The best advice I’ve seen on reducing the effect of snooping patches that may already be installed on your machine comes from ch100, who recommends you first turn off the Customer Experience Improvement Program (CEIP).
Step 3.1. Click Start > Control Panel > Action Center.
Step 3.2. Under Related settings, choose Customer Experience Improvement Program settings.
Step 3.3. Choose No, I don't want to participate in the program, then click OK.
You can find details in any of my Windows 7, 8, or 8.1 books.
Then ch100 recommends you specifically uninstall three patches: KB 2952664 (or its Win 8.1 doppelganger KB 2976978), KB 3150513, and KB 3021917. Those patches are worth uninstalling because they seem to circumvent the CEIP setting. There’s a reason why those three patches don’t appear in the Win 7 “SP2” convenience rollup, released in May.
In short, for Group B, turn off Automatic Update, turn off CEIP, uninstall KB 2952664 (or KB 2976978), KB KB 3150513, and KB 3021917.
The next step
The actual process of updating is going to get a bit complicated over the next few months, not only because of the Group A/Group B distinction, but also because other patches -- .Net, IE, Flash -- will dribble out at undefined times.
Those in Group A who submit to automatic updating will have an easy time of it: Windows Update will kick in, like it always has, and install all the patches. If there’s a bad patch that kills something -- we seem to have those almost every month -- then the fix will likely arrive in the next month’s patches.
Those in Group A who want to wait to see if anything blows up before they install updates will have a slightly more difficult task. They need to wait until they’re comfortable applying the latest updates (watch the news on Woody on Windows and on AskWoody.com), then simply run Windows Update manually:
Step 1. Click Start > Control Panel > System and Security; under Windows Update, click Check for Updates.
Step 2. Don’t change anything -- don’t check or uncheck any particular update, don’t change any of your settings.
Step 3. Click Install updates. Windows will probably restart, so roll with the tide.
Those in Group B will have to check for new updates from time to time (again, look on Woody on Windows or on AskWoody.com), and when the Security-only Update has been tested by Group A, they’ll have to download the Update from the Windows Update Catalog.
At the moment, the Windows Update Catalog is a 1990s-vintage mess. With its dependence on Microsoft-proprietary ActiveX controls, it’s hard to get anything out of the Update Catalog unless you’re using Internet Explorer. Microsoft promises it’ll be fixed soon. Once Microsoft has straightened it out, I’ll update this post with step-by-step instructions. In the interim, you can get into the Windows Update Catalog using any browser, but the method’s convoluted -- and it isn’t clear what you should search for.
Sign up for CIO Asia eNewsletters.