Microsoft limits direct update downloads
Microsoft announced on April 29, 2016 on the official Microsoft Security Response Center (MSRC) blog that it won't make available some updates via the company's Download Center starting May 10, 2016.
When it comes to updates for the Windows operating system, Windows users had several options to download and install the updates that Microsoft created.
Windows Update is without doubt the primary source for updates since Windows is configured to check and download updates automatically by default.
While that is the most convenient method to obtain updates for Windows, it may not be the safest option from a user's point of view.
Windows 7 and 8.x users for instance who don't want to upgrade to Windows 10 need to make sure that "get Windows 10" updates are not installed on their systems as the upgrade to Windows 10 may happen automatically afterwards.
Additionally, the past has shown that updates may break the operating system or some functionality. This can be something as simple as a driver update that is delivered through Windows Update, the removal of installed programs, or critical errors that block the operating system from booting.
It is recommended to research updates before they are installed which usually means disabling automatic updates and waiting hours or even days before updates are installed manually.
While you can uninstall Windows updates, and even block them, it is better to avoid this situation altogether by disabling automatic updates and researching updates before installing them.
Microsoft limits direct update downloads
Microsoft will block some updates from the Microsoft Download Center starting May 10. According to the post on the MSRC blog, security bulletins will point to the Microsoft Update Catalog when updates are not listed on the company's Download Center website.
Starting May 10, some updates will no longer be available from the Microsoft Download Center.
Security bulletins will continue to link directly to the updates, but will now point to the packages on the Microsoft Update Catalog for updates not available on the Microsoft Download Center.
This has the following implications:
- Windows users who download updates directly cannot use Microsoft's Download Center anymore for that exclusively as some/all security updates won't be listed on the site for download anymore.
- The Microsoft Update Catalog works only in Internet Explorer 6 or higher. Google Chrome, Mozilla Firefox and even Microsoft Edge cannot be used to use the service.
- It is unclear if the change affects only Security Bulletins, or if non-security updates are affected by the change as well.
- It is unclear right now whether Security ISO images will feature those updates.
- It is unclear if third-party update downloaders will find a way to cope with the situation to provide users with all updates.
As mentioned earlier, it is unclear why Microsoft makes the change. A theory is that the company prepares to make updates Windows Update exclusive for home users, as the Microsoft Update Catalog is designed for Enterprise and business customers.
For now, Windows users can use the Windows Update Catalog or third-party download software like WSUS Offline Update that still works to grab updates.
Yep, I also have Linux on my machine. Ubuntu 14.04. I got angry at MS tactics and I decided to wipe the copy of Windows 8.1 I had installed on my HDD. I just said ‘F this S…’ lol.
Me like you, liked Windows 7. But Windows 8.1 is just ugly. And Win 10 is a nightmare.
@ A difft Martin ……. It is quite possible that when u installed KB3146449 for yr IE 11 in March 2016, u hv also installed the Win 10-style Telemetry/Spyware/NSA update. Hence, u did hv any problem installing security updates via Windows Update in the Control Panel in April 2016.
Bear in mind that M$ could hv sneaked their Win 10 nagware n NSA spyware into any of the security updates.
@ A Difft Martin ……. correction … did not hv any problem ….
@ TJ ……. My main browser is Firefox n secondary is Chrome. I kept IE around, just in case, since I’m using M$’s Win 7 n M$ r well known for their shenanigans, eg WAT(activation), Secure Boot/UEFI, TPM 2.0, patent-trolling Android OEMs, etc. I may hv been proven right with this latest move by M$ to hv all their manual security updates available only at M$ Update Catalog which can only be accessed with IE 6 or above.
Worse come to worse, I can make do without any security updates from M$. I may also move to Linux Mint. There r still millions of Win XP cptrs chugging along fine without any security updates. U just need to know how to avoid phishers, malware n viruses thru safe-practice n safe-browsing, similar to safe-sex.
@ michael.louwe: Would you like to buy some vowels? I have several dozen spare i o u’s around somewhere :)
I too have IE11, as a very very very last resort (and it’s locked down with no plugins/addons allowed and settings are pretty tight etc).In order, I use FF, Iron, Chrome and Opera (and I’ll soon add Vivaldi). I also have TOR. In fact, I also have the last 20 FF major releases in pristine default mode (for research purposes). All these are portable, btw. As others have mentioned, IE is needed for manual windows updates (I haven’t done any for about 18 months), but also used by Skype (which I don’t use but have an account and a portable Skype client).
I too have a Linux Mint machine, and have been playing around with various programs – Win7 will be my last machine for daily use, but I will probably have a Win10 for tech reasons. Mint, or some other Linux flavor will be my next home, and I plan on making every thing I do on windows as easy or better on Linux over the next year.
I also agree on your analysis about people using common sense to avoid security/virus issues, although I believe most infections occur nowadays from third party web sites, even without user interaction (and that requires more than common sense, it requires proactive blocking on the part of the end user).
A question for A Different Martin and michael.louwe.
WHY are you still using IE 11 ? I disabled IE 11 last July.
I use Cyberfox (main) and Chrome (secondary) browsers. Both, particularly Cyberfox, are far superior to IE 11 with regard to extensions and telemetry “phone home” configuration.
I do not let Win 7 auto install updates and I have now 12 hidden “security updates” for IE 11.
I have had no problems re viruses, trojans, nagware.
I do not use GWX Control Panel.
Time to change browsers ?
Internet Explorer hasn’t been my primary (or even secondary) browser for so long I can’t remember when it was. However, there are a small number of circumstances when Internet Explorer is the only browser that works. The Windows Update Catalog, mentioned as the sole source for certain security updates in this very article, is one example, and you can still run into the odd non-Microsoft site that only works in IE. Apart from launching IE to install Flash Player ActiveX updates, I use it maybe three or four times a year. I install IE security updates for these rare occasions.
I disabled automatic updating in Windows Update last fall, when Microsoft started releasing a rash of buggy updates and when I finally deemed the GWX program to be malware. I’ve left automatic updating enabled on my dad’s laptops because (1) they run Windows 7 Enterprise, (2) his work’s sysadmins don’t do routine maintenance on laptops, (3) he never checks for updates on his own, and (4) Microsoft isn’t foisting GWX on Windows 7 Enterprise (yet?). We’ve been lucky so far and he hasn’t been hit with any buggy patches. (A friend of mine has, and it would have been catastrophic if he hadn’t had a pre-Patch-Tuesday clone of his system drive.)
Finally, I haven’t detected any malware on my computer in a pretty long time. A bitcoin miner that was bundled with a copying utility (UltraCopier?) slipped past me a couple of years ago, and I uninstalled it. GWX slipped past me initially, and I uninstalled that. Apart from that, I can’t remember the last bona fide malware or PUP I found on my system. I have vague recollections of minor stuff getting through before I started using NoScript, but since then, nada.
Fyi, since the April 2016 Patch Tuesday, it seems, Win 7/8.1 users who hv refused to install all the Win 10 upgrade nagware n Win 10-style Telemetry/Spyware updates, could no longer download n install security updates via Windows Update in the Control Panel. They hv to go to M$ Download Center to manually install the updates individually or one by one. MDC allows most browsers to install security updates.
…….Only Internet Explorer can be used with the M$ Update Catalog to install security updates. So happened, M$ had sneaked the Win 10 upgrade nagware into the “Security Update for IE 11″(KB3146449) during the March 2016 Patch Tuesday, catching many Win 7/8.1 users unawares = the Win 10 upgrade auto-installed in their cptrs.
Seems, M$ wanna force non-sheeplike Win 7/8.1 users to install their Win 10-related updates by deprecating their updating process.
On what are you basing this claim? Microsoft just re-(re-re-re-)released the KB3035583 Get Windows 10 nagware patch as an “optional” update. Are you suggesting that if I don’t install it, I will no longer be able to install legitimate security updates via Windows Update?
For what it’s worth, I just hid KB3035583 (again), as I have hidden all Windows-10-releated updates I’ve come across. (I run GWX Control Panel, but I’m a belt-and-suspenders man.) If I run into trouble next Patch Tuesday — or earlier, I suppose, if an interim security update is released — I’ll check out your claim. It sounds like something Satya Nadella would do, but for now, I’m skeptical.
@michael.louwe:
No, GWX Control Panel did not prevent the nagware-infected Internet Explorer 11 security update from being installed. As I understand it, the legitimate portion of the security update was pretty important to install, so … there was really no choice.
Incidentally, to my knowledge GWX Control Panel has never prevented any Windows-10-related updates from being installed on my system, because I’ve never given it a chance to. Since realizing that I could no longer trust Microsoft, I’ve done my best to vet every update proposed in Windows Update and I’ve hidden all of the ones I don’t want. GWX Control Panel is there as a failsafe, in case I miss something. I don’t think I have so far (so I don’t know if GWX Control Panel actually works!).
In completely unrelated news, I read that Ubuntu 16.04 now offers something called “snap” packages, where you can easily install an app and its requisite libraries in a separate package, so that the libraries the app needs don’t overwrite different (older or newer) library versions needed by other, standard apps. Apparently, this is a pretty big deal. On the other hand, I read an article by some Linux guy claiming that snap packages were insecure. I’m a noob, but it sounded to me like he was nitpicking. Overall, it’s comforting to know that I have somewhere to go when Microsoft finally becomes too obnoxious to bear.
@ A difft Martin ,,,,,,, In that case, it is likely that Win 7/8.1 users who hv not installed the Win 10-style Telemetry/Spyware/NSA updates, could no longer download n install security updates via Windows Update.
…….The above change by M$ to the manual updating process via M$ Download Center is likely for the purpose of “hassling” such Win 7/8.1 users with extra hoops n hurdles, in order to push them to install their NSA spyware updates. It’s also possible that M$ will even stop manual updating for Win 7/8.1 users via the M$ Update Catalog by making the security updates unavailable.
KB3035583 is quite irrelevant bc M$ is now sneaking the Win 10 upgrade nagware into the various security updates for Win 7/8,1 cptrs, eg the Windows Malicious Software Removal Tool, Security Update for Win 7/8.1, etc, in order to catch Win 7/8.1 users unawares n auto-install the Win 10 upgrade on their cptrs.
Did GWX Control Panel stop the sneaky KB3146449 update during the March 2016 Patch Tuesday.? If this security update for IE 11 got installed, the Win 10 upgrade nagware will pop-up for 2 instances. If the Win 7/8.1 users did not specifically cancel or reschedule the upgrade for both instances, the Win 10 upgrade will auto-install after 60 minutes from the 2nd pop-up window or at the next shutdown/start.
…….To cancel the upgrade, the users hv to click on a non-obvious html link for the word “here” in the pop-up window. Clicking the “X” to close the pop-up window does not cancel the upgrade.
Please excuse my question but I am an illiterate with this kind of stuff. Does the article imply that I cannot check for and get all the updates by using the “check for updates” thing on my pc ?
This would not make any sense to me. Or is this another way from MS to push users into Win10?
MS confuses me every time they come out with their statements. They just don’t bring any joy into my life.
Martin, thanks for the article. Usually your articles are extremely helpful for me to try to understand more of this PC and Windows stuff. But this time I read it over and over again and didn’t get it. And by the soul of my dead hamster I swear I am absolutely sober.
So if someone could put this in very simple words it would be highly appreciated. Thank you.
No that is not the case. Check for updates won’t change. Some users prefer to download updates that are downloaded to your system automatically, manually instead. So, instead of using “check for update”, they go to a Microsoft website and download them from there.
Thank you, Martin for your very helpful explanation. So I will continue to check for updates using the build in thing on my computer.
MS should be thankful for people like you. You explain what they are doing. But maybe they don’t want people to understand. That would make your work even more important. Anyways, thank you again for your help and continue your fine work. People like me need you.
Relying on ActiveX in 2016, now that’s retro.
That Indian guy is way worst than Ballmer!
Microsoft is getting ridiculous by the day.
CEO Mola Ram. Microsoft “hearts” you.
Don’t know what Microsoft’s issue is anymore, but the only thing they’ve pushed me away from is Windows!
They’re getting to the point of being dumber than a box of rocks and more obnoxious than my mother in law!!
LOL!
If Microsoft were Linux:
sudo apt-get update && sudo apt-get upgrade –make-all-patch-descriptions-generic –add-borkage –ignore-user-settings –attempt-windows10-install –make-life-difficult-for-windows7-lagards –add-more-windows10-spyware –retrospectively-install-spyware-on-windows7 –remove-reference-to-windows7-end-of-life –prevent-linux-install –remove-google-from-cortana –give-away-windows-phone-for-that-dev-willing-to-make-a-windows-store-only-app-that-does-not-suck –uninstall-competitors-apps-without-user-consent –poach-some-linux-dude –bring-back-the-paper-clip –promote-the-cloud-to-maintain-muggle-control
I lost it at –bring-back-the-paper-clip. LOL.
@ Alan Robertson:
You’ve done a fine job of porting the Windows Update experience to Linux. It’s been around a year since Microsoft pushed its first Windows-10-readiness telemetry bots via Windows Update, and by now, where Microsoft is concerned, everybody expects the Spanish Inquisition.
@Alan Robertson,
Good one! I think I will try that on my Linux box.
Cue “Zombie Aporkalypse Now”
LOL
@ Alan
Reading your post exhausted me. I had to go for a lie down to recover.
Very good summation of MS home invasion tactics :D
Maybe they’ll overhaul the Update Catalog site so that it no longer relies on ActiveX and IE6.
Also, the MSRC team only mentions security bulletins so it obviously applies to those only. The Update Catalog isn’t a replacement for the Download Center.