Remove Windows Snooping Privacy Patches

The “Spy patches” from Microsoft should be uninstalled from your environment. One reason is the constant network bandwidth to Microsoft servers they generate.

Second, they are not a “security” patch, in general any patch that includes more functionality is bad for security.

 

Winaero Blog post first noticed them in Win7 and Win8  by Sergey Tkachenko  on 8/24/2015.

http://winaero.com/blog/telemetry-and-data-collection-are-coming-to-windows-7-and-windows-8-too/

There are some Windows patches even in Windows7, and Win8 that will snoop on your activities just like Win10 does.

microsoftkbprivacy

One of the KB’s actually “reminds” you to install win10  KB3035583.

These are the 4(+1) patches to uninstall (sort by name to find easily):

  1. 3022345
  2. 3035583   this was not mentioned, but it should be as it is the Win10 download icon on your tray.
  3. 3068708
  4. 3075249
  5. 3080149

 

Of course you have to set the windows Update to not install and update automatically first.

Go into  control panel, –> Windows Update –> Change settings

Now switch the setting to “Download updates but let me choose when to install them”

 

This is very important otherwise even when you uninstall they will get re-installed right away. there are other ways to do this with a Global Policy Update change in a larger network, I will not go into these methods at this time.  (gpupdate)

Refresh Group Policy Settings with gpupdate.exe:

https://technet.microsoft.com/en-us/library/cc739112%28v=ws.10%29.aspx  .

 

It is important to control the patching of your machines, as you don’t want unnecessary patches installed, or patches that will cause problems.  In fact if you have the resources – install patches on a test machine (or virtual machine). before you determine what patches to rollout in your environment.

Windows-10-banner-logo

You can also disable the telemetry and data collection “features” in win10 http://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/

In my experience with Microsoft products the last 20+ years, I always wait to use the latest Operating System in a production environment.

As it usually has not gone through the “Final” test phase – I.e. the customer.  After it has been out for 6 months then make a determination as to if to install.

There are many different environments that Microsoft has not anticipated until they are in the actual production environment.

 

In general we need 3 environments;

Development, test before production (or QA), Production.

If you have the resources that is the “correct” method of doing things.

http://oversitesentry.com/contact-us/