• "Spreading the ideas of freedom loving people on matters regarding high finance, politics, constructionist Constitution, and mental masturbation of all types"

Windows 10 forcibly installing it's self

Irons

Deep Sixed
Sr Site Supporter
Mother Lode
Joined
Mar 30, 2010
Messages
29,541
Likes
54,106
#1
Walk away from your windows 7 machine for a few minutes and you will be in for a surprise.
It got one work computer yesterday and I caught it trying to install it's self on my laptop this morning and stopped it.
You can restore your machine to 7 after it pushes it's self in, but by then I would guess the damage is done. Rotten fecking bastards.


.
 
Last edited:

Scorpio

Скорпион
Founding Member
Board Elder
Site Mgr
Midas Supporter
Joined
Mar 25, 2010
Messages
29,492
Likes
39,056
#2
I think what they are doing longer term is going for the annual fee of everyone to use it,

For a small :0) fee of $40 to $75 per year, you get the ability to use your computer.

It is my opinion that is what this whole thingy of 10 is about
 

Professur

Midas Member
Midas Member
Sr Site Supporter
Joined
Mar 31, 2010
Messages
5,673
Likes
6,369
#3
There is a method to prevent this. Our sys admin here pushed it out
 

GOLDZILLA

Harvurd Koleej Jeenyus
Midas Member
Joined
Apr 1, 2010
Messages
7,997
Likes
7,987
#7
I think it is possibly more nefarious and has something to do with see-ya-yay sanctioned spyware. Windows 10 seems like a great big giant horse statue that has been left at the public gates only this time instead of soldiers popping out, its electrons and information backdoor antiencryption type stuff.
 

CrimsonGuardJay

Silver Member
Silver Miner
Joined
May 16, 2014
Messages
1,738
Likes
1,210
#8
I don't have this problem you folks speak of....then again, there's a cute little Apple logo on my machine
Oh, that cute little apple logo that gives the machine inferior specs, and yet for some reason makes it cost 3x what a faster PC costs?

No offense, but Mac computers suck and are horribly overpriced. The iphones and iPads are good.
 

Professur

Midas Member
Midas Member
Sr Site Supporter
Joined
Mar 31, 2010
Messages
5,673
Likes
6,369
#9
I don't have this problem you folks speak of....then again, there's a cute little Apple logo on my machine
Because Apple updates never ever brick the hardware .... 'cept ..
 

Irons

Deep Sixed
Sr Site Supporter
Mother Lode
Joined
Mar 30, 2010
Messages
29,541
Likes
54,106
#10
I don't have this problem you folks speak of....then again, there's a cute little Apple logo on my machine
I didn't know you belonged to a cult. o_O


I kid, I kid! :surrender:
My wife wants a macbook. I said great but I can't help you keep it running like I have to do 2 or 3 times a year when you wad up your windows machine. I haven't seen the macbook yet.


.
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#11
Oh, that cute little apple logo that gives the machine inferior specs, and yet for some reason makes it cost 3x what a faster PC costs?

No offense, but Mac computers suck and are horribly overpriced. The iphones and iPads are good.
No offense taken.
I never buy Mac hardware new...as you say, very over priced.

PC's are NOT faster. I'm not sure where you got that idea. My Mac doesn't just update itself nor does it have anywhere near the security leaks Windows 10 has. Windows 10 is, simply put, the ultimate spyware
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#12

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#13
I didn't know you belonged to a cult. o_O


I kid, I kid! :surrender:
My wife wants a macbook. I said great but I can't help you keep it running like I have to do 2 or 3 times a year when you wad up your windows machine. I haven't seen the macbook yet.


.
I used to think that myself. The thing about the Mac is it just works. No daily updates, no silly Windows IE bullshit. It just sits there and works when I click all the buttons. Windows has become an 800 lb gorilla. too convoluted, too invasive and too many updates, not to mention it seems like it has a mind of its own (See OP)
 

^updated^

found a way in
Gold Chaser
Site Supporter ++
Joined
Apr 1, 2010
Messages
1,333
Likes
3,240
Location
no answer
#16
this works....

2016-05-20_083143.jpg



Never 10 is an easy to use utility which gives users control over
whether their Windows 7 or 8.1 will upgrade itself to Windows 10.


The name “Never 10” is a bit of an overstatement, since this utility may also be used to easily re-enable Windows operating system automatic upgrading. But the primary reason for using this is to disable Windows' pestering insistence upon upgrading Windows 7 or 8.1 to Windows 10.

Many users of Windows 7 and 8.1 are happy with their current version of Windows, and have no wish to upgrade to Windows 10. There are many reasons for this, but among them is the fact that Windows 10 has become controversial due to Microsoft's evolution of their Windows operating system platform into a service which, among other things, aggressively monitors and reports on its users activities. This alone makes many users uncomfortable enough to cause them to choose to wait. In line with this, a few months into 2016, Windows 10 started displaying unsolicited advertisements on its users' desktops. Others dislike the changes Microsoft made by merging their failed “tiled” smartphone user-interface into the Windows UI. And, finally, some object to being force-fed whatever Microsoft wants and simply wish to choose for themselves.

https://www.grc.com/never10.htm?1
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#18
this works....

View attachment 82927


Never 10 is an easy to use utility which gives users control over
whether their Windows 7 or 8.1 will upgrade itself to Windows 10.


The name “Never 10” is a bit of an overstatement, since this utility may also be used to easily re-enable Windows operating system automatic upgrading. But the primary reason for using this is to disable Windows' pestering insistence upon upgrading Windows 7 or 8.1 to Windows 10.

Many users of Windows 7 and 8.1 are happy with their current version of Windows, and have no wish to upgrade to Windows 10. There are many reasons for this, but among them is the fact that Windows 10 has become controversial due to Microsoft's evolution of their Windows operating system platform into a service which, among other things, aggressively monitors and reports on its users activities. This alone makes many users uncomfortable enough to cause them to choose to wait. In line with this, a few months into 2016, Windows 10 started displaying unsolicited advertisements on its users' desktops. Others dislike the changes Microsoft made by merging their failed “tiled” smartphone user-interface into the Windows UI. And, finally, some object to being force-fed whatever Microsoft wants and simply wish to choose for themselves.

https://www.grc.com/never10.htm?1
Someone had to invent a tool so Windows wouldn't take over their PERSONAL computer. That's a hoot! BTW, this tools simply makes a change in the registry to turn off Windows update. You could do that yourself (if you know how that is)
 

ErrosionOfAccord

#1 Global Warmer
Gold Chaser
Midas Supporter
Joined
Mar 30, 2010
Messages
4,053
Likes
4,861
Location
Coal Country
#19

Goldhedge

Moderator
Site Mgr
Sr Site Supporter
Joined
Mar 28, 2010
Messages
44,065
Likes
72,762
Location
Rocky Mountains
#20
Using a Mac is like travelling a lonely road...


Kind of like believing gold and silver are real money...



Such a cult...
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#21
I've been in the IT field since the 80's. I used to look down my nose at all the Apple snowflakes....until Windows started to get really bad (after XP) with patching, updates, slowness, constant IE issues....then I said to myself, what the heck, let's get one and see if I learn something

I went to a Macbook and never looked back
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#22
their failed “tiled” smartphone user-interface into the Windows UI
If anyone's using 10 and they don't like tiles, W10Privacy will fix that for you and do a sh!t ton of other helpful things. It reminds me of power toys for xp, but with a lot more options. Download page is in German, but there is an English version. It's easy to figure out.
Edited to add: I don't use 10, but have it installed on a secondary drive for testing purposes.


Someone had to invent a tool so Windows wouldn't take over their PERSONAL computer. That's a hoot! BTW, this tools simply makes a change in the registry to turn off Windows update. You could do that yourself (if you know how that is)
Yea, just turn off Windows update and there are a few updates that if already installed, should be removed to eliminate the problem.


Windows 7 & 8 updates that should be avoided or un-installed
KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update to Windows 7 SP1 for performance improvements
KB3022345 Update for customer experience and diagnostic telemetry
KB3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1
KB3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 Update for customer experience and diagnostic telemetry
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#23
If anyone's using 10 and they don't like tiles, W10Privacy will fix that for you and do a sh!t ton of other helpful things. It reminds me of power toys for xp, but with a lot more options. Download page is in German, but there is an English version. It's easy to figure out.
Edited to add: I don't use 10, but have it installed on a secondary drive for testing purposes.


Yea, just turn off Windows update and there are a few updates that if already installed, should be removed to eliminate the problem.


Windows 7 & 8 updates that should be avoided or un-installed
KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update to Windows 7 SP1 for performance improvements
KB3022345 Update for customer experience and diagnostic telemetry
KB3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1
KB3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 Update for customer experience and diagnostic telemetry
That's even easier
 

birddog

Here for the show.....
Gold Chaser
Site Supporter ++
Joined
Feb 28, 2011
Messages
2,878
Likes
4,032
#25
I don't have this problem you folks speak of....then again, there's a cute little Apple logo on my machine
Funny - when IOS updates come out I get pop ups every single day on my Ipad and work phone till I take the update.

Full disclosure - I make my living off Microsoft, been running windows 10 since Jan/Feb 2015 and and on the Insider fast ring. I kinda like it....
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#26
Funny - when IOS updates come out I get pop ups every single day on my Ipad and work phone till I take the update.

Full disclosure - I make my living off Microsoft, been running windows 10 since Jan/Feb 2015 and and on the Insider fast ring. I kinda like it....
Fair point! My only retort is Apple has no such thing as 'patch Tuesday'. You're familiar with that, right?
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#27
I found a batch file that can be used to automate the process of removing less desirable win7 updates.




ECHO OFF
REM --- remember to invoke from ELEVATED command prompt!
REM --- or start the batch with context menu "run as admin".
SETLOCAL

REM --- (as of 2015-08-26):
REM KB3012973 - Upgrade to Windows 10 Pro
REM KB3021917 - Update to Windows 7 SP1 for performance improvements
REM KB3035583 - GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
REM KB2952664 - Compatibility update for upgrading Windows 7
REM KB2976978 - Compatibility update for Windows 8.1 and Windows 8
REM KB3022345 - Telemetry [Replaced by KB3068708]
REM KB3068708 - Update for customer experience and diagnostic telemetry
REM KB2990214 - Update that enables you to upgrade from Windows 7 to a later version of Windows
REM KB3075249 - Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
REM KB3080149 - Update for customer experience and diagnostic telemetry
REM KB3044374 - W8,8.1 Nagware for W10
REM KB2977759 - W10 Diagnostics Compatibility Telemetry
REM KB3050265 - Windwos Update services update to upgrade to W10
REM KB3068707 - Customer experience telemetry point. W7,8,8.1


REM --- uninstall updates
echo uninstalling updates ...
start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart
echo - done.

timeout 10

echo ... COMPLETED (please remember to REBOOT, and Hide the Following KB Updates)
echo ...3012973
echo ...3021917
echo ...3035583
echo ...2952664
echo ...2976978
echo ...3022345
echo ...3068708
echo ...2990214
echo ...3075249
echo ...3080149
echo ...3044374
echo ...2977759
echo ...3050265
echo ...3068707
echo - done.


pause
REM --- EOF
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#28
If you want to disable telemetry and data collection in general, Block these domains in your router. Blocking them via HOSTS file does not work.
List may not be exhaustive, but it's a good start.


www.msdn.com
msdn.com
www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
office.microsoft.com
microsoftupdate.microsoft.com
wustats.microsoft.com
support.microsoft.com
microsoft.com
update.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.com
windowsupdate.microsoft.com
You can't block above names with hosts file. They all were hardcoded in this DLL:
%WINDIR%\system32\dnsapi.dll

more terror about MS from long time poster at dslreports:

All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com

Telemetry is sent once per 5 minutes, to:
vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net


Typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to: (I wonder why they're interested if you search your PC for a movie? Turn ya in to the MPAA, perhaps?)
df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
cs1.wpc.v0cdn.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com

When a webcam is first enabled, ~35mb of data gets immediately transmitted to:
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net

Everything that is said into an enabled microphone is immediately transmitted to:
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#29
If you want to disable telemetry and data collection in general, Block these domains in your router. Blocking them via HOSTS file does not work.
List may not be exhaustive, but it's a good start.


www.msdn.com
msdn.com
www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
office.microsoft.com
microsoftupdate.microsoft.com
wustats.microsoft.com
support.microsoft.com
microsoft.com
update.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.com
windowsupdate.microsoft.com
You can't block above names with hosts file. They all were hardcoded in this DLL:
%WINDIR%\system32\dnsapi.dll

more terror about MS from long time poster at dslreports:

