Jump to content

Microsoft is downloading Windows 10 to your machine 'just in case'


Recommended Posts

  • ESET Moderators
Posted

Hello SweX, thanks for sharing!

Posted

Thanks for the warning SweX-I'll try to keep those updates at bay (they're persistent little buggers :angry:).

Posted (edited)

 

Here is a guide I compiled on how to hide the bad updates that introduce Telemetry / Windows 10 Upgrade:

 

Updates to hide to prevent Windows 10 Upgrade / Disable Telemetry

 

 

OT: (Not ESET related)

 

What do you think about this list? Go with 0.0.0.0 or 127.0.0.1? Why " ::1 localhost " at the end?

 

https://github.com/trcyberoptic/WindowsLies/blob/master/hosts

Edited by Seth
Posted (edited)

 

 

Here is a guide I compiled on how to hide the bad updates that introduce Telemetry / Windows 10 Upgrade:

 

Updates to hide to prevent Windows 10 Upgrade / Disable Telemetry

 

 

OT: (Not ESET related)

 

What do you think about this list? Go with 0.0.0.0 or 127.0.0.1? Why " ::1 localhost " at the end?

 

https://github.com/trcyberoptic/WindowsLies/blob/master/hosts

 

This is the General Discussion forum so it's fine to discuss OT I believe.

 

Do not use 0.0.0.0 . From my testing, 0.0.0.0 doesn't always block the IP, tested on both Windows 10 and 8 so that's why now I always use 127.0.0.1 and the IPs do actually get blocked.

 

This is my custom hosts file that I use which blocks telemetry, OpenCandy malware, and a few bad sites like SourceForge which now inject malware into the open source/free software downloads.

 

Why the ::1             localhost at the end? well that's how the example is set in the hosts file when you first open it in any Windows, don't know the technicality behind it, but that's what it says it should have at the end of the list.....

 

 

my hosts file:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost

127.0.0.1 localhost
127.0.0.1 bi.bisrv.com
127.0.0.1 www.softonic.com
127.0.0.1 softonic.com
127.0.0.1 sourceforge.net
127.0.0.1 www.bestvistadownloads.com
127.0.0.1 image.online-convert.com/convert-to-ico
127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com
127.0.0.1 offer.alibaba.com
127.0.0.1 a.ads1.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 a.ads2.msn.com
127.0.0.1 ads1.msads.net
127.0.0.1 ads1.msn.com
127.0.0.1 adsmockarc.azurewebsites.net
127.0.0.1 ads.msn.com
127.0.0.1 b.ads1.msn.com
127.0.0.1 b.ads2.msads.net
127.0.0.1 bingads.microsoft.com
127.0.0.1 dl.delivery.mp.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 sb.scorecardresearch.com
127.0.0.1 spynet2.microsoft.com
127.0.0.1 spynetalt.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.microsoft.com
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 wes.df.telemetry.microsoft.com
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nstac.net
127.0.0.1 df.telemetry.microsoft.com
::1 localhost

You will notice that my Telemetry list does not include all the addresses found on other sites, reason being, I removed some addresses which if added will break a lot of the OS functionality like the ability to login to OneDrive for example, so I only kept the safe ones. This will not mess up your OS yet still give you very good protection in addition to NOD32 offcourse :D

Edited by Matrix Leader
Posted

::1 is IPv6 address for localhost.

 

Also MS could be using IPv6 addresses if your router and ISP support IPv6.

Posted

::1 is IPv6 address for localhost.

 

Also MS could be using IPv6 addresses if your router and ISP support IPv6.

sorry didn't understand that........can you elaborate please? is there anything I need to edit in my hosts file?

Posted (edited)

 

 

 

Here is a guide I compiled on how to hide the bad updates that introduce Telemetry / Windows 10 Upgrade:

 

Updates to hide to prevent Windows 10 Upgrade / Disable Telemetry

 

 

OT: (Not ESET related)

 

What do you think about this list? Go with 0.0.0.0 or 127.0.0.1? Why " ::1 localhost " at the end?

 

https://github.com/trcyberoptic/WindowsLies/blob/master/hosts

 

This is the General Discussion forum so it's fine to discuss OT I believe.

 

Do not use 0.0.0.0 . From my testing, 0.0.0.0 doesn't always block the IP, tested on both Windows 10 and 8 so that's why now I always use 127.0.0.1 and the IPs do actually get blocked.

 

This is my custom hosts file that I use which blocks telemetry, OpenCandy malware, and a few bad sites like SourceForge which now inject malware into the open source/free software downloads.

 

Why the ::1             localhost at the end? well that's how the example is set in the hosts file when you first open it in any Windows, don't know the technicality behind it, but that's what it says it should have at the end of the list.....

 

 

my hosts file:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost

127.0.0.1 localhost
127.0.0.1 bi.bisrv.com
127.0.0.1 www.softonic.com
127.0.0.1 softonic.com
127.0.0.1 sourceforge.net
127.0.0.1 www.bestvistadownloads.com
127.0.0.1 image.online-convert.com/convert-to-ico
127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com
127.0.0.1 offer.alibaba.com
127.0.0.1 a.ads1.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 a.ads2.msn.com
127.0.0.1 ads1.msads.net
127.0.0.1 ads1.msn.com
127.0.0.1 adsmockarc.azurewebsites.net
127.0.0.1 ads.msn.com
127.0.0.1 b.ads1.msn.com
127.0.0.1 b.ads2.msads.net
127.0.0.1 bingads.microsoft.com
127.0.0.1 dl.delivery.mp.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 sb.scorecardresearch.com
127.0.0.1 spynet2.microsoft.com
127.0.0.1 spynetalt.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.microsoft.com
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 wes.df.telemetry.microsoft.com
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nstac.net
127.0.0.1 df.telemetry.microsoft.com
::1 localhost

You will notice that my Telemetry list does not include all the addresses found on other sites, reason being, I removed some addresses which if added will break a lot of the OS functionality like the ability to login to OneDrive for example, so I only kept the safe ones. This will not mess up your OS yet still give you very good protection in addition to NOD32 offcourse :D

 

Ok. I did not know that. Great job on the guide :)

 

I also read your guide for Windows 10 and noticed that you install the drivers last after creating a system image and it make sense. But when you do a clean install of Windows you need the LAN driver installed if you gonna install the updates. What do you think about this?

 

1. Clean install of Windows 7

2. Setup the Services, Group Policy, Task Scheduler and Hosts file

3. Install LAN driver

4. Update

5. Create a system image (this could be done also after 2)

6. Install remaining drivers

Edited by Seth
Posted

 

 

 

 

Here is a guide I compiled on how to hide the bad updates that introduce Telemetry / Windows 10 Upgrade:

 

Updates to hide to prevent Windows 10 Upgrade / Disable Telemetry

 

 

OT: (Not ESET related)

 

What do you think about this list? Go with 0.0.0.0 or 127.0.0.1? Why " ::1 localhost " at the end?

 

https://github.com/trcyberoptic/WindowsLies/blob/master/hosts

 

This is the General Discussion forum so it's fine to discuss OT I believe.

 

Do not use 0.0.0.0 . From my testing, 0.0.0.0 doesn't always block the IP, tested on both Windows 10 and 8 so that's why now I always use 127.0.0.1 and the IPs do actually get blocked.

 

This is my custom hosts file that I use which blocks telemetry, OpenCandy malware, and a few bad sites like SourceForge which now inject malware into the open source/free software downloads.

 

Why the ::1             localhost at the end? well that's how the example is set in the hosts file when you first open it in any Windows, don't know the technicality behind it, but that's what it says it should have at the end of the list.....

 

 

my hosts file:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost

127.0.0.1 localhost
127.0.0.1 bi.bisrv.com
127.0.0.1 www.softonic.com
127.0.0.1 softonic.com
127.0.0.1 sourceforge.net
127.0.0.1 www.bestvistadownloads.com
127.0.0.1 image.online-convert.com/convert-to-ico
127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com
127.0.0.1 offer.alibaba.com
127.0.0.1 a.ads1.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 a.ads2.msn.com
127.0.0.1 ads1.msads.net
127.0.0.1 ads1.msn.com
127.0.0.1 adsmockarc.azurewebsites.net
127.0.0.1 ads.msn.com
127.0.0.1 b.ads1.msn.com
127.0.0.1 b.ads2.msads.net
127.0.0.1 bingads.microsoft.com
127.0.0.1 dl.delivery.mp.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 sb.scorecardresearch.com
127.0.0.1 spynet2.microsoft.com
127.0.0.1 spynetalt.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.microsoft.com
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 wes.df.telemetry.microsoft.com
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nstac.net
127.0.0.1 df.telemetry.microsoft.com
::1 localhost

You will notice that my Telemetry list does not include all the addresses found on other sites, reason being, I removed some addresses which if added will break a lot of the OS functionality like the ability to login to OneDrive for example, so I only kept the safe ones. This will not mess up your OS yet still give you very good protection in addition to NOD32 offcourse :D

 

Ok. I did not know that. Great job on the guide :)

 

I also read your guide for Windows 10 and noticed that you install the drivers last after creating a system image and it make sense. But when you do a clean install of Windows you need the LAN driver installed if you gonna install the updates. What do you think about this?

