Posted on August 9th, 2016 at 08:54 220 comments
OK, they’re tedious, but they’re simple and easy to follow.
Go from many hours to just a few minutes.
InfoWorld Woody on Windows
My thanks — and deep admiration — to Dalai, ch100, and EP.
IMPORTANT: I forgot to mention one patch, KB 3020369, that also needs to be installed. Chances are very good you already have it, but if not, check the KB article to download and install it.
UPDATE: I’m seeing reports that the July “magic” patch, KB 3168965, works for August, too. My current best guess is that it works for those who haven’t already installed the July patches.
UPDATE 2: Dalai has updated the wu.krelay.de page to feature KB 3177725, the new “magic” August patch.
UPDATE 3: Ends up that this month’s “magic” August patch, KB 3177725, has a bug in it that screws up printing multiple pages. Details coming in InfoWorld. For now, just relax. There’s nothing in August’s patches (or even July’s!) that’s super-critical.
Posted on May 9th, 2016 at 06:08 30 comments
Michael Horowitz at Computerworld echoes a sentiment we’ve been debating for far too long.
Posted on April 29th, 2016 at 20:24 36 comments
Good note from DC:I like you assumed that standalone KB updates should install without running any Windows Update checks however this doesn’t appear to be the case if you have the Windows Update service running and/or your internet connection open.If your Win7 system is suffering from the “frozen” Windows Update issue and you want to manually install the two KB updates (3138612 & 3145739) then you need to stop the Windows Update service (wuauserv) before attempting to run the MSU installer(s) and also temporarily disconnect your internet connection.When you run the manually downloaded MSU installer it will attempt to open an internet connection via the Windows Update service – this then triggers the endless “Searching for Updates …” message. The MSU installer doesn’t require this internet check to proceed – but if available will fall into the same “hole” as the normal Windows Update system. If you prevent the connection it gives up on the “Searching for Updates ….” check after a few seconds and proceeds with the install. I assume this is because the MSU installer (Microsoft Update Standalone Package) is treated as part of the Windows Update family and attempts to “phone home” for advice – rather than accept you are calling the shots.
Posted on April 24th, 2016 at 17:49 15 comments
Short answer, no. I’ll probably change the recommendation when we back down from MS-DEFCON 2, and start slipping in the April Windows 7 security patches.
Got a good question from AH, and it all boils down to this:
– Does an up-to-date WUC currently increase the danger of MSFT being able to slip W10 in through the cat-flap or is it genuinely a benefit to the WU process?
– If I decided that I wanted an up-to-date WUC, could I just install the latest KB and then all the preceding WUC updates would disappear from my hidden list?
– Can I install multiple WUC updates in one go without causing problems, or would they have to be done one at a time with particular attention being paid to supersedence?
I have the latest version of GWX Control Panel installed and monitoring as I type, and I am currently on hold, waiting for you to change the MS-Defcon status before I install diddly.
I don’t know if the latest versions of the Windows Update program add any more snooping capabilities to Windows 7, but I highly doubt it. The problem is that we simply don’t know – and won’t ever know – what info Microsoft is starting to collect from Windows 7. Moreover, if they’re collecting more information (probably on behalf of other updates), I’m convinced they’re handling the information in accordance with commonly accepted privacy principals. You may or may not like, say, Google’s privacy record. But Microsoft certainly hasn’t done anything worse than Google. I think.
If you want the latest Windows Update program, yep, you just install KB 3138612.
Every indication I have at this point says that the settings controlled by GWX Control Panel have been respected, and will be respected. Thus, if you’ve run GWX Control Panel, you should be free from the blight of sneaky Windows 10 upgrades.
