[ak39]

I disabled updates on my Windows 7 last September when I feared that I'd wake up to a Windows 10 machine like my wife did when her laptop updated to Windows 10. Unfortunately I can't seem to resume updates and fear that I may be vulnerable to WannaCrypt. (Some recent updates succeeded but I don't know if i patched for it)

[orf]

Disabling updates is the worst possible solution. Just click no on the windows 20 upgrade dialogue (or just upgrade, it's pretty good).

Refusing to patch your system because of this is ridiculous (and yes some blame does lie with MS For pushing people to this)

[pritambaral]

> Disabling updates is the worst possible solution

If so, more blame lies at the feet of those that make it the only solution.

> Just click no on the windows 20 upgrade dialogue

Would that it were so simple. But Microsoft chose to mean "yes" by the "close this [annoying] window" button, with Windows 10; who knows what they'll come up with for Windows 20.

> (or just upgrade, it's pretty good)

For you, sure. Some people like to make their own choices.

> Refusing to patch

For most people that disabled updates, it wasn't a "refusal to patch", so much as a (read: the only) relief from annoyance.

[cryptarch]

Disabled the SMB services yet? Win + R -> services.msc

I routinely disable services (until things stop working and I have to figure where I went too far) and luckily I'd disabled this one on my Win7 gaming box, even though the updates came through as well (I just manually vet updates, and have a bunch of them blacklisted for adding telemetry).

[codedokode]

Are you sure this is enough? At least on WinXp, port 445 is opened by a kernel driver and is still opened after stopping the SMB service.

[reacweb]

Disabling services is good, but beware that they may be re-enabled during a software update. Once a service is disabled, you have to monitor that is remains so.

[ak39]

Wouldn't it be a great feature of Windows update to warn its users that once manually disabled services are now being forced to be active?

[cryptarch]

I'm not sure, I only learned to manage services when I was already on Windows 7.

[yuhong]

The recent cumulative rollups should include it and should be clearly labeled.

[ak39]

Thanks I've been searching for this but with no luck. Do you have a link?

(I've disabled SMB V1 as has been suggested in this subthread. I've also run MS Defender with latest virus sigs and so far it hasn't reported anything)

[yuhong]

for example: https://support.microsoft.com/en-us/help/4019264/windows-7-u...

[ak39]

Thanks Yu! I'm checking.

Have a great day.

[foxh0und]

Your safest option then is to disable SMB.

[gerdesj]

Just SMBv1 in this case, here is how: https://support.microsoft.com/en-gb/help/2696547/how-to-enab...

Also, decent AV and anti spam and don't open email attachments without some prior analysis. Backups - good backups and check them at least weekly.

Actually just do all the boring stuff that IT Security have been recommending for years.

[ak39]

Thanks. Done it

[mobiplayer]

Why do you fear updating to Windows 10?

[mistermann]

a) telemetry

b) I'm worried my fairly nicely working Win7 environment will not work so well after updating to 10, as much as I want to get current with some genuinely useful features.

I'm generally a Microsoft "fan", but this is one of the many reasons I hate on them as much as Linux fans.

[mobiplayer]

Sounds reasonable, thanks for replying!

[ak39]

I never "upgrade" from one Windows OS to another. Always done a clean install. I postponed the upgrade because it's literally a couple of days' time project for me to get my dev environment up to speed. I also planned to purchase a new SSD before doing the new install (kill two birds with a single stone.)

Unfortunatelh I've been so busy with project deadlines that I haven't had a weekend I could dedicate to the new install and set up.

I guess I'm forced to now.