For those using Win 10....

[JamesF]

1 minute ago, Davey-T said:

I see you're on a nice journey building your obs'y James 

Dave

Now that is an experience

James

[Oddsocks]

53 minutes ago, upahill said:

I used to use a program called PC Decrapifier when restoring systems from factory for customers. Just checked and its still going, might have to try it again.
Fed up of finding new games on my system I never wanted.

I only run Win 10 as a VM for testing development software and hardware and need to keep the VM’s as small as possible.

I found this webpage a while ago that shows you how to turn off Windows automatic distribution of ‘Suggested App’s’ that bloat the hard drive, it seems to work quite well and the VM has remained roughly the same size for a few months now.

I didn’t risk downloading the registry scripts on the linked page though, just open the registry editor and edit the DWORD value. Note that this does not stop updates, just the bloatware that MS seems to think I want.

https://www.tenforums.com/tutorials/68217-turn-off-automatic-installation-suggested-apps-windows-10-a.html

HTH.

[Gasman]

Finished....phew  so far so good can`t be ar$ed to try the new stuff like getting texts from your phone etc also a few photo processing tools as far as I can see. At least my i5 laptop is still going, will wait for another night to do my i7 desktop. They (MS) seem to make a big thing about tailoring ads for you??. A bit weird when it says my virus and firewall are turned off but when checking Mcafee everythings turned on?.

Steve

[don4l]

I have a Linux proxy sitting between my astronomy pc's and the internet.  Filters are in place that prevent contact with Microsoft. 

 

Somebody should produce  a Rasberry Pi that comes preconfigured to do the job.

[Demonperformer]

5 hours ago, JamesF said:

I bet in some cases the manufacturer/vendor takes the attitude that they'll wait and see if anyone complains before doing any work.

This may be apocryphal, but I understood that this was the reason Windoze 98 came out in two versions - the original which was ghastly, wait for customers to report all the bugs and then fix them, and then sell them Windoze 98SE (which I still think was the best OS).

[Demonperformer]

2 hours ago, don4l said:

I have a Linux proxy sitting between my astronomy pc's and the internet.  Filters are in place that prevent contact with Microsoft.

Am I understanding this correctly? Your Windoze 10 machine has internet access but will not talk to Microsoft? Tell us more (I'm a Linux dummy!) ...

[reezeh]

13 hours ago, Philip R said:

I think I'll re-install FreeDos & MS-Windows 3.1x... 

That's one hell of an upgrade!

[reezeh]

9 hours ago, johninderby said:

The odd thing though is why do some people have no problems at all with the updates and others just have grief???

It's all a "Conspiracy Theory"

Microsoft will tell you there's people who don't have problems then run an office sweepstake as to which member of staff in their office stops laughing first ?

[reezeh]

9 hours ago, upahill said:

Linux was never totally secure, just security through obscurity.  There was little point coding a virus/trojan etc for a linux (or mac machine back in the day) as so few people used it. It's getting more and more popular now though so I expect the game has changed somewhat.

Once installed Windows 95 from 50+ floppy disks - not a pleasant experience ?

I don't mind windows updating, kind of what we pay for isnt it? But I do wish we had more openly accessible control over the how and when.

Used properly, 'nix is practically virus-proof as an OS, but your data in your personal account is as subject as any other OS.

It's when you use the computer as an admin that it's vulnerable; something that is regarded as bad practice in that little world.

[don4l]

4 hours ago, Demonperformer said:

Am I understanding this correctly? Your Windoze 10 machine has internet access but will not talk to Microsoft? Tell us more (I'm a Linux dummy!) ...

My W10 machine thinks that the Linux box is my ISP.

My ISP thinks that my Linux box is my W10 machine. 

Here is a link that explains it:- https://www.techrepublic.com/article/how-to-install-and-configure-squid-proxy-server-on-linux/

 

The main reason for having a proxy is that you can have hundreds of PC's sitting behind a single IP address.  The proxy is completely configurable and can allow or deny all sorts of traffic. 

It should be a simple task for someone to produce a version of the Rasberry that was an easy to use Proxy server.

[upahill]

2 hours ago, reezeh said:

Used properly, 'nix is practically virus-proof as an OS, but your data in your personal account is as subject as any other OS.

It's when you use the computer as an admin that it's vulnerable; something that is regarded as bad practice in that little world.

I use linux for most of my servers, it's not bulletproof but generally much safer as the majority of code is open to be inspected and community verified which I like. I prefer using windows on my day to day machines though as frankly its just nicer. I did rebel in my teens and insist on using solely linux for a while but eventually the lure of windows returned.

[stash_old]

10 hours ago, don4l said:

I have a Linux proxy sitting between my astronomy pc's and the internet.  Filters are in place that prevent contact with Microsoft. 

 

Somebody should produce  a Rasberry Pi that comes preconfigured to do the job.

You can do most of that via most modern routers provided by ISP's - Content filtering,black listing,port blocking etc.

For Windows users there is Wingate proxy (been around for 20yrs) - free up to 10 PC's

 

[coatesg]

15 hours ago, Davey-T said:

Nope mine came brand new with Win10 factory installed and so far has been stuffed twice by updates and once got itself into an endless loop claiming it was installing them but actually doing nothing.

Factory installed by the manufacturer isn't quite the same as a fresh install from original media though....

[coatesg]

3 hours ago, don4l said:

My W10 machine thinks that the Linux box is my ISP.

My ISP thinks that my Linux box is my W10 machine. 

Here is a link that explains it:- https://www.techrepublic.com/article/how-to-install-and-configure-squid-proxy-server-on-linux/

 

I kinda think this is the worst of both worlds - not only do you not get security updates (unless you manually apply them?) but you're still allowing the PC unfettered access to the internet (and are therefore liable to driveby attacks and the like). 

If you are manually applying the security fixes only, there does come a point where you have to take the feature update to allow the patches to apply.

[JonC]

I use have used a wide variety of OS over the years, the only one I never had an update issue with was OSX on a hackintosh. Rather amusingly when I was running it Apple released a patch that caused lots of issues for users, but because of the delay for sorting stuff for hackintosh the update was pulled before it made its way across.

 

Windows wise I run win10 pro and keep everything up to date, I never use manufacturer factory installs, and assemble my own desktop rigs. My laptops tend to be business or gaming grade. I see most problems on the cheap new ones, so if its a tight budget I for a  refurb. I use a wide range of OS at work but stick to windows at home, dumped the hackintosh a few years back.

[don4l]

6 minutes ago, coatesg said:

I kinda think this is the worst of both worlds - not only do you not get security updates (unless you manually apply them?) but you're still allowing the PC unfettered access to the internet (and are therefore liable to driveby attacks and the like). 

If you are manually applying the security fixes only, there does come a point where you have to take the feature update to allow the patches to apply.

 

This is a matter of choice.

I don't want any updates.  My PC is working just fine as it is.  I used to have some very useful software that controlled my image acquisition.  I cannot get it to work on W10.  I don't want to risk any further changes to my system.

 

Most people who get hit by viruses are relying on anti-virus protection.  Most viruses are written to bypass existing security.  Therefore, by definition, all protection is at least a few days out of date.

I completely accept that my approach is not suitable for everyone.

[fozzybear]

just an update my windows 10 pro desktop just received the update on an i5 HP desktop took half an hour and 3 reboots so far so good all working fine. (last words) touch wood, Dam non about oh the desk. and three hail Mary's ……?‍? plus 20gb as windows.old just in case I need to go back

[Gasman]

Just updated my i7 desktop, took about 20 mins no probs ?.

Steve

[Dr_Ju_ju]

For those that want to stop their windows machines talking to Microsoft, or even other crud sites, is to simply update their local hosts file (C:\Windows\System32\drivers\etc\hosts) & point everything to ip address 0.0.0.0 e.g.

# Windows 10 reporting domains.
0.0.0.0 a.ads2.msads.net
0.0.0.0 adnexus.net
0.0.0.0 aidps.atdmt.com
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 c.atdmt.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 c.msn.com
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 preview.msn.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sO.2mdn.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 wes.df.telemetry.microsoft.com

 

 

[MarsG76]

On 04/10/2018 at 02:18, Philip R said:

I think I'll re-install FreeDos & MS-Windows 3.1x... 

You do that, history lessons are good... but what I meant was that my system works perfectly.. so If it ain't broke, I ain't gunna be fixin' it.... 

[stash_old]

15 hours ago, Dr_Ju_ju said:

For those that want to stop their windows machines talking to Microsoft, or even other crud sites, is to simply update their local hosts file (C:\Windows\System32\drivers\etc\hosts) & point everything to ip address 0.0.0.0 e.g.

# Windows 10 reporting domains.
0.0.0.0 a.ads2.msads.net
0.0.0.0 adnexus.net
0.0.0.0 aidps.atdmt.com
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 c.atdmt.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 c.msn.com
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 preview.msn.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sO.2mdn.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 wes.df.telemetry.microsoft.com

 

 

Wont help if your PC has a certain Chinese Chip on board https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/ - I am sure other countries do the same LOL ?    P.S. This is not fake news !!!!

[upahill]

5 minutes ago, stash_old said:

Wont help if your PC has a certain Chinese Chip on board https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/ - I am sure other countries do the same LOL ?    P.S. This is not fake news !!!!

If you are running windows 10 on that supermicro hardware you're doing something wrong ? Even if that chip can do what they are claiming, any modified data would still be subjected to the network infrastructures security protocols.

[JamesF]

6 minutes ago, stash_old said:

Wont help if your PC has a certain Chinese Chip on board https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/ - I am sure other countries do the same LOL ?    P.S. This is not fake news !!!!

I read the Bloomberg article last night.  I'm really not sure what to make of it.

It seems so far-fetched as to be implausible.  Apple, Amazon and Supermicro have denied it.  But it has the potential to do significant damage to their businesses and yet there is no mention of any of the companies trying to get an injunction to prevent it being published, nor threats of legal action now it has been published.  I'd have been expecting the lawyers to be ordering new yachts already.

James

[JamesF]

3 minutes ago, upahill said:

If you are running windows 10 on that supermicro hardware you're doing something wrong ? Even if that chip can do what they are claiming, any modified data would still be subjected to the network infrastructures security protocols.

This is true.  However the original Bloomberg article suggests that the device may be able to recognise patterns of behaviour from the data being transferred around the system and modify instructions as they are transferred from memory to the CPU.  So if, for example, you have a system that allows external access to your network via a VPN, it may be possible to modify the code executed such that it would allow some connections to be made without authentication.  That sort of attack is probably much harder to defend against.

James

[Davey-T]

Best not tell a certain person or all production will be confined to the USA 

Dave