OT Windows 10

I have to build some computers for homeless teens. I'm unsure if we'll be able to get W7 licenses (MS has tried to dry up the availability of older OS's to push everyone to their latest).

W10 allegedly is rife with spyware ("data collection" that MS no doubt uses to sell *you* to THEIR customers; you are no longer a customer but, rather, a commodity).

Does anyone have first-hand experience with how pervasive this is? And, if there are *reliable* ways to disable it?

Finally, how much risk these students will later be at (for it to reintroduce itself to their machines) as they accept future updates.

[I prefer to lock-down these sorts of machines so the student doesn't come looking for "support" (from me) later when an update mucks something up...] [[I'm sorely tempted to install a FOSS OS but figure that would leave them even farther out on a limb...]]
Reply to
Don Y
Loading thread data ...

Why do you "have to"? Is it a court order for your probation?

I'm on XP, and pleased with how it handles.

Reply to
Stormin Mormon

FWIW: When I worked as a volunteer computer refurbisher for a cash-poor NPO, I set the machines up with Linux.

Even unsophisticated users had no trouble.

It turned out to be the least expensive way to go, and no one ending up damaging the OS.

Using WINE, even many Windows applications will run.

Reply to
philo

I agree, but I doubt Mr. Know-it-all will!

Reply to
bob_villain

|I have to build some computers for homeless teens. I'm | unsure if we'll be able to get W7 licenses (MS has tried to | dry up the availability of older OS's to push everyone | to their latest). | You can get Win7, but it's not cheap. I've bought from this company in the past and had no problems:

buycheapsoftware.com

You can even still buy XP. (I built myself a new XP box recently. You just have to be careful about making sure the hardware has drivers available.)

| W10 allegedly is rife with spyware ("data collection" | that MS no doubt uses to sell *you* to THEIR customers; | you are no longer a customer but, rather, a commodity). | | Does anyone have first-hand experience with how pervasive | this is? And, if there are *reliable* ways to disable it? |

Not firsthand. I haven't used Win10. But I do keep track of news. Basically, you can't block it all. Microsoft now considers you to be renting services on their device. They simply will not respect or even acknowledge common notions of privacy and customer respect. They even have privacy terms and TOS now, which is, itself, rather creepy for an operationg system:

formatting link

formatting link

Actually, what they're doing is defining their product as services and devices. The terms apply to all services, with Windows being one of them. For what it's worth, here are a few more links:

formatting link

formatting link

formatting link

Microsoft reserves the right to update Win10 at their discretion, which means that even if you decide you don't mind what Win10 is now, it may not be that in a few months. Ads and spying are likely to increase over time, as they gradually acclimate the customer base to the new business model. (That's the freebie strategy. Facebook is a good example. As is Twitter. They start out free and then gradually become more exploitive as people get hooked. The kicker here, though, is that Win10 is not even free! The Win7/8 Win7/8 update is free.)

| Finally, how much risk these students will later be at | (for it to reintroduce itself to their machines) as they | accept future updates.

The latest news is that the following Registry setting works, but it's a shifting landscape. The only safely stable approach is to disable Windows Update. MS wants to convert everyone to Win10 services. They're not likely to give up.

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DWORD value: DisableOSUpgrade = 1

| [I prefer to lock-down these sorts of machines so the | student doesn't come looking for "support" (from me) | later when an update mucks something up...] | | [[I'm sorely tempted to install a FOSS OS but figure that | would leave them even farther out on a limb...]]

You could install Linux, then give them Libre Office and Firefox. The problem there, though, is that they won't be able to do much else with it. And Linux support is terrible because there's constant version churn.

Reply to
Mayayana

Once I had the Linux machines setup, I did not bother with updates or new versions. Everything was fine.

The only time I worked on a machine was when there was a hardware failure, and at that time I would possibly decide to upgrade the OS

Some of the machines ran for years with no maintenance and when I did finally have to work on one I had little more to do than simply delete Windows malware downloaded to the desktop

That said: I did also have to maintain the "production" computers that ran Windows. Since the organization qualified, I passed the test required to become a "Microsoft Authorized Refurbisher" and they were able to get licenses very low cost

Reply to
philo

You CAN turn off virtually all the spyware by doing a custom install (during upgrade) and answering NO to everything - and you CAN dissable the automatic upgrades/updates which will also prevent the darn thing from rebooting on it's own whenever it wants to.

Reply to
clare

I've had a lot of old windows machines run for over a decade without any maintenance too. The secret is to either keep themoff the internet or severely limit internet access.

Reply to
clare

My understanding was that with Win 10 there is no direct way to simply stop automatic updates like you can with previous versions of Windows. I have seen some people suggesting that you can do it by declaring whatever connection you have to the internet to be "metered", so the update agent won't do updates while using that link. That appears to be what I'd call a workaround, for now, at least.

Reply to
trader_4

The problem is that these kids are still in "primary school". So, they aren't likely to encounter other users -- nor the computers to which they have access at school, public libraries, etc. -- who can help them with non-Windows issues.

