Hacker News new | comments | show | ask | jobs | submit login
Don't tell people to turn off Windows Update (troyhunt.com)
327 points by Kipters 191 days ago | hide | past | web | 551 comments | favorite



I love the way he's compared the people who tell you to turn off auto-updates with anti-vaxxers; it's quite an apt analogy.

Microsoft shares part of the blame here for pushing features that the user clearly doesn't want through updates (especially to the major OS version). Look at the recent ads in Windows file explorer for one example. A lot of the advice to turn Windows Update off is a misguided response to Microsoft's own bone-headed moves in recent years to install bullshit that the user doesn't want.

I still sort of regret installing Windows 10 to this day because of the obnoxious Cortana bar it foisted upon my start menu that I can't get rid of. And yet not installing Windows 10 would've left me less secure with an OS hitting EOL for security updates much sooner.

Microsoft definitely shares some of the blame for this precisely because they have automatically "opted in" their users to stuff they don't want during past updates. Stop the bullshit, Microsoft.


> Microsoft shares part of the blame here for pushing features that the user clearly doesn't want through updates (especially to the major OS version). Look at the recent ads in Windows file explorer for one example. A lot of the advice to turn Windows Update off is a misguided response to Microsoft's own bone-headed moves in recent years to install bullshit that the user doesn't want.

Vaccinations are awesome, but Microsoft's heavy-handed bundling is similar to how the CIA was using vaccinations as cover to collect DNA[1] samples in Pakistan. This inadvertently led to a distrust of vaccinations[2] which harmed the efforts to eradicate Polio (or biological WCry, if you will).

Additionally, Microsoft abused the update system to download an entire, multi-GB OS (Windows 10) on systems running on Windows 8, "just in case they will want to upgrade". This was very expensive for people on metered bandwidth. Microsoft should separate critical updates from the less critical ones and give users the ability to opt-in for critical updates only.

1. https://www.theguardian.com/world/2011/jul/11/cia-fake-vacci...

2. http://www.nytimes.com/2012/07/10/health/cia-vaccine-ruse-in...


I don't think this is the reason why most people (non tech savvy) look to turning off Windows Update.

Most people don't know/care about Windows Update pushing features.

However most people DO care when their computers spontaneously reboot themselves with no warning (sometimes even in the middle of "active hours"!) which is what msft has set by default (and indeed has/had no UI to modify in some versions of Win10)


Honestly, if Windows Update worked like Linux updates tend to, I would leave them on 100% of the time. On just about every Linux system, I can upgrade the entire operating system and all the packages all at once without a reboot. Sure, the kernel does get updated from time to time, but the system is in no hurry to force the new kernel to load right away, and just switches to it at the next reboot.

By contrast, every single Windows Update that I deal with (a) requires a restart for seemingly no reason, (b) slows down the shutdown process immensely, and then (c) goes through sometimes multiple long installation processes, during which I cannot use my machine.

Of course, as a casual user, I would find Windows Update annoying enough to want to disable it. More so when my computer decides to restart of its own accord, sometimes right in the middle of me actively using it.

(Obviously, I am security conscious enough that I don't really disable Automatic Updates on my Windows boxes, and instead just remember to reboot my machine once in a while so it goes through them on my schedule.)

Could switching the Windows Update UI to a scheduled weekly reboot + updates (call it "Maintenance" or something) be useful? Would fewer people see the need to try to disable the updates if they could control exactly when they would happen, consistently?


Rebooting in the middle of a game or what have you is the worst feature. It happened with 7 too but was easier to disable (and doesn't get re-enabled when you update anything). It makes me think that malware often tends to be more respectful of your computer than Microsoft. Sure there are cryptolockers, but if you have backups those are an inconvenience. Keyloggers? Bloody drivers ship with them now. Becoming part of a botnet sounds pretty benign compared to Windows' update process.


It's simply hilarious to see Windows Update force rebooting machines in the middle of professional games.

Basically, a computer running Windows is actually owned by the Microsoft overlord who can do whatever the hell it wants to do. Occasionally it allows you to use the computer at its mercy.


MSFT upgrades are a joke. I worked at MS and the number of times a machine decides to restart in the middle of a presentation is not even funny. This was in the windows department.

It seems the decision was forced down by management. I hope someone up the chain realizes how much its cost to the actual users.

There was a joke at MSFT "you don't become a VP without making the company lose a billion dollars"


I love GNU/Linux and I love bashing Windows but I remember a time not even ten years ago that people (better at computers than I am) would not dare run apt-get upgrade before a presentation.

I think it still applies today.

Personally, I don't understand computers well so thus might be misguided but what I want is something similar to se Linux or jails but every application stack lives on its own and does not share libraries with anyone else. The idea us upgrading one application should not break another.


There's a lot of prior art and stuff existing along those lines. Plan 9 allowed every process to have its own /proc filesystem separate from the global one, and could give out per-process references to hardware devices too. Illumos implemented the Linux kernel's interface so you can run binaries built for GNU/Linux inside a secure Zone. (MS implemented something similar so it's nice you can run bash natively in Win10 now, but there's no security in that...) Guix/NixOS have a package management system with atomic upgrades and rollbacks that should never lead to a borked system. Dependency management is crucial since you can isolate all you want -- build an OS where every application is its own docker image if you want -- but as soon as things want to talk to each other, if you don't account for API changes on that communication channel you will have a broken system.

But can any of it overcome worse-is-better? Are these things really that desirable for a personal computer or are they more suited to production servers? I've been using Gentoo as my main OS since 2007, on my current rig that I put together in 2009, and I wouldn't be that surprised if I'm still using it in 2027. Even knowing about other systems' advances I'm still using my own preferred set of compromises.


Win10 bricked my home wifi and itself, once.

Laptop decided it had to update while i was also updating security settings on my wifi.

both laptop and network were unable to reboot on their own.

luckily i also have wired network and other computers. so, i was able to recover; network didn't take too much to come bac k up. needed to create and use a recovery drive for the win10 laptop.


"Active Hours" is such a stupid idea, too. I'm perfectly happy if my box has to reboot at 3am for updates, but I do actually make use of it in the morning as well as into the night, and as it shares some home-fileserver duties for the rest of my family, it gets used sporadically throughout the day.

In its infinite wisdom Windows won't let me set "7am-11pm" as active hours - it caps it at either 10 or 12 hours. So no matter what I set it to, Windows 10 updates will inconvenience me more than just about any other OS in the house.


Seriously. Active Hours was such a terrible idea, how did it move past the design stage?

There were some hilarious hacks to disable the Update Orchestrator and prevent the reboots. They work well, although allegedly you should not need them any more with the new Creators Update OS refresh.


Why does the computer even have to ask what the active hours are? If anything knows when the computer is being used, it's the computer.


Amen


Isn't it partly because Microsoft laid off all the QA testers? As mentioned on Barnacules' video July 2014.


Upgrade to RS2 and select "pause updates" and just check for updates yourself as you're finishing up schedule it at your own time.


Yes because humans should work for computers not the other way around.


computers are customizable for a reason and software always requires human interaction to be updates/useable.. most people are OK with their iPhone updating itself and its apps and showing related apps -not sure why that's so hard for windows users to adopt.


Any process can be more or less usable. GP described a setup in which the user is responsible for noticing that updates are available. That is just terrible.


I don't follow. Windows 10 has an action center, it shows everything pending. If there are security updates and they're frozen or pending restarts they show up in there if you misted the toast notification. Nearly all OS's have the problems of security updates being hidden unless they're forced (like a phone). OSX you have to click update inside the app store, Linux you have to check apt-get / yum update or whatever it is you do, brew you need to "brew update" - humans need to be part of the equation in some fashion.

I think the biggest thing is that people should care about being secure.. care enough to check for updates and be a part of the community they choose to be a part of - be it Linux/windows/osx/android/whateverthe* you want


For what it's worth, as of 16.04 Ubuntu automatically installs security updates: https://blog.appcanary.com/2016/unattended-upgrades.html

In snapcraft, all updates are automatically installed: https://docs.ubuntu.com/core/en/reference/automatic-refreshe... https://www.youtube.com/watch?v=DLxqdf89hRo


only if you leave unattended on.. most server admins turn that off so servers don't change out from under config management.


yeah for me it was 10 hours. I just checked and with the creators update it now lets you set to 18 hours, but seems there's still no explicit way of "ask me to reboot"


I've never had Windows 10 reboot on me. I've always had to tell it to reboot, or choose an option to do so. Very different than previous versions.


I agree, the spontaneous reboots make my wife furious. But I think the only real solution is for MS to enhance Windows to allow updates without rebooting. This is obviously a huge engineering challenge but it should be achievable, at least for the vast majority of updates.


That's not a huge engineering challenge. Every single linux distro has been doing it since forever.


Not really. It is much easier to just reboot than try to hot swap. When it comes to windows users, we have people still on xp so I'm sure these people would never reboot unless they were forced to reboot. It is fun to make fun of Microsoft but it is a damned if you do, damned if you don't scenario.

People really don't care about eventual (in)security. If given the opportunity, we pick convenience every time.


Forever? Hot kernel patching only really arrived in Linux 4.0.


This is now fixed..

But inversely, i'm annoyed that this "upgrade phenomena" seems squarely targeted at Microsoft when people who run Linux or OSX upgrade the second new shiny comes out. I'm not ranting here other than expressing a curiosity of culture that leads to cultural problems lingering much longer than they should.

Windows 10 is awesome.. the experiment with "ads" sucks but its all tweakable.. just jump to Rs2 and provide feedback if there is something you do/don't like. MS listens.


> Windows 10 is awesome.. the experiment with "ads" sucks but its all tweakable.

I don't want to have to tweak my fucking operating system to remove ads!! Also, I think we're asking too much of the average user. It's not obvious how to do most of the tweaks, so your random older/casual user won't do them, or maybe even realize that such a thing might be possible and go off to look up how to do it. They're more likely to just turn off updates.


THe "ads" are recommended apps. You can disable that.


Disabling it is tweaking. The default install of Windows 10 comes with ads and all sorts of other bullshit that doesn't benefit the user (in an operating system that you paid hundreds of dollars for, mind you). You have to go out of your way to opt out of it, and most users will not ever realize that such opting out is even possible.


Even the ads will ask you if you want to disable them.. "click here to disable future notifications" or if you open notification center you can "click here to disable future notifications".

I am slightly bemused we're making excuses for people not trying anything.. especially when computers these days are all about "Expressing yourself" and "identity"..


I shouldn't have to use gpedit to disable ads that consistently appears when using certain windows features, and which have no "Don't ask me again".

Presumably some freak compatability issue (I've noticed ads always appear when I open files using a certain program).


Google does those "Ads" when you open anything google-y without google..

if we're playing this game, we should play it fairly.


Google shouldn't do it either, but I think we're diverging into a non sequitur. Whataboutism isn't a valid defense.


its not whataboutism.. its making a fair comparison. I'm not excusing Microsoft's behavior based on others actions especially since I know this behavior is simple to disable in its latest OS release which is free to upgrade to.


Speaking of fair comparisons - which Google products, that shows these ads, did you pay hundreds dollars for?


if you want to compare, i don't see ads when i use free office online or when i use google office.

What i do see is that when i use outlook.com it doesn't pop down telling me to switch to Edge, but when i use Gmail its always telling me to switch to edge.

Have you actually used MS products in comparison to google? didn't think so..


So you were never bugged to use Edge, after you launched Chrome or Firefox? (Like this: https://superuser.com/questions/1146123/disable-microsoft-ed...). Or your preferences for the default browser were never reset to Edge after some update ("accidentally")?

Windows is the paid one here.


I am only bugged once I install what I want to use as default browser. Not everyday.

YouTube, Gmail, Google et all have a dropdown advertisement asking me to switch to chrome no matter which browser I user that isn't chrome..

Lets also not forget that MS apps show up on google store, apple store and are fully cross platform whereas google is selective in what it supports. We're at a day and age where Microsoft has Cortana, One Drive, Office, Bing, Skype, Photos and so much more on iOS, Windows, Android and people are telling me that MS is bad when google is good (and is far from as cross platform as ms is) I just say use whatever, but if people want to nit pick about "Ads" that everyone does without knowing how everyone does it, that's lame. MS has a TON of "Free stuff" that isn't always dropping toasts to switch browsers, switch to chrome so on and so forth..

If people have so much energy to hate on something, that should be directed at sloppy companies like Yahoo that actually are detrimental to security/safety..


After each login into Microsoft partner page, it welcomes me with a page telling me, that I will get the best experience with Internet Explorer. It doesn't even bother to check, whether Internet Explorer exists for the platform advertised in the User agent string.

With the Microsoft services, the crucial difference is, that "Cortana, One Drive, Bing, Skype, Photos" is stuff that Microsoft is pushing on people, not stuff that people asking for from Microsoft. It is me too solution, it is Microsoft's version of Google+, except that Microsoft didn't learn their lesson yet.

Out of this, Office is an exception. iOS and Android users would not give up their platform, but they were willing to use another lite office suite. On a platform, where there is not a such threat, such as desktop Linux, there is no Office port. Even the macOS port hasn't got feature parity with the Windows version. Google is treating Windows Phone exactly the same way Microsoft is treating other platforms with Office.

If you consider this hate, maybe you should also consider whether it is deserved. There's no reaction without action.


lol, I doubt that.. Microsoft doesn't support internet explorer anymore and would only recommend edge if you're on windows..

People are asking for these services.. just because you don't run them doesn't mean no one does. Skype is still the largest voip network, bing is slowly still growing against goole, onedrive is huge for private and corporations, Cortana ins on over 600 million devices..

As for office on OSX, it is updated all the time and feature comparable if you bother to run 2016 with updates enabled..

THe hate is far from deserved, its misguided.

Microsoft is so cross platform Visual studio for OSX is full RTM, Visual studio code runs great in Linux/windows/OSX, they're writing Linux drivers, they have the Linux subsystem for windows that runs native windows apps, they're a core supporter of the Linux foundation. .net is cross platform now too and they're starting to merge xamarin/XAML/xml forms so apps can be written once and run everywhere..

doing more for software and systems than google is but people will continue to have this misguided hate


Well, I about that message loled too ;). Later it became annoying and a nice example how Microsoft really cares.

If you claim people are asking for these services, then what about not showing them down the throats of those who didn't ask for them? Seem simple, right? If they are so popular, why piss off those who don't care about them? Why do I have look after every Cmd-O at Onedrive file chooser, when I'm never going to use it and there's no option "do not bother me with this again?". I'm sure that Cortana might be on 600M devices, but there are not 600M active users... more likely users what resigned on looking for a new ways to turn it off. See the difference?

Office for Mac 2016 is updated every month indeed, but it is still missing features. For example, everything that starts with Power (PowerQuery, PowerPivot, PowerMap), or Inquire. The Mac version of Office does work with exactly 3 ODBC drivers. It doesn't work with exactly the same ODBC drivers, that the Windows has no problem with (PostgreSQL, for example - it crashes).

There was a lot written about Visual Studio for Mac and it being a rebranded Xamarin. See past discussions here, at HN.

And let's go back to the Office for Linux, shall we? That's the Microsoft prime lock-in device for many. Drivers for Hyper-V or Linux subsystem for Windows help Microsoft, not Linux.


Also, shortcomings in the mac version of office may be shortcomings in the Mac OSX platform.

VIsual studio for mac is a re-write of xamarin, that doesn't change anything - xamaerin/visual studio/c# are all converging to offer a unified platform.

And i'm so glad you seem to know everything about everyone. THe same "billion google now" users probably only 1% USE it day in/day out.. but we're just going to be blindly bashing windows..

please, do us a favor and get over yourself. We get it, you don't run/don't like windows... so just stop wasting energy hating something you really don't have any clue about or care about.


same could be said of google/apple.. i'm just throwing these out as comparisons..

BTW, i never see any ads/popups other than after a fresh install when the guided tour is starting up so i have no clue what people are flipping out about.


I don't pay money for software to have to remove ads. When I write that check, the software should work for me, not advertisers.


This is an assumption based on ignorance.

The "ads" are recommended software. It is annoying that you get a toast notification asking if you want to use office online just as its annoying every few weeks my iPhone asks if I want to buy more icloud.

But what is really happening is that anything with an app store is tracking you to build a marketing engine that recommends other apps to you. The fallacy is that Microsoft is the only one doing this, the truth is that everyone is doing this.

There are ways around this in OSX and Windows.. you don't have to use the store, you can still download stuff and install away and you can still enable developer mode and side-load anything you custom write if you want to use the new API features.

I don't like it when I choose to use edge and every time I go to gmail it asks me to swtich to chrome.

I don't like it on my iPhone that every time I use gmail it asks me to switch to chrome even though I selected the checkbox to use safari.

I'm tired of this conversation being so one sided and biased as it is doing the world a huge disservice.


If you try to say what MSFT is doing is the same as Apple and Google then you are being hugely disengenous.

Ads for apps are ads, no matter how you spin it. People don't pay for android, they pay for windows. A pay OS/platform shouldn't force you to disable ads. Gmsil/Chrome are free apps.

Apple doesn't track you. On installs it asks if it can collect usage info, but you have to agree, and it's one time. They don't show you ads in either OS. They don't track your personal info. They don't give government agencies backdoors like MSFT got caught doing. They go to court to fight illegal searches of your devices.


You obviously aren't paying any attention to Microsoft lately and it shows. I'm not going to change that so the least you can do is show a little empathy for those who do.

Its painfully apparent you really hate Microsoft for your own deply personal reasons. I'm not changing that. But I will stand up and say that what you have said is not true and not the case of Microsoft today.

I'm not saying you have to change but we must be clear that you are speaking from perceived history rather than current day times.

Google android is "Free" as Windows 10 is free.. you paid for it with hardware... now if you could build your own handset you could install android but it would NOT be the official "google" android because reality is - hardware companies still have to license it in such a way to get the official apps. But again, we're not going to talk about this in apples and apples, you're only framing it in your obsession of fear/doubt/hate against Microsoft. And again, that's ok, I really don't give a hoot.

Apple does track you. The Apple Privacy statement is almost exactly the same as GOogle and Microsofts. https://www.apple.com/privacy/manage-your-privacy/ - they all enable services and warn you about services that provide value add in some cases but can seem in violation in others.

Its up to YOU to understand what you want to share, enable/disable what you want to share and understand how changing that changes the system you're running in.

But its up to you to use what YOU want to use and respect others for what they want to use.

Spending so much energy spreading FUD does nothing.

Chromebooks aren't free, phones aren't free, tablets aren't free, Apple/Google/Microsoft all provide app metrics to all their respective app stores and all go above and beyond to try and make them secure (google actually having to struggle with this compared to the other giants)


> Google android is "Free" as Windows 10 is free.. you paid for it with hardware...

This isn't true. I had to explicitly go out of my way to pay hundreds of dollars for a Windows license for my computer, which I assembled from components. It's not possible to pay money to anyone for Android; it's gratis. Google makes money on ads, not on selling Android.


Google has confidential "Mobile Application Distribution agreements" that guarantees google services and functionality and stipulates requirements.. Luckily court cases have revealed the stipulations that show Android is anything but "Free" to handset makers.. http://www.benedelman.org/docs/htc-mada.pdf

unfortunately i can't find any cases that show how much of the estimated ~60 dollars per handset is licensing costs for the google apps (as some have been licensed to mfrs) or patent / indemnification agreements needed that google doesn't offer but still are a cost to selling android handsets.

I know google makes a LOT more money on ads.. but lets be real, while android was open source its current incarnation is nowhere to be found and his hidden behind represive agrements, advertising, and marketing and android phones in the end are no cheaper than any other phone price wise..

When i buy a surface/tablet/oem pc it just comes with windows.. When i build a PC i buy an OEM license for 30 bucks.. if you know the platform you're running you can know how to save cash and make the best of it.


> Its up to YOU to understand what you want to share, enable/disable what you want to share and understand how changing that changes the system you're running in.

So you're suggesting I avoid Microsoft then? Because that's the only way I can control it, otherwise I'm only an OS update away from MS re-enabling features I explicitly disable.


>if there is something you do/don't like. MS listens.

Users have been very very vocal about dozens of things that Microsoft refuses to stop. What about all of the forced upgrades to Windows 10 without consent? For the longest time Microsoft just denied that they were even doing it. Then they just tried to justify it with marketing B.S. about how "Windows 10 is great, so no one should be complaining."

Then there's the embedded spyware in Windows 10 that's not able to be removed or disabled. Even just the adware, it should go without saying that no one wanted ads to show up in their OS. This shouldn't be something I should be forced to opt out of, it shouldn't exist in the first place. I shouldn't have to deal with Microsoft installing crap like candy crush on every windows PC on the planet.

Microsoft categorically doesn't listen to their users. Can you name a time when Apple or a prominent Linux distro has pulled any of this crap?


>> Can you name a time when Apple or a prominent Linux distro has pulled any of this crap?

Yes, unfortunately. Ubuntu served Amazon ads in the dash search. No idea if they're still there (I use Fedora) but it's not like they had to ask anyone what they thought of it to be well aware that the majority of their users would think that sucks.

Apple? Well now- that's the company that continuously tries to force its users to run only the apps it choses, isn't it? Apple sucks as much as MS in the way it treats its users.


Fair point, but at least when Canonical was doing it it was just searching Amazon for something relevant to your query. All of the outrage was that doing this meant that Amazon would get searches for stuff like local file names that presented an information leak. Canonical also proxied these searches so Amazon didn't actually get enough information to tie a search back to a particular user.

As for Apple though, I disagree with a lot of their design decisions but Apple hasn't introduced Spyware, Adware, and Malware into any of their products. Their walled garden philosophy is crappy but they aren't doing what Microsoft has been doing.


Microsoft isn't injecting adware, spyware or malware into the OS either.


Telemetry can't be completely turned off in Windows 10. It's software that phones home what the user is doing without the user's consent or knowledge of what is being sent home. That's literally the definition of spyware. Windows 10 also bundles advertisements with no way for the user to opt out of them. Windows 10 was also installed on millions of computers without the user's consent. Again, textbook definition of adware. When GWX was being intentionally blocked Microsoft decided to evade that block by ignoring the registry key that used to be able to block it. Microsoft also promised that they wouldn't try to force the upgrade or GWX on domain joined computers, that was a lie. They also said that Windows 10 would be opt in only and that they wouldn't upgrade without consent. They also lied about that, unless you believe Microsoft obtained consent by the user not pressing "no thanks" and ignoring the GWX spam once.

Even just the upgrade itself broke more than hundreds of thousands of computers. Sure, you can blame that on drivers or sketchy hardware but the bottom line is that Microsoft still upgraded those computers and caused them to become nonfunctional. Even after the upgrade, Microsoft allowed users to revert back to the previous version of Windows but I've personally seen that fail on three separate occasions.

I'm not just using hyperbole here, Microsoft really did do all of that and more with Windows 10.

And if you doubt the users who say that it upgraded when they weren't at the computer and that they never consented, there are plenty of cases of isolated machines like HVAC computers that didn't even have a display or input hooked up to them that broke because Windows 10 was installed. How exactly did Microsoft get consent for a computer that had literally zero input devices and no display?


You're picking edge cases of machines that you can't/couldn't verify and speaking in half truths.

Yes, Microsoft had some updates that updated some machines but they fixed that so it wouldn't. Yes, MS mad some silly assumptions to cache the update - that isn't what this is about.

THis is about the fact that the HVAC company SHOULD have upgraded. They should have known their outdated/unsupported OS constitutes a security risk and THEY should have corrected it and not assumed to leave it up to users who have/had no clue.

Windows 10 "Redstone 2" allows you to disable the supposed "spyware" that isn't really spyware when compared against any other OS out there. There are also easily abundant scripts to completely remove the concept of the store and anything attached to it from ever starting.. luckily you can do that on Windows 10 and pretend being isolated is what matters more than being current..

As for the ads, its supid easy to turn off the notifications. There is this "Notification center" where when you see the Office Notification - just click "don't show notifications for this app" and its gone. And if you see "Recommend apps" in start bar, click click and disable show recommended apps.

Both are dumb defaults, we can agree on that, but they're there and they can be removed/disabled. It's not that hard.


>You're picking edge cases of machines that you can't/couldn't verify

I've personally seen a computer that was upgraded to windows 10 after being left on over the weekend. The user claims that they never clicked on the upgrade and seeing as tons of other people reported the same thing I'm inclined to believe them. Fun fact, rolling back the Windows 10 update frequently doesn't work. The longer you wait after upgrading, the less chance you have of it working IMHO. After seeing this, I figured I'd test it myself and I booted up an old netbook that I had lying around and after running updates on it, it started installing windows 10.

>Yes, Microsoft had some updates that updated some machines but they fixed that so it wouldn't. Yes, MS mad some silly assumptions to cache the update

I've yet to see any reasonable explanation as to how that could possibly have been unintentional. MS just started trying to excuse their BS behavior by lying about what they did and trying to justify it with "but it's an upgrade".

>THis is about the fact that the HVAC company SHOULD have upgraded.

That HVAC company shouldn't have upgraded to Windows 10, they should have upgraded to a reasonable operating system fit for the purpose.

>Windows 10 "Redstone 2" allows you to disable the supposed "spyware"

>As for the ads, its supid easy to turn off the notifications.

Just because I can remove Microsoft's adware and spyware doesn't change the fact that it's spyware and adware. As for being easy to do either of those things, you might as well be speaking Greek to at least 95% of Microsoft's users. It's simple if you know a little bit about Windows, but most users out there don't know much of anything about Windows. Just look at all of the outrage over changing the start button in Windows 8. There was literally hoards of people who couldn't even figure that out. I guarantee you those same Einsteins aren't ever going to figure out how to disable telemetry with third party software or figure out that "Notifications" are all of the ads that they're getting spammed with.

Also, Redstone 2 isn't out yet, and to be honest, I don't have high hopes that Microsoft will allow Home users to completely disable telemetry when it does come out. They've lied about everything else involving Windows 10, why should this be any different?


>> However most people DO care when their computers spontaneously reboot themselves with no warning (sometimes even in the middle of "active hours"!)

> This is now fixed..

Once bitten, twice shy.

Most if not all of the non-tech people I work with would respond to this with "yeah, well, I don't care, I don't want to take the chance it reboots during a presentation/webinar/demo/etc ever again".


Also, forgiving a company for a technical mistake is a lot easier than trusting them again after a decision that implies they don't give a fuck about their customers.


I guess in the same way a farmer might listen to its cattle? A nasty disease or two would get fixed, nice food to keep them fed, but if they're telling the farmers "don't eat me" I can't imagine the farmers would be very receptive.

Likewise. Stop spying on me, stop advertising to me, stop pushing products I don't want on me, stop treating my computer like your personal playground.

None of this is going to gain traction. All of those are the point. No amount of listening will fix this.


It is fixed. When you upgrade to RS2 it asks you about the services and you can disable them and you can disable automatic updates.

BTW, this isn't unique to MS.. phones update all the time and the concept of the phone is going to change.. soon you will have just one device that does everything. Are people going to complain that MS can't then do what Apple/Google do in regards to spying, updates & patches?


LOL at comparing MSFT to Apple or Google in this regard. Googles whole business model is ad supported, in return you get good free software.

Apple actually fights to protect your privacy, when you pay them money for hardware they just try to make it work well for you, not advertiser. And their updates/reboots are optional.

MSFT takes your money, then doesnt protect your privacy AND sells you out to advertisers.


I don't buy this argument. Its fully of fallacies and misconceptions.

Microsoft offers a very similar ecosystem.. You can use office online, One drive, bing.com, skype, Cortana, Outlook.com and many services free for use with advertising (or no advertising)

MS doesn't "take your money" either, you buy something with Windows 10 on it or you buy a mac with OSX..

iOS updates aren't usually optional, as they quickly spam the crap out of you to upgrade and stop allowing publishers to post apps for the old release ergo "forcing" upgrades.

Android has the inverse problem.. handsets never getting upgrade so people flock to versions that do and happily upgrade away..

which is why I don't understand anything you have said. :)

oh and MS doesn't sell your privacy data to advertisers..


Correct, both MSFT and Apple force you to pay for your OS as part of your purchase, but Apple doesn't force you to disable ads.

That was the only part that was correct. Apple reminds users of critical updates, doesn't force. Apple allows every publisher to upgrade their apps (I'm an IOS dev), just don't try to link with outdated APIs. I have iOS 6 apps that still run fine without changes.

And you don't know what MSFT sells to advertisers.


Apple does have "Ads". They're always asking you to upgrade to icloud on every device - my MacBook and my IPhone.That's about as annoying as "buy office 365 now"

MSFT does spell out what they share with advertisers the very same way Apple and Google do.

https://www.google.com/policies/privacy/

https://www.apple.com/privacy/manage-your-privacy/

https://privacy.microsoft.com/en-us/privacystatement/


The thing is, when I wanted to use Windows, I didn't ask for "office online, One drive, bing.com, skype, Cortana, Outlook.com and many services". I wanted Windows, not additional baggage crammed down my throat.


I assume "office online" means Office 365? If yes, how can I use it for free? Last time I checked there was only a free trial [1].

Microsoft does take my money--just because the cost for the OS is hidden in the hardware doesn't mean some fraction of that money isn't going to Microsoft, i.e. in the end I have to pay to use Windows. Windows 10 was not free either as advertised, since it required an older version to upgrade from.

Compared to Google's and Apple's offerings, Microsoft's do kinda look shitty.

[1] https://products.office.com/en-us/compare-all-microsoft-offi...


Every company is out there to make money. This is non sequitur.

As far as product comparison, I prefer Office over google docs (And the link you posted is about their commercial offering).

office.com offers the online versions of office (web like google docs) and its as feature rich.

Also, lets be real.. You can get office 365 for up to 5 pcs for 99 a year and each account you link to it gets the extra benefits such as terabyte of onedrive and such, its not a bad deal at all.


> you buy something with Windows 10 on it

This isn't true for many of us that build our own computers. I bought a boxed copy of Windows and installed it. It certainly didn't come with or on anything.


If you're building a computer, google "windows 10 oem license" and use that to install with the downloadable iso - https://www.microsoft.com/en-us/software-download/windows10

30 bucks in most stores..

or get licenses through visual studio benefits, schools or transfer from another PC you may be shutting down. It's not rocket science to save money if thats your biggest concern.


...soon you will have just one device that does everything.

That's already true, for people who only have a phone. In the long term, it's completely wrong. Today's "super"-devices will explode into a constantly-changing constellation, as soon as personal networking is ironed out. Future generations will laugh at caricatures of people today, who constantly tend to and obsess on one hunk of plastic to the exclusion of the wider world.


as the IoT and "constellation" "explodes" we can only HOPE that includes auto-update.


Sure, but part of the process of "ironing out" local networks will be an easy way of categorizing what host gets what sort of connection to the internet. A pedometer built into a shoe needs very little access to anything.


but it will need an update if it has a CVE and it shouldn't need humans to update it


In general one would say that, but there would be a category of local host that would mean "we don't trust this device to correctly update its firmware, so that action (and consequently most other network actions) is not allowed".


When Linux or OSX upgrades without my consent, rebooting while I am using it, then I will scream about it too. Until then, I see no hypocrasy.


Again, this is configurable now.


So if I fill out the paperwork in advance Microsoft won't ruin my night? How generous of them. I'm really glad that linux gaming is increasing year over year, because gaming is about the only reason I still use windows at home.


again, this is another attack without much merit. Lots of windows users want the updates because they're asking Microsoft for them. If you want to run Linux then RUN Linux.. you don't need to rain on the MS parade for no other reason than a an apparent lack of empathy for what other human beings want to run.


I doubt that Windows users want the update process to interrupt them at the most inconvenient time possible.

The problem are not (security) updates themselves. The problem is the intrusive update process and non-security updates bringing "features" nobody asked for.


People do ask for these features. There are millions of active windows users in the Windows Preview Program that provide feedback asking for windows to be improved in many different ways.

I'm not sure where these absolutely incorrect assumptions are coming from but they're entirely false. Windows believe it or not is community driven these days. MS is delivering features for its "enterprise insides" and for its "xbox insiders" and for its "windows insiders" and this is a HUGE community.


Do you think that these people (basically enthusiasts, nobody else would participate) are representative of all windows users? Do you even respect a feedback that goes against your business objectives?

Because all in all, Windows is getting less and less useful and more and more annoying. No, you don't need to stuff Cortana, Onedrive or whatever new initiative you have. If I wanted it, I would sign up by myself.

In my case, after I disabled the infamous KB 3035583 update for N-th time and it was back again, I lost my patience and switched the platform. I'm too old for such games. Some of my colleges still need win32 specific apps, but you can be sure, that as soon as they will be able to replace them, they will jump too.


Again, why be so condescending? Without a shred of evidence over your own personal experience and the hive mind of people who would never run windows and have philosophical angst towards Microsoft there are MILLIONS of people that want to see it better and are actively providing feedback. So much so that Microsoft releases weekly builds, has a feedback hub, throws parties, online meetings, phone calls and surveys and "quests" to have people experiment and offer feedback on shaping the future of windows. Of course these are 'enthusiasts' but that's besides the point. Its a thriving community of Microsoft paying attention to its customers and people willing to interact.

I have no idea what the KB 3035583 problem is.. everyone makes mistakes. My mac had failed updates where I had to reset, my iPhone has had bad updates, my kindle fires have been borked, my android phones have been bricked, my wifi routers have been bricked.. I just take the time to learn and move on.

People are obsessively convinced Microsoft is bad, for no other reason that they're not giving them another chance yet the world turns a blind eye to very similar issues across the board.

Software isn't perfect. You don't fix software by never updating it. We're used to updates on Mobile/Tablets - many people are used to updates on PC/Tablet/Desktop but there are people who continually beat this non sequitur horse that PCS can't and shouldn't be updated.

Software is eating the world. If people want to compare MS to google - Google updates their shit all the time - does hundreds of releases a day. Now so does Microsoft. But hot damn, if MS does it they're "Evil" and "pushing crap or features no one wants" when we full know that is BS.


I never said that I've never run Windows - I just don't run it anymore. It is due to bad experience. Microsoft had chance, but they were blewing it regularly. I still do run Microsoft apps (macoffice and vscode). If they will blew it up with these, I have no problem switching off them.

If Microsoft has feedback hub, throws parties, online meetings, etc., then they are very good at ignoring the feedback. Did they fix the privacy issues with Windows 10? Did they re-enable end-user control over updates? Did they stop resetting user preferences after updates? It's not that they are not aware of all of these.

The problem with KB3035583 (gwx - Get Windows X) was, that no matter how many times you have hidden it (to indicate do not install), Microsoft un-hided it, and several times it has flagged it as security update, which caused for many people to install it automatically. It definitely wasn't an mistake, it was clear intent, to make target figures with Windows 10 upgrades. It is one of the biggest reason why people were turning off windows update!

> People are obsessively convinced Microsoft is bad

You know, I'm some 25 years in this business and there are many reasons why they are right. Microsoft worked hard to earn this reputation. From "knifing the baby" to their today's attitude regarding privacy and pushing their services.

> Software isn't perfect. You don't fix software by never updating it. We're used to updates on Mobile/Tablets - many people are used to updates on PC/Tablet/Desktop but there are people who continually beat this non sequitur horse that PCS can't and shouldn't be updated.

As I've written elsewhere, existence of updates is not the problem. The update process (hogging up entire core with wsupdate service? No problem! Installing updates for 30 minutes? No problem either!) is one problem. The shoveling of unwanted stuff into updates is another. Compare that to apt/dnf on Linux side or App Store on Apple side - they are as unobtrusive as possible.

> Google updates their shit all the time - does hundreds of releases a day.

Google updates do not make your machine unavailable for 10-30 minutes at the most unfortunate times in the day. Ever been to ambulance, where the nurse has lined up patients, because her computer doesn't work right now? Guess which fault it was, Googles or Microsofts?


Have you ever looked into the mirror and maybe thought you worked hard to build your view of MS? Have you ever considered that MS of today isn't the same MS of 25 years ago?

I'm pushing 41.. I've been into computers since i was 8. I've been through wishing OS/2 would win, Hating on Windows for years, begrudgedly using WIn95 OSR2.. I was the first BBS in Houston to offer Linux to download on 8 floppy disk images, i was the first to mirror a larger FTP site for Linux distros (ygdddrasil), I use Linux on THOUSANDS of computers - i work for a larger internet company running 10-s THOUSANDS of servers running Linux.. sometimes i wish they were all solaris since that was what really grabbed my hart but guess what - things change - systems change - people change - companies change.

Today i sport a Surface Pro 4, an iPhone 7, a MacBook pro and a Ryzen 1700 as my primary compute/phone devices.. I use them all. Windows 10 on my Surface Pro 4 is the best mobile experience I've ever had. i have Ubuntu/Suse/Redhat as bootable native shells, i have a web browser with extension support, gesture support and great experience, i have power shell, i have hyperv if i need it, i have docker - the experience in windows 10 lately far surpasses the experience of say - docker on OSX which has always been very goofy until recently and now with docker on windows i can run windows or Linux native containers.

MS is not only providing lots of open source code but they're a HUGE sponsor of the Linux foundation - a SUPPORTING member - the biggest you can achieve.

As for update times, you can schedule your updates. If you need to upgrade your android phone, you're not going to be able to use it during the upgrade - same with your PC, if you have pending updates - just schedule them when you need them.

You're still defending everyone else for facing the same problems MS does and for some reason, still hating MS for solving problems that need to be solved.

I for one am SO FREAKING GLAD windows doesn't fester for years between "Service packs" that then took years to get released because people had it in their goofy heads that people actually tested them for them.. i'm so glad that windows finally releases iterative updates on TUESDAYS and everyone in the world knows when PATCH TUESDAY IS if they run windows.. if you KNOW patch Tuesday is coming up, reboot when you're done patching on TUESDAY.

It really isn't as hard as everyone is making it out to be.

Now that I've written all this, its laughable how hard people are making this appear to be.


Criticism is not hate. You need to distinguish these two. Until you can, there's no point in continuing a debate.

I hope the responsible people at Microsoft are better at receiving and processing the information regarding their products and the problems with them.


At least with Linux I can choose to install and whenever I want to install it. I don't get that freedom with windows, and it packages it's system with advertisements


You do get that freedom.


heck, in Windows you know get the freedom of what Linux you want to run now that Redhat, Suse and Ubuntu will be supported ;)


No Microsoft sucks. It's my computer, stop hijacking it. This is why I switch to a Mac.

Microsoft is 100% responsible for this malware, they trained users to turn off updates by making them unbearable.


That is your personal opinion. I stuck with windows 10 because I like it. That is my personal opinion. Learn a little empathy.

I have a MacBook pro, a surface pro (windows 10), a gaming pc (windows 10), a Plex HTPC (windows 10) and an iPhone.. I'm quite happy regardless and I find all ecosystems have their +/-


it's not my opinion, clearly they've driven customers to behave in an insecure. Clearly their customers hate the ads and the updating mechanism. That you happily tolerate it just makes you a tiny minority.


It is your opinion, you're even using your opinion to make up stuff about me that isn't true.

I clicked the option to disable this when prompted when I upgraded. It was easy and I've moved on. Life is great, i'm back to playing games, watching content and enjoying my device without it asking me if I want to upgrade office.

(but my damn iPhone keeps telling me to upgrade icloud)


If we look in the past we also have snake oil which is said to be a major cause for mistrust for doctors and medicine. Government had to step in and issue regulations in order for the public to regain trust and vaccinations is one of the very few remaining trust issues between the public and medicine.

If we want people to regain trust in auto-update there need to be something that prevent abuse. If that is regulations, liability laws, or just industry practice will be up to the future to decide. Until then a person will have to rational decide on auto-update as past people did with the uncertainty of not know what is snake oil and what is real.


>"Until then a person will have to rational decide on auto-update as past people did with the uncertainty of not know what is snake oil and what is real."

You are far too confident in current medical practice.


Sadly MS is hardly the first to have done something like that, but they are the biggest and most prominent name right now.

People avoid doing firmware updates on various devices for the same reason, as there is no indication what will change or go missing (never mind that it likely will reset the device, and thus require a full reconfigure before being useful again).

The basic problem of our world is that it is ruled by 20-sometings that loath working on "old" tech. The epitome of this is the FOSS world that goes through a wrenching rewrite churn every 5 years or so as new heads take over "old" projects.

For all their antics, one reason MS is still top dog is that they support APIs and ABIs first introduced with Windows 95 (or even older, if you manage to do a 32-bit install).

Never mind that MS did offer XP updates, for a price. One reason the NHS got hit hard was that some penny pinching bureaucrat decided they could not afford to pay said price.


"The basic problem of our world is that it is ruled by 20-sometings that loath working on "old" tech. The epitome of this is the FOSS world that goes through a wrenching rewrite churn every 5 years or so as new heads take over "old" projects."

Disagree thoroughly. The reason why people push shit through the security-updates channel is because of money and structural pressure from management to ensure adoption of the company's new $THING.


It's funny that I see the general sentiment over Windows 10 to be the opposite of Python 3. "Everyone" is mad Microsoft pushed Windows 10 too hard, meanwhile "everyone" is trying to get people to adopt Python 3 and wondering why it took big name libraries so long to convert.

It's a big problem in tech, trying to get people to update. We might like to think of ourselves as progressive, but a lot of people in our world tend to be very conservative and resistant to change. Microsoft knows that as well as anyone else. The only way to ensure people are using the latest version is to stop giving them a choice. You can't always rely on people making the best choice for themselves.

That sounds super authoritarian, sure, but the nice thing about technology? Microsoft isn't the only game in town. They can do whatever they want with their platform and you're free to leave. You don't need a passport, or any more money, or really even any additional knowledge at this point. You're only locked in if you choose to be locked in.

*with "everyone" being the typical Internet strawman that only actually exists in a random selection of HN comments.


I'm not really seeing the corollary between Windows and Python in regards to new versions and the requiredness thereof. Windows is proprietary and has a cost, and customers of it have a business relationship with Microsoft. Python, by contrast, is free and libre, and is offered with no warranty implied. If the lack of support for Python 2 is proving to be an inconvenience for you and you won't upgrade to Python 3 for whatever reason, well then, all the source is available, and you can do the needful. Hell, you can even build, release, and distribute your own fork of Python 2 that gets continued updates. None of these options are available with Windows.


The only way to ensure people are using the latest version is to stop giving them a choice. You can't always rely on people making the best choice for themselves.

Agree with the first part, the second needs a very twisted definition of best or themselves.

Offer something people want and they will upgrade. This alone tells very much about the win10 situation. Microsoft game is lock-in, if the cost of leaving their garden is trivial they are doing something wrong!


I have a friend who buys $20 shoes. They last him a year, and then he has to buy another pair of shoes. He laughs when I buy $70 shoes, but those $70 shoes last me four years. Over that four year period, he's spent $80 on shoes and I spent $70.

I have a friend who buys $500 laptops. They last him a year, and then he has to buy another laptop. He laughs when I buy $1000 laptops, but those $1000 laptops last me three years. Over that three year period, he's spent $1500 on laptops and I spent $1000.

I have a friend who uses Windows XP. Windows XP is better, it's faster, it's leaner, Aero is garbage, Metro is garbage. DirectX 12 is just a scam to get you to upgrade, there's no reason Windows XP isn't the best. But once a month he's calling me about some kind of virus he's gotten even though he runs Symantec every day.

Relying on an outdated piece of software is never the best decision. If Microsoft's updates bother you that much, stop using Microsoft software. Microsoft can't lock you in to anything, and there's very little that Windows offers that OSX, or to a lesser extent Linux, doesn't offer. The arguments against switching come down to "I hate Apple/Linux", in which case you've locked yourself into one vendor for irrational reasons, or "Apple is too expensive", in which case you have to wonder if that's actually true considering you're spending hours complaining about Microsoft updates, or the worst one, "I'm a Windows developer", which... why? If you hate Microsoft enough to want to switch but Visual Studio is the only thing holding you back, I don't feel bad for you. The only slightly legitimate complaint is the lack of games, but there are a ton of games for Mac these days and consoles do exist.

It's not really lock-in if you choose to be locked in.


Windows comes preinstalled on most PCs, you are being disingenuous if you say that is not a major factor. MS was ruled to violate antitrust laws regarding web browsers. How is that for a lock in if you can just download Netscape?

The arguments against switching come down to "I hate Apple/Linux"

Not at all. Many people are forced to use MS software, they don't have a choice. Not just running Windows, but using various MS Office apps, formats, Skype etc.

Also, there are others (mainly elderly) who are only familiar with Windows, learning another platform is not a freebie for everyone.

Most apps people need have alternatives on other platforms, but there are many - besides games, that target Windows only. Well, VS being the bloatware it is, not one of them of course.


> But once a month he's calling me about some kind of virus he's gotten even though he runs Symantec every day.

You've identified a source of inefficiency in his workflow. If he really hates everything after XP though, maybe it's better (more efficient) to handle a big problem once a month than a dozen little problems (disliking aspects of the tool he's using) every day.

> "I'm a Windows developer", which... why?

That seems like an easy answer, though. Because someone's paying me to work on the technology that they want to use, which may be very different from the technology that I decide to use on my own time. Things can be personally suboptimal, but professionally useful. You don't hate it, but you don't love it as much as the things you use on your home machines.

> Relying on an outdated piece of software is never the best decision. If Microsoft's updates bother you that much, stop using Microsoft software. Microsoft can't lock you in to anything, and there's very little that Windows offers that OSX, or to a lesser extent Linux, doesn't offer.

Using software that actively works against your best interests, even while acting in your best interests in other ways, without a way to separate the two...is never the best decision. Microsoft can't lock you in, but platform choices of other developers can.

On a separate point about OSX: One thing it won't ever offer is the ability to run it on my hardware of choice. I happily pay Apple-like prices for hardware configured in ways that Apple doesn't offer.

> The only slightly legitimate complaint is the lack of games, but there are a ton of games for Mac these days and consoles do exist.

Games aren't fungible. Mac and Linux support lots of games, including what I was playing last night. Sometimes, what I want to play is limited to a single platform, and that platform is one that I wouldn't choose for general-use. C'est la vie.

> It's not really lock-in if you choose to be locked in.

That sounds like one of the arguments I've heard to justify things like TSA searches, or the various statements from politicians saying that internet access isn't a necessity and shouldn't be considered a right. "You don't have to fly! You can drive! No driver's license? You can bike!" Well...right. You don't "have" to use Windows, because you don't "have" to make software that works with Windows. It's your own choice to target customers using the most-used PC OS in existence.


> The basic problem of our world is that it is ruled by 20-sometings that loath working on "old" tech.

disagree completely, it's not the 20-somethings that come to you and say "the budget we have is limited, and we have to prioritize, feature X might get us more exposure, so work on that and it doesn't matter if it breaks backwards compatibility, users will adapt"

If upper mgmt goes after "oh shiny" there's not you can do at the individual contributor level, and if you know you are in a "oh shiny" management situation there is also no incentive whatsoever in spending time making sure you think about the future when developing, since you're going to have to throw everything away anyways in a few months or a year at the most.

It's all about "being nimble" and "velocity" and "being innovative", where all of them are more or less shorthands for "churn things quickly until something sticks". Stable, reliable, dependable software is unsexy, if the company you work for is large enough you might be able to find a team that works along those lines and be happy, otherwise it's fighting fires all the time.


Then why oh why do i keep seeing FOSS projects with limited to no commercial interest keep doing rewrites with the latest "shiny" in mind?!


Because writing software is a fun hobby, maintaining it is work.


That's just a misunderstanding. There is a lot of fun to be had in maintaining others' code and there's nothing like finding a stupid bug (and fixing it) to boost your self-esteem as a programmer.

But maintaining code (especially shitty code) gets you much fewer rewards and recognition than writing new code from scratch (including shitty code) -so that may be a better explanation of why most people don't like being "maintainers".


Microsoft may put a great deal of effort into supporting old APIs and old ABIs, but it turns out that that effort has not been enough for us to be able to tell everyone "Yes, go ahead and upgrade to a new Windows version, nothing will break".


Apple makes more off PCs than every other PC maker combined, and continues to gain market share. MSFTs main goal seems to be getting people to buy more Macs, like their new crippled MacBook Air clone without a full OS (and the dirt magnet fabric covering).


>Additionally, Microsoft abused the update system to download an entire, multi-GB OS (Windows 10) on systems running on Windows 8, "just in case they will want to upgrade". This was very expensive for people on metered bandwidth. Microsoft should separate critical updates from the less critical ones and give users the ability to opt-in for critical updates only.

Why should they do this? And why should they care at all about people on metered bandwidth? What are Microsoft users going to do if they don't like getting a huge bill for downloading Win10 unexpectedly? Stop using MS? Not likely.

When are people going to wake up and realize that Microsoft has absolutely zero incentive to worry about keeping their customers happy?


Alright man. Can you tell me which consumer-facing OS doesn't do those that you mentioned by default? Apple downloads setup files for major OS upgrades as well as system updates automatically without my consent too. I don't want Siri on my Mac too. How can I get back the enlarge window button without holding down alt on the Mac? Google Chrome is the software that pioneered the whole silent update thing. If you want to call out any company at least try to be equal.


With that qualifier I am willing to bet you aren't considering GNU+linux a "consumer facing os"?

I also far too often see this logicaL fallacy being used. I was recently railing against MS and someone said, "well I'm more worried about facebook, what about them?" Your comments about OSX and Chrome have almost nothing to do with the the current discussion topic which is MS updates systems. I wish people would stop doing this equivicating, it's tiring and logically fallacious.

A person can call out any company they want for anything they want on the merits of their argument without it having to turn into a major company comparison.

All that said... gnu+linux actually allows the user control, and things like this can be stopped.

Bottom line is this, either the user controls the program, or the program controls the user. Google, Apple, and MS have all shown they are more concerned with controlling the user than giving them freedom. GNU+linux or really just GNU, is the future of freedom, and until people start understanding how inherently political software is, and stop basing their software choices purely on pragmatics (but mah lozedoze gaming!), these types of problems will continue to happen and have things written about them, but the solution is already here.

Stop using closed source proprietary systems.


It's amazing how many people defend Apple while attacking Microsoft here. It's almost as if Apple pays people to do this.

We run Windows 10 and the lastest Windows server on all our machines and don't have problems because we have good, in-house, local IT people and also good security on the edge routers.


The comment you're replying to points out a lot of obnoxious "We know better than you" flaws in Mac OS X that the user has no power to override. I don't see how that's a defense of Apple.


What are you and harrygeez talking about?

In System Preferences -> App Store

I can uncheck the box that says "Automatically check for updates". It's trivial to override these perceived "flaws" in OS X.

Try doing that with Windows. The best you can do is peruse some lists that people maintain in places like Github. Maybe those work, maybe they don't. Consequently I've avoided Windows for well over 10 years now (except for XP in a VM, which I use for playing Freecell).


> but Microsoft's heavy-handed bundling

> Microsoft abused the update system to download an entire, multi-GB OS (Windows 10) on systems running on Windows 8, "just in case they will want to upgrade".

Just pointing out that Microsoft is not alone with the above practices? It's not a question of whether you can disable it or not, it's that ALL companies do this. I don't necessarily like this but I empathize, general consumers don't know what's good for them, and Microsoft's reputation for security is on the line here.


My business partner's 16-year-old kid is a hardcore "gamer" who thinks he's smarter than Microsoft.

I set up a PC for him with a legal, licensed copy of Windows 10, and he promptly reset it using a pirate/cracked version of LTSB because he didn't want the "Windows 8 stuff" and he didn't want "Microsoft spying on him"

Within 2 days it was full of viruses and malware. I don't let him plug his computer in to our office network, and I don't let him near any of our office computers.


don't be too hard on him, you can only become competent by starting out incompetent.


I disagree about the CIA analogy, because having your DNA collected really doesn't harm you or affect you significantly, though it is a privacy violation.

Here's a better analogy: suppose you were pushed to get a vaccination, but the vaccine company secretly added a virus to the vaccine which alters your DNA so that your hands turn into claws and you grow antlers, because they thought this would be a great idea somehow. Then after word gets out about this, they say anyone who doesn't get this vaccine is an "anti-vaxxer" and "ignorant". That's basically what Microsoft did.

(reference for the body modifications: http://dilbert.com/strip/2004-04-18)


On the CIA point, from the Pakistanis viewpoint it was a foreign government agency using the DNA from the vaccinations to pinpoint a physical attack in their borders. If it had come out that another nation had done that in the US, we'd be clamoring for war. That is a very good reason to be wary of vaccinations at that point


The anti-vaxxers analogy is utter nonsense and reads like a poor attempt at hitting the credibility of people disabling windows update.

The anti-vaxxer movement makes no sense outside the backfire effect, in almost all cases it has little to no basis or justifications. On the other hand there is a long history of very valid reasons of distrusting windows update and disabling it.

Using windows update to force people into windows 10 is only one of the most recent examples that windows update is by Microsoft and for the interest of Microsoft not the user. This is totally different from the system update you have with apt and Debian.


Id say the comparison would actually make sense if vaccines DID give you autism.


Vaccines can have negative effects. Both that is overwhelmed by the positive effects.


But they don't.

Autism is the product of having a differently wired brain than a non-autist does. It's something you're born with, not something you can get later.

Certain medications used by pregnant women can result in children being autistic, but I seriously doubt that this extends to any vaccines as well. Perhaps some really exotic ones maybe, but common vaccination definitely not.

Source: I am autistic, read up on it to be able to better deal with it and am dealing with it on a daily basis.

And truth be told, I don't know if I'd be better or worse off without it. It doesn't make my life unlivable and I guess the understanding of autism of most people is too much based on rumor-mongering and hearsay, than any actual facts.


That's a mistranslation of the above post. The poster intended to say that Microsoft's updates can be legitimately harmful whereas modern vaccines aren't.


Thanks for pointing it out.

It's one of the downsides of autism that understanding the intent of other people can be hard or impossible, so I'm always grateful for hints like that.


No. "Some of the blame"? Try "all of the blame." Windows Updates used to be pro-user. Now they're pro-Microsoft (pushing things Microsoft wants) and anti-user (routinely pushing 'features' no one wants or asked for).

I disabled it a long time ago and haven't looked back. Get back to me when MS starts remembering their customers are human beings again.


"pro user" is an interesting way to put it. If I remember correctly it was heavily integrated with IE in the past to push browser share. Want to update your system? Open buggy old IE5/6. Want to get rid of IE? What antitrust? IE is part of essential Windows functionality after all, we can't get rid of it.

> Get back to me when MS starts remembering their customers are human beings again.

Oh, they know. Their whole abusive process is build around milking that fact for all it is worth.


The comment said Windows update was pro-user, not Microsoft.


Well we can argue wether a knife is pro or con user when Microsoft stabs said user in the back with it. Microsoft would say that it provides a secure (tm) resting place for the users hat and is not only very pro-user in doing so but also important for the continous operation of said hat. My point is just that, Microsoft used Windows Update to push unwanted software in the past and as such Windows Update was never entirely a pro-user software, something always undermined by Microsofts willingness to put its own goals above its users needs.


Last year my Windows 10 box decided to just restart to apply updates. Problem is, I was still using the machine and was strapped into VR gear. Suffice to say I was not pleased.


I see this as more diatribe than reality..

MS has MILLIONS of people yammering for features and they go to great lengths to shorten the release cycle for getting new features to developers and customers.

I find this as a positive thing and this concept of MS as "the enemy" is absurd..

You're essentially writing off 10s of millions of happy customers participating in a growing and flourishing community without any regard..

Empathy.. its a good thing.. even if your personal choice is that of something else.


Taskbar > Context menu > Cortana > ( Hidden / Show icon / Show search box )


A better option is to open "gpedit.msc", then open "Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components"

Then spend an afternoon going through each option, setting enabled/disabled for everything you don't want or don't recognize.

You can easily disable entire subsystems like Cortana, tips, telemetry, camera, biometrics, error reporting, games, Homegroup, Defender, Windows Store, and a whole bunch of other garbage.


Unfortunately I've had Windows 10 turn OneDrive integration back on even after disabling it. That was literally the nail in the coffin for me; I've since uninstalled Windows 10. I'm still using Windows 7 for games. Anything else is done on Linux.

