{"id":14562,"date":"2019-02-11T06:30:03","date_gmt":"2019-02-11T14:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/02\/11\/news-8312\/"},"modified":"2019-02-11T06:30:03","modified_gmt":"2019-02-11T14:30:03","slug":"news-8312","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/02\/11\/news-8312\/","title":{"rendered":"It's time to block Windows Automatic Updating"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Mon, 11 Feb 2019 05:15:00 -0800<\/strong><\/p>\n

Those of you who feel it\u2019s important to install Windows and Office patches the moment they come out \u2013 I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you\u2019ll drop by AskWoody.com<\/em> and tell us all about them.<\/span><\/p>\n

For those who feel that, given Microsoft\u2019s track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft\u2019s Security Response Center says that only a <\/span>tiny percentage<\/span><\/a> of patched security holes get exploited within 30 days of the patch becoming available. <\/span><\/p>\n

Yes, it\u2019s possible that you\u2019ll be among the unlucky few. But in my experience, if you steer clear of Internet Explorer and Edge, and avoid hideously buggy packages like Adobe Flash and Reader, you\u2019re much better off waiting a couple of weeks before applying the latest patches.<\/span><\/p>\n

Of course, you have to patch sooner or later. In some rare cases, you need to install specific patches shortly after they\u2019re released. We\u2019ll warn you about the stinkers. But in almost all cases, you can afford to wait a couple of weeks to get patches installed \u2013 \u00a0and that\u2019s usually enough time for the bad bugs to show themselves.<\/span><\/p>\n

It\u2019s true. Windows 7 originally shipped with an automatic update feature that was turned off by default. How times change, eh?<\/span><\/p>\n

If you\u2019re using <\/span>Windows 7 or 8.1<\/strong>, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.<\/span><\/p>\n

If you\u2019re using <\/span>Windows 10 Pro<\/strong> version <\/span>1709<\/strong>, <\/span>1803<\/strong>, or <\/span>1809,\u00a0<\/strong>I recommend an update blocking technique that Microsoft lists for \u201cBroad Release\u201d in its obscure <\/span>Build deployment rings for Windows 10 updates<\/span><\/a> — which is intended for admins, but applies to you, too. (Thx, @zero2dash)<\/span><\/p>\n

Step 1.<\/strong> Using an administrative account, click Start > Settings > Update & Security. <\/span><\/p>\n

Step 2.<\/strong> On the left, choose Windows Update. On the right, click the link for Advanced options. You see the settings in the screenshot.<\/span><\/p>\n

Step 3. <\/strong>To pull yourself out of beta testing, in the first box, choose Semi-Annual Channel. (“Semi-Annual Channel” is this month’s bafflegab version of the old “Current Branch for Business,” which was a euphemism for “ready for paying customers.”)<\/span><\/p>\n

Step 4.<\/strong> To further delay new versions until they\u2019ve been minimally tested, set the \u201cfeature update\u201d deferral setting to 120 days or more. That tells the Windows Updater (unless Microsoft makes another \u201cmistake,\u201d <\/span>as it has numerous times in the past<\/span><\/a>) that it should wait until 120 days <\/span>after <\/i><\/strong>a new version is declared ready for broad deployment before upgrading and re-installing Windows on your machine.<\/span><\/p>\n

That has the added benefit of blocking Microsoft\u2019s forced upgrade to Win10 version 1809, if you’re on 1703 or 1709. You<\/strong> <\/em>should choose when you want to upgrade. Don\u2019t leave it up to Microsoft\u2019s \u201c<\/span>next generation advanced learning<\/span><\/a>\u201d algorithm which, presumably, is more advanced than the current-<\/span>generation advanced learning algorithm.<\/p>\n

Step 5.<\/strong> To delay cumulative updates, set the \u201cquality update\u201d deferral to 15 days or so. (\u201cQuality update\u201d = bug fix.) In my experience, Microsoft usually yanks bad Win10 cumulative updates within a couple of weeks of their initial release. By setting this to 10 or 15 or 20 days, Win10 will update itself after the major screams of pain have subsided and (with some luck) the bad cumulative updates have been pulled or re-issued.<\/span><\/p>\n

Step 6.<\/strong> Just \u201cX\u201d out of the settings pane. You don\u2019t need to explicitly save anything.<\/span><\/p>\n

Step 7. <\/strong>Don\u2019t click Check for updates<\/i><\/strong>. Ever.<\/span><\/p>\n

If there are any real howlers \u2013 months where the cumulative updates were irretrievably bad, and never got any better, as <\/span>they were in July of last year<\/span><\/a> \u2013 we\u2019ll let you know, loud and clear. <\/span><\/p>\n

Here\u2019s the thing about Windows 10 Home. Microsoft considers Home customers fair game. They really should call it <\/span>Win10 Guinea Pig edition<\/strong>. Microsoft has no qualms whatsoever in pushing its new, untested (perhaps I should say \u201cless-than-thoroughly-tested\u201d) updates and upgrades onto Windows 10 Home machines.<\/span><\/p>\n

This isn\u2019t a mistake or an oversight. Win10 Home customers <\/span>by design<\/i><\/strong> are Microsoft\u2019s extended beta-plus testing force. Cannon fodder. It\u2019s been that way since day one. As <\/span>Susan Bradley says<\/span><\/a>, \u201cEvery version of Windows should be able to defer and pause updates\u2026. Microsoft, your customers deserve better than this.\u201d<\/span><\/p>\n

If upgrading to Win10 Pro isn\u2019t an option \u2013 and I sympathize if you\u2019d rather not hand over another $100 to Microsoft for something that should come standard \u2013 your only other reasonable option is to set your internet connection to \u201cmetered.\u201d Metered connections are an update-blocking kludge that seems to work to fend off cumulative updates, but as best I can tell still doesn\u2019t have Microsoft\u2019s official endorsement as a cumulative update prophylactic.<\/span><\/p>\n

To set your Ethernet connection as metered: Click Start > Settings > Network & Internet. On the left, choose Ethernet. On the right, click on your Ethernet connection. Then move the slider for Metered connection to On.<\/span><\/p>\n

To set your Wi-Fi connection as metered: Click Start > Settings > Network & Internet. On the left, choose Wi-Fi. On the right, click on your Wi-Fi connection. Move the slider for Metered connection to On.<\/span><\/p>\n

If you set your internet connection to metered, you need to watch closely as the month unfolds, and judge when it\u2019s safe to let the demons in the door. At that point, turn \u201cmetered\u201d off, and just let your machine update itself. Don\u2019t click Check for updates.<\/span><\/p>\n

The current beta test version of the next (\u201c19H1\u201d or \u201c1903\u201d) version of Win10 Home includes the ability to Pause updates for seven days. While that\u2019s certainly a step in the right direction, it doesn\u2019t help much in the real world:<\/span><\/p>\n

All of which makes Win10 Home \u201cPause updates\u201d a really nifty marketing setting (\u201cLook! You can pause updates in Win10 Home!\u201d) that\u2019s basically useless. Unless you\u2019re Carnac the Magnificent.<\/span><\/p>\n

We\u2019re at MS-DEFCON 2 on AskWoody<\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Mon, 11 Feb 2019 05:15:00 -0800<\/strong><\/p>\n

\n
\n

Those of you who feel it\u2019s important to install Windows and Office patches the moment they come out \u2013 I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you\u2019ll drop by AskWoody.com<\/em> and tell us all about them.<\/span><\/p>\n

For those who feel that, given Microsoft\u2019s track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft\u2019s Security Response Center says that only a <\/span>tiny percentage<\/span><\/a> of patched security holes get exploited within 30 days of the patch becoming available. <\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,13764,714,10525],"class_list":["post-14562","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-pcs","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14562"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14562\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14562"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}