List of Windows 7 telemetry updates to avoid

Discussion in 'privacy general' started by Stefan Froberg, Aug 24, 2015.

  1. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Is there a list of IP addresses M$ uses to "improve user experience" that I can block?
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    So from what (little) I've gathered, Windows 10 (and now 7) telemetry:

    - Uses HTTPS on port 443

    - Goes to a couple of *.data.microsoft.com addresses, which may change in the future
    [EDIT: whoops nope, they go to a very large number of addresses on different domains]

    - Is built very tightly into Windows, probably as a privileged service; such that it bypasses the system proxy settings, etc.

    I'm curious about possible strategies for blocking this traffic, seeing as I now have a Windows 10 PC on my network sending all kinds of stuff back to Redmond. This would probably be best done on a router/gateway, as the Windows 10 machine itself can be considered intrinsically untrustworthy.

    - The obvious is an SSL MITM proxy. I do not consider this a good idea, for reasons that should be equally obvious.

    - IP blacklists are dubious in terms of future-proofness, and not blocking MS updates. Likewise DNS blacklists.

    - Not sure what else would work. Maybe there are some common, unencrypted characteristics of the telemetry traffic, that Snort or such could sniff out and block?

    Any ideas?

    Edit: hmm, actually looking at the IP addresses

    Code:
    proteus@harvest-lore:~$ ping vortex-win.data.microsoft.com
    PING Vortex-BN2.metron.live.com.nsatc.net (65.55.44.109) 56(84) bytes of data.
    ^C
    --- Vortex-BN2.metron.live.com.nsatc.net ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 999ms
    
    proteus@harvest-lore:~$ whois 65.55.44.109 | grep -i cidr
    CIDR:  65.52.0.0/14
    proteus@harvest-lore:~$
    
    Whereas other Microsoft stuff seems to be on a different range

    Code:
    proteus@harvest-lore:~$ ping windowsupdate.microsoft.com
    PING www.update.microsoft.com.nsatc.net (65.55.50.158) 56(84) bytes of data.
    ^C
    --- www.update.microsoft.com.nsatc.net ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms
    
    proteus@harvest-lore:~$ ping microsoft.com
    PING microsoft.com (134.170.188.221) 56(84) bytes of data.
    ^C
    --- microsoft.com ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms
    
    proteus@harvest-lore:~$ whois 134.170.188.221 | grep -i cidr
    CIDR:  134.170.0.0/16
    proteus@harvest-lore:~$
    
    Hmm. Looks like this is the live.com domain, not microsoft.com:

    Code:
    proteus@harvest-lore:~$ ping windowsupdate.microsoft.com
    PING www.update.microsoft.com.nsatc.net (65.55.50.158) 56(84) bytes of data.
    ^C
    --- www.update.microsoft.com.nsatc.net ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms
    
    proteus@harvest-lore:~$ ping microsoft.com
    PING microsoft.com (134.170.188.221) 56(84) bytes of data.
    ^C
    --- microsoft.com ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms
    
    proteus@harvest-lore:~$ whois 134.170.188.221 | grep -i cidr
    CIDR:  134.170.0.0/16
    proteus@harvest-lore:~$
    
    There's other stuff too though, it covers a very wide spread of IPs. I'd say DNS blocking would be preferable then, except that they could just hardcode the IPs in some update. Ugh.
     
    Last edited: Sep 21, 2015
  3. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    The rate of Telemetry updates by MS have significantly slowed down over the course of the last few months. I have maintained a list a while ago and below you will find another final list. Its quite extensive and some may find this excessive. The script is suitable for both W7 and W8,8.1, even though some KB's are only for W7 there is now harm running this script on a W8,8.1 machine as MS does not double up KB names that serve different functions.

    Regards to all.

     
  4. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Thanks for you work, much appreciated. :thumb::thumb:
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    It must be that time of year. I just bumped a related tool. Using an HTML file for note keeping is a little unusual, but the ability to programmatically leverage tables is nice.
    Code:
    <!doctype html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>Windows Update Notes</title>
    <style type="text/css">
    table.data {border-collapse:collapse;}
    table.data td, table.data th {text-align:left; border:1px solid black; padding:3px;}
    table.data th {background-color:#7C96C3; color:white;}
    table.data tr:nth-child(odd) td {background-color:#F5F5FF;}
    td {vertical-align:top; white-space:nowrap;}
    td.cmdDesc {padding-right:8px;}
    div.hdr {font-weight:bold; margin-bottom:6px;}
    div.topgap {margin-top:8px;}
    </style>
    <script type="text/javascript">
    var verInfoStr = 'Windows Update Notes - Oct 09 2015';
    
    var updatesByYearTbl = [
      [ '979198', '2009'],
      ['2492172', '2010'],
      ['2662694', '2011'],
      ['2800436', '2012'],
      ['2921911', '2013'],
      ['3028013', '2014'],
      [ '894199', '2015'],
    ];
    
    var updatesOfInterestTbl = [
      [ '971033',        '', 'Y', 'N', 'Update for Windows Activation Technologies'],
      ['2876229',        '', 'Y', 'Y', 'Skype for Microsoft Update'],
      ['2902907',        '', ' ', ' ', 'NOT FOUND, but reported to be telemetry related'],
      ['2952664',        '', 'Y', 'N', 'Compatibility update for upgrading Windows 7'],
      ['2976978',        '', 'N', 'Y', 'Compatibility update for Windows 8.1 and Windows 8 '],
      ['2977759',        '', 'Y', 'N', 'Compatibility update for upgrading Windows 7'],
      ['2990214',        '', 'Y', 'N', 'Update that enables you to upgrade from Windows 7 to a later version of Windows'],
      ['3008188',        '', 'N', 'Y', 'November 2014 Windows Update client improvements in Windows 8.1 or Windows Server 2012 R2'],
      ['3012973',        '', ' ', ' ', 'NOT FOUND, but reported to be the Upgrade to Windows 10 Pro'],
      ['3021917',        '', 'Y', 'N', 'Update to Windows 7 SP1 for performance improvements'],
      ['3022345',        '', 'Y', 'Y', 'Update for customer experience and diagnostic telemetry'],
      ['3035583',        '', 'Y', 'Y', 'Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1'],
      ['3044374', '3008188', 'N', 'Y', 'Update that enables you to upgrade from Windows 8.1 to Windows 10'],
      ['3046480',        '', 'Y', 'Y', 'Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7'],
      ['3050265', '2990214', 'Y', 'N', 'Windows Update Client for Windows 7: June 2015'],
      ['3050267', '3044374', 'N', 'Y', 'Windows Update Client for Windows 8.1: June 2015'],
      ['3065987', '3050265', 'Y', 'N', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015'],
      ['3065988', '3050267', 'N', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015'],
      ['3068707',        '', ' ', ' ', 'NOT FOUND, but reported to be telemetry related'],
      ['3068708', '3022345', 'Y', 'Y', 'Update for customer experience and diagnostic telemetry'],
      ['3072318',        '', 'N', 'Y', 'Update for Windows 8.1 OOBE to upgrade to Windows 10'],
      ['3075249',        '', 'Y', 'Y', 'Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7'],
      ['3075851',        '', 'Y', 'N', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015'],
      ['3075853', '3065988', 'N', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015'],
      ['3080149', '3022345', 'Y', 'Y', 'Update for customer experience and diagnostic telemetry'],
      ['3083710',        '', 'Y', 'N', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015'],
      ['3083711',        '', 'N', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015'],
      ['3090045',        '', 'Y', 'Y', 'Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1'],
    ];
    
    var cmdsTbl = [
      ['Uninstall an update',                    'wusa /uninstall /kb:3035583'],
      ['Powershell check for installed update',  'get-hotfix -id KB3035583'],
      ['Check for installed update',             'wmic qfe where HotFixID="KB3035583" list /format:list'],
      ['Check system for updates of interest',   '$wmicCmd'],
    ];
    
    function init() {
      document.title = verInfoStr;
      document.getElementById("verInfoStr").innerHTML = verInfoStr;
    