 

1. Clean install of Windows 7

2. Setup the Services, Group Policy, Task Scheduler and Hosts file

3. Install LAN driver

4. Update

5. Create a system image (this could be done also after 2)

6. Install remaining drivers

 

For Windows 10:

 

I install all the latest drivers before even going online, reason being, if you don't do that, Windows 10 will automatically start downloading/installing all drivers that it can from Windows update and what's worse is the darn thing installs them all in one shot, often breaking functionality or affecting system stability. This way, since I already installed the latest drivers before going online, Windows update has nothing to install other than a few updates.

 

For Windows 7, I install only the WLAN Drivers (or LAN drivers if you wish), go online, do all the updates except the bad ones, then create a system image in case we ever wanna go back.....

 

now I install the latest drivers. The updates are important to be installed before installing the drivers are there are a lot of changes to both the Kernel and Driver Framework in these updates so it's best to have all the latest updates before installing your drivers although this is not mandatory.

  • 3 weeks later...
Posted (edited)

 

::1 is IPv6 address for localhost.

 

Also MS could be using IPv6 addresses if your router and ISP support IPv6.

sorry didn't understand that........can you elaborate please? is there anything I need to edit in my hosts file?

 

Would like to know also? Maybe add all IPv4 addresses to IPv6 (::1) too?

​@ Matrix Leader

You wrote in the guide that you should install the Disable IE 10 and IE 11 toolkit to prevent KB2670838 that come bundled with them wich breaks AERO functionality. Dont you think its wise to have the latest version of Internet Explorer for security reasons in case older versions have security flaws? I know there are other web browser but Windows depends on Internet Explorer for some cases and having an updated version that may have less or even not at all security flaws is more wiser? Is it not possible to uninstall KB2670838 after updated to newest version of Internet Explorer?

Edited by Seth
  • Most Valued Members
Posted

also if someone disables or removes IE it will break the funcionaluty of skype and many other programs that depend on critical IE files.

Posted

 

::1 is IPv6 address for localhost.

 

Also MS could be using IPv6 addresses if your router and ISP support IPv6.

sorry didn't understand that........can you elaborate please? is there anything I need to edit in my hosts file?

 

Would like to know also? Maybe add all IPv4 addresses to IPv6 (::1) too?

​@ Matrix Leader

You wrote in the guide that you should install the Disable IE 10 and IE 11 toolkit to prevent KB2670838 that come bundled with them wich breaks AERO functionality. Dont you think its wise to have the latest version of Internet Explorer for security reasons in case older versions have security flaws? I know there are other web browser but Windows depends on Internet Explorer for some cases and having an updated version that may have less or even not at all security flaws is more wiser? Is it not possible to uninstall KB2670838 after updated to newest version of Internet Explorer?

1) you  can't uninstall a bundled update as it will not appear in your updates list

 

2) yes having an older IE will decrease your security, hence, do not use IE! Chrome or Firefox + AdBlock Plus add-on/extension to prevent unwanted ads, make sure you go to the filter preferences in ABP and uncheck the "allow some non intrusive ads to be displayed" most malware these days come from accidentally clicking an add which downloads some program that contains a nasty PUP

 

3) If you must use IE, then install IE 11 and live with the fuzzy fonts in some websites, you will notice it when scrolling up / down on a webpage it's horrible.

Posted

also if someone disables or removes IE it will break the funcionaluty of skype and many other programs that depend on critical IE files.

simply put, no. Skype does not depend on IE, all it does is it will install the click to call add-on to make phone numbers on web links clickable so you can call those numbers from Skype directly. It does install the same add-on for Chrome and Firefox so you aren't missing anything but not using IE.

Posted (edited)

2) yes having an older IE will decrease your security, hence, do not use IE! Chrome or Firefox + AdBlock Plus add-on/extension to prevent unwanted ads, make sure you go to the filter preferences in ABP and uncheck the "allow some non intrusive ads to be displayed" most malware these days come from accidentally clicking an add which downloads some program that contains a nasty PUP

 

Yes, but on more and more sites Adblock Plus or uBlock is not enough, because they are using now Anti-Adblock-Software like Addefend:

 

AdDefend enables you to integrate unblockable online ads into your website.

 

These Anti-Adblock programs load testpixels and use additional methods when you load such a website and if they detect that you are using an Adblocker, the website uses very aggressive methods of displaying ads i.e the ads are generated from the webdomain and not the Ad-Domain, or the website is completly blocked with activated adblocker.

 

Therefore I recommend to install greasemonkey and then Anti-Adblock-Killer Reek and to subscribe to the corresponding additional filter-list for Adblock Plus or uBlock:

Features:

Detect & Kill Anti-Adblockers

Check if Anti-Adblock Killer list is installed

Check & Notify updates

More filters for Adblockers

Edited by User
Posted

 

2) yes having an older IE will decrease your security, hence, do not use IE! Chrome or Firefox + AdBlock Plus add-on/extension to prevent unwanted ads, make sure you go to the filter preferences in ABP and uncheck the "allow some non intrusive ads to be displayed" most malware these days come from accidentally clicking an add which downloads some program that contains a nasty PUP

 

Yes, but on more and more sites Adblock Plus or uBlock is not enough, because they are using now Anti-Adblock-Software like Addefend:

 

AdDefend enables you to integrate unblockable online ads into your website.

 

These Anti-Adblock programs load testpixels and use additional methods when you load such a website and if they detect that you are using an Adblocker, the website uses very aggressive methods of displaying ads i.e the ads are generated from the wedomain and not the Ad-Domain, or the website is completly blocked with activated adblocker.

 

Therefore I recommend to install greasemonkey and then Anti-Adblock-Killer Reek and to subscribe to the corresponding additional filter-list for Adblock Plus or uBlock:

Features:

Detect & Kill Anti-Adblockers

Check if Anti-Adblock Killer list is installed

Check & Notify updates

More filters for Adblockers

 

Thanks for that man, I never knew about this, I never saw a single ad anywhere but doesn't hurt to add that extra bit of protection.

Posted

Thanks for that man, I never knew about this, I never saw a single ad anywhere but doesn't hurt to add that extra bit of protection.

 

A lot of german sites use this aggressive method like

www.focus.de

www.gamestar.de

www.stern.de

www.sat1.de

www.prosieben.de

www.kabeleins.de

www.wetter.com

www.finanzen.net

www.boerse-online.de

www.auto-motor-und-sport.de

etc.

  • 3 weeks later...
Posted (edited)

 

2) yes having an older IE will decrease your security, hence, do not use IE! Chrome or Firefox + AdBlock Plus add-on/extension to prevent unwanted ads, make sure you go to the filter preferences in ABP and uncheck the "allow some non intrusive ads to be displayed" most malware these days come from accidentally clicking an add which downloads some program that contains a nasty PUP

 

Yes, but on more and more sites Adblock Plus or uBlock is not enough, because they are using now Anti-Adblock-Software like Addefend:

 

AdDefend enables you to integrate unblockable online ads into your website.

 

These Anti-Adblock programs load testpixels and use additional methods when you load such a website and if they detect that you are using an Adblocker, the website uses very aggressive methods of displaying ads i.e the ads are generated from the webdomain and not the Ad-Domain, or the website is completly blocked with activated adblocker.

 

Therefore I recommend to install greasemonkey and then Anti-Adblock-Killer Reek and to subscribe to the corresponding additional filter-list for Adblock Plus or uBlock:

Features:

Detect & Kill Anti-Adblockers

Check if Anti-Adblock Killer list is installed

Check & Notify updates

More filters for Adblockers

 

I followed the instructions from https://github.com/reek/anti-adblock-killer#anti-adblock-killer--reek and did not work on this site: dreamfilmhd.bz

 

I have these addons installed.

ABP

HTTPS-Everywhere

Ghostery

 

What have I done wrong? Btw is it even safe to use these scripts?

Edited by Seth
  • ESET Moderators
Posted

As the discussion has gone off the original topic, I am locking this thread now.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...