Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2362 posts

Uber Geek
+1 received by user: 1019


Topic # 228668 16-Jan-2018 18:42
Send private message quote this post

I have a machine that I use for performance tasks, such as heavy-duty video encoding, and it doesn't really hold *any* sensitive information.

 

I have read about the Spectre and Meltdown patches damaging performance generally, as well as (in some cases) making machines unusable. I have already had experience of having to roll the Creator's Update back after it broke some functionality I was using.

 

I am aware that I can disable updates using the group policy editor on the Pro version of Windows, but I only have the Home version installed on that box. Is there any way of disabling updates on a Windows 10 box. I would rather not take the performance hit, ongoing risk of stuff breaking, and the general annoyance at this point. So, does anyone know how to do this and, if so, how do you do it?

 

Ideally I don't want to have to spring the extra to upgrade Windows to the Pro version so that I can disable updates using the group policy editor, but I guess I will have to do so if there is no other way. I also don't want to have to block all the update IPs at the router, as that would disable updates on my other box and the Wife's laptop, both of which I do want to keep updated.

 

To stop this going down a side-alley, I want to be clear I'm also not looking for stern homilies about why I should leave updates enabled and why/how they protect me. I'm aware of that and the risks involved in disabling them.


Filter this topic showing only the reply marked as answer Create new topic
1482 posts

Uber Geek
+1 received by user: 128

Trusted

  Reply # 1940085 16-Jan-2018 19:09
One person supports this post
Send private message quote this post

What CPU do you have?

 

Is the video processing is being accelerated by your GPU at all?

 

Have you seen benchmarks for the exact workload you're using, alot are for benchmark apps and dont really represent real world...

 

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

Want to be with an awesome ISP? Want $20 credit too? Use this link to sign up to BigPipe.


1029 posts

Uber Geek
+1 received by user: 216


  Reply # 1940090 16-Jan-2018 19:22
Send private message quote this post

Through services.msc stop and disable the Windows Update service.

 
 
 
 


BDFL - Memuneh
59587 posts

Uber Geek
+1 received by user: 10761

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1940095 16-Jan-2018 19:25
8 people support this post
Send private message quote this post

Please do not disable Windows Update. You might think "this machine doesn't hold any private information" but seriously it can be a vector to other stuff too.

 

Keep it updated.







2362 posts

Uber Geek
+1 received by user: 1019


  Reply # 1940138 16-Jan-2018 20:22
Send private message quote this post

yitz: Through services.msc stop and disable the Windows Update service.

 

Great. Thanks.

 

I will see if that does the trick. For some reason I didn't find that in any of my googling, just lots of guides using the group policy editor that requires me to have the pro version of Windows.

 

freitasm:

 

Please do not disable Windows Update. You might think "this machine doesn't hold any private information" but seriously it can be a vector to other stuff too.

 

Keep it updated.

 

 

I understand that. But I have done so anyway.

 

I might re-enable it when I have seen whether the latest patches break Windows or not.

 

Plus, I would rather update manually at a time of my choosing. The automated version is really annoying me. There is nothing worse than queuing up a 10 hour video encoding job and going to bed, then waking up in the morning to discover that the machine updated and rebooted itself in the wee small hours and the whole job failed.

 

I would be less annoyed if it behaved the same way as Windows 7 and applied the updates when I manually shut down the machine rather than automatically. And the ability to exclude certain hours from automatic restarts isn't a wide enough window for my use case.




2362 posts

Uber Geek
+1 received by user: 1019


  Reply # 1940142 16-Jan-2018 20:30
Send private message quote this post

Curses, I have just checked further.

 

It would appear that the method above will disable most updates, but not security updates.

 

Unless anyone knows any more tricks, it looks like I might have to shell out for the Pro version just to bring my install under control.

 

Does anyone know how to block the security updates on the home version?


2284 posts

Uber Geek
+1 received by user: 224


  Reply # 1940143 16-Jan-2018 20:32
Send private message quote this post

Ironically the latest updates have started to allow you to stop/delay the very functional concerns you have.

you can specify out of hours operation filters.

1029 posts

Uber Geek
+1 received by user: 216


  Reply # 1940171 16-Jan-2018 20:36
Send private message quote this post

JimmyH:

 

It would appear that the method above will disable most updates, but not security updates.

 

 

What do you mean by security updates? I believe Windows Defender still does its definition updates, but that has never caused scheduled reboots for me. I'm not using version 1709 though and I believe there have been some changes in the security front i.e. integrating firewall, system updates etc.. all under the 'Windows Defender' brand.

51 posts

Master Geek
+1 received by user: 17


  Reply # 1940175 16-Jan-2018 20:46
One person supports this post
Send private message quote this post

In settings, I believe there is a way of defining your network as a metered connection. This will stop upgrades. 

 

I shall refrain from the "must not do it" lecture, but perhaps isolate this machine from the rest of your network.


What does this tag do
920 posts

Ultimate Geek
+1 received by user: 185

Subscriber

  Reply # 1940176 16-Jan-2018 20:46
Send private message quote this post

What CPU are you using? If it is Haswell or newer it shouldn't suffer a performance hit is my understanding (if the chip supports PCID and INVPCID)

 

https://www.sqlskills.com/blogs/glenn/checking-your-intel-processor-features-regarding-the-meltdown-exploit/


2620 posts

Uber Geek
+1 received by user: 207

Trusted

  Reply # 1940183 16-Jan-2018 20:58
One person supports this post
Send private message quote this post

Keep it updated! However, you can change the connection to ‘metered’ which gives you a bit more control over downloads and reboots.




Check out my LPFM Radio Station at www.thecheese.co.nz cool

 

 

 

Use this link to sign up to Bigpipe broadband and you'll get $20 off your first bill: Referral Link




2362 posts

Uber Geek
+1 received by user: 1019


  Reply # 1940216 16-Jan-2018 21:47
Send private message quote this post

yitz: What do you mean by security updates? I believe Windows Defender still does its definition updates, but that has never caused scheduled reboots for me. I'm not using version 1709 though and I believe there have been some changes in the security front i.e. integrating firewall, system updates etc.. all under the 'Windows Defender' brand.

 

I want to block specifically the Spectre and Meltdown patches, at least until questions of the performance hit they cause, and reports that they are bricking some machines are resolved to my satisfaction.

 

I also want to stop anything that will cause automatic updates and reboots. I want any updates and rebooting to occur when I want them to, and the out of hours operation filters don't let me do that sufficiently. At most I seem to be able to lock in a few hours delay, provided I remember to do so to suit whatever job I have just started running.

 

In short, I want the same control over updates that earlier versions of Windows gave me, given that it's hardware that I own.


What does this tag do
920 posts

Ultimate Geek
+1 received by user: 185

Subscriber

  Reply # 1941213 16-Jan-2018 21:51
2 people support this post
Send private message quote this post

Nice little tool from GRC InSpectre which lets you see the status of your machine and disable the mitigations (for performance reasons etc); so let Windows update and try it out instead

 

I just checked and found my Dell XPS already has the hardware mitigations - guess I can stop checking for BIOS updates!

 

 

 

If you want control over how often Windows updates - upgrade to Win 10 Pro. It is worth the upgrade just to be able to control when updates happen and change to a business release cycle


IcI

596 posts

Ultimate Geek
+1 received by user: 132

Trusted

Reply # 1941227 17-Jan-2018 00:01
Send private message quote this post

JimmyH: ... Ideally I don't want to have to spring the extra to upgrade Windows to the Pro version so that I can disable updates using the group policy editor, ...
Group Policy Editor is the fancy GUI way of updating the Registry. While not all keys & values apply to Home vs. Pro most of them do. Search here for the GPO that you want to set and implement the manual Registry key yourself.

 

JimmyH: ... I want to be clear I'm also not looking for stern homilies about why I should leave updates enabled and why/how they protect me. ...
Oblivian: Ironically the latest updates have started to allow you to stop/delay the very functional concerns you have ...
In Win10 Build 1709, you actually have three different options. See picture below.

 

     

  1. Choose your channel

     

       

    1. Semi Annual channel (Targeted) (previously known as CB?)
    2. Semi Annual channel (previously known as CBB?)

     

  2. Defer updates up to 365 days
  3. Pause updates up to 35 days (This is the option I recommend you take)

 

Click to see full size

 

yitz: Through services.msc stop and disable the Windows Update service.
Also include the BITS service.

 

 


1903 posts

Uber Geek
+1 received by user: 654

Trusted

  Reply # 1941239 17-Jan-2018 06:29
2 people support this post
Send private message quote this post

Follow the advise of @jnimmo.  Don't disable updates, disable the software mitigations.


1323 posts

Uber Geek
+1 received by user: 282


  Reply # 1942008 18-Jan-2018 13:43
Send private message quote this post

disabling the update service no longer works long term.
Win will actually just re-enable it .

 

try this
https://www.tenforums.com/tutorials/8013-enable-disable-windows-update-automatic-updates-windows-10-a-50.html#post1236513
Remove "SoftwareDistribution" and create a nonexistent shortcut to it, checking for updates will fail.

 

There are often very good reasons to disable winupdates . MS are actively making that harder and closing the workarounds
Some of the old methods to disable/block Win10 updates no longer work.

 

Not having the latest patches actually isnt the end of the world, and is absolutely no guarantee that you PC wont get infected hacked
Plenty of fully up to date PC's get all sorts of malware
Plenty of NOT up to date PC never get malawre,hacked etc.
Perhaps if MS would like to stop delivering unwanted CRAP via the update process smile

 

Plenty of laptops fail on major build updates, they just keep downloading GB's of that build update & fail, needing a MANUAL
build update install .


Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Apple’s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44


New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.