Windows7/8 - Updates to hide to prevent Windows 10 Upgrade / Disable Telemetry

Discussion in 'Windows OS and Software' started by Phoenix, Aug 23, 2015.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,657
    Messages:
    16,178
    Likes Received:
    19,901
    Trophy Points:
    931
    Good recommendation, I use that as well. In fact I use a number of sources to draw on for blocking on Windows 7 / 8.1, loading the lists into various tools in the OS and browsers, as well as perimeter network devices, all work together to provide what I hope is a semi-seamless barrier.

    These issues are now in the mind of the average person far deeper than before, so hopefully this will cause pressure to be applied to Microsoft as well, and stop all this craziness - sucking the time and life from their customers. o_O

    ScriptSafe has replaced my use of NoScript for now, and I use the host blocking in ScriptSafe to load block lists too. And, along with uBlock Origin + Privacy Badger + AdBlocker for Youtube / Facebook, and I am happy for now with browser blocking.
     
    Riley Martin likes this.
  2. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    3,305
    Messages:
    6,330
    Likes Received:
    4,136
    Trophy Points:
    431
    You can use Chef Koch telemetry and annoyance disabler for w10 from github. I follow that guide.
     
    hmscott and Riley Martin like this.
  3. Riley Martin

    Riley Martin Notebook Geek

    Reputations:
    20
    Messages:
    86
    Likes Received:
    113
    Trophy Points:
    41
    I'm curious what you meant by Permimeter Network Devices? For e.g., like Block Items saved in Router settings? (outside of hosts file lists used by my browser, plus my own hosts file, and firewall, my only other tweak is Block Items -so just curious if there's anything else I can do. Thanks in advance for any help.

    PS -Today's KB4093118 is funny. Who keeps IE enabled these days? The update provides fixes for past F-ups, yet Known Issues include SMB server memory leaks, yada yada. Vegas oddsmakers have the new Simplix Update Pack over/under at 08-18-2018. I'm taking the Over. :)
    https://support.microsoft.com/en-us/help/4093118/windows-7-update-kb4093118
     
    Raiderman likes this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,657
    Messages:
    16,178
    Likes Received:
    19,901
    Trophy Points:
    931
    Unfortunately the simple answer is that it's complex :)

    There are schools of thought on where to block and where to let free through connect, so as to not burden the network device with "unnecessary filtering".

    It turns out all the schools of thought agree on blocking bad traffic, in and out, but they have differing opinion on the level and place to put the blocking.

    It's different for every network, every application, fortunately the home user has only 1 or 2 choice's - the router or the PC, and hoping that the upstream provider blocks and handles DDOS events for you - not always / often the case.

    Most people have access to and control over their personal PC - at least their own - and can install filters in their PC firewall, DNS server for local control blocking - both serving all applications, and application specific filters like in browsers, but they all block either an IP address, IP Range, DNS domain or DNS sub-domain, and / or substitute "fake" IP's - localhost, a local spoofed web address with content return for applications that respond better to a return than a block.

    Forms of those block lists - black lists, and white lists (pass through) established for lowest latency processing for some destinations / sources, can be installed in Perimeter Network Devices.

    The network perimeters are established at routing, switching, gateway devices to logically and / or physically separate packet domains, real or virtual.

    So your home router is a Perimeter network device, as is your PC node firewall, as is the ISP's switch / router that provides you connectivity, as is each device visible and "invisible" passing your packets up and down stream to / from packet destination / sources.

    Simple blocking at the perimeter network device, like blocking your own source IP address from entering from the internet - someone spoofing your network device IP trying to use that deception to pass through services as if they were on your network.

    You can block multicast packets, ICMP packets, and other protocol level blocking to reduce the chance of intrusion.

    Your simple home router probably has some of these options built in, and others, enabled by default or by user enable.

    Some routers will allow you to block IP's, IP ranges, DNS domains and sub-domains as well. So you can block specific annoying incoming traffic, or to deny access to external devices and services - keeping your kids or employee's "safe" from time wasting accesses :)

    Then you can use all of these options to greater effect by loading lists of malware and known bad sites to protect all devices on your LAN / WLAN - like phones, TV's, refrigerators, monitoring cameras, PC's, etc.

    There are "gaming" routers that have enough memory and fast CPU's for home use that can handle large block lists and still provide excellent lag free throughput. Especially when you white-list some destinations - like gaming sites / services - or protocols - so those packets are quickly processed before the rest of the blocking activity is applied.

    There are lots of different routers / access points / switches and their software interfaces using differing paths to do the same thing. After reading the manual and online support info for that specific device, there are lots of online sources for block lists and suggested filter priority techniques.

    There are some devices already available for companies to assist them in securing their network and tuning their access, but they are way too expensive to suggest for home users, and really you can accomplish almost all the same functionality with your hardware - if you research the exploits, domains, and IP ranges to block.

    I hope that helps. :)
     
    Last edited: Apr 11, 2018
  5. Riley Martin

    Riley Martin Notebook Geek

    Reputations:
    20
    Messages:
    86
    Likes Received:
    113
    Trophy Points:
    41
    Makes a lot of sense. Assuming you use a VPN, what about loopbacks to your IP -depending on the multitudes of VPN client applications or configurations, can a VPN loopback be a concern? Lots to digest, and I get the crux... just need to spend some time in this new wormhole. :) Many thanks for the dynamite feedback!

    Very curious... sounds like you've taken smart steps to negate MS intrusion into your machine's business, so to speak.
    *Question: Looking at your Network Activity or Resource Monitor, or even better Wireshark packets -do you have ANY Microsoft IPs/servers sniffing around your machines? (barring anything you've initiated, say WinUpdate). Thanks so much hmscott! Good stuff!
     
    Vasudev and hmscott like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,657
    Messages:
    16,178
    Likes Received:
    19,901
    Trophy Points:
    931
    Yeah, can't really comment on that... but you've got the right idea, y'all are well on the path to finding out for yourselves... :)

    FYI - every such report that is any good I've seen on the internet that shows such traffic exists, even after blocking techniques are used, quickly disappear, it must be a "sniffles virus", "Aaah Choooo!!, and it's gone - poof!!. :confused::p:D:eek:o_O
     
    Riley Martin likes this.
  7. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    3,305
    Messages:
    6,330
    Likes Received:
    4,136
    Trophy Points:
    431
    @hmscott Do you use Cloudfare DNS or something else along with VPN?
     
    Riley Martin and hmscott like this.
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,657
    Messages:
    16,178
    Likes Received:
    19,901
    Trophy Points:
    931
    There are lots of free and open DNS options, I wouldn't suggest Cloudflare DNS as a top choice, you have to be able to trust the DNS provider on a number of levels.
     
    Last edited: Apr 11, 2018
    Riley Martin likes this.
  9. Riley Martin

    Riley Martin Notebook Geek

    Reputations:
    20
    Messages:
    86
    Likes Received:
    113
    Trophy Points:
    41
    You guys prob. know about OpenNic, but for anyone who doesn't... it's a neat project.
    https://www.opennic.org/
     
    hmscott likes this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,657
    Messages:
    16,178
    Likes Received:
    19,901
    Trophy Points:
    931
    Primes and Riley Martin like this.
Loading...

Share This Page