me decide whether to download and install them” and Download updates but let me choose when to install them.” My guess is that MS will patch these choices out of existence or render them inoperable.’

I can well imagine microsoft doing this, pushing win 7 & 8.1 users down a forced updating route.

Microsoft, you are utterly shameful and a disgrace to the i.t. industry.

Reply | Quote

Although it is somewhat difficult to abandon Windows entirely at this time, I have been running a Linux distro in a virtual machine for many months in reaction to the heavy handed GWX campaign conducted by MS. I have been evaluating/learning Libre Office as an alternative to Office and using Thunderbird for some email accounts. Linux may not be the entire answer at this time but I have concluded that the basic research to locate an acceptable off ramp from the MS Windows environment being imposed on users is both reasonable and likely necessary. The worst thing is to allow yourself to be caught totally offside without developing a good sense of what your available options are near term and in the future regarding a viable OS. I am just not comfortable with the current leadership at MS and believe the way events are evolving justify my skepticism. I wish it were otherwise because it is always difficult to time the exit from an abusive relationship.

Reply | Quote

You’re right.

“The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog.”

If it unfolds that way, there’s a decent, if convoluted, chance for folks who aren’t attached to update servers.

Reply | Quote

Thanks Marc, You voiced my sentiments exactly. I respect a person who says it like it is. This is becoming a lost trait in this world of today. Don’t change, stay the way you are. You are a rare asset.I will be dumping Microsoft from my life and migrating over to a Mac or to Linux on my computer. Microsoft has lost all ethics they once had.I will never again purchase any product produced by Microsoft.
Sincerely,
Herb Kelly

Reply | Quote

Does Microsoft really believe that the vast majority of corporate users of Win 7 and 8, for whom this could be a productivity disaster, will stand still for this? Or, for that matter, that an endless stream of individual and small-business users won’t band together (with or without their corporate brethren) and get some sort of class-action suit together to block this? I resent that Microsoft believes that using its software entitles them to make changes to OUR computers, which we purchased with OUR money, and which may cost US time, effort, and more money to fix? When Microsoft buys me a computer, they can do with it as they wish, but when I’ve purchased the hardware, I will make the decisions about what does and does not go on it, thank you very much. If that means no more Microsoft OS, then so be it.

Reply | Quote

There is another aspect with Linux. The distributions come and go so often that it is not very practical for a non-hobbyist end user to use any of them. Linux Mint was unheard of until not long ago when everybody was talking only about Ubuntu and Fedora or more exotic distributions for enthusiasts and experimenters. There is no guarantee that Linux Mint will stay as it is or that it will be supported at all in the near future or medium term.
It is good to know for those less informed who somehow believe that Linux would resolve like a “magic patch” all their computing issues.

Reply | Quote

I just wanted to clear the air on this. I couldn’t care less about Micro$oft or whatever their current strategy is. I dislike Win10 with a passion and actively refute the shills that claim that it speeds up their computers after an update. Win10 is a very calculated smokescreen for active control & shoving advertising onto the computer.

All that said, I am actually on board with this monthly update rollup bit. From the CONSUMER and END USER standpoint this is a fantastic and convenient way to just get ‘all in one’ updates that have been (hopefully) tested and work well together. Trying to test every possible combination of updates that may or may not work well without other dependencies is a nightmare for M$ and for us. This way you know that everyone with the November rollup will have all prior patches.

Do any of you enjoy sitting there for hours and downloading the individual updates? Is that cool for you?

I don’t get why anyone here is complaining since RIGHT NOW and for years now you can use utilities like WSUS Offline Updater and others to download ONLY those patches you need and screw the rest. Keep your ‘all in one updater’ on a backup hard drive and have it ready to go to copy to a USB flash drive to help friends/neighbors get caught up.

Only now the thing is that if they use these update rollups then they’ll get everything in one go without needing to worry about you swooping in to help them.

Being able to avoid bad updates is a lifesaver. We aren’t being FORCED to install updates immediately on Win7 so just wait a week after release before installing them. Maybe you want to wait a month or two. They’ll be differential and incremental patches so those that update every month will have smaller downloads but it all works out.

I would like M$ to get off their ass and offer an alternative for business/admins/powerusers so that this s***storm can blow over. We have far more pressing issues to worry about.

At the end of the day the solution is simple.

TLDR: Their OS and their rules; use Linux-based OS if you don’t want to deal with their stuff. OK? Ok.

Reply | Quote

I think that what MS is saying is that “enterprise customers” (a.k.a. big businesses, institutions and the like that run hundreds or thousands of PC’s) will be able to get the security updates only, **if that is the only stuff they want to install**. It does not insinuate that you have to be an enterprise to access and download the updates nor do you need to be running an enterprise version of the OS in order to obtain them. On the last part, that may change in the future if MS wants to block Pro versions, savvy tech users and IT admins of small/medium size businesses and institutions from circumventing the “new and improved” version of updating, a.k.a. ‘cumulative updates’ ‘rollups’ or whatever name they give it.

I’ve downloaded and installed stuff that came from the Windows Catalog site on many of my individual and personal machines running windows 7 Pro, and I’m not an “enterprise”; MS never asks for any sort of user ID to confirm that I’m “allowed” to download stuff from there. So in essence, my take on this is I think we’ll all be able to get only what we need (the security updates), until MS closes that door to regular users.

Reply | Quote

sadly, MS has become increasingly more difficult for “computer illiterates”… I’ve spent hours trying to find out how to do updates that used to be simple. I see the same trend… I was disappointed in the time wasted finding my way around silly gimmicks in Win 7. I’ve wasted time trying to shut down the win 10 extortion, stops my system from fully starting up and even an computer illiterate, is concerned about the control MS intends to take…
The graphics programs I’ve used for many years have made their new software, to work with Win 10, unable to access older files… 15 years of design work will be lost… and the need to purchase new versions of all my software at once, is beyond financial possibility now…

I’d thought, if I have to spend so much and lose so much, might as well make the move to Apple… was not an Apple fan… now even less fond of MS

and I’m not the only one…

Reply | Quote

Yep, so do I. Microsoft Update Catalog will become our “safe haven” until it can no longer fulfill that role.

Reply | Quote

I don’t get why updating for people is such a problem other than if a patch might break/brick your system. People really should install security updates at least.

Reply | Quote

Microsoft has a long and sordid history of breaking machines with their patches.

http://www.infoworld.com/article/2889295/microsoft-windows/20-epic-microsoft-windows-auto-update-meltdowns.html

http://www.infoworld.com/article/2606984/microsoft-windows/82741-Worst-Microsoft-Windows-Automatic-Updates-of-2012.html

http://www.infoworld.com/article/2612971/microsoft-windows/microsoft-s-13-worst-missteps-of-all-time.html

and many others.

Reply | Quote

Based on an Anonymous post earlier, it looks like there will be a way to circumvent the forced updates. I’ll be testing the living daylights out of it, when the time comes.

Reply | Quote

Privacy concerns are also an issue for some, depending on the OS.

Reply | Quote

Got my first rollup in win 7 home prem.updates today 8/16/2016. I hid it for now to wait and see if there is an easy way of breaking down this rollup (KB 3179573). I fear a snake crawling out of this chicken egg and devouring my home computer. MS will hide “snakes” in these monthly rollups because they are vindictive over the big loss in Win 10.

Reply | Quote

There are some missing links in all of this. The fact that only security patches (indeed, only one security patch per month) will be posted on the Update site will be a constraint. The fact that non-security patches are cumulative will be another constraint.

All in all, it’s starting to look like protecting your Win7/8.1 machines will be possible, but it’s going to get a bit tricky.

Unless everything changes. Which it well may.

Reply | Quote

Actually none of my clients (they are common users) find actively screening Windows Updates rather simple and have done it for close to a year now.

The system we use is based on the fact that MS has not released a single update that improves Windows 7 since 2014 and doubtless ever will. The only NON-security updates for WINDOWS are updates that grease the skids to Win10 or install spyware.

So, this is how it works:
Set WU to Never. Once a month (at least a week after patch Tuesday) start WU manually. When you get the list of updates, do not install any Optional ones, do not check mark any that are not already checked. Find the updates in the Windows section that are not titled Security. Hide each and every one of them. Proceed to update.

If MS will provide a single update that is only security updates to ordinary users, that would fit my requirements just fine. Unless and until they include a security patch that is not.

I am also very concerned about the problem of re-building OS’s when hard drives go bad. How will that be done?
My big question is will they do that?

CT

Reply | Quote

I’ll be reading up on what you discover, Woody.

And thank you for making time to on experiment on all this; because it is time-consuming!

Reply | Quote

This is pretty much what popped into my mind when I first started hearing about “the cloud is the future” of computing a few years ago. How nice, we are actually almost going back to the beginning of computing times – the 60’s and mainframes holding all the data and processing power with the user having a “dumb” terminal and of course, zero control over anything.

Reply | Quote

That is a very pertinent question!! It is one of my tools for confirming security compliance. I too, am very curious as to what will happen after october!!

Reply | Quote

You know, I’m really starting to think that a few years down the road, the dominant operating system will be produced by Google – if bring out a fully-featured operating system within the next couple of years, they’ll be able to get a lot of people who are just tired of Microsoft’s antics.

And if a few years from now, we’re all running Google Chrome OS [insert version number here], this will be the moment it started: it feels like there is just no goodwill and trust left. Even if by some miracle Microsoft remains entirely above board, and actually respects user autonomy, who’s going to trust them enough now to give them the chance?

Reply | Quote

Microsoft management finally did it. They had been creeping ever closer to that edge, but now they have finally crossed over and dropped the pretense that I’m a customer. Despite the ‘sincere’ marketing-speak and corporate hand-waving, they have finally demonstrated that, in their eyes, I am a commodity… and nothing else.

I’ll put up with that from a company whose products and services are free. In other words, if I haven’t paid for a product, both the company and I understand that they need a revenue stream to allow for the product’s continued free use- I’ve decided to use your product, no problem, here’s my information.

This same type of business model is unacceptable, however, when I’ve paid cash for the OS as well as the office suite. It gets much worse, however, when Microsoft’s management tries to foist this crap on me with sugar-coated malfeasance: “…it’s our ‘new and improved’ product, dummy, look at all these features!” Stop it. Please. Cortana, targeted advertising on my desktop, and constant system monitoring “for a better experience”, doesn’t make my day any easier.

Microsoft management is throwing beads and blankets at its customers …sorry… its “commodities”, and getting Manhattan Island in return. It takes thought and effort for most of Microsoft’s commodities to 1)understand what’s happening, 2)understand the possible consequences, and 3)find and use alternative products. Microsoft management is betting, with very good odds, that too much thought and effort are required for items 1-3 to even be noticed by its commodities.

I’ve tried different Linux distros in the past, but was too lazy to stick with it. Windows was easy and I had too much other stuff to do.

Believe it or not, I’m really not the “angry crusader” type, so it’s hard to believe that I’m saying this and actually meaning it: I guess I’m committed to using Linux now.

I’ve got until the end of September to install, configure and learn Linux. I’ll have to find alternatives to Windows software that don’t have Linux versions. I must either learn and run Wine or run Win7 in a VM for those apps for which there is no alternative. I also have to get good enough at this to do it for my family’s systems, too. Ugh.

I guess learning this stuff beats mindlessly browsing the web or watching “just one more” movie on NetFlix, but Microsoft’s management has gone too far, and I’ve got a choice, however much a pain in the rear it may be. I’m not a commodity.

Reply | Quote

I’m not getting the reasons for your [tentative] optimism. Isn’t it true that the Update site downloads only to users who are running servers?

Reply | Quote

@Josh While I generally disagree with most of what has been posted under this thread, there are legitimate concerns about patches breaking systems. Woody posted some of those relevant links.
I would add that a lot of users have experienced slow scanning for new updates, which defeats the purpose of making the updating experience as easy as possible. This may have as end result quite the opposite of what was intended, i.e. attracting as many end-users into patching to make the Internet as a whole more secure.
The posts in this thread reflect the frustration of many of those users who experienced this sort of issues which while they are easily resolved by those who know how to do it, for all others the process being more difficult than it should be raises a lot of justified and most of the time unjustified suspicion.

Reply | Quote

Apparently that’s not the case. Based on one sentence in the announcement, it looks like regular ol’ folk will be able to download and install monthly batches of security patches.

Of course, this is all theoretical – we haven’t seen any of it in practice. But if true, there’s a possible way for people who aren’t connected to an update server to keep their machines patched, without installing the non-security stuff.

I think.

Reply | Quote

Yes, but…. Google mines ab-so-lute-ly everything. If you use a free Google product (and I use many!) you have to accept the fact that your history will be used to serve up ads.

Reply | Quote

It is almost certainly too much to hope that the largest OEMs (such as HP, Dell and Lenovo) might be able to prevail upon M$ and steer them away from the abyss they are now headed for at full speed. So, to echo and build upon some comments by others, developers of professional software (such as for the financial services industry) would be well advised to now begin creating versions of their offerings for the Linux and Mac platforms — and hardware vendors drivers for their devices.

(Oh, and the Apple Corporation might wish to send a thank-you note to Redmond… .)

Reply | Quote

This is what I find in the announcement:

Security-only updates

Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available. The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog. Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update. The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.

…and this:

Microsoft Update Catalog

The Microsoft Update Catalog website is being updated to remove the ActiveX requirement so it can work with any browser. Currently, Microsoft Update Catalog still requires that you use Internet Explorer. We are working to remove the ActiveX control requirement, and expect to launch the updated site soon.

Not sure what sentence you’re relying on. Sorry to be a flyspecker.

Reply | Quote

Google as a company is a lot worse than Microsoft for many reasons.
If Microsoft was rightfully accused of setting their own Internet standards with IE5 & IE6, then Google Chrome, while Internet standards compliant, is a huge offender when it comes to being compliant with the rules of the host OS. It is the major reason why Google Chrome is not widely used in Enterprise and why most sysadmins prefer IE, because unlike Chrome, IE is a professional product. It looks like Chrome project was started by a very talented kid with no idea about professional software and now it is too late for structural change. I am wondering if there are technical and security considerations in Google Maps being restricted by Apple on iOS, beyond the obvious rivalry and politics played by Apple and Google.

Reply | Quote

For those in this thread that are finally looking at Linux or other *nix distributions, “It’s about time”. A lot depends on what applications you need to run, but for a typical “browse the web, do email, write some documentation” almost any distribution will do fine. Older hardware works fine (amazing how fast it can be) so don’t toss the old stuff out just yet.
My desktop at home has been Linux or a BSD for at least 20 years, it’s been a while since I couldn’t do what I needed to.

Reply | Quote

re: JC Denton

“… We aren’t being FORCED to install updates immediately on Win7…

Yet.

Reply | Quote

@Woody: I can’t locate the thread I just posted 2 comments on, so I’m going to this one.

I just wanted to “clarify”: It’s not just the “never-ending search for updates”, it’s the inability to even install ANY updates listed. When you click on an update, it never shows any progress, just keeps on churning away.

My apologies for the lack of accurate reporting. I’m just so distressed, and burned out that I can’t even think straight anymore. Thank you for all of your help in the past, as always.

Reply | Quote

re: ch100

“…they are easily resolved by those who know how to do it, for all others the process being more difficult than it should be raises a lot of justified and most of the time unjustified suspicion.

Unjustified?

“Microsoft has ratcheted up its Win10 upgrade efforts, going from an irritating advertising campaign to “reserve” an upgrade (reserving free bits — what a marketing concept) to “accidental” forced upgrades to increasingly dicey signup notices (“Upgrade Now/Upgrade Tonight”) to hidden folders with 3GB to 6GB of unwanted downloaded data to GWX processes that automatically restart themselves. Those are the more noticeable dirty tricks.”

excerpt from: http://www.infoworld.com/article/3074096/microsoft-windows/hit-by-an-unexpected-windows-10-upgrade-heres-how-to-recover.html

Oh yeah, don’t forget the red x for accept.

Reply | Quote

@ Charlie;

Hear, Hear!

Reply | Quote

Relax. There aren’t any updates being offered that you really need. Some day you’ll want them. For now, stay away from IE, don’t use Flash or the Adobe Reader, and you’ll be fine.

Reply | Quote

It’ll all be clear in about five minutes, when my editor releases the new InfoWorld article. Actually some interesting stuff, spurred by an Anonymous poster here.

Reply | Quote

Microsoft is certainly building versions of their offerings for Mac and Android.

Reply | Quote

@Woody: Thank you for the response to this one which was posted in the wrong thread. The only update I would like to install is the KB3177725 because it’s the only one that I don’t have that’s on the Dalai (sp?) list. Printer should not be a problem.

Last month when I installed the only update I had that wasn’t on his list, it fixed everything immediately.

Thank you again for all of your advice, I know how busy you are and you do a fantastic job. 🙂 🙂

Reply | Quote

@ch100

“It is the major reason why Google Chrome is not widely used in Enterprise and why most sysadmins prefer IE, because unlike Chrome, IE is a professional product.”

With all due respect, you can’t be serious.

When you speak with various brokerage houses across the US, tech support people are using Chrome and so are a large % of their customer bases. Why? Because it’s hassle free AND secure. 5 years ago, that wasn’t the case. I think you need to update your survey on Enterprise use of Chrome browsers.

Reply | Quote

Can’t really disagree with you there about the data mining…one can only hope that Google’s new operating system – if it is indeed Google’s answer to Windows 10, as the timing might just suggest – actually takes user privacy into account. This may be aiming far too high, however.

The thing is, just looking at what has happened over the last year, it really feels like Microsoft has just handed Google and Apple the OS market, gift-wrapped. They couldn’t have destroyed customer trust and confidence more effectively if they had been trying to – the hubris involved on Microsoft’s end has been staggering. It will take years for any changes to play out, but this could be the first true sea change we’ve seen in the market in close to three decades.

Reply | Quote

@Analog Anachronist

https://support.microsoft.com/en-us/kb/3080351

GWX Control Panel is based exactly on this article, which according to Woody who knows the history of the revisions for KB3080351 was updated based on feedback from Josh, the developer of GWX Control Panel.

Reply | Quote

+1

Reply | Quote

If you really want to speed up update scans, and don’t care about the obscure printing bug, sure, go ahead. But I still recommend that folks hold off on installing August updates.

Reply | Quote

Well, without a doubt this is going to mean that telemetry updates will be bundled with the monthly rollups. I’ve managed to avoid those so far, but by the sound of it, that’ll change come October.

So in a way, this is Windows 10 by the backdoor. Your current Windows version will still look the same, but Micro$oft will be peering over your shoulder from now on collecting user data and serving you ads no doubt.

I can’t see myself tolerating either for any length of time and can only hope that somebody will come up with a tool to separate security patches from the rest of the dubious updates. If not, then I guess I’ll be looking at Linux as well shortly.

Reply | Quote

But… it looks like MS will be posting the security patches separately. See http://www.infoworld.com/article/3108572/microsoft-windows/a-peek-at-the-future-of-windows-7-and-81-patching.html

There is hope.

Reply | Quote

Given the information we have been presented about this topic, I don’t think he was over-reacting.
(Obviously, I am no expert, just a rational customer who does not view MS and its actions, intentions, and products through rose-tinted lenses.)

Reply | Quote

+1

Reply | Quote

For the most part, the commenting sections on Woody’s site are of a high level and genuinely informative and instructive, not just banter. Reading the below-the-line discussions here, in conjunction with reading Woody’s writings, always expands my knowledge greatly (of whatever topic is being discussed).

To “Hypnotic Freddy”, I too am not a computer-techie person, and I too am feeling a bit overwhelmed about what these brand new changes to Windows updates are going to mean for me.
Do stay with us here in the comments sections, because if any set of people is going to figure out the best way to handle this new state of affairs, it’s Woody plus the commenters (particularly the other computer experts and advanced users who share their knowledge) here at AskWoody.com! 🙂

Reply | Quote

And I’ll repeat something I said a few threads/blogposts ago — the “sleeping” lion in the corner might just have one eye half open! (Meaning that it is way too early to let our guards down and expect things to return to “normal”.)

It has come to pass as I expected — instead of Microsoft’s becoming docile and like-the-good-old-days after the July Get-Win-10 deadline passed, they merely ratcheted up their campaign to usurp the safety, privacy, and the partial-control-by-the-owner of our Windows 7 machines.

They have many arrows in their quiver and it seems to be a fight to the death. [Even if in the process they are causing their own downfall (albeit only partially, as they could lose all of us and still be a major company for some time to come).]

I haven’t done any patches since the first week of July when Woody said it was okay to install (selectively) the patches from the month of June. I’ve felt too much discomfort about their underlying strategies and underhanded methods, particularly when they would know that a lot of users would let their guards down after the Get-Win-10 deadline had passed.

Perhaps, given this latest wrinkle, I will only patch one more time, prior to the introduction of the new updating regime, and that will be it for my machine.

It’s quite upsetting. I’m not an IT person and I don’t want to have to bother with this stuff, it requires overt and tacit knowledge that I don’t have and don’t want to learn, and I am going to be worried about how exposed my computer might be after it no longer receives the major fixes (even though I’m pretty careful with it generally).

Reply | Quote

Saw the article, was going to rant like quite a few other posters but I’m not going to. Bluntly, what the heck does Microsoft think they are doing? I knew something was going to happen after July 29th, and it happened. As for the snooping, in my opinion, Microsoft can snoop all it wants on mine, all they will see is a college student that plays computer games in their spare time… Brilliant use of resources Microsoft, snoop on users that are just doing normal stuff on a computer, last I checked there’s a class of idiots that Microsoft falls under, & that’s the kind that has nothing better to do than waste time snooping on normal computer usage.

Geeez, & I thought the hate apple gets was bad…

Reply | Quote

Lawsuits can take years to fight and be concluded — but we need the use of our Windows 7 machines now. By the time a lawsuit is going to matter, Jan 2020 will be here anyway.

Reply | Quote

+100

I’m an intermediate user who’s dabbled with different Linux distributions for several years. My experience suggests that Linux is far more complex and less user-friendly than it may initially appear, even among more popular distros such as Mint. The newer interfaces may look slick, but most new users would eventually find themselves overwhelmed by the need to manually edit configuration files or enter cryptic command strings in a terminal window. It’s often reminiscent of DOS, but without the robust support. Indeed, each distro has its limitations: It will break, although the malfunction may be less obvious than in a commercial OS.

If you’re curious about Linux, please try it! Just be certain your expectations are reasonable.

Reply | Quote

Normally I skip past posts that have lashings of CAPITALS and exclamation points, but I read yours, and it was refreshingly cathartic for me! 🙂 You said it.

Reply | Quote

Wednesdaytgw, that’s a problem that I have too — several programs that I use only work with Win 7 or earlier, and if I go to Win 10 (which I don’t want to do) or if I move to Apple, I’ll have to spend a lot more money than just for the new hardware and the new operating system in order to replace the programs — and maybe my older files won’t even be readable.

Reply | Quote

@Jim, people here in the comments, including Woody, seem to be saying (if I have understood them correctly) that there is no guarantee that the ordinary Windows 7 home user will be able to access that security-only update — it will probably just be for large business customers.

[Though maybe there is more information on this issue today (Aug 17) — I am still getting caught up with reading Aug 16’s entries here at AskWoody.com]

Reply | Quote

I have hope – hope – that Win7 Home and Win 8.1 Home users will be able to install security updates only. See the end of http://www.infoworld.com/article/3108572/microsoft-windows/a-peek-at-the-future-of-windows-7-and-81-patching.html

Reply | Quote

AV and anti-malware are terrible front lines of defense. Unfortunately, the single best front line of defense is installing security patches in a timely manner.

Reply | Quote

Interestingly, Office is not mentioned – so I wonder if we’ll still get individual Office patches.

Reply | Quote

@JC Denton,

Regarding your comment “I don’t get why anyone here is complaining since RIGHT NOW and for years now you can use utilities like WSUS Offline Updater and others to download ONLY those patches you need and screw the rest.”

— WSUSoffline is a third-party program that was started by a German magazine.
I have not tried it, but I wonder if it is easy, comprehensive, safe, and trustworthy *enough* to be heavily relied on by a non-techie person.
(It appears from what he has written in the past that the program is not something that Woody chooses to endorse. That doesn’t mean that he dislikes it, of course, but non-techie users need options that are very reliable and straightforward.)

— In the future, how is a third-party program like WSUSoffline going to get access to individual Windows updates for individual home users to choose from and selectively install, if Microsoft itself has pledged not to give anybody access to the individual updates?
It appears that programs like that will not be any more privy to individual updates than anyone else.
The major, unprecedented loss of access to choosing/rejecting individual updates is WHY people here are complaining.

