Newbie question: Which updates for Win7 after SP and WSUSOU?

Newbie question: Which updates for Win7 after SP and WSUSOU?

Postby nji » 26.04.2017, 13:13

I recently set up a Win7 system, with SP1, and after that the offline update.

Now I wonder if there are more updates that should be installed,
concerning bugs in Windows that are not serious.
(Actually there are some strange effects in my Windows
that might be bugs resolved by updates)
But it seems no good idea to activate automatic updates
as with that there will be "spy" (telemetry) things etc.,
and that Win10-forcing, and maybe deadlocks, and hours of stuttering download.

So my question is:
How to update Win7 to an acceptable "bug-less" system?
Are there recommended update-lists etc.?
nji
 
Posts: 10
Joined: 26.04.2017, 13:10

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby aker » 26.04.2017, 17:36

1) wsusou only contains security updates except for some static ones (e.g. the ones fixing the Windows Update-loop) and the new cumulative updates.
2) wsusou won't install any Windows 10-forcing update (ATM)
3) The full rollups may contain some of the telemetry stuff, while the SecOnly don't. If you want to be sure check the option to download the SecOnly-ones instead of the rollups.
4) While running wsusou I'd recommend you to set Windows Update to "Never search for updates".

Then I'd update using Windows Update.
My personal blacklist currently contains KB2952664, KB3021917, KB3068708, KB3075249, KB3080149, KB3123862 and KB3173040. These are all telemetry-related updates I know about.

Did I answer all of your questions?
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby nji » 26.04.2017, 18:06

Thank you for your help.

Well ... I'm not 100% clear yet ...

If I get you right, then your strategy is Win7-DVD, SP1, WSUSOU, Windows-Update (with blacklist)?

But won't the Window-Update (with your blacklist) will
- install Win10-forcing update?
- install other "M$-features" unwanted?
- deadlock/ take hours (as reported in the month)?

And on the other hand:
If I leave the last step out (Windows-Update with blacklist):
Will I miss "less important" bug fixes? So this wouldn't be to recommend?

This is the two options I'm in between ....

And (a last - newbie - question):
How do I blacklist in Windows Update?
Activate automatic update and de-install the blacklist afterwards?

Sorry ... questions after questions ... ;-)
nji
 
Posts: 10
Joined: 26.04.2017, 13:10

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby Dalai » 26.04.2017, 20:35

nji wrote:If I get you right, then your strategy is Win7-DVD, SP1, WSUSOU, Windows-Update (with blacklist)?

I'm pretty sure the strategy is to use a DVD with integrated SP1. After that maybe install scan prerequisites, then run WSUS Offline (which might also use the blacklist/exclude list) and run Windows Update last.

But won't the Window-Update (with your blacklist) will
- install Win10-forcing update?

WSUS Offline doesn't contain this crap. Even if it did, you can use its exclude list in wsusoffline\exclude\custom and wsusoffline\client\exclude\custom to avoid the dowload and installation of certain updates; see wsusoffline\doc directory and the forum for more information on the exclude feature (there's plenty of threads about it).

- install other "M$-features" unwanted?

Which would be? As aker already said, WSUS Offline only contains security updates. And as I said: you can use the WSUS Offline's exclude function. You can also hide updates after you ran WSUS Offline and let Windows Update search for updates.

- deadlock/ take hours (as reported in the month)?

No. WSUS Offline takes care of this by installing updates that we call scan prerequisites. This is done before scanning for missing updates. WSUS Offline then prompts for a reboot (if the prerequisites have been installed), and then it starts the scan for missing updates.

If I leave the last step out (Windows-Update with blacklist):
Will I miss "less important" bug fixes? So this wouldn't be to recommend?

You should add updates to your exclude list that you really don't want to install on any system. You have to check yourself which updates you want to exclude. You can rely on other's recommendations, but it's better to think for yourself and evaluate if it's the right way for you.

How do I blacklist in Windows Update?

You don't and you can't, at least not really and not permanently. Windows Update only allows to hide updates. To do that, let it search for updates, then go to the resulting list and right-click an update and select "Hide update". Note that this will only hide this update that has a specific ID (which is NOT the KB number). Example: You hid update KB123456, and some time later this update appears again because MS might re-release updates with the same KB number but different update ID. Specific example for this is KB890830 (Malicious Software Removal Tool).

And, as I said WSUS Offline has an exclude function, but note that this function will only exclude updates that would be installed by WSUS Offline - Windows Update may offer them regardless.

Activate automatic update and de-install the blacklist afterwards?

I don't think it makes sense to uninstall unwanted updates. Although this will most likely work, it's better to exclude them from the start. Just check the list of updates offered by Windows Update after you ran WSUS Offline, and unselect and/or hide the updates you don't want.

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby nji » 26.04.2017, 21:17

First of all ... thank you for your help aker, and Dalai.

There seems to be a misunderstanding.
I don't mean that there will be installed any "crap" by the Offline-Update.
I trust in that fully.

My question/ problem is AFTER that.
It seems to me that I should install more updates then only the severe ones by Offline-Update.
As I already said, my Win7 system (SP1, Offline-Update) has some strange behaviour here and there
which I think are bugs in windows, that I hope are fixed by other updates from Windows-Update.
BUT I am afraid that if I let M$ its way with the Windows-Update they will mess the system
with all kind of "crap" also.
And to tell the truth, I don't feel able to judge every single (of hundreds) of updates.
So your proposed way is no way for me ... and not for most of "simple" users.

Actually it's quite simple what I am asking for:
After having a safe Win7 system (by Offline-Update),
how to get bug fixes (updates), but without getting dangerous unwanted things,
and all this without using weeks by judging every single KB.
Isn't that what all users need?
There must be a way?

Best regards!
nji
 
Posts: 10
Joined: 26.04.2017, 13:10

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby aker » 26.04.2017, 21:28

Just set Windows update to "Just search", then it won't install anything on its own.
If you click "xx important/optional updates available" you'll get a list of the available updates, right click the one you want to exclude and click "exclude/hide update".
My list should filter out all crap stuff. If you don't trust WU, you can view the details for all updates by right clicking them and open the Info-URL (http://support.microsoft.com/kb/xxxxxxx). You should filter out all cumulative updates (wsusou provides a list (.\client\exclude\HideList-seconly.txt). But remember: this list will be updated AFTER we checked the updates. So the update of this list is delayed a short time after new updates were released.

Also: after wsusou fixed the long search issue, WU will not have it, too. (Until MS breaks it again)
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby Dalai » 26.04.2017, 23:01

Well, there won't be more than, say, less than 20 updates or so left after WSUS Offline installed all security-relevant updates. This number only counts important updates - optional updates are another story. I simply ignore optional updates offered by Windows Update, especially drivers, because they don't offer any value IMO. There are a few exceptions to this, but IIRC all of them are installed by WSUS Offline, too.

In short: it's not that many updates to check whether or not to install the remaining updates if you ignore the optional ones. If you also want to avoid the telemetry crap, don't install any update that says "Monthly Rollup" (and "Monthly Rollup Preview") even if the name contains the words "Security" and "Quality"; Quality hasn't been seen in a long time in MS Windows Update :roll:. And keep in mind the difference between Security-Only updates and Monthly Rollups, but I guess you know that already.

One more important thing to note is that MS can change the severity level of any update at any time, which means that optional updates can become recommended ones (italic instead of normal font in Windows Update) or even important ones. IIRC this happened in the past.

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: Newbie question: Which updates for Win7 after SP and WSU

Postby nji » 26.04.2017, 23:39

OK, I do understand now ... and will do as you propose.

I hope my question was of use for other (newbies) too.

Thank you and Greetings!
nji
 
Posts: 10
Joined: 26.04.2017, 13:10


Return to Installation / Updating

Who is online

Users browsing this forum: No registered users and 232 guests