Credit to Author: Woody Leonhard| Date: Fri, 01 Feb 2019 09:15:00 -0800
Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.
We’ve seen a few more problems raise their ugly heads in the past few days:
Those are typical Microsoft edge-use bugs: They don’t affect many people, but if you’re one of the stuckees, you’re up the ol’ creek.
There’s an additional, ongoing problem that deserves repeating for you Windows 7 customers who are sharing files on home networks. Both KB 4480970, the January Monthly Rollup, and KB 4480960, the Security-only patch, have a bug that can break your network. The only solution is to manually install a Silver Bullet patch, KB 4487345 — and that doesn’t always work. Details in my Patch Alert article.
If you have any version of Win10, you’re in the crosshairs for Microsoft’s latest version pushed with the help of a new, improved, extraterrestrial superintelligent next-generation machine-learning model.
People ask me why I’m so cynical about 1809. I’m not really all that cynical — in fact, it looks like Microsoft’s trying very hard to make this one better than all that came before. My skepticism stems from the fact that 1809 doesn’t bring to the table anything I want: A new clipboard that’s almost as good as decade-old free plugins; better screenshots with markup; Storage Sense improvements that are disabled by default for good reason; and a handful of ho-hum features. Should you upgrade your machine for that?
Bottom line remains the same: Unless you want Win10 version 1809 on your machine, you need to proactively block it until you’re comfortable with moving on to the next, arguably better version of the last version of Windows.
Here’s how to get your system updated the (relatively) safe way.
Step 1. Make a full system image backup before you install the January patches.
There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points.
There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free and EaseUS Todo Backup. For Win 7 users, If you aren’t making backups regularly, take a look at this thread started by Cybertooth for details. You have good options, both free and not-so-free.
Step 2. For Win7 and 8.1
Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s 18 months old or newer, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.
If you’re very concerned about Microsoft’s snooping on you and want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. If you insist on manually installing security patches only, follow the instructions in @PKCano’s AKB 2000003 and be aware of @MrBrian’s recommendations for hiding any unwanted patches.
For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Realize that some or all of the expected patches for December may not show up or, if they do show up, may not be checked. DON’T CHECK any unchecked patches. Unless you’re very sure of yourself, DON’T GO LOOKING for additional patches. In particular, if you install the January Monthly Rollups or Cumulative Updates, you won’t need (and probably won’t see) the concomitant patches for December. Don’t mess with Mother Microsoft.
Watch out for driver updates — you’re far better off getting them from a manufacturer’s website.
After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. If you want to thoroughly cut out the telemetry, see @abbodi86’s detailed instructions in AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model.
Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines. But I’m starting to believe that information pushed to Microsoft’s servers for Win7 owners is nearing equality to that pushed in Win10.
Step 3. For Windows 10
If you’re running Win10 version 1709, or version 1803 (my current preference), you definitely want to block the forced upgrade to Win10 1809. Don’t get caught flat-footed: Microsoft is pushing 1809 slowly, but you don’t have to go when that superintelligent deployment program says you’re ready. Follow the advice in How to block the Windows 10 October 2018 Update, version 1809, from installing. Of course, all bets are off if Microsoft, uh, forgets to honor its own settings.
Those of you who run Win10 Pro/Education and followed my advice in November — to set “quality update” (cumulative update) deferrals to 15 days, per the screenshot — don’t need to do anything. Your machine already updated itself on the 23rd. Don’t touch a thing and in particular don’t click “Check for Updates.”
For the rest of you, including those of you stuck with Win10 Home, go through the steps in “8 steps to install Windows 10 patches like a pro.” Make sure that you run Step 3, to hide any updates you don’t want (such the Win10 1809 upgrade or any driver updates for non-Microsoft hardware) before proceeding.
If you really want to hide everything, including the gonzo KB 4023057 patch I mentioned earlier this week, you need to go through @PKCano’s steps to wring every last update out of your update queue. Microsoft hides some of them.
This month make sure you’re the windshield, not the bug.
Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86, and many others.
We’ve moved to MS-DEFCON 4 on the AskWoody Lounge.