I cannot see how the situation is going to be such that “it all works out”, as you conjecture.

——-
Also, telling people to just go to Linux is not a solution for 90% of us. It’s certainly not that simple. Many people will just not be able to. And that is not their fault. Linux is not an easy, appropriate, immediately-actionable solution for most *ordinary* people.

Reply | Quote

Cumulative Updates, loss of control, and my small business:

Uh, no. Hell no!

A Win 10 morph is NOT the operating system we licensed. There are good reasons we’re not running Windows 10, but have continued with Windows 7 and 8.1 systems.

-Noel

Reply | Quote

ch100 is right on the money.

Google software is the outgrowth of child’s play programming. IMO, any “house” that’s relying on Google software to do business is run by people who should know better.

-Noel

Reply | Quote

Sad, but true.

Reply | Quote

@ch100

You are correct that the change to Linux could be a large adjustment for a Windows user that is a non-hobbyist and is very well at home with their Windows ecosystem, applications, and workflow. I would say that moving on to Windows 10 would probably be for the best in that case. Like it or not, it is the future of Windows.

For a casual user that just needs a web browser for web, email, and social networking, and never bothers to install local standalone apps, the Chromebook or Chromebox is truly the way to go. When my 86 year old Dad’s computer died, I dropped in the Chrome thingy and he was off and running. With no support calls since … 🙂

The biggest problem with Linux that I see is the Linux fanboys that do not understand the needs of the casual or average computer user.

The truth about Linux Mint is that they have really tried to create a desktop Linux that just works out of the box for an average user. No command line configuration required, or searching for applications. It detects most hardware and sets up the drivers for graphics, sound, network, just like a Windows installer. It comes well equipped with internet, multimedia, and productivity apps.

If you care to take a look, you will see that Mint is now listed as the #1 page hit here: http://distrowatch.com/

As far as come & go is concerned: Linux Mint 18 is a long term support release which will be supported until 2021.

https://www.linuxmint.com/index.php

I run 3 Windows PC’s, plus 1 PC dedicated to Linux Mint. I like them all, each one has it’s purpose… 🙂

Reply | Quote

Interesting. I’m impressed by Google Docs – and love my Chromebook.

Reply | Quote

I wonder if WSUS Offline Updater will survive the transition to the October-style cumulative updates.

Reply | Quote

That’s an excellent open question.

Reply | Quote

Re “The posts in this thread reflect the frustration of many of those users who experienced this sort of issues which while they are easily resolved by those who know how to do it, for all others the process being more difficult than it should be raises a lot of justified and most of the time unjustified suspicion.”

Even people “who know how to do it”, such as Woody, Susan, and other journalists whom Woody rates highly and quotes from, have at various times in the past year and a half expressed great frustration, disappointment, and dismay about Microsoft’s actions.

Current concern and suspicion are not “unjustified”.

Indeed, at this point in time, not having any concerns and suspicions, but rather being quite sanguine and relaxed, would be the harder position to justify.

[Reminds me of the time the British agriculture minister (person in charge of the agriculture department for their government) said that their beef was totally healthy, and to show how confident he was in it he made his tiny daughter eat a hamburger of British beef while she was filmed by the national evening tv news reports, then later it was proven that British beef had variant-CJD/bad prions/caused “mad cow disease” etc. and it was banned for import by many countries for many years (some countries’ bans have only recently been lifted, I think).
Even today and for the rest of my life, I am prohibited from donating blood, even for free, because I lived in the UK and ate British beef during their mad-cow-disease time.]

Reply | Quote

Hmmm… I would submit that most of the recent malware analyses I’ve read have a different point of view. Not using IE, or Flash, and using an alternate PDF viewer are key. You DO need to get the security patches installed sooner or later, but I’ve seen no indication that there are significant security exposure in, say, waiting a month or two to get Windows and Office patches installed.

Attack profiles have changed. The one constant: Users doing stupid stuff.

Reply | Quote

Re “They couldn’t have destroyed customer trust and confidence more effectively if they had been trying to”

They _know_ that they are risking this, they know that they are doing this.
They aren’t a motley band of unintelligent people with no advisors, no strategy. These people seem to be very bright, successful, clear-thinking, far-sighted.
Yes, even such people can make big mistakes or unethically renege on their promises and understood agreements, but usually they don’t do that over and over and over and over and….
It’s not like it’s only affecting a few hundred or a few thousand “little people”, this is strong-arming and negatively affecting major companies and millions of ordinary, decent people.

My question is, what in their view of life and in their goals for their company trajectory (and for their personal career trajectories) has made these actions appear to be worthwhile to them? Beats me.

Reply | Quote

This hits literally billions of people. Yeh its that big.

Windows is a critical component to society and business around the world. I really don’t think I am exaggerating.

It should not be a tool owned by a business who use it to feed other strategic goals.

I recall a time when there was a discussion about breaking Windows out of Microsoft as a separate business. That time has clearly arrived.

CT

Reply | Quote

@Charlie,
regarding your comment that “I’ve got until the end of September to install, configure and learn Linux. I’ll have to find alternatives to Windows software that don’t have Linux versions. I must either learn and run Wine or run Win7 in a VM for those apps for which there is no alternative. I also have to get good enough at this to do it for my family’s systems, too. Ugh.”

A lot of you folks here on AskWoody know enough to do this (totally switch to Linux) if you really must, and some of you already use it concurrently with Windows.

However, I know that I can’t move to Linux. I’ve used it before a tiny bit, but I just don’t have the time and the brain energy to spend on it. I do not have the first idea about virtual machines either. It’s not that I think I’m entirely incapable of understanding these things, but it would take a great effort and I just don’t have the basis of technical, tacit knowledge that would make it do-able and comfortable for me to even attempt going off-piste with such _important_ parts of my life as my computer, my historical files, my internet access, my communication modes with society, my job, etc., especially within a one-month time frame.

And I don’t have an “IT person” in the family or in the neighborhood whom I can turn to for major guidance and hand-holding. (Unfortunately for my family, I am the nearest thing they have to an “IT person”.)

:O

Reply | Quote

Same here – well after I jumped from Windows 7 to Windows 10 at the last minute for the free upgrade, I found two programs that refused to re-install on Win 10. They ran fine on Windows XP & 7 but were published years ago.

Cannot afford to replace those old programs at this time. But I did install the free Oracle VirtualBox on Win 10, then installed an old copy of Windows XP as a guest Virtual Machine(didn’t have a loose Win 7 key laying around or I would have used that). The old applications installed and run no problem in XP.

So now if I need to run the old programs, I just fire up XP and launch the program I need. Easy to switch the window back and forth between systems and no dual booting required 🙂

Reply | Quote

Woody, I have a question, is it fine to keep windows update on ‘Never Check for Updates’ and just get the updates from Microsoft Update Catalog?

Reply | Quote

Good presentation:

What is Google Chrome OS?
https://www.youtube.com/watch?v=0QRO3gKj3qw

Not mentioned in video … The software architecture is simple — Google Chrome running within a new windowing system on top of a Linux kernel https://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html

Reply | Quote

poohsticks

+1

Reply | Quote

Microsoft will take a long long time to fall but fall will happen. This is a good time for me to migrate to consoles for gaming, an iPhone, and a Mac for everything else–which isn’t much. Can you say “good-bye M$”. I think I can.

Reply | Quote

I guess my computer equipment isn’t the only “equipment” of mine that is locked in the past — my brain was with you until “But I did install the free”, then the rest looked like Greek to me! 😉

Oh gosh, I don’t know what I’m gonna do. 🙁

Is there a Woody figure for the Apple crowd?
I suppose there must be guidebooks for novices and so forth.
Is it hard to switch everything that one has built up for the last 25 years on Windows over to Apple?

I’m not an Apple fan but I’m less of a Google fan and they seem to be my only 2 _reasonable_ choices given my personal constraints.

Reply | Quote

Given the way the thread hierarchy appears on screen, the above comment of mine is not located directly under the post that I was responding to, but rather it ended up a number of posts away from it — I was replying to @TwoCables.
(I ought to have made it clear in my original comment by putting in the “@” information at the time.)

Reply | Quote

@Woody re: Devil’s advocate: If you can no longer control what Microsoft puts on your Win7 or 8.1 machine, is there any reason to avoid Windows 10?

OK. After using Windows 10 daily for a little over 2 weeks, these are my thoughts on the subject. I am feeling very comfortable with it now. But I do have to admit that MS has lost my trust and goodwill.

