Windows 10 privacy concerns and backported Windows 7/8/8.1 updates

As we mentioned previously, there are some serious privacy concerns with Windows 10, in addition to the lack of control of updates and software changes. We still don’t recommend updating to Windows 10 at this time, and do recommend that you  evaluate its EULA, privacy policy, and suitability for your use before upgrading. It’s always a good idea to understand what information may be collected by your software, operating systems and apps and for what purpose it’s collected. As recent news has shown again and again (Ashley Madison to name a recent event), anything stored online will eventually become public. Many companies just don’t do a good job of securing either their network (Target credit card hack) or the information they collect. Microsoft is a big target, and one never knows when their cloud services might be hacked.

There are some recent Windows updates that Microsoft has released to older operating systems — Windows 7 SP1, Windows 8 and Windows 8.1 — which raise similar privacy concerns as Windows 10. However, because these are only updates, you can uninstall them, or choose never to install them. Search on the KB number in your updates list, and check against it before installing updates in the future.

Here’s the list, with a brief note after each describing what it does. (CLASSE has already prevented the installation of these on CLASSE-managed desktops.)

  • KB2952664 – Adds Appraiser.dll, Creates new tasks for DoScheduledTelemetryRun. In this case, also check for the “scheduled tasks” and consider deleting them.
  • KB 2977759 – “Compatibility update for Windows 7 RTM” (Win10 compatibility tests)
  • KB3021917 – “Telemetry is sent back to Microsoft”
  • KB3022345/3068708 – “This update introduces the Diagnostics and Telemetry tracking service”
  • KB3075249 – “This update adds telemetry points to the User Account Control (UAC) feature”
  • KB3080149 – “This package updates the Diagnostics and Telemetry tracking service to existing devices”

This next update is strictly for Windows 8.1. CLASSE does not support Windows 8, but the update is mentioned here for people who might be running it:

  • KB 3044374 – “Update that enables you to upgrade from Windows 8.1 to Windows 10”

 

This next one isn’t an update for your existing OS, it actually is the offer to upgrade the OS to Windows 10:

  • KB3035583 – “This update installs the Get Windows 10 app, which helps users understand their Windows 10 upgrade options and device readiness”

This latter is included for people who haven’t already disabled it. It wasn’t in our WSUS server as it’s not for WSUS deployments, unlike the rest.

On a personal, home, non-CLASSE or non-managed computer running Windows 7, 8 or 8.1, if you haven’t already, you must configure Windows Update for “Check for updates but let me choose whether to download and install them“. Instructions for how to do this are available at
http://windows.microsoft.com/en-us/windows/change-windows-update-installation-notification

There are several ways to delete updates:

One is to open Windows Update and search through its list of patches.

Another is to open a Command Prompt as Administrator, and type the following command:

WUSA /UNINSTALL /KB:#######

Replace ####### by the actual number of the update you want to remove.

Several of the updates listed above depend on one another. If you delete them in numeric order, the dependent updates will be silently deleted along with them, so subsequent uninstalls might complain that the specified update is not installed.

After all of the unwanted updates have been uninstalled, reboot the computer.

After rebooting, run Windows Update. It will report that several updates are pending, including some (but not all) of those listed above and some additional ones (e.g. 2882822 — Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1). Presumably the latter are updates which were dependent on the updates which were explicitly deleted.

Right click on each of those updates and select “hide update” so that Windows Update will not offer to install them again.

Unfortunately, it has been reported that Microsoft sometimes overrides “hide” when new variants of the same update are released, so you’ll need to carefully review future updates before allowing them to be installed.

Skip to toolbar