Windoze numbah ten

By Ted Dunlap, on September 14th, 2015

In The Moon Is A Harsh Mistress, Robert Heinlein introduced the term TANSTAAFL … There Ain’t No Such Thing As A Free Lunch. You know it. I know it. Almost everybody knows that “free” stuff always costs something.

When Microsoft raced Windoze 10 to the market and gave it away, I immediately smelled a rat. I didn’t need to know any more than it was Microsoft. There has never been any company less likely to be charitable, nor are many less bound by common morals and more in bed with Big Brother.

As many people have discovered, uncovered and shared on the Internet, TANSTAAFL holds true on #10.

There has never been a better time to learn more about Linux Mint. Linux is maintained by computer geeks world-wide for their own purposes … to run their computer systems for a huge range of activities. The community develops operating systems, drivers and software for their own uses. Sharing with a distribution network so that each update one does is included in the next release.

That’s the overview. Millions of us ride on their coattails … coming amazingly close to that mystical Free Lunch. Unless you are good at working in new technology, it is nice to have a Linux user put it on your machine and get you set up. After that, it does all the things you want Windoze to do and none of the things Windoze does without your permission.

The write-up below came to me via the Ham Radio community. This is full of geeky, scientific and conservative personality types. I’m betting heavy that it is solid information and, if anything, understates the darkness in the new operating system and malware going to Windoze users.

WA8LMF Home Page | Resume | Updated 11 September 2015

Windows 10 Information
Read This Before Installing Windows 10

Microsoft is currently engaged in an unprecedented hard-sell campaign to push rapid adoption of Windows 10 by existing users of Win 7 and 8. This includes a series of nagware popups urging you to “Get Windows 10” being stealth installed on Window 7 and 8 devices in the guise of bug fixes and security updates by Windows Update.

Win 10 is the last discrete version of Windows ever. From now on, it will be continually and endlessly changing with silent FORCED updates without your consent or knowledge.
Unlike previous versions of Windows, where Window Update would present a list of patches and let you pick and choose which ones to apply (and undo if they caused problems), Win 10 just silently forces changes into your system. This would be great –IF– MS didn’t have such a horrible record of botched updates. In just the FIRST week of Win 10 release, there have been three major screwups that have bricked just-installed Win 10 installations. One driver update for certain video chips locked machines into endless reboots, and one totally killed many machines rendering them unable to boot at all.

This continual unannounced changing of Win 10 means you are dealing with an unknown endlessly moving target. Just because programs and device drivers worked today, there is no assurance they will work tomorrow, next week or next month, due to the endless stealth updates. This is going to be especially significant with ham software because much of it hasn’t changed significantly since the XP era of the mid-to late 2000’s. Sooner or later some secret update will start breaking these elderly programs, with no recourse to uninstall the offending patch (if you can even identify it).
Win 10 has escalated invasion of privacy to an unprecedented level. Win 10 is far more “cloud-oriented” than previous versions of Windows. As part of this, it’s embedded “telemetry” reports practically everything you do, every program you run, every file you open back to the MS mother ship for analysis and marketing purposes. It shares your WiFi passwords with friends on your contact list. It contains hooks to pop up ads in the middle of LOCALLY RUNNING programs. It attempts to default file saves of local programs to Microsoft’s cloud, rather than to your own hard disk. It tries to thwart downloads of browsers other than Edge;i.e. that can run adblocker and popup-blocker plug-ins. It ignores entries in the Windows HOSTS file aimed at blocking unwanted communications to specific URLs. MS has taken it upon itself to scan your local files to determine which of your BitTorrent downloads and installed programs are “illegal”.
For Win 7, 8 or 10, the “telemetry” modules “phone home” to these domains at Microsoft:

vortex-win.data.microsoft.com
settings-win.data.microsoft.com
(There may be others not yet uncovered)

These URLs are hard-coded in the communications modules. You can’t stop or “black-hole” them with entries in the HOSTS file, or with firewalls running on the same computer. Blocking them requires entries outside the PC in your router’s block list.
MS is now attempting to stealth-load the same telemetry “spyware” into Win 7 and Win 8 systems under the guise of important “Customer Experience Improvement Program” (a.ka. CEIP) patches by Windows Update. However, at least with Win7 and 8 you can see the list of proposed downloads BEFORE they download, and uncheck them. Further, there are simple third-party batch file tools that can scan and uninstall this unwanted invasive crapware, including the “Get Windows 10” nagware popups campaign.)
Further, MS has started stealth-downloading the ENTIRE Win 10 setup image (i.e. multi-gigabyte DVD image) into Win 7 & 8 systems, whether you asked for it or not, “just in case you decide to upgrade”. It’s stealing gigabytes of your disk space and blowing through wireless device data quotas.
From <http://www.theregister.co.uk/2015/09/10/windows_10_forced_download/> (This is a British computer and IT news site)

“The software giant confirmed to The Register on Thursday that it’s been pushing out the necessary files for the upgrade to Windows 7 and Windows 8.1 systems via Windows Update, even if you haven’t bothered to “reserve” an upgrade using Redmond’s adware app.”

The trojan horse “patch” to Windows 7 and 8 that starts this assault is Windows Update
“KB3035583” a.k.a. “GWX” (Get Windows X a.k.a. Windows 10) .

The first sign you have been hit with this unwanted crapware is the appearance of a white Windows logo in the system tray in the lower-right corner of the Windows desktop on Win 7 and 8 systems. An incessant series of popups urging you to update will follow. You can head off this download with the following registry entry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX]
“DisableGWX”=dword:00000001

Open Notepad or another text editor. Copy/paste the three lines above into the blank document. “Save as” NoWin10.reg . Note that this file must have the extension “.REG” rather than the default “.TXT”. Exit the editor. Locate the this file in the Windows Explorer, RIGHT-click it and choose “Merge”. After a couple of “Are you really sure?” type UAC prompts, it will add this value to the Windows registry.

If you have already been hit with the GWX nagware and possible installs of Win10-style “telemetry”, you can un-install them with the following .CMD file (i.e. Windows version of a classic DOS “batch file”.

Again, open a blank document in Windows Notepad or similar editor. Copy/paste the following lines into it. Save the file as “NukeWin10.CMD” or some such. Note the file extension “.CMD” rather than the default “.TXT” . Again, after the save, locate this file in the Windows Explorer, RIGHT-click it and “Run As Administrator”. After a couple of UAC “Are you sure” prompts, a black “DOS Box” window will open. You will be repeatedly asked to “Hit any key to continue”. Just keep hitting <ENTER> until the black window closes; then reboot.

@ECHO off
ECHO .
ECHO This batch file removes several Windows 10-inspired
ECHO spyware a.k.a. “telemetry” components stealth-
ECHO installed into Windows 7 and 8 systems under the
ECHO guise of Windows security patches by Windows Update.
ECHO .
ECHO It also removes the “Upgrade to Windows 10 “nagware”
ECHO KB 3035583.
ECHO .
ECHO Hit ENTER to continue after each pause.
ECHO .
ECHO This batch file must be run with administator
ECHO privileges; i.e. right-click this file and
ECHO “Run As Administrator”. Reboot system after final
ECHO uninstall runs and black command window closes.
ECHO .
ECHO on
pause
wusa /uninstall /kb:3035583 /norestart
pause
wusa /uninstall /kb:2990214 /norestart
pause
wusa /uninstall /kb:2952664 /norestart
pause
wusa /uninstall /kb:3022345 /norestart
pause
wusa /uninstall /kb:3068708 /norestart
pause
wusa /uninstall /kb:3075249 /norestart
pause
wusa /uninstall /kb:3080149 /norestart
pause
wusa /uninstall /kb:3044374 /norestart
pause
ECHO Last Uninstall, Reboot Now!
Pause

After the uninstalls complete, look for the subdirectory (i.e. “folder”) located beneath the main Windows directory called \$Windows.~BT . You will need to have “Show Hidden Files” enabled in the Explorer to see it. If found, delete it and its contents. (This is the location where the stealth download of the entire Windows 10 installer is being placed, eating up gigabytes of your disk space.)

You may encounter Windows protection issues that prevent you from deleting the directory and/or contents. If so, reboot to Windows Safe Mode, or boot from an external utilities CD using Win PE or @ActiveBootDiskl.

As an alternative, Microsoft has told The Register that it is possible to remove the Windows 10 update files using the Windows Disk Cleanup utility.

IMPORTANT The unwanted KB installs will “come back from the dead” and attempt to re-install themselves during the next Windows Update session. To prevent this:

Open the “Windows Update” applet in the Control Panel.
Click the “Settings” link on the left side of the screen.
In the resulting “Choose how Windows can install Updates” dialog, pull down the list box for “Important Updates”.
Select “Check for updates but let me choose whether to download and install them”.
OK and exit the cascaded dialog boxes.

Windows Update will now produce a list of offerings each time, but not act on them until you explicitly choose them. When the KB numbers above appear in the list of offered downloads, RIGHT-click them and choose “Hide”.

Or disable Windows Update entirely, and use the off-line AutoPatcher patching system for Win 7 and 8.1, available from <http://autopatcher.net> . AutoPatcher downloads the entire set of patches and updates for a given version of Windows, stores them locally on your hard disk or removable storage device. You can then update any number of PCs without an Internet connection. When run, Autopatcher presents a list of ALL patches issued for a given 32- or 64-bit version of Windows, indicates which ones are already installed, and lets you opt in or out of any that need to be installed.

After each month’s “Patch Tuesday” release of new patches, AutoPatcher can update your local collection. The Autopatcher scripts pointedly leave out the “Get Windows 10” nagware and spyware installer “patches”.

Finally, check Windows Task Scheduler and remove “DoScheduledTelemetryRun“, “Microsoft Compatibility Appraiser” and “ProgramDataUpdater” if they exist.

A zip file containing a copy of this article, the registry .REG file and the .CMD file described above, ready for use, can be downloaded from this website HERE .

Some of the information on this page came from:

<http://www.infoworld.com/article/2911609/operating-systems/kb-2952664-compatibility-update-for-win7-triggers-unexpected-daily-telemetry-run-may-be-snooping.html>

<https://www.yahoo.com/tech/s/not-just-windows-10-windows-7-8-tracking-162550762.html>

<https://bgr.com/2015/07/31/windows-10-upgrade-spying-how-to-opt-out/>

<http://www.theregister.co.uk/2015/09/10/windows_10_forced_download/>

<http://www.majorgeeks.com/files/details/remove_windows_nag_icon_to_upgrade_to_windows_10.html>

<http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/>