[One school district has standardized on Mac's; I don't deal with their students -- only so many hours in a day that I can share between *my* needs and those of charities :< ]

I typically have to address dozens of different make/models *and* somehow keep track of what I've done (so I can repeat the exercise when/if someone else donates an identical/similar machine!)

So, there's a lot of effort (i.e., my unpaid time) that is involved in researching each donation, chasing down the appropriate drivers (or, "restore disks" from the manufacturer), removing cruft that shouldn't be there (e.g., manufacturers often install "sample ware" that expires in 60/90 days and just proves to be a nuisance, thereafter; so, remove it BEFORE the student even encounters it!), configuring basic settings...

*Then*, tweeking the machine so the student can "self-restore" the image (even if the machine itself doesn't provide that option).

When I first started doing this, I naively expected the users to be somewhat competent and protective of their machine (freebie!). I quickly discovered that they were not! Machines would come back within a month, "broken": "I don't know what happened. It just stopped working!"

So, spend MORE time to discover that it's just loaded with spyware and malware. Carefully remove that -- trying to preserve their "user data" (as I would for a friend/neighbor).

And, see that same machine a few months later, etc.

I donate about 500 hours annually. So, every time I "repair" or "assist" someone, it means someone *else* doesn't get addressed. So, I want to be able to offload as much of the trivial support issues ("How do I install a new printer driver?") to other folks who *probably* can handle these things in their normal school venues.

But the students don't tend to have control over which applications their school system will want/require. I can install OpenOffice/LibreOffice as a productivity suite -- but, if everyone in the class is using MSOffice, then the instruction they receive will be inappropriate for *their* environment.

There's a good chance they're currently sleeping on a couch at a friend's family's residence. And, may be asked to move along soon enough. It's silly to throw yet another problem in their way... whether that problem is dealing with a non-Windows OS *or* a windows OS that will screw them over (in subtle ways).

Reply to
Don Y

There are places where non-profits (verified 501(c)3's) can get licenses for very *little* money (single digits). But, those places operate at the whim of the folks who

*donate* the licenses (e.g., MS). So, you're stuck with their terms...

Stick with Dells and licensing isn't usually a problem. OTOH, you're always at the mercy of drivers. And, the manufacturers AND MS have skin in that game -- wanting to move you along to the latest and greatest at all costs!

Of course! MS is late to the game. Billy Goates thought software was the product; but, in fact, the *users* are!

I'd seen notes that there were more tweeks required.

And, as everything between the user and the network connection is controlled by MS, there's nothing to say they can't simply

*ignore* that setting -- now or after you've installed something else!

I.e., I can install updates "offline" and KNOW that my machines will never "phone home" -- there's no way they can do that (no connection to outside networks). As I'm using them as "computers" and not "entertainment devices" or "media access points", I lose nothing by operating in this manner.

However, the students will almost assuredly WANT to be "online".

And, *I* would want them to get any "required" updates automatically without having to deal with seeing *all* of these machines again, every Patch Tuesday, etc.

FOSS options are simply impractical. Who do they call for help when something doesn't work? Can they turn to the student seated at the next desk and ask for assistance? Or, the teacher/assistant in the classroom?

What happens when they want to download a file-sharing application? Or, ?

Reply to
Don Y

Exactly. That's the approach I take with my machines. When you look through the various "updates", almost all are security related. There are obvious bugs that have persisted in XP that have never been addressed -- hard to believe when you see updates that, combined, are BIGGER than the OS!

For shared machines (and the "safe" laptops that I have here) I configure the system to discard any changes made to it at each reboot. So, one person can't muck with settings that will affect (shared) "User" next time. This also makes it harder for malware to take hold (if you regularly reboot/restore).

Reply to
Don Y

| You CAN turn off virtually all the spyware by doing a custom install | (during upgrade) and answering NO to everything

No, you can't. Read my links. It's intrusive by design. People would like to think they can fix it because that would make life a lot easier, but it's just not the case.

When you finish reading those links, here's another one that's even more surprising, from just a couple of weeks ago.

formatting link

Note the line:

"I have chosen the customized installation option where I disabled three pages of tracking options."

Over 5,000 calls out in 8 hours! There's been some criticism that that may be a high number because the author blocked the attempts to go out, so some may have been multiples. Even so, it tried to call out to numerous IPs after all available privacy options had been selected.

Reply to
Mayayana

| > You could install Linux, then give them Libre | > Office and Firefox. The problem there, though, | > is that they won't be able to do much else with | > it. And Linux support is terrible because there's | > constant version churn. | > | Once I had the Linux machines setup, I did not bother with updates or | new versions. Everything was fine. |

I guess it depends on what one does with it. I could imagine a scenario where I want to install new software or updates down the road. Since Linux is always a work in progress, no one cares about backward compatibility. So one updates program XYZ from v. 1.24.213 to v. 1.24.414 and it needs a dozen libraries replaced, because, for instance, libABC v. 2.463.654.22 is no longer good enough. The new program version was compiled with a dependency on libABC v. 2.463.654.24. At some point those kinds of dependencies will conflict with the Linux version.

It can be made easier by just allowing the software to go out and update itself, but then one ends up back in the same boat as with Windows: The whole idea of switching is to protect privacy and control of the system, yet now Linux wants to be allowed to go online and update things willy nilly.

