Updated: November 4, 2015
In general, I am not too worried about privacy or security. I find these topics to be hugely blown out of proportions by the mass media, as a means of generating fear, controversy and clicks. However, recently, after the GWX thingie, even I started thinking a bit more about Windows updates and patches.
Once trust is broken, it is very hard to heal. And so now I am carefully screening through each and every patch in the Windows Update screen. Which made me think, and finally, compile this article. If you want to know what you should do to minimize your exposure to operating system upgrades, i.e. Windows 10, telemetry tracking, and other bits and pieces, please read on.
Note: Image taken from Wikimedia, licensed under CC BY-SA 3.0.
Introduction
Yes, it started with that GWX upgrade prompt on my Windows 7 boxes. And now, we will expand. This tutorial will focus on Windows 7 and Windows 8.1, namely the two current Windows versions that are eligible for the one-year free upgrade to Windows 10. If you do not want to do this, you may find this guide useful.
Moreover, there's been a lot of talk around Windows Customer Experience Improvement Program (CEIP), and how telemetry data is used to track people, and hand in hand with the privacy guide I've written for Windows 10, plus the old rumor about Windows 10 keylogging, things become sort of troubling.
The reality is not as grim, but it can be very difficult to grasp. If you go about the Web, people will start quoting various patches, KB3068708, KB2952664, KB3035583, and it becomes confusing. So let me show the simple way of how you can manage all the chaos.
Telemetry
Let's start with this one. First of all, Microsoft is NOT collecting any data from your systems unless you explicitly opt-in into the CEIP. This is a voluntary step that you need to do on your host, and if you've never done that, it's never happened.
The confusing part is that the different pieces related to the CEIP, namely half a dozen different scheduled tasks, run every day, even if the data is then simply stored and not send anywhere. The data in hand is anonymous system metrics. However, there is nothing technically preventing Microsoft from altering its policy, collection methods, data points, or else, and with the trust relationship in shambles, you may have a big concern.
Upgrades to newer versions (Windows 10)
If you don't want Windows 10, then the simple way to make sure this does not happen is to install an update that lets you configure an OS upgrade disablement policy. The relevant patches include KB3050265 for Windows 7 and KB3050267 for Windows 8.1. Install them, then reboot.
After reboot, you can set a group policy in the Pro or Ultimate version or a manual registry tweak in either one version of your operating system. The tweak goes as follows, and it will prevent Windows from offering any OS upgrades. This is essentially an enterprise feature ported for home use.
Launch gpedit.msc. Then, go to Computer Configuration > Administrative Templates > Windows Components > Windows Update, double-clicking Turn off the upgrade to the latest version of Windows through Windows Update, and then clicking Enabled.
The registry change that corresponds to the above is as follows. In regedit, navigate to HKLM\SOFTWARE\Policies\Microsoft\Windows. Create a new key called WindowsUpdate. Inside, create a new DWORD and call it DisableOSUpgrade. Then set its value to 1.
Windows Updates tweaks
To prevent future hassles and problems, you should consider changing your Windows Update policy. I've always claimed automatic updates are dangerous, and this remains true in this year and decade. For example, even if you kill GWX but keep automatic updates in place, you may end up with Windows 10 stuff on your disk.
My recommendation is to use the notify option. Furthermore, you should not have recommended updates given the same way as important ones, as this makes filtering more difficult. You should always image your system before running an update session, and hide those pesky updates, so they don't keep coming back.
More reading
Here, you will find several rather thorough and somewhat paranoid guides on the same topic. Not written but me, so exercise some caution and prudence, but essentially, they go into details on each of these two topics, including rigorously uninstalling updates related to any telemetry, diagnostics and, of course, future upgrades.
I don't think you should be uninstalling as much, but if you must, then the original patch for GWX, KB3035583 is probably enough. If you are willing to risk it, and please back your data up and have system images in place FIRST, then you may also consider these: KB2952664, KB2990214 and KB3044374. Anyhow, the reading material:
Removing telemetry from Windows 7 and Windows 8.1
How to avoid being upgraded against your will
Stop Windows telemetry/tracking
Conclusion
Do you know what's ironic about all this? Even with this new aggressive push, Microsoft is still less privacy intrusive than its rivals. Yes, you're getting fresh crap, so you are not used to it, and sure, on the desktop, the tolerance for this mobile diarrhea is much less, and for a good reason, but it's not as bad as what the competitors do.
So there we are. Things are not as sinister as you may think. All of the problems you may face on these three topics can indeed be resolved by three actions: opt-in/out for CEIP, disabling OS upgrades, and finally changing the Windows Update policy. That's it. Now, the one thing you should be worried about is, none of this existed ten years ago. The techno landscape is changing. In ten years, avoiding pervasive tracking, telemetry and forced idiocracy will become even more difficult. The answer is, Linux. Think about it.
Cheers.