      var tbl = updatesByYearTbl;
      var html = '';
      for(var i=0; i<tbl.length; i++) {
        if(i > 0) {
          html += ', ';
        }
        html += '<a href="https://support.microsoft.com/en-us/kb/' + tbl[i][0] + '" target="_blank">' + tbl[i][1] + '</a>';
      }
      document.getElementById("UpdatesByYear").innerHTML = html;
      tbl = updatesOfInterestTbl;
      html = '<table class="data">';
      html += '<tr><th>KB</th><th>Replaces</th><th>Win7</th><th>Win8</th><th>Description</th></tr>';
      for(var i=0; i<tbl.length; i++) {
        html += '<tr>';
        html += '<td><a href="https://support.microsoft.com/en-us/kb/' + tbl[i][0] + '" target="_blank">KB' + tbl[i][0] + '</a></td>';
        html += '<td>'
        if(tbl[i][1] !== '') {
          html += '<a href="https://support.microsoft.com/en-us/kb/' + tbl[i][1] + '" target="_blank">KB' + tbl[i][1] + '</a>';
        }
        html += '</td>';
        html += '<td style="text-align:center">' + tbl[i][2] + '</td>';
        html += '<td style="text-align:center">' + tbl[i][3] + '</td>';
        html += '<td>' + tbl[i][4] + '</td>';
        html += '</tr>';
      }
      html += '</table>';
      document.getElementById("UpdatesOfInterest").innerHTML = html;
    
      tbl = cmdsTbl;
      html = '<table class="cmds">';
      for(var i=0; i<tbl.length; i++) {
        html += '<tr><td class="cmdDesc">' + tbl[i][0] + ':</td><td>' + tbl[i][1] + '</td></tr>';
      }
      html += '</table>';
      tbl = updatesOfInterestTbl;
      var wmicCmd = 'wmic qfe where (';
      for(var i=0; i<tbl.length; i++) {
        if(i > 0) {
          wmicCmd += ' OR ';
        }
        wmicCmd += 'HotFixID="KB' + tbl[i][0] + '"';
      }
      wmicCmd += ') list /format:htable > "%USERPROFILE%/Desktop/InstalledUpdatesOfInterest.html"';
      document.getElementById("MiscCmds").innerHTML = html.replace("$wmicCmd", wmicCmd);
    }
    </script>
    </head>
    <body onload="init();">
    <noscript>This page requires javascript</noscript>
    <div class="hdr">Description of Software Update Services and Windows Server Update Services changes in content for:</div>
    <div id="UpdatesByYear"></div>
    <div class="hdr topgap">Updates of Interest:</div>
    <div id="UpdatesOfInterest"></div>
    <div class="hdr topgap">Miscellaneous Commands:</div>
    <div id="MiscCmds"></div>
    <div id="verInfoStr" class="hdr topgap"></div>
    </body>
    </html>
    
     
    Last edited: Oct 10, 2015
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    This is a nice. Part of the issue with MS updates is that they are not transparent and you have to jump through all kinds of hoops to find out what they really do.
     
  7. gulikoza

    gulikoza Registered Member

    Joined:
    Jan 4, 2011
    Posts:
    5
    Hi,

    Thanks for compiling the extensive list of updates. However, I have a question about Windows Update Client updates (3050265, 3065987, 3075853, 3083710, 3083711).
    These add features to update client, including DisableOSUpgrade regkey, perhaps these shouldn't be blocked?

    I have done some updates to the scripts to use loops. This should be easier to add updates to the list :)

    Code:
    ECHO OFF
    REM --- remember to invoke from ELEVATED command prompt!
    REM --- or start the batch with context menu "run as admin".
    SETLOCAL
    
    REM --- Add updates to this list, no quotes
    SET updates=3012973 3021917 3035583 2952664 2976978 3022345 3068708 2990214 3075249 3080149 3050265 971033 2902907 2976987 3065987 3075853 3044374 3022345 3068707 3081452 2977759 3083710 3083711
    
    REM --- uninstall updates
    echo uninstalling updates ...
    for %%u in (%updates%) do (
        start "title" /b /wait wusa.exe /kb:%%u  /uninstall /quiet /norestart
        echo - done: KB%%u.
    )
    
    timeout 10
    
    REM --- hide updates
    echo hiding updates ...
    start "title" /b /wait cscript.exe "%~dp0HideWindowsUpdates.vbs" %updates%
    echo  - done.
    
    echo ... COMPLETED (please remember to REBOOT)
    echo - done.
    
    pause
    REM --- EOF
    
    PowerShell script to decline updates on WSUS server:

    Code:
    if ($args[0] -eq $null) {
        write-host "Usage:" $MyInvocation.MyCommand.Name "wsus-server-name"
        exit
    }
    
    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($args[0],$False,8530)
    
    if ($wsus -eq $null) {
        exit
    }
    
    write-host "Connected to WSUS server:" $args[0]
    
    $updates="3012973 3021917 3035583 2952664 2976978 3022345 3068708 2990214 3075249 3080149 3050265 971033 2902907 2976987 3065987 3075853 3044374 3022345 3068707 3081452 2977759 3083710 3083711"
    
    foreach ($u in $updates.Split(" ")) {
        write-host "Searching for" $u
        $updates = $wsus.SearchUpdates($u)
        if ($updates -ne $null) {
            foreach ($update in $updates) {
                write-host "Declining" $u
                $update.Decline($True)
            }
        }
    }
    
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I'm not sure which list(s) you are referring to. However, I spot eight Windows Update Client entries in my Updates Of Interest list (which I shared). Four for Windows 7, four for Windows 8, ignoring replacements. I included them because I want to remember them. I want to remember them because I suspect that they have the potential to affect what is phoned home. Maybe, some day, I'll get around to MITMing the encrypted traffic during Windows Updates. If I do, I think I would begin with a box that doesn't have those updates installed. Then, install them, and see if the phoned home info changes.

    I do recall seeing DisableOSUpgrade being mentioned, as well as some other "would likely want" changes. So we'd probably want to think thrice before refusing/blocking them.

    Thanks for sharing your code. I think the looping approach helps. Haven't walked the code yet, but certainly will.

    FWIW, I made some improvements to my WindowsUpdatesNotes.html page. Separate column for UpdateClient, ability to add search engines and make research easier, got rid of 'N' cells to make the 'Y' cells easier to spot.
    Code:
    <!doctype html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>Windows Update Notes</title>
    <style type="text/css">
    table.data {border-collapse:collapse;}
    table.data td, table.data th {text-align:left; border:1px solid black; padding:3px;}
    table.data th {background-color:#7C96C3; color:white;}
    table.data tr:nth-child(odd) td {background-color:#F5F5FF;}
    td {vertical-align:top; white-space:nowrap;}
    td.cmdDesc {padding-right:8px;}
    div.hdr {font-weight:bold; margin-bottom:6px;}
    div.topgap {margin-top:8px;}
    div#footnotes {visibility:hidden;}
    </style>
    <script type="text/javascript">
    var verInfoStr = 'Windows Update Notes - Oct 20 2015';
    
    var updatesByYearTbl = [
      [ '979198', '2009'],
      ['2492172', '2010'],
      ['2662694', '2011'],
      ['2800436', '2012'],
      ['2921911', '2013'],
      ['3028013', '2014'],
      [ '894199', '2015'],
    ];
    
    var updatesOfInterestTbl = [
      //  KB      Replaces    7    8    UC   Description
      [ '971033',        '', 'Y', ' ', ' ', 'Update for Windows Activation Technologies'],
      ['2876229',        '', 'Y', 'Y', ' ', 'Skype for Microsoft Update'],
      ['2902907',        '', ' ', ' ', ' ', 'NOT FOUND, but reported to be telemetry related'],
      ['2952664',        '', 'Y', ' ', ' ', 'Compatibility update for upgrading Windows 7'],
      ['2976978',        '', ' ', 'Y', ' ', 'Compatibility update for Windows 8.1 and Windows 8 '],
      ['2977759',        '', 'Y', ' ', ' ', 'Compatibility update for upgrading Windows 7'],
      ['2990214',        '', 'Y', ' ', 'Y', 'Update that enables you to upgrade from Windows 7 to a later version of Windows'],
      ['3008188',        '', ' ', 'Y', 'Y', 'November 2014 Windows Update client improvements in Windows 8.1 or Windows Server 2012 R2'],
      ['3012973',        '', ' ', ' ', ' ', 'NOT FOUND, but reported to be the Upgrade to Windows 10 Pro'],
      ['3021917',        '', 'Y', ' ', ' ', 'Update to Windows 7 SP1 for performance improvements'],
      ['3022345',        '', 'Y', 'Y', ' ', 'Update for customer experience and diagnostic telemetry'],
      ['3035583',        '', 'Y', 'Y', ' ', 'Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1'],
      ['3044374', '3008188', ' ', 'Y', 'Y', 'Update that enables you to upgrade from Windows 8.1 to Windows 10'],
      ['3046480',        '', 'Y', 'Y', ' ', 'Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7'],
      ['3050265', '2990214', 'Y', ' ', 'Y', 'Windows Update Client for Windows 7: June 2015'],
      ['3050267', '3044374', ' ', 'Y', 'Y', 'Windows Update Client for Windows 8.1: June 2015'],
      ['3065987', '3050265', 'Y', ' ', 'Y', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015'],
      ['3065988', '3050267', ' ', 'Y', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015'],
      ['3068707',        '', ' ', ' ', ' ', 'NOT FOUND, but reported to be telemetry related'],
      ['3068708', '3022345', 'Y', 'Y', ' ', 'Update for customer experience and diagnostic telemetry'],
      ['3072318',        '', ' ', 'Y', ' ', 'Update for Windows 8.1 OOBE to upgrade to Windows 10'],
      ['3075249',        '', 'Y', 'Y', ' ', 'Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7'],
      ['3075851', '3065987', 'Y', ' ', 'Y', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015'],
      ['3075853', '3065988', ' ', 'Y', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015'],
      ['3080149', '3022345', 'Y', 'Y', ' ', 'Update for customer experience and diagnostic telemetry'],
      ['3083324', '3075851', 'Y', ' ', 'Y', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: September 2015'],
      ['3083325', '3075853', 'Y', ' ', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: September 2015'],
      ['3083710', '3083324', 'Y', ' ', 'Y', 'Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015'],
      ['3083711', '3083325', ' ', 'Y', 'Y', 'Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015'],
      ['3090045',        '', 'Y', 'Y', ' ', 'Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1'],
    ];
    
    var cmdsTbl = [
      ['Uninstall an update',                     'wusa /uninstall /kb:3035583'],
      ['Uninstall an update',                     'wusa /uninstall /kb:3035583 /quiet /norestart'],
      ['Check for installed update (PowerShell)', 'get-hotfix -id KB3035583'],
      ['Check for installed update',              'wmic qfe where HotFixID="KB3035583" list /format:list'],
      ['Show installed updates',                  'wmic qfe list /format:htable > "%USERPROFILE%/Desktop/InstalledUpdates.html"'],
      ['Show installed updates of interest',      'wmic qfe where ({hotFixIdOrList}) list /format:htable > "%USERPROFILE%/Desktop/InstalledUpdatesOfInterest.html"'],
      ['Show Scheduled Tasks Table',              'schtasks /query /v > "%USERPROFILE%/Desktop/ScheduledTasks.txt"'],
      ['Show Scheduled Tasks',                    'schtasks /query /v /fo LIST > "%USERPROFILE%/Desktop/ScheduledTasks.txt"'],
      ['Check for Scheduled Task',                'schtasks /query /v /fo LIST /tn "\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator"'],
      ['Change Scheduled Task',                   'schtasks /change /TN "\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator" /DISABLE'],
    ];
    
    var searchUrlTemplates = [
    // These are for reference only.  They don't point to working search engines
    // ['S1', 'http://www.example.com/search?q={searchTerms}&foo={searchTerms}'],
    // ['S2', 'http://www.example.org/search?q={searchTerms}'],
    ];
    
    var kbUrlTemplate = 'https://support.microsoft.com/kb/{kb}';
    
    function getSearchLinks(kb) {
      var html = '';
      for(var i=0; i<searchUrlTemplates.length; i++) {
        if(i > 0)
          html += ' ';
        var text = searchUrlTemplates[i][0];
        var href = searchUrlTemplates[i][1].replace(/{searchTerms}/g, kb);
        html += '<a href="' + href + '">' + text + '</a>';
      }
      return(html);
    }
    
    function escapeHtml(str) {
      var div = document.createElement('div');
      div.appendChild(document.createTextNode(str));
      return div.innerHTML;
    };
    
    function showupdatesByYear() {
      var tbl = updatesByYearTbl;
      var html = '';
      for(var i=0; i<tbl.length; i++) {
        if(i > 0)
          html += ', ';
        html += '<a href="' + kbUrlTemplate.replace(/{kb}/g, tbl[i][0]) + '" target="_blank">' + tbl[i][1] + '</a>';
      }
      document.getElementById("updatesByYearHdr").innerHTML = "Description of Software Update Services and Windows Server Update Services changes in content for:";
      document.getElementById("updatesByYear").innerHTML = html;
    }
    
    function showupdatesOfInterest() {
      var tbl = updatesOfInterestTbl;
      var html = '<table class="data">';
      html += '<tr>'
      html += '<th>Search</th><th>KB</th><th>Replaces</th><th>Win7</th><th>Win8</th><th>UpdateClient</th><th>Description</th></tr>';
      for(var i=0; i<tbl.length; i++) {
        html += '<tr>';
        html += '<td>' + getSearchLinks('KB' + tbl[i][0]) + '</td>';
        html += '<td><a href="' + kbUrlTemplate.replace(/{kb}/g, tbl[i][0]) + '" target="_blank">KB' + tbl[i][0] + '</a></td>';
        html += '<td>'
        if(tbl[i][1] !== '') {
          html += '<a href="' + kbUrlTemplate.replace(/{kb}/g, tbl[i][0]) + '" target="_blank">KB' + tbl[i][1] + '</a>';
        }
        html += '</td>';
        html += '<td style="text-align:center">' + tbl[i][2] + '</td>';
        html += '<td style="text-align:center">' + tbl[i][3] + '</td>';
        html += '<td style="text-align:center">' + tbl[i][4] + '</td>';
        html += '<td>' + escapeHtml(tbl[i][5]) + '</td>';
        html += '</tr>';
      }
      html += '</table>';
      document.getElementById("updatesOfInterestHdr").innerHTML = 'Updates Of Interest:';
      document.getElementById("updatesOfInterest").innerHTML = html;
    }
    
    function showMiscCmds() {
      var tbl = cmdsTbl;
      var html = '<table class="cmds">';
      for(var i=0; i<tbl.length; i++) {
        html += '<tr><td class="cmdDesc">' + tbl[i][0] + ':</td><td>' + escapeHtml(tbl[i][1]) + '</td></tr>';
      }
      html += '</table>';
      tbl = updatesOfInterestTbl;
      var hotFixIdOrList = '';
      for(var i=0; i<tbl.length; i++) {
        if(i > 0) {
          hotFixIdOrList += ' OR ';
        }
        hotFixIdOrList += 'HotFixID="KB' + tbl[i][0] + '"';
      }
      document.getElementById("miscCmdsHdr").innerHTML = "Miscellaneous Commands:";
      document.getElementById("miscCmds").innerHTML = html.replace(/{hotFixIdOrList}/g, hotFixIdOrList);
    }
    
    function showNotes() {
      document.getElementById("footnotesHdr").innerHTML = "Footnotes:";
      document.getElementById("footnotes").style.visibility="visible";
    }
    
    function init() {
      document.title = verInfoStr;
      document.getElementById("verInfoStr").innerHTML = verInfoStr;
      showupdatesByYear();
      showupdatesOfInterest();
      showMiscCmds();
      showNotes();
    }
    </script>
    </head>
    <body onload="init();">
    <noscript>This page requires javascript</noscript>
    <div id="updatesByYearHdr" class="hdr"></div>
    <div id="updatesByYear"></div>
    <div id="updatesOfInterestHdr" class="hdr topgap"></div>
    <div id="updatesOfInterest"></div>
    <div id="miscCmdsHdr" class="hdr topgap"></div>
    <div id="miscCmds"></div>
    <div id="footnotesHdr" class="hdr topgap"></div>
    <div id="footnotes">
    <div>(1) My Updates Of Interest list should not be construed as a recommended block list.</div>
    <div>(2) Search links can be added to the Updates Of Interest table by modifying the searchUrlTemplates array.</div>
    <div>(3) Adapt this page and/or its lists to suit your own purposes :)</div>
    </div>
    <div id="verInfoStr" class="hdr topgap"></div>
    </body>
    </html>
    
    Edits: Code improvements
     
    Last edited: Oct 20, 2015
  9. gulikoza

    gulikoza Registered Member

    Joined:
    Jan 4, 2011
    Posts:
    5
    I'm referring to the list TS4H made a few posts up. Specifically https://support.microsoft.com/en-us/kb/3050265 mentions this update adds DisableOSUpgrade and the Group Policy Object to disable OS updates. It doesn't mention anything about telemetry as far as I can tell. My specific interest (aside from avoiding telemetry if possible) is to leave the clients I want on W7 without MS bugging with upgrades all the time...and having the normal stream of security updates to have these workstations updated.

    The rest of the updates I mentioned are actually superseding KB3050265 and they all seem to be related to Windows Update Client. It's hard to tell what this influences, but without the up-to-date Update Client, workstations might not see new security related patches that would need to be installed.
     
  10. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I do have a question for you guys who are writing scripts to uninstall. Are you using non-numerically-sorted lists in order to uninstall things in the specific order you believe is appropriate, or is the order of your lists arbitrary?
     
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, I went back over updates and followed the "This update replaces previously released update X" crumbs. This is what I come up with, beginning with latest Update Client update and walking backwards:

    Windows 7: KB3083710 <- KB3083324 <- KB3075851 <- KB3065987 <- KB3050265 <- KB2990214

    Windows 8: KB3083711 <- KB3083325 <- KB3075853 <- KB3065988 <- KB3050267 <- KB3044374 <- KB3008188

    I updated some replacement info in my own page during the process.
     
  12. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    KB3050265 as you have already read this KB can perform many fixes and comes with a lot of improvements. It was flagged due to the fact that it has code that prepares the windows update functionality to accept windows 10 updates and to provide a generally better experience when upgrading. As you have stated this also includes GPO settings to block further updates of windows 10. If you look around the web this KB was flagged many times as it adds telemetry points to the windows update client that included information about windows 10 code and whether you plan to upgrade to not. I must admit these types of list can be a bit overzealous, considering they do bring improvements in other aspects. Any mention of windows 10 in these KB's were flagged.

    IMO that will be tough task. Many users are having forced upgrade issues, not to mention the lack of information these KB's arrive with. Personally i have thought many times that i may just disable windows update altogether on windows 7. Windows XP was perfectly fine for many years without them. But considering you are responsible for others (by the sounds of it) it may not be the best approach. A lot of research is needed and definitely do not install KB's unless they are absolutely necessary (important or critical), even then wait until you know what it is.

    Updates to the Windows update mechanism are important. They are released so that some KB's may perform required actions to install and fix/patch the vulnerability etc. In some cases if the update client is not updated KB's may fail the install as the groundwork for the KB install have not been done. Update clients are updated so that the scope and functionality may be increased or require patching/fixing of the instruction set to install a specific KB that the previous handler cannot perform.

    In the case of KB3050265, the updated windows client needed to be installed to accept or disable consecutive windows 10 updates and to install them without fault.

    @TheWindBringeth There was no particular order to these KB's and the order is arbitrary in terms of uninstall.

    regards.
     
  13. doveman

    doveman Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    119
    Whilst it's obviously best to not install/uninstall the dodgy updates, perhaps a secondary line of defence is to use a firewall to prevent the OS from sending any data out?

    So it might be useful to discuss what needs to be blocked and which firewalls are adequate. I'm using Comodo Firewall at the moment and that has default rules for "System", "Windows System Applications" and "Windows Updater Applications" so perhaps blocking the first two and allowing the third would do the job? It doesn't show what files are covered by those rules but it looks like they can be deleted so that custom rules for specific files can be created instead if necessary.

    I really don't like the UI for the rules list in Comodo and wish someone would release a firewall that looked more like good old Kerio 2.1.5 but I've tried a ton of alternatives and haven't found anything that fitted my needs so far.
     
  14. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I have two ways of dealing with OS data leakage. One that works for straight PCs, the other for virtual machines.
    Allowing by whitelist is the only effective means. Blocking by blacklist will never work as you are relying on your ability to identify IP addresses before it sends out data.

    My gaming desktop runs Windows 7 that runs TinyWall. I only allow the web browser to access the internet and to a single website (work VPN) on rare occassions, otherwise I unplug the ethernet cable. I dont run updates or anything else on the machine.

    My laptop runs Qubes Os and it does have a windows VM. Qubes allows you to restrict network access by either whitelist or blacklist. I use whitelist.

    Personally I do not have the requirement for Windows to have internet access. My linux VMs do all that I need without exposing myself to tracking. I havent found a better way to limit OS data leakage.

    Note in both cases I have used wireshark to confirm that leakage is not occurring.
     
  15. jik2314

    jik2314 Registered Member

    Joined:
    Oct 24, 2015
    Posts:
    1
    Would anything bad happen if I keep using windows without installing any updates besides the dotnet framework, direct x, and other essentials?
    I'm not someone who downloads a bunch of crap on the internet and I take the time to sandbox certain programs if I don't trust them or check the connections that are being made from them.
    I'm only asking since I rather not go through the hassle of having to identify which update is safe and which isn't.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Most people here would say you'd be "ok" skipping updates, so long as your security measures are good and cover all the bases. Lately, I've seen most harm coming from the MS updates, as others will attest to.
     
  17. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    The problem is filtering essential vs non-essential. Microsoft descriptions on updates is typically very vague with Windows 7.
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Last edited: Oct 25, 2015
  19. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    Those with sloppy security benefit the most from updates. They tend to cover the vulnerabilities that are easily exploited if there are no other mechanisms in place to prevent exploits. I used Xp for several years with Windows Update completely disabled but I had lots of other security measures in place that most Windows users don't implement. The Windows 7 telemetry updates and a few others have moved me in that direction again. I have Windows update set to notify me but not download or install them until I go through the list but I could easily go to turning off Windows update and just turning it on every few months and get the list of updates.
     
  20. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I'm late reading this thread, so you guys are using a batch file to uninstall certain updates?
     
  21. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    139
    I am using opendns stats to monitor traffic and getting these telemetry urls even after taking drastic measures to stop Win7 from spying on me.

    sqm.telemetry.microsoft.com

    telecommand.telemetry.microsoft.com

    adaptv-pubnet.telemetryaudit.com

    spc--cehhhdngdgedkhcfhekgjhje.telemetryverification.net


    1009 spc--cehhhdngdgedkhcfhekgjhje.telemetryverification.net 1

    This domain resolved normally. You can block this domain or block similar domains .

    1010 au--cebhjdeeihkhghcdcejcidada1.telemetryverification.net 1
    1011 au--3b154063ceihcdihbdbgdejhbdcdhenea5.telemetryverification.net 1
    1012 au--cebhjdeeihkhghcdcejcidadceihcdihbdbgdejhbdcdhenea2.telemetryverification.net 1
    1013 au--ceihcdihbdbgdejhbdcdhenea3.telemetryverification.net 1
    1014 au--cejehfjfchggmeidkfpenepgceihcdihbdbgdejhbdcdhenea7.telemetryverification.net 1
    1015 au--cejehfjfchggmeidkfpenepga6.telemetryverification.net

    au--3b154063a4.telemetryverification.net

    I don't think a hosts file can stop this crap. They just use random odd urls to use telemetry.

    I really have done a great deal to stop all this and they still found ways around it. and this is just win7, imagine what 10 is doing
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Is 7 doing this even though you avoided installing all of the "bad" updates found in various lists here and elsewhere?
     
  23. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    139
    I used the batch file in this thread and installed spybot anti beacon and have a large anti telemetry hosts file and all the group policies changed etc

    I also do not receive updates at all for months now
     
  24. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    May I use the hosts file?
     
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Wow... Ok, thanks for all the info.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.