Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> No mention that disabling Microsoft update trend is a logical answer

No, it isn't. Disabling update isn't a logical answer to _anything_ except "what's the best way to get malware". If you don't want Microsoft's "spyware" don't install their OS. There is no coherent logic to simultaneously not trusting Microsoft, and running their code - any version of it.



There is no coherent logic to simultaneously not trusting Microsoft, and running their code - any version of it.

Of course there is. Many of us found Windows 7 to be a useful OS and trusted Microsoft of that era to produce it. That doesn't necessarily mean we trust Microsoft of this era or more recent Microsoft products to be something we want to use. There is no logical incompatibility here. They've simply changed their strategy to one some of us don't like, after we bought some of their earlier products and before the support lifetime of those products ran out.


So what you're proposing is, in effect, running an OS outside of its support window.


Not at all. The support window for Windows 7 was advertised as going up to 2020. It should be possible to install important security updates without anything else changing as a side-effect until that time. It should also be possible to look up those updates and know what you're getting before choosing to install them, to make sure they really are security updates. That's not so much a matter of trust, it's a matter of Microsoft meeting the commitments it gave when people chose to buy its OS before, and verifying that this is happening without just taking their word for it.


But if you're installing and running the security updates then you're back to trusting Microsoft. How can you verify the patches are all exactly what they purport to be?


Trust isn't black and white. Of course you can't 100% verify any update without personally decompiling and analysing exactly what it contains, but you can take reasonable precautions before installing them. You might be willing to trust that a security patch described as fixing a specific vulnerability such as the one we're discussing here is at least trying to do what it says if no-one has reported otherwise after a while, without being willing to trust Microsoft as a whole to push only genuine security updates without supervision.


No. In THEORY you're more vulnerable to exploits in the wild by disabling Windows Update. In REALITY you're statistically FAR more likely to be harassed and have your software/apps/OS break due to Microsoft's "very similar to malware-style" forced updates.

I disabled Win10 updates over 1.5 years ago with zero issue. Security people love to claim the sky is falling, but it's all about risk/reward. Risk of issue due to actual exploit is pretty low for most people, so even though the potential IMPACT is very high, because the probability is so low compared to the constant irritation of Microsoft arbitrarily forcing whatever they want down your throat once a month, they just deal with it and shut off updates.

edit: downvote if you want, I'm not wrong.


Yeah, who can forget that Microsoft update that locked all your files unless you paid a ransom in Bitcoin.


Well, there were Microsoft updates that did make all your files inaccessible.

Try doing the Windows 10 anniversary upgrade if you run bitlocker and have customized your UEFI.

Windows will screw up, bluescreen, and destroy the bitlocker keys.

I’ve fought with that before.


Out of curiosity, what customizations did you make to your UEFI setup? I run BitLocker and did the Anniversary and Creators updates without issue.


I don’t actually ever invoke any bootloader directly, but instead use an EFI app which in turn loads the bootloaders.

Windows’ Anniversary Update works by adding an additional, hidden EFI bootloader, and loading that for the upgrade.

If you instead load the normal Windows EFI bootloader while the upgrade has half-way finished, then it fucks stuff up.

I’ve been through it multiple times, last time, Windows even destroyed all its own EFI entries.


Microsoft literally pushed adware and spyware on Win7/8 users.


Are you talking about the telemetry stuff? Because that's a loaded way to describe it.


In theory we are less vulnerable by disabling Windows and installing other OS... but I guess .. just in theory..


Nobody's disputing that security updates are objectively good. The problem is that Microsoft pushes antifeatures through the "security updates only" channel.

So it's a trade-off: Security threats or antifeatures.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: