Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


2560 posts

Uber Geek
+1 received by user: 1207


Topic # 228668 16-Jan-2018 18:42
Send private message

I have a machine that I use for performance tasks, such as heavy-duty video encoding, and it doesn't really hold *any* sensitive information.

 

I have read about the Spectre and Meltdown patches damaging performance generally, as well as (in some cases) making machines unusable. I have already had experience of having to roll the Creator's Update back after it broke some functionality I was using.

 

I am aware that I can disable updates using the group policy editor on the Pro version of Windows, but I only have the Home version installed on that box. Is there any way of disabling updates on a Windows 10 box. I would rather not take the performance hit, ongoing risk of stuff breaking, and the general annoyance at this point. So, does anyone know how to do this and, if so, how do you do it?

 

Ideally I don't want to have to spring the extra to upgrade Windows to the Pro version so that I can disable updates using the group policy editor, but I guess I will have to do so if there is no other way. I also don't want to have to block all the update IPs at the router, as that would disable updates on my other box and the Wife's laptop, both of which I do want to keep updated.

 

To stop this going down a side-alley, I want to be clear I'm also not looking for stern homilies about why I should leave updates enabled and why/how they protect me. I'm aware of that and the risks involved in disabling them.


Filter this topic showing only the reply marked as answer Create new topic
1579 posts

Uber Geek
+1 received by user: 154

Trusted

  Reply # 1940085 16-Jan-2018 19:09
One person supports this post
Send private message

What CPU do you have?

 

Is the video processing is being accelerated by your GPU at all?

 

Have you seen benchmarks for the exact workload you're using, alot are for benchmark apps and dont really represent real world...

 

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


1256 posts

Uber Geek
+1 received by user: 288


  Reply # 1940090 16-Jan-2018 19:22
Send private message

Through services.msc stop and disable the Windows Update service.

BDFL - Memuneh
61323 posts

Uber Geek
+1 received by user: 12065

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1940095 16-Jan-2018 19:25
8 people support this post
Send private message

Please do not disable Windows Update. You might think "this machine doesn't hold any private information" but seriously it can be a vector to other stuff too.

 

Keep it updated.







2560 posts

Uber Geek
+1 received by user: 1207


  Reply # 1940138 16-Jan-2018 20:22
Send private message

yitz: Through services.msc stop and disable the Windows Update service.

 

Great. Thanks.

 

I will see if that does the trick. For some reason I didn't find that in any of my googling, just lots of guides using the group policy editor that requires me to have the pro version of Windows.

 

freitasm:

 

Please do not disable Windows Update. You might think "this machine doesn't hold any private information" but seriously it can be a vector to other stuff too.

 

Keep it updated.

 

 

I understand that. But I have done so anyway.

 

I might re-enable it when I have seen whether the latest patches break Windows or not.

 

Plus, I would rather update manually at a time of my choosing. The automated version is really annoying me. There is nothing worse than queuing up a 10 hour video encoding job and going to bed, then waking up in the morning to discover that the machine updated and rebooted itself in the wee small hours and the whole job failed.

 

I would be less annoyed if it behaved the same way as Windows 7 and applied the updates when I manually shut down the machine rather than automatically. And the ability to exclude certain hours from automatic restarts isn't a wide enough window for my use case.




2560 posts

Uber Geek
+1 received by user: 1207


  Reply # 1940142 16-Jan-2018 20:30
Send private message

Curses, I have just checked further.

 

It would appear that the method above will disable most updates, but not security updates.

 

Unless anyone knows any more tricks, it looks like I might have to shell out for the Pro version just to bring my install under control.

 

Does anyone know how to block the security updates on the home version?


2802 posts

Uber Geek
+1 received by user: 298


  Reply # 1940143 16-Jan-2018 20:32
Send private message

Ironically the latest updates have started to allow you to stop/delay the very functional concerns you have.

you can specify out of hours operation filters.

1256 posts

Uber Geek
+1 received by user: 288


  Reply # 1940171 16-Jan-2018 20:36
Send private message

JimmyH:

 

It would appear that the method above will disable most updates, but not security updates.

 

 

What do you mean by security updates? I believe Windows Defender still does its definition updates, but that has never caused scheduled reboots for me. I'm not using version 1709 though and I believe there have been some changes in the security front i.e. integrating firewall, system updates etc.. all under the 'Windows Defender' brand.

53 posts

Master Geek
+1 received by user: 18


  Reply # 1940175 16-Jan-2018 20:46
One person supports this post
Send private message

In settings, I believe there is a way of defining your network as a metered connection. This will stop upgrades. 

 

I shall refrain from the "must not do it" lecture, but perhaps isolate this machine from the rest of your network.


What does this tag do
972 posts

Ultimate Geek
+1 received by user: 203

Subscriber

  Reply # 1940176 16-Jan-2018 20:46
Send private message

What CPU are you using? If it is Haswell or newer it shouldn't suffer a performance hit is my understanding (if the chip supports PCID and INVPCID)

 

https://www.sqlskills.com/blogs/glenn/checking-your-intel-processor-features-regarding-the-meltdown-exploit/


2678 posts

Uber Geek
+1 received by user: 225

Trusted

  Reply # 1940183 16-Jan-2018 20:58
One person supports this post
Send private message

Keep it updated! However, you can change the connection to ‘metered’ which gives you a bit more control over downloads and reboots.




Check out my LPFM Radio Station at www.thecheese.co.nz cool




2560 posts

Uber Geek
+1 received by user: 1207


  Reply # 1940216 16-Jan-2018 21:47
Send private message

yitz: What do you mean by security updates? I believe Windows Defender still does its definition updates, but that has never caused scheduled reboots for me. I'm not using version 1709 though and I believe there have been some changes in the security front i.e. integrating firewall, system updates etc.. all under the 'Windows Defender' brand.

 

I want to block specifically the Spectre and Meltdown patches, at least until questions of the performance hit they cause, and reports that they are bricking some machines are resolved to my satisfaction.

 

I also want to stop anything that will cause automatic updates and reboots. I want any updates and rebooting to occur when I want them to, and the out of hours operation filters don't let me do that sufficiently. At most I seem to be able to lock in a few hours delay, provided I remember to do so to suit whatever job I have just started running.

 

In short, I want the same control over updates that earlier versions of Windows gave me, given that it's hardware that I own.


What does this tag do
972 posts

Ultimate Geek
+1 received by user: 203

Subscriber

  Reply # 1941213 16-Jan-2018 21:51
2 people support this post
Send private message

Nice little tool from GRC InSpectre which lets you see the status of your machine and disable the mitigations (for performance reasons etc); so let Windows update and try it out instead

 

I just checked and found my Dell XPS already has the hardware mitigations - guess I can stop checking for BIOS updates!

 

 

 

If you want control over how often Windows updates - upgrade to Win 10 Pro. It is worth the upgrade just to be able to control when updates happen and change to a business release cycle


IcI

787 posts

Ultimate Geek
+1 received by user: 167

Trusted

Reply # 1941227 17-Jan-2018 00:01
Send private message

JimmyH: ... Ideally I don't want to have to spring the extra to upgrade Windows to the Pro version so that I can disable updates using the group policy editor, ...
Group Policy Editor is the fancy GUI way of updating the Registry. While not all keys & values apply to Home vs. Pro most of them do. Search here for the GPO that you want to set and implement the manual Registry key yourself.

 

JimmyH: ... I want to be clear I'm also not looking for stern homilies about why I should leave updates enabled and why/how they protect me. ...
Oblivian: Ironically the latest updates have started to allow you to stop/delay the very functional concerns you have ...
In Win10 Build 1709, you actually have three different options. See picture below.

 

     

  1. Choose your channel

     

       

    1. Semi Annual channel (Targeted) (previously known as CB?)
    2. Semi Annual channel (previously known as CBB?)

     

  2. Defer updates up to 365 days
  3. Pause updates up to 35 days (This is the option I recommend you take)

 

Click to see full size

 

yitz: Through services.msc stop and disable the Windows Update service.
Also include the BITS service.

 

 


2010 posts

Uber Geek
+1 received by user: 768

Trusted

  Reply # 1941239 17-Jan-2018 06:29
2 people support this post
Send private message

Follow the advise of @jnimmo.  Don't disable updates, disable the software mitigations.


1552 posts

Uber Geek
+1 received by user: 353


  Reply # 1942008 18-Jan-2018 13:43
Send private message

disabling the update service no longer works long term.
Win will actually just re-enable it .

 

try this
https://www.tenforums.com/tutorials/8013-enable-disable-windows-update-automatic-updates-windows-10-a-50.html#post1236513
Remove "SoftwareDistribution" and create a nonexistent shortcut to it, checking for updates will fail.

 

There are often very good reasons to disable winupdates . MS are actively making that harder and closing the workarounds
Some of the old methods to disable/block Win10 updates no longer work.

 

Not having the latest patches actually isnt the end of the world, and is absolutely no guarantee that you PC wont get infected hacked
Plenty of fully up to date PC's get all sorts of malware
Plenty of NOT up to date PC never get malawre,hacked etc.
Perhaps if MS would like to stop delivering unwanted CRAP via the update process smile

 

Plenty of laptops fail on major build updates, they just keep downloading GB's of that build update & fail, needing a MANUAL
build update install .


Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.