Preventing Windows 10 Updates

Neal_K3NC · May 2017

Although its probably bad timing to discuss this during the weekend that the Wannacry ransomware attack was unleashed, taking advantage of systems that had not applied the Microsoft patch in March, unplanned MS updates can play havoc with our SmartSDR operating environment. Often this can result in driver confusion with DAX and lack of functioning CAT ports.

Given the opportunity to plan these upgrades, its easy to prevent this by uninstalling SSDR/DAX/CAT prior to the upgrade then reinstalling it after the environment has stabilized (allowing MS time to fix whatever problems they introduce in the upgrade).

Attached is a link to an article that offers a couple of ideas on how to prevent the upgrades from happening.
http://www.computerworld.com/article/3182846/microsoft-windows/how-to-fix-five-windows-10-headaches....

73
Neal

Jim Jerzycke · May 2017

Thanks, Neal!

I'm sure this will help a lot of people.

73, Jim

Bill Turner · May 2017

For what it's worth: I've been running Windows 10 since it came out, allowing all updates and never a minute's trouble with my 6300.

73, Bill W6WRT

PE3DON · May 2017

Time to have developed a MacOs (not iOS) or Linux compilation of SSDR

Don, 73 de PE3DON

Rob G6EIH · May 2017

It very easy to stop W10 updates however it's not recommended.

Go to Control PanelAdministrative ToolsServicesWindows Update

Left click to change the Windows Update and change the Startup Type to suite your needs, setting the Startup Type to Disabled will prevent any updates or you can choose one of the other options.

After this weekend mine is now set to Delayed Start and updates will be installed.

Have fun.

Rob

dlwarnberg · May 2017

When you get a popup asking for money to unlock your PC just remember it was YOU who turned off automatic updates..

I just stopped DAX and CAT from auto starting and make sure I shut them off when not using the Radio and have had no issues... I've also upgraded to Windows 10 pro

Paul Christensen, W9AC · May 2017

>"It very easy to stop W10 updates however it's not recommended."

Highly recommended for those of us who have our remote sites tethered to 4G/LTE cellular service where there is no viable alternative. A complete stop to the data push requires more than a simple change in the Win10 update menu. Neal's link addresses the right way to shut it down and involves changing the system registry.

Automatically-pushed major Win10 updates, Defender and miscellaneous in-the-background updates can consume a large portion of monthly cellular data.

For 4G/LTE remote site operation, many ops do not need the latest software updates just because they're available. My plan is to bring back the remote PC on an annual basis for updating and maintenance. Hopefully, SSDR 2.0 and later won't always require the latest Windows install to function properly.

Paul, W9AC

WA2SQQ · May 2017

How can we read the entire article w/o having to sign up for this "service" - I get too much junk mail as it is.

Ria · May 2017

Unless you know what you're doing, turning off updates is irresponsible. Don't do it. Herd immunity matters.

If you lived through slammer and code red you know how much of a pain in the neck these worms can be.

Ria · May 2017

Only once did an update mess up my DAX but it was fixed with a reinstall.

Paul Christensen, W9AC · May 2017

Ria,

For most installations, it probably is irresponsible to disable updates. But where I have a PC installed in a communications shelter at the edge of the Okefenokee Swamp that runs on a 4G/LTE network, I would rather take my chances. The risk isn't eliminated but it's certainly reduced with no user-induced outbound web traffic there.

On the issue of hacking, if I've left the network vulnerable to an attack in front of the firewall then a Windows update isn't going to help mitigate a lot of potential damage created by someone who just accessed the LAN side of the network.

If the worst attack occurs at my remote site, I would rather have a back-up PC and router pre-provisioned and ready to roll in on a moment's notice.

Paul, W9AC

Ria · May 2017

This falls into the category of "you know what you're doing." For most other people, turning off updates endangers everyone.

Michael Coslo · May 2017

I would like that very much. I have DogPark, and will still use it, but I'd happily pay for a Mac Version. We always blame the victims, yet so many have no problem with Microsoft putting out such a brittle and vulnerable product.

Anyhow, the WannaCry decryptor works via phishing, with the EternalBlue and DoublePulsar exploits. It attacks SMB, and the most vulnerable systems are those still running XP and Windows 8 and Windows Server 2003. Even though these systems are no longer supported, Microsoft pushed out a patch for these systems as well.

Why on earth SMB is turned on if not needed remains a question for the ages. It is outdated, and by it's very nature, an exceptionally attractive and easy to access attack surface, once you accidentally hand the phishermen the keys to the kindom. This is as far as I am concerned, criminal.

Basically folks, don't click on any file you get in an email, the macro attacks have returned. Don't click on any links you get in an email, either.
Back up, with multiple copies, and not in the cloud.

And remember the thing about these patches? They come out after a whole lot of damage is done.

Reg · May 2017

I am running Windows 10 Enterprise LTSB on my ham radio PC's. Microsoft's description is, "The LTSB (long term servicing branch) allows businesses to refuse functionality-centric software updates while accepting only security-related amendments" With no updates to functionality I have been running W10E LTSB since the release and I have not had a single case where a Windows Update broke the configuration.

Peter K1PGV · May 2017

"Why on earth SMB is turned on if not needed remains a question for the ages. It is outdated, and by it's very nature, an exceptionally attractive and easy to access attack surface, once you accidentally hand the phishermen the keys to the kindom. This is as far as I am concerned, criminal. " Seriously? What are you TALKING about? SMB is the file sharing protocol on any Windows network. It's used among Windows machines, and between Windows and lots of file servers... from little Synology boxes to big boy NetApp systems. Its also super common for interacting with Linux-based servers (Samba or CIFS anyone?) It's far from outdated, it's regularly revised. The SMB protocol itself is in... what... it's third major revision in Windows 8 and later? It's high performance and provides some very complex features such as opportunistic locking (to facilitate client-side write-back caching). I don't understand what issue you claim to know about with SMB. "And remember the thing about these patches? They come out after a whole lot of damage is done. " Again, not accurate. The vulnerability used by WannaCry was patched in March, before it was exploited. Whine if you must about the constant updates or the technical inferiority of Windows. But please let's keep the comments technically accurate. Peter K1PGV

Ria · May 2017

I would be happy running SSDR under wine but it uses .NET. DPSDR is ok for basic use but not how I would primarily run my 6700.

WA2SQQ · May 2017

How can one convert to this version, if desired?

Peter K1PGV · May 2017

If you're going to use Windows 10 Enterprise, and you only use your computer to run your radio and associated radio programs, one very cool option might be to enable the Unified Write Filter (UWF) on your system and directing your logs to a flash drive. What UWF gets you is the ability to discard any changes to the system each time you reboot. You basically never have to worry about malware because your system is entirely read only. UWF is used a lot on thin clients and in corporate environments like call centers. The disadvantage is you need to explicit,ymdisable UWF when you want to upgrade any of the programs on your system. But for a system dedicated to one particular use, UWF can be very cool. Peter K1PGV

Michael Coslo · May 2017

Hey Peter, why so rude? Did I insult you in the past or something? If so, I apologize for the infraction.

Anyhow, what I am talking about might better be illustrated if you look up what the components of the of the WannaCry ransomware are. Specifically EthernetBlue and DoublePulsar, they have been used long before before Friday 12 May, 2017. If they were patched previously, Wannacry wouldn't work.

As well. I agree with what the people who wrote on Wikipedia that:

"Over the years, there have been many security vulnerabilities in Microsoft's implementation of the (smb) protocol or components on which it directly relies. Other vendors' security vulnerabilities lie primarily in a lack of support for newer like NTLMv2 and Kerberos in favor of protocols like NTLMv1, LanMan, or plaintext passwords. Real-time attack tracking shows that SMB is one of the primary attack vectors for intrusion attempts, for example the 2014 Sony Pictures attack and the Wannacry ransomware attack of 2017."

You can take it up with them, or you can edit the Wikipedia page if you are certain it is as innacurate as you believe. https://en.wikipedia.org/wiki/Server_Message_Block

All apologies for upsetting you, but seriously, I am not making this stuff up, and it is not anything new.

I won't make another posting about PC security matters.

Ria · May 2017

Both of your are correct. The vulnerability on Win 10, 8 and 7 was indeed not a 0 day and patched in March, but XP was not patched until a couple of days ago.

That brings us back to people who disabled Windows 10 updates or stayed on XP because they found Windows 10 updates annoying or "it just works and I don't wanna touch it."

VE7ATJ_Don · May 2017

I know other people are probably running the latest 'Creator Update' of Win10 (aka 1703) with no problems (cuz otherwise the forum would probably be FULL of messages), but after this latest Win10 update, I'm getting the Win10 equivalent of the Blue Screen of Death -- complaining about an IRLQ with a value of less than ... (something -- the message doesn't go far enough) and saying that the error shows up in a module sysnet04 (or something like that). I'm suspecting it's a problem with DAX or CAT, so I've shut off installing them for the time being to see if things stabilize.

As I say, I'm just providing this for info. I need to do more investigation, but it just happened on a completely 'clean' install of Win10 and nothing else installed on the computer except for SmartSDR 10.16.1. I wasn't even actually running the 6500 at that point -- Just reinstalling software.

FYI...

Don VE7ATJ

KY6LA_Howard · May 2017

There are a heck of a lot of Contest stations still on XP. In fact the Southern Cal Contest Club and the San Diego DX Club just published extensive detailed instructions on the latest XP patches yesterday. Why because XP and W7 work reliably and need no hand holding. W10 causes too many issues and needs far too much support especially after updates.

Peter K1PGV · May 2017

" I'm getting the Win10 equivalent of the Blue Screen of Death -- complaining about an IRLQ with a value of less than ..."

Sorry to hear that, Don. The crash would be "IRQL not less than or equal" (believe it or not, that's the entire message). This usually indicates a fatal flaw in a driver.

If you have the crash dump file (memory.dmp) feel free to email it to me at my call sign at ARRL dot net and I'll take a look and at least let you know what happened and which driver is at fault.

Peter
K1PGV

Peter K1PGV · May 2017

I apologize if my reply sounded overly strident, Mr. Coslo. My intention was not to offend you, but only to point out technically inaccurate information. If you have concrete information about the NSA toolkits being widely deployed in the wild prior to Windows being patched, as you seem to indicate, please contact me off list. I know people who will want this information. Peter K1PGV

Ria · May 2017

There are many fewer than there were, but there are also hams using DOS because windows causes too many issues. As for the issues, I really haven't had a problem, except for one time when my DAX drivers had to be reinstalled.

Bill W2PKY · May 2017

Hi Ria-
Please tell us you PC H/W config. Seems some H/W runs Win10 without issues and others have major problems running Win10 and SSDR.

Ria · May 2017

I have an old HP e9280t with a pegatron (Asus) motherboard, Core i7-930, AMD Radeon HD 4850 video card, 32GB RAM and 128GB Sandisk SSD.

Bill W2PKY · May 2017

Thought you would say some brandy-new thing that had Win10 from the factory!

AA0KM · May 2017

http://www.networkworld.com/article/3137065/security/shadow-brokers-leak-list-of-nsa-targets-and-compromised-servers.html

October 2016

Ria · May 2017

LOL! No sir. I use 100% old junk at home, except for my 6700.

I also typically keep PCs for 10 years. In fact this PC was a gift. I wasn't even thinking of replacing my old Dell Dimension which used RDRAM, but my SO took pity on me...

However to be totally fair the SSD and RAM are not stock (thank you micro center!) It also came with Vista from the factory and a free upgrade to Win 7.

Ria · May 2017

http://www.wearethemighty.com/articles/the-pentagon-operates-the-oldest-computer-program-still-in-use-from-1958?utm_medium=Facebook&utm_campaign=Evergreen&utm_source=WATM Pentagon has us all beat. When I did *ahem* government work I remember dealing with 8 inch disks and 9 track tape.

Preventing Windows 10 Updates

Comments

Leave a Comment

Categories