I held off upgrading from Win 7 for a year, initially because I am reluctant to be an early adopter or tester of new technology. I value stability over new gee whiz features. And if something “just works”, why change?

Then as the reports came out during the past year of the forced updates, the potential privacy risks, and finally the “get Win 10” arm twisting, I just said “**** no”!!!

I finally upgraded on my terms, my choice.

I have learned to use the tweaks Woody has shared, to defer feature upgrades, and hide patches. So I can now wait until the patches are well tested before I risk breaking my PC.

I have turned all of the Win 10 privacy invasive features down to “0”. I logon to Windows with a local account only and do not use any MS cloud apps. I use alternatives from other companies.

So MS is really limited in what they can collect from me. I use the Diagnostic Data set to “Basic” (none of this is personal stuff at all — just stats):

Basic sends data that is vital to the operation of Windows. It helps keep Windows and apps secure, up to date, and running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. Basic includes basic error reporting back to Microsoft. Basic data consists of:

Configuration data, including the manufacturer of your device, model, number of processors, display size and resolution, date, region and language settings, and other data about the capabilities of the device.
The software (including drivers and firmware supplied by device manufacturers), installed on the device.
Performance and reliability data, such as which programs are launched on a device, how long they run, how quickly they respond to input, how many problems are experienced with an app or device, and how quickly information is sent or received over a network connection.
Network and connection data, such as the device’s IP address, number of network connections in use, and data about the networks you connect to, such as mobile networks, Bluetooth, and identifiers (BSSID and SSID), connection requirements and speed of Wi-Fi networks you connect to.
Other hardware devices connected to the device.

Reply | Quote

I think Marc “wakeup call” above makes some really excellent points and I’m pretty much convinced that I’ll be moving to Linux as well and in fact I’m looking forward to that day. But as an under-capitalized small business person, without a dedicated IT person/staff that change won’t be happening as quickly as I’d like, no matter what.

Where Marc is off the mark is not fully embracing the immense value that Woody’s advice provides. I’ve been reading his articles for close to a year and if it wasn’t for the advice that he and others have offered, my system would be in shambles along with my business. Anyone whose has read Woody’s articles and those of his like-minded comrades take on this situation already understand the points that Marc making. Woody hasn’t lied or mislead us in anyway. He’s merely throwing us a life preserver, info that will help us survive until we can transition safely to our next OS, which for most us won be Win 10. I like many others will never buy another Microsoft product that would serve as a necessary component in my arsenal. I’d never trust them with that much power again!

You’re absolutely right, Marc, it’s clear that MS has taken the stance “their way or the highway”. Despite the fact that individual customers and businesses, including me, have invested thousands of $s on their products in the past and much more in wo/man hours; it’s clear that they’re telling us that if we’re not on board with their new direction and if we can neither be tricked or coerced into it, then they’ll simply push us overboard. We’re viewed as dead weight. Got it.

Where I differs with you Marc is his tough love approach. Mark seemingly is trying to plant the seed to stop throwing a lifeline to these misguided slackers and let them know if they want to survive they need to swim harder. Yet some of us are swimming as hard as we can. And if wasn’t for people like Woody giving us these little workarounds it would be near catastrophic. So Woody and like-minded techies, please don’t abandon us quite yet, hold out as long as is feasible and maybe we can get you nominated for a Pulitzer prize or some type of humanitarian award. Mostly kidding, but your help is invaluable and I’m sure such service will pay-off in many ways over time. Mad prompts to you and others for the work that you guys and gals are doing of this front. Please don’t abandon us sooner than later.

My recommendation to you Marc is to be a little more patience. Your investment is still likely to pay off big time before long. I know, I know, patience might have you waiting a few more years than hoped for before you can retire on the appreciation of your Linux stock . But still don’t (crush us, I mean) rush us, we see the rising waves and we’re swimming as fast as we can. But, thanks again for spelling it out so eloquently to those of us who may have still had blinders on.

One last point, I predict that this “ push win 10 & crush win7/win 8” debacle will be the beginning of the end for Microsoft. They wouldn’t be the 1st tech giant to lose their footing and end up gone or a fragment of the their former selves. Think IBM, Novell, AOL, etc. I predict MS pushing out many of the technical elites who don’t like their current strategy will pave the way big time for others to follow as these technical elite successfully demonstrate to a large segment of the population that there’s a good and easier life to be had post MS OSs.

Yes, I do understand that you can be mega ruthless and come out of top. But can you be mega ruthless while simultaneous demonstrating technical incompetence, evidenced by numerous and frequent errors being continuously made that negatively impact the lives of millions while alienating a h-u-g-h portion your customers (followers) base in today’s environment? I’m not so sure. I guess we’ll just have wait and see how Trump does come November to see how winning of a strategy this can be.

(P.S. I’m not saying that this horrendous strategy was employed by other tech giants who went down, cause I don’t know, just that other tech giants have been known to fail as well for making less than prudent decisions and not heading the direction of the market)

P.S.S. If I posted this is the wrong area please remove it or correct it..sorry.

Reply | Quote

@poohsticks,
>>” I’ve used it before a tiny bit, but I just don’t have the time and the brain energy to spend on it.”

I know, and believe me, I understand. The “ugh” feeling hits whenever I think about taking this path. I’m in my mid-50’s… I had the time 20 years back to explore every facet of tech that I found interesting, but life, family, job and graduate school (God help me) take precedence now. I just want my applications to run so I can finish my work.

From the times I’ve piddled with Linux, I believe that if you were to stick with a friendlier distro like Ubuntu/Mint, PCLos, etc., you may not suffer too much. My brief experience gave me the feeling (subjective, I know) that I’ll be spending about 10% more effort, over a couple of months, getting the differences down pat… hopefully. I remember that installation was pretty easy if I didn’t try to tune things, and I found a bunch of programs that did what I needed.

As for the other apps, there’s Wine, VMWare or Virtual Box for those few pain applications that I can’t live without. I remember plinking around with Virtual Box a while back and it didn’t seem to feel like it was too much effort to run, but we’ll see when things get serious.

Try taking an hour or so and run a live CD for one of the popular Linux distros and fiddle with it. It won’t feel completely like Windows, but it’s not too far off. If it turns out to be too involved for what you’re trying to do, throw it away.

Given a choice, I’d stick with 7/8.1 and forget about messing with this stuff, IF Microsoft would back off their obnoxiousness juuusst a little bit. The shiny new revenue stream extracted from the intimate details of their users’ lives is just too tempting for them to ignore, and I think they’re going to get even more nosy as time passes- there’s no reason for them not to.

I guess I’m motivated to switch- sorry to be crude about it, but I just can’t bend over for Microsoft’s management anymore.

*I don’t know if this is true or not, but some guy in a privacy forum was griping recently that he had written a Word doc on Win10 and then started see advertisements (where, I don’t know) on the subject. He claims that he never searched the web on the topic. I’d have to test this before I fully believe it, but I wouldn’t be surprised if it’s true.

Reply | Quote

The post’s just fine right here.

Reply | Quote

That’s the way to take it!

Reply | Quote

Actually, if you reply directly to another post, it should appear below that post – possibly interrupted by sub-posts…

Reply | Quote

Good stuff. I like ChromeOS, even realizing that Google is stockpiling all of my information.

Reply | Quote

Yes, now and in the future, “Never check” is a good option. I’ll be updating everything when I move to MS-DEFCON 3 (or maybe 4).

Reply | Quote

I am so happy to hear you say this, Woody. I have been a staunch proponent of the WU setting of NEVER for a long time and your advice has been a problem for me,

My philosophy is that NEVER means Microsoft I will never allow you to manage my computer. I will manage it. It does not mean I will not update. It just means I am in complete control.

CT

Reply | Quote

Thanks Woody, turning Windows Update to ‘Never Check for updates’ actually eases up on the workload my cpu has to put up with quite a bit. & once microsoft makes Microsoft Update Catalog accessible on other browsers besides IE, it’ll be a ton easier to get updates.

Reply | Quote

Android too, is built on the Linux Kernel. Apple OSX is a derivative of the BSD flavor of UNIX. All are originally *nix derivatives …

Looks like the rest of the world vs. Microsoft. Who will you bet on in the long run?

