No more individual patches for Windows 7 and 8

My take on all this is that you're either all in, or all out. For me at least, there is no comfortable or sane in-between. I can't and won't spend all kinds of time every month trying to figure out which rollups or which updates are good, or bad, or which ones to install, and on top of all that, wonder whether they're sneaking something in that's no good, or not. For me, this is too crazy, and too much trouble.

So, from my point of view, you either accept all the potential telemetry and possible spying and just don't worry about it, or you take measures to avoid all of that completely by going back to an earlier time in SP1 history and turning updates off. Or even go linux if that works for you.

@Stupendous Man I think in the article Woody says that Group A is for those who will accept all the telemetry and aren't trying to avoid it. Correct me if I'm wrong please... but I think that's what he said at the beginning of the explanations. So if Group A accepts all the telemetry and anything else, then that would including checking the "Give me recommended..." box also.

 

I agree.

 

This is what Woody says: "Group A: Those willing to take all of Microsoft's new telemetry systems, along with potentially useful nonsecurity updates."
And also, as mentioned in my previous post: "Group A, Step 2: Check the box marked "Give me recommended updates the same way I receive important updates" and click OK."

I think that is way too simplistic.
I think there's probably a Group A subgroup that is willing to accept some telemetry and/or other junk, to be able to get potentially useful nonsecurity updates (and for reasons such as I mentioned February 14), but won't accept everything if there is no need to. I definitely see no need to install each and every 'recommended' update.
Moreover, as long as there is a choice to install or not to install 'recommended' updates, I think it is not smart to discard the ability to distinguish between important and 'recommended' updates by enabling "Give me recommended updates the same way I receive important updates".

 

win764bit, ff49.0.2 w/ubo, norton ns22.8, sandboxie 5.14, unchecky 1.0.1, mbam free, .net.framework 4.6.1. followed woody's directions for installing security only update kb3192391. everything went smooth. now i have 2 updates offered--oct2016 security & quality rollup for .netframework 3.5.1(5.7mb) and oct2016 security quality rollup kb3185330(119.4). i know i don't want 5330 but since i have netframework 4.6.1 do i need the 3.5.1 update? thanks for your help

 

As you follow Woody's directions, the article says:
"Group B, Step 7. Under "important" updates, you'll likely find "Security and Quality Rollup for .Net Framework" -- which you probably want [...]"
The "Security and Quality Rollup for .Net Framework" is a security update, so it is wise to install.
If you have .NET Framework 4.6.1, version 3.5 is also still there (have a look at: C:\Windows\Microsoft.NET\Framework), so you need that security update.

 

So if I install all the updates (including telemetry) and some firewall which will block all outgoing connections, can they still spy on me?

 

We don't know all the stuff they are collecting, which means we do not know all the places they are getting it from. Some people have suggested that they change the IP addresses on a regular bases so it is difficult to zone in on it. I have CEIP and Diagtrack in GP turned off as well as all the 'known' telemetry updates hidden, but have noticed in WinPrivacy that there is still calling home going on. You might get a good chunk of it stopped through the firewall. There has to be some calling home for them to be able to service the OS. If they start targeting specialized ads at you, you will then know how they are profiling you (via emails you send/receive, browser searches, application software downloads, social media etc) - then it may be easier to identify and block specific outgoing connections.

There is a whole lot of threads in the Privacy Section that may help you get a better handle on what members have discovered in regards to spying and blocking it.

 

Ok, yeah, I tend to agree with you that one might not necessarily want "recommended" updates because this is exactly how MS was able to sneak the nasties in before (updates for the Win 10 nagware etc). That's the problem. Due to MS's history, there is a certain amount of distrust now, and we'll probably never really know what's going on, or when or where. That's why to my mind, it's kind of black or white. I'm either going to trust them (and take everything), or not (and go with alternative setups), the rest is just too uncertain, confusing, and troublesome.

But yes, I agree, if you're doing the updates in full or in part, then you need to differentiate between "recommended" and "important".

 

I never noticed this before for windows update.... It must have been here the whole time....
Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows" in my update Windows.

 

Yes this setting is for updating Office and other MS' software. They will also offer you Silverlight and similar if you have it enabled.

 

Imho it is quite easy. Just download the Security Only update for which you'll likely find direct links in this thread every month and use Windows Update to download the security updates for .NET, IE and Office if applicable. Never updating anymore or even moving back to SP1 baseline leaves you with lots of vulnerabilities.
And of course ditch Windows altogether in the long run

 

Yeah, I don't really love the idea of a SP1 setup with no updates, but it does work. However, I installed IE 11 and during install, that process ended up installing another dozen updates. After that, I started getting some odd graphics anomalies and slow startups. It does seem, from my experience, that a fully updated system works best and has the least problems for me. If I did Security only and .NET and IE, but left some of the optional uninstalled, then I think I'd probably get some oddities going on with that too. I remember someone posted that MS says they test and work with fully updated systems, which kinda makes sense. I think 7 is probably meant to be fully updated, and that we probably get best results fully updated.

Anyway, I could be wrong, but that's what I'm thinking here. I restored my fully updated image, and I'm going to update and keep an eye on what's going on. If I feel that there's just too much b.s. and Win 10 like behavior, then I may yet go to linux. I could live with linux, but I do prefer 7.

 

On my two Windows 7 x64 systems (1 Professional, 1 Home Premium), I installed KB3197868, November 2016 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

Different than expected, nor the KB3197868 knowledge base article, nor the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history page, mention the details that were in the knowledge base article for KB3192403, October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, and that I mentioned in my October 18 post in the No more individual patches for Windows 7 and 8 thread.

After installation of KB3197868, I checked Services and Registry, to see
- if Diagnostics Tracking Service (DiagTrack) was re-enabled*,
- and if the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection key was created.
Both were not.
Everything looks fine.

(* The Diagnostics Tracking Service (DiagTrack) is on my systems, because earlier, I installed KB3068708 and KB3080149, for the reasons that I stated in my February 14 post in the Bork Tuesday, Any Problems Yet? thread.)

Edit:
Now confirmed for not only one, but both my Windows 7 x64 systems.
Edit 2:
Specified my two Windows 7 x64 systems: 1 Professional, 1 Home Premium.

Edit 3:
N.B.
Even though nor the KB3197868 knowledge base article, nor the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history page, mention the details that were in the knowledge base article for KB3192403,
nevertheless, KB3197868 may deliver the telemetry content that was mentioned in the knowledge base article for KB3192403, October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, anyhow.
I am not certain, yet.
See the details in this later post, in the Bork Tuesday, Any Problems Yet? thread.

 

http://www.infoworld.com/article/31...ow-about-todays-windows-security-patches.html

 

Windows 7

November, 2016 Security Only Quality Update for Windows 7 KB3197867

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197867-x64_6f8f45a5706eeee8ac05aa16fa91c984a9edb929.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197867-x86_2313232edda5cca08115455d91120ab3790896ba.msu

November, 2016 Security Monthly Quality Rollup for Windows 7 KB3197868

Code:

x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/11/windows6.1-kb3197868-x64_b07be176e165c11b9ccbcf03d014b2aef9a514b6.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197868-x86_654e073e00c76a3a7dd01dee8fc2e4fb9a75c931.msu

Windows 8.1

November, 2016 Security Only Quality Update for Windows 8.1 KB3197873

Code:

x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/11/windows8.1-kb3197873-x64_cd0325f40c0d25960e462946f6b736aa7c0ed674.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197873-x86_b906109f30b735290a431fdc8397249cfcc3e84b.msu

November, 2016 Security Monthly Quality Rollup for Windows 8.1 KB3197874

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197874-x64_107fba2804615ef9fe13828ca15f6546a5a44b00.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197874-x86_56c4acd8b5110a1afa0cc8c3a7e4888f8c2deb32.msu

Security Update for Adobe Flash Player for Windows 8.1 KB3202790

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3202790-x64_7b1b81fb443fcc4ed5e06b8e66bb383ce0dca3fd.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3202790-x86_a159243ad26d50af51e92486e800429cab8333cf.msu

 

Thank you Mister X

 

You are welcome.

 

@Mister X Thanks for update info.

 

You are welcome.

 

For those asking for https links, I'm afraid they no longer exist, Download Center is retired for windows updates, only Catalog links and they are http only unfortunately.

 

Ah that's unfortunate.
Anyway, thanks for the links again!

 

Windows 7

November, 2016 Preview of Monthly Quality Rollup

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3197869-x64_2ed61c7693b41a71c247b6dc651cc6889b594d18.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3197869-x86_179db4ad840757eeaba21c1838938e5d61217c73.msu

November, 2016 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3195789-x64_bb667191ac0618e68c5b66b6ddf8fe1a8095ab6f.msu
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp45-kb3195363-x64_42f8ab8313fa65e687cf0c5c9eadd8be21397d04.exe
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp46-kb3195388-x64_a1a5c3646b91791983265ccb64ddcf533d8454c8.exe
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3195789-x86_a348c40140e0666b2f53aa3ba9c01d084a733569.msu
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp45-kb3195363-x86_0aa6bc369c98e293b8a49ce653b0ead06e706336.exe
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp46-kb3195388-x86_369bd4c52da265620081edb77cb45854baedec65.exe

Windows 8.1

November, 2016 Preview of Monthly Quality Rollup

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3197875-x64_979273db494c9f70d0a6cfbffb2d033f30ddf01b.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3197875-x86_8a4c176921f0be6e2347ba3b971d168b18859b02.msu

November, 2016 Preview of Quality Rollup for .NET Framework 4.5.2

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195361-x64_7ab1c9e20554aa55fa3fe698cadcc3d2076079b2.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195361-x86_3096a1355b07ca9c0678c9f60ed9638858b7ed29.msu

November, 2016 Preview of Quality Rollup for .NET Framework 4.6, 4.6.1

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195387-x64_c810d04ede2184560e28f2a466ecd541fa4496ac.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195387-x86_29861eaa37a834adb7bad0e1eeb7e4db616b0578.msu

November, 2016 Preview of Quality Rollup for .NET Framework 3.5

Code:

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195792-x64_8493318fba4b954f4ac8d4743e69437f2d70c199.msu
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195792-x86_5484c42625c5c19c595fabc73d0c5d42f96357ff.msu

Note:
Preview in this context just means early access, most quality fixes are merged as-is in Security Monthly Rollup
and this doesn't differ much from previous model, where some non-security updates were released as optional after patch tuesday, and on next patch tuesday they become important or recommended.

 

https://www.askwoody.com/2016/blink...kb-3197868-3197873-3197874-3193473-explained/

"This false positive was caused by Microsoft not digitally signing over 500 files included in “November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB 3197868”. Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future.

Known issues in this update
Some Lenovo servers do not start after this update is installed. Lenovo is aware of this problem and has released a UEFI update to address it. In the interim, Microsoft has changed the detection logic in the update to prevent additional customers from being affected."

 

I posted this here because it only relates to W7/8 patching. It is good news for those who have chosen to take the Security-only monthly update bundle ...

http://www.infoworld.com/article/31...-7-group-b-security-only-patching-method.html

"I'm very happy to report that Microsoft has acknowledged the error of its ways. Starting this month, Breen says, bugs in Monthly Rollup patches will be fixed in Monthly Rollup patches, and bugs in Security-only patches will be fixed by changing the metadata in those patches."

 

Good news, indeed