Posted on March 10th, 2016 at 05:34 20 comments
I have a comment from ch100 that I wanted to elevate to its own post. He says:
Woody is right! I did the test in a ‘controlled’ environment using the WSUS approval mechanism and before Windows 10 had a chance to search for updates, I ran wushowhide. When launching the utility, in the background it launches svchost.exe which I am certain is the same svchost.exe process under which Windows Update runs. So this means that Windows Update is launched by wushowhide to scan for potential updates without installing them. This looks more and more like the old (Windows 7) Windows Update in which you could hide or select updates to be installed, although it is likely that it uses a different mechanism in the background.
Now I am questioning the practicality of this finding. It appears that if the Windows 10 OS is shut down, at short time after boot will run Windows Update. There is a built in Scheduled Task for this purpose. If any updates are available at that time, they get automatically installed without any chance to intercept them.
The only working scenario for our purpose is to block the updates during the likely period in which they are released which is the Patch Tuesday and sometimes another round of patches 2 weeks after, run wushowhide and wait for few days until there is enough proof that they are reliable and only after that unhide them and allow Windows Update to complete. The only way this would work is to set the Group Policy or Registry to Never Check for Updates or maybe Notify Only while hiding the updates which are not yet desired to be installed. Disabling the Windows Update service would not work as this would not allow wushowhide to run the update process.
Fascinating finding for understanding how this works, however it is a bit complicated to be put in practice as a regular routine.
I am waiting for other posters here to confirm the same findings maybe using a different method, not via WSUS but Windows Update online site and allow Woody to correlate the findings from all of us to draw the conclusions.
Yep, I’m working on an article for InfoWorld – and welcome any input. (Let me know if I can quote you and, if so, whether I can use your name.)
It looks like Wushowhide does block updates, as long as it is applied before Windows Update gets its jaws on the patch. That’s a revelation to me, but everything I’ve seen points to a resounding success.
The next step in the approach — I’m going to call it the Carboni Technique — involves blocking Windows Update. I’m very, very concerned about stopping Windows Update for a host of reasons, but blocking Windows Update (and running it manually when you need new patches) seems to be doable, and non-destructive.
I’m looking at various ways to block Win10’s Update, and am trying to settle on a way that works for everybody (Win10 Home and Pro alike), without interfering with truly important updates, including Windows Defender, MSRT, and anything else that relies on WU. Noel Carboni recommends using gpedit (which is only available in Win10 Pro) to set the Configure Automatic Updates task to Disabled. There are other ways to turn off Windows Update, and I’m considering them, too.
If you have any specific experience with blocking WU in Windows 10, I’d sure like to hear about it.
Posted on February 15th, 2016 at 09:35 50 comments
Interesting question from EG. I haven’t been following along closely enough to give him a definitive answer. Do any of you know when (or even if) it has changed? Remember that I recommend “Notify but don’t download.” I’ve been running my Win 8.1, Vista and Win 7 (even XP) machines with that setting for a decade or two…
When did the option to “Download updates but let me choose whether to install them” change to install everything that’s pre-checked when you restart or shut down your computer?
I thought a family member had changed her settings to automatic when she called me last Wednesday about having to wait for the updates to get done installing before she could shut her computer down… and then another family member called me the following day experiencing the same problem. I accessed both of their computers over the weekend (remotely) and changed the setting to “Check for updates but let me choose whether to download and install them”, but both of these computers have been set that way for a very long time and have never installed updates upon a reboot or shut down before. They’ve always had to click the “Install updates” button before.
That Windows update option does say “let me choose whether to install them”… what happened to the “let me choose” part? They’re limited to one shot at choosing before the first reboot now? Am I overlooking a setting someplace else?
Thanks in advance Woody… for EVERYTHING you do!
Posted on November 25th, 2014 at 07:06 8 comments
Looks like it’s an internal date error – but MS hasn’t said a thing. Argh.
InfoWorld Tech WatchWindows Patches/Security 0x80248015, Microsoft Update, Windows Home Server, Windows Server 2003, Windows Update, Windows XP
Posted on June 5th, 2012 at 23:34 2 comments
Flame itself is a yawner. But the technology that’s been used – which researchers are only starting to dig into – is breathtaking.
InfoWorld Tech Watch.