No more individual patches for Windows 7 and 8

Discussion in 'other software & services' started by emmjay, Aug 15, 2016.

  1. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,966
    My take on all this is that you're either all in, or all out. For me at least, there is no comfortable or sane in-between. I can't and won't spend all kinds of time every month trying to figure out which rollups or which updates are good, or bad, or which ones to install, and on top of all that, wonder whether they're sneaking something in that's no good, or not. For me, this is too crazy, and too much trouble.

    So, from my point of view, you either accept all the potential telemetry and possible spying and just don't worry about it, or you take measures to avoid all of that completely by going back to an earlier time in SP1 history and turning updates off. Or even go linux if that works for you.

    @Stupendous Man I think in the article Woody says that Group A is for those who will accept all the telemetry and aren't trying to avoid it. Correct me if I'm wrong please... but I think that's what he said at the beginning of the explanations. So if Group A accepts all the telemetry and anything else, then that would including checking the "Give me recommended..." box also.
     
  2. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,546
    I agree.
     
  3. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,118
    Location:
    the Netherlands
    This is what Woody says: "Group A: Those willing to take all of Microsoft's new telemetry systems, along with potentially useful nonsecurity updates."
    And also, as mentioned in my previous post: "Group A, Step 2: Check the box marked "Give me recommended updates the same way I receive important updates" and click OK."

    I think that is way too simplistic.
    I think there's probably a Group A subgroup that is willing to accept some telemetry and/or other junk, to be able to get potentially useful nonsecurity updates (and for reasons such as I mentioned February 14), but won't accept everything if there is no need to. I definitely see no need to install each and every 'recommended' update.
    Moreover, as long as there is a choice to install or not to install 'recommended' updates, I think it is not smart to discard the ability to distinguish between important and 'recommended' updates by enabling "Give me recommended updates the same way I receive important updates".
     
    Last edited: Oct 28, 2016
  4. topo

    topo Registered Member

    Joined:
    Nov 11, 2013
    Posts:
    133
    win764bit, ff49.0.2 w/ubo, norton ns22.8, sandboxie 5.14, unchecky 1.0.1, mbam free, .net.framework 4.6.1. followed woody's directions for installing security only update kb3192391. everything went smooth. now i have 2 updates offered--oct2016 security & quality rollup for .netframework 3.5.1(5.7mb) and oct2016 security quality rollup kb3185330(119.4). i know i don't want 5330 but since i have netframework 4.6.1 do i need the 3.5.1 update? thanks for your help
     
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,118
    Location:
    the Netherlands
    As you follow Woody's directions, the article says:
    "Group B, Step 7. Under "important" updates, you'll likely find "Security and Quality Rollup for .Net Framework" -- which you probably want [...]"
    The "Security and Quality Rollup for .Net Framework" is a security update, so it is wise to install.
    If you have .NET Framework 4.6.1, version 3.5 is also still there (have a look at: C:\Windows\Microsoft.NET\Framework), so you need that security update.
     
    Last edited: Oct 28, 2016
  6. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    401
    So if I install all the updates (including telemetry) and some firewall which will block all outgoing connections, can they still spy on me?
     
  7. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    We don't know all the stuff they are collecting, which means we do not know all the places they are getting it from. Some people have suggested that they change the IP addresses on a regular bases so it is difficult to zone in on it. I have CEIP and Diagtrack in GP turned off as well as all the 'known' telemetry updates hidden, but have noticed in WinPrivacy that there is still calling home going on. You might get a good chunk of it stopped through the firewall. There has to be some calling home for them to be able to service the OS. If they start targeting specialized ads at you, you will then know how they are profiling you (via emails you send/receive, browser searches, application software downloads, social media etc) - then it may be easier to identify and block specific outgoing connections.

    There is a whole lot of threads in the Privacy Section that may help you get a better handle on what members have discovered in regards to spying and blocking it.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,966
    Ok, yeah, I tend to agree with you that one might not necessarily want "recommended" updates because this is exactly how MS was able to sneak the nasties in before (updates for the Win 10 nagware etc). That's the problem. Due to MS's history, there is a certain amount of distrust now, and we'll probably never really know what's going on, or when or where. That's why to my mind, it's kind of black or white. I'm either going to trust them (and take everything), or not (and go with alternative setups), the rest is just too uncertain, confusing, and troublesome.

