Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Windows Security

Ask Slashdot: Make Windows Update Install Only Security Updates Automatically? 288

An anonymous reader writes: After the news earlier this month about Microsoft forcing the Windows 10 upgrade on people who don't want it, my sizeable extended family has been coming to me for a solution. They don't want to be guinea pigs this early in the Windows 10 release cycle, but it looks like Microsoft may not be giving them a choice. My reading of Woody Leonhard's advice is that the only way to ensure the upgrade doesn't happen is to disable Windows Update, but that seems extreme. I want my family to install security updates, but I don't relish the idea of explaining to them how to install just those and hide the less-desireable updates.

The ideal solution would be to have only security updates install automatically, but it looks like it's easier said than done. I've looked at third-party tools like Autopatcher and Portable Update, but a security-only option doesn't seem to be very standard. From what I've read, Microsoft doesn't even package security updates separately, sometimes mixing merely Important and Recommended updates in the downloaded CAB file. I wish I could get them off Windows, but it's not an option. They use Windows at work or school, and don't want to go through the process of learning another OS. Maybe the current situation with Windows 10 will convince them eventually, but they need something now. I would really like to come up with a solution before the next Patch Tuesday on October 13. Do any of the more knowledgeable Slashdotters out there have any advice?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Make Windows Update Install Only Security Updates Automatically?

Comments Filter:
  • Fail idea (Score:5, Insightful)

    by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Sunday September 27, 2015 @09:17AM (#50607149) Homepage Journal

    If any number of people did this, then Microsoft would just push a "security" update that offered you Windows 10 or installed spying on the basis that they could somehow offer you more security. "KB6666666 - improve security by making windows phone home at every opportunity"

    • Isnt this what they did for the notification anyway?

      • Isnt this what they did for the notification anyway?

        I don't remember, because I have long had a habit of just installing all the updates. The only reason I didn't have them set to install automagically is that I didn't want them downloading when I was trying to use my connection. Now, of course, I read the descriptions.

        • Re: Fail idea (Score:5, Informative)

          by Anonymous Coward on Sunday September 27, 2015 @10:16AM (#50607391)

          Now, of course, I read the descriptions.

          Don't worry, Microsoft has a solution for that: with Windows 10, they simply don't offer descriptions [arstechnica.com]. They've also started bundling feature updates and security updates into single patches. Probably. From what people have been able to determine that existing patches do.

          There's no reason they can't decide to start doing that for all updates. Will KB414140 force you to install Windows 10? Include telemetry? Fix a zero-day exploit that's being actively exploited? All of the above? Who knows!

          • There's no reason they can't decide to start doing that for all updates.

            There might be. For instance. Microsoft might have contractual obligations to release those patch descriptions publicly for Windows 7. They've kept whole operating systems going past EoL to handle government contracts before.

            • There's no reason they can't decide to start doing that for all updates.

              There might be. For instance. Microsoft might have contractual obligations to release those patch descriptions publicly for Windows 7. They've kept whole operating systems going past EoL to handle government contracts before.

              As far as I know, the US Navy is still paying $9,000,000 a year for XP support, but that is set to end in June of 2017.
              XP Point of Sale systems support also ends in 2017.

            • Why would a contract to provide extended service (no doubt for a hefty fee) to party Y oblige you to provide it to party Z?

              • Why would a contract to provide extended service (no doubt for a hefty fee) to party Y oblige you to provide it to party Z?

                There are multiple reasons to want the patch to be publicly available. One of them is just to reduce the PITA factor.

          • Re: Fail idea (Score:5, Interesting)

            by FeriteCore ( 25122 ) on Sunday September 27, 2015 @01:06PM (#50608215)

            They already do this by offering totally meaningless descriptions. Reading descriptions does no good when they contain no actual information.

            • Most of the descriptions I have bothered looking at have language in it describing the type of security blunder- i.e execute code remotely- and a link to a more thorough explanation.

              Did this change with windows 10?

            • You have to go through an extra level of indirection, if you go to the description it's always something like "This fixes some stuff", but if you then follow through to the KB article you usually get the details of what's actually being done.
      • Isnt this what they did for the notification anyway?

