Get hooked up with AT&T ConnecTechDefending yourself against Microsoft
Yesterday I wrote that Windows is malware. I said this because:
Microsoft can and will update your copy of Windows whenever they feel like it, regardless of your wishes. And, they feel no obligation to tell you what they've done. Your computer is just a zombie to them.
Defending yourself against Microsoft involves turning off automatic updates and that's what this posting is about.
At first glance, turning off Automatic Updates seems simple enough. In Windows XP, you go to the Control Panel, then System, then the Automatic Updates tab and click on the radio button to turn off automatic updates (as shown below). But Windows is lying to you, simply doing this does not turn off Automatic Updates.
The thing that actually installs bug fixes is a component of Windows called the Automatic Updates service. A service is a computer program that runs in the background, so you're not aware that it's there. You may not even see it listed on the Processes tab of Task Manager. A single instance of the svchost.exe process hosts from one to many different services.
Windows consists of many services, the XP machine I'm using to write this posting has over 90. Some services directly translate to a visible feature of Windows. For example, if you have ever used Windows to configure a WiFi connection, then you've been communicating with the Wireless Zero Configuration service. The Automatic Updates service is the one that handles patches to Windows. The name sounds better than the Automatic Bug Fix Service, but that's what it is.
At any point in time a service is either started (on) or stopped (off). A computer that does not use WiFi, for example, should have this service turned off since it won't be needed.
When Windows starts up, it turns on some services and does not turn on others, depending on an attribute of the service called the Startup Type. If the Startup Type is Automatic, the service is automatically started when Windows boots. If the Startup Type is either Manual or Disabled, the service is not started.
A Manual service can be started by another service on an as-needed basis. A Disabled service can not be started until the Startup Type is changed to either Manual or Automatic.
When I said earlier that Windows is lying to you, I meant that even when Automatic Updates are turned off in the Services applet in the Control Panel, the underlying Automatic Updates service remains on. This is why Microsoft can update your computer whenever they feel like it.
To defend against the Borg Microsoft, disable the Automatic Updates service.
In Windows XP, go to the Control Panel, then Administrative Tools, then Services. You'll see a window like that above, listing each service, its current Status and Startup Type. A blank status means the service is not running (off), a status of "Started" means that it is (on). Get the properties of the Automatic Updates service and change the startup type to disabled (see below).
Interestingly, disabling a service does not stop it, if it's already running. If you want, you can also stop the current instance of the service, but the more important point is that the next time Windows starts up, it will be off. And it will remain off/disabled until you manually change the Startup Type.
But, sometimes you want to install Windows bug fixes.
To do so, you need to change the startup type of the Automatic Updates service to Automatic and then start the service. Interestingly, the Windows Update web site will not function if the Automatic Updates service is running but the startup type is set to Manual. Microsoft really wants this service running all the time. I wonder why.
When you are done installing bug fixes, stop and disable the Automatic Updates service until next time. Note that the Background Intelligent Transfer service is also required for Windows Update to function, but it works fine, in Windows XP, with a Startup Type of Manual.
Interestingly, this has always been my advice for dealing with automatic updates. At first, my opinion was based simply on the fact that I prefer to run Windows Update manually, so there is no need to have the Automatic Updates service running. Then, my opinion was strengthened by a bug in the Automatic Updates service that caused the poor processor to run at 100% usage rendering your computer slow as molasses.
And now this.
Update: September 16, 2007. Clarified the point that disabling a running service does not stop the current instance of that service.
Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
I feel completely and totally violated when someone 'creeps' into my private world and starts nosing around, but apparently some people do not mind.
I have a lot of respect for what Mr. Gates (after nailing Steve Jobs out an excellent idea). The computer and internet have made this world the size of a tennis ball. I have used it as the most valuable tool I have ever owned. The answer to every question and the seeker of every form of entertainment.
But I work hard at keeping my puters in good shape with the help of Ashampoo's Suite and find myself inflamed by the actions of people who are determined to snoop around inside my computer while destroying parts of it.
So how do George and Bill wind up as bed partners?? Both with so much power that they love the feeling that comes with making people grovel under their feet. George with his listening in and Bill with his peeking in.
The whole mess is downgrading, demeaning and utterly intrusive because Microsoft is NOT JUST INSTALLING UPDATES, it is prying into something that is not theirs anymore.
Home computing needs an adversary for Microsoft, but Bill would not allow that. Apple (Who has the best music player in my opinion) tries to compete, but they are like Radio Shack and using an operating system that few make equipment for.
Sure, there are those people who believe that being listened in on is a compliment, but the last original idea they had was tying their shoes this morning.
I took your advice and turned off the updates completely and when I turned off last night, surprisingly 83 updates were there to install. Curious. But this still does not stop George Bush from listening to my phone calls and reading my internet stuff nor does it stop Microsoft from walking around inside my house, peeking and peering.
You have done good for the world Microsoft, now please go to hell. Thank you
=====================================
:: Windows Update (v.6) Manager
:: Version 2.1
::
:: WU6.bat file allows to connect to Windows Update site and to retrieve all
:: necessary updates from there as usual. Additionally, the rest of the time
:: it keeps unnecessary services ("Windows Update" - wuauserv and, if required,
:: BITS service) stopped and with startup type set to 'disabled', eliminating
:: extra resource usage and stopping unwanted updates that may be pushed on
:: computer via different Automatic Update mechanisms.
::
:: To use WU6.bat file - make a shortcut to it and run it instead of regular
:: Windows Update (in Start/All Programs menu). BAT file will start necessary
:: services and start IE opening Windows Update web page. Then, when updates
:: are done, just close IE and WU6.bat will stop extra services and set their
:: startup type as 'disabled'.
::
:: If WU procedure forces reboot of computer - services will be automatically
:: stopped and set to "Disabled" startup type after the next boot of OS.
::
:: If you want just to stop services and set startup type as 'disabled' run:
:: WU6.bat stop
::
:: By default WU5.bat handles BITS service. If you want it to do not touch
:: BITS service - change command line in shortcut by adding option 'noBITS'.
:: For example: WU6.bat noBITS
::
:: © 2007 OZO
@echo off
title WU v.6 Manager 2.1
setlocal
if '%1'=='stop' goto ServiceReset
echo Adding WU6 to registry RunOnce key
set MyName=%~f0 stop %1
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v WU6 /d "%MyName%" /f
echo Running Windows Update v.6... Wait until it's done.
echo Changing 'wuauserv' startup type to 'auto'
sc config wuauserv start= auto
echo Starting 'wuauserv'
sc start wuauserv
if '%1'=='noBITS' (
echo Do not touch BITS service at this time
) else (
echo Changing BITS startup type to 'auto'
sc config BITS start= auto
echo Starting BITS
sc start BITS
)
echo Starting IE browser...
echo if a reboot is required, this batch file should disable the BITS and AU services after the reboot is done.
start /wait "%PROGRAMFILES%\Internet Explorer\IEXPLORE.EXE" http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
:ServiceReset
echo Stopping unnecessary 'wuauserv' service...
sc stop wuauserv
echo Changing 'wuauserv' startup type to 'disabled'
sc config wuauserv start= disabled
if '%1'=='stop' (
if '%2'=='noBITS' goto dont_stop_BITS
) else (
if '%1'=='noBITS' goto dont_stop_BITS
)
echo Stopping unnecessary 'BITS' service...
sc stop BITS
echo Changing 'BITS' startup type to 'disabled'
sc config BITS start= disabled
:dont_stop_BITS
:end
if not '%1'=='stop' (
echo Removing WU6 from registry RunOnce key
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v WU6 /f
)
endlocal
::pause
=====================================