Reply | Quote

@poohsticks

I understand your dilemma completely! How to move on to a new OS, whether it be Windows 10, or MacOSX, and continue to enjoy the use of older programs that are Windows 7 compatible but aren’t capable of making the trip over?

My recommendation is to consider these options:
1. MacOSX – if you go here, there is a thing called Bootcamp that let’s you dual boot the Mac into Windows or MacOS. It requires a licensed copy of Windows 8 x64 or higher. Plus you still have to deal with rebooting to switch back and forth. Not to mention if your software cannot run on Windows 8 it is still not a solution. You could run VirtualBox with Win 7 as a guest OS on this, however … see below…
2. Run a virtual Windows 7 & on any Windows, Mac, or Linux. This would be my best suggestion. It’s really not that difficult once you get your feet wet. But it is definitely the very best way to solve the problem.
3. Run Windows 7 forever on a dedicated PC, keeping it unplugged from the net as much as possible.

Here is an easy overview of the tech involved in virtual machines: http://lifehacker.com/5204434/the-beginners-guide-to-creating-virtual-machines-with-virtualbox

Here is a guide at Amazon:
https://www.amazon.com/VirtualBox-Ultimate-Guide-Book-Virtualization/dp/1522769889/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1471481554&sr=8-1

Best of luck to you!

Reply | Quote

Regrettably, there seems absolutely no way to fully stop telemetry collection, regardless of the most stringent precautionary measures.

A Windows user caused a commotion in February after he discovered that Windows 10 ENTERPRISE leaked gobs of data–even with all such settings disabled. Many disputed the user’s findings–they may indeed be flawed–but there’s apparently no dispute that MS transmits data without consent.

http://www.forbes.com/sites/gordonkelly/2016/02/09/windows-10-data-tracking-spying-levels/#3886cac87aa9

Reply | Quote

I believe the Voat report, cited in Forbes, has been entirely discredited.

Microsoft has published a list of all of the information it’s taking – could take – from Enterprise machines. Start here:

https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization

Reply | Quote

I beg your patience with this, I’m not as technical as many here. .

I’ve been following what’s going on here and elsewhere. I took the “free” upgrade to Win 10 on June 24th to get registered so I had the option that if I hated or was too angry at 10 I could roll back to 7 and later get 10 back for “free” when things died down.

10 is better in some things, but not so good on others. Based on the forced updates, and especially with what I’ve read about the Anniversary Update I have 10 Pro (because I upgraded from 7 Pro), so I set the switch to defer upgrades, but I’m still a bit nervous. I do have an SSD boot drive and another SSD for backup and a regular hard drive serving as my data drive in the machine

I was planning to roll back to 7 this weekend before my window (no pun) closed, but with the changes brought on by the forthcoming “October Surprise” on Windows 7 semi-forced patches, I’m wondering if it is going to really make me better off.

Point of all that. Given what I described, considering my hard disk configuration, would you roll back to 7 with the upcoming patch changes or stay with 10 with the Anniversary Update blocked (I hope)?

Thanks in advance.

Reply | Quote

Thanks for the Technet link, Woody, Very interesting and useful information.

Reply | Quote

Hi, Woody –

I did a lazy Google search and didn’t find any details about it. MS notwithstanding, do you know who discredited the findings? Are you aware of any independent evaluations of MS’ telemetry activities?

Thanks,
Brian

Reply | Quote

I think the time has come to turn off Windows Update and let my various non-Microsoft security software do its job.

My other machine will not update anyway, now going on 3 months due to one of their stupid updates.

Might just have to change hobbies and quit the PC world altogether.

Thanks for your books and this webpage all these years.

Take care.

Reply | Quote

Hi Woody, wondering what the chances are of you sidelining a honeypot & running the guide from my first post?
On the very small sample I’ve access to, following the guide has provided a system they’re very happy with (does everything they want) & they haven’t needed to go back to Windows. I’d expect many of your followers would appreciate your take on that end product, what you could or couldn’t do with it, any dealbreakers, whether it could be a starting point for them, or not to waste their time… it could give some folks an idea of what to expect from someone they feel they’re on the same page with… rather than a complete stranger like me who’s only made one post. On that, thankyou for publishing my first post, showing your character & commitment to support your followers. I felt glad I finally jumped in & said something.
G
First post: https://www.askwoody.com/2016/details-about-the-win10-pro-disappearing-group-policies/comment-page-2/#comment-94493

Reply | Quote

It is clearly time for Microsoft to release Windows as “open source” software. Let the developer community follow standards and listen to the users for direction. Microsoft Windows division could evolve into the model used by Red Hat or Suse http://digitalenterprise.org/cases/redhat.html to sell OS support contracts to enterprise customers.

Microsoft revenue is clearly coming from other sources these days, particularly their cloud computing platform.

http://www.usatoday.com/story/tech/2015/10/22/microsoft-earnings-miss/74407358/

Reply | Quote

woody says:
August 17, 2016 at 5:24 am

“Yes, but…. Google mines ab-so-lute-ly everything. If you use a free Google product (and I use many!) you have to accept the fact that your history will be used to serve up ads.”

You know, it occurs to me that MS is copying a lot of what Google does — mine the data from products that Google gives away to their users and in turn make Billion$ in ad revenue. And don’t forget — Google updates their products with no interaction with their users. (Have you ever noticed in your Task Scheduler that there is a Google Update task that runs every day?) Google, I think, gets away with the same things that MS is being taken to task over simply because no one ever experienced anything different with Google. I never thought twice about allowing Google to update their browser automatically. My Gmail box has undergone numerous updates and changes (some that I absolutely hated) without any yea or nay from me. Windows, on the other hand, had always given me several choices about running Windows Update and allowed me to pick and choose individual updates, but now that they are taking some of that control away, I balk. Of course, MS has a not-so great track record of pushing out updates that cause problems for many of its users so that rollup updates increase the chance of getting a bad update. Which is not to say that Google hasn’t had some problems with a Chrome update or two.

I suppose when MS realized that their free Win10 product didn’t get the rush of users banging down the door to upgrade, they had to resort to trickery, to dragging users kicking and screaming to Win10. And then when the free upgrade period ended and Win7/8.1 STILL had huge market share over Win10 (I mean, come on, you can’t even GIVE IT AWAY?!!), they had to resort to plan B. Take control away from the Win 7/8.1 users and shove the Win10 telemetry and ads down THEIR throats.

Why does MS want to take this control away from its users? For the same reason that cable and broadcast TV companies would love to be able to control its viewers and prevent them from skipping past commercials. MS wants to suck user data out and sell that information to ad companies who will in turn pay MS to shovel ads into Windows. Allowing users to control what information is mined or what ad mechanisms are inserted would cut into MS’s ability to market to ad companies or, at the very least, reduce the value of what MS can sell to them. Hence, the reason for bundling the updates together — including the ones that have telemetry and ad controls hidden in them or the ones that eliminate Group Policy control of certain registry keys.

What a shame. If only MS would stop trying to play catch up and copy what other companies have been successful at. They tried to copy Palm and MS’s PDA sucked. They tried to copy Apple’s iPad and MS’s unwanted tablets still fill warehouse space. They tried to buy a cell phone company and Nokias are nowhere to be found. And now they want to duplicate Google’s ad success. Chromebooks and Macs will gladly take all the disillusioned Win10 (and soon to be, Win7/8.1) deserters. Most of all, Linux has been waiting for this turn of events for decades.

Know what? I fully expect in a few years, MS will try to copy Linux. What do you think? Windows “L”.

“L” for the Last version of Windows. Assuming, that is, MS’s current suicidal strategy doesn’t drive it totally into the ground. In which case, Win10 really will be, as MS originally marketed, the last Windows.

For me, personally, Windows 7 is the last Windows. No more Windows, no more MS. Never again.

Reply | Quote

Thanks Woody. I posted this URL in the past but somehow I could not find it more recently. There is one question though. Is this docuemnt still up-to-date for the Anniversary Update or there are significant changes implemented in the current update?

Reply | Quote

Woody, I don’t know if you need confirmation about this setting, but it appears to be the best for the time being. Good for reducing the CPU load and no other negative side effects.
However it involves that the user is to be responsible to do the updates once a month or at least every few months and not forget about this good practice.

Reply | Quote

@Woody It is all public anywway, after the huge number of books and articles published 🙂

Reply | Quote

I believe it’s still valid – but I may well be wrong with RS2.

Reply | Quote

That’s as cogent an argument for staying with Win7 as I’ve ever read.