        Almost but it wasn't a security patch.

    • by Anonymous Coward

      I was going to suggest Debian GNU/Linux as an alternative OS, but then I remembered how I was treated like a filthy guinea pig when Debian decided to transition to systemd. When I upgraded my Debian testing (which, contrary to its name, has little to do with testing and has historically been far more stable than even the stable releases of other Linux distros) workstation and systemd was unexpectedly installed, everything went to hell. My workstation wouldn't boot, the error logging was all fucked up, and a

      • Knowing how frustrating it can be when an operating system provider ends up trashing an existing installation through what should be routine updates, I realized that I could not possibly recommend Debian. Perhaps the submitter could do what I did: switch to FreeBSD.

        Well, there's also switching to Linux Mint, which is what I suggest at this time. I'll probably keep advocating that at least up until they decide what to do about systemd in the long term. Hopefully, longer.

        FreeBSD has shown itself to be the future.

        It's not even the present if you want a decent nVidia driver or if you want to run vmware, which I still use to handle some cases that make KVM shit itself. Other than that, I have nothing against it, but that's enough to make it a show-stopper for me. Linux also runs on more hardware, and I prefer to have more or less one OS on everything for my convenience. My router runs Linux, my NAS runs Linux, my desktop (not the gaming one, but anyway) runs Linux, my handhelds even run Linux, albeit a kind of wacky version thereof. Oh yeah, got a fire stick coming, that runs Linux. All my game consoles with ethernet ports run Linux when I want them to, except for the 360... which I am probably about to donate to someone who lost all their shit in the recent fires. Guess I should put the screws back in it just in case they ever drop it.

        • by rl117 ( 110595 )

          nVidia do provide a FreeBSD driver. (I wish AMD did the same, since the xorg drivers are currently not supporting the latest cards.)

          • nVidia do provide a FreeBSD driver.

            When Ubuntu and Debian went systemd I looked into FreeBSD and found that the FreeBSD driver lags considerably and generally doesn't work as well as the Linux driver. So I decided to stick with Linux for my desktop Unix needs. I may explore FreeBSD for headless servers in the future, but I have a Debian system with systemd pinned away which is still working OK for me.

    • Re:Fail idea (Score:5, Insightful)

      by Z00L00K ( 682162 ) on Sunday September 27, 2015 @11:01AM (#50607589) Homepage

      It's time to start asking the question about "security" updates - is it for you or for Microsoft they improve the security?

    • The only real way to protect yourself is external to Microsoft software, such as at the router. The router will not know if it is a security update or a simple "lets beta test the next release on the non-commercial chumps" software release. But the real issue is who are you concerned about security protection from? The only evil doers who have ever done me real harm are Microsoft themselves, back in XP SP1 days they rewrote my NIC EEPROM during a "security update" so that it would come up in an illegal defa
  • Sorry Friend (Score:4, Insightful)

    by Ol Olsoc ( 1175323 ) on Sunday September 27, 2015 @09:31AM (#50607205)
    When you opt for the Windows experience, you gonna get whatever experience they want you to get.

    But any way I know of of blocking any updates blocks all of them. like pulling the cable or disabling wifi.

  • by Irate Engineer ( 2814313 ) on Sunday September 27, 2015 @09:33AM (#50607217)

    You'll get what Microsoft wants and like it, or not - they don't care about your preferences anymore.

    If you want to send them a message, stop buying their software. This is a less painful option than it used to be, believe it or not.

    • by LVSlushdat ( 854194 ) on Sunday September 27, 2015 @10:33AM (#50607487)

      You'll get what Microsoft wants and like it, or not - they don't care about your preferences anymore.

      If you want to send them a message, stop buying their software. This is a less painful option than it used to be, believe it or not.
      --

      Not only stop buying, but STOP USING their software.. The reason Windows 10 is free is because YOU ARE THE PRODUCT that MS is *selling* to
      anybody with the right # of $, plus I have to imagine they're in tight with the NSA, since the NSA needs to fill that giant datacenter in Utah, and what better
      data than EVERYTHING you type, say and see on the computer that *used* to be YOURS and now belongs to MS.. Its a proven fact that 10 keylogs and captures large quantities of video/audio from any microphones/cameras on said system.. I used/admin'ed Windows for over 25 years (1991-2010) and when I retired I swore I'd quit using MS products and stay on Linux. It pains me to see how Americans have become nothing but lemmings running full-tilt off the cliff when it comes to computers... I have no fear either, that *if* enough of us non-lemmings skip sucking on MS's tit, and instead use of the many Linux/BSD distros, it won't be long before we're branded terrorists by this "government".... Hope I'm dead and buried by then (65 now..)

  • Server and SCCM? (Score:3, Interesting)

    by buckfeta2014 ( 3700011 ) on Sunday September 27, 2015 @09:33AM (#50607221)
    SCCM can push patches whenever the admin feels like it... maybe this would work for you? Although it would require setting up the server somewhere.
  • run and hide (Score:5, Interesting)

    by denbesten ( 63853 ) on Sunday September 27, 2015 @09:39AM (#50607253)

    Unless you wish to become the IT department for your sizeable extended family, don't touch this. The moment you take over patch management is the moment that others (Microsoft, Geek Squad, MS Fixit, etc.) cease being able to fix minor problems when their PCs go goofy.

    If you do want to become the IT department, look into Microsoft's Enterprise solutions. They continue to allow personalized patch management there.

  • by 140Mandak262Jamuna ( 970587 ) on Sunday September 27, 2015 @09:44AM (#50607269) Journal
    According to microsoft policies [microsoft.com] Windows 7 is already out of mainline support. It will have extended support till 2020. But according to its own policies, win7 should be getting only security updates, no "improvements" nor "enhancements". So in a just and fair world, you should get only critical security updates alone for Windows 7.

    But, as Scar told the mouse, "Life isn't fair, is it?".

    • by Kjella ( 173770 ) on Sunday September 27, 2015 @10:30AM (#50607475) Homepage

      That Win7 EOL is "coming soon" is a pretty good exaggeration. Very soon now Ubuntu 15.10 is being released, you'll have 16.04 LTS, 16.10, 17.04, 17.10, 18.04 LTS, 18.10, 19.04, 19.10 and 20.04 LTS before Win7 expires. Ten distro versions and three long time support releases later, a lot could change between now and then. I switched to Linux back in early 2007 because Vista was terrible but returned to Win7 in late 2010 mainly because of gaming. And I do have a laptop upgraded to Win10, unlike Vista it's not a bad OS except it comes with too many bundled privacy invasions. The OS is stable, the drivers work, IO handling seems faster, technically I haven't found any reason not to upgrade.except the anti-features.

    • by LVSlushdat ( 854194 ) on Sunday September 27, 2015 @10:38AM (#50607503)

      According to microsoft policies [microsoft.com] Windows 7 is already out of mainline support. It will have extended support till 2020. But according to its own policies, win7 should be getting only security updates, no "improvements" nor "enhancements". So in a just and fair world, you should get only critical security updates alone for Windows 7.

      But, as Scar told the mouse, "Life isn't fair, is it?".

      WHO THE FUCK CARES if it gets no "improvements" nor "enhancements"... 7 was the last tolerable Window s version, and if you can keep that insidious "telemetry" crap off of it, it should be good for the next 5 years or so, if for *some* reason you HAVE to stay on Windows...

    • by caseih ( 160668 )

      Sounds great to me. I don't need any improvements or enhancements. Nice to know I can keep Windows 7 around for another 5 years. After that maybe Wine will be good enough to run the few windows apps I might want to use. Or ReactOS. ;)

    • That's alright. My Windows 7 is running fine and I am definitely not looking for anything else than security updates.

  • Threat Model Failure (Score:4, Interesting)

    by Gim Tom ( 716904 ) on Sunday September 27, 2015 @09:49AM (#50607287)
    The "conventional wisdom" of having automatic updates on is to keep the huge ecosystem of windows desktops and laptops at least reasonably up to date, especially as to security issues, and this has to some extent worked. However, this new policy of trying to cram windows 10 down everyone's throat is beginning to have the opposite effect. Many people I know, myself included, have disabled automatic updates and more will follow. I have been asked many times how to stop upgrading from Windows 7 to Windows 10 and about the only answer I can give is either to turn automatic updates off or switch to Linux. Since few people are willing to move to Linux this change by Microsoft is actually increasing the threat from people using windows platforms.