All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com

Telemetry is sent once per 5 minutes, to:
vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net


Typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to: (I wonder why they're interested if you search your PC for a movie? Turn ya in to the MPAA, perhaps?)
df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
cs1.wpc.v0cdn.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com

When a webcam is first enabled, ~35mb of data gets immediately transmitted to:
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net

Everything that is said into an enabled microphone is immediately transmitted to:
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com
...or you can just buy a Mac and run it for ten years. Another huge upside is current versions of OS X run just fine on older hardware. You don't need to buy a new 'PC' every two OS upgrade to take advantage of their new OS features. That alone has always justified the cost of a Mac IMHO. Much longer user life
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#30
...or you can just buy a Mac and run it for ten years. Another huge upside is current versions of OS X run just fine on older hardware. You don't need to buy a new 'PC' every two OS upgrade to take advantage of their new OS features. That alone has always justified the cost of a Mac IMHO. Much longer user life
Apple doesn't collect any of your data? No telemetry? No spying? If not, I'd find that surprising.
 

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#31
Apple doesn't collect any of your data? No telemetry? No spying? If not, I'd find that surprising.
I didn't say that. Of course there's data collection going on. Windows is collecting data in ways that no one knows about and you can't 'turn off'. The Mac simply has a longer usable life compared to PC's that can't keep up with the code hog that is always the latest release of Windows
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#32
I didn't say that. Of course there's data collection going on. Windows is collecting data in ways that no one knows about and you can't 'turn off'.
Can you turn it off in a Mac? And be sure it's really off, and it's not just a "feel good" button for the user that doesn't really do anyting?


The Mac simply has a longer usable life compared to PC's that can't keep up with the code hog that is always the latest release of Windows
You can get that same usable life out of a PC, too. (it's called, installing linux on it after a few years. lol)
 

GOLD DUCK

Mother Lode Found
Mother Lode
Joined
Mar 31, 2010
Messages
13,688
Likes
6,748
#33
Walk away from your windows 7 machine for a few minutes and you will be in for a surprise.
It got one work computer yesterday and I caught it trying to install it's self on my laptop this morning and stopped it.
You can restore your machine to 7 after it pushes it's self in, but by then I would guess the damage is done. Rotten fecking bastards.


.

QWAK,It happened to me about 2 am this morning,had to stop it and click on reinstall original program took about 1/2 hour GRrrrrrrrrrrrrrrrrrrrrrrrrr...:thumbs down:

the DUCK :winks2:
 

Krag

Planet earth
Platinum Bling
Joined
Feb 20, 2013
Messages
4,924
Likes
4,049
#34
Happened to me yesterday without my choosing the damned thing, it sucked a lot of memory up so I went back to Windows 7; glad to oust the cogg$ucker$!
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#35
One other thing. If anyone has Win7/8 and have been noticing from time to time your system suddenly bogged down and system resources being eaten up and you don't know why, it's most likely your windows update causing svchost to go nutzo and eat up all your Ram. Turning off win updates will stop that sh!t in its tracks.
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#36
Happened to me yesterday without my choosing the damned thing, it sucked a lot of memory up so I went back to Windows 7; glad to oust the cogg$ucker$!
It's updates that cause that. The only way I know of to prevent that type of behavior is to remove the bad updates you obviously have installed.
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#37
KB 3139929 is supposedly an IE security update, but installs ads to upgrade to 10.
...and apparently they don't like people avoiding w10 nagware by choosing to avoid certain updates.

From Microsoft:
Also today we are announcing that non-security updates for Windows 7 SP1 and Windows 8.1 (as well as Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2) will be available as a monthly rollup (fixes rolled up together into a single update). Each month, we will release a single update containing all of the non-security fixes for that month. We are making this change – shifting to rollup updates, to improve the reliability and quality of our updates.


What that means is that any update that installs w10 nagware won't be able to be avoided if you install the rollup.
They'll end up making people just not ever update the system. If that happens, they'll prolly end up paying hackers to write virii for non-updated machines.
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
9,482
Likes
10,639
Location
Instant Gratification Land
#38
Windows 10 nagware interrupts the weather girl. lol




Edited to add:
How Microsoft copied malware techniques to make Get Windows 10 the world's PC pest

Microsoft uses techniques similar to aggressive malware to promote its “Get Windows 10” offer.

