After installing an update to Windows Update released around the time of the start of the push to make everyone “upgrade” to Windows 10 made it no longer alert me that important updates are available, I have to glance at the available updates at least once every few days myself in order to catch any important ones released outside the normal schedule. Well, when I did that yesterday, I noticed two new optional ones, released on May 17, one of them being KB3156417, which when I checked I noticed had the interesting title of “May 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1”.
That looked like something I should look into more, so I did just that last night, immediately finding plenty of articles and an official post which make it clear that, while it’s not called as such, it’s pretty much Service Pack 2, including nearly all updates released after Service Pack 1. There are some exceptions, and I see people confirming that the “Get Windows 10” nagware is fortunately among the updates not included, but I’m not seeing an actual list anywhere and that’s not the only one I don’t want on my computer, so I’ll be staying away from it at least until I’ll know more.
Then again, my list of hidden updates is quite short and I’m sure that, on top of many unnecessary but at least harmless ones, I installed at least a few I shouldn’t have since this push to “upgrade” started. For example, as I was searching now I stumbled into a forum thread containing a long list, while my list of hidden updates includes only the following, which I’ll list along with the reason why I chose to hide them. However, short as it is, I definitely do not want these updates to end up installed:
Related to “upgrading” to Windows 10: KB2952664, KB3021917, KB3035583, KB3123862
Adding telemetry: KB3068708, KB3075249 (*), KB3080149
Causing some fonts to become hard to read: KB2970228, KB3102429
(*) This seems to no longer be offered, as I have it on this list I keep but it doesn’t show up as either hidden or available. I’m not even completely sure I hid it, as I know I simply left it pending for a long time and there is a chance I added it to the list of updates to avoid but never actually hid it before it vanished, if that didn’t happen very recently.
In addition, on top of KB3156417 and KB3139923, which was the other one released recently, at the moment I have KB3118401, KB3133977 and KB3140245 still pending, the first one because it makes me a bit wary, the second because there is something that sometimes feels a bit unstable after multiple reboots within a day or so and that update has a double restart requirement, and the third because I’d need to edit the registry to take advantage of what it adds and then write down what to do in case I’ll need to do it again later and at the moment I’m not sure I’ll get any real benefits from it.
But now we get to the worse problem: If you keep reading that official announcement, or the articles mentioning this development, you’ll notice that this sort of bundle will be the method of releasing non-security updates from now on, as only the security updates will continue to be released separately while everything else will be available as a single monthly bundle. It is of course “sold” as a way to simplify the process and improve compatibility, but it’s obviously the latest in the series of methods to force users who stay away from the newer version of Windows, in large part just in order to avoid these things, to install undesired updates, starting with telemetry, possibly more ways to push Windows 10, and who knows what else, including those that they simply know will cause them problems. And this comes just at the end of the free Windows 10 “upgrade” period, so people who’ll want a way out of whatever will happen to their systems will need to pay for what may unfortunately quickly become a slightly lesser evil.
There’s also something there about updates no longer being available to manually download from the Microsoft Download Center, but only from the Microsoft Update Catalog, which is an old and, from what I gather, largely abandoned function that requires installing an ActiveX control, and therefore also using Internet Explorer, in order to use. There are promises that the Catalog will be updated in the next few months to remove the ActiveX requirement and therefore also allow the use of other browsers, but it’s definitely a bad practice to first require the use of something and only later develop it, which again makes me suspicious of the motives behind the move.
Either way, the main point of this post is to raise another alarm over these bundles of non-security updates that will be the only way to obtain said updates from now on, and which are certain to also include those people specifically want to avoid. As such, I guess the standard recommendation from now on will be to not install any of them, as they may even make some other methods of avoiding some of the undesirable consequences obsolete, and perhaps if you find yourself needing an included patch to try to find a way extract it individually from the package or find it posted separately somewhere by someone who did extract it, assuming you trust the source.