BlockWindows icon indicating copy to clipboard operation
BlockWindows copied to clipboard

Published 20 hours ago verified publisher icon WindowsLies

Some issues with this set of scripts...

Open SoftwareGuy opened this issue 10 years ago • 9 comments

Okay, I see some issues here:

  1. Why are we blocking every address from microsoft? Doesn't this break Windows Update? Couldn't we just block the known ones that spy, and have a option to give the user "basic" protection, and "advanced" protection?
  2. What if the user has a outlook.com email address? They won't be able to access outlook.com to check their emails? Additionally, what if the end-user needs to access the Microsoft website to check out something on it?
  3. Does the route command only block the OS-level communication? If you access websites via Chrome for example, it'll work fine?
  4. We need an uninstall batch file to undo the changes that this kit does.

That's pretty much the major questions I have. Cheers!

SoftwareGuy avatar Sep 04 '15 00:09 SoftwareGuy

It does seem to break Windows Update entirely, which is it's own security hole.

I have a suspicion that the firewall rules are mostly unhelpful for the phone-home behaviour since they're hard-coded.

acook avatar Sep 05 '15 06:09 acook

It doesn't disable the Windows Update service, but I can no longer check for updates after running it.

I ran the Windows Update troubleshooter and you can see what (little) it has to say here:

2015-09-05 01_11_21-windows update

acook avatar Sep 05 '15 06:09 acook

Good to know. We need to be more transparent about what exactly this kit does, if it's going to break Windows Update then this is a gaping hole and the author might get a lot of flak because "I used your kit and I got hacked!", etc.

I can confirm on Windows 7 that I edited the script to NOT block the hosts via route commands, and everything else seems to be OK. Windows Update seems to be working alright and no other ill side-effects.

SoftwareGuy avatar Sep 05 '15 23:09 SoftwareGuy

Windows 7 here on 2 computers, it works perfectly fine but I did had to go back to Windows Update and install the "Windows Update Software" because I still want the new security updates that will be released in the future. Then I also had to click the check for updates a few times and hide unwanted windows update because the script doesn't hide all of the updates that it uninstall.

Zurd avatar Sep 06 '15 17:09 Zurd

I removed host blocking from main script. Now hosts2.bat blocks hosts through firewall.

As far as I know, all targeted updates get hidden with this script, no issues. If you know what's stopping windows updates, let me know, I'll fix it.

If some are not being hidden, please say which ones. Think some KB's shouldn't be blocked? feel free to elaborate, and say why. I'm open to any changes and critiques.

WindowsLies avatar Sep 07 '15 23:09 WindowsLies

@WindowsLies it could be the fact that you block fe2.update.microsoft.com.akadns.net, sls.update.microsoft.com.akadns.net, and their non-akadns.net counterparts.

cmouse avatar Sep 13 '15 18:09 cmouse

Disabled those addresses in hosts2.bat. Will it update now?

WindowsLies avatar Sep 14 '15 05:09 WindowsLies

It worked absolutely fine here on 4 different Windows 7 computers. Update still functions. Outlook email can still be accessed. As Zurd notes, it's worth double checking that the updates specified in the batch file are indeed hidden next time you run Update. Oh look. some FUD in the issues page... I wonder why

Fluffkin avatar Feb 02 '16 09:02 Fluffkin

Any update that has multiple releases under same KB article is not hidden by the script. It reports update as hidden, and indeed there's at least one version of it hidden already, but new (older) version will emerge to take place of the hidden update.

AnrDaemon avatar Feb 19 '16 20:02 AnrDaemon