As many readers have discovered, the persistent and constantly changing methods Microsoft uses to continually reintroduce its “Get Windows 10” tool, or GWX, onto computers means it’s extremely difficult to avoid.

Windows users who decline to use it find it is repeatedly reintroduced. The language of the counter-malware industry is more appropriate than the language of enterprise IT for GWX.

GWX subverts a channel intended for one purpose (security hotfixes) for another (advertising); it changes its “attack vectors”, it uses “polymorphic” techniques; and it consistently overrides users' actions and permissions.

Much of the attention in the tech press on combatting GWX has been has focused on eliminating the work of one patch, KB3035583, which constantly reappears on users' PCs, even after removal. However, an investigation shows that ‘583 is a symptom, rather than the cause, of recurring GWX infestations.

The ‘583 patch is most commonly reinstalled by another patch, KB2952664. Once ‘664 is on a system, '583 will be requested for download and installation. Getting rid of, and thereby controlling, '664 could be the key to controlling the sophisticated "Get Windows 10" nagware network.

"Current patches do not fully address this situation and I do not believe it ever will, as the author of the GWX patch only addresses the GWX executable plus the '583 update,” writes a reader who conducted a detailed investigation for us.

Studying the behaviour of the ‘664 patch explains why controlling GWX is so difficult. The ‘664 patch constantly “mutates” – it is frequently revised to contain a new payload. Microsoft has not documented its behaviour, and has over the years removed explanations of what KB patches actually do.

The ‘664 patch has changed often, as these logs show:


I didn't include the logs. Too many.


Windows Update considers each revision to the patch to be a new install instance. So every time Microsoft changes the KB2952664 update nomenclature, all previous attempts by the user to block the update are invalidated.

Many users are unaware that uninstalling either KB3035583 or KB295266 only uninstalls a single revision of the patch; later, the patch can reinstall itself using an alternate revision number due to the fact that KB2952664 is being cached in C:\Windows\SoftwareDistribution\Download. A filtered registry dump on our test machine revealed there were more than 80 registry entries relating to the installation of ‘583 and ‘664, located mostly inHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect andHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

Unless the user gets rid of ALL of the "Get Windows 10" system updates and its helpers, the GWX popup will persist. These are:

KB2952664
KB3035583
C:\Windows\System32\GWX
C:\Windows\SoftwareDistribution\Download\*KB2952664*
C:\Windows\SoftwareDistribution\Download\*KB3035583*
ALL registry entries for KB2952664 and
(optionally) KB3035583

The GWX "patch" only hides the "Get Windows 10" reminder from the System Tray; it does not eliminate the actual installation of the assigned Windows 10 updates.

Microsoft has made it exceptionally difficult to remove the reminders in a coherent way. Removal cannot be automated – and if you miss one of the 80 registry entries, the process restarts.

The number of registry entries differs according to which, and how many, previous versions of KB2952664 have been installed. Owner permissions need to be reset to change some of the entries, making it more difficult.

Read the rest of article at link.
 
Last edited:

the_shootist

Midas Member
Midas Member
Midas Supporter
Joined
May 31, 2015
Messages
36,934
Likes
52,163
#39
KB 3139929 is supposedly an IE security update, but installs ads to upgrade to 10.
...and apparently they don't like people avoiding w10 nagware by choosing to avoid certain updates.

From Microsoft:
Also today we are announcing that non-security updates for Windows 7 SP1 and Windows 8.1 (as well as Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2) will be available as a monthly rollup (fixes rolled up together into a single update). Each month, we will release a single update containing all of the non-security fixes for that month. We are making this change – shifting to rollup updates, to improve the reliability and quality of our updates.


What that means is that any update that installs w10 nagware won't be able to be avoided if you install the rollup.
They'll end up making people just not ever update the system. If that happens, they'll prolly end up paying hackers to write virii for non-updated machines.
Or just don't use Windows
 

birddog

Here for the show.....
Gold Chaser
Site Supporter ++
Joined
Feb 28, 2011
Messages
2,878
Likes
4,032
#40
Fair point! My only retort is Apple has no such thing as 'patch Tuesday'. You're familiar with that, right?
It's called job security, baby! :winks2: