How Microsoft copied malware techniques to make Get Windows 10 the world's PC pest

The Register ^ | Mar 17, 2016 | Andrew Orlowski

[dayglored]

Note: I've posted numerous threads on the "Get Windows 10" nagware situation, and almost passed this one up -- but it's far and away the best I've seen, most complete, and most likely to be accurate. So have at it... - dayglored

Subtitle: Here's how to nuke this persistent menace

Microsoft uses techniques similar to aggressive malware to promote its “Get Windows 10” offer.

As many readers have discovered, the persistent and constantly changing methods Microsoft uses to continually reintroduce its “Get Windows 10” tool, or GWX, onto computers means it’s extremely difficult to avoid.

Windows users who decline to use it find it is repeatedly reintroduced. The language of the counter-malware industry is more appropriate than the language of enterprise IT for GWX.

GWX subverts a channel intended for one purpose (security hotfixes) for another (advertising); it changes its “attack vectors”, it “conceals itself” kinda like a rootkit; it uses “polymorphic” techniques; and it consistently overrides users' actions and permissions.

Much of the attention in the tech press on combatting GWX has been has focused on eliminating the work of one patch, KB3035583, which constantly reappears on users' PCs, even after removal. However, an investigation shows that ‘583 is a symptom, rather than the cause, of recurring GWX infestations.

The ‘583 patch is most commonly reinstalled by another patch, KB2952664. Once ‘664 is on a system, '583 will be requested for download and installation. Getting rid of, and thereby controlling, '664 could be the key to controlling the sophisticated "Get Windows 10" nagware network.

[catnipman]

“Same here ,, only (tiny) glitch ... on the update remover I just hit enter at the “reboot now” prompt and the script assumed a “Y” when I wanted to wait and reboot later”

thanks for the feedback. i’ll look into it.

[867V309]

Thanks for your help.

[2 Kool 2 Be 4-Gotten]

This is like a guy who uses roofies on women bragging that he beds down a lot of women. Windows 10 is basically date rape.

---

Agree.

[MarkL]

FWIW, I've done it on a Dell Laptop. I didn't want to use the Dell installed system, thanks to having all sorts of crap on it, so I downloaded an ISO from MS and then manually downloaded all the drivers I needed from Dell (again, the Belarc Adviser is wonderful for letting you know what HW and drivers are installed, as well as your product keys) so I could do a really clean installation.

Mark

[catnipman]

“Same here ,, only (tiny) glitch ... on the update remover I just hit enter at the “reboot now” prompt and the script assumed a “Y” when I wanted to wait and reboot later.. I saved the output file from the regedit showing the flag change for disallowing an upgrade in case they get nasty and make these updates “critical”.”

i fixed it.

thanks for the feedback!