The “Spy patches” from Microsoft should be uninstalled from your environment. One reason is the constant network bandwidth to Microsoft servers they generate.
Second, they are not a “security” patch, in general any patch that includes more functionality is bad for security.
Winaero Blog post first noticed them in Win7 and Win8 by Sergey Tkachenko on 8/24/2015.
http://winaero.com/blog/telemetry-and-data-collection-are-coming-to-windows-7-and-windows-8-too/
There are some Windows patches even in Windows7, and Win8 that will snoop on your activities just like Win10 does.
One of the KB’s actually “reminds” you to install win10 KB3035583.
These are the 4(+1) patches to uninstall (sort by name to find easily):
- 3022345
- 3035583 this was not mentioned, but it should be as it is the Win10 download icon on your tray.
- 3068708
- 3075249
- 3080149
Of course you have to set the windows Update to not install and update automatically first.
Go into control panel, –> Windows Update –> Change settings
Now switch the setting to “Download updates but let me choose when to install them”
This is very important otherwise even when you uninstall they will get re-installed right away. there are other ways to do this with a Global Policy Update change in a larger network, I will not go into these methods at this time. (gpupdate)
Refresh Group Policy Settings with gpupdate.exe:
https://technet.microsoft.com/en-us/library/cc739112%28v=ws.10%29.aspx .
It is important to control the patching of your machines, as you don’t want unnecessary patches installed, or patches that will cause problems. In fact if you have the resources – install patches on a test machine (or virtual machine). before you determine what patches to rollout in your environment.
You can also disable the telemetry and data collection “features” in win10 http://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/
In my experience with Microsoft products the last 20+ years, I always wait to use the latest Operating System in a production environment.
As it usually has not gone through the “Final” test phase – I.e. the customer. After it has been out for 6 months then make a determination as to if to install.
There are many different environments that Microsoft has not anticipated until they are in the actual production environment.
In general we need 3 environments;
Development, test before production (or QA), Production.
If you have the resources that is the “correct” method of doing things.
http://oversitesentry.com/contact-us/