Windows 7 SP1 Rollup Update

VanguardLH wrote on 05/18/2016 1:17 AM:
winston wrote:

Simplifying updates for Windows 7 and 8.1

https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-upd=ates-for-windows-7-and-8-1/

qp
This convenience rollup package, available to download from
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3125574,
contains all the security and non-security fixes released since the
release of Windows 7 SP1 that are suitable for general distribution, up
through April 2016. Install this one update, and then you only need new
updates released after April 2016.

And since this update can be injected into Windows 7 SP1 media, it’s
fully supported to mount a Windows 7 SP1 image (WIM file), then inject
this update into it. See
https://technet.microsoft.com/en-us/library/dd744559(v=ws.10).aspx for
the details of how to do this.
/qp

X86 is 316 MB
X64 is 477 MB

Technet article contains additional information on monthly rollups for
non-security updates.

Just Microsoft trying another tactic to install their non-security GWX
lureware, spyware (telemetry), and non-applicable updates (for software
that is NOT installed on your computer).

You really should look deeper to support your statements.


The GWX lureware is a non-security update. I suspect the first rolloup
of mixed "security and non-security fixes" will include KB3035583 (GWX).
Thereafter they seem to split their rollups into security ones separate
from non-security ones.

See above reply.


As I alluded to earlier, the conspiracy theorists will show up in this
thread adding to the fear based on assumption without validation.

Welcome, you just joined that group.


Fyi...the operative words for the rollup was 'security updates and
non-security *fixes*' not 'non-security updates'.



--
...winston
msft mvp windows experience

On 5/18/2016 12:05 AM, . . .winston wrote:
VanguardLH wrote on 05/18/2016 1:17 AM:
winston wrote:

Simplifying updates for Windows 7 and 8.1

https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-upd=ates-for-windows-7-and-8-1/


qp
This convenience rollup package, available to download from
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3125574,
contains all the security and non-security fixes released since the
release of Windows 7 SP1 that are suitable for general distribution, up
through April 2016. Install this one update, and then you only need new
updates released after April 2016.

And since this update can be injected into Windows 7 SP1 media, it’s
fully supported to mount a Windows 7 SP1 image (WIM file), then inject
this update into it. See
https://technet.microsoft.com/en-us/library/dd744559(v=ws.10).aspx for
the details of how to do this.
/qp

X86 is 316 MB
X64 is 477 MB

Technet article contains additional information on monthly rollups for
non-security updates.

Just Microsoft trying another tactic to install their non-security GWX
lureware, spyware (telemetry), and non-applicable updates (for software
that is NOT installed on your computer).

You really should look deeper to support your statements.


The GWX lureware is a non-security update. I suspect the first rolloup
of mixed "security and non-security fixes" will include KB3035583 (GWX).
Thereafter they seem to split their rollups into security ones separate
from non-security ones.

See above reply.


As I alluded to earlier, the conspiracy theorists will show up in this
thread adding to the fear based on assumption without validation.

Welcome, you just joined that group.


Fyi...the operative words for the rollup was 'security updates and
non-security *fixes*' not 'non-security updates'.



Perhaps you could silence the conspiracy theorists by stating categorically,
with some kind of proof of authenticity, that the rollup
is free of windows 10-related forceupgradeware.

winston wrote:

VanguardLH wrote:

winston wrote:

Simplifying updates for Windows 7 and 8.1

https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-upd=ates-for-windows-7-and-8-1/
This convenience rollup package ... contains all the security and
non-security fixes released since the release of Windows 7 SP1 that
are suitable for general distribution, up through April 2016.

Just Microsoft trying another tactic to install their non-security GWX
lureware, spyware (telemetry), and non-applicable updates (for software
that is NOT installed on your computer).

You really should look deeper to support your statements.

The GWX lureware is a non-security update. I suspect the first rolloup
of mixed "security and non-security fixes" will include KB3035583 (GWX).
Thereafter they seem to split their rollups into security ones separate
from non-security ones.

See above reply.

As I alluded to earlier, the conspiracy theorists will show up in this
thread adding to the fear based on assumption without validation.

As so has the Microsoft fanboy alluding to exemption without validation.
(Hey, if you start name calling then expect mud back in your face.)

Welcome, you just joined that group.

Fyi...the operative words for the rollup was 'security updates and
non-security *fixes*' not 'non-security updates'.

Since the difference in definition of those terms is not specified in
that blog, there is no difference. How is a fix different than an
update? Since when have updates never fixed anything? Where is
Microsoft's glossary that clearly delineates the difference between
"fix" and "update"? In fact, that article says "fixes rolled up
together into a single update" so they are rolling multiple "fixes" into
an "update": an update is one, or more, fixes. Note they do not say
"hotfix".

https://www.microsoft.com/Language/e...rminology.aspx
Microsoft Update
A website from Microsoft which provides *updates (patches and fixes)*
for multiple Microsoft products in one place, including Windows
operating system software and Windows-based hardware, Microsoft Office
system, Microsoft SQL Server, and Microsoft Exchange Server.

Is KB3035538 a security or non-security update? Whichever it is,
*Microsoft* says it will be in the first all-encompassing rollup. So
far, GWX has been a non-security update so, also according to
*Microsoft*, it may be in one of their following non-security rollups
(if not included in the first security + non-security mixed rollup).

I will believe if you disassemble the first security + non-security
rollup to claim the GWX lureware is not contained therein. If true then
the following non-security rollups will still need analysis to make sure
GWX (and the other nasties) still don't show up in those.

Hmm, who was it that pointed to the Microsoft article describing the
rollups? Yep, that was you. Who was it that said "contains all the
security and non-security fixes released since the release of Windows 7
SP1 that are suitable for general distribution." Yep, that was
Microsoft in the article to which you pointed. GWX is a non-security
update. It has been "suitable for general distribution" for several
versions of it now as evidenced by its presence as an available update
listed by the WU client when polling Microsoft's server.

I'm going by the information that you provided regarding what Microsoft
said. In like response, have YOU "looked deeper" to perform the
analysis of the 1st mixed rollup to ensure GWX is *not* inside it? Are
all the non-Windows7 "updates" missing that have only to do with
migration to Windows 10? How is your /inference/ that GWX and spying,
er, telemetry and "ease of migration" updates (all of which are NOT
updates to Windows 7 itself) any more accurate or "deeper" than mine?
You're just guessing, too. You don't provide any counter-proof.

By the way, I did go to the link for the first rolloup that you gave. I
had to reenable ActiveX. I had to let Microsoft install a new ActiveX
control. After selecting one of the updates, I can click on the Package
tab to see what is claimed are the updates included in that rollup. Of
course, this requires that users believe the proliferator of lureware
won't include it in another package without notice. Rather than rely on
the word of the perp, I'd rather have an independent verify the absence
of GWX and other non-Windows 7 updates pushed on Windows 7.

Trust takes time to earn and can be lost by a single betrayal. It will
take longer of Microsoft not pushing lureware that teeters on malware to
rebuild the trust they once had. Users should not have to defend
themselves against the misuse of their operating system by its vendor.

On 05/17/2016 09:16 PM, Jason wrote:
On Tue, 17 May 2016 20:16:05 -0500 "philo" wrote in
article



I tried it from a full updated Win7 machine and can say:
Same here. it said to alternatively go to the Microsoft Download center
but when I went there...I could see no place to get the rollup

Same here - couldn't find it.

I looked mostly out of idle curiosity since I generally allow MS updates
and security-related updates are all installed as far as I know.

Direct link for the 64bit version:


http://download.windowsupdate.com/d/...1264cd93b9.msu

On 05/17/2016 09:07 PM, . . .winston wrote:
Jason wrote on 05/17/2016 6:22 PM:

When I link to the page it tells me that I must be running IE 6 or
later. I have IE 11..... If they can't get this right, I'm leary of the
whole thing.


Both links works fine here on IE11 and SeaMonkey.





I mentioned that I had to toggle the active-x setting in "tools" to get
it to work

On Wed, 18 May 2016 03:05:17 -0400
". . .winston" wrote:

As I alluded to earlier,

was you want everyone to fall in line.

You are not the "boss" .

No one wants YOUR MS spyware crap.

| Anyone who's trying to avoid Win10 BEWA
|
|
https://tech.slashdot.org/story/16/0...ows-7#comments
|
| This may not be a convenience.
|
| In what way ?
|

Oh, Winston, you're such a card.

The debate is raging about exactly what's in this
package. It's not easy to know. A few things that
might be useful:

Actual link for 32-bit version that doesn't require
letting MS onto one's computer with ActiveX enabled:

http://download.windowsupdate.com/d/...b0a74b2cbd.msu

Link for 64-bit:

http://download.windowsupdate.com/d/...1264cd93b9.msu


Link to list of actual files involved:

http://download.microsoft.com/downlo...E0/3125574.csv

The download is an MSU file, which is actually
a CAB file. There are CABs within CABs. There
are over 35,000 files altogether. But MS has come
up with a clever way to package only file changes
rather than whole files. Those, too, are compressed.
So it's not easy to figure out exactly what's in
the package. I didn't find any list of KBs.

Personally I'm not going to waste any more time
with it. SP1 is good enough for me. I wouldn't
enable Windows Update at this point and I certainly
wouldn't install an obfuscated "rollup". Maybe it's
harmless. The people who think they need every
update Microsoft offers can spend their own time
if they care to figure it out.

On the other hand, the official download link
seems to require IE with script and ActiveX
enabled. Weird. But maybe this whole thing is
just an elaborate ruse by Microsoft to let Windows
users know there's a browser built in, and that
it's called "Internet Explorer". They couldn't have
done it at a better time. I read just yesterday that
all versions of IE and Edge combined are now
behind both Chrome and Firefox in terms of usage.

Mayayana wrote on 05/18/2016 10:21 AM:
| Anyone who's trying to avoid Win10 BEWA
|
|
https://tech.slashdot.org/story/16/0...ows-7#comments
|
| This may not be a convenience.
|
| In what way ?
|

Oh, Winston, you're such a card.

The debate is raging about exactly what's in this
package. It's not easy to know. A few things that
might be useful:

Link to list of actual files involved:

http://download.microsoft.com/downlo...E0/3125574.csv

Bingo! ^^

One could waste time looking through the 240,598 lines in the csv file
but it would be a lot easier to just search for GWX in the csv's list of
files.
- File not found.

But doing so is also a waste of time and not really necessary if one
understood the meaning of security updates and non-security fixes
(3035583/GWX app is neither of those)

Personally I'm not going to waste any more time
with it. SP1 is good enough for me. I wouldn't
enable Windows Update at this point and I certainly
wouldn't install an obfuscated "rollup". Maybe it's
harmless. The people who think they need every
update Microsoft offers can spend their own time
if they care to figure it out.

On the other hand, the official download link
seems to require IE with script and ActiveX
enabled.

The Catalog, afaik for quite some time, if not always, required IE and
Active X. Maybe that will be changed in the foreseeable future, until
then, if that does occur, IE and Active X is a given.


In case you missed it, updates will no longer be available from the
Download Center, the Catalog will be necessary.
qp
To simplify this, within the next few months Windows updates will no
longer be available from the Microsoft Download Center. Security
bulletins will continue to link directly to the updates, but will point
to the packages on the Microsoft Update Catalog instead of the Microsoft
Download Center. Customers that use tools linking to the Microsoft
Download Center should follow the links provided in the Security
Bulletins or search directly on the Microsoft Update Catalog.
/qp






--
...winston
msft mvp windows experience

| One could waste time looking through the 240,598 lines in the csv file
| but it would be a lot easier to just search for GWX in the csv's list of
| files.
| - File not found.
|

And the telemetry spyware? It doesn't matter to me,
but if I were even considering installing this thing I'd
want a list of KB numbers to compare to the known
KB numbers that have been warned about.

mike wrote on 05/18/2016 4:04 AM:

Perhaps you could silence the conspiracy theorists by stating
categorically,
with some kind of proof of authenticity, that the rollup
is free of windows 10-related forceupgradeware.


Three methods.

1. 3035583(the GWX upgrade/compatibility report)app and 3123862(Learn
about Win10 and initiate upgrade) are not security updates or
non-security fixes. The Rollup only includes security updates and
non-security fixes.
2. The KB article provides a detail list of files for Windows
7/8x/Server. Not a single one of the GWX main or related(exe,dll,
supporting) files exist.

One could claim that MSFT purposely excluded(or erred in creating the
list) the 'upgrade ware' in the file list...but in this case that would
be incorrect(and just more conspiracy theory).

3. Testing a new clean install of W7SP1/8.1 Home/Core and Pro, after
applying the required Service Stack, and installing the Rollup(msu) will
yield a device **without*** the related Win10 upgrade ware.
- Note: Just like in the past, a clean install of 7/8x sets WU to
Automatic thus it would be wise to reconfigure WU to 'Notify mode' to
have the option of hiding whatever one doesn't desire that is pushed
down via WU. Optionally, one has the option of using GPO or Regedit or a
3rd party utility to set the DisableOSUpgrade flag(which isn't any
different than any 7/8x system today) and if desired hide-rehide
whatever they wish if and when offered via WU.


--
...winston
msft mvp windows experience

VanguardLH wrote on 05/18/2016 4:54 AM:
Is KB3035538 a security or non-security update? Whichever it is,
*Microsoft* says it will be in the first all-encompassing rollup. So
far, GWX has been a non-security update so, also according to
*Microsoft*, it may be in one of their following non-security rollups
(if not included in the first security + non-security mixed rollup).

Security Updates and Non-security fixes (not non-Security updates)
3035583 and 3123862 are neither a security update or a non-security fix.

- See my reply to 'mike' for additional details.



--
...winston
msft mvp windows experience

Mayayana wrote:
| One could waste time looking through the 240,598 lines in the csv file
| but it would be a lot easier to just search for GWX in the csv's list of
| files.
| - File not found.
|

And the telemetry spyware? It doesn't matter to me,
but if I were even considering installing this thing I'd
want a list of KB numbers to compare to the known
KB numbers that have been warned about.

Why would a rollup espouse a new policy towards customers ?

These questions are silly. You will be treated with the
same contempt in this rollup, as you would be if you
left Windows Update on "Auto".

The GWX '583 update is *only* available through Windows Update.
It's staged that way, so only *qualifying* customers can
partake of a free update.

You cannot get '583 from the catalog server. I tried.
It wasn't available as a download on the '583 web page
either. I wanted it for testing, and couldn't get it
that way. I specifically needed it that way, while
I was investigating ways to make Windows Update "appear
faster" on a virgin Win7SP1 install. The best I could do,
is get the delay down from 80 minutes to 50 minutes, using
selectively applied updates outside of using Windows Update.
I wasn't able to apply '583 to see if it made a difference
to the WU bug. Since nothing really worked, not having it
for testing wasn't a big loss.

There is no reason to break policy, and "roll up" GWX
so the filthy masses could hack it to bits. It remains
secure, behind the Windows Update facade.

*******

CEIP, telemetry on program performance, isn't in that
category. And has been present in multiple packages
in Windows Update, and also available for separate
download. And as a rollup, these could easily be
included. If you want surgical control, you want
some other sort of update strategy, not the rollup.

The rollup on Win2K SP4 (rollup 1 version 2) was nothing
like this, and we didn't have to worry about the
inclusion of anything inappropriate. That was the
first rollup that I'm aware of. By not being a
Service Pack, they don't have to provide "Free Support"
for 1 year after launch. That's an incentive for
making these "Rollup" things. Cheaper support.

Paul

Paul wrote on 05/18/2016 1:24 PM:
By not being a
Service Pack, they don't have to provide "Free Support"
for 1 year after launch. That's an incentive for
making these "Rollup" things. Cheaper support.

Paul

....and another reason to not include, especially when they already
understand the controversy and impact on Support, 3035583 or 3123862 in
a Rollup of security and non-security fixes.



--
...winston
msft mvp windows experience

In message , . . .winston
writes:
VanguardLH wrote on 05/18/2016 4:54 AM:
Is KB3035538 a security or non-security update? Whichever it is,
*Microsoft* says it will be in the first all-encompassing rollup. So
far, GWX has been a non-security update so, also according to
*Microsoft*, it may be in one of their following non-security rollups
(if not included in the first security + non-security mixed rollup).

Security Updates and Non-security fixes (not non-Security updates)
3035583 and 3123862 are neither a security update or a non-security fix.

So how _are_ they described?
[]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Old people today - they don't know they're born! They should stay where they
belong: on the main stage at Glastonbury. - The Now Show, 2015-7-10&11