Technical Details, Version History, Etc.

What it does . . .
The first thing Never10 does upon starting is verify that it's running on a non-Enterprise edition of either Windows 7, 8, or 8.1. Those are the only versions of Windows that qualify for automatic upgrading through the Windows Update facility.

If the edition and version of Windows qualifies, it then checks the file version of the Windows Update AutoUpdate Client wuauclt.exe located in the Windows system directory. For Windows 7, the wuauclt.exe version is compared against [7.6.7601.18971]. For Windows 8.x, the wuauclt.exe version is compared against [7.9.9600.17930]. In either case, those are the versions of the respective July 2015 updates to Windows Update which added the ability to disable the GWX (Get Windows 10) group policy and registry settings.

If the currently installed version of Windows update has a lower version, Never10 notifies its user that Windows Update must be updated to be able to disable automatic OS upgrading. When the user understands and instructs Never10 to update Windows Update, it chooses among one of four files for Windows 7 or 8 and 32 or 64 bits, downloads the proper file from Microsoft's Windows Update server, and runs the standalone installer to update Windows Update. This never seems to require a reboot.

Never10 manipulates the values and security permission settings of the following two registry keys: When Never10 disables automatic OS upgrading, the following actions are taken:
  1. Under the Gwx key, which will be created if it doesn't yet exist, the 32-bit DWORD value “DisableGwx” is created and set to 1.
  2. Under the WindowsUpdate key, the 32-bit DWORD value “DisableOSUpgrade” is created and set to 1.
When Never10 enables automatic OS upgrading, the following actions are taken:
  1. Under the Gwx key, the 32-bit DWORD value “DisableGwx” is deleted.
  2. Under the WindowsUpdate key, the 32-bit DWORD value “DisableOSUpgrade” is deleted.

To verify the current state of a system's OS Upgrade status, Never10 verifies that both keys have their respective disabling values set to 1. If either value is missing or not set to 1, Never10 will report that OS updating is enabled.

If the hidden $WINDOWS.~BT subdirectory exists, Never10 recursively explores the entire Windows 10 pre-download file set counting items and summing the number of bytes consumed. The user interface will show the total size of storage being consumed and provide a one-button file deletion option.

 . . . and why

The GWX Control Panel (an early popular solution at 2.4 megabytes) was a useful first step. But it was wrong in too many ways. Its design and operation seemed ill suited to the simple task of preventing upgrades to Windows 10. It was confusing and offered an array of actions, options and status reports, when all anyone really wanted was simply for Windows to not upgrade itself and to leave us alone. Instead, the GWX Control Panel makes itself the center of attention. It needs to be “installed”, is resident and persistent afterward, and it pops up all the time to tell us what a great job it's doing... which is exactly the kind of nonsense most people are fed up with in this era where “your attention” is what commercial interests all want to obtain more of. But more than anything, none of that was necessary . . .

Microsoft's Knowledgebase article 3080351 titled “How to manage Windows 10 notification and upgrade options” revealed that an available July 2015 update to Windows Update contained built-in provisions for disabling OS upgrades. This made it immediately clear that was the right way to solve this problem. So back on January 13th, 2016, I created a “bitly” shortcut to that Microsoft knowledgebase page (bit.ly/no-gwx) which explained how to do this, and began promoting that “correct,” minimal and sufficient way to disable Windows OS