I don't think I've ever before done a "Check for Updates" that did not result in all of the Important updates checked by default.

I think I've seen that for service packs in the past, but usually with an extra line like "this update can only be installed on its own". So, in some part of Microsoft's mind-set, Windows 10 is simply a service pack? Discuss...

I don't think I've ever before done a "Check for Updates" that did not result in all of the Important updates checked by default.

I think I've seen that for service packs in the past, but usually with an extra line like "this update can only be installed on its own". So, in some part of Microsoft's mind-set, Windows 10 is simply a service pack? Discuss...

Yeah, you might be right about those service packs, but I really can't remember the last time I installed one. As far as delving into Microsoft's mindset, well, that seems like a dark and scary place that I think I'd just as soon steer clear of. ;^)

Regarding all the spying things...

-[ snip ]-
So you figure "I'll just block the connections using the 'hosts' file." Nope, everything is hard-coded in such a way that it bypasses that.
-[ snip ]-

Greetings Cosmic,

I added the following to my router to block them so that hard coded URLs won't help:

vortex-win.data.microsoft.com
settings-win.data.microsoft.com

I dare Micro$oft to try hacking my router to bypass it. lol :)

I would like to believe that would work, however, even without any DNS servers declared in your IP settings, and the DNS cache cleared.. much of the Windows internals/gubbins can still phone home. That means some parts of the framework underneath are hard-coded to communicate directly by IP, rather than looking up a domain name and getting the address.

There have been mentions on various tech news articles that phoning-home is deeply-embedded and hard-coded so that communication is basically guaranteed to happen as long as there is an Internet connection. *shrug* Maybe I'm wrong or misinterpreting things, but that's my understanding of that whole thing.

---

Linux laptop:
record uptime: 1511d 20h 19m (ended due to the power brick giving-up)

I dare Micro$oft to try hacking my router to bypass it. lol :)

I would like to believe that would work, however, even without any DNS servers declared in your IP settings, and the DNS cache cleared.. much of the Windows internals/gubbins can still phone home. That means some parts of the framework underneath are hard-coded to communicate directly by IP, rather than looking up a domain name and getting the address.

There have been mentions on various tech news articles that phoning-home is deeply-embedded and hard-coded so that communication is basically guaranteed to happen as long as there is an Internet connection. *shrug* Maybe I'm wrong or misinterpreting things, but that's my understanding of that whole thing.

See:

Microsoft backports data slurp to Windows 7 and 8 via patches

We recently mused, half seriously, whether the entire point of the Windows 10 upgrade was to harvest your personal information...

... Now Microsoft is revamping the user-tracking tools in Windows 7 and 8 to harvest more data, via some new patches.

All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools...

... The notes explain that diagnostic telemetry data is sent to settings-win.data.microsoft.com (64.4.54.253) over SSL. Privacy advocates note that the OS is hardwired to use that...


So, to me that reads that you need to have a firewall on your network router that blocks anything and everything to the specific IP address 64.4.54.253... (And any others that might be hard coded into whatever existing or new updates...). No DNS needed.

To me, that all looks to be extremely determined and devious...


IT is what you allow it to be,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

I feel it is time for a class action lawsuit.

---

So, to me that reads that you need to have a firewall on your network router that blocks anything and everything to the specific IP address 64.4.54.253... (And any others that might be hard coded into whatever existing or new updates...). No DNS needed.

That was pretty much the point I was trying to make. Blocking that domain name on the router just prevents it from being looked-up.. but doesn't necessarily block a direct IP connection to the IP that name translates to if no DNS query was even made.

One could presume that the IP for that particular domain name won't change very often, so if you can block that specific IP, then that takes care of just that one single thing. There's no telling how many others are in the OS that are deeply-embedded and hard-coded, either.

Just seems a bit... covert-ops or corporate espionage-esque to me. If there was no sinister or ulterior motive, there would be a simple off-button somewhere that would turn all of that crap off, but the fact that there are so many very persistent things scattered all over the place with no clear way to truly turn any of them off is incredibly suspicious. And none of those concerns are calmed by the fact that many media outlets have asked MS for more details/information about why there are so many things and they are so persistent/stubborn.. and the same thing appears in every article: "...has yet to respond to our multiple inquiries."

That reminds me of something from an xkcd comic about substituting phrases to make reading the news more fun. Replace "could not be reached for comment" with "is guilty and everyone knows it." Basically.. if MS wanted to put all these fears of spying and data-mining to rest once and for all.. either A) come out and clearly explain the intention behind all of it, or B) release a functional off switch that truly turns all of that off if you want to opt-out of it all (though one could argue it should be opt-in.. but take what you can get).