    Now in Windows 10, with no indication of what a given update may contain or do it opens the door to just about anything on those machines. Somehow this makes me think of the recent unpleasantness that Volkswagen has unleashed upon itself. Just trust me to do the right thing. I am not a great admirer of Regan, either as an actor or politician, but one thing he said was on the mark. "Trust but verify."
    • by fahrbot-bot ( 874524 ) on Sunday September 27, 2015 @12:35PM (#50608045)

      I am not a great admirer of Regan, either as an actor or politician, but one thing he said was on the mark. "Trust but verify."

      Although, according to Wikipedia, Trust but verify [wikipedia.org] was originally a Russian proverb taught to Regan by an adviser:

      Suzanne Massie, a writer on Russia, met with President Ronald Reagan many times between 1984 and 1987.[1] She taught him the Russian proverb, "doveryai no proveryai" (trust, but verify) advising him that "The Russians like to talk in proverbs.

      • by Gim Tom ( 716904 )
        Thanks for the info! I knew it was from a Russian saying, but had never looked into it deeper than that.
    • Also, this will most likely extend the life of Windows 7. If people disable updates, then who is going to care when Microsoft stops providing new updates? Updates will be disables anyway.

  • by sanf780 ( 4055211 ) on Sunday September 27, 2015 @09:56AM (#50607309)
    Let us assume Windows is downloading Windows 10 automatically, even if you did not reserve it. Do you get Windows 10 installed by doing the typical "You need to restart your computer in order to get security updates"? If that is not what happens, then the only thing wrong is downloading 3.5GB worth of unwanted data. It is still wrong, though. I do not think people are installing Windows 10 without ever clicking on YES somewhere. I am sure it is the user's fault if they click. It is always the user's fault if they install unwanted/malware software that was bundled with other software by clicking a YES button.
    So, do not spread wrong rumours, pretty please. I have not heard of anybody installing Windows 10 without his/her consent.
    • by ITRambo ( 1467509 ) on Sunday September 27, 2015 @10:18AM (#50607403)
      You are incorrect. I have a couple of customers that had Windows 10 install automatically while they were away. They claim to never have authorized this. One of my own workstations kept trying to install Windows 10 as an update for Windows 7 Pro, until I turned off Automatic Updates. A second identical workstation hasn't done this. It may be random. You have too much faith in Microsoft software being infallible. All software is buggy. You don't need to click YES this time around. PC's having Windows 7 replaced with Windows 10 with no user input is real. On the other hand, I've had a couple of customers that had broken Windows 7 installations. After making drive images, I got their okay to upgrade to Windows 10. In each case the PC ran much better and the problems. broken IE11 for one, were fixed. So, Windows 10 is a mixed bag. I like it when it's not being force fed.
      • You have too much faith in Microsoft software being infallible.

        I'm pretty sure *no one* thinks this. :-)

    • by JimMcc ( 31079 )

      Unfortunately many users just click on the ok button, or whatever button they think will make the dialog box go away. They are more intent on consuming the content then on what is actually happening on their system. My wife is a perfect example; despite years of my trying to get her to ask about dialog boxes that pop up that she doesn't understand, she still just clicks ok and moves on. Sometimes she'll comment about why does this keep happening, but generally she just wants her Faceballs access to continue

  • Install Linux (Score:5, Interesting)

    by Greyfox ( 87712 ) on Sunday September 27, 2015 @09:57AM (#50607321) Homepage Journal
    The slashdot knee-jerk response is "Install Linux". But it might actually be time to have that conversation. You don't feel your OS vendor has your best interests in mind and is trying to jam some crap you don't want down your throat. Do you stick with them because they're familiar or do you switch vendors? The answer is going to be different for everyone. My parents use their computer as a dumb terminal to the internet, use OpenOffice.org for the few documents they do write and they aren't gamers. I could switch them to Linux and they'd never notice the difference. People with a lot of games, photography professionals who have to run Photoshop and people who do video editing might have a different answer.

    Of course, you don't have to install Linux. Maybe some people would be happier with Apple. You run into a lot of the same problems with them -- Apple looks out for Apple. I got tired of beating my head against my computer to make it work in the mid 2000s and ran Apple hardware for nearly a decade. You plug their shit in, it just works. It's tempting. But even more than Microsoft, their software thinks it knows how you should be working and it's difficult or impossible to do anything differently. You start banging your head against your computer again, and at least with Linux when you do that, you damn well can make the system do what you want it to. Apple's gaming scene when I was using them was only marginally better than Linux's -- you could make a couple of big MMOs and some decade-old games work with their systems.

    You could also go with FreeBSD. I don't know a lot about them, but with the whole systemd debacle, a lot of people are moving in that direction now. I'd have to set it up and run it for a while before I could recommend it to relatives.

    So that pretty much leaves me with Linux. If you're moving away from Microsoft because you don't like their agenda, you probably don't want a commercial distribution of Linux, either. Find one with an active community that has politics you like and go with them. Or just decide that maybe you can put up with Microsoft's bullshit after all. That's your choice, right there, and you should be able to talk intelligently with your relatives about it.

    You don't have to stay there once you make that move, either. I've just about eliminated all the Apple stuff I had going on -- my old Core 2 Duo Macbook is running Linux and my destop dual boots windows and Linux. I'm still booting back to Windows for the games collection and because getting files off my Android phone is easier with Windows. I prefer Kdenlive in Linux for editing my GoPro videos, but I mostly just clip a bit off the front and back of the video and tweak the contrast and sharpening.

    The point is that for all these things you always have that choice. Live with your current vendor's bullshit or find some vendor whose bullshit you can tolerate.

    • NO KIDDING!! I'm a retired Linux/Windows admin, and I run a tiny local business doing "Windows Janitorial Services" and "upgrading" systems to Linux. The "company" is me and two other guys I knew from my last company prior to retirement. I started the "Linux upgrade" thing with several neighbors who had gotten their older XP systems munged up with a large amount of malware, and had no recovery disks. I gave them a choice: Linux or a new system, as I didnt think they'd appreciate a bll for umpteen hours of c

    • I'm still booting back to Windows for the games collection and because getting files off my Android phone is easier with Windows.

      I use ES File Explorer on my Android devices, it has pretty good network file share support. Some Android distributions can also be twiddled to mount smbfs and nfs directly. And finally, you can also just run a samba server on Android.

    • by JimMcc ( 31079 )

      Sadly, this isn't always an option. For users who's only use of a computer is watching cat videos, doing email, etc., sure this option is a good one. But some of us have Windows forced down our throats due to applications we are required to run. I'm a marine electrician and virtually all of the diagnostic and configuration tools that various vendors provide require Windows. As a side line I do vinyl graphics work and the only reliable and realistic solutions run on Windows. I'll admit that I haven't tried W

    • The slashdot knee-jerk response is "Install Linux". But it might actually be time to have that conversation.

      The time to have that conversation was back when Windows ME was launched, or even Windows XP.

      We are way, way past that point now. For all the "OMG M$ is the evilz!" nonsense, Windows 10 is one of the nicest Windows launches they have had. It takes much of what was great about 7 and combines the improvements from 8 and puts them together.

      Linux might have had a chance 15 years ago to take a decent share of the desktop market. That ship has sailed...

    • by temcat ( 873475 )

      I'd like to. Still no OSS or proprietary GUI-based FineReader equivalent ready for serious work (with area selection). The CLI FineReader Engine doesn't cut it. This is the only thing that prevents me from fully switching to Linux for work needs.

  • by koan ( 80826 )

    First, if they are moving from 7 to 10 they are learning a new OS, and if they are on Win8 they have already been under the auto update yoke.

    Second, they are more likely locked into a program rather than a OS, consider what it is they have to run on Windows, is there an equivalent in Linux?