I don't see any reason why I should enable anything through the firewall that I didn't initiate. The software is supposed to be doing what I tell it to do.... Which brings up another issue: Last I checked, there was no firewall available for Linux that provided outgoing block by process. The excuse offered by Linux fans was that Linux isn't creepy like Windows so you don't need outgoing block! Even if that were true, blocking outgoing is a good way to help avoid malware. And I see no reason to just trust not only the Linux distribution but also every other process that runs on a Linux box. Trustworthy means it doesn't ask or try to go online.

Backward compatibility has always been one of the best aspects of Windows. Software can easily be written today that runs on Win95 to Win10. It's even easier to write software that runs on Win2000 to Win10. Microsoft almost never breaks any documented API function, so if it worked on Win95 it can be depended on to work on Win10.

Reply to
Mayayana

As I said elsewhere, MS is controlling EVERYTHING in the box. They can do anything they want and you are powerless to prevent it or interfere with it -- if they so choose.

The "obvious" solution is an EXTERNAL firewall between the machine and the 'net -- something that MS *can't* control.

But, it's relatively easy to tunnel through most firewalls; especially for (relatively) low bandwidth connections. E.g., send a DNS request to resolve databeingpassed.microsoft.com and the registered name server for microsoft.com will *see* an incoming request to resolve "databeingpassed" *from* your IP. MS decides to resolve this as 127.127.127.127 (knowing that

*it* will be the entity "seeing" this information) and then interpreting it as "User not registered. Shut down system".

Of course, they can simply refuse to RUN unless they manage to get a phone call off to "home"! (So, you'd have to be able to have some other device that masquerades as MS -- no doubt using an encrypted technology -- to trick the OS into thinking that the call succeeded.)

Reply to
Don Y

| And, *I* would want them to get any "required" updates automatically | without having to deal with seeing *all* of these machines again, | every Patch Tuesday, etc. |

I wonder why you posted your question. You seem to already have formed opinions and gathered as much info as you want.

I would add, though, that I don't enable updates on any machines I handle. I install service packs. Beyond that very few updates are important and some will do damage. Unless you use MS Office, there's not much to update. If you don't use IE, even better. MS doesn't generally offer functionality updates. Just bug and security patches. If you don't use MS software online then you don't need security patches. You'd get those from Mozilla or whatever other company makes the software you use online.

If you're going to enable Windows Update then you're probably leaving your students to be tricked into Win10.

Reply to
Mayayana

I've not used Windows 10. I was hoping folks had first-hand experiences with it and could indicate why a student *would* want to run it instead of W7, etc. And, at the same time, identify issues that I (with no experience using it)

*or* a student (with little interest in the details) wouldn't notice.

Exactly. The last batch of machines I built were XP boxes. As ALL the updates were already released, I could safely install ALL of them and then remove the update mechanism (nothing new to be gained with it).

But, moving to a more current OS -- especially one that WANTS to go poking around in your box -- means you have little practical choice in the matter.

I can remove the executables so the updates never happen. But, that means any hardware that is received as a donation must have driver support for the older OS's.

This is a losing proposition; over time, the machines that are available as donations will NOT have support for older OS's thereby forcing newer OS's to be deployed.

I.e., the machines being manufactured today will be available as donations in 2-3 years. Look at today's offerings and see how far back OS support goes.

By the same token, machines seen as donations today were manufactured 2-3 years ago. The "Windows Option" becomes increasingly difficult to be presented as a *choice* ("use THIS version of Windows, or nothing")

Reply to
Don Y

Getting right to the point, the people I worked with were mentally disabled, so if they could figured things out without a problem I bet the kids you deal with could too.

The learning curve going (for example) from XP to Win8

Is considerably higher than in going to Linux.

I put the stuff they needed, such as an Internet browser and they just got right to work.

Maybe you should just set a machine up with a simple distribution such as Puppy Linux ...and see how it goes.

Reply to
philo

Sure, but the machines I setup were used almost exclusively for Internet and the only problems were when hardware would fail.

The machines were rather old.

Reply to
philo

| Exactly. The last batch of machines I built were | XP boxes. As ALL the updates were already released, | I could safely install ALL of them and then remove | the update mechanism (nothing new to be gained with it). | | But, moving to a more current OS -- especially one that | WANTS to go poking around in your box -- means you have | little practical choice in the matter. |

?? I have two Win7 computers. I don't enable Windows Update on either one of them. I use XP for getting things done. My main Win7 box is the sacrificial lamb for enabling javascript online. I put AV on that one, for good measure, but disable most services, including Windows update. It's simply not needed.

| > If you're going to enable Windows Update then | > you're probably leaving your students to be tricked | > into Win10. | | I can remove the executables so the updates never happen. | But, that means any hardware that is received as a donation | must have driver support for the older OS's. |

What's that got to do with enabling Windows Update? If you get a computer that you want to put Win7 on, you go online and get drivers for the hardware. If there are no drivers then so be it. Enabling Windows Update won't help with that.

Reply to
Mayayana

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.