Replies

I just started setting up a brand-new Dell Precision 3630 workstation and installed Windows 10 1903 Enterprise.  Regarding what the Patch Lady said, there’s lotsa space, networking is fine, nothing is corrupted.  Before connecting it to the network, I disabled Automatic Updates in the group policy, and enabled the TargetReleaseVersion hack in the registry.  I installed the PSWindowsUpdate module in PowerShell and ran a command to list what updates were waiting in the wings, and I saw KB4023057.  I ran a command to hide it and it completed successfully.

I like Office 2019 Pro too, and I don’t like OneDrive.  You can go to Control Panel->Programs and Features and Uninstall OneDrive.

Yep, MS is whittling away our control, bit by bit.

As noted by Günter Born in the link above, a user can “… define the [HOSTS] file in Defender as an exception and exclude it from the check (see also Part 2). In this case, Defender does not monitor any malware manipulation of the hosts file.”

So we still have (but for how long) the ability to stop Defender from flagging the presence of MS telemetry URLs as “malware”-induced.  The sad thing is that monitoring the HOSTS file for unwanted changes is at base a valid security mechanism that should have been included in the Defender and the OS a long time ago; MS finally gets around to it, NOT to defend users, but to defend MS’s access to telemetry information (that must be why they call it “Defender”).

I can vouch for the fact that Windows Update Blocker’s “Protect Services Settings” works and keeps MS from turning the update service back on.  There was one time when I first started using WUB that I forgot I had it installed and active.  I tried running one update in particular and it failed.  I went through all the Microsoft troubleshooting that was available, and nothing worked.   Until I remembered…

So WUB is very robust at keeping the service off.  I like the workflows that Artic Eddie and Steve S. have outlined.  The difference in my procedure is I use PowerShell and PSWindowsUpdate.  That allows me to scrutinize the updates that are available and hide the ones that I don’t want.

However, regarding the OP’s use of the Home version, I agree with Susan Bradley that the extra control that is available through the Pro version is critical.  I would say the most important is the ability to disable automatic updates through local group policy.

Paragon Backup & Recovery Community Edition is free.
https://www.paragon-software.com/us/free/br-free/

I have tested it and it is very basic, but works well:
1)  Set up automated, scheduled backups of disks, partitions or files.
2) Mount the backup files as a drive letter and browse the recovery points.
3) Recover drives/partitions by booting from an USB stick with WinPE; the process of creating one is automated for you.
4) Do one-time manual (cold) backups of drives & partitions from the USB stick.

1 user thanked author for this post.

Mr. Austin

Thanks, Woody!  That is a much-needed respite from tension & stress.

And, as a another positive by-product, there was a link to a youtube video “Jesus Christ in Richmond Park” a couple page-downs on the twitter page for Stella the dog.  I’d never seen it before and it has almost 22 million views.  Fenton the labrador video-bombs the clip and herds all the deer in Richmond Park, London, while his owner is yelling “Fentonnnnn! …

1 user thanked author for this post.

woody

Yes, Apple does seem to incorporate more features for controlling privacy in their OS design.
However, keep in mind that some would say Apple has a less-than-stellar history of protecting your data from 3rd-party access:
Apple’s Empty Grandstanding About Privacy, The Atlantic, Ian Bogost, Jan 31, 2019;
Apple promises privacy, but iPhone apps share your data with trackers, ad companies and research firms, The Washington Post, Geoffrey A. Fowler, May 28, 2019

2 users thanked author for this post.

AlexEiffel, b

So, I garner from the white paper that Edge is sending data, at various times in the session, to the following URLs:
arc.msn.com
assets.msn.com
config.edge.skype.com
cs22.wpc.v0cdn.net
edge.microsoft.com
edge.skype.com
edgewelcomecdn.microsoft.com
go.microsoft.com
microsoftedgewelcome.microsoft.com
nav.smartscreen.microsoft.com
otf.msn.com
ris.api.iris.microsoft.com
sb.scorecardresearch.com
self.events.data.microsoft.com
smartscreen-prod.microsoft.com
uhf.microsoft.com
vortex.data.microsoft.com
[www.]bing.com
[www.]microsoft.com

Even if you don’t use Edge, it seems like it would be the careful thing to do to include these in the local HOSTS file and block them (with “0.0.0.0” entries).  The last two are problematic since you may actually want to link to them at some point, but the fact that every one of my keystrokes in Edge is being sent to bing.com makes me want to stop using Bing and to also include it in HOSTS.

4 users thanked author for this post.

doriel, Steve, DriftyDonN, Cybertooth

BTW someone mentioned in the past that ID sent to microsoft has something to do with SmartScreen – it tells Microsoft, that you are logged in via MS account. Do they really STORE these data to your account, or is it sent “just once and then forgotten”?

The white paper indicates that data is sent to smartscreen-prod.microsoft.com and nav.smartscreen-prod.microsoft.com.  They are also sending the UUID of your system to their servers (specifically self.events.data.microsoft.com), and this data is persistent and not easily removed (unless the URL is put in the HOSTS files?).  So I would say, yes, they are STORING this data.

2 users thanked author for this post.

doriel, Mr. Austin

I agree, 7-zip is an excellent product.  I also agree that WinRAR should be considered; I think it’s better than WinZip, and it’s $20 cheaper!  And as far as freebies go, what about PeaZip?

1 user thanked author for this post.

Fred

Hover over keys: If you can’t click, select this option and move your cursor over an OSK key — the character the cursor is hovering above will be entered automatically after a user-adjustable delay.

How do you select this option if you can’t click?

Use <Tab> to bring you to “Click on keys” in the “To use the On-Screen Keyboard” section, then use the right arrow key to toggle on “Hover over keys” and then use <Tab> to get to the “OK” button.

 

I believe he is speaking of this bit of news making the rounds lately:

[https://betanews.]com/2020/01/21/micrsoft-ads-wordpad/

I’m not sure how reliable it is.

[please note my use of square brackets to break the link]

Günter Born (https://borncity.com/win/2020/01/23/news-from-microsoft-about-chrome-and-edge/#more-12743) has noted that Martin Geuß found a Microsoft blog post (https://techcommunity.microsoft.com/t5/office-365-blog/introducing-and-managing-microsoft-search-in-bing-through-office/ba-p/1110974) showing a screen shot of a dialogue box that will supposedly appear the first time a user runs Chrome after the extension is installed.  It gives a choice of using Bing or not:

 

2 users thanked author for this post.

rc primak, Cybertooth

Yes, I’m not surprised either.  I mean look at **** that users put up with all the time.  I install Windows on a computer and use IE or Edge to download Firefox or Chrome, and what happens?–A message appears asking why I would want to download this POS when I have a perfectly wonderful browser called Edge on the system already.  I install Firefox/Chrome and then the OS takes back the association for HTML with a message saying the change of association had caused a “problem” and had to be reverted.  Then I forcibly make Firefox/Chrome the default application, and manually change the association for HTML, and a message pops up asking “Are you sure?”  This OS ecosystem is set up to force us to act as lemmings–albeit lemmings with wallets.  And I’m using Enterprise version OSes–what do people who use Home, Pro, or whatever (Lemmings Edition) have to put up with?

Moderator note: edit for content

4 users thanked author for this post.

RamRod, wdburt1, Charlie, Cybertooth

And, by the way, Ashwin over at GHacks describes a free open-source Firefox/Chrome plugin that will automatically fill in logins/passwords from KeePass: https://www.ghacks.net/2020/01/08/kee-is-a-firefox-and-chrome-extension-that-can-auto-fill-passwords-from-keepass/

I don’t know that I’m ready to go that far for convenience (not to mention having to additionally trust browser+plugins), but I thought I would mention it.

1 user thanked author for this post.

Chessie