Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2469 posts

Uber Geek
+1 received by user: 1132


Topic # 228668 16-Jan-2018 18:42
Send private message

I have a machine that I use for performance tasks, such as heavy-duty video encoding, and it doesn't really hold *any* sensitive information.

 

I have read about the Spectre and Meltdown patches damaging performance generally, as well as (in some cases) making machines unusable. I have already had experience of having to roll the Creator's Update back after it broke some functionality I was using.

 

I am aware that I can disable updates using the group policy editor on the Pro version of Windows, but I only have the Home version installed on that box. Is there any way of disabling updates on a Windows 10 box. I would rather not take the performance hit, ongoing risk of stuff breaking, and the general annoyance at this point. So, does anyone know how to do this and, if so, how do you do it?

 

Ideally I don't want to have to spring the extra to upgrade Windows to the Pro version so that I can disable updates using the group policy editor, but I guess I will have to do so if there is no other way. I also don't want to have to block all the update IPs at the router, as that would disable updates on my other box and the Wife's laptop, both of which I do want to keep updated.

 

To stop this going down a side-alley, I want to be clear I'm also not looking for stern homilies about why I should leave updates enabled and why/how they protect me. I'm aware of that and the risks involved in disabling them.


Filter this topic showing only the reply marked as answer Create new topic
1504 posts

Uber Geek
+1 received by user: 136

Trusted

  Reply # 1940085 16-Jan-2018 19:09
One person supports this post
Send private message

What CPU do you have?

 

Is the video processing is being accelerated by your GPU at all?

 

Have you seen benchmarks for the exact workload you're using, alot are for benchmark apps and dont really represent real world...

 

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


1133 posts

Uber Geek
+1 received by user: 249


  Reply # 1940090 16-Jan-2018 19:22
Send private message

Through services.msc stop and disable the Windows Update service.

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
BDFL - Memuneh
60308 posts

Uber Geek
+1 received by user: 11352

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1940095 16-Jan-2018 19:25
8 people support this post
Send private message

Please do not disable Windows Update. You might think "this machine doesn't hold any private information" but seriously it can be a vector to other stuff too.

 

Keep it updated.







2469 posts

Uber Geek
+1 received by user: 1132


  Reply # 1940138 16-Jan-2018 20:22
Send private message

yitz: Through services.msc stop and disable the Windows Update service.

 

Great. Thanks.

 

I will see if that does the trick. For some reason I didn't find that in any of my googling, just lots of guides using the group policy editor that requires me to have the pro version of Windows.

 

freitasm:

 

Please do not disable Windows Update. You might think "this machine doesn't hold any private information" but seriously it can be a vector to other stuff too.

 

Keep it updated.

 

 

I understand that. But I have done so anyway.

 

I might re-enable it when I have seen whether the latest patches break Windows or not.

 

Plus, I would rather update manually at a time of my choosing. The automated version is really annoying me. There is nothing worse than queuing up a 10 hour video encoding job and going to bed, then waking up in the morning to discover that the machine updated and rebooted itself in the wee small hours and the whole job failed.

 

I would be less annoyed if it behaved the same way as Windows 7 and applied the updates when I manually shut down the machine rather than automatically. And the ability to exclude certain hours from automatic restarts isn't a wide enough window for my use case.




2469 posts

Uber Geek
+1 received by user: 1132


  Reply # 1940142 16-Jan-2018 20:30
Send private message

Curses, I have just checked further.

 

It would appear that the method above will disable most updates, but not security updates.

 

Unless anyone knows any more tricks, it looks like I might have to shell out for the Pro version just to bring my install under control.

 

Does anyone know how to block the security updates on the home version?


2562 posts

Uber Geek
+1 received by user: 265


  Reply # 1940143 16-Jan-2018 20:32
Send private message

Ironically the latest updates have started to allow you to stop/delay the very functional concerns you have.

you can specify out of hours operation filters.

1133 posts

Uber Geek
+1 received by user: 249


  Reply # 1940171 16-Jan-2018 20:36
Send private message

JimmyH:

 

It would appear that the method above will disable most updates, but not security updates.

 

 

What do you mean by security updates? I believe Windows Defender still does its definition updates, but that has never caused scheduled reboots for me. I'm not using version 1709 though and I believe there have been some changes in the security front i.e. integrating firewall, system updates etc.. all under the 'Windows Defender' brand.

52 posts

Master Geek
+1 received by user: 18


  Reply # 1940175 16-Jan-2018 20:46
One person supports this post
Send private message

In settings, I believe there is a way of defining your network as a metered connection. This will stop upgrades. 

 

I shall refrain from the "must not do it" lecture, but perhaps isolate this machine from the rest of your network.


What does this tag do
942 posts

Ultimate Geek
+1 received by user: 192

Subscriber

  Reply # 1940176 16-Jan-2018 20:46
Send private message

What CPU are you using? If it is Haswell or newer it shouldn't suffer a performance hit is my understanding (if the chip supports PCID and INVPCID)

 

https://www.sqlskills.com/blogs/glenn/checking-your-intel-processor-features-regarding-the-meltdown-exploit/


2647 posts

Uber Geek
+1 received by user: 222

Trusted

  Reply # 1940183 16-Jan-2018 20:58
One person supports this post
Send private message

Keep it updated! However, you can change the connection to ‘metered’ which gives you a bit more control over downloads and reboots.




Check out my LPFM Radio Station at www.thecheese.co.nz cool

 

 

 

Use this link to sign up to Bigpipe broadband and you'll get $20 off your first bill: Referral Link




2469 posts

Uber Geek
+1 received by user: 1132


  Reply # 1940216 16-Jan-2018 21:47
Send private message

yitz: What do you mean by security updates? I believe Windows Defender still does its definition updates, but that has never caused scheduled reboots for me. I'm not using version 1709 though and I believe there have been some changes in the security front i.e. integrating firewall, system updates etc.. all under the 'Windows Defender' brand.

 

I want to block specifically the Spectre and Meltdown patches, at least until questions of the performance hit they cause, and reports that they are bricking some machines are resolved to my satisfaction.

 

I also want to stop anything that will cause automatic updates and reboots. I want any updates and rebooting to occur when I want them to, and the out of hours operation filters don't let me do that sufficiently. At most I seem to be able to lock in a few hours delay, provided I remember to do so to suit whatever job I have just started running.

 

In short, I want the same control over updates that earlier versions of Windows gave me, given that it's hardware that I own.


What does this tag do
942 posts

Ultimate Geek
+1 received by user: 192

Subscriber

  Reply # 1941213 16-Jan-2018 21:51
2 people support this post
Send private message

Nice little tool from GRC InSpectre which lets you see the status of your machine and disable the mitigations (for performance reasons etc); so let Windows update and try it out instead

 

I just checked and found my Dell XPS already has the hardware mitigations - guess I can stop checking for BIOS updates!

 

 

 

If you want control over how often Windows updates - upgrade to Win 10 Pro. It is worth the upgrade just to be able to control when updates happen and change to a business release cycle


IcI

676 posts

Ultimate Geek
+1 received by user: 148

Trusted

Reply # 1941227 17-Jan-2018 00:01
Send private message

JimmyH: ... Ideally I don't want to have to spring the extra to upgrade Windows to the Pro version so that I can disable updates using the group policy editor, ...
Group Policy Editor is the fancy GUI way of updating the Registry. While not all keys & values apply to Home vs. Pro most of them do. Search here for the GPO that you want to set and implement the manual Registry key yourself.

 

JimmyH: ... I want to be clear I'm also not looking for stern homilies about why I should leave updates enabled and why/how they protect me. ...
Oblivian: Ironically the latest updates have started to allow you to stop/delay the very functional concerns you have ...
In Win10 Build 1709, you actually have three different options. See picture below.

 

     

  1. Choose your channel

     

       

    1. Semi Annual channel (Targeted) (previously known as CB?)
    2. Semi Annual channel (previously known as CBB?)

     

  2. Defer updates up to 365 days
  3. Pause updates up to 35 days (This is the option I recommend you take)

 

Click to see full size

 

yitz: Through services.msc stop and disable the Windows Update service.
Also include the BITS service.

 

 


1943 posts

Uber Geek
+1 received by user: 720

Trusted

  Reply # 1941239 17-Jan-2018 06:29
2 people support this post
Send private message

Follow the advise of @jnimmo.  Don't disable updates, disable the software mitigations.


1437 posts

Uber Geek
+1 received by user: 316


  Reply # 1942008 18-Jan-2018 13:43
Send private message

disabling the update service no longer works long term.
Win will actually just re-enable it .

 

try this
https://www.tenforums.com/tutorials/8013-enable-disable-windows-update-automatic-updates-windows-10-a-50.html#post1236513
Remove "SoftwareDistribution" and create a nonexistent shortcut to it, checking for updates will fail.

 

There are often very good reasons to disable winupdates . MS are actively making that harder and closing the workarounds
Some of the old methods to disable/block Win10 updates no longer work.

 

Not having the latest patches actually isnt the end of the world, and is absolutely no guarantee that you PC wont get infected hacked
Plenty of fully up to date PC's get all sorts of malware
Plenty of NOT up to date PC never get malawre,hacked etc.
Perhaps if MS would like to stop delivering unwanted CRAP via the update process smile

 

Plenty of laptops fail on major build updates, they just keep downloading GB's of that build update & fail, needing a MANUAL
build update install .


Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41


Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44


Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52


ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10


Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43


Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14


UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55


Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.