Windows 7 updates

About a week or so ago I got notifications of Windows 7 updates. I
attempted to install them and they failed several times. Now with all
the talk about update problems I'm afraid to even try. Right now they
are offering Important Updates KB4055532 and KB890830. Optional ones
are KB2310138, KB4057400 and KB4057270. Am I being overly concerned or
should I attempt to install them? Thanks.

On 1/20/2018 6:22 AM, Art Todesco wrote:
About a week or so ago I got notifications of Windows 7 updates. I
attempted to install them and they failed several times. Now with all
the talk about update problems I'm afraid to even try. Right now they
are offering Important Updates KB4055532 and KB890830. Optional ones
are KB2310138, KB4057400 and KB4057270. Am I being overly concerned or
should I attempt to install them? Thanks.


A revised KB4055532 was released just this past Thursday. I will waite
until the end of next week before installing it, in case Microsoft
revises it again.

I record the KB numbers of updates I reject. KB890830 and KB2310138 are
not in my list, which means Microsoft has not offered them to me.

KB4057400 and KB4057270 are "preview" updates, which I never touch.
These are released so that Microsoft can see the users' experience with
them, effectively making the users part of the test team. Having
retired after 30+ years as a tester of software used to operate space
satellites for the military, I prefer not to be an unpaid tester for
Microsoft. Updates for these two will be rereleased later, not as
"preview" updates.

--
David E. Ross
http://www.rossde.com/

President Trump: Please stop using Twitter. We need
to hear your voice and see you talking. We need to know
when your message is really your own and not your attorney's.

Art Todesco wrote:

About a week or so ago I got notifications of Windows 7 updates. I
attempted to install them and they failed several times. Now with all
the talk about update problems I'm afraid to even try. Right now they
are offering Important Updates KB4055532 and KB890830. Optional ones
are KB2310138, KB4057400 and KB4057270. Am I being overly concerned or
should I attempt to install them? Thanks.

Only when bringing a fresh install up-to-date with a huge number of
updates do you want to do as many at a time as possible (which may
require multiple passes to get down the remaining count). Once the
number of updates is down to a dozen, or less, do them one at a time.

Sometimes they conflict or interfere with each other. The manifest is
supposed to account for conflict and dependency but it doesn't always
work, or the software update catalog (a local database) gets out of sync
(and why you keep getting offered an update you've already applied).
There have been times that I've had to clear the local software update
catalog (there are lots of online articles how to do this) to install
the remaining updates. When you delete the catalog, it gets rebuilt in
the next Windows update check by scanning the current state of your
host.

Personally I never install updates the moment Microsoft releases it to
their WU publication channel. I wait a couple weeks, or longer. This
lets Microsoft fix their updates with a new revision. It also allows
some time for other guinea pigs to document their tribulations with the
updates and for some non-Microsoft document to appear, like over at
AskWoody (https://www.askwoody.com/). Microsoft has made it very clear
that they intend the description for their updates to become vague.
Many tell you nothing about what the update addresses or what it
changes. Microsoft considers users too stupid to understand.

KB4055532
https://support.microsoft.com/en-us/...-2-4-6-4-6-1-4
shortURL = http://tinyurl.com/yah56oub
Security and Quality Rollup for .NET Framework ...
This is the only one offered that you listed you should try to get.
Download only this one to install. You don't need any of the other
updates. If it fails by itself, you may have to use the cleansing
trick with the software update catalog.

KB890830
https://support.microsoft.com/en-us/...-software-remo
Windows Malicious Software Removal Tool ...
Not important. That's just the monthly malware scan: very basic,
doesn't catch much, only looks for past major malware. Only needed if
you use *no* anti-virus/malware software. Defender also has that
coverage. 3rd party AVs have far superior coverage. This does not
install. It downloads & runs. If nothing is found, it gets deleted.

KB2310138
Definition Update for Microsoft Security Essentials
You really need to be using superior AV software. Disable Defender,
uninstall MSE, and using something better. There are lots of free
choices (e.g., Avast, Avira, Bitdefender).

KB4057400
https://support.microsoft.com/en-us/...date-kb4057400
Preview of Monthly Rollup
NEVER install these. This is Microsoft using their non-corporate
customers as guinea pigs to test out changes. It is a *preview*.
Wait until next month when it is actually released as non-preview.
When these are listed in the updates list, right-click on them and
choose to Hide them.

KB4057270
https://support.microsoft.com/en-us/help/4057270 (page not found *)
Preview of Quality Rollup for .NET Framework ...
Yeah, more preview crap. Hide it.
* This is the URL that Microsoft gives in their online catalog search
to the KB article. They ****ed up and that page cannot be found.

On 1/20/2018 1:10 PM, VanguardLH wrote:
Art Todesco wrote:

About a week or so ago I got notifications of Windows 7 updates. I
attempted to install them and they failed several times. Now with all
the talk about update problems I'm afraid to even try. Right now they
are offering Important Updates KB4055532 and KB890830. Optional ones
are KB2310138, KB4057400 and KB4057270. Am I being overly concerned or
should I attempt to install them? Thanks.

Only when bringing a fresh install up-to-date with a huge number of
updates do you want to do as many at a time as possible (which may
require multiple passes to get down the remaining count). Once the
number of updates is down to a dozen, or less, do them one at a time.

Sometimes they conflict or interfere with each other. The manifest is
supposed to account for conflict and dependency but it doesn't always
work, or the software update catalog (a local database) gets out of sync
(and why you keep getting offered an update you've already applied).
There have been times that I've had to clear the local software update
catalog (there are lots of online articles how to do this) to install
the remaining updates. When you delete the catalog, it gets rebuilt in
the next Windows update check by scanning the current state of your
host.

Personally I never install updates the moment Microsoft releases it to
their WU publication channel. I wait a couple weeks, or longer. This
lets Microsoft fix their updates with a new revision. It also allows
some time for other guinea pigs to document their tribulations with the
updates and for some non-Microsoft document to appear, like over at
AskWoody (https://www.askwoody.com/). Microsoft has made it very clear
that they intend the description for their updates to become vague.
Many tell you nothing about what the update addresses or what it
changes. Microsoft considers users too stupid to understand.

KB4055532
https://support.microsoft.com/en-us/...-2-4-6-4-6-1-4
shortURL = http://tinyurl.com/yah56oub
Security and Quality Rollup for .NET Framework ...
This is the only one offered that you listed you should try to get.
Download only this one to install. You don't need any of the other
updates. If it fails by itself, you may have to use the cleansing
trick with the software update catalog.

KB890830
https://support.microsoft.com/en-us/...-software-remo
Windows Malicious Software Removal Tool ...
Not important. That's just the monthly malware scan: very basic,
doesn't catch much, only looks for past major malware. Only needed if
you use *no* anti-virus/malware software. Defender also has that
coverage. 3rd party AVs have far superior coverage. This does not
install. It downloads & runs. If nothing is found, it gets deleted.

KB2310138
Definition Update for Microsoft Security Essentials
You really need to be using superior AV software. Disable Defender,
uninstall MSE, and using something better. There are lots of free
choices (e.g., Avast, Avira, Bitdefender).

KB4057400
https://support.microsoft.com/en-us/...date-kb4057400
Preview of Monthly Rollup
NEVER install these. This is Microsoft using their non-corporate
customers as guinea pigs to test out changes. It is a *preview*.
Wait until next month when it is actually released as non-preview.
When these are listed in the updates list, right-click on them and
choose to Hide them.

KB4057270
https://support.microsoft.com/en-us/help/4057270 (page not found *)
Preview of Quality Rollup for .NET Framework ...
Yeah, more preview crap. Hide it.
* This is the URL that Microsoft gives in their online catalog search
to the KB article. They ****ed up and that page cannot be found.

When I Google KB4057270 I get the below page on KB4054981?
https://support.microsoft.com/en-ca/...rk-4-6-4-6-1-4
They appear to be one in the same!
Don

Art Todesco wrote:
About a week or so ago I got notifications of Windows 7 updates. I
attempted to install them and they failed several times. Now with all
the talk about update problems I'm afraid to even try. Right now they
are offering Important Updates KB4055532 and KB890830. Optional ones
are KB2310138, KB4057400 and KB4057270. Am I being overly concerned or
should I attempt to install them? Thanks.

Ones like this, can be an attempt to bump your .NET up a version.
They're not always patches for the existing version. The security
word means "we actually fixed something", while the Quality Rollup
means "we added extra biscuits to the mix".

"Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1
updates for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4055532)"

https://support.microsoft.com/en-ca/...-2-4-6-4-6-1-4

On the test VM I set up a few days ago, I didn't bother with this
one and left the VM at 3.5.1.

*******

KB890830 is the monthly MSRT (a scanner to check for "popular"
malware, which runs over and above any other AV on the machine).

*******

KB2310138 tells you it's an oldie and it's likely recurring.
I'd let that one in, just to keep MSE up to date. There was at
least one exploit in the last few months that involved exploiting
a Microsoft AV product, so it's a good idea to take their
updates even when you're not using the subsystem.

"Description of Microsoft Security Essentials and of the definition file updates for beta version 2.0.0375.0"

https://support.microsoft.com/en-ca/...definition-fil

*******

"Preview of monthly rollup" - don't bother, you'll get this in
February, when bugs in it are fixed

https://support.microsoft.com/en-ca/...date-kb4057400

Similarly, the other one is a preview as well, and doesn't
even have a proper KB yet.

"4057270 January 2018 Preview of the Quality Rollups for .NET Framework
3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 for
Windows 7 SP1 and Server 2008 R2 SP1 (KB 4057270)"

That's similar to the one at the top of the page,
but you'll get the real version offered in February when it's
fully baked.

*******

The one you'd want to check for in your Windows Update
history, is '897. That might be the Meltdown/Spectre
initial patch.

https://support.microsoft.com/en-us/...date-kb4056897

https://support.microsoft.com/en-us/...ws-server-2008

The keywords on these patches are "AMD processor" and
"32 bit OS". There have been problems with both on
some of the recent patches. If you had an Intel processor
and a 64 bit OS, then installing the Meltdown/Spectre
might have a clearer status.

https://www.computerworld.com/articl...rocessors.html

The proper descriptive text in the patch was also removed
by Microsoft. The Windows 10 version looked like this.
Win7 wouldn't have the "Microsoft Edge" line, or
the line for LXSS, but would have the other lines.
The stuff on the right, is my "interpretation" of
why they would be patching these.

Security updates to Windows SMB Server === Wannacrypt (SMB)
the Windows Subsystem for Linux, === Meltdown (via LXSS and how it connects to OS?)
Windows Kernel, === Meltdown plus regular monthly kernel exploit (other)
Windows Datacenter Networking, === SMB???
Windows Graphics, === regular monthly GDI exploit
(keeps company with regular kernel patch)
Microsoft Edge, === Spectre (JIT Javascript?)
Internet Explorer, === Spectre (JIT Javascript?)
and the Microsoft Scripting Engine. === Spectre (JIT Javascript?)

If your system had a Windows Update Troubleshooter,
it can clear out SoftwareDistribution and perhaps restore
Windows Update to a working state. Look in Control Panels
for a Troubleshooter item.

Updates can also be manually downloaded from
catalog.update.microsoft.com, by entering the KB number.
If your first search terms don't get a result,
keep trying different terms until it does. As
that thing is cranky at the best of times.
I like to add "Windows 7" to the search, so that
only the relevant ones show up, but sometimes that's
too much for the search engine to handle there.

Paul

On 1/20/2018 10:10 AM, VanguardLH wrote [in part]:
KB2310138
Definition Update for Microsoft Security Essentials
You really need to be using superior AV software. Disable Defender,
uninstall MSE, and using something better. There are lots of free
choices (e.g., Avast, Avira, Bitdefender).

I previously indicated that I keep a list of updates. Actually, it is
three lists: those updates I have installed, those I have rejected, and
those that I previously installed but then installed their replacements.

That latter list is amazing. So many Microsoft updates are replaced by
replacements of replacements, which is why I do not trust Security
Essentials to be my primary anti-malware application. After all, if
Microsoft cannot correctly fix a problem in its first release of an
update to its users, how can I trust Microsoft to provide protection
against malware?

I do not list the definition updates for Security Essentials. I
consider these to be data and they are released far too frequently to
bother. I just install them. However, I do not use Security Essentials
as my primary anti-malware application. I only use it to scan software
-- both Microsoft and non-Microsoft -- before installing. I also scan
such software with Malwarebytes and AVG Anti-Virus (belt and
suspenders). AVG is my primary anti-malware application.

--
David E. Ross
http://www.rossde.com/

President Trump: Please stop using Twitter. We need
to hear your voice and see you talking. We need to know
when your message is really your own and not your attorney's.

David E. Ross wrote:

VanguardLH wrote [in part]:

KB2310138
Definition Update for Microsoft Security Essentials
You really need to be using superior AV software. Disable Defender,
uninstall MSE, and using something better. There are lots of free
choices (e.g., Avast, Avira, Bitdefender).

I previously indicated that I keep a list of updates. Actually, it is
three lists: those updates I have installed, those I have rejected, and
those that I previously installed but then installed their replacements.

That latter list is amazing. So many Microsoft updates are replaced by
replacements of replacements, which is why I do not trust Security
Essentials to be my primary anti-malware application. After all, if
Microsoft cannot correctly fix a problem in its first release of an
update to its users, how can I trust Microsoft to provide protection
against malware?

When you marked an update as hidden (right-click, select Hide), it is
only for *that* revision of the update. If a new revision shows up for
the same update, the Hide gets ignored in the WU client.

Some of the updates are revisions of those updates. For example,
signature hashes of malware will change as there are permutations or new
varieties found. Instead of creating a new and separate update for just
a signature update, they may reuse the same update but a new revision.

Some updates are dependent on prior updates. That is, an update is not
applicable unless a prior dependent update was already been applied to
make a subsequent update applicable to the modified OS state. The
updates have to be chained. Alas, despite there is a manifest of which
updates are applicable and notes which are dependent or interferring to
others, there is no chaining of dependent updates. Instead you apply
the ones that are applicable now and then rescan for more updates to see
which, if any, become applicable AFTER you have applied the prior
updates upon which a later update is dependent.

When Microsoft was trying to foist their GWX (Get Windows 10) "update"
(KB3035583) on its users, they kept changing its revision. That way, if
users chose to hide that update, it would reappear in a WU notice when
Microsoft pushed a new revision of the same update. Back then, I used
GWX Control Panel (instead of GRC's Never10) to block all the GWX update
revisions. When Microsoft stopped trying to foist its malicious GWX
update, I didn't need to leave GWX Control Panel running anymore.

GWX Control Panel was just a safety net. I *always* review or research
the updates before applying them. There are always updates that
Microsoft pushes for software not even installed on my PC (e.g., Skype).

I see no reason to bother with Defender or MSSE updates or the monthly
malicious scan "update" (which is a program to run, scan, and
self-destruct if no malware found). When sifting flour, using coarse
and fine grained sifters doesn't make sense. What the coarse sifter
catches will also get caught by the fine sifter. If I'm using a
superior AV program, I don't need the coarser Defender or MSSE running.
It wasn't until Windows 8 when Defender moved from being a lowly adware
scanner to an anti-virus scanner, so Defender in Windows 7 isn't doing
much, anyway. Microsoft did add some features to Defender in Windows
10, like folder protection as an anti-ransomware feature, so I can see
leaving it enabled there. I would say to leave Defender or MSSE enabled
after a fresh install of the OS with all its updates until you get
around to installing a better AV program (i.e., the finer sifter).

VanguardLH Sat, 20
Jan 2018 18:10:08 GMT in alt.windows7.general, wrote:

Art Todesco wrote:

About a week or so ago I got notifications of Windows 7 updates.
I attempted to install them and they failed several times. Now
with all the talk about update problems I'm afraid to even try.
Right now they are offering Important Updates KB4055532 and
KB890830. Optional ones are KB2310138, KB4057400 and KB4057270.
Am I being overly concerned or should I attempt to install them?
Thanks.

Only when bringing a fresh install up-to-date with a huge number
of updates do you want to do as many at a time as possible (which
may require multiple passes to get down the remaining count).
Once the number of updates is down to a dozen, or less, do them
one at a time.

Sometimes they conflict or interfere with each other. The
manifest is supposed to account for conflict and dependency but it
doesn't always work, or the software update catalog (a local
database) gets out of sync (and why you keep getting offered an
update you've already applied). There have been times that I've
had to clear the local software update catalog (there are lots of
online articles how to do this) to install the remaining updates.
When you delete the catalog, it gets rebuilt in the next Windows
update check by scanning the current state of your host.

You might benefit from the WSUS offline installer...It seems to
eliminate alot of the potential pain in the arse Windows update
issues.

Personally I never install updates the moment Microsoft releases
it to their WU publication channel. I wait a couple weeks, or
longer. This lets Microsoft fix their updates with a new
revision. It also allows some time for other guinea pigs to
document their tribulations with the updates and for some
non-Microsoft document to appear, like over at AskWoody
(https://www.askwoody.com/). Microsoft has made it very clear
that they intend the description for their updates to become
vague. Many tell you nothing about what the update addresses or
what it changes. Microsoft considers users too stupid to
understand.

With a limited number of users being the exception, and replacing
stupid with ignorant and unwilling to learn, would you really
disagree with their opinion?

How many posts in this newsgroup alone would be unncessary if the
user would just take a few minutes and do a little research?

--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit he
https://tekrider.net/pages/david-brooks-stalker.php
================================================== =
The early bird who catches the worm works for someone who comes in
late and owns the worm farm.

Paul news Jan 2018 18:43:42 GMT in alt.windows7.general, wrote:

Ones like this, can be an attempt to bump your .NET up a version.
They're not always patches for the existing version. The security
word means "we actually fixed something", while the Quality Rollup
means "we added extra biscuits to the mix".

And some things we're not sure about, so you're going to beta test it
for us and report back.

Updates can also be manually downloaded from
catalog.update.microsoft.com, by entering the KB number.
If your first search terms don't get a result,
keep trying different terms until it does. As
that thing is cranky at the best of times.
I like to add "Windows 7" to the search, so that
only the relevant ones show up, but sometimes that's
too much for the search engine to handle there.

You can also get the entire collection with wsus offline installer.
Burn it to a disc and have it for reference in the event you want to do
a clean reinstall down the road.


--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit he
https://tekrider.net/pages/david-brooks-stalker.php
================================================== =
I went to the Missing Persons Bureau but no one was there. --George
Carlin