nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
How Microsoft copied malware techniques to make Get Windows 10 the world's PC pest

Re: Block it ...

"Reading this article, I have the idea that (may be wrong) Firefox may use similar methods to 'auto-update' itself in spite of what the Window installation's owner wishes to allow."

Tools | Options | Advanced | Update, select option "Check for updates, but let me choose whether to install them", and you're good to go. You'll be notified when there's an update available but it won't install until you give the go-ahead.

If you want no Firefox "telemetry" at all, select option "Never check for updates (not recommended: security risk)" instead.

1
0

Re: Block it ...

ive been using this script i developed with another guy. its on about 200 odd machines, i installed it about 6 weeks ago. no signs of any problems yet, although the kb removals may need to be updated. you are welcome to use it at your own risk etc etc. bung it in a .bat file and right click and run as an admin.

it checks for admin permissions, then sets reg flags to disable the upgrade. then removes kb's that were relevant 6 weeks ago. it does that twice because apparently they dont go after the first removal sometimes. it also sets "give me recommended updates in the same way as critical updates" to "off" so that you can leave it on automatic critical updates and not get the recommended ones installed as they are the ones that cause the problem, although there was a story last week about a critical update that did something similar. ive decided to turn off all recommended updates on my customers machines - ymmv - if it does, delete the entry for REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 0 /f

be careful you dont get line breaks when you copy and paste it into your favourite text editor.

its quick to deploy to lots of machines if you only have remote control to do it with (i dont have a domains) and doesnt require the user to know anything or have to teach them about gwx control panel.

@echo off

if not "%1" == "max" start /MAX cmd /c %0 max & exit/b

@echo off

goto check_Permissions

:check_Permissions

net session >nul 2>&1

if %errorLevel% == 0 (

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\Gwx" /v DisableGWX /t REG_DWORD /d 1 /f

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableOSUpgrade /t REG_DWORD /d 1 /f

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade" /v AllowOSUpgrade /t REG_DWORD /d 0 /f

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade" /v ReservationsAllowed /t REG_DWORD /d 0 /f

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 0 /f

echo.

echo should have 5 succesfull statements above

echo.

echo.

TASKKILL /IM GWX.exe /T /F

echo.

echo dont worry if you get an error about GWX.exe above, it doesnt matter

echo.

echo.

echo please wait until you see the FINISHED statement this may take 10 seconds or 20 minutes

echo.

echo.

echo step 1 of 6 - PLEASE WAIT dont touch anything

@echo on

start /wait wusa /uninstall /kb:3035583 /quiet /norestart /log

@echo OFF

echo step 2 of 6 - PLEASE WAIT dont touch anything

@echo ON

start /wait wusa /uninstall /kb:3035583 /quiet /norestart /log

@echo OFF

echo step 3 of 6 - PLEASE WAIT dont touch anything

@echo ON

start /wait wusa /uninstall /kb:2952664 /quiet /norestart /log

@echo OFF

echo step 4 of 6 - PLEASE WAIT dont touch anything

@echo ON

start /wait wusa /uninstall /kb:2952664 /quiet /norestart /log

@echo OFF

echo step 5 of 6 - PLEASE WAIT dont touch anything

@echo ON

start /wait wusa /uninstall /kb:2976978 /quiet /norestart /log

@echo OFF

echo step 6 of 6 - PLEASE WAIT dont touch anything

@echo ON

start /wait wusa /uninstall /kb:2976978 /quiet /norestart /log

@echo OFF

echo.

echo.

echo FINISHED!

echo NOW press any key to reboot your computer

echo.

pause

shutdown.exe /r /t 005

) else (

echo.

echo.

echo Failure: THIS HAS NOT WORKED.

echo PLEASE RUN THIS AGAIN AS AN ADMINISTRATOR. press any key to exit

pause

exit

)

pause >nul

4
2

Re: Block it ...

im not saying gwx control panel isnt the way forward, its great, but if you have to quickly deploy to many machines and the users arent able to cope with using gwx control panel then this is a good compromise. if you can use gwx control panel, then do. if you cant, this mitigates the problem for the moment.

im guessing thats why i got a thumb down....unless its my code in which case its probably deserved. i had to throw it together quickly and it works...disnt have time for niceities

1
0

Re: Block it ...

Thanks!!!

1
0

Re: Block it ...

dan - you are welcome.

wonder why the downvotes?? never mind, the world still turns

0
0

Another way?

You could always upgrade to W10 - that would stop the nagging :) :)

[Ducks down behind the barricade and waits for the mortar shells]

24
14

Re: Another way?

Nope. Tried that. The installation failed and rolled back to Win 7 (no, I am not joking).

40
1
Anonymous Coward

@Alan Sharkey - Re: Another way?

Yeah and if you hit your front teeth with a hammer you'll never have to brush them ever again. Oh, and you'll be free from cavities also.

Don't duck, come out and fight like man! :)

48
0
Anonymous Coward

Re: Another way?

" The installation failed and rolled back to Win 7 "

Same here, except the on-disk structure had been corrupted sufficiently that scandisk etc no longer were able to run, and nor was the virus checker able to do a full system scan.

Top class stuff. Not.

24
0
Silver badge

Re: Another way?

"You could always upgrade to W10 - that would stop the nagging :) :)"

you forgot the <facetious> tag

5
0
Linux

Re: stop the nagging

Stop the nagging and start the stealthy snooping - no thanks.

9
1
Anonymous Coward

Re: Another way?

Ducks down behind the barricade and waits for the mortar shells

Given that mortar shells tend to follow a high arc, I fancy that a barricade would be of little use to you.

I suggest a concrete bunker, with a very thick roof.

7
0
Silver badge

Re: Another way?

Shouldn't that be the <feces> tag instead? Having used the upgrade and that's the taste I was left with.

10
0

Re: Another way?

Yes indeed.

Even worse, I foolishly said go ahead at 2 in the morning or whatever and - despite the PC coming out of standby every night as windows has made it do for months - it didn't once manage to install it, re-nagging that it wanted to start in the middle of the day and being put off again by me till the following night.

One day it just silently gave up and started presenting the GWX reminders again.

Even worserer, I very foolishly *bought* a laptop with Windows 10 on it. It failed to install itself properly with lots of "something went wrong" errors. Once it got to something looking like a desktop everything was black aside from an empty start menu, an edge tile icon thing and a few others proclaiming a new app will appear here soon, and still nothing worked.

Deffo complete and utter refusenik now. Time to learn a bit of Linux or Mac I feel.

Shame they haven't put as much effort into the Win 10 as they have done with the malvertising!

20
0
Silver badge
Mushroom

Re: Another way?

I think we have a number of bunker busters in the inventory. "You can hide but we'll find you."

1
0

Re: Another way?

And did it fail at 32% overall progress and 6% installing drivers & features by any chance?

2
0
Pint

Re: Another way?

>I think we have a number of bunker busters in the inventory. "You can hide but we'll find you."

Not if the OS of the bunker busters is W10....

2
0

Re: Another way?

I have done several Windows 7 to 10 test upgrades (first backing the computer or cloning 7 to another hard drive, perform the upgrade, restore Windows 7 from the backup image or put the original drive back in the computer). I had one upgrade go horribly wrong where all data, the original Win 7 install, and the Win 10 upgrade basically vaporized. There was only a few hundred megabytes of files left on the drive and it would perform a boot in any way shape or form.

I have a friend who upgraded his Windows 7 system to 10 and it did the same thing. Fortunately, I had worked on his system a couple months previous and I still had a full backup image of his hard drive. I was able to restore him back to 7 and he was able to restore his critical data that he backed on an external drive.

Yes, I was also mystified at how the KB3035583 keeps reinstalling. To keep the patches out, I changed my Windows Update settings by unchecking the 'Give me recommended updates the same way I receive important updates'. I also don't install (or uninstall if they happen to slip by):

KB2952664-Compatibility update for upgrading Windows 7

KB2970228-Update to support the new currency symbol for the Russian ruble in Windows

KB3006137-Update changes the currency symbol of Lithuania from the Lithuanian litas (Lt) to the euro (€) in Windows

KB3021917- Update to Windows 7 SP1 for performance improvements (sends telemetry)

KB3035583-Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1

KB3068708-Update for customer experience and diagnostic telemetry

KB3075249-Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7

KB3080149-Update for customer experience and diagnostic telemetry

KB3102429-Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows

KB3123862-Updated capabilities to upgrade Windows 8.1 and Windows 7

The descriptions are the titles of the KB articles. I have no use for the foreign currency symbol updates, but you may wish to leave in on your installs. I don't know if those updates can be removed once installed.

