5,606,201 Members 33,014 Now Online
XDA Developers Android and Mobile Development Forum

[PSA] Disable Automatic Updates (Howto included)

Tip us?
 
clrokr
Old
#1  
Member - OP
Thanks Meter 53
Posts: 69
Join Date: Aug 2009
Exclamation [PSA] Disable Automatic Updates (Howto included)

Hi guys!

Microsoft said this to The Verge recently:
Quote:
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.
So fire up regedit, go to
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
and set the DWORD AUOptions to 0x00000000.

Only do this if you want to run unsigned apps!

Stay safe!
clrokr
The Following 10 Users Say Thank You to clrokr For This Useful Post: [ Click to Expand ]
 
GoodDayToDie
Old
#2  
Recognized Developer
Thanks Meter 2484
Posts: 5,310
Join Date: Jan 2011
Location: Seattle
For those who prefer do-it-for-me solutions, with the ability to roll back, have a pair of .REG files. The "Default" one I taken from my Surface before applying this tweak. The "Disabled" one sets the reg value as above.

@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Attached Files
File Type: zip AutoUpdateSetings.zip - [Click for QR Code] (626 Bytes, 1341 views)
Win8/Windows RT projects:
List of desktop apps for hacked RT devices

WP8 projects:
Native Access WebServer and Libraries
WP8 Interop Unlocks
Storage Cleanup tool

WP7 projects:
XapHandler, Root Webserver, OEM Marketplace XAPs, Bookmarklets collection (Find On Page), Interop-unlock hacks.


Do not private message me with questions that should have been posted on the forum! Not only are you wasting your time - I'm not going to bother writing an answer to such a question for only one person - but I will probably block you from PMing me in the future as well.
The Following 5 Users Say Thank You to GoodDayToDie For This Useful Post: [ Click to Expand ]
 
clrokr
Old
#3  
Member - OP
Thanks Meter 53
Posts: 69
Join Date: Aug 2009
Quote:
Originally Posted by GoodDayToDie View Post
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Wow, I'm flattered. Also, thanks for the reg files!
 
netham45
Old
#4  
Recognized Developer
Thanks Meter 520
Posts: 858
Join Date: Jun 2009
Location: Denver

 
DONATE TO ME
Quote:
Originally Posted by GoodDayToDie View Post
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Seconded.

As far as MS's quote goes, I'm not 100% sure they will be setting out to patch it, but it's still a good idea to disable Windows Update anyways. They may be able to store some sort of cert blacklist in the UEFI that will block the executables required for this, even after a reinstall.
Don't PM me for help, post on the forums. I won't respond to basic questions.

I wrote and maintain the jailbreak scripts for Windows RT.

Tablet: Microsoft Surface RT 32GB, Type Keyboard
Phone: Samsung Galaxy Note III

Helpful Windows RT Links:
Windows RT Jailbreak Tool
List of ported apps
Disabling Windows Update
The Following User Says Thank You to netham45 For This Useful Post: [ Click to Expand ]
 
windowsrtc
Old
(Last edited by windowsrtc; 9th January 2013 at 04:54 PM.)
#5  
Member
Thanks Meter 31
Posts: 94
Join Date: Nov 2012
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
 
clrokr
Old
#6  
Member - OP
Thanks Meter 53
Posts: 69
Join Date: Aug 2009
Quote:
Originally Posted by windowsrtc View Post
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
The Following User Says Thank You to clrokr For This Useful Post: [ Click to Expand ]
 
GoodDayToDie
Old
#7  
Recognized Developer
Thanks Meter 2484
Posts: 5,310
Join Date: Jan 2011
Location: Seattle
Note: just because automatic updates are disabled doesn't mean you should ignore Windows Update. Quite the opposite, in fact, since this hack makes malicious exploits easier too. Just be very careful which patches you install.
Win8/Windows RT projects:
List of desktop apps for hacked RT devices

WP8 projects:
Native Access WebServer and Libraries
WP8 Interop Unlocks
Storage Cleanup tool

WP7 projects:
XapHandler, Root Webserver, OEM Marketplace XAPs, Bookmarklets collection (Find On Page), Interop-unlock hacks.


Do not private message me with questions that should have been posted on the forum! Not only are you wasting your time - I'm not going to bother writing an answer to such a question for only one person - but I will probably block you from PMing me in the future as well.
The Following User Says Thank You to GoodDayToDie For This Useful Post: [ Click to Expand ]
 
windowsrtc
Old
#8  
Member
Thanks Meter 31
Posts: 94
Join Date: Nov 2012
Quote:
Originally Posted by clrokr View Post
No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
 
netham45
Old
#9  
Recognized Developer
Thanks Meter 520
Posts: 858
Join Date: Jun 2009
Location: Denver

 
DONATE TO ME
Quote:
Originally Posted by windowsrtc View Post
so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
The UEFI is currently the only thing capable of flashing a new UEFI, and it checks the signatures on any new UEFIs it flashes.

The only real way you could do it without relying on a signature check would be to open the tablet and solder onto the NAND directly.
Don't PM me for help, post on the forums. I won't respond to basic questions.

I wrote and maintain the jailbreak scripts for Windows RT.

Tablet: Microsoft Surface RT 32GB, Type Keyboard
Phone: Samsung Galaxy Note III

Helpful Windows RT Links:
Windows RT Jailbreak Tool
List of ported apps
Disabling Windows Update
The Following 2 Users Say Thank You to netham45 For This Useful Post: [ Click to Expand ]
 
GoodDayToDie
Old
#10  
Recognized Developer
Thanks Meter 2484
Posts: 5,310
Join Date: Jan 2011
Location: Seattle
Oh, there might be a JTAG port you could use... but yeah. Short of opening up the device (which the Surface, at least, is definitely not designed to support) there's not supposed to be any way to flash an unsigned firmware.

Also, the signature keys are probably stored in a TPM, so mucking with them isn't a practical option either if the EFI doesn't have a way to do it (which it doesn't).
Win8/Windows RT projects:
List of desktop apps for hacked RT devices

WP8 projects:
Native Access WebServer and Libraries
WP8 Interop Unlocks
Storage Cleanup tool

WP7 projects:
XapHandler, Root Webserver, OEM Marketplace XAPs, Bookmarklets collection (Find On Page), Interop-unlock hacks.


Do not private message me with questions that should have been posted on the forum! Not only are you wasting your time - I'm not going to bother writing an answer to such a question for only one person - but I will probably block you from PMing me in the future as well.

The Following User Says Thank You to GoodDayToDie For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes