Living Peacefully Without Windows 10
I have a single Windows 7 box. My original hard drive is infected with the GWX (Get Windows 10) malware. I cloned that drive, shrunk the partitions, and then reinstalled Windows 7 using the recovery partition. Before I connected the network cable, I configured the updating processes to download or install nothing automatically and ignore recommended updates. Updating Windows 7 is now fully manual.
With all updates needing my explicit approval, I allowed only security and certain .NET patches. All optional updates got the boot. I hide those updates.
I do not have the time to investigate each update through the Microsoft knowledge base, especially when many of the descriptions are purposely vague.
I installed a GWX tracking software. Thus far I have seen no reports of GWX infection.
I installed a Linux based system in a dual boot configuration. I created a virtual machine and use the Windows 7 partitions as raw disks. The setup works nicely. I do not need to dual boot to Windows 7. I just run Windows inside the virtual machine.
To all computers in my network my main server provides DNS lookups and name caching through dnsmasq. Even my VLANs in my router use the server for lookups. The Windows 7 box is connected to one of my VLANs. I have a special dnsmasq hosts file with known Microsoft URLs. All are blocked. While many Microsoft IP addresses are hard-coded into the system and cannot be blocked through DNS lookups, this nominal trick does reduce “telemetry” traffic. As I have been careful to avoid GWX infections, to my knowledge none of the newer telemetry patches are installed.
While a few people online have conducted some basic testing of Microsoft phone home nonsense and telemetry, I have yet to see a good test plan that others can follow. I have not seen any meaningful reports of what all of these connections mean. I have not seen detailed plans for blocking all unwanted Microsoft connections.
As I do not use the system in any meaningful productive way, I have no idea whether my tinkering makes any difference.
As I am not a network guru I have no way of knowing what is being blocked and what is not.
With my configuration there is more work involved with controlling Windows updates. Thus far this seems to be a good way to ensure I control the system. This is very similar to how most people update a Linux based system. Most people review Linux updater notices before allowing the updates to proceed. In essence then updating updating the Windows box is no different than updating any of my Linux systems.
I never update the system without scanning the web for details about the updates. Recently the Microsoft folks stooped lower than usual with their deceptive ways by adding GWX nag notices into an IE 11 security update. I never use IE. The update files never got installed on my system.
By the way, I have a Windows 10 virtual machine. Thus far all I have done is tinker with removing cruft, disabling privacy nonsense, disabling the torrent-like file sharing for updates, and remove the noisy and never stopping metro live tiles.
The other day I crossed paths with a person who had just bought a new computer with Windows 10 preinstalled. He had to bring the computer to a shop to remove malware.