2
0
Silver badge

Re: Another way?

The rollback actually worked after a failed upgrade attempt? Count yourself lucky... a lot of people had the rollback fail too, leaving the PC unbootable.

4
0
Silver badge

Re: Another way?

a lot of people had the rollback fail too, leaving the PC unbootable.

Mine wasn't unbootable, but it was certainly unusable with svchost consuming 95-98% of cpu.

1
0
Silver badge

Re: stop the nagging

"Stop the nagging and start the stealthy snooping - no thanks."

I seem to be getting the snooping anyway (on Windows 8.1); at least there's a "telemetry" process consuming 100% of disc bandwidth until I kill it.

0
0
Anonymous Coward

Re: Another way?

Daddy - what's a "Virus Checker"?

1
0

Re: Another way?

I've got 2 PCs that can't, for reasons that drivers are unavailable, be upgraded to W10. GWX Control Panel keeps it at bay for the moment. Why the **** can't Microsoft accept that I would upgrade if I could, but I can't. And as I'm in the wilds of France on a limited satellite broadband connection with an 8.5 Gb/month download limit, 6.5 Gb downloads sneaked onto a computer is something I can do without, thanks........

2
0
Pint

Helpful comment

I used the GWX control Panel tool from Ultimate Outsider several months ago on both win 7 and 8 machines, and i've never seen or heard from a windows 10 pop up since... It was brought to my attention by a fellow El Reg reader in the comment section of a previous article on this topic. Whoever it was, I owe you a beer...

23
0

Re: Helpful comment

That might have been me (I have certainly mentioned it, although I am probably not the only one). GWX Control Panel has certainly been helpful, although I am slightly uneasy about the source code not being available. By and large I have managed to avoid being press-ganged into Microsoft's conscript army of unpaid support staff by pleading ignorance (I haven't used Windows seriously since Win2000). I have to make a couple of exceptions though, and not having to do things like muck about with the registry is a big deal.

7
0

Re: Helpful comment

I've meantioned it too...

...and I found out via another poster here.

GWX control panel, the circular helper

1
0
Mushroom

1. Windows is insecure, so Microsoft has to release numerous security patches. It is stressed to users that they must install all security patches to keep their system safe.

2. Microsoft subverts the security patch system to distribute nagware.

3. Everybody complains.

4. Microsoft tells them they can avoid the nagware by changing their security update settings.

5. goto 1

What part of quis custodiet ipsos custodes don't they understand?

61
1

Its comments like this is why I love theregister.co.uk. And why I'd so like to meet you in the flesh. Intelligent, rational but downright cutting, hitting the problem right on the nail. :)

7
0

All of it, I would imagine.

Somehow I can't see there being a lot of Latin speakers in Redmond. Or just roundly educated people in general, based on evidence so far.

0
0
Silver badge

Sadly it may still be a while before we're finally rid of this virus, once, and for all. But this is merely just one of the many straw's that have broken that Camels back. But, of I had to cite my single biggest concern it would be down to the question of trust. Not that MicroSoft were ever that big on trust to begin with. These, and their chief clown actually believe that it's ok for the Government to snoop on us....

Which was perhaps one thing, but now they want a look in as well in order to flog some more tat from what used to be Eidos. Then that's the universal sign to GTFO. With, what on the surface would appear to be a two teired approach to Windows Programs (i.e. Games), running in some new, and improved (e.g. a DRM'egd enforced), native mode, or a watterd (i.e. dummmed down) slowed down mode...

Well even if the Mustardrace would gleefully lap it up. It seems that some of the bigger boys (Tim Sweeney), however might hopefully have better ideas. But, MicroSoft shall not be darkening my PC ever again.

19
1
Silver badge

I doubt we'll ever be rid of this virus. I expect that at some point around EOL for Win7, every pc with Win8.1 or lower will wake up in the middle of the night and install Win10. It will be unannounced, no known update, it will just happen.

MS has shown no concern for anyone, even those who are disabled <see above comments>.. They've not been honest but have pumped out the PR BS at max. I would hope that hell* has a very special place reserved for them.

*Not knowing if there really is a hell, there should be one just for them.

5
0

Interesting

I had removed and hidden KB3035583 on both my Win7 desktop and Win8.1 laptop and have had no problems since then. My partner's Win7 laptop however keeps getting the nag box to upgrade, despite doing the same to it.

It appears that KB2952664 *was* installed on my desktop, so I've nuked that too. I'll have to spend some time going through the laptops to clean them out too.

6
0

Import this into your registry.

Have done this on a number of Windows 7 and 8 machines and not had any sign of Windows 10 return.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx]

"DisableGwx"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

"DisableOSUpgrade"=dword:00000001

3
0
Silver badge

Re: Import this into your registry.

While this may work at the moment but for how long eh?

All it needs is for MS to change the registry keys it looks for (nah, they wouldn't stoop so low to do that would they?) and you are into whack-a-mile territory again.

I've raised the white flag. No more microsoft for me. They are as dead as the proverbial Dodo.

{Posted from a Windows 10 free Environment}

21
1
Silver badge

I is dreaming

of a Windows update that gives the user the option of switching off all windows 10 upgrades and notifications, world peace and cats cuddling dogs.

6
1
Silver badge

Re: I is dreaming

That is GWX Control Panel with each nagware item set to "No" or "Off". Try it, you might like it.

You have to tackle the telemetry updates yourself though.

4
0
Silver badge

@Dan 55... Re: I is dreaming

Was wishing for others... I always run GWX Control after applying *ANY* MS update. Still, have an up vote for mentioning GWX Control panel... I hopes at least some of you are clicking on that donate button :-)

1
2
Bronze badge

Re: I is dreaming

"of a Windows update that gives the user the option of switching off all windows 10 upgrades and notifications, world peace and cats cuddling dogs."

I can understand wanting to turn off Windows 10 upgrades and cats cuddling dogs (the horror!), but *why* would you want to turn off world peace?

4
0
kb
Happy

Re: I is dreaming

I can help with that, there is a handy .bat on the middle of this page that strips those out, followed by a nice list to slap into HOSTS that blocks the websites that MSFT likes to phone home to. HTH.

http://techne.alaya.net/?p=12499

0
0

Get a Mac

Or Linux. It is long past time to stop dealing with this nonsense.

42
5
Silver badge

Re: Get a Mac

One notification and a nice picture in the 'Appy Store for while... and everybody ends up updating.

Sometimes less is more.

4
0
Silver badge
Mushroom

Talk about cancer.

Well done, Microsoft.

And thanks to El Reg for calling a spade a spade.

25
2

Aesop's Fables: The North Wind and the Sun

Have the folk at Microsoft never heard of it? They really need to.

The North Wind boasted of great strength. The Sun argued that there was great power in gentleness. "We shall have a contest," said the Sun.

Far below, a man traveled a winding road. He was wearing a warm winter coat.

"As a test of strength," said the Sun, "Let us see which of us can take the coat off of that man."

"It will be quite simple for me to force him to remove his coat," bragged the Wind.

The Wind blew so hard, the birds clung to the trees. The world was filled with dust and leaves. But the harder the wind blew down the road, the tighter the shivering man clung to his coat.

Then, the Sun came out from behind a cloud. Sun warmed the air and the frosty ground. The man on the road unbuttoned his coat.The sun grew slowly brighter and brighter. Soon the man felt so hot, he took off his coat and sat down in a shady spot.

"How did you do that?" said the Wind.

"It was easy," said the Sun, "I lit the day. Through gentleness I got my way."

26
1
Silver badge
Linux

Re: Aesop's Fables: The North Wind and the Sun

Nice story and quite profound. But hey girls and guys you are all a bit late to the party. Did you not notice that Windows became spyware beginning with Vista. It's inbuilt DRM was constantly using *your* resources to check that you were not doing something criminal.

I went over to Linux but I am applauding Apple for their stance on privacy. This coming from a long-time Apple basher is quite a rare occurrence. As for Windows it's "time to die". (Bladerunner)

14
4
Anonymous Coward

Re: Aesop's Fables: The North Wind and the Sun

Here's another Aesope's fable - The Sick Lion

A Lion had come to the end of his days and lay sick unto death at the mouth of his cave, gasping for breath. The animals, his subjects, came round him and drew nearer as he grew more and more helpless. When they saw him on the point of death they thought to themselves: "Now is the time to pay off old grudges." So the Boar came up and drove at him with his tusks; then a Bull gored him with his horns; still the Lion lay helpless before them: so the Ass, feeling quite safe from danger, came up, and turning his tail to the Lion kicked up his heels into his face. "This is a double death," growled the Lion.

This will be Windows 10 one day.

6
0

Re: Aesop's Fables: The North Wind and the Sun

While we're on Aesop's Fables, my favourite one is the shortest in the collection, but to my mind the most profound in its simplicity:

A Vixen sneered at a Lioness because she never bore more than one cub, while she, the Vixen, boasted she could whelp several at once.

"Only one," the Lioness replied, "but a lion."

6
0
Silver badge

Re: Aesop's Fables: The North Wind and the Sun

> ... I am applauding Apple for their stance on privacy

What ! Apple and privacy ? You don't have any if you use their stuff - at least not unless you turn off some actually useful features and find a myriad of obscure and unrelated settings to turn off the telemetry they have. Might not be as bad as MS, but they certainly don't respect your privacy either.

For example, did you know that by default, whenever you type or edit anything in the Safari address bar, the entire text in that box is sent somewhere unspecified to be used for something unspecified. Not just the characters you type, but the entire contents every time you change it.

0
0
Unhappy

Can this be legal?

I don't use Windows (and boy, am I glad I don't, after reading all this) so none of this affects me directly. However, if the entire Windows ecosystem now has to be viewed as essentially an aggressive form of malware, I am beginning to wonder if I ought to protect myself from unsolicited content in documents, drawings, spreadsheets etc. that I receive from Windows users.

I can't see that I would be directly affected - I use Linux - but I regularly comment on documents, modify drawings etc. and then send the work back out to other people, some of whom are Windows users. If I inadvertently foist an unwelcome Win 10 update on a user who has so far managed to avoid it, my business / reputation would undoubtedly suffer. I could hardly complain if a client sued me for damage done to his business.

Which leads me to question whether or not Microsoft's actions are actually legal in the first place? And can I protect myself against it? Just thinking.......

11
7
Silver badge
Trollface

Re: Can this be legal?

And can I protect myself against it? Just thinking.......

Sounds like tin foil may be the kind of protection you need :-)

0
2
Silver badge

Re: Can this be legal?

> ... question whether or not Microsoft's actions are actually legal in the first place?

In the UK I don't believe they are. I've commented earlier with respect to visually impaired users, and I believe they are probably committing an offence under the UK Computer Misuse Act for starters. It's clear that many of the people having this foisted on them do not want it, and would not authorise it if given a real choice. The fact that MS don't actually state what the update they are pushing on users actually does should pretty well remove any defence of "the user approved it by installing the update".

Then for those where it fails and causes them problems, there could be an argument of Criminal Damage - also a criminal offence.

As since the spyware is not laid out in a meaningfully clear way, and the user does not get to give informed consent (or in reality, even uninformed consent) - there is also the issue of Data Protection offences which unfortunately (see other stories on The Reg) a criminal activity I believe.

And to finish off, since we can probably assume some of this data goes outside the EU, and specifically to the USA, then there is another question to be asked under data protection laws.

EDIT:

And yes, you raise a good point about office documents. There isn't really anything to stop MS stuffing something into Office updates to also circumvent users attempting to avoid the upgrade. One thing I think we can probably look forward to is Office updates with a minimum OS requirement that excludes pre-10 users, and with format changes so users of earlier versions can't work with the documents. Ie if you don't run up to date office you can't work with documents people send you, and you can't run up to date office without running W10. It's something both MS and other vendors (Quark, you complete and utter b***ards) have used in the past to force upgrades.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing