Hacker News new | comments | show | ask | jobs | submit login
Microsoft again forced upgrades on Win10 PCs specifically set to block updates (computerworld.com)
118 points by sus_007 9 months ago | hide | past | web | favorite | 129 comments

Oh boy, this happened to me despite using the enterprise edition. The system forced an upgrade, despite me doing everything to stop it, and every time the upgrade crashed and I had to roll back to the previous version. Every day.

I spent a month like this, on an always-on system, trying to shut down the upgrade downloader from the task bar whenever I can after failing to stop it from settings, group policy, horsing around in powershell etc. Before that, I had also tried to make the upgrade work by doing it manually, updating drivers, unplugging all the peripherals etc. but it kept getting stuck halfway through. So I couldn't upgrade, and I couldn't not upgrade.

Well last week there was an update to the update so I hoped at least the upgrade would work now and I would be done with this charade. Nope, it crashed again while upgrading, except this time there was no way to roll back and use my system. I am torn between cutting windows out completely and going back to windows 7.

I'm mostly a Linux user but I use Windows at work. There is also an additional Windows computer in my house. Although I can't say I dislike Windows there is a singular issue with it that really grinds my gears. The OS assumes way too much about what I want to do. I get it that the defaults are there for the inexperienced or casual users but there really needs to be a way to tell the OS "Hands off! I know what I'm doing". I really don't want arbitrary actions to be made before I consent to them.

Honestly I could tolerate the defaults being heavy-handed towards updates, but I was really miffed to find out I literally didn't even have an option to not update, even when it was a system-wrecking one.

Yes. I've had this issue on almost every version of windows so far. As usual with Windows the only way to fix these issues is by reinstalling the operating system. After decades Microsoft still doesn't have a working update solution.

Compare this with most linux distributions. The updates can run in the background, the update process is often significantly faster and finishes in a few minutes and finally I don't need to reboot unless the kernel is updated.

Another note for people unfamiliar with linux: Even in the case of a kernel update you can just reboot whenever. There's nothing prompting you or forcing you to do it at any specific time.

Windows update is definitely my #1 reason to switch to linux.

Laughs in Linux.

... but your laughs are logged in binary format by systemd, so no-one can share your joy ;)

FreeBSD forever :)

Have you tried settting your internet connection to metered? https://www.howtogeek.com/226722/how-when-and-why-to-set-a-c...

I read about that method too, but unfortunately doesn't work if you're connected via ethernet.

Take heart! It doesn't help for these forced updates, either. Mine has "partially downloaded" as of this week, and now keeps forgetting that I have a valid copy of Windows at all - it floats an "Activate Windows now!" watermark in the corner of my screen until I try to manually download the rest of the update. :/

Couldn't you just disable the Windows Update service?

Seems to work fine for me and then you can update manually with a tool like http://www.windowsupdatesdownloader.com/ or maybe http://www.wsusoffline.net/

As an HN reader, I believe I am qualified to comment on the strategic direction of a major multi-billion-dollar software company. By pushing to make Windows as idiot-proof as possible, Microsoft is zagging when it should zig. They've basically lost the mass market. The e-mail checking machine in the kitchen has been replaced by a tablet, and it doesn't run Windows. Their only hope is to position Windows as the OS for people who want to get serious work done, playing on their historical strength as the platform for office computers. To that end, they have to stop taking the people who use Windows all day long at work for granted, because it's never been easier to find an alternative, and if they lose the enterprise, Windows is over.

And it's stuff like this I'm thinking of when I say "taking for granted." Telemetry. User-hostile update policies. Minecraft in the start menu. Pushing a Microsoft account for desktop login. These things are not office-user friendly, they do not say, "we take your need to do work on this computer seriously."

That's one side of the story.

There are still huge numbers of casual and home users who are much better off with automatic updates and the reflex to disable them due to being a minor annoyance has to go.

> There are still huge numbers of casual and home users who are much better off with automatic updates and the reflex to disable them due to being a minor annoyance has to go.

Outside of gamers, though, most of them couldn't care less about Windows and continue to use it because it's what came with the laptop. This is an irretrievably shrinking market. I admit Microsoft is in a bind here. A huge legacy install base that refuses to apply updates when asked nicely is a recipe for another Conficker. Their previous success in the consumer market has turned into a huge liability. But they can't fix that by having a punitive update process in Windows 10. All those old unpatched Windows 7 machines are still out there. The same users who don't apply patches opted out of the free windows 10 update.

Let's take a look at what the "opting out" looked like:

"OMG OMG, there's a completely different thing in the computer than there was yesterday! Make it go away!! I didn't touch nothing this time!!!" And lo and behold, there was indeed a completely different OS, without any attempt at obtaining user consent (or, even worse, against the expressed denial of consent). Are you surprised that the users "opted out" of further violations of expectations?

TL;DR: nonconsensual "upgrade" bad; perhaps the tea analogy didn't quite register with MS? https://www.youtube.com/watch?v=oQbei5JGiT8

> Are you surprised that the users "opted out" of further violations of expectations?

Not in the least. Like I said, I think MS is terrified of another Conficker, and they reacted in the worst possible way by trying to coerce people into applying updates. Worse, not all of those updates were truly for the users' benefit, and some of them rendered the user's computer inoperable. The not-unexpected result is that people, especially the less sophisticated userbase we're talking about, have moved from total indifference towards updates to moderate distrust.

> As an HN reader, I believe I am qualified...

Yes, those qualifications being: 1) Have a browser. 2) Be able to type your words.

> By pushing to make Windows as idiot-proof as possible... They've basically lost the mass market. The e-mail checking machine in the kitchen has been replaced by a tablet...

I've never known anyone to have an "e-mail" checking machine in their kitchen. I do know lots of folks who work at home though and they all use Windows.

> Their only hope is to position Windows as the OS for people who want to get serious work done...

OK, done and done.

> ...because it's never been easier to find an alternative...

Go ahead, find one. I'll wait. Please tell me what OS is going to replace Windows??

> Telemetry. User-hostile update policies. Minecraft in the start menu. Pushing a Microsoft account for desktop login. These things are not office-user friendly...

Telemetry, updates and games have been part of Windows since forever. None of this is new. Search for: Office 2000 Customer Experience Improvement. You'll find people asking how to turn it off.

> I've never known anyone to have an "e-mail" checking machine in their kitchen.

I saw a lot of that in years past. Seems that there was a trend for awhile to have a builtin desk in the kitchen, and that desk typically had a Windows computer on it. I doubt many of these people used it for more than email and basic stuff.

> Go ahead, find one. I'll wait. Please tell me what OS is going to replace Windows??

I'm seeing Linux slowly take over on workstations, both at home and at the office. I'm no longer surprised to find Linux installed where previously it would have been unheard of.

These are just my observations, though.

> I'm seeing Linux slowly take over on workstations, both at home and at the office.

My observation is more and more people are trying linux, probably because of Win10 stuff. But they all say they don't like it, and go back to Win or to Mac. I heard yesterday one diehard linux fan pondering going to Mac ... If Apple did not let quality slide they would have be the windows-replacement, but we are stuck with 2 bad options and one funny-bad one. And Windows is still the most convenient and easiest, even if only because of history and inertia.

> By pushing to make Windows as idiot-proof as possible, Microsoft is zagging when it should zig. [...] Their only hope is to position Windows as the OS for people who want to get serious work done

Arguably that's what they are doing by making Windows as idiot-proof as possible. For all their accidental botnets, the home users forgetting or not knowing to keep their machines updated are one problem, sure, but let's not forget that the real villains in not keeping Windows machines up to date are all in Enterprise IT. There are so many people actively working to keep machines out of date in the name of keeping their jobs "easy" or "stability", and that should be a staggering statistic.

I've got a feeling the number of Fortune 5,000 companies that have contributed to botnets is incredibly underreported, and I've got a feeling the number of Fortune 500 companies that have only avoided that fate by raw luck and bubble gum is a lot bigger than people think.

> Telemetry

Enterprise loves Telemetry. They want your machine to spy on all your activities. They want to complain that you spend too much time on HN and accidentally glance at articles related to "Gaming" during work time because they have a cool HN discussion thread.

Admittedly, some are overtly mad at Microsoft for getting access to that data themselves and trying to use some telemetry to improve their products, but how many of those complaining are covertly excited that they get access to the same data in tools like System Center?

> User-hostile update policies.

Per above, Enterprises have shown they need to be forced to update too.

> Pushing a Microsoft account for desktop login.

Enterprises love accounts. It helps keep things accountable. (Terrible pun intended.) Your Microsoft account gets to connect to your Office 365 work account. They can send you reminders to your personal Microsoft Account via the Microsoft Graph to your home computer to get back to work, if you let them. With BYOD workplaces, your home computer can double as your workplace computer and you can be so productive with all your accounts communicating together in "harmony", personal and work.

For the users used to using an AD domain account every day at work, a personal Microsoft Account can make their home devices feel like a "real boy" with the nice things like profile roaming that their Enterprise AD accounts get (assuming the Enterprise doesn't turn off nice things with Group Policies and mismanagement, of course).

> These things are not office-user friendly

Except for Minecraft, these things are extremely office-user friendly. These are things Enterprises love. These are reasons why most Enterprises couldn't quit Windows if they tried.

(Even forced updates; as much as some companies are griping right now, soon it will be the new normal and corporate ITs will adjust. They'll continue to complain, having a nice scapegoat to blame in Microsoft for update failures, but they'll also likely enjoy the perks of the new regime eventually as they realize that tech debt of not updating was its own misery and less "easy" than they thought it was.)

- Ignores options blocking automatic updates - Installs update assistant on your machine without permission - Starts downloading updates without giving you the option to stop other than killing the process (which just restarts again in a few minutes) - Re-installs update assistant if you try to delete/uninstall or break it - Re-starts update service within minutes even if you keep disabling it - Re-boots your machine without your permission

Those were a lot of "accidents". Some of this behavior was on par with most viruses I've come across... Seems MS were really desperate to get this update out.

Will be upgrading to windows 7/8.1 as soon as I get the time(until I am hopefully able to jump ship to linux).

I can only encourage the switch. I switched to Linux Mint recently and it was smooth even for the not-so-computer-literate users in my family.

This worries me as I have a Win 10 computer in a house that runs off a mifi Hotspot. If windows blows through my monthly bandwidth with and unwanted undate, I'm gonna be very annoyed.

Everytime they overcome the carefully crafted group policys and firewall settings- i ask myself- what is the difference to a rather run down linux distro here.

The drivers do not work, i have no control over my system, the options they offer you- are like a toddlers toys- nice buttons to push, which the 'adults' can safely ignore on every update.

The only thing still keeping me in windows is the ecosystem of software, they have held hostage. But there is a exit sign glowing brighter every thursday: https://www.vmware.com/?PID=3607085&PubCID=2786910

The only secure way to run windows at this point is to get an old CD or ISO and run it in a VM or air-gapped machine. Unfortunately a lot of software these days ignores the possibility of being disconnected from the internet - some folks won't even provide a real installer, just a downloader for the installer.

There is an overwhelming amount of "but the users NEED to update" in the Windows 10 community. Sorry but now users are running random scripts they find on the internet. This is worse than just "hacking the registry" or adding some group policy to disable auto-updates.

I need security and no random shutdowns. I switched to linux about a year ago. Lots of complaints, yes, but no auto-updates.

Example scripts (haven't used any):





For every person running a script there are thousands now updating their computers who would've simply clicked 'no' on previous versions.

Win10 is inherently more secure because of these forced updates. Think about WannaCry... it only worked _because_ people (and organisations) don't update.

Now I understand that some people apparently need a system that will never update, but I agree with the policy of simply forcing the updates for 99% of the people.

For security fixes, that is. Not for adware, crapware or phone home capabilities (or resetting your preferences) bundled on top. Microsoft ruined the benefits of auto-updates for which it should be criticized much more.

I believe Microsoft wants two things: A more homogeneous installation base and the beloved walled garden with phone home capabilities. Both are directly adverse to users interests. Therefore people don't want to update.

I think it’s a bit more mundane than that. Most people aren't putting that much thought into their computers after all.

I think it's that Microsoft still hasn’t figured out how to do updates without requiring a reboot. Nobody wants to lose their working state or wait minutes to begin working to what appears at first glance to be pointless computer housekeeping.

Maybe, maybe not. At work, I am on Win10 Enterprise and have seen content pretty close to an ad. I can't imagine how it is for a Home user. And, as this thread shows, things are breaking after updates. I don't believe that only forced reboots make people think.

And people and organisations dont update, because security still allows itself to be taken for a ride- so microsoft can shovell addware, unwanted bloat and instability (aka use users as unpaid beta-testers).

If security researchers refuse to protest publicly and loud against beeing taken for a ride, then this hostilitys between users/powerusers will escalate further.

The problem is, that microsoft doesent want customers anymore- they want facebook like subjects, and with every update these change in motives is becoming more transparent. There is no real opt-out, add-free, pay for, security only update edition. For now. My guess is that several linux distros are currently trying to fill that g-app.

After that- windows will go out the window.

And the missionaries come knocking...

1) "some people apparently need a system that will never update"... Didn't Microsoft literally ask to disable updates during install on every other editions? Whoops. Your statistics are really bad.

2) I see that WannaCry caused $130k in cryptocurrency damages. It's ironic because Bitcoin miners are the very users of these scripts.

3) Conversely, how much has this update policy lost in productivity? (the crypto miners lose twice I guess). It's insignificant to Microsoft's Telemetry and advertising profits. And hell, does Microsoft even need a support team anymore when you can provide it?

How much must I pay Microsoft to disable auto-updates? It's increasing every year. No I'm not going to run some rogue script. No I don't need any snake oil "idiot insurance". Yes this matters to a broke-ass business. No I can't afford enterprise support. Yeah I get it, just enable "metered connection" and ur gucci bro you don't need those updates.

I'm on Linux now, thanks for your concerns.

"A strategy devised by Myhrvold the salesman was just as significant. He laid it out in a memo to Gates in 1992: "Regular upgrades are important for both revenue and loyalty...A feeling of progress and improvement is necessary to keep users loyal...and an important way to produce revenue. Upgrades are the closest thing we have to an annual fee or subscription."

source: Profile of Nathan Myrvhold https://www.1843magazine.com/content/features/myth-buster

Except that in this case they get the opposite result: people are just getting more and more angry.

Windows 10 updates in the past fortnight have consumed 9+ Gb of my data after failing again and again due to my choppy wifi connection (there's no other option available as I live in a university hostel). Having limited data per month, this has made me buy up extra data just to get through this month. Being a student, internet is indispensable and Microsoft doing this is really bad on their part.

I find it crazy that resumable downloads aren't the table stakes for an automated upgrade system.

Really, they also should be using erasure codes over UDP with TCP-friendly flow control in order to make more efficient use of noisy or high-latency channels.

Huh. That sounds very interesting.

What sort of protocols are used for this kind of thing, and what would I research if I wanted to do this myself?

Why don't you set your connection to metered then?

I think the OP is saying they are on a metered connection, and ran out of quota, so they had to go pony up more money in order to be able to finish their studies.

Yes clearly, but they should set it as metered in Windows, like here: https://i.imgur.com/Y71LI5F.png

Doesn't always help. Co-worker used my hotspot, Windows force-downloaded updates.

How do I know? I was roaming and the data plan ran out, we caught it in the act.


So your friend connected to a WiFi network and didn't tell Windows that it was metered... and Windows assumed it wasn't metered. This is what they are trying to explain. There is a way to tell Windows that the network is metered.

If you are connected through a Bluetooth link to a cell phone, Windows will probably assume that it is tethered to a phone and therefore metered. Likewise, WiFi connections are probably assumed to be unmetered, for better or worse. But you can tell Windows that a given network connection is metered.

(I am not a Windows user 98% of the time and I find this behavior annoying too, FWIW.)

No. He connected, the first thing I did (after giving him the passphrase), was personally setting the connection to metered myself. That was what I tried to imply with my "Metered!" at the end of my comment. Otherwise it wouldn't make sense to complain in the first place..

He didn't change it back. My quota was blown an hour later (I don't recall how much data I had left, but it was hundreds of MB). In spite of it being set to metered seconds after connecting to the hotspot.

This blew up on r/sysadmin today.

Was a suggestion to null route all Microsoft domains, which is likely a decent option for an individual or small company. Cant see it going down well at large scale.


I don't believe this is accidental. It's a strategy to get updates out that help Microsoft, and then handle the PR afterwards. Most likely this won't get much attention and Microsoft gets away with it.

Pretty much the same as Mozilla Firefox.


"I've tried to disable updates through the settings, and without fail a day or so later it's updated to the latest version again. Any thoughts?"

Except - you can check out the (old) version you want, and build it yourself?

Optionally disable the update code first...

[ed: there's also Firefox esr for those that need an old (if not ancient) version:

https://www.mozilla.org/en-US/firefox/organizations/ ]

Doesn't matter if a handful of people get around it. The behavior for the masses will continue.

If one person is free to get around it, that person can help other people get around it. That's why there's four software freedoms, not one or two.

With w10 there really isn't much of a real choice.

[ed: https://fsfe.org/freesoftware/basics/4freedoms.en.html ]

> Except - you can check out the (old) version you want, and build it yourself? Optionally disable the update code first...

I can't tell if you are serious or not. Really, this is nice example of programmers living in their bubble ... Or excellent trolling.

Fair enough... To a point. I can check it out, build it, and email you a copy. Or some other friend could.

With Windows, all I can do is suggest you switch to Ubuntu or something.

Capitalism within a "he who pays the most wins" style democracy has the motto of : Do first and ask to be excused later

My understanding was you couldn’t block the updates on windows 10. Looks like in creators update, they offered ability to block updates/and this has been ignored. As far as forcing updates, it’s kind of a double edged sword... noble to protect the masses, but honestly it’s been a terrible experience. We had a small ‘pilot’ team give it a try for a length of time. It seemed almost every time the updates install, we’re dealing with failed network drivers, no displays, blue screens and the odd boot failure. Not very good for a professional services staff under tight client deadlines. We’re not upgrading to Windows 10 at this time.

Windows 10 is a total nightmare to those who value the control and privacy of what is supposed to be "their computer".

Aside from those running windows-exclusive software, I'm more and more boggled at the fact that some people still choose windows over other OSes. I couldn't imagine living with this sort of crap. To each their own, I guess

It's a really nice development ecosystem I'm told.

Our developers write exclusively Windows software (games company) and even though it costs us multiple millions of dollars in software licenses to run dedicated servers, the "cost of porting" is high enough to prevent people from doing it.

No, it is not a nice development ecosystem. Visual studio is a good IDE for c++ and c# development. Eclipse is slightly better on Windows than on Linux. In Linux, the whole OS is development friendly.

Ok, but you must understand that I'm going on the word of 500~ developers. Maybe they selection bias themselves for Windows affinity but a lot have development experience with Linux too and smirk at things like epoll with absolute derision.

I'm not a developer myself but seeing how they work on Windows is definitely impressive.

They smirk at epoll but are happy with IOCP? That seems... unlikely to me.

I don't know, like I said, I'm not a developer myself, however I thought epoll was universally criticised for being poor.

I researched a little after I was told (while pushing linux) that things like epoll were why they would never use it.

I did manage to convince them to write their storage backend on FreeBSD because that uses kqueues and has ZFS.


Can you easily accomplish the following with Windows?

- install a dev environment with all tools and transient dependencies with a single command

- install multiple versions of the same library and easily choose between them

- install the same version of a library but built with different compiler switches

The world of open source operating systems can accomplish all of the above (I use NixOS). And we get access to a repository of thousands of packaged tools. And we get fast Git.

I'm sorry but the general consensus is that Windows falls quite short of being a nice development environment, despite the existence of Visual Studio.

Talking about compiler flags and need for OS-level handling of multiple library versions .. . You do know that not every dev is C dev?

And your "general consensus" isn't as general as you think, look up OS usage among developers. I have never seen source claiming 50%+ usage of Linux, and "consensus" implies much more than simple majority ...

> You do know that not every dev is C dev?

C libraries are often transitive dependencies of higher-level language libraries, e.g. for Haskell or Python. Using language-specific package managers often fails to properly handle such transitive dependencies.

> look up OS usage among developers

This doesn't indicate personal preference. My whole team is forced to develop on Windows at work, we would all rather use Linux, as we deploy to Linux and our tools, e.g. Git, work better on Linux. But such are the constraints of working in a corporate environment.

I use a Linux development environment for my personal projects.

I have to use a bash script to increase/decrease brightness. The keyboard keys do nothing. My audio comes out both the headphones and speakers when the headphones are plugged in. Sometimes I have to use a bash script to make it play out the headphones. It'll still play out the speakers.

It's still a better experience than Windows 10.

This is part of why I will never go back to Windows. I want real control over my personal computer.

It is possible that their implementation of settings simply sucks, not checking the off-switch everywhere it should. This is one reason I don’t trust Facebook’s huge list of “settings” either, for instance. In complex systems there are just too many ways that a switch can be ignored, even if you do trust the intentions of the developer.

A better solution for this (and Facebook) is to physically block at the client. And rather than providing “settings”, Microsoft should proactively encourage this too: the official FAQ for disabling updates should essentially be specifying the domains and IPs to block in routers for example.

I always think that the "10 tough questions we got asked" [1] weren't really tough, and that it's still the same old Microsoft just presenting itself in a slightly different way.

[1] https://www.gatesnotes.com/2018-Annual-Letter

I think nobody who was there in the previous era of Microsoft has any trouble seeing that they haven't changed. It's just because of a new generation without experience that they are getting away with rebranding themselves. People who go for Microsoft today will be locked in to their tech stack as always after a while.

I am so fucking done with Windows. Windows 10 has a lot of cool things I like and that are useful to me, but the only other time I felt such a complete lack of control over my systems was during a 3 month Apple Mac experiment (ended with an apple mac being flung from a 3rd story window).

Research for the coming months: getting Linux running on my Surface Pro.

You're so fucking done with Windows that you went out and bought a Surface Pro?

Could be the parent had a Surface Pro and is now looking to supplant the Windows on it with Linux.

That is the exact sequence of events. I'll miss onenote, which was one of the reasons for buying the surface, but I currently miss not feeling like it is my laptop even more

Hey, hardware is OK. Getting Linux to run on it is kind of noble.

I really don't understand people who think microsoft has changed. They still do shady shit all the time.

Because while Microsoft is one huge entity, it isn’t run the same in every department. While one department might be hugely user friendly, another won’t.

Which microsoft departments would you consider user friendly, and why?

Nothing that Microsoft is doing is shady and every department is user friendly.

There. I've argued my points as well as you have yours.

VSCode is the most used editor (see SO survey), so I guess department making it qualifies as "user-friendly".

You can't really make sweeping statements about large orgs.

Well, the good news is they haven't managed to get through to my (severely eviscerated) Win10 Enterprise system yet - the only Win10 system I run. Still, I guess it's time to finally block the relevant domains in the router to be safe.

After the next hardware upgrade, I'll finally be able to relegate Windows to a VFIO VM without network access. Looking forward to it more and more.

A few years ago you would have Apple fans bragging about how Apple is so much better, but now it's just as bad.

You have Linux left, but then again I accidentally removed the wrong package the other day and I made my system completely non-functional, to the point that I had to reinstall from scratch.

A platform company ought to know better: at this point in history, peoples’ entire lives (or companies’ entire data sets) are intertwined with computers. You are not just talking about a software update anymore, you are directly inserting yourself into people’s lives/businesses. That means you should not just do whatever the hell you want.

Microsoft doesn’t deserve 44th or 45th chances to get it right with decades of experience and billions of dollars. Does a law need to change here?

This is causing turmoil in the Audio-Visual industry when machines cant be relied upon not to try to upgrade in the middle of live events and critical times. It kinda sucks to have your lighting workstation or video switcher workstation have to upgrade and reboot because Microsoft decided to push a critical update that wont let itself be deffered for the period of time needed.

Ironically, I just took a break from work to make a cup of coffee. On returning, I find that my (virtual) pc is "working on updates".

It feels like the primary focus of Windows is no longer to do what the user wants, but to do what Microsoft wants.

Thanks to Windows updates, my 70yo dad finally asked me to install Linux on his laptop...


They do, but maybe they're in the middle of something and MS is screwing it up with their forced updates.

There are plenty of horror stories where the PC reboots at a very bad moment and then one is stuck without a computer for a couple of hours.

Windows 10 is an unreliable OS and I don't ever plan to use it. Both macOS and Linux get this right.

Sometimes those computers are running critical medical equipment that fails on the latest update. There are good reasons not to update. Try and have a little bit of an open mind so that you are not being dumb.

A friend of mine had been contracted to record a webcast with a few fairly important and wealthy businessmen. The company that contracted him provided him with some equipment, they set up some slides to appear in the background, and then their Windows 10 laptop suddenly rebooted on my friend.

They delayed the webcast for about two hours, hoping it would come back, but the laptop didn't finish in that time so they just had to go without. "Funny" thing is that it was his reputation that took the hit, not Microsoft's nor the contracting company's.

Exactly. Windows 10 automatic updates have a history of bricking machines to endless bootloops. I've had it happen eg. with broken microcode updates.

Not to mention mundane stuff like broken display drivers that render machines unusable and so on.

It's insane not to disable automatic updates on Windows if you run critical systems.

The only "dumb" thing I can think of is critical medical equipment being on a network that can hit Windows Update. It is on people Windows for production tasks that may be jeopardized by updates to responsibly handle themselves. I practice what I preach: my video encoder rig lives on a network that explicitly drops connections to Windows Update--but the machine is also firewalled away from the internet at large and only visits trusted websites as part of production tasks. Neither half of this responsibility is tenable without the other.

I am expressly not saying that "forcing" Windows 10 updates on users is a good idea--but I'm sympathetic, and I'm not saying it's not--but if you are running something like "critical medical equipment", it should already be incumbent upon you to be doing it right.

Microsoft already provide a completely different version of Windows 10 that can be used for critical systems - https://docs.microsoft.com/en-us/windows/deployment/update/w... These systems would almost certainly not be downloading Windows Updates directly over the internet.

Or you can just simply block outbound traffic by default and allow what you actually need.

No more forced updates. No more telemetry.

Windows telemetry will by-pass the Windows firewall. You need to run a dedicated firewall box (that is not running Windows)

This is incorrect.

I've run packet analysis to confirm that the built-in firewall blocks, among other things, telemetry - what is your source for this?

How do you analyze decrypted data !? Or did you manage to block all outgoing windows data !? It was all over the news a year or two ago. All sources seem to be gone now though.

There is simply no traffic on the wire other than what you actually allow. The telemetry doesn't bypass Windows firewall.

Please stop spreading misinformation.

Some windows domains are white-listed and will bypass both firewall and hosts file unless you block all HTTPS traffic.


As I stated before, setting the outbound policy to drop all traffic will work.

You then allow whatever you need for your trusted executables (not svchost.exe).

Computers running critical medical equipment possibly shouldn't be attached to the internet, in which case they'll never see these updates.

Yeah, I encounter this closed-minded opinion all the time... some of us just can’t live with a ‘might not work on Tuesday’ computer. I’ve purchased over 200 laptops with Windows 7 downgrade this year. I throw the windows 10 discs right in the trash. I imagine I am not alone.

For critical equipment, there's "lots of things that are not Windows" (1. too many moving parts is not a good thing, as demonstrated, 2. an office OS is not a good fit for such equipment anyway); if you insist on this particular kind of pain, there's Windows Embedded. (Yes, it costs extra, but ought to be more resilient and shouldn't suffer from the tribulations inflicted upon consumer versions; of course, the "ought" is still at MS's discretion)

Separate feature updates from security updates, and we'll talk.

I'm not sure the people are the problem. The problem is that microsoft pushes broken patches that simply do not work.

Oh yeah. Now when the "up"date stops disabling the computer's one and only graphics card (and mind you, this is a completely stock laptop, with all the usual "security" magic dust, without any user-messing around), we can talk about reenabling Windows Update. From here, it seems more like Windows "get yet another new computer you luser"date. (Hopefully the boxes with W7 won't catch yet another of the forced-WinX-upgrade "glitches")

This is the correct thing to do. They really must avoid another WinXP scenario where people were running 10 year old builds on internet connected PCs. If you connect to the internet, your device must be fully patched.

Is it your computer or Microsofts? Because I really think the language in Windows speaks to you as just the guest, while Microsoft is taking care of your needs like a parent.

I guess I'm very hostile to that idea since I grew up in a time when my computer was my computer, not the property of an American software organization to decide for me what is best.

No one is forcing you to keep using Windows. Plenty of people are happy enough with Linux.

But Microsoft is saying that they wont push updates without user's consent.

And that’s fine, but you should keep that up to date too.

But I can do at my own choosing. And that's what I do.

I am sympathetic to your stance - I don't like Microsoft overriding my decisions. My worry is that this stance will eventually lead to harsh penalties for operating unpatched software and getting hacked, and I feel that's not something most users would want. How do we reconcile these two competing problems? It doesn't seem fair to me to have all the power of ownership with none of the responsibility.

> eventually lead to harsh penalties for operating unpatched software and getting hacked

People have been saying this for years and there's never been any sign of it getting anywhere near a legislature. If someone's going to be made responsible it's going to be those that produced the product.

Are they really competing problems ? Most users don't care, they get their updates when Microsoft decides to.

The users that do care, and want or need to opt out of the updates know what they are doing and can take responsibility for their actions to block updates.

It is akin to not getting your kid vaccinated based on rights to freedom. Your freedom ends where mine begins. And if your botnet infused Windows PC is going to fuck up my network, I'd say either get off the internet or get your Windows patched.

It's akin to not getting your kid vaccinated because when they give them the vaccine they also change the kid's clothes, haircut and hair color, paint their nails pink and give them a pair of MS smart glasses which record everything you do in your home for vaccination program improvement purposes.

Until your kid becomes outdated, and they stop making vaccines for her, sure. (I'd have no problems keeping up to date if Microsoft's support periods were as long as the medical industry's are for my child).

At this point, Windows is going to end up just being my mostly-disconnected gaming OS when they stop releasing security updates in a little under 2 years.

Windows 10 needs to dump the animated ad tiles and allow complete removal of their remote-processed speech API. If they're going to continue with forced reboots, there needs to be some tech where apps run in suspendable containers, or something. I'm tired of picking up the computer in the morning and trying to remember everything I had open to work on whatever I was doing before the reboot.

> when they stop releasing security updates in a little under 2 years.

Not going to happen unless MS itself shuts down or they decide to exit the desktop OS market.

Are you saying that you think they'll re-extend the Windows 7 extended support period, or did you assume that I was talking about Windows 10?

I am assuming you are talking about Win10. Because you should not be using deprecated software on the internet.

Until January 2020, Microsoft is producing security patches for Windows 7. I'll continue using it until that time. Past that point, it'll be a fallback for software that I can't get running under Linux (similar to the positions that XP, 98, and DOS fill for me).

If Microsoft only wants to support new software, they should make new software that people want to switch to without being tricked, forced, and coerced into it.

Have you ever been infected like that? I was in 2001 with Code Red, in a perfectly updated Windows 2000 based network. The lessons learned helped me to get to know what I'm doing if I want to use unsupported software in parts of the internet. The thing is it can be done with a reasonable hope of success. Reversing polio, not really.

BTW, I'm hiding KB2976978 (still can do it) as I write this. If I can't block any update I don't like I'm not interested in your product. Life's too short for this kind of BS.

Except this "vaccine" really does cause autism, or the digital equivalent thereof.

Oh, and the doctor administers it by sneaking into your kid's bedroom with a needle in the middle of the night, coming in through a window if you locked the front door.

Other than that, yeah, perfect analogy.

It may not be Microsoft's right to decide when or how to patch your computer but from a public health point of view, sane policies already dictate mandatory vaccination. Perhaps you would be happier with the government enforcing mandatory patching to be able to connect to the internet?

If software updates/upgrades can be cleanly separated into security fix vs new features/removal of old features, then I think it may be reasonable for governments to enforce mandatory patching.

Unfortunately, software doesn't work like that. It's hard (if not completely impossible) to separate security from feature updates.

You'll likely need to cherry pick git commits and build the software yourself. I don't know of any sane person who would spend the time to do that.

The main issue is that MS is forcing full updates not only security updates, you won't like it if your computer can't boot or for some reason MS changed the GUI,broke something you depended on.

There are legitimate cases where you need to avoid an update, if you remember a month ago when the meltdown/specter patches were pushed out some PCs did not boot, if you have your scenario where everyone is forced to update then people with affected hardware can't rollback because the update will be forced again on them, the PC would be unusable until a new update fixes the bug.

Similar bugs with non booting PCs, display drivers not working, other hardware not working, performance loses happened many times after updates, so you need to allow the rollback functionality to work.

A solution that would help in this case is implemented in some major linux distributions where you can chose to install only the security updates, this means more work for Microsoft but if Red Hat and others can spend the time to backport security fixes to the Linux kernel then MS should be able to do the same. I am aware of the downsides of this, but enterprise customers should ask for the security fixes only and not for all the eye candy changes and if enterprise get this special security fixes then the other users should have the option to get them too, paid customers should not be forced to run on bleeding edge.

The very idea of banning unapproved OS's on a public network seems very at odds with the spirit of the open source community.

I think you are conflating "internet" with "open source community". There is no relation. We are talking about the public internet and what we need to do to maintain it.

There may be no formal relation between internet and open source, but open source ethos seems pretty key to the HN community as a whole. It is part of why we come to this site in the first place.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact