Almost all WannaCry victims were running Windows 7

Hi,
To be more clear using these settings and only installing the Real Important updates will be just fine so no worries

The WannaCry cretins who chose to infect systems with ransomware were not choosing a specific Windows system to infect. They released their malware to take advantage of SMB facing systems, especially those with lots of endpoints. Those being primarily Enterprise and Government Windows systems of all stripes (XP, W7,8 and 10). It should be noted that very few Home users were infected with WannaCry ransomware.

Security labs later determined that XP systems were harder to infect using the NSA exploit. Enterprise and Government systems currently use W7 (over 80%) and the fact that SMB1, 2 and 3 are all enabled by default meant that they would be hit. Some XP and some W10 systems were also hit.

The IT pros who had already installed the March security updates fared the best. Large organizations take a long time to install updates so it is unfair to lay the blame at their feet. MS released a special patch for XP systems (gratis) in April and it was labelled critical. It was a good business decision.

The security patch that MS sent out in March will protect Home Users from WannaCry on W7, but it would be better if they also disabled SMB1. If you are a novice, don't get your knickers in a knot as MS will/may disable it for you in a future patch (hopefully June). If they do this, a user who really needs SMB1, would have to enable it. This should have been done a long time ago (unfortunately, MS had its head in the clouds).

There is no guarantee that the March patch will protect us all from what will come. There are numerous malware campaigns underway using the NSA exploits. Some have already been identified and Microsoft and security companies have yet to step up to those. The bad guys are mostly organised crime gangs, state sponsored hackers or individuals (useful idiots or scum). Their motives are both monetary and political. Treat them with the disdain they deserve. Don't pay a ransom.

Everything I have read, plus the experience on my two system, Windows 7 updates is no longer pushing W-10.

Big companies take a little longer to install updates for a good reason.
With the record of the last year with Windows 7 updates, these companies want to make sure of all updates before applying the updates on thousands of computers.
I can't blame them. I test updates on one of my computers for a while before I install them on the others.

A company the size of 'UPS' has thousands of computers. One bad update has the possibility of shutting them down.

The trust we had in Microsoft has dwindled in the past year.

Jack

michael diemer said:

Based on what Thrash said, I just ran Update using his settings, and installed the updates. At first I got an error, but it was installing other updates, and did successfully complete the rest. I restarted and it found and installed one more update.

My GWX Control Panel is saying I have no unwanted updates, but its version is from April 2016. Should I update it, or at this point can I safely assume that updating W7 according to the Thrash's settings (search for updates but let me decide; install all important updates) are safe and Windows 10/telemetry free?

You can get rid of GWX altogether. WU on Win7 works as it did before the Win10 push. In fact the recommended update https://support.microsoft.com/en-us/kb/3184143 will "Remove software related to the Windows 10 free upgrade offer".

I have a dozen Win7 Pro and a couple of Home Premium installs. Update works as it is supposed to (and they actually fixed the problem with wu hanging and running continually last summer (I believe it was in the June update).

kb/3184143 works for me on two systems.

Jack

ESET released a tool to check if your system is vulnerable to WannaCry ransomware.

Info and download: ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure Windows vulnerabilities are patchedESET Knowledgebase