    If so, the "learn a new OS" complaint (while valid) isn't as hard as they might think these days, there is a sort of "start button" and there is a menu and it should not be that difficult.

    The main thing I would stress, if

    • First, if they are moving from 7 to 10 they are learning a new OS

      In what world? For the basic user very little at all has changed between 7 and 10. The interface looks a tiny bit different, "All Programs" is now called "All Apps" in the start menu but otherwise there's absolutely nothing about windows 10 that needs "learning".

      Windows 8 needed learning but they've backed off from that interface.

  • by CaptainOfSpray ( 1229754 ) on Sunday September 27, 2015 @10:19AM (#50607407)
    They "don't want to go through the process of learning another OS".

    What do they think moving to Win 10 will be like?

    Move them to Linux Mint Cinnamon, that's more like what they are used to than any of Win 7, Win 8, or Win 10.
  • If they come to you for advice and that advice is to ditch Windows, then you are not obligated to help them with support.

    I've taken that hardline approach for years and flat out refuse to help by saying, in essence, "I don't use it, I don't know it."
    • Being a retired admin, THAT is my advice to all who ask... Get the F**K OFF WINDOWS!! Linux is NOT hard....

    • by ledow ( 319597 )

      Yup.

      I treat Apple products just like this. You chose to buy that stuff, if you asked me I would have told you not to, I could supply enough reasons to justify that claim, but yet you still went down that path.

      When I was self-employed, my mantra was "I charge prices relative to the amount of my advice that you ignored, and the amount of stupidity you deployed". It tended to work. When people made bad decisions, I charged a lot more for the cleanup and they learned not to make bad decisions (or to fix it t

  • As far as Windows goes I am happy to tolerate it for the games that I play that do not have a Linux port yet. So there is no way in hell I am upgrading to 8 or 10.

    Using this: https://msdn.microsoft.com/en-... [microsoft.com]

    I am fairly confident that those fuckers can't force something onto me I don't want (especially since I compiled it with TDM-gcc

    C:\Users\Pyshcotria\Code> checkversion.exe
    Windows10YoureFuckedOrGreater
    C:\Users\Pyshcotria\Code>

    Seems fine

  • ... Microsoft does not want you to use Windows. ... FAIL
  • by nickweller ( 4108905 ) on Sunday September 27, 2015 @10:36AM (#50607501)
    "Zorin OS [zorinos.com] is a multi-functional operating system designed specifically for Windows users who want to have easy and smooth access to Linux."
  • I found throughout the decades that the best computer security is provided by using common sense and being informed on things related to computers. While security updates are mandatory for most people (I guess), I think there are people who can get by just using their knowledge of IT and common sense. In any case, this has worked for me my whole 40+ years long life, more than half of it involved with computer tech.

  • Can't you pick and choose updates with the corp version? Only home edition forces them on you.

    • Re:Corp version? (Score:4, Informative)

      by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Sunday September 27, 2015 @12:19PM (#50607953) Homepage Journal

      Can't you pick and choose updates with the corp version? Only home edition forces them on you.

      You can pick and choose updates in the home version, too. By default, you get all updates, including recommended ones. But you can tell it to just notify you and not download or install updates. Then you can run windows update manually, and click on each patch, then click the link for more info, then read about it in your web browser. If you don't want an update, you can hide it in windows update, and it will no longer appear and you will no longer be nagged to install it. All very straightforward, except that useful patch descriptions aren't actually given in the windows update app, you have to keep going to the browser. And microsoft will no longer give you that information without enabling javascript for their domain, their basic site functionality now requires javascript, either because they want to run malicious code on your PC or because they are completely incompetent and forgot how to put content into a webpage without javascript, take your pick.

  • Download MBSA, run it every night, check the missing patches, download and install them.

    MBSA => "The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations. MBSA 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012. Windows 2000 will no longer be supported with this release." (http://www.microsoft.com/en-us/download/details.aspx?id=7558)

    Get it, write some PowerShell to ru

  • DisableGWX (Score:3, Insightful)

    by Deathlizard ( 115856 ) on Sunday September 27, 2015 @11:23AM (#50607703) Homepage Journal

    First off, If there's no reason not to upgrade other than FUD, then they should update. 7 only has a little more than 4 years left and is already in extended support and windows 8/8.1 interface is crap vs 10. If they're worried about being spied on stay with a Local account and don't setup a Microsoft account. It will only take the same telemetry that they've been doing since the customer experience program in vista, which you can then turn off. That being said MS shouldn't have started downloading the OS on PC's without explicit reservations but even that can be disabled.

    Easiest method to disable windows 10 from updating is to use the DisableGWX Policy setting. This site's Method 3 [askvg.com] will walk you through setting the registry key. Microsoft [microsoft.com] Also has some other blocking methods as well.

    If you just want security patches from that point forward go to windows update settings and uncheck "give me Recommended updates the same way I receive important updates"

    • Re:DisableGWX (Score:5, Insightful)

      by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Sunday September 27, 2015 @12:07PM (#50607907) Homepage Journal

      First off, If there's no reason not to upgrade other than FUD,

      Look, shill, Microsoft actively spying on users isn't FUD. It's not a fear, because they're doing it. It's not uncertainty, because they're doing it. And it's not doubt, because they're doing it.

      Easiest method to disable windows 10 from updating is to use the DisableGWX Policy setting

      That is not the question, which the summary makes obvious, since the poster mentioned Windows 10 attempting to install itself. Clearly they want to avoid Windows 10.

      If you just want security patches from that point forward go to windows update settings and uncheck "give me Recommended updates the same way I receive important updates"

      The problem, as I pointed out in the top comment in this thread, is that you cannot trust Microsoft not to put other things into "Security Updates". This is especially true on Windows 10 where they are providing less information about what is actually in patches than literally ever before, as pointed out by a comment in that part of this thread. So no, that doesn't work.

    • First off, If there's no reason not to upgrade other than FUD,

      FUD? ARS Technica is not known for publishing FUD. [arstechnica.com]
      And here's a nice traffic analysis of what Windows 10 sends to Microsoft in its IP packets. [aeronet.cz]

  • Have a look at WSUS Offline. [wsusoffline.net] It does more or less what you're asking for, although you do have to run the collector and client manually every post patch Tuesday.
    • Have a look at WSUS Offline. It does more or less what you're asking for, although you do have to run the collector and client manually every post patch Tuesday.

      No, there is no more patch Tuesday [computing.co.uk]. And also no, because you cannot trust Microsoft not to put spying or Windows 10 "upgrading" into a security patch.

  • Have had it since WFW 3.11 in '95 and survived the many flavors of Winders so I could play games although I dual-booted with OS/2 then Linux. Steam has enough games to keep me busy for a long time. Bye bye M$!

  • Give them each a fairly sizable usb stick. Make it boot linux with persistence. Linux mint or linux lite would be my choices. Set their computers to boot the usb stick first. If they have any problems, they can just pull the stick and have their windows back. Tell them the truth - Linux is free, has regular updates, is so unlikely to catch malware that people generally don't install anti-virus software, and is closer to what they are used to than windows 10 is. If it's a fear of changing brand names, the re
  • by sweet 'n sour ( 595166 ) on Sunday September 27, 2015 @12:42PM (#50608083)
    Microsoft has two versions of Windows 10 for volume license users: CB and LTSB.

    CB (Current Branch) is the same as what the home users have to deal with.
    LTSB (Long Term Service Branch) however does things differently.

    "For example, systems powering hospital emergency rooms, air traffic control towers, financial trading systems, factory floors, just to name a few, may need very strict change management policies, for prolonged periods of time. To support Windows 10 devices in these mission critical customer environments we will provide Long Term Servicing branches at the appropriate time intervals. On these branches, customer devices will receive the level of enterprise support expected for the mission critical systems, keeping systems more secure with the latest security and critical updates, while minimizing change by not delivering new features for the duration of mainstream (five years) and extended support (five years)."

    Source: Windows 10 for Enterprise: More secure and up to date
    https://blogs.windows.com/busi... [windows.com]

    The only other solution I can think of would rely on setting up a WSUS server, and managing the updates from there. The OP would then just need to change some registry settings on his family's computers to point to his WSUS server for updates.

    Instructions: Configure Automatic Updates using Registry Editor
    https://technet.microsoft.com/... [microsoft.com]
  • Hi. I'm mostly a Mac and Linux guy, but I have a Windows box I use for gaming. Windows 10 is a fine product: it's a nice extension of the Windows 7 experience, with better security, good speed, and some nice features. As you say you're not going to be able to get your family off Windows, they should be running 10, with all the updates. Trying to stick with 7 (or god forbid, XP), they'll have more incompatibility issues going forward rather than less, and picking and choosing Windows updates is more trou

  • by Yer Mum ( 570034 ) on Sunday September 27, 2015 @01:06PM (#50608205)

    The three registry keys to disable GWX and the GWX advert in Windows Update are these...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX]

    "DisableGwx"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

    "DisableOSUpgrade"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade]

    "ReservationsAllowed"=dword:00000000

    Then open an elevated command prompt (search for cmd in the start menu, right click and Run as Administrator) and uninstall the following telemetry KBs...

    wusa /uninstall /kb:3068708 /norestart
    wusa /uninstall /kb:3022345 /norestart
    wusa /uninstall /kb:3075249 /norestart
    wusa /uninstall /kb:3080149 /norestart

    In Control Panel > Windows Update > Change Settings, untick "Give me recommended updates the same way as I receive important updates" as some optional updates have been used to send down unwanted GWX/Telemetry updates.

    Also in Control Panel > Windows Update, search for updates, then view the optional ones, then hide three of those KBs above (3022345 shouldn't appear as it's superseded) by right-clicking on them and choosing the hide option.

    Now reboot the computer, search for CEIP in the start menu, run it, and change the setting to disable telemetry to MS.

    If the C:\$WINDOWS.~BT then your computer is downloading Windows 10 in the background. Search for CleanMgr in the start menu and run it to remove the "Windows Update temporary files" category. Although that may unhide those three KBs above and you many need to rehide them.

    Telemetry info from http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/ [ghacks.net]

    Unless MS send a recommended update which adds more GWX or Telemetry stuff to Windows 7/8, your extended family's computers will look after themselves from now on.

  • I believe that, in the past, Microsoft lied about certain updates as to whether they were vital security updates or not,
    They could just as easily lie in the future and force down something that helps them keep a better eye on us but label it as vital security.

    Any non-IT person would normally be well advised to have the system automatically install security updates. Those of us who are may have to trust MS as our particular area of expertise does not include what "this" update is supposed to fix. Does eve

  • I installed 10 on a laptop. When setting up it gives an option to opt out of auto update. But... auto updates anyway. What scares me is that I learned long ago not to install most optional updates. Video drivers usually don't work. Lan drivers usually don't work. For the lan, you have to dig out the mobo software and reinstall it. Then get on line to get video drivers. Not fun.

    As far as the 8 metro screen. How is it, after all this time, no one seems to know how or even that you can shut it off. I didn't li

  • by Anonymous Coward

    If staying on Windows is a must, simply get the Enterprise version. It allows to manage the updates the updates the way it was in Windows 7.

  • by Beeftopia ( 1846720 ) on Sunday September 27, 2015 @05:08PM (#50609375)

    Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

    KB 2952664
    Compatibility update for upgrading Windows 7
    https://support.microsoft.com/... [microsoft.com]

    KB 2976978
    Compatibility update for Windows 8.1 and Windows 8
    https://support.microsoft.com/... [microsoft.com]

    KB 3022345
    Update for customer experience and diagnostic telemetry
    https://support.microsoft.com/... [microsoft.com]

    KB 3035583
    Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
    https://support.microsoft.com/... [microsoft.com]

    KB 3068708
    Update for customer experience and diagnostic telemetry
    https://support.microsoft.com/... [microsoft.com]

    KB 3075249
    Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
    https://support.microsoft.com/... [microsoft.com]

    KB 3080149
    Update for customer experience and diagnostic telemetry
    https://support.microsoft.com/... [microsoft.com]

The beer-cooled computer does not harm the ozone layer. -- John M. Ford, a.k.a. Dr. Mike

Working...