Discussion in 'privacy general' started by Stefan Froberg, Aug 24, 2015.
It isn't stopping telemetry I think Microsoft is bypassing hosts
The fact that used the batch files in this thread for W7, and still your are getting telemetry prompts shows how much they are not telling us. That is unbelievable.
I wonder how my extensive list in my firewall is holding up then on W10, not to mention all the GPO settings and reg tweaks iv applied........Probably not very well
Edit: "batch" replaced "host"
I have uninstalled these so far. Is this okay or am I missing anything?
wusa /uninstall /kb:3012973 /norestart
wusa /uninstall /kb:3021917 /norestart
wusa /uninstall /kb:3035583 /norestart
wusa /uninstall /kb:2952664 /norestart
wusa /uninstall /kb:2976978 /norestart
wusa /uninstall /kb:3022345 /norestart
wusa /uninstall /kb:3068708 /norestart
wusa /uninstall /kb:2990214 /norestart
wusa /uninstall /kb:3075249 /norestart
wusa /uninstall /kb:3080149 /norestart
wusa /uninstall /kb:3050265 /norestart
wusa /uninstall /kb:971033 /norestart
wusa /uninstall /kb:2902907 /norestart
wusa /uninstall /kb:2976987 /norestart
wusa /uninstall /kb:3065987 /norestart
wusa /uninstall /kb:3068707 /norestart
wusa /uninstall /kb:3081452 /norestart
wusa /uninstall /kb:2977759 /norestart
wusa /uninstall /kb:3075853 /norestart
wusa /uninstall /kb:3044374 /norestart
wusa /uninstall /kb:3022345 /norestart
wusa /uninstall /kb:3083710 /norestart
wusa /uninstall /kb:3083711 /norestart
you are very brave to run Win10 with a EULA that says something as unbelievable as this "Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary"
In this list there is the following: "KB971033 - W7 License validation check". Would there be no problem when I uninstall this one?
I am new to batch files. Could you please tell me the difference between running this batch file and the one at Post #53 by TS4H?
Yes i know. I was just too curious. I spent weeks researching ways of how to block these communications. Using fiddler the outbound communications are a bare minimum, but as i understand fiddler may not capture all packets. However compared to how they were without these tweaks, it is silent..... Well almost. I have to try your method using the router.
No problem you uninstall that if your OS is activated.
I too was curious and tried it for a week but went back to win 7 pro. now I dont trust it either and need to go to linux but my PC doesn't support mint at all
Spin more distros. Some pc's have taken 6-12 different distros to find the one.
I finally decided I'm done with Win, all versions, too. Just too much hassle all around. As zapjb said, try some others. Debian works well for me. I use Ubuntu also. Mint is fine too, but if it doesn't work for you, just sample some more.... Takes a bit of patience to find the right one sometimes.
You don't have to be "done" with windows, or the windows apps you want. It's possible to run it perfectly well in a VM in a nix host, without a network adapter. You may have to activate apps, but this can be done before pulling up the drawbridge.
Virtualbox VMs perform much better in a Linux host than under Windows. Using Linux as a main system with a VM running Windows is a good solution. I've just set up 2 laptops to triple boot Windows 7, Windows 10 and Linux. One is using Mint, the other Ubuntu. Both Windows and Linux are running the same version of Virtualbox with the same VMs. Linux is the absolute winner in performance, not just with VMs but in general. I also have the original Windows 7 and the updated Windows 10 systems running on the same machine with no activation issues so it is possible to take an image of Windows 7, upgrade the Windows 7 system to Windows 10 and then restore the Windows 7 image to another partition with no big conflicts or activation problems.
Agreed, running Windows in Virtualbox is great.
One thing worth mentioning is that if you have Guest Additions installed in the VM you can use what they call Seamless mode. http://www.howtogeek.com/171145/use...amlessly-run-programs-from-a-virtual-machine/
While I didn't have a account here, I have been reading the posts here and Im quite surpised and shocked about what has happened with Windows lately. I'm also noticing that Windows 8.1 is also getting quite worse too from these updates and other optional features, Windows 7 was much better. I may consider switching platforms in the future year or years ahead,
I've been feeling the same. While much better than Windows 10 or 8, I've never completely trusted Windows 7 or felt as confident using it as I did with Xp and earlier versions of Windows. It does look a lot better than Windows 10 from just a graphic design perspective. After finally getting Windows 10 going, my first reaction was that it looked good until you opened a Window. Way too much white and really poor DPI scaling.
Both Mint and Ubuntu's GUIs have made a good impression on me. I have a lot of the software I need out of the box and most of the rest is available in native Linux versions. Virtualbox takes care of the rest. Getting used to the GUIs is like moving into a new house. It takes some time but after becoming familiar with both GUIs, I find that things happen much faster than in Windows. Mint is an easy transition from Windows 7. It has a much better start menu than the bloated one on Windows 10. Ubuntu is a bit different. It is modeled somewhat on the OSX GUI but it is definitely not a clone of it. I have it on a quad core i7 laptop and it really performs. Zero wait time for anything I do with it. Boot time is a blink of an eye.
Personally I really like the look of Windows 10 but again it is all down to preference. In the Linux world I really like Kubuntu from a visual standpoint. The plasma 5.4 interface is really smooth and attractive.
Qubes is by far the best from a privacy perspective. You can really isolate Windows and limit the ability of the OS to leak your information.
How difficult is Qubes to learn? I know how to create a simple virtual machine with Windows or Whonix but I don't have any real technical skills.
If you have a reasonable command line knowledge and some experience dealing with linux networking (command line VPN, etc) as well as experience using a fedora based distribution you will be fine.They do have a live cd so you can try it with no risk.
I am for the time being using Kubuntu (until I get a new laptop) with multiple isolated VMs instead of Qubes. I am currently doing android application programming and it is really difficult to do testing while using a hypervisor type OS such as Qubes. Once I purchase a new laptop I will change that over to Qubes again as the security is superior. Having KUbuntu with multiple VMs is probably 80% as secure as Qubes.
To second driekus's observations, I'd say that Qubes is actually very straightforward to get up and running, particularly if you understand the basics of VM operation. If you're not familiar with Fedora, then you'll need a bit of exposure to that. Debian templates are also supported. As with any 'nix, ability to use command line stuff is essential, but usually there will be good guides to help. You can run it from a usb3 HDD to try it out.
Once up and running, the fun starts, of course, all the customisation and tweaks.. It is - almost intentionally - far harder to hack and modify the template VMs for example, you have to be much more thoughtful. But, for running browsing, mail, communication and office applications, it's pretty good straight out of the box, and in that sense, represents a good started for a productive secure business machine. The discipline involved is actually security-beneficial.
I've added Firejail to the template machine, but this has involved building on another machine, and then transferring to the template in order to update (it's not in the repositories).
Thanks so much for those details. I feel hopeful. It just sounds like an amazing new approach!
Thanks for that. Hopefully you'll post about it when you get the new laptop.
Good God, where to start? I'm a tech guy, paranoid as you might imagine based on my UN, but compared to you guys I fall very short! Not meant as an insult by any means, just a reflection of where I fall short knowledge \ patience wise related to all this! It was bad enough reading about what W10 is doing, but how it's assimilating into earlier versions is pretty much making my mind up for sure... Which is to say to give Mint a try and go from there.
However because I'm still the defacto IT for my family and group of friends, my first question has actually already been asked, in so many words anyway, but I'll just bump it... Is there a simplified batch file I could just run when I work on \ maintain other W7 machines? They're not as techy or cautious as me but I'd at least like to give them some basic defenses and what not... Something to deal with the intrusion these updates offer, as well as the forced update to W10. And are you all more or less agreeing to officially stop W7 updates unless it's something big or related to a virus \ malware \ etc?
@MisterB - Great stuff about the VM's! I'd still be partial to running a VM for W7 for gaming and certain apps, and with the included batch file and other methods for defense, would you say I could rest more or less easy using a VM behind Mint?
Wow... I just went through this entire thread and the references to links that suggest to uninstall windows updates... While I'm not happy with YET ANOTHER maintenance task to deal with to support my clients, I was a bit concerned about this growing list of updates to uninstall.
As mentioned, I have listed all the updates found on this thread and referenced and included a description based on what I found in either MS kb database and/or any negative references from other forums/websites that recommend removal from Win platform. My spreadsheet has a column labeled "remove?" to which a "1" is a "YES" and a "seems ok" is an "IGNORE"; the next column is the KB#; and finally, the third column is the description/notes I pulled from the web when i did a search on the KB# lookup via google.
http://j.mp/x10-remove - here's a pdf of the spreadsheet
and a copy/paste from that spreadsheet:
remove? kb desc
1 971033 w7 License validation check
seems ok 2505438 Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2
seems ok 2506928 A link in an .html file that you open in Outlook does not work in Windows 7 or in Windows Server 2008 R2
seems ok 2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
seems ok 2592687 Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2
1 2660075 You cannot change the time and date if the time zone is set to Samoa (UTC+13:00) and KB 2657025 is installed in Windows 7 or in Windows Server 2008 R2
1 2670838 – Windows 7 Only (breaks AERO functionality and gives you blurry fonts on some websites)
1 2726535 An update is available that adds South Sudan to the list of countries in Windows Server 2008, Windows 7, and Windows Server 2008 R2
1 2876229 Skype for Microsoft Update
seems ok 2902907 Microsoft Security Essentials; Compatibility update for upgrading
seems ok 2923545 Update for RDP 8.1 is available for Windows 7 SP1
1 2952664 Compatibility update for upgrading Windows 7 - update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.
1 2970228 http://www.infoworld.com/article/26...kb-2982791-and-kb-2970228-windows-update.html
1 2976978 Compatibility update for Windows 8.1 and Windows 8
1 2976987 Compatibility update for upgrading
1 2977759 W10 Diagnostics Compatibility telemetry
1 2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
seems ok 2994023 RDP 8.1 client for Windows 7 or Windows Server 2008 R2 disconnects when it is connected through a RD gateway
seems ok 3008188 November 2014 Windows Update client improvements in Windows 8.1 or Windows Server
1 3008273 update that enables Windows RT to update to Windows RT 8.1, and that enables Window 8 to update to Windows 8.1. See the prerequisites before you install the update.
1 3012973 Upgrade to Windows 10 Pro
1 3014460 (Upgrade for windows insider preview / upgrade to windows 10)
1 3015249 (Upgrade that adds telemetry points to consent.exe in Windows 8.1 and Windows 7)
1 3021917 in order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP).
1 3022345 Telemetry [Replaced by KB3068708]; Compatibility update for upgrading
1 3035583 GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
1 3044374 W8,8.1 Nagware for W10
1 3046480 Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7
1 3050265 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 and Windows Server 2008 R2: July 2015
1 3050267 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015
seems ok 3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015; Compatibility update for upgrading
seems ok 3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015 - update allows Windows Update client to receive System Hardware Updates and System Firmware Updates from a future version of Windows Server Update Services (WSUS).
1 3068707 Customer experience telemetry point. W7,8,8.1
1 3068708 Update for customer experience and diagnostic telemetry
1 3072318 Update for Windows 8.1 OOBE to upgrade to Windows 10
1 3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
seems ok 3075851 This update also resolves an issue in which certain Windows Update operations fail when you install Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015 (3065987) on Windows 7 Embedded editions.
1 3075853 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015
1 3080149 Update for customer experience and diagnostic telemetry (w7/8.1)
1 3081452 Ensures smooth experience for updateing OS to future versions
1 3083710 Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015 - see: http://sensorstechforum.com/force-upgraded-to-windows-10-kb-3083710-and-kb-3083711-patches/
1 3083711 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015 - http://sensorstechforum.com/forums/windows-updates-18/kb-3083710-and-kb-3083711/
1 3090045 Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
Thanks for this extensive list ktech
Mentioned in http://www.computerworld.com/articl...-for-massive-windows-10-upgrade-strategy.html:
KB3112336, Windows Update Client for Windows 8.1 and Windows Server 2012 R2: December 2015, Optional
KB3112343, Windows Update Client for Windows 7 and Windows Server 2008 R2: December 2015, Optional
Separate names with a comma.