Reply | Quote

I’d love to see somebody try it and independently verify. Unfortunately, I’m currently limited to 28 hours in a day. 🙂

Reply | Quote

Unfortunately, you can’t ignore the security patches. Unless you unplug your Windows PC and don’t allow anything into it.

Reply | Quote

Start here:

http://www.zdnet.com/article/when-it-comes-to-windows-10-privacy-dont-trust-amateur-analysts/

I’m not saying that Ed’s the Ultimate Authority, but he’s a whole lot more credible than others who have been involved with the story.

Reply | Quote

There are a million details that would go into making an informed decision, but if you’re happy with Win10, don’t mind the snooping, and can put up with more-or-less forced updates, I think you’re better off with Win10. (Realize that I’ve been using Win10 for a long time, and I’ve accepted the downside. But that’s just me. So I’m not exactly unbiased.)

In many ways I think it’s a generational thing. Those of us who wear reading glasses don’t like the Win10 approach. Younger people are generally inured to the snooping and forced updating. That said, Microsoft does a hella poor job with the updating part.

I think the SSD freeze is unlikely to tie up your machine but, like you, I’d hold off on the Anniversary Update until Microsoft comes up with something definitive.

Reply | Quote

@ArtH… Did I miss something here?

If you performed the upgrade from Win 7 to Win 10 on June 24th you’re WAY past the point of no return… you can’t roll back after 31 days.

Reply | Quote

I assumed… perhaps incorrectly.. that it was a typo.

Ed’s right. After 31 days, the windows.old folder gets wiped out, and you’re on a one-way ticket. (In the case of upgrading versions of Win10, as in Fall Update to Anniversary Update, it’s 10 days.)

Reply | Quote

I’m a bit confused by your response there Woody because it states in Nathan Mercer’s post on the technet site that, quote: “The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices”.

It’s the use of the word “enterprises” which gives me the creeps because it refers specifically to business users. Since the KB number varies for different versions of the OS, Win 7 and 8.1 users will probably get the warning that “This update isn’t applicable to your computer” when they try to install it.

Also, individual updates won’t be available anymore according to Mercer’s post.

Reply | Quote

Copying other companies’ stuff is in Microsoft’s DNA. Excel copied Lotus, etc. Then take the product and shove it into the market by cutting special deals with corporate buyers, avoiding head-to-head competition on the merits of the product.

I rely on Google for [most] search, knowing full well that they spy on me. But I do not use their email or other products for that reason.

Reply | Quote

It looks like Windows Vista SP2 & Windows Server 2008 (R1) SP2 will still be updated the old fashioned way beyond October 2016 and not be using the new cumulative update model as Microsoft has given Vista & Server 2008 R1 the cold shoulder.

I guess it’s a mixed blessing for Windows 7 SP1 & Windows 8.1 to be getting monthly cumulative updates similar to Windows 10.

Reply | Quote

That’s what threw me on first reading. An anonymous poster here pointed me to a different part of Mercer’s post which says “The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog.”

See http://www.infoworld.com/article/3108572/microsoft-windows/a-peek-at-the-future-of-windows-7-and-81-patching.html

I interpret that as saying single, monthly, aggregated security patches will be available for download – to anybody.

Mercer’s method should be adaptable for those who want to manually install monthly security patches. I think. At least, that’s what I’m counting on.

Reply | Quote

Be careful with the SSD as backup drive. There have been reported instances of SSDs losing charge if not used for a longer period of time. Mechanical disks are more suitable for long term backup.

Reply | Quote

@wdburt;

” rely on Google for [most] search, knowing full well that they spy on me.”

Duck Duck Go or Startpage/Ixquick?

Reply | Quote

Technet is the Microsoft site which has as target audience primarily IT administrators and engineers. I think this is why the text mentions mostly enterprises. The reference to a small update has to be seen in the context of the Express updates (deltas only) which sometimes are used in the process of updating internally.

Reply | Quote

Still early to discuss about RS2, although we already have the first preview.

Reply | Quote

Google gets away with no user interaction before updates happen for one obvious reason:

If my browser goes down, I can use another browser. But if my OS goes down, I cannot simply switch to another OS on the same device (unless I have a fully independent dual-boot, as I do with my Ubuntu Linux. (And probably will do on the Intel NUC I plan to buy. Even though EFI Fast Boot and SSD with GPT do not always play well with GRUB or Ubuntu.)

If ChromeOS goes down, the reinstall is the same for everybody, and patching to get back up to speed is very standard. (Probably very quick as well.)This is very different from what happens if Windows has to be reinstalled from the beginning.

So MS is not really copying Google on any count. This is new territory for Microsoft. Apple does all-or-nothing patching and forced upgrades, but they only have to make their OSes work on a very limited hardware product line. So outright disasters may occur, but they can be researched and fixed for one or a few hardware configurations. This usually results in quickly and completely fixing patching issues.

Linus will not be benefiting from anything anything which happens to Microsoft. In fact (though I can’t yet prove this) I expect that Microsoft will enter into an agreement with Canonical — makers of Ubuntu Linux — to fully integrate the two OSes to the maximum extent which is technically possible.

The BASH Shell in Windows 10 is from Ubuntu, and the UWP apps and Ubuntu SNAPS may very well become interchangeable eventually. Google meanwhile seems to want Android apps to work inside the Chrome Browser, which also can be run with fully implemented APIs in Linux.

So, I think there may come a time when Microsoft absorbs Canonical and makes Ubuntu a for-pay, non-GNU/GPL Linux. Red Hat and SUSE already have for-pay Linux distros, so this would not be unprecedented.

Given Microsoft’s history, the next step would be to claim all of Ubuntu’s code, including its version of the Linux kernel, as Microsoft properties and apply for the patents to enforce this.

The rest is history repeating itself.

Welcome to 1984 revisited.

I do hope I am wrong.

Reply | Quote

If I am correct (and this is a big if) Ubuntu and Mint may one day belong to Microsoft, through a partnership or an outright acquisition of Canonical by Microsoft. The Linux BASH Shell in Windows 10 is from Ubuntu. This means that these Linux distros may only be a temporary refuge.

I do hope I am wrong, but history has a way of repeating itself.

Reply | Quote

I agree with Janice and others that the current MS strategy will be the beginning of the end for Microsoft.

Microsoft has gotten off-message; they have abandoned what gave them their absolute dominance on the desktop, that is, doing everything they could to keep Windows as backward-compatible as possible, so as to allow their customers to keep using that old printer or old program as long as possible. They are now going in the opposite direction, that is, forcing everyone to do things the Microsoft way, rather than Microsoft forcing itself to accommodate its customers as much as possible.

If someone could come up with a really good version of Linux, with some really good software and really good support, they could exploit Microsoft’s current self-imposed vulnerability and could begin to make headway on the corporate desktop.

Corel comes to mind. They have the best word processor in my opinion – WordPerfect. I recently downloaded it, and it is much better than Word in my opinion. They also have lots of other software. They used to have Linux, but they dumped it. Also, they are horrible at marketing and (from what I have heard) customer support. If they could improve customer support and aggressively move into the corporate desktop arena with what I have described above, they could begin to dominate the corporate desktop.

Pete Peterson, are you listening? (http://www.wordplace.com/ap/)

Reply | Quote

I respect even more those who don’t proselytize, but just quietly go ahead and do the Linux conversion. I do chime in from time to time, but I also respect those who don’t have the skill, the time, the Admin approval or whatever it takes, to make the Linux (or Apple or whatever) switch.

Those who know don’t scream it out loud. Those who scream so loudly may well know next to nothing about what it’s like to use Linux on a day to day basis.

And to troubleshoot Linux (especially boot issues, login issues or graphics issues) when things go wrong with Linux updates. And trust me, things do go wrong! No OS is perfect when it comes to updates.

At least with Windows, we still have good old Woody here to guide us through the trials and tribulations of whatever Microsoft is throwing at us this week.

Thanks, Woody!

Reply | Quote

Not to throw cold water on your plans, but dabbling in Linux is a very different thing from living with Linux day in and day out. I love Ubuntu when it is working. I curse out Canonical and Linus Torvalds whenever things go really asunder. Which doe happen sometimes. Fortunately, nothing fatal yet. But who knows?

And then there are the ominous signs of Microsoft-Canonical hegemony, as I have posted elsewhere at AskWoody.

Reply | Quote

You can use Startpage (www.startpage.com) for your searches. They strip out your personally-identifiable info, then feed your anonymous search request through Google. So you get the benefits of a Google search, without giving your personal info to Google.

Reply | Quote

Google’s Master Plan may well be embodied in the rumored “fucshia OS”:

http://www.extremetech.com/computing/233699-google-is-working-on-a-mysterious-new-os-called-fuchsia

For those who suggest breaking Windows out as Open Source, and who in the same comment cite Red Hat and SUSE, please note that Red Hat and SUSE are not open-source, and not free to use. Especially not for Enterprise customers.

And also note that Ubuntu Linux may well become the next Microsoft acquisition. That might make Ubuntu MS’s answer to the “open source” offerings of Red Hat and SUSE.

These are all speculations, but today’s “alternatives” to Microsoft and to Windows, may not remain free and open source and free from Microsoft’s control for very much longer.

Reply | Quote

I find that using Linux every day is more like 30 percent more work than running Windows 10 would be.

Being that as it may, if Microsoft makes a move on Canonical, we can kiss the “easier” distros goodbye, at least as free, open-source, and under end-user control.

Reply | Quote

That’s what the UWP apps platform is all about, isn’t it?

Reply | Quote

In my experience, when Ubuntu Linux works, even if we update regularly, it takes much less time and effort to maintain than Windows.

But then there comes the day when something breaks. Maybe a driver, maybe a favorite program no longer works, maybe a kernel upgrade is needed.

All hell can break loose. Possibly with no boot, no GRUB, no login, crash back to TTY Terminal Mode, or no graphics.

Onward to Support — oh yeah, there is no support! Only endless searches through online forums and Man Pages, often coming up with bad or irrelevant advice which screws up things even worse.

You did back up your Linux, yes? Umm… what program backs up Linux and boots from an external device? Oh yeah, CloneZilla! With that cute little Command-Line Interface. And those very un-Windows-like names for the drives and partitions.

Seriously, with no professional technician willing to touch a Linux PC, what are the support options?

That said, I do run Linux on at least one PC at all times.

But I do run Windows on at least one PC as well, just in case.

Reply | Quote

EMail was the worst thing I had to port to Ubuntu Linux. I had another email program, and had to first get the mail into Thunderbird, then into a UNIX format, then transfer to any Linux email client which uses the UNIX format (or can import it, which is most Linux email clients). Contacts Lists and Calendars simply had to be reconstructed.

If you’re using Thunderbird in Windows, this is much easier, but not foolproof.

Reply | Quote

I realize that snooping is a reality we’ve been getting used to for a while, and personally, I couldn’t care less – nobody would find anything interesting in my activities. It’s the ads that will come with or after that bother me – if only the snooped data could reveal to them that ads are wasted on me (more than wasted even, but actually harmful to the advertiser: seeing an ad makes me less likely to buy that particular product, as I know then that part of my money will contribute to the future annoyance of myself and others).

For all that, I understand why they are doing it and recognize their right to do it. But what really really gets me is that “based on your feedback” crap! Yes, I’m sure everyone who saw those sorry-to-interrupt screens went and told MS “that was so cool, let’s have more of that!”

Reply | Quote

I hope you’re right Woody.

But I just decided to take the bull by the horns and posted the question on Mercer’s post. It’s awaiting moderation at this moment in time, but I’ll update you on it when he replies.

Reply | Quote

You’ve probably configured all these already, but just in case you missed a few here are a large number of suggestions to increase your Win 10 privacy: https://fix10.isleaked.com/

But be aware that Microsoft will continue peering over your shoulder in spite of being instructed not to according to Ars Technica: http://arstechnica.co.uk/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/

Reply | Quote

You’re right, it was July 24. Told you I wasn’t that technical 🙂

Reply | Quote

You were correct in your original assumption Woody I’m glad to say. Nathan Mercer has confirmed that all security-only downloads will be available to Windows 7 and 8.1 users as well as enterprise customers.

Confirmation of that can be seen by scrolling down to the bottom of the original announcement and reading the question posted by ‘Terence’ (that’s me) and Nathan’s reply to it. https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-9245

I actually breathed a huge sigh of relief when I read it myself.

Reply | Quote

Please do let me know!

Reply | Quote

+1

Reply | Quote

THAT is exceedingly good news.

Reply | Quote

.. and even the second one!

Reply | Quote

Thanks for your reply

I went to 10 because I figured it was the future and the upgrade was “free”. I used Classic Shell to make the Win 10 Start menu more usable.

Win 10 itself seems to run OK. I’m not too happy how with Win 10 takes only four steps to do something that I could do in one on XP and 7. However, there are improvements (ease setting the environment variable to change the Path, for one thing) that I like, so I’m willing to slog through learning where things are hidden and getting used to the way 10 works.

My big concern is the forced updates. In 7, I would read the KBs for all the non-security updates each month and decide what to install. Also, I’d wait three weeks after the patches came out so that if there was a bug Microsoft would have already but out a revised update that fixed the original update, I never got the Win 10 nagware because any update that referred to “easing my experience”, or “preparing my system to transition more quickly” I didn’t install. So the forced updates are what bothers me. If I hadn’t happened to come across your writings I never would have known about the Anniversary Update situation, and for your advice I’m grateful. I’m also glad I have Pro, with its “defer upgrades” switch (hope it works).

The reason I was thinking of going back was that given that I am not a super user, I’d get back to where I control what’s being loaded on my machine. However, it looks like Microsoft is going to do that to Win 7 anyway in a couple of months.

So, if that explains where my head is at, would you recommend going back to 7 with the new patch environment (do we know yet how to get the security only patches and then taking the re-upgrade option (My understanding is that once you have 10 and are “registered”, you can roll back and then come back to 10 later at no cost) when 10 is more stable, or just sticking with 10 with the privacy settings you and others have provided?

Thanks in advance again for your time.

P.S. How do you have time to do all of this?

Reply | Quote

For those interested- Nathan Mercer on his blog today. He answered this post …

Terence
August 18, 2016 at 8:25 am

Hi Nathan,

Could you clarify something for me please.

Will the security-only updates package also be available to Home and Pro users of Windows 7 and 8.1 via the Microsoft Update Catalog, or it this particular rollup aimed specifically at business users?
Reply

Nathan Mercer
August 18, 2016 at 8:32 am

Yes, it will be available to everyone and every Windows SKU not just business versions

Reply | Quote

Also,
Microsoft has confirmed that the security-only packages can be downloaded from Microsoft Update Catalog site by both Home and Pro users of Windows 7 and 8.1

:http://catalog.update.microsoft.com/v7/site/Thanks.aspx?id=140

NB: You need IE to open this link.

Reply | Quote

I think if Microsoft tries to enforce patent rights on Ubuntu’s code, Ubuntu will fade from the scene. The appeal of Linux is that it is open-source / public domain.

Reply | Quote

Maybe I should go back to Vista on one of my computers. I still have the OEM license for it on that computer.

If you think about it, Vista is just a slower version of Windows 7.

Reply | Quote

Naw, not really. Win7 has some huge advantages.

Reply | Quote

My wife has the same question…

Now that we know for sure that you’ll be able to install only security patches on Win7, the balance has switched back. If you’re using Win10 and haven’t encountered any problems, and the snooping doesn’t bother you, I’d say it’s now a wash – controlling updates in both cases will be a royal pain, but at least it’ll be doable.

Personally, I would go with Win10. But I’d certainly understand why you would want to go back to Win7.

Reply | Quote

Thanks. I used the term “backup” incorrectly. I had to replace the power supply on my PC and had a new Gigabyte motherboard installed as well. For some reason, the system no longer would accept my C drive SSD as a boot drive. Ended up with a reinstall of Windows 7 in May on a new SSD, and kept the original SSD as a third drive to reload from since it had the entire image of my old C drive, which it was. I’m going to eventually depower it when everything is stable

So I misspoke when i said it was a backup drive. I backup to external USB drives.

Appreciate the tip on losing charge.

Reply | Quote

@Jim: This is the first time I’ve ever seen “Corel Word Perfect” referred to.

I agree 100% that it is the best word processor.

It was refreshing to see Corel Word Perfect mentioned! I got an updated version years ago, and I’m still using it. There was never anything else to purchase!

I enjoyed reading your comments. Thank you for reminding me how much I love Corel Word Perfect. 🙂

Reply | Quote