SoylentNews is people
SoylentNews
Finally, some good news for people who are determined to avoid the Windows 10 "upgrade". Microsoft has this week issued an update that removes the Get Windows 10 App and other software related to the the Windows 10 free update offer, which expired July 29, 2016. From a report on Redmond Channel Partner:
An update issued by Microsoft this week will delete the infamous "Get Windows App" from users' systems.
The Get Windows App (also known as the "GWX app") was a nag-ware-like popup that showed up on Windows 7 Service Pack 1 and Windows 8.1 desktops, prompting users to get a free upgrade to Windows 10. It hung around with that same message over a one-year period for those who didn't accept the offer. It took a lot of effort to make it go away.
The update that dispenses with the GWX app is labeled as "Knowledge Base article KB3184143." It became available through Windows Server Update Services as of Sept. 20, according to Microsoft's description article.
(Score: 0) by Anonymous Coward on Friday September 23 2016, @09:17PM
OK, but where is the list of safe updates?
F'n windows update races my processor so I've had it off for months. Frankly have no interest in spending time researching updates.
Is there a reliable source of what updates are absolutely necessary and safe?
(Score: 0) by Anonymous Coward on Friday September 23 2016, @09:46PM
No trustworthy list. You must research or take your chances. . . But then, even with due diligence, it's still a crap shoot.
(Score: 0) by Anonymous Coward on Saturday September 24 2016, @07:03AM
Sure. They're here: https://www.mozilla.org/en-US/firefox/new/ [mozilla.org]
https://noscript.net/ [noscript.net]
https://addons.mozilla.org/EN-us/firefox/addon/ublock-origin/ [mozilla.org]
Seriously, for Windows install the critical security updates (which all the security researchers get excited about, there aren't that many ) then don't worry too much about the rest. The important bits are: don't install flash, keep your browser, IM, game and other network clients updated. If you're paranoid sandbox them especially your browser. Other than some media library bug, that's how you'd get pwned via code exploits nowadays (social engineering and similar are a different matter).
Don't believe me? Go look at the early pwn2own contests https://en.wikipedia.org/wiki/Pwn2Own#Contest_2007 [wikipedia.org]
ALL of the machines were uncracked at the first stage: "Remote attacks only. Contestants must join the same network as the target laptop and perform their attack without user interaction and without authentication."
They were only cracked at the second stage/day or even third day: "Browser and Instant messaging attacks included. Contestants could send a link to the contest e-mail address, which an organizer would click on from one of the contest laptops. The organizers would also sign into and receive IMs from the default, vendor-supplied IM client."
So much so that for future contests they skipped that first stage (for PC OSes), or moved on to attacking mobile devices (which haven't been as "battle hardened" as the desktop OSes).
If the attacker can pwn you remotely using an OS exploit without help from you, your browser or other network client you should be honored. The attacker is probably using a million dollar "zero day" on you (I'm aware that local privilege escalation zero days only go for 90k, but there really is a big difference the local one means you're _already_ in and in a lot of cases hackers don't give a damn once they're in- they can already get your keys, passwords, emails and use your computer for bitcoin mining or spamming all without local priv escalation).
In short it's pretty hard to remotely pwn a Windows 7 machine was patched up to the point just before MS decided to that they would get away with breaking computer crime laws[1] in many countries. Just patch and sandbox your apps.
[1] How many of us would get away with upgrading thousands of machines to Windows 10 without genuine permission (e.g. not my fault, they clicked the wrong button on the dialog box).