    But yes, I agree, if you're doing the updates in full or in part, then you need to differentiate between "recommended" and "important".
     
  9. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,892
    Location:
    Hollow Earth - Telos
    I never noticed this before for windows update.... It must have been here the whole time....
    Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows" in my update Windows.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,896
    Location:
    Here
    Yes this setting is for updating Office and other MS' software. They will also offer you Silverlight and similar if you have it enabled.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,299
    Location:
    Outer space
    Imho it is quite easy. Just download the Security Only update for which you'll likely find direct links in this thread every month and use Windows Update to download the security updates for .NET, IE and Office if applicable. Never updating anymore or even moving back to SP1 baseline leaves you with lots of vulnerabilities.
    And of course ditch Windows altogether in the long run :D
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,966
    Yeah, I don't really love the idea of a SP1 setup with no updates, but it does work. However, I installed IE 11 and during install, that process ended up installing another dozen updates. After that, I started getting some odd graphics anomalies and slow startups. It does seem, from my experience, that a fully updated system works best and has the least problems for me. If I did Security only and .NET and IE, but left some of the optional uninstalled, then I think I'd probably get some oddities going on with that too. I remember someone posted that MS says they test and work with fully updated systems, which kinda makes sense. I think 7 is probably meant to be fully updated, and that we probably get best results fully updated.

    Anyway, I could be wrong, but that's what I'm thinking here. I restored my fully updated image, and I'm going to update and keep an eye on what's going on. If I feel that there's just too much b.s. and Win 10 like behavior, then I may yet go to linux. I could live with linux, but I do prefer 7.
     
  13. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,118
    Location:
    the Netherlands
    On my two Windows 7 x64 systems (1 Professional, 1 Home Premium), I installed KB3197868, November 2016 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

    Different than expected, nor the KB3197868 knowledge base article, nor the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history page, mention the details that were in the knowledge base article for KB3192403, October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, and that I mentioned in my October 18 post in the No more individual patches for Windows 7 and 8 thread.

    After installation of KB3197868, I checked Services and Registry, to see
    - if Diagnostics Tracking Service (DiagTrack) was re-enabled*,
    - and if the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection key was created.
    Both were not. :)
    Everything looks fine.

    (* The Diagnostics Tracking Service (DiagTrack) is on my systems, because earlier, I installed KB3068708 and KB3080149, for the reasons that I stated in my February 14 post in the Bork Tuesday, Any Problems Yet? thread.)

    Edit:
    Now confirmed for not only one, but both my Windows 7 x64 systems.
    Edit 2:
    Specified my two Windows 7 x64 systems: 1 Professional, 1 Home Premium.

    Edit 3:
    N.B.
    Even though nor the KB3197868 knowledge base article, nor the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history page, mention the details that were in the knowledge base article for KB3192403,
    nevertheless, KB3197868 may deliver the telemetry content that was mentioned in the knowledge base article for KB3192403, October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, anyhow.
    I am not certain, yet.
    See the details in this later post, in the Bork Tuesday, Any Problems Yet? thread.
     
    Last edited: Nov 10, 2016
  14. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,892
    Location:
    Hollow Earth - Telos
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,671
    Location:
    Mexico
    Windows 7

    November, 2016 Security Only Quality Update for Windows 7 KB3197867
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197867-x64_6f8f45a5706eeee8ac05aa16fa91c984a9edb929.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197867-x86_2313232edda5cca08115455d91120ab3790896ba.msu
    
    November, 2016 Security Monthly Quality Rollup for Windows 7 KB3197868
    Code:
    x64
    http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/11/windows6.1-kb3197868-x64_b07be176e165c11b9ccbcf03d014b2aef9a514b6.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197868-x86_654e073e00c76a3a7dd01dee8fc2e4fb9a75c931.msu
    

    Windows 8.1

    November, 2016 Security Only Quality Update for Windows 8.1 KB3197873
    Code:
    x64
    http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/11/windows8.1-kb3197873-x64_cd0325f40c0d25960e462946f6b736aa7c0ed674.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197873-x86_b906109f30b735290a431fdc8397249cfcc3e84b.msu
    
    November, 2016 Security Monthly Quality Rollup for Windows 8.1 KB3197874
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197874-x64_107fba2804615ef9fe13828ca15f6546a5a44b00.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197874-x86_56c4acd8b5110a1afa0cc8c3a7e4888f8c2deb32.msu
    
    Security Update for Adobe Flash Player for Windows 8.1 KB3202790
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3202790-x64_7b1b81fb443fcc4ed5e06b8e66bb383ce0dca3fd.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3202790-x86_a159243ad26d50af51e92486e800429cab8333cf.msu
    
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,992
    Location:
    Europe, UE citizen
    Thank you Mister X :thumb:
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,671
    Location:
    Mexico
    You are welcome.
     
  18. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    645
    Location:
    Canada
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,671
    Location:
    Mexico
    You are welcome.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,671
    Location:
    Mexico
    For those asking for https links, I'm afraid they no longer exist, Download Center is retired for windows updates, only Catalog links and they are http only unfortunately.
     
  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,299
    Location:
    Outer space
    Ah that's unfortunate.
    Anyway, thanks for the links again!
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,671
    Location:
    Mexico
    Windows 7

    November, 2016 Preview of Monthly Quality Rollup
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3197869-x64_2ed61c7693b41a71c247b6dc651cc6889b594d18.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3197869-x86_179db4ad840757eeaba21c1838938e5d61217c73.msu
    
    November, 2016 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3195789-x64_bb667191ac0618e68c5b66b6ddf8fe1a8095ab6f.msu
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp45-kb3195363-x64_42f8ab8313fa65e687cf0c5c9eadd8be21397d04.exe
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp46-kb3195388-x64_a1a5c3646b91791983265ccb64ddcf533d8454c8.exe
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows6.1-kb3195789-x86_a348c40140e0666b2f53aa3ba9c01d084a733569.msu
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp45-kb3195363-x86_0aa6bc369c98e293b8a49ce653b0ead06e706336.exe
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/ndp46-kb3195388-x86_369bd4c52da265620081edb77cb45854baedec65.exe
    

    Windows 8.1

    November, 2016 Preview of Monthly Quality Rollup
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3197875-x64_979273db494c9f70d0a6cfbffb2d033f30ddf01b.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3197875-x86_8a4c176921f0be6e2347ba3b971d168b18859b02.msu
    
    November, 2016 Preview of Quality Rollup for .NET Framework 4.5.2
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195361-x64_7ab1c9e20554aa55fa3fe698cadcc3d2076079b2.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195361-x86_3096a1355b07ca9c0678c9f60ed9638858b7ed29.msu
    
    November, 2016 Preview of Quality Rollup for .NET Framework 4.6, 4.6.1
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195387-x64_c810d04ede2184560e28f2a466ecd541fa4496ac.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195387-x86_29861eaa37a834adb7bad0e1eeb7e4db616b0578.msu
    
    November, 2016 Preview of Quality Rollup for .NET Framework 3.5
    Code:
    x64
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195792-x64_8493318fba4b954f4ac8d4743e69437f2d70c199.msu
    x86
    http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/11/windows8.1-kb3195792-x86_5484c42625c5c19c595fabc73d0c5d42f96357ff.msu
    
    Note:
    Preview in this context just means early access, most quality fixes are merged as-is in Security Monthly Rollup
    and this doesn't differ much from previous model, where some non-security updates were released as optional after patch tuesday, and on next patch tuesday they become important or recommended.
     
    Last edited: Nov 15, 2016
  23. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    https://www.askwoody.com/2016/blink...kb-3197868-3197873-3197874-3193473-explained/

    "This false positive was caused by Microsoft not digitally signing over 500 files included in “November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB 3197868”. Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future.

    Known issues in this update
    Some Lenovo servers do not start after this update is installed. Lenovo is aware of this problem and has released a UEFI update to address it. In the interim, Microsoft has changed the detection logic in the update to prevent additional customers from being affected."
     
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    I posted this here because it only relates to W7/8 patching. It is good news for those who have chosen to take the Security-only monthly update bundle ...

    http://www.infoworld.com/article/31...-7-group-b-security-only-patching-method.html

    "I'm very happy to report that Microsoft has acknowledged the error of its ways. Starting this month, Breen says, bugs in Monthly Rollup patches will be fixed in Monthly Rollup patches, and bugs in Security-only patches will be fixed by changing the metadata in those patches."
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,896
    Location:
    Here
    Good news, indeed :thumb:
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.