Michael Horowitz
Home => Defending against Windows 10 bug fixes
[Formatted for Printing] From the personal web site of  Michael Horowitz

Defending against Windows 10 bug fixes

Initial release: October 19, 2018
Updated: October 20, 21, 22, 25, 26 and 29. Also, November 2, 4, 6, 7, 10, 11)
Comments on this article are at askwoody.com

  1. INTRODUCTION
  2. FIND THE POPES IN THE PIZZA
  3. DELAY PLEASE
  4. TWO LAND MINES
  5. STILL MORE DEFENSE - GET OUT OF JAIL FREE (Added Oct 25, 2018)
  6. STILL MORE DEFENSE - NO DRIVERS FOR YOU
  7. STILL MORE DEFENSE - METERED INTERNET (Added Oct 21, 2018. Updated Nov 11, 2018)
  8. STILL MORE DEFENSE - Wushowhide (Added Oct 21, 2018)
  9. STILL MORE DEFENSE - THIRD PARTY SOFTWARE (Added Nov 6, 2018)
  10. STILL MORE DEFENSE - MICROSOFT DOCUMENTATION (Added Nov 11, 2018)
  11. BIGGEST HAMMERS (Added Nov 2, 2018)
  12. MANUAL UPDATING (Added Nov 2, 2018, Updated Nov 4th)
  13. TOO MUCH?
  14. BIG PICTURE (Updated Nov 4, 2018)

INTRODUCTION

Software always needs bug fixes. Still, it is widely understood that Windows Update, which installs bug fixes for Windows, is itself dangerous. Too many bug fixes create new problems. It has gotten so bad that every techie paying attention knows to wait before installing the latest "updates." Let someone else experience the inevitable bugs that new fixes create.

This reached it apex a few days ago when installing updates to Windows 10 wiped out all your files. Worse still, Microsoft was warned about that problem and ignored the warning. Just disgraceful. Then too, the October round of Windows bug fixes disabled audio for some people and caused some HP computers to crash.

How long to wait, is a matter of opinion. Personally, I wait at least 3 weeks before installing the monthly Windows 7 Patch Tuesday bug fixes. Someone could argue that during these 3 weeks the systems that I manage are vulnerable to the latest flaws which bad guys reverse engineer and begin exploiting pretty quickly. To this, I say that there is no single obviously right answer. Any patching schedule entails some risk.

At least with Windows 7 and 8, we are in total control of the patching schedule. Windows 10, however, complicates things a lot.

Unlike earlier versions of Windows, Windows 10 is totally re-built twice a year. These rebuilt versions are equivalent to what Microsoft used to call a Service Pack. It is a new starting point for the operating system, one that includes both new features and bug fixes. In September 2017 (more or less) Microsoft released the 1709 edition/service pack of Windows 10. In April (more or less) they released the 1803 edition and in October 2018 they released a Windows 10 service pack called 1809.

These Windows 10 service pack editions are then supported with bug fixes for a while (details below). These bug fixes are released roughly twice a month. For the 1803 Service Pack, the most recent bug fixes were released on October 9th, September 26th, 17th and 11th, August 30th and 14th and July 24th, 16th and 10th.

At some point, bug fixes for each Windows 10 Service Pack stop, and users are forced to upgrade to a newer service pack release. This upgrade is a pain; it is time consuming (especially on older hardware) and very much like a total re-install of the system. Many preferences are reset to the way Microsoft wants them, which is often not what the end user wants.

Avoiding the upgrade hassle costs money.

Microsoft's best customers are rewarded with the least hassle, they are forced to install new Service Packs far less frequently than the rest of us. The Enterprise and Education editions of Windows 10 get bug fixes for 2.5 years from their release date. The Professional Edition gets Service Pack bug fixes for 1.5 years. Thus, the Professional Edition of Service Pack 1703, which was released in April 2017, died in October 2018. The Professional Edition of Service Pack 1709 will stop getting bug fixes in April 2019. (updated Oct 21,2018)

Of course, this assumes that users were able to delay the forced installation of newer Service Packs. The more expensive Professional edition, can delay the forced install of a new service pack by configuring some system settings (much more below). Users of the cheap Home Edition, have to research hacking the registry, there is no user interface for delaying a new Service Pack. Home Edition users that do nothing, will be installing new Service Packs twice a year.(updated Oct 21,2018)

The more money you give Microsoft, the better you get treated.

FIND THE POPES IN THE PIZZA   top

In Windows 10 Professional, the user interface for delaying bug fixes and service packs is about as confusing as it could possibly be. In my opinion, this is not an accident, I feel that the user interface was purposely designed to trick as many people as possible into not delaying anything. In this regard, I regard Microsoft as the enemy, not the friend of Windows users. Too extreme? Read on.

Anyone using Windows has logged on to the operating system with a userid/password. There are two important classes of Windows users: administrators and restricted users. Administrators have full run of the place, they can do anything they please (I am simplifying a bit). Restricted users, which Windows 10 refers to as Standard users, are restricted in what they can do.

The Defensive Computing approach is to logon as a restricted user. I do so all the time; so too do my clients. It's safer that way. For example, if anything malicious gets onto the computer, it is limited in the damage it can cause. Restricted users see the same system settings as Administrators but should they attempt to do something that can screw up the system, such as stopping a service, disabling a device in Device Manager or installing new software, they have to first provide the password for an Administrator user.

That's the way Windows works almost all the time. The one exception is this, delaying the installation of Windows 10 bug fixes and Service Packs. In this case, Restricted/Standard users don't even see the options to delay things. Only when logged on to Windows as an Administrator are the controls described later visible.

If you are following along at home, go to System Settings -> Update and Security -> Windows Update (should be the default) -> Advanced Options.

Windows Update Advanced Options for a Restricted/Standard user
Windows Update Advanced Options for a Restricted/Standard user

Above are the advanced options for Windows Update as shown to a Restricted/Standard user (screen shot from service pack 1709). There is nothing about delaying bug fixes.

In contrast, the Advanced Options for Administrators are shown below. There are three options for choosing when updates are installed (which translates to delaying bug fixes).

Windows Update Advanced Options for an Administrator class user
Windows Update Advanced Options for an Administrator class user

DELAY PLEASE   top

The three visible settings have names that make no sense, which I take as evidence that Microsoft wants to shove bug fixes down the throats of their customers.

The first setting is branch readiness (see what I mean?) which offers a choice of two branch channels.

What is a branch channel? Good question, as the terminology here has changed during the lifetime of Windows 10. Simply put, a branch channel refers to the age of a given Service Pack (1709, 1803, 1809, etc.). One branch channel refers to a new Service Pack, the other to a slightly older one.

Each of the branch channels are called Semi-Annual, a reference to the twice-a-year Service Pack releases of Windows 10. One is just plain Semi-Annual, the other adds the word "Targeted". According to Microsoft, the targeted branch channel is for "most people" and the non targeted branch is for "widespread use in organizations." Got that?

Translating this doublespeak into English, as best I can, the one for "most people" is newer, the one for "widespread use in organizations" is older. Older Service Packs are more reliable, so this is what I recommend. According to Woody Leonhard, other euphemisms Microsoft has used for "we have fixed the most egregious bugs in this service pack" are "ready for widespread deployment" and "full availability." Non techies, who have not read this article, are used as guinea pigs. They experience all the bugs in a new Service Pack, while those of us in the know, wait for most obvious bugs to be fixed, before installing the same Service Pack.

To illustrate, the 1803 service pack of Windows 10 was released to the public (the "most people" branch channel) on April 30, 2018. It was released to the "widespread use in organizations" branch channel about 2.5 months later (July 10,2018). The previous 1709 service pack, was first released October 17, 2017 but not released to the "widespread use in organizations" branch channel until January 18, 2018.

When a Service Pack is first released to the public, it is installed on the Home Edition customers. Currently, in October 2018, the 1809 service pack of Windows 10 is being sent to Home Edition users. A Professional edition of Windows 10, that is configured for the "widespread use in organizations" branch channel, will not get the 1809 edition for a few months. This is, perhaps, the best reason to pay more for the Professional edition.

Techies saddled with the Home Edition, can find instructions online for updating the Windows Registry to enable the same delaying options available in the Professional Edition. For example, How to delay feature updates in Windows 10 by Martin Brinkmann of gHacks (Sept. 2018) shows how to change the branch readiness channel. The article omits an important safeguard though, always make a Restore Point before modifying the registry. (Updated Nov. 2, 2018)

Note: On the Oct. 23, 2018 edition of the Security Now podcast, Steve Gibson mentioned that he upgraded the Windows 10 Home Edition computer he uses for the podcast to the Professional Edition, just so that he could delay bug fixes. (added Oct. 26, 2018)

The next option is for Feature Updates. What is a Feature Update? It is a Service Pack. Here you can defer the installation of a Service Pack for a certain number of days, up to 365. If you were paying attention, the just-discussed Branch Channel option also delayed the installation of Service Packs. How do these two options relate to each other? Beats me.

Also not explained is the exact definition of the number of days. That is, just when does the option for delaying for x days start? When the Service Pack was first released? When it first hit the "widespread use in organizations" branch channel? Today? April Fools day? And, for that matter, to which Service Pack does the delay even apply? On a copy of Windows 10 version 1709, does the delay apply to the 1803 Service Pack or the 1809 Service Pack?

None of our business.

Whatever the definition, the safest option is to delay it as long as possible.

For Home Edition users, the gHacks article by Martin Brinkmann, linked to above, also shows how to delay Feature Updates/Service Packs. (Added Nov. 2, 2018)

The last option involves a Quality Update. Confused about the term Quality Update? You should be, Microsoft is inconsistent in their terminology. Simply put, a Quality Update refers to bug fixes to a Service Pack. As shown below, in a screen shot of the Microsoft Catalog, these bug fixes are also referred to as Cumulative Updates and Security Updates. The only consistency is the word update, a euphemism for fixing a mistake.

Bug fixes = Quality Update =  Cumulative Update = Security Update
Bug fixes = Quality Update = Cumulative Update = Security Update

We have seen the rise of euphemisms before. George Carlin did a bit about the effect of combat on soldiers. In the first World War, soldiers suffered from shell shock. Simple, honest, direct language. By the second World War, the same condition was called battle fatigue. In the Korean war it was referred to as operational exhaustion and by the Vietnam war it was Post Traumatic Stress Disorder.

You may have noticed that I am a shell shock kind of guy. In this article, bug fixes are bug fixes, not updates. Ditto for Service Packs. My intention is to explain, Microsoft's intention is to make Post Traumatic Stress Disorder out of shell shock.

Getting back to the main point, the installation of bug fixes to the currently installed Windows 10 Service Pack can be delayed for up to 30 days. I suggest setting this to 30 days.

There is no one right answer when it comes to how long to delay the installation of Service Packs and the bug fixes to them. Woody Leonhard, writing in Computerworld, suggests that the sweet spot is delaying a Service Pack for 60 or 90 days and delaying the twice-a-month bug fixes for 10 or 12 or more days. If a major problem with a patch arises, then up the deferral to 30 days. Of course, this assumes you are always watching and thus aware of problems with patches. I would delay longer. (Added Nov. 2, 2018)

There are still more Windows Update gotchas to be aware of.

TWO LAND MINES   top

The three settings discussed above are fine, except when they are not. Woody Leonhard warns about Microsoft ignoring its own rules:

"On three separate occasions in the past year - in November 2017, January 2018, and March 2018 - Microsoft forcibly upgraded Windows 10 Pro machines that have Advanced Options set to defer upgrades. Microsoft has, in effect, ignored its own settings ... These aren't fly-by-night reports, or wails of pain from users who forgot to turn something on or off. All three have been documented by Microsoft as being Microsoft mistakes, in nooks and crannies of its various posts. Oddly, it seems that the metered connection trick kept working in the face of all of those 'oopsies.' You may well want to set your internet connection to metered, even if you use Windows 10 Pro, Enterprise or Education."

More on metered connections below.

Yet another instance where the just-discussed delaying settings are ignored is when you explicitly ask Windows to check for updates. This was not always the case, but it is now.

Check For Updates button in Windows 10
Danger! Danger!

This was recently explained by Chris Hoffman of How To Geek who wrote: "When you click the “Check for Updates” button, Microsoft gives you updates early, skipping a normal part of the testing process ... For now, this weirdness with the “Check for Updates” button only applies once every six months when a new major update to Windows 10 is released."

Woody Leonhard first noticed this behavior in May with the release of Service Pack 1803. He wrote: "Some people, when clicking on 'Check for updates' in Win10 1703 or 1709, were pushed into the Win10 1803 upgrade sequence." So, while this is not new, at least John Cable of Microsoft was clear about it in an October 2nd blog posting, How to get the Windows 10 October 2018 Update where he wrote "...we encourage you to wait until the update is offered to your device..." (added Oct. 22, 2018)

So, instead of installing bug fixes for the current Service Pack, which would make a computer more reliable, clicking this button might install a brand new Service Pack, making the computer less reliable, not to mention depriving you of use of the computer for an hour or two or three while the Service Pack installs itself and resets many of the configuration options you changed. (added Oct. 22, 2018)

And, making a bad situation worse, Hoffman points out that once Windows Update starts downloading an update, you can not stop it.

STILL MORE DEFENSE - GET OUT OF JAIL FREE    (Added Oct 25, 2018)   top

Turning back to defense, Microsoft offers Administrator class users, a get out of jail free card for Windows 10 bug fixes. It's not a full pardon, just a brief break.

Pause bug fixes for 35 days
Pause bug fixes for 35 days

As shown above, Administrators can pause the installation of bug fixes ("updates") for 35 days. The description of this says you can pause for "up to" 35 days, this is not true. On Service Pack 1803 it paused for 35 days, there was no choice as to the number of days. On October 25th, it claimed to pause updates until November 29th. To see this option, go to Settings -> Update and Security -> Advanced Options. When this (stay) arm wrestles with the Check for Updates (go) button, I don't know who wins.

As far as I know this is not an option on the Home Edition of Windows 10, even for Administrators that are willing to update the registry.

STILL MORE DEFENSE - NO DRIVERS FOR YOU   top

Another defensive step against Windows bug fixes is avoiding driver updates. This is particularly timely as the October 2018 patches included not one, but two bad drivers.

There is a way to prevent Windows update from installing new drivers, but it is hidden, even from Administrators. In fact, it is not included in the System Settings at all. Instead, this is controlled with the Local Group Policy Editor. See what I mean about Microsoft being the enemy.

The Local Group Policy Editor controls drivers
The Local Group Policy Editor controls drivers

The procedure is described in detail by Mauro Huculak in How to disable automatic driver updates on Windows 10. In brief, you run gpedit.msc, go to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update and look for the "Do not include drivers with Windows Update" policy.

As with the other Windows Update tweaks, this one too requires Home Edition users to hack away at the registry. The Huculak article has the details.

Of course, sometimes you need, or want, to update a driver. For that, see the section on Manual Updating below.

STILL MORE DEFENSE - METERED INTERNET    (Added Oct 21, 2018. Updated Nov 11, 2018)   top

In a quote above, Woody Leonhard pointed out that a metered connection has been known to delay the installation of a new Service Pack when other options were ignored. On the other hand, he also writes that "There's no guarantee this approach (dare I call it a 'trick'?) will always work."

Metered connections are not a new tactic and they are available in the Home, Professional, Enterprise and Education editions of Windows 10. Making this change, requires you to be logged on to Windows as an Administrator. The metered attribute needs to set for every Internet connection. A cellular data network connection is considered metered by default.

Start out with Settings -> Network and Internet.

For the Ethernet connection, click first on "Ethernet" in the left side vertical column, then click on the Ethernet connection in the middle of the page. It does not look clickable, but it is. On the resulting page, look for "Set as metered connection" and turn it on.

For wireless connections, click first on "Wi-Fi" in the left side vertical column, then click on "Manage known networks" to see a list of the Wi-Fi networks the Windows 10 computer has previously connected to. The option here is again called "Set as metered connection" but it needs to be set for each Wi-Fi network individually.

The good news is that you do not need to be connected to a particular network to change this option. The bad news, is that when the computer connects to a new Wi-Fi network, it will default to being un-metered.

One thing that always seems to be omitted from the discussion of Metered connections is the issue of being logged on to Windows as a restricted/standard user vs. an Administrator class user. My testing of this showed that restricted users can not change the Metered status. Worse, it is not at all clear that the setting even applies to Local restricted users because they always see it as OFF even when a Local Admin user sees it as ON.

My test results (all users are Local): On a Windows 10 Pro machine running Service Pack 1709, a restricted user sees the Metered status as OFF and it can not be changed. An Admin user, however, sees it as ON. I created a new restricted user and the result was the same. On a Windows 10 Pro machine running Service Pack 1803, a restricted user again saw the setting as OFF and could not change it. An admin user saw it ON on two Wi-Fi networks but one network let the value be changed while the setting was fixed on the other network. Go figure. On a Windows 10 Home machine running Service Pack 1709 (with only Wi-Fi) things were as expected for the admin user - all Wi-Fi networks were set as metered and the setting could be toggled for each network. Here too, a restricted saw each network as NOT metered and could not change the setting.

On Pro machines, a metered connection can also have data usage limits put on it (Settings -> Network and Internet -> Data Usage). This is not available on the Home Edition. An admin user on a Pro system can set a limit on the data used by each Wi-Fi network and/or by Ethernet. When data limits are being imposed, the connection is locked into a Metered status and it can not be changed as per: Why can't I change the metered connection setting?.

FYI: How, When, and Why to Set a Connection as Metered on Windows 10 at How-To Geek.

STILL MORE DEFENSE - Wushowhide   (Added Oct 21, 2018)   top

Worn out yet? If not, there is still another line of defense, Microsoft's Wushowhide program. It is not pre-installed, you need to find it, download it and configure it. Then, you need to run it often for it to be of any use in blocking new Service Packs. Woody Leonhard has the details in How to block the Windows 10 October 2018 Update, version 1809, from installing.

STILL MORE DEFENSE - THIRD PARTY SOFTWARE   (Added Nov 6th, modified Nov 7th)   top

The blocking methods mentioned so far have not pleased everyone, so third parties have created software to block Windows Update.

StopUpdates10 was written by someone named Dmitry and it is available from a blog entry at greatis.com. I have not tried it. It is free and works on Windows Home Edition. It claims to block executing of the Windows Update processes by creating the policy registry keys to block updates. What that means, I don't know. It also claims to stop the Windows Update service (which you can do yourself) and make sure that it stays stopped by checking on it every now and then. StopUpdates10 installs a system service, Updates Guard, that runs in the background. There is a Restore feature to undo the changes it makes. The documentation says that it blocks the execution of several processes used for updating, but does not say exactly what they are.

Another program is Windows Update Blocker, now at version 1.1. The program is free, portable and from Sordum.org. Who is Sordum.org? He/she/they don't say. I have not tried it. It is focused on the Windows Update service and seems to just give you a GUI to enabling and disabling it. That said, I found the description of the program confusing. For example, there are some references to zapping the Registry but they are not explained at all. It also says nothing about the Windows Update service being restarted by scheduled tasks. The program can also deal with other services but this requires you to edit a text file and I could not understand the meaning of the numbers used as flags in the file. It supports Windows 10, 8.1, 8, 7 and older.

One problem with stopping services is that there is more than one service to deal with. In addition to the legacy Windows Update service (wuauserv), I have seen the Windows Update Medic Service, a Windows remediation service (sedsvc - about which Microsoft says: Remediates Windows Update Components) and an Update Orchestrator service (UsoSvc) - all of which are somehow involved in Windows Update. The description of the Update Orchestrator service is: "Manages Windows Updates. If stopped, your devices will not be able to download and install latest updates." Only some of these services can be stopped or disabled in the standard way.

Then too, there are quite a few Scheduled Tasks that are also involved with Windows Update, so good luck shutting them all down too. (Added Nov 7, 2018)

Another free (and portable) program is ShutUp10 from O and O Software. The program is focused on telemetry/spying but it includes a section devoted to Windows Update with 11 tweakable knobs. To me, the user interface is brutally confusing, I could make no sense of it. And, the program does not say what each knob does. Is it modifying the registry? Configuring a system setting? If so which one? Is it updating the firewall? When you click on an option you are given some explanation, but nothing that I found useful. (Added Nov 10, 2018)

Another approach is to block Windows Update access to the network. The idea being that even if the underlying services run, they can't phone home.

This is the approach taken by Windows 10 Firewall Control by Sphinx Software. It comes in multiple editions, one of which is free. I have not used it. My question here is exactly what does it block? Which programs? Which services? I asked Sphinx Software, and got a response, but it did not address the question. Here is a Dec. 2016 article about using the firewall. (Updated Nov 10, 2018)

To state the obvious, installing Windows software from people/companies/sources that you don't know, or know of, is always risky. This is especially true when the software is not totally transparent about what it does.

STILL MORE DEFENSE - MICROSOFT DOCUMENTATION   (Added Nov 11, 2018)   top

Everyone paying attention is well aware that Microsoft does a miserable job of explaining things. With that in mind, we have this How to configure automatic updates by using Group Policy or registry settings.

On the one hand, it was last updated in October 2018, so it should be current. On the other hand, it applies as far back as Windows Vista. And, it warns that option 5 is no longer available in Windows 10, yet there is no option 5. Typical Microsoft.

It says that there is an option, using Local Group Policy, to have Windows Update: Notify for download and notify for install. I don't believe it. When it warns that an option is not available in Windows 10, it is not clear if this refers to the Disabled option, the Not Configured option or both. It offers a registry update to disable Windows Update. I don't believe it. That said, I have not tested it.

BIGGEST HAMMERS   (Added Nov 2, 2018)   top

Up till now, things have been inside the box. Now, lets step outside it.

The biggest hammer in our toolkit is the Internet. If a Windows 10 PC is kept off-line it can't update anything. Extreme, of course, yet there may be circumstances where it makes sense. Nothing to do with Windows, but any computer with particularly high value or sensitive files is best kept off the Internet.

A bit less extreme is to fill up the C disk. Windows Update needs a lot of hard disk space to do its thing and if the C disk has only a couple gigabytes of freespace, it can't function. Just keep your big files on a network drive, cloud storage or a USB flash drive. Who thinks like this? Someone (me) who purchased the lowest end PC that can run Windows 10, a machine where the entire C disk is 30GB (advertised as 32GB, of course). It should have been a crime for major Windows vendors to sell machines like this.

