Another month, another load of patches from Microsoft.
This month we have seventy-one bulletins and corresponding updates. One hundred and twenty-six vulnerabilities are addressed in all, affecting .NET, Internet Explorer 9 and 11, Edge, Office, SharePoint, Visual Studio, OneDrive, Skype, Windows, and Windows Defender. Nineteen of the vulnerabilities are flagged as having Critical severity.
Those of you running Windows 10 know the drill: depending on which version of Windows 10 you’re running, you can delay installation of updates for a while, but not indefinitely. On Windows 8.1 computers, Windows Update is still the best way to install updates. Windows 7 users don’t have an official way to obtain updates for that O/S, despite the fact that Microsoft continues to develop them.
On a related note, you may have noticed that Microsoft is pushing its new Chromium-based Edge browser to all Windows computers. This is happening not only on Windows 10 computers, but also those running Windows 8.1 and even 7. The new Edge cannot be removed in the usual way once it’s installed. This is causing consternation for many users, as Edge seems to take over once installed, forcing the user to make certain choices before the desktop can even be accessed. Isn’t this the kind of behaviour that got Microsoft in trouble in the 1990s?
As if there wasn’t enough going on, it’s already time to patch your Windows computers again.
Of course at this point, given that Windows 7 is effectively no longer getting patches, and Windows 10 updates itself whether you want it to or not, we’re really just talking about Windows 8.1. Market share for Windows 8.x was never high, and it’s now below 5% overall. Oh well.
Somewhat confusingly, Microsoft continues to produce patches for Windows 7, and documents them along with all the others in the Security Update Guide. But if you look at the requirements for these Windows 7 updates, you’ll see that they can’t be installed unless you’ve already paid for and installed the Extended Security Updates (ESU) Licensing Preparation Package. Which most regular folks can’t afford.
This month we don’t have any interesting updates from Adobe, but there’s the usual pile from Microsoft. Analysis of the Security Update Guide reveals that a total of one hundred and fourteen security vulnerabilities are addressed in this month’s patches. The usual lineup of software products are affected, including Windows, Internet Explorer 9 and 11, Edge, Office, and Windows Defender. There are thirty-eight security bulletins in all, nineteen of which are flagged as Critical.
By now I’m sure you know the drill: find Windows Update in the Control Panel and check for updates. Whether you cross your fingers or not is entirely up to you. Windows 10 users need to keep their fingers crossed at all times I guess.
Microsoft’s relentless push to get everyone using Windows 10 is creating problems for the software giant. At least one class action lawsuit is underway in Illinois, where annoyed users claim that Microsoft owes more than $5 million in damages related to Windows 10 upgrades, both wanted and unwanted.
Meanwhile, Windows is no longer the most popular way to access the Internet. As recently as 2012, up to 90% of all Internet access was via Windows, but that number has been dropping steadily in recent years, and it’s now at an all-time low. For the first time ever, another operating system is in first place: the mobile O/S Android. Microsoft has bet heavily on Windows 10 and its universal touch interface, alienating traditional desktop enthusiasts and power users in the process. But if consumers are increasingly choosing Android over Windows 10 for their mobile devices, where does that leave Windows?
Microsoft’s efforts to herd users towards their advertising platform Windows 10 includes discontinuing support for newer processors on older versions of Windows. While it’s clearly Microsoft’s prerogative to decide which hardware they support, there’s no obvious technical reason for this limitation. In light of Microsoft’s historical support for older systems, this is particularly annoying news for anyone expecting to be able to use Windows 7 or 8.1 with new hardware.
This week I once again encountered an old nemesis, the infinite ‘Checking for updates…’ Windows Update screen. Not this again! It happened when I was attempting to install the December 2016 updates on my main Windows 8.1 machine.
I tried the usual troubleshooting steps: rebooting, stopping all non-essential processes, the Windows Update troubleshooter, and so on. Nothing helped.
What makes this problem really annoying is that even when Windows Update is working properly, there are long pauses during which nothing appears to be happening. Even looking deeply into the running processes sometimes shows a complete lack of activity. Since a hung Windows Update often looks exactly like Windows Update actually doing something, all you can do is watch helplessly, in growing frustration, until you finally can’t stand it any more and stop the Windows Update process.
After banging my head against this problem for a while, it occurred to me that since most Windows updates are now available in ‘rollup’ form (i.e. packaged together in one update), I could install the appropriate ones manually, which would at least get my computer up to date, and could conceivably also fix Windows Update.
After rebooting, I tried Windows Update, and ‘Checking for updates’ took about a minute to find December’s Patch Tuesday updates. Yay! I installed those updates and the computer is now fully patched.
It’s difficult to know for sure why this Windows Update problem happens, but it’s depressingly common, as are the sometimes wacky solutions users have proposed. The rollup solution that worked for me may work for others, but there are no guarantees. It’s Windows, after all.
If you plan to risk a migraine and read Microsoft’s blog post, keep in mind that the intended audience is Enterprise users, not us lowly consumers (aka Windows 7/8 Home/Pro users). Parts of the post need to be interpreted differently for non-enterprise users. For instance, references to WSUS and ConfigMgr only apply to Enterprise users.
The changes will take effect on October 11, next week’s Patch Tuesday. The bottom line is that updates will no longer be delivered separately, but in large update packages. Each month, three of these packages will be produced:
security-only quality update – a single update containing this month’s security updates; not available through Windows Update!
security monthly quality rollup – a single update containing this month’s security updates, as well as non-security updates from the previous month, and the contents of all previous rollups.
preview of the monthly quality rollup – perhaps weirdest of all, this update will contain next month’s non-security updates. In other words, this month’s non-security updates, which are otherwise not available in the regular monthly rollup. Microsoft seems to be saying “For those of you who want this month’s non-security updates but would prefer not to wait until next month to get them, here’s a preview of those updates.” Even weirder, this update will become available the week after the regular Patch Tuesday. The preview rollups will also include fixes from all previous monthly rollups, and older updates will be gradually added as well.
Why will the monthly rollups contain non-security updates from the previous month? For example, according to Microsoft, the first (October 2016) rollup will include non-security updates from September. But why delay October’s non-security fixes for another month? This makes no sense.
What happens if an update causes problems? In the past, you could just uninstall the problematic update. That won’t be an option with this new system. Microsoft’s response to this question makes it clear that this is your fault: “Every Windows update is extensively tested with our OEMs [customers] and ISVs [customers], and by customers – all before these updates are released to the general population. Your organization may also be interested in validating updates before they are publicly released, by participating in the Security Update Validation Program (SUVP).” In other words, our updates are thoroughly tested by you, and if you’re not testing them, you should be.
Why is Microsoft doing this?
According to Microsoft, these changes will “simplify your updating of Windows 7 SP1, Windows 8.1, … while also improving scanning and installation times and providing flexibility depending on how you typically manage Windows updates today.”
There may actually be some good reasons for bundling updates. But Microsoft is being so vague that it’s hard to believe they aren’t trying to foist something unwanted on us. Maybe the new system will make Windows Update faster and more reliable. Maybe it will simplify updates, an appealing notion for many users. Maybe it will make us all safer. It’s difficult to predict.
But there’s no question that these changes will make it difficult to avoid unwanted updates, and therein lies the problem. We already know for sure that Microsoft desperately wants us to either upgrade to Windows 10, or install updates that make Windows 7 and 8 more like Windows 10. Clearly these changes are beneficial to Microsoft, and we have a pretty good idea why (it’s advertising infrastructure). And, despite Microsoft’s assurances, we can be fairly certain that these changes don’t actually benefit the user, unless the user enjoys targeted advertising.
Given Microsoft’s recent actions, and suspicions concerning their actual motivation, these new updates are going to be examined closely. Are all the ‘security’ updates actually necessary? Are they even related to security? Microsoft can slap a ‘security’ label on anything they want and force it down our throats.
What can we do about this?
If you use Windows 7 or 8.x Home or Professional, there’s not much you can do. As I explained in an earlier post, you can trust that Microsoft will act in your best interest and let them install what they want on your computer (yikes), you can stop using Windows Update completely (also yikes), or you can switch to Linux.
It’s also still possible that – with enough pressure from users – Microsoft could make these changes more palatable. The Electronic Freedom Foundation says (and I totally agree) that “Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.” I would add that Microsoft should describe in detail exactly what each update really does, and how it affects the collection and transmission of user activity and other information.
Now that Microsoft’s offer of free Windows 10 upgrades for Windows 7 and 8.x users is over, it makes sense that we should stop seeing those annoying reminders everywhere. Sure enough, an update for Windows 7 and 8.x became available last Patch Tuesday (September 13) that removes the ‘Get Windows 10’ feature. The update is identified as KB3184143, and has the (surprisingly meaningful) title “Remove software related to the Windows 10 free upgrade offer”.
If you’ve been using the third-party software GWX Control Panel to keep those annoying Windows 10 upgrade messages away, and you’ve installed KB3184143 on your Windows 7/8.x system, you might be tempted to remove GWX Control Panel. Unfortunately, there’s no reason to assume that Microsoft won’t re-enable the ‘Get Windows 10’ feature again in the future. I plan to leave it running on my Windows 7 and 8.x computers.
Of course, knowing Microsoft, if they decide to start pushing Windows 10 on us again, they’ll probably develop something completely new, in which case GWX Control Panel probably won’t help.
Let’s review, shall we? Microsoft really wants you to use Windows 10. Their official explanation for this includes vague language about reliability, security, productivity, and a consistent interface across platforms. Their claims may be true, but they hide the real reason, which is that Microsoft saw how much money Google makes from advertising, realized that they had a captive audience in Windows users, and added advertising infrastructure to Windows 10 to capitalize on that. The privacy-annihiliating features are easily explained: the more Microsoft knows about its users, the higher the value of the advertising platform, since ads can be better targeted.
A short history of Microsoft’s sneakiest Windows 10 moves
Move #5: Microsoft realizes that the Group Policy tweaks provided for bus/edu customers can also be applied to Pro versions of Windows, Microsoft disables those settings in the Pro version. Windows 10 Home users never had access to those settings. Angry users are running out of options.
We know business and education customers won’t be affected by this latest change. The rest of us will have to suffer – or switch.
Assuming Microsoft doesn’t back way from this decision, I imagine my future computing setup to consist primarily of my existing Linux server, and one or two Linux machines for everyday use, development, blogging, media, etc. I’ll keep a single Windows XP machine for running older games and nothing else. In this scenario, I won’t run newer games if they don’t have a console version. Aside: if I’m not the only person doing this, we might see a distinct decline in PC gaming.
Dear Microsoft: I only kind of disliked you before. Now…
Now that their free Windows 10 upgrade offer is almost over, Microsoft thought this would be a good time to reduce some of the more devious tricks they’ve employed to fool users into upgrading from Windows 7 and 8.1 to Windows 10.
One incredibly annoying behaviour of at least one of the previous upgrade dialogs was that closing the dialog by clicking the ‘X’ button at the top right corner was actually interpreted by Microsoft as approval to proceed with the upgrade.
But it’s too little, too late for some users, many of whom encountered serious problems after their computers were upgraded to Windows 10 without their approval.
Update 2016Jul04: Apparently Microsoft is making one final big push to get people to upgrade. The Verge reports on new, screen-filling upgrade prompts that are starting to appear on Windows 7 and 8.1 computers.
I’ve been running Windows 8.1 on my main computer for a while now, and while I was initially dreading the goofy new touch-centric user interface, most of the time it stays out of the way.
There is one exception: the ‘Charms Bar’. There’s nothing ‘charming’ about this thing; it pops up at the most inconvenient times, usually when I’m gaming.
The Charms Bar is a toolbar and clock overlay that – by default – appears when the mouse moves to the top right or bottom right of the display. The toolbar contains links to the Devices and Settings apps, and the Start screen. I already have plenty of ways to get to those things, so the bar is pure annoyance.
Sure, if I was using a tablet, the Charms Bar would probably be useful. But I’m not. Thankfully, Microsoft provided some settings for getting rid of it. Unfortunately, the settings involved are in more than one place, and there is no setting to disable the lower right corner trigger.
To stop the Charms Bar from appearing when you move the mouse to the top right, navigate to Control Panel > Taskbar and Navigation > Navigation > Corner Navigation and disable the option When I point to the upper-right corner, show the charms.
If your computer supports mouse or touch swiping motions, you will probably need to disable those as well. To do that, navigate to Control Panel > Mouse, look for swipe-related options, and disable them.
That’s as far as you can go with built-in Windows settings. You’ll still see the Charms Bar when you move your mouse to the lower right. The best solution I’ve found so far is the freeware Charms Bar Killer from Winaero. Even this tool can’t fix the problem permanently, because the changes it makes are reversed whenever Windows (or Explorer) restarts. You can configure it to start with Windows, or just run it whenever you want to disable the Charms Bar until the next reboot.
Microsoft: frustrating people needlessly since 1975.
The new package will install all post-SP1 updates up to April 2016. After you install Windows 7 with Service Pack 1, you need only install the April 2015 servicing stack update for Windows 7 (KB3020369), a prerequisite for the rollup, then install the rollup, then install any updates published after April 2016.
I haven’t yet tried the new rollup, but it’s difficult to imagine how it could fail to be an improvement.
Microsoft also plans to provide monthly non-security update rollups for Windows 7 and 8.1.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.