When 7 goes end-of-life, I'll be 100% Linux.


"I'm still using Windows 7 for games."

I've heard this setup be described as a Wintendo. Not sure why, but that cracks me up.


I'm thinking of making my next desktop with a support for giving a virtual Windows machine access to a video card -- near native performance, but Linux for the host OS.


Yup, I'd strongly consider something similar. But I'd have to seriously consider the security implications: giving Windows access to the graphics card could end up being more hassle than it's worth.

GPUs' memory management isn't exactly security friendly.

-> https://arxiv.org/pdf/1305.7383.pdf


Crudely, gpedit.msc needs to be installed by hand in the home version of windows 10.

So, this should work - but only in the pro Version.


Which is priced the same as the home version if you buy it via other vendors.


Do they stay deactivated even after updates?


Yes, because they're intended for corporate IT to use.


Or the free O&O ShutUp10 tool provides a nice GUI to edit a lot of these settings (no more Cortana integration is one)... https://www.oo-software.com/en/shutup10


After having mainlined Linux for so long i kinda forget how closed source platforms keep producing these seemingly magical utilities for tweaking all manner of things.

But then i get myself thinking of Gnome, and how i have seen similar tools sprout for tweaking it in recent years...


Just include disabling it in the script you run after install

https://gist.github.com/alirobe/7f3b34ad89a159e6daa1


This may work for highly technical users who also don't mind putting lots of configuration work into their Windows OS, but for the rest of 99.9% of home users out there, it doesn't help.


It would also help if Windows 10 didn't restart the machine automatically in the least favourable time, when you just went to make yourself a tea while having a zillion of programs opened, and the process didn't end up with a blue screen (both happened to me in the last few months; ok ok they allow now to choose "inactive hours" or whatever it's called, but initially you had a choice between "restart now" or "restart in 10 minutes", really dark pattern to impose things on users).

But yeah I get a notif when the update is available and I install it whenever possible.

Regarding unwanted features, have you tried Classic Shell / Classic Start Menu? Literally first thing I install on a new Windows installation.


This is the main reason I highly considered turning off updates as well. Twice in the last year I've had to go on-call for work to fix a critical issue some point in the late evening for Windows 10 to close all my programs, progress unsaved, without warning and spend several minutes (half an hour on one of them) doing updates.

At that point, Windows 10 became a liability, and that laptop still doesn't have automatic updates turned on anymore. (It still gets routine manual updates, but it's definitely not ideal.)


> I love the way he's compared the people who tell you to turn off auto-updates with anti-vaxxers; it's quite an apt analogy.

This is a good analogy, but does it work in different circumstances? (Apologies for the derail)

Over on Android, the apps have got so big (and the storage was until recently so small) that automatic updates _cannot_ be installed - the new apps are too big, the phone is full. What do we do then?


In my case, buy a large SD card to put the apps on, then find out that only the primary storage can hold apps. I think this limitation has been lifted in more recent Android versions, but - of course - I can't upgrade.

Moving all my photos and ebook .pdfs off did alleviate the burden somewhat, but hasn't completely solved it.

My current workaround for very large apps is to uninstall, redownload, install. Apparently, holding both the update and the installed app uses much more space than doing a fresh install.


Alternatively, buy an SD card, then notice that your phone does not have an SD card slot.


Sony has fairly unique system: Install an app, move it to the SD card, the update will install it back to internal memory. You have to move it again, manually. And again, and again, after each update.

Or just leave them all on the internal system, until a system utility wakes up to the fact that there is not enough space, and suggest moving apps to the sdcard. After few rounds of updates, rinse and repeat.


Best i can tell, what Android does is download a delta patch.

Then apply that to a local copy of the previous APK.

If that goes well, it attempts to install the new APK alongside the old install.

And if that works out, the user data is switched over and the old install and APK removed.

So at certain points during the install you need to have enough space for two full installs of the app, and the APKs they came in.


A more accurate analogy would be going to the doctor to get vaccinated, only to discover that it comes with a dental checkup and cleaning. Some people are going to love that. Others are going to wonder why they got something that they did not ask for. A few are going to become paranoid and claim that the doctor also injected a brainwashing drug (even if there is no grounds for their claim).

Microsoft needs to deliver updates in tiers in order to regain trust. Simply dividing it up into mandatory security updates, optional bug fixes, and optional feature upgrades would go a long way to addressing that even if the default is for all three tiers.


> A few are going to become paranoid and claim that the doctor also injected a brainwashing drug (even if there is no grounds for their claim).

Except that there were demonstrated cases of MS inserting the "brainwashing drugs" on the updates. Many people had legitimate copies of Win XP bricked by XPA, MS alti-malware broke install a couple of times in Win7 (and off-line machines were bricked by DRM more than once), and, finally with Win10 we've officially got the spyware and adware coming through updates like people were long expecting.


"dental checkup and cleaning" sounds much more benign than "multi-GB download of an entirely different OS"


And the doctor not nag you every few hours that you haven't had your dental check, while you're working.

And when you do get one, you don't lose sight.

(My favourite complaint is Windows replacing GPU drivers with MS approved broken ones on major updates.)


You're generalising over a whole bunch of devices with different specs. Sure, there was a problem with updates on the 8gb devices. But that was few hardware cycles ago, around 2.3. Now, those devices are around 1% usage, mostly have dead batteries and other components and it's hard to find a new Android device which lacks space for upgrades.

What to do? Upgrade the hardware. It's not supported anyway. Modern Android devices which have updates published do not have this problem anymore.


I have this problem with a 16 GB flagship. Android alone uses 6.50 GB of my storage. I'm on Android 6.0.

Apps take up 6.32 GB of storage on my phone. The remaining space is taken up by the app cache. This isn't useless information like you'd expect, but it turns out it is data that is vital to the operation of my apps. I clear it fairly often, but it fills right back up again within a day.

Luckily I have an SD card slot, so I have space on my phone, but Google does not like expandable storage. Probably because they are a cloud organization or something.

I personally like to stay on a fairly new phone, but I think it is stupid that your phone can become obsolete within a few years. If the radios are still compatible with the cell towers, manufacturers should be obligated to support them. If you can't support your phones, don't churn out so many crappy phones.

I know times are different, but I used a Motorola Razr V3 from 2004 to 2011. It worked just fine for the entire time. Obviously internet sucked, but I was going to school in a place where the internet barely worked anyways.

If you just want a phone for texting, calling, and maybe as a GPS here and there, there is no good reason to buy a new phone other than planned obsolescence.


16 GB is now small by modern smartphone standards, unfortunately. Your hardware is obsolete. It is what it is. The minimum memory size on new non-budget smartphones is now 32 GB, and on the balance of things, the correct trade-off has probably been made to keep making progress rather than maintain perfect compatibility with older hardware. The technology and industry is still evolving so rapidly that your phone does become obsolete in a few years. It's not stupid, it's a logical consequence of the rate of progress. All sorts of technologies on automobiles went obsolete very quickly within the first decade after the invention of cars, too.


I had this problem all the time on a Galaxy S4. I don't remember now whether this was a 16GB or 32GB model; either way, it quickly filled up pretty much entirely by system data and apps. Having an external SD card for everything else didn't help much, and I spent over a hear with phone storage hovering barely above 500MB (if you go below, half of the stuff on the phone refuses to work).


Another interesting tidbit is that as storage fills up, Android slows down.

I suspect this is an artifact of using the Linux kernel. As said kernel puts a focus on IO ops, and the EXT file systems spend a whole lot of time looking for contiguous free space before committing a write.

Thus if your app do a bunch of writing (say syncing local data with the cloud) at start, it will start quite slowly on a near full Android device.


In the past, many Android devices had problems with the quality of the flash - as it aged, it also slowed down. Occasional reset and full trim helped for a while, until it didn't help anymore. The poster children of this problem were Asus Transformer Prime and the original Nexus 7.


I still resent having to upgrade my 8G Moto G over essentially this issue. The lack of visibility into what's using the space is infuriating - the pie chart does not cut it.


The lack of visibility is partially because apps can store files in various locations.

Outside of the app binaries and such you have their core data, stuff that gets generated or downloaded on first run.

Besides that you have a cache directory pr app that is housed outside of the tree location of the binaries and main data.

More recent Android versions have introduced yet more complications on this via the storage access framework, by providing APIs that give apps limited RW access to "external" storage areas without having to request the related permission.

And that's without going into the whole history of just what "external" means when dealing with Android file storage.


What? On 2.3, the average device had 250M internal storage for apps.

A Moto G 2015 has only 8GB storage.

Even mid-range devices sold today only come with 8GB storage, of which 6GB are used by the OS.


What mid-range device only comes with 8 GB? And what price range are you using to define mid-range? Is there even a low-range (lower than 8 GB) if 8 GB seems to be the absolute minimum, since the OS won't even fit on something smaller?


> What mid-range device only comes with 8 GB?

The Moto G 2013/2014/2015

https://www.amazon.com/Motorola-Moto-3rd-Generation-Unlocked...

> And what price range are you using to define mid-range?

$200-$250

> Is there even a low-range (lower than 8 GB) if 8 GB seems to be the absolute minimum, since the OS won't even fit on something smaller?

See above.

The only Moto G model that doesn’t offer 8GB anymore is the 2017 edition.


This is only a problem if your phone is completely full and you refuse to delete anything off it, no? Most of the space on my phone is taken up by photos and videos I've taken off it, and I wipe out the local copies periodically since everything is backed up in Google Photos anyway.


> I love the way he's compared the people who tell you to turn off auto-updates with anti-vaxxers; it's quite an apt analogy.

No, it isn't. Anti-vaxxers think that vaccines are harmful (or useless). Most users think security updates are important, they just don't want to be interrupted.


> Anti-vaxxers think that vaccines are harmful (or useless).

Vaccines are harmful; it's just that the positive effects vastly shadow the negative effects in the general case.


You are technically correct (everything is harmful, and vaccine application is probably associated with some amount of micromorts — but so is, say, getting up from the bed). However, vaccines are very safe (safer than many everyday activities), and negate much more micromorts. Thus, I believe that your technically correct appeal doesn't contribute anything useful to this particular discussion.


I don't feel it's quite an apt analogy, since anti-vaxxers have fully imaginary fears of adverse consequences (vaccines causing autism), while people who disable windows update do it after suffering real adverse consequences of forced updates. A good firewall would protect from WanaCrypt and everything else distributed via opening SMB ports on random IPs over the internet (correct me if I'm wrong), so you should be safe even if you've disabled Windows Update for a legitimate reason. A legitimate reason like "this Windows runs on a medical/factory/etc. device that CANNOT go offline to install updates willy-nilly".


> A good firewall would protect from WanaCrypt

No, unfortunately not - it spread using SMB internally on LANs, but travelled internet-to-LAN by "regular" phishing. It downloads its payload off the internet, but most good firewall would allow that (was the WannaCry payload detectable by virus scanners at the time of the infection? A "good" firewall might be one expected to intercept and scan all downloads).

> A legitimate reason like "this Windows runs on a medical/factory/etc. device that CANNOT go offline to install updates willy-nilly".

"Cannot go offline" implies that it's operationally critical. If you operate such devices, it is an absolute imperative that you have a procedure for taking them offline regularly for updates (not "willy-nilly" and anyone using that word about running a two-year out of date OS on a critical device is objectively not qualified to run them - and anyone buying such a device that can't be upgraded isn't qualified to buy them (and anyone making such a device...)).


If you operate such devices, it is an absolute imperative that you have a procedure for taking them offline regularly for updates

In some contexts that simply isn't a viable strategy. As an extreme example, consider something like an implanted medical device that needs to run 24/7 for the rest of a person's life, which can only be replaced via surgery under hospital conditions, and for which any failure is already a life-threatening event. Of course that kind of device probably isn't going to be running an OS like Windows, but it makes the point. In fact, the USSS has reportedly had the standard wireless update facility disabled in such devices for prominent public figures who might be at risk of being attacked that way.

Some equipment used in hospitals or to run other essential infrastructure might be within the realms of running a "normal" OS like Windows but still be in a position where any time out of service is extremely expensive in one way or another, so routinely disrupting operation to apply updates still isn't acceptable. There are also contexts where the device is regulated and making any change at all requires re-approval -- a legitimate and serious conflict when faced with this kind of security risk if the situation when a regulated device goes out of spec can also be serious.

You need different security strategies for this kind of environment, which rely more on external controls. You can't just say everything must be able to come out of service at frequent intervals for security updates, and you can't just handwash the problem away by calling people who understand the issues "unqualified". It's a far more complicated problem than that, and often there are no completely satisfactory arrangements.


Yes, things are complicated, but airlines manage to routinely take $100m devices out of service for days to months for servicing, so it seems like a bad excuse that a hospital can't plan around taking any given device offline for a few hours every couple of years.


But it's not every couple of years, is it? The patch for the current widespread problem was released just a couple of months ago, and there have been more security patches for other things since then.

Also, those $100m devices aren't in service 24/7/365. No-one takes an airplane out of service in mid-flight to apply a security update.


Sorry, the two years was a reference to Windows XP, of which there were also way too many installs still around (although possibly not on critical devices, but all the more irresponsible to not have upgraded them, then).

> No-one takes an airplane out of service in mid-flight to apply a security update.

No, not mid-air, but close to: https://en.wikipedia.org/wiki/Emergency_airworthiness_direct...


On medical devices, where the PC is a terminal or controller for the rest, like RTG or CT machines, you don't get Windows shell and launch the app. You boot the computer, it will boot straight to the control app and the app actively prevents switching to something different. You can only use this controller app on the machine.

The folks at hospitals are not going to fight with such an expensive machine, not even for updates - if something goes wrong, they would be to blame, they can live without that.


> A good firewall would protect from WanaCrypt

The attack could come from the internal network (it spreads first via email). Also, don't forget the upnp shenanigans


The cleverest move was to integrate Cortana with local file and application search, which many users likely use as a universal command line/shortcut (hit windows key and just start typing). I find that when I disable Cortana, local search becomes severely degraded. If anyone has any tips on how to fix this, I'd appreciate them.


The degradation is intentional. In Windows phone, speech to text and quiet hours doesn't work, and the accuracy of shape writing is significantly reduced, when Cortana is switched off.

Ms is trying to turn Cortana into the Google play services of Windows So they can consensually(forcefully) collect data from every windows device.


I'd guess that means speech to text and shape writing run at least partially on servers? Not hugely surprising but it seems really bizarre that quiet hours would need it. Probably some integration with cortanas contact database so that some people's messages come through? Even that seems incredibly lazy and ill thought out.


I suspect it is in part MS office politics.

Some years back Google went through a period of trying to hitch every new, and a bunch of existing, services to Google Plus.

It just so happens that the guy in charge of G+ was a former MS exec. And over at MS it was typical to attempt to hitch your project to any other project coming down the grapevine (the Google people actually called this "cookie licking" on stage after he had left the company).

And if you look back you could see this going on with .NET, you can see some semblance of this with Surface, and now with Cortana.

I guess it can be seen as some kind of in-office bandwagon politics.


There's no need to guess, at least in the PC version of Windows 10 Microsoft explicitly says this is the case. No one should be surprised that this is the case for Windows, given that other speech/shape recognition is similarly degraded with cloud support turned off.


Search Everything is super fast to search on Windows : https://www.voidtools.com/

I never use the "Windows Search" anymore, i hate it. It's slow and useless. I always disable the service. Then again, searching with standard windows search is probably my biggest annoyance on Windows


Do not use cortana for your local search but an alternative tool, I think locate32 has some issues with win10, maybe agent ransack[1] will do or voidtools' everything[2].

IIRC there were other tools: regain, lookeen, ...

[1]: https://www.mythicsoft.com/agentransack [2]: http://www.voidtools.com/


Really? Well that sucks considering if I go to turn Cortana on, Windows 10 says Cortana isn't available in my region.

I see apparently there are workarounds to get Cortana in all regions but most people aren't going to bother. If we're getting degraded local search because of where we live that seems pretty dumb.


What do you mean by "degraded"? Does anyone else have this problem?


I never noticed.


This works just as well in Windows7 (which doesn't have Cortana). Just hit the Windows key and start typing.


It's gone downhill since. Windows 8/10 search is virtually useless compared to Windows 7.


I use the utility "Everything" for instant search on Windows, works pretty well.


>> Microsoft shares part of the blame here for pushing... the major OS version

Microsoft lost every single ounce of credibility with the way they force-loaded Windows 10. Turning off Windows Update isn't enough anymore. The only solution is to dump Windows. Install Linux, or buy Apple hardware. It's unfortunate, but Microsoft will never recoup the trust it lost with the push of Windows 10. Microsoft cannot be trusted.


Historically that's one of the least anti-customer things MS has done. We old timers remember worse.


Yes. Don't tell people to not use Windows updates. That's bad advice from a security point of view. Tell them to not use Windows, period. That's (typically) good advice from a security point of view (of course you still have to install updates on other other operating systems.)


Also for forcing restarts for everything. Back when I cared I needed to I used to use ksplice to patch linux without rebooting. If Microsoft made something like this it would stop people switching off the updates.


> Also for forcing restarts for everything.

And not restoring jack shit. I wouldn't mind Windows Update so much if it could competently restart my applications and restore my Explorer windows, but the only thing it does every fucking time is make the taskbar icons disappear until I force-restart the Explorer process.

Though I would still mind it a lot for the insanely slow and unhelpful update process at shutdown, every update requires half an hour of shutdown as the machine does who the fuck knows what with an unhelpful throbber telling you it's at 30% of some arbitrary process you've no idea about and which looks exactly as if the entire thing had crashed.


God, it's even worse for academic / engineering use.

Nothing is better than running a simulation for twenty hours and waking up to a nice blank desktop. /s


Wow, yeah, that'd be a nightmare. I hadn't even considered that use case. I was just thinking of typical desktop use cases.

In a similar vein, imagine that you're ill-advisedly using a Windows server to host your node for cryptocurrency mining, and then it restarts when you're not around. You could lose serious amounts of money from that.


Why are you even using Windows for this?


A combination of IT policies and short sighted programmers.


This is by far my biggest issue with MS updates. Every time I come in and my computer has rebooted itself I want to smash something.


"I still sort of regret installing Windows 10 to this day because of the obnoxious Cortana bar it foisted upon my start menu that I can't get rid of. And yet not installing Windows 10 would've left me less secure with an OS hitting EOL for security updates much sooner."

Running an MS OS has been a one-way ticket to owned for roughly 18 years now.[1]

You are fragile to these things because you choose to be - not because this is a necessary condition of participating on computer networks.

This ransomware attack was based on an SMB vuln. One of the stuxnet vectors was an autorun vuln.[2] Would you wake the fuck up and see that it is 2017 and you're getting owned by SMB and autorun vulns ?

[1] Melissa virus was 1999, BO2k was 2000.

[2] Has any single file caused more mayhem in the world than autorun.inf ? The net negative effect of autorun.inf on the world must be in the tens of billions of dollars by now.


Does Windows classify updates as bug-fix, security-patch, feature-update and allow different policies to be set for each? Because it seems like that might help.


They used to. Now all you can get on the 7/8 generations without jumping through hoops is a "monthly roll-up" that includes both security and other updates mixed together. To do otherwise, you either need to turn off updates altogether and download and install the ones you want manually, or you need to be in a managed environment that does something similar via centralised deployment. Windows 10 goes a step further and is intended to push all updates to non-managed systems whether you want them or not.

This is why the anti-vaxxer analogy is foolish and frankly rather offensive. Managing updates is about risk, and the risk from Microsoft screwing up your entire system with updates was demonstrably very high before. For example, anyone who was using the default settings to trust Microsoft's suggested updates got changed automatically to an entirely new OS not so long ago -- a new OS, incidentally, which has also had compatibility problems with various hardware, which also has significant privacy concerns particularly in places like doctors' surgeries or other environments managing sensitive information, and which is also infamous for disrupting normal day-to-day work by changing things and/or rebooting at undesired times.

I know plenty of smart, well-informed people who work in IT and made an active decision to reduce or disable updates on some of their Windows systems for these kinds of reasons. Whether they would have advised home users with no technical knowledge to turn updates off completely is a different question, but it's not an entirely unreasonable policy given Microsoft's recent track record of abusing automatic update processes.


I turned off Windows Update precisely because it tried to force and trick me into upgrading to Windows 10. This is their fault for making people distrust what Windows Update should be, and whoever made that decisions at Microsoft should get fired.


Same story here. :-(


Personally, I run a single Win10 desktop (all of my laptops are Linux-only) that I update roughly annually, by allocating an entire day for going through the updates one by one and getting rid of any Microsoft malware along the way. I am far more concerned about Microsoft's own malware than any ransomware floating around the Internet.

Of course, I've also had SMBv1 disabled for many years (there's no reason to retain support for it unless you need to support WinXP machines, in which case you have my condolences), the desktop sits on an isolated subnet with a very restrictive router and firewall in front of it and all telemetry, Cortana and other malware has been eviscerated via group policy and other settings, along with router-level blocking of telemetry and update servers.

I fully understand that my case is atypical and the average user isn't going to follow comparable precautions, so I don't actively recommend my approach to anyone else, but it works great for me. Apart from wasting about a day per year on maintenance, I'm as happy with the OS itself as I've ever been with any Windows version, and it fulfills my Windows development and occasional gaming needs just fine. Obviously, I'm much less happy with Microsoft as a company for forcing me to go through such lengths to make their OS into something I'm comfortable using.


Really? You're more concerned about the software being provided to you by Microsoft, who is at least presumably trying to keep you as a satisfied customer and provide a secure operating system then you are for faceless hackers connected to the Internet who's whole objective is to either out right steal people's money, disrupt people's lives, or else subvert your computer in order to launch attacks on other users?


> Microsoft, who is at least presumably trying to keep you as a satisfied customer

You surely jest!

Individual users are not customers of Microsoft in any meaningful sense. Microsoft sells the OS mostly to companies who install it on machines so that the end user buys a computer with Windows already installed.

If MS wanted to keep me as a customer they would have provided a proper upgrade path for all the millions of lines of VB6 code that are out there and they would create an IDE that has a usable editor.


> who is at least presumably trying to keep you as a satisfied customer and provide a secure operating system

I seriously question that presumption. I think Microsoft is generally trying to satisfy enough of my needs to keep me in their ecosystem while extracting as much value as they possibly can (within legal, technical and business constraints) from collecting data on me, pushing ads, etc.

I'm certainly not saying Microsoft are "more malign" (by whatever moral standard) than hackers out to steal people's money, however, by virtue of using Windows, I automatically have a degree of exposure to Microsoft that can only be mitigated rather than eliminated altogether. My exposure to ransomware and other non-targeted attacks by non-state actors is vastly smaller, and much easier to mitigate.

I am under no illusions about my ability to withstand targeted attacks by more competent parties, but that isn't a particularly significant concern to me.


I'm not the OP, but I'm not particularly worried about "hackers" as my network is defended well enough against non-targeted attacks. Microsoft, on the other hand, betrayed my trust by forcing malware down the supposedly trusted update channel. That trust won't be regained in foreseeable future. And come on, "secure operating system" lol? Sorry, couldn't help myself.


You're more concerned about the software being provided to you by Microsoft ... then you are for faceless hackers connected to the Internet

Yes. And there is no /s on this comment.

We don't use much recent Microsoft software because we no longer trust it. They are going down a path we don't want to follow.

With the older OSes that we do still use, principally Windows 7, we are similarly sceptical about updates, and typically we only apply necessary security patches now.

[Edit: For whoever is downvoting a lot of the comments with this sort of sentiment, you might consider that objectively we have had far more downtime as a result of bad updates from Microsoft than as a result of malicious actions by hackers over recent years, and I doubt we're alone in that.]


> you might consider that objectively we have had far more downtime as a result of bad updates from Microsoft than as a result of malicious actions by hackers over recent years, and I doubt we're alone in that.

I haven't seen it put that way before. You're not alone.

One of the recent update cycles had some kind of interaction the video drivers on several of my machines, resulting in monitors connected via DisplayPort intermittently failing to wake up following a screen blank. The current workaround is for users to reach around the back of their monitor, unplug and replug the power. I burned an entire day on that one, plus the continued frustration.

Knock on wood, but I can't remember the last time I had to scramble for a security incident or malware outbreak.


To add some additional perspective: many of us know how to add some basic level of security to our personal networks. Certainly not NSA-proof, but enough to about being owned by your average script-kiddie or wide-spectrum hacker.

So in reality we do have more concern about Microsoft's update channel, which has a trusted, straight-shot channel directly into the core of our system than we do random Joe hacker who had to bypass our NAT, find a zero-day, etc.

From a secure point of view, Windows update operates within the secure zone with root privileges. Of course that's more concerning if you don't trust it that an external hacker.


Are you aware of https://www.reddit.com/r/TronScript/ ? Sounds like it could save you a lot of time (and, if you do things that are not yet in Tron, you could help the community as well by adding those things).


I am, and I actively recommend it to anyone sufficiently well educated that they could (and would) go through the contents of the script manually and verify its contents. I don't do anything additional that could be automated in a general fashion, but my own scripts (partly based on Tron) include custom things specific to my setup - adjusting router/firewall settings, interacting with my automated backups, etc.


[flagged]


If you're going to insult people on HN, the least you could do is substantiate your reasoning so the post has at least some content.

And while I'm sure there are many definitions by which I could be called "incompetent" (as could you or anyone else), I'm especially intrigued to know how the rather isolated setup I described would present a danger to anyone.


You can remove the Cortana bar.


By removing all kinds of search, yes.


No. You can still have local search. Unfortunatly this seems to only possible with a GPO rule.


Yeah, see, I don't even know what a GPO rule is, and I'm more technically inclined than 99% of the users out there. I'm sure there are some people that can totally customize Windows 10 to their liking and get rid of all of the anti-user stuff, but it's such a small proportion of the overall home userbase as to be statistically insignificant.


Would you still have the same opinion on anti-vaxxers if vaccines were actually harmful?

We avoid taking a big amount of medication that would fix some problem just because it's harmful (and even medication that is less worse than the disease).


Try installing Classic Shell. Brings back a sensible start menu without Cortana et al.


You can make the Cortana bar disappear


Ads in explorer in a sense as Ads in Firefox. If you navigate to Onedrive in explorer you get information that it's a service you can get more storage for.


And the reason why people were suggesting to turn off Windows Update was precisely because of malware payloads directly from Microsoft.

"Do you want to upgrade to Windows 10? Press the hidden button to cancel, otherwise upgrade commences." This is how malware works.... But published and pushed by MS's own channels. And his jab at people who say that turning off WU is similar to anti-vaxxers is completely inane and false - we know the damage Microsoft has done to user's computers.

In reality, I'd rather they upgrade to Linux. Those machines wouldn't get bit by this, unless you run the executable with WINE. But I blame MS for being spammy and spyware-y and malware-y, which encouraged users to turn off harassing and onerous updates.


No, most people turned it off because they didn't want updates interrupting them. You are vastly overestimating who cares about "MS malware".


I'm still inclined to blame that on MS really. Poor ergonomics. I can understand the OS telling me to reboot if I haven't restarted the computer in a few days after an update took place but there's no reason to harass me immediately after an update got installed (unless it's a critical 0-day patch I suppose).

But really, it's getting worse. I remember seeing a bunch of articles last month about how to preemptively defend against the "creator's update" because it came bundled with a bunch of software people didn't want. They use windows update as a trojan horse to install new applications, that sets a very bad precedent.

I've even stopped urging my friends and colleagues to enable auto-updates because I'm worried that they'll end up having windows auto-update to a new version and break something and then I'll have to help them through it. I just can't be bothered anymore.


Your last paragraph is confusing. It seems those people rely on your support. Are you really saying you'd rather deal with potential results of them not upgrading than with the upgrade failures? I'm assuming that if they come to you with one, the also do with the other.


Well it's just that one position is more comfortable than the other. If they don't update and have an issue then it's on them. If I insist they turn on Windows update and then something goes wrong then it's on me. It's a bit cowardly but as a Linux/BSD guy I just can't stand doing Windows support anymore. Every version is worse than the last, everything is dumbed down to the max and when something goes wrong you're screwed unless you're a PowerShell wizard.

The other day I helped a friend set up a new computer, we installed a brand new (paid for) Windows 10 on it, straight from the Microsoft-provided DVD.

It worked just fine for a few hours, then it would get stuck in a reboot loop continuously. You'd log in and 10 seconds later it'd hard reboots.

Given the brutality of the crash I assumed a driver issue or something like that. Turns out it's just Windows failing to install an update and crashing the OS for some reason. So I thought "well, let's just boot up and quickly disable auto-updates". You can't do that. "Well let's boot up in safe mode". Nothing works in safe mode, you can't access Windows update (the page remains blank). We ended up downloading an updated version of windows and reinstalling it.

I have a Windows 10 PC that I use for gaming, the creator's update installed itself the other day. Amongst other niceties it added a MS edge link in my taskbar and changed my desktop wallpaper. I also noticed that it tries to argue with you when you try to change the default browser from Edge to something else ("We're good now, we promise!!"). Minor details, nothing major but it adds up to a general distrust for the OS and the feeling that I'm not in charge of my own computer.

I just can't put up with that nonsense anymore. If my friends want support they'll run Linux, otherwise I'll let them deal with Microsoft's support or whatever.


The best part about not using Windows outside of work is that I can now legitimately tell 99% of the people I know that I don't know how to use their system (Windows or OS X).

You don't get free service from lawyers, accountants, doctors, or mechanics, I don't see why people expect free help from me. I used to help people, but I've realized how limited my free time is, and I prefer not to spend time doing work-like activities outside of work.

I will direct people to the appropriate resource if they ask for advice though.


The only people who get free tech support from me indefinitely are my mother, my father, and my sister. Realistically it's mostly my mother, as the other two are good enough with computers to not need help most of the time.


> If my friends want support they'll run Linux, otherwise I'll let them deal with Microsoft's support or whatever.

Dealing with Microsoft's support is quite an experience, I think I would be better off talking to some indian "anti-malware" "security experts" that would install remote controlling software and would tell you some fancy tech words that you could listen to while they're at it.


It's not Microsoft's fault that you can't say "no", though.


That's not my point. Enabling Windows Update shouldn't be a trade-off. The fact that disabling it constitutes a quality-of-life improvement for many demonstrates that Microsoft is doing something terribly wrong.

I should be able to tell my friends "yes, you should turn on auto updates, there's absolutely no reason not to" without having to follow with any caveats like "oh well, it can upgrade your OS, reboot on you when you don't expect it and change the ergonomics of your desktop without asking you but in the end it's worth it for the security updates, and it's not like you have a choice anyway".


Not that MS is completely without fault, but we have to remember that they're supporting an infinite amount of configurations. Apple's OSX (on the other hand) is supposed to support a limit configuration controlled by Apple. It's a recipe for disaster.


Supporting an infinite number of configurations has nothing to do with installing arbitrary apps that you never wanted, automatically changing your default apps and wallpaper, and silently turning back on various spying "features" that you had intentionally turned off.


I was mainly replying to this line:

> I should be able to tell my friends "yes, you should turn on auto updates, there's absolutely no reason not to"

The anniversary update was mainly a shit show. It was a staggered update that cause issues for many folks. Some people kept getting fail update errors. Others got stuck in boot loops. Others lost certain device functionality. If you were able to get it to successfully install without hitch, it broke some things for a non-trivial amount of people.

Your comment is spot on, but it's not what I was talking about.


For example, my wife had to work from home one day -- fairly rare occurrence -- and it was at that moment at 9:00am that Windows 10 decided to update and reboot with no way to cancel and the entire process took well over an hour.

That should be unacceptable and I don't know why it's not.

I have updates set to download but not install automatically and I periodically manually install them. Microsoft's active-hours thing is BS too as it must be less than 12 hours. I honestly don't care as much if my machine reboots between 1:00am and 7:00am but apparently that's not enough time.


I'd love to pick the brain of the product owner who decided that 12 hours is the maximum acceptable time for an "active" period. Most people only sleep 8 hours or less, so there's easily at least 16 hours in the day that could easily be used for computing.

How long does it take to install updates anyway? Why can't I just set my inactive period to 4-6am?


Oh no. The forced updates were the 'gift' for running Windows 10. Although I would say this is also certainly a part of it.

I also have more than a few stories of people hiring me precisely due to a hijacked OS install of Win10, accompanied by slower machine and worse usability. It only takes a few of those and a whole social circle will warn about it (because of the time and harassment).

In fact, I remember this getting so bad, that local news media was talking about how to stop having your machine hacked by MS with a forced Win10 install. In all honesty, if this were you or I, we'd be facing CFAA charges for this shit.


I have an application that stopped working in creators update. So now compatibility issues crop up even though its technically still Win10.


microsoft needs to change how they push updates.

If I have a desktop pc and I shutdown, I don't mind an update. but if it's a stealth download of windows 10 pro when I have home, then NO.

if people never shutdown, then yes maybe force a reboot for critical updates. but windows needs to figure that out.

if I shutdown a laptop because i'm running out of battery, then updating windows for 30 minutes is not a good idea.

and sometimes you'll get 30 updates in one go when I've shutdown the PC every day and it should have installed a few in that timeframe.


Outside of the US, it is a thing to have a policy of disabling windows update for a variety of reasons among which a significant one is to allow the computer security agencies to audit the updates and remove any MS provided malware.


> most people turned it off because they didn't want updates interrupting them

Bingo. For a while, Microsoft was really good about not requiring restarts to install updates. I haven't had a restart-free update since I installed Win10.


Less egregious but still awful: updates that then have ngen randomly consuming half your cpu for hours because ms is too cheap to make native .net binaries remotely.


And also taking multiple Gb of your hdd for the sake of optimizing a one time executed update.

When you have a small SSD it sucks.


This is even worse when your freshly deployed AWS instances run like shit for the first hour too.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: