Some issues with this set of scripts...

[SoftwareGuy]

Okay, I see some issues here:

1. Why are we blocking every address from microsoft? Doesn't this break Windows Update? Couldn't we just block the known ones that spy, and have a option to give the user "basic" protection, and "advanced" protection?
2. What if the user has a outlook.com email address? They won't be able to access outlook.com to check their emails? Additionally, what if the end-user needs to access the Microsoft website to check out something on it?
3. Does the route command only block the OS-level communication? If you access websites via Chrome for example, it'll work fine?
4. We need an uninstall batch file to undo the changes that this kit does.

That's pretty much the major questions I have. Cheers!

[acook]

It does seem to break Windows Update entirely, which is it's own security hole.

I have a suspicion that the firewall rules are mostly unhelpful for the phone-home behaviour since they're hard-coded.

[acook]

It doesn't disable the Windows Update service, but I can no longer check for updates after running it.

I ran the Windows Update troubleshooter and you can see what (little) it has to say here:

[SoftwareGuy]

Good to know. We need to be more transparent about what exactly this kit does, if it's going to break Windows Update then this is a gaping hole and the author might get a lot of flak because "I used your kit and I got hacked!", etc.

I can confirm on Windows 7 that I edited the script to NOT block the hosts via route commands, and everything else seems to be OK. Windows Update seems to be working alright and no other ill side-effects.

[Zurd]

Windows 7 here on 2 computers, it works perfectly fine but I did had to go back to Windows Update and install the "Windows Update Software" because I still want the new security updates that will be released in the future. Then I also had to click the check for updates a few times and hide unwanted windows update because the script doesn't hide all of the updates that it uninstall.

[WindowsLies]

I removed host blocking from main script. Now hosts2.bat blocks hosts through firewall.

As far as I know, all targeted updates get hidden with this script, no issues. If you know what's stopping windows updates, let me know, I'll fix it.

If some are not being hidden, please say which ones. Think some KB's shouldn't be blocked? feel free to elaborate, and say why. I'm open to any changes and critiques.

[cmouse]

@WindowsLies it could be the fact that you block fe2.update.microsoft.com.akadns.net, sls.update.microsoft.com.akadns.net, and their non-akadns.net counterparts.

[WindowsLies]

Disabled those addresses in hosts2.bat. Will it update now?

[Fluffkin]

It worked absolutely fine here on 4 different Windows 7 computers. Update still functions. Outlook email can still be accessed. As Zurd notes, it's worth double checking that the updates specified in the batch file are indeed hidden next time you run Update. Oh look. some FUD in the issues page... I wonder why

[AnrDaemon]

Any update that has multiple releases under same KB article is not hidden by the script. It reports update as hidden, and indeed there's at least one version of it hidden already, but new (older) version will emerge to take place of the hidden update.