A bit more mainstream is disabling the Windows Update service. I have done this often on Windows 7, but have no experience doing it on Windows 10. I have seen quite a few scheduled tasks for Windows Update on Windows 10, so it may not be as simple as it was on Windows 7. For example, it will also impact Windows Defender. You do this, as an Administrator, from Control Panel -> Administrative Tools -> Services -> Windows Update service (a.k.a wuauserv). For more on this see How Do I Disable Windows Updates in Windows 10 Home? by Leo Notenboom. Like Notenboom, I too have read that Windows Update turns itself back on but I have no tested this myself.

MANUAL UPDATING   (Added Nov 2, 2018, Updated Nov 4, 2018)   top

Anyone who successfully blocks all updates on Windows 10 will, at some point, probably want some bug fixes. At least for bug fixes to the currently installed Service Pack, you can update manually.

I recently had a Windows 10 Home Edition machine that had not been used for a few months. It was running Service Pack 1709 with patches as of May 8, 2018 (a.k.a KB4103727 or Build 16299.431). The list of twice-a-month (roughly) patches to Service Pack 1709 is here. The page serves the same function for other Service Packs too. Reviewing the available patches, I opted to bring the system up to September 26, 2018 (a.k.a. KB4457136 or Build 16299.699).

So, I went to the Microsoft catalog and searched for KB4457136. Then, I downloaded an 870 megabyte file called

   windows10.0-kb4457136-v2-x64_b4e13d384decc69a167306445a325018cd3835de.msu

and ran it. Reboot the system, as instructed, and it had the bug fixes as of the end of September.

When is it safe to install a particular clump of bug fixes? This will always be a matter of opinion. A good person to check with is Susan Bradley, also known as The Patch Lady. See maintains a Master Patch List at AskWoody.com. As I write this on Nov. 2, 2018, it is her opinion that for Service Pack 1709, it is safe to install the bug fixes released on October 9th (a.k.a. KB4462918 and Build 16299.726). She would hold off on the latest bug fixes, which were released on October 18th (a.k.a. KB4462932 and Build 16299.755).

One thing you miss this way, is the Windows Malicious Software Removal Tool (MSRT). As the name indicates, MSRT is anti-virus/anti-malware software. It is released once a month and automatically downloaded and run as part of the normal Windows Update process. You can run it manually, at any time, from a Command Prompt or the Run box by entering "mrt.exe".

There are a couple nice things about MSRT. The first is that, when you run it manually, it automatically checks to see if you have the latest version. If not, it warns you and offers a link where you can download the newer version. Even if the computer is off-line, you can easily tell which version of the software you have, the month it was released is displayed in the title bar. Also, running it manually lets you do a full scan, whereas Windows Update always seems to run a Quick scan.

So, if you avoid or disable Windows Update, you can still get and run MSRT. The latest version (as of Nov 4, 2018) is 45MB and was released on October 9, 2018. If you download it manually,the file name is a bit uglier: Windows-KB890830-x64-V5.65.exe.

Drivers too, can be updated manually. In fact, for many years this was a standard recommendation. One approach is to use software from the hardware manufacturer of the computer. Many PC companies pre-install software that updates both drivers and any of the other software they may have pre-installed. If you are only interested in the driver for one specific piece of hardware, then go to the website of the company that made the hardware in question. (Added Nov 6, 2018)

On October 7, 2018, Martin Brinkmann of gHacks.net wrote about a change in the way Windows 10 installs printer drivers. As with everything Microsoft touches, it is getting worse. Prior to Service Pack 1809, Windows included basic drivers for printers and it would install these drivers automatically so that printers could work right away. Starting with Service Pack 1809, Windows no longer includes most of the basic printer drivers. For a printer to work immediately, on a PC that shipped with 1809, requires the use of Windows Update to download drivers. So, anyone who blocks Windows Update has to do things the old way, finding, downloading and installing drivers from the website of the printer manufacturer. (Added Nov 6, 2018)

TOO MUCH?   top

Is this too much? Am I over-reacting to the danger of just-released bug fixes?

Let's not forget that Windows Update even fails at updating itself.

I oversee a number of Windows 7 machines. More than once I have updated a PC with the August 2018 or September 2018 monthly patches only to run Windows Update again, after the last patch was installed and the system rebooted, and find that it wants to install a patch that was first released back in September 2016. This missing patch is to Windows Update itself and without it many people experienced a 0x8000FFF error. Then, when Microsoft tried to fix this, they screwed that up too. And, back to euphemisms, rather than fixing a bug in Windows Update (shell shock), Microsoft released a Servicing Stack Update (Post Traumatic Stress Disorder).

Susan Bradley has been on the front lines of this fight, well before the bad publicity generated by the assorted problems this month. She wrote an open letter to Microsoft on July 30, 2018 which was published by Woody Leonhard in Computerworld: An open letter to Microsoft management re: Windows updating. This was also covered on Aug. 7th by Gregg Keizer: Patch expert calls on Microsoft execs to fix Windows updating. Bradley circulated a questionnaire among business IT administrators, specifically the people responsible for patching Windows systems. Even back in June and July, they were not happy with either the process or the quality of updates. They complained that the Insider program, which should find bugs, does not work well and too many bugs are released to the public. This same point was made by Peter Bright on October 20th (see below). Roughly 80% said that Windows 10 Service Packs were not useful and that they should be released either once a year or every other year. And, the bugs extend to documentation. Quoting: " Starting in January of this year with the release of Spectre/Meltdown patches, there have been numerous instances where patching communication has been wrong, registry entries detailed in Knowledge Base articles regarding registry key application was initially incorrect..." Bradley is an expert on Windows patching and cited many specific examples of screw-ups. The response from Microsoft was a virtual, "go away kid, don't bother me." However, a few months later, big corporations were allowed to postpone the installation of Windows 10 Service Packs. This delay does not apply to Home and Professional Editions. (Added Oct 26, 2018)

Mary Jo Foley has covered Microsoft for ZDNet for years. She clearly has her ear to the ground. What does she, herself, do? On October 10th, she wrote:

"Even after the first two or three or four cumulative updates roll out for a new feature update, I am still leery about putting it on my PC. I know these releases have gone through testing internally at Microsoft and externally through the Insider program, but they still inevitably cause various compatibility and other issues for users right out of the gate. And I just don't have the time, or in many/most cases, the knowledge, to fix what breaks."

Translating: The term "cumulative update" refers to the twice-a-month bug fixes to a Service Pack. A "feature update" is a Service Pack. In essence she is warning us to be wary of new Service Packs and wait as long as possible before installing them.

And, after I thought I was finished writing this article, along came Gregg Keizer in Computerworld with Critics warn Microsoft it needs to fix broken update process. Keizer writes that "Calls for Microsoft to improve the quality of its upgrades and updates have been building for some time" and notes that many people attribute Microsoft's 2014 dismissal of internal testers to the decline in quality. Along those lines is the latest Windows Update disaster, the installation of the 1809 Service Pack deleting users' files. The bug was reported to Microsoft, and ignored. It was such a disaster, that Microsoft stopped the rollout of the 1809 Service Pack.

Here are some points made by experts in the article.

On October 10th, Windows expert Ed Bott aired his gripes in Two Windows 10 feature updates a year is too many (I read this after writing this article). He writes "For at least the past year, I've been hearing loud protests from the IT pro community and other Windows support professionals over the number, the pace, and especially the quality of Windows updates ... the Windows 10 upgrade cycle has been unnecessarily disruptive, especially to home users who don't have the technical skills to deal with those updates ... Feature updates ... because they are full Windows upgrades, they take much longer to install, especially on well-worn budget PCs. More importantly, each such update introduces a new set of possible compatibility and reliability problems. For the people trying to get work done with a Windows 10 PC, each new feature update is an unwelcome disruption." (Added Oct 21, 2018)

Five days later, Bott piled on, griping about Microsoft using untrained volunteers as beta testers. He quoted a Microsoft employee complaining about the flood of moronic bug reports that make it hard to find real problems. He argues that Microsoft needs to have professional software testers, writing "The two most serious bugs in this cycle ... were caused because of a change in the fundamental working of a feature. An experienced software tester could have and should have caught those issues. A good tester knows that testing edge cases matters. A developer rushing to check in code to meet a semi-annual ship deadline is almost certainly not going to test every one of those cases and might not even consider the possibility that customers will use that feature in an unintended way." (Added Oct 29, 2018)

Yet, his fellow ZDNet reporter, Mary Jo Foley wrote: "Speaking of testing, it's widely known that Microsoft let go a bunch of its Windows testers back in 2014, substituting flighting and new unit testing procedures in their stead. I don't think Microsoft will reverse this course and bring back testing as a separate discipline." (Added Oct 29, 2018)

On October 3rd, Windows expert Woody Leonhard wrote How to block the Windows 10 October 2018 Update, version 1809, from installing, which I also read after initially writing this article. In it Woody says: "As we've seen, repeatedly, upgrading to a new version of Windows 10 as soon as it's out leads to madness ... For almost everyone, the new features in Windows 10 version 1809, a.k.a. the October 2018 Update ... just aren't worth the bother of installing and setting up an entirely new copy of Windows. (Unless you really want Candy Crush Soda Saga installed for the umpteenth time)" There are links and references to this article scattered above. (Added Oct 21, 2018)

And, the hits keep coming ... Peter Bright of Ars Technica, just today (Oct. 20th), wrote Microsoft’s problem isn’t how often it updates Windows—it’s how it develops it. Ouch, this article is pretty damning. To understand the quotes from the article below, be aware that the term "Windows as a Service" is doublespeak for issuing two Windows 10 Service Packs each year. Here are, to me, the best parts of this long article. (Added Oct 21, 2018)

Today, another griper: Windows 10 'as a service': Broken by design? by Günter Born. The 1809 Service Pack of Windows 10 has been withdrawn by Microsoft, yet on this page Windows 10 release information it is marked as Recommended. The article is in German but Chrome translates it just fine. (Added Oct 22, 2018)

When your big fans turn against you, that's bad. Leo Notenboom wrote Microsoft, We Deserve Better on Oct. 24, 2018. Quoting: "In recent weeks, I’ve seen calls from several sources suggesting that Microsoft stop, take a breath, and seriously review their update process. I agree. This madness must end ... I still believe that most people should take all updates, albeit with extra attention to backing up first ... [but] since updates are forced, it’s a little like playing Russian Roulette. There's no real predicting whether or not the barrel is loaded when you’re forced to pull the Windows Update trigger ... Even if your chances of experiencing a problem are one in ten thousand (aka 0.01%), it’s certainly enough to make people nervous." Rather than just griping, Notenboom offers excellent suggestions for Microsoft.

"Allow all editions of Windows to defer any and all updates indefinitely. Honestly, it’s the height of hubris for an operating system to force updates to begin with. There are hundreds of reasons why an individual machine might not or should not take updates for an extended period of time. Stability matters, and right now, given the risk that updates appear to present, stability matters more than security (the most quoted reason for automatic, unstoppable updates). Let all computer users choose if, when, and which updates should be installed. Period. Sure, make the default action 'take everything automatically', but give everyone an out. You don’t know their reasons, you can’t know their reasons, and there are valid reasons. Encourage, educate, and build a track record of trust. But never force. "

To this, I say YES YES YES. A thousand times, YES. (Added Oct 25, 2018)

On November 8, 2018 we heard about Office 365 being installed on a computer in London’s Victoria train station that is used to display train delays. The notice about the software installation blocked a big part of the screen (see it) - no train information for you. This stems from the Microsoft mind set, that they are in charge, not you.

Finally, back to patch expert Susan Bradley. In her plea to Microsoft, back in July, she wrote that "Some are disabling Windows Update as a drastic measure to ensure that updates do not reboot systems when they are not wanted."

So, no, I do not think the advice in this article is an over-reaction.

BIG PICTURE    (Updated Nov 4, 2018)   top

The big question is at what point do we spend too much time on the care and feeding of our operating system? At some point, our time would be better spent doing productive work, or even just goofing off, with a system that does not require so much work to defend and maintain.

Large companies have herds of nerds to babysit Windows. Fine. Outside of large companies, I don't think anyone should use Windows. Certainly, non techies should not use Windows. It is clearly the worst choice among the currently popular OSs (macOS, iOS, Linux, Android). Just to cite one issue, on three of the other four systems, there is no such thing as anti-virus software.

To me, it is clear that Microsoft both develops and tests Windows using flawed procedures. Almost universally, Windows 8 was considered a step backward from Windows 7. Likewise, many techies want no part of Windows 10. It feels like Microsoft keeps making things worse. Opinions aside, the operating system is huge, bloated and very very old.

Windows will survive for years due to the large amount of software that only runs on Windows. In addition, techies in large companies have no interest in seeing those companies convert to a different system, one that they are not familiar with. Anyone who does not need software that is married to Windows, is better off using a different operating system.

By the way, Chromebooks also force Operating System updates on users, but I have yet to hear of an update to ChromeOS causing the type of problems that updates to Windows cause. And, no one has ever spent hours watching a Chromebook update itself with a new version of the operating system.

 

 

 @defensivecomput TOP Home => Defending against Windows 10 bug fixes   
 michael--at--michaelhorowitz.com   Last Updated: November 12, 2018 12 AM  
  License Plate
Copyright 2001-2018
Copyright 2001-2018  
Printed at:   November 13, 2018 8:24pm   ET
Viewed 3,012 times since October 20, 2018 (125/day over 24 days)