---

Linux laptop:
record uptime: 1511d 20h 19m (ended due to the power brick giving-up)

Just a note;

You don't own Windows, MS license it to you. This is from the Win 7 pro EULA, which of course you read? I didn't

SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights
to use the features included in the software edition you licensed. Microsoft reserves all other rights.
Unless applicable law gives you more rights despite this limitation, you may use the software only as
expressly permitted in this agreement. In doing so, you must comply with any technical limitations in
the software that only allow you to use it in certain ways.

By using it you have agreed, it you didn't agree you send it back.

That has been the case for a long time now, and not just with Windows and other MS software.
If you have many hours to spare and take a close look at the EULAs for most commercial software you'll find that you don't own it, all you've paid for is the right to use it.

---

Grant
Darwin NT

if MS wanted to put all these fears of spying and data-mining to rest once and for all.. either A) come out and clearly explain the intention behind all of it

Would make no difference because no one would believe them.

B) release a functional off switch that truly turns all of that off if you want to opt-out of it all (though one could argue it should be opt-in.. but take what you can get).

And there response would be, we have already done that- it's up to the user to de-select the things they don't want.

---

Grant
Darwin NT

All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools...

... The notes explain that diagnostic telemetry data is sent to settings-win.data.microsoft.com (64.4.54.253) over SSL. Privacy advocates note that the OS is hardwired to use that...[/i]


So, to me that reads that you need to have a firewall on your network router that blocks anything and everything to the specific IP address 64.4.54.253... (And any others that might be hard coded into whatever existing or new updates...). No DNS needed.

To me, that all looks to be extremely determined and devious...


IT is what you allow it to be,
Martin

I just did an nslookup on settings-win.data.microsoft.com and it indicated that the IP address for it is 65.55.44.108 and that there is no PTR record for 64.4.54.253. That being said, since ARIN indicates that 64.4.54.253 is assigned to M$, perhaps it would be a good idea to block both 64.4.54.253 and 65.55.44.108.

Regarding all the spying things...

-[ snip ]-
So you figure "I'll just block the connections using the 'hosts' file." Nope, everything is hard-coded in such a way that it bypasses that.
-[ snip ]-

Greetings Cosmic,

I added the following to my router to block them so that hard coded URLs won't help:

vortex-win.data.microsoft.com
settings-win.data.microsoft.com

I dare Micro$oft to try hacking my router to bypass it. lol :)

I would like to believe that would work, however, even without any DNS servers declared in your IP settings, and the DNS cache cleared.. much of the Windows internals/gubbins can still phone home. That means some parts of the framework underneath are hard-coded to communicate directly by IP, rather than looking up a domain name and getting the address.

There have been mentions on various tech news articles that phoning-home is deeply-embedded and hard-coded so that communication is basically guaranteed to happen as long as there is an Internet connection. *shrug* Maybe I'm wrong or misinterpreting things, but that's my understanding of that whole thing.

Greetings Cosmic,

(Replying with my laptop since Win7 Pro 64bit is currently undergoing a clean install on my main PC)

If in fact you are correct in this, then none of the computing populace using Winblow$ is safe from Micro$oft. I would think that if this is indeed happening then it's high time for an entity larger and more powerful than Micro$oft to step in and SHUT THEM DOWN!

Who the hell does Micro$oft think they are to bypass all our security measures we set up to protect OUR PCs and OUR other connected devices? Since Micro$oft has bought a BOAT LOAD of IP addresses, it would not be worth it to look up the address since their spyware will just use a random IP address to get our information to those servers. If that can be done...

(Clean install done, must work on my main PC now.)

Keep on BOINCing...! :)

---

CAPT Siran d'Vel'nahr - L L & P _\\//
Winders 11 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath

KB3092627 has been released to 'fix' a 'fix'. Unbelievable! Even their OWN TECHS can't admit a problem. WHAT A JOKE M$ has become. Roll ON! Switzerland, ban and then sue them!

http://www.infoworld.com/article/2979516/microsoft-windows/microsoft-releases-kb-3092627-to-fix-bad-patch-ms15-084kb-3076895.html

---

"Sour Grapes make a bitter Whine." <(0)>

Well youtuber Jerry ( aka Barnacules Nerdgasm) more or less predicted a world of hurt for them would come from the mass sackings of their testing team (including himself) that filtered the updates before release. I do suspect the new culture of using alpha software as release has taken hold though across the board. I find myself wondering if those using that technique have any time to actually use the product they're building, such that they'd understand it... well that makes me old-school I guess.

---

"Living by the wisdom of computer science doesn't sound so bad after all. And unlike most advice, it's backed up by proofs." -- Algorithms to live by: The computer science of human decisions.

Still following one of the Dutch sites where people report all these Win10 sneak updates. One of them reported that his firewall said the following:
C:$Windows.~BT\Source\SetupHost.exe Outgoing TCP Access allowed to: (evsecure-ocsp.verisign.com;e8218.ce.akamaiedge.net;evintl-ocps.verisign.com;sb.symcd.com;g.symcd.com;ocsp.verisign.com) 23.52.59.27

Akamai Technologies, Inc. is a content delivery network or CDN and cloud services provider headquartered in Cambridge, Massachusetts, in the United States. Akamai's content delivery network is one of the world's largest distributed computing platforms, responsible for serving between 15 and 30 percent of all web traffic.

Verisign, Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code top-level domains, and the back-end systems for the .jobs, .gov, and .edu top-level domains.

symcd.com is owned and operated by Symantec.

At least the latter can be a check for up-to-date certificates. The other two seem to be handling the Windows 10 installation files download to your system.

***
One other thing. For people with Windows 7 and 8.1 being told by Windows Update that WinX is ready to be installed, what are your settings for the Windows Update? Recommended Updates? And do you have Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows checked on Windows Update in Control Panel\System and Security\Windows Update\Change settings ?

That's the only one checked on my system, and my Important Updates is set to Check for updates but let me choose whether to download and install them. , yet as I said, I still had the secret WinX update folders and files on my system. I can only think it comes from that "Give me updates for Microsoft products...", an option I have never seen before and so is on by default.

---

That's the only one checked on my system, and my Important Updates is set to Check for updates but let me choose whether to download and install them. , yet as I said, I still had the secret WinX update folders and files on my system. I can only think it comes from that "Give me updates for Microsoft products...", an option I have never seen before and so is on by default.

It is not on by default on my Windows 10 updated from 8.1 and I did not check it. I get regular updates and I choose when to install them, so I can suspend all BOINC projects before updating if a reboot is involved.
Tullio

---

One other thing. For people with Windows 7 and 8.1 being told by Windows Update that WinX is ready to be installed, what are your settings for the Windows Update? Recommended Updates? And do you have Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows checked on Windows Update in Control Panel\System and Security\Windows Update\Change settings ?

That's the only one checked on my system, and my Important Updates is set to Check for updates but let me choose whether to download and install them. , yet as I said, I still had the secret WinX update folders and files on my system. I can only think it comes from that "Give me updates for Microsoft products...", an option I have never seen before and so is on by default.

I do have the Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows option checked (otherwise, I don't think I'd get MS Office security patches) but my "Important updates" option is set to "Never check for updates". That's been the setting on all of my boxes for many, many years (at least since the inception of Win Vista). I simply do a manual "Check for Updates", at my convenience, once a week on my daily driver. Only if something shows up there will I make a note to do the same on my other machines, when time permits.

There almost seems to be a Win 10 lottery system in play here for Win 7/8 users, with such a variety of different sneaky behaviors being reported, with little regard to settings or history. I haven't had those hidden Win 10 folders reappear (yet), even after that attempt yesterday by Windows Update to pass off Win 10 as simply an "Important Update". Then again, that box has only been run sporadically for a very limited number of hours since reverting from Win 10 to Win 7. Perhaps if I just let it run 24/7 for a few days or so, my lottery number would come up. Who knows?

One other thing. For people with Windows 7 and 8.1 being told by Windows Update that WinX is ready to be installed, what are your settings for the Windows Update? Recommended Updates? And do you have Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows checked on Windows Update in Control Panel\System and Security\Windows Update\Change settings ?

I've always had mine set for "get updates for all Microsoft products" (so that Office is included when checking for updates), but I've always gone with "check for updates, but let me choose what to download and install."

For whatever reason, on my main machine, optional updates appear in the same list as important.. no matter what I have the checkbox set for in the settings. My laptop does the opposite.. no matter what the checkbox is set for, the two are always separate.

I have not seen the Win10 download appear on either machine, probably because I have absolutely none of the updates installed that "help prepare the system for being upgraded," nor any of the ones that add spyware/data-mining. Everyone remember my color-coded list from a week or two ago? Every single one of those updates have been banned from my machines. Without those.. I can't get win10.

---

Linux laptop:
record uptime: 1511d 20h 19m (ended due to the power brick giving-up)

Microsoft violates European cookie law with forced Windows 10 downloads

Microsoft violates European cookie law by automatically and silently downloading Windows 10. Windows Update doesn't ask for specific permissions to do this.

The infamous European cookie law, which varies from country to country, goes beyond simply placing tracking cookies. "It also deals with scripts, reading device information, etcetera," says Dutch internet lawyer Arnoud Engelfriet to PCM. He points out that there is an exception for information or data which is needed for the technical operation of a machine.

However, Windows 10 and its install files are not necessary for the functioning of a machine. "Is Windows 10 necessary? I don't think so," says Engelfriet.

Either way, Microsoft downloads multiple gigabytes used for the update to Windows 10. This download happens automatically and silently in the background, which became apparant last week. "This really surprises me," says Engelfriet. The 'silent' aspect of this preload applies to both the download location as well as to the legally required permission. The download (which varies from 3 to 6 GB) are being placed in a hidden folder ($WINDOWS.~BT or $Windows.~WS) on disk C.

Furthermore, users are not being served the required legal permission before downloading the files. Placing the install files on pc's happen through Windows Update, which gives fixes and updates to each version of Windows.

Engelfriet says there is discussion among lawyers and engineers whether updates are merely 'fixes', or contain new functionalities as well. This, in theory, would be the nuance between updates and upgrades. However, Microsoft has been serving new functionality and features to through WIndows Update alongside fixes for bugs and security holes. Windows 10 is a completely new release.

The cookie law also states that placing or reading personal data must happen with explicit consent of the user beforehand. Having that consent in the EULA, as happens in Windows Update, is therefore not permitted, says Engelfriet.

Microsoft Netherlands responds to questions by PCM by saying Windows 10 is a 'Recommended Update'. These kinds of updates are being offered to users through Windows Update, but are unchecked by default.

Microsoft regularly puts out Recommended Updates, for instance to add a new currency symbol of the Russian ruble. These updates nearly always have the generic description 'Install this update to repair problems in Windows.'

After that, the user can find more information about the update by searching for the individual KB-number ('Knowledge Base'). The past few months, there have been issued updates for both Windows 7 and Windows 8.1, that prepared users for the arrival of Windows 10. These are the notification that makes reserving the OS possible, en compatibility enhancements for the upgrade to Windows 10.

In an additional response, Microsoft says the automatic preload has been adjusted. Before, it was only applicable to users that explicitely reserved the upgrade, but that was later 'changed to the standard process of Windows Update', a spokesperson tells PCM. This happened in the days after Windows 10 was being rolled out to the public, which happened 29 July.

"Users' machines that already received automatic updates through Windows Update are being prepared for the upgrade to Windows 10, using the necessary files for the future Windows 10 installation. This results in a better upgrade experience as soon as it's available, and makes sure the device will always contain the most recent software."

---

Microsoft Netherlands responds to questions by PCM by saying Windows 10 is a 'Recommended Update'. These kinds of updates are being offered to users through Windows Update, but are unchecked by default.

Well, perhaps in the Netherlands it's only an unchecked "Recommended Update" but, as shown in the screenshots I posted yesterday in Message 1725538, here in the good ol' U.S. of A. it's apparently become an "Important Update" that's checked by default. At least I didn't get hit with the forced download, though. Perhaps that's because there's absolutely nothing "automatic" in my approach to Windows Update, not even merely checking to see if new updates are available. It's a totally manual process here.

I've installed KB3035583 to see if this one does the push-download on its own. I doubt it, but am testing this for a web-magazine. Arstechnica is saying that this update alone is responsible for the push-download.

But seeing how many of the diagnostic & telemetry updates there are, wouldn't these work together with KB3035583? Because that way MS can snoop on your system, see if certain updates are there yet, see if they downloaded the WinX upgrade files to you yet and if not... send them.

Anyway, I'll leave the update on my system for a week.
The message This update installs the "Get Windows 10" notification on Windows 7 SP1 and Windows 8.1 is not correct as I don't see the GWX icon and haven't been nagged yet about WinX in any way or form. So I suspect that one or more other updates are required for this as well.

---

Tuesday. September 15th. 2015 @2.44 PM. [GMT-0800]. Day of year = 258

"How to uninstall default Windows 10 apps you never knew you had"
by Preston Gralla

http://www.itworld.com/article/2983665/windows-apps/how-to-uninstall-default-windows-10-apps-you-never-knew-you-had.html

Some things are mentioned in the above link I've not seen in all the Win 10 posts so far. It may be helpful to some and is why I'm posting it?

---

River Song (aka Linda Latte on planet Earth)
"Happy I-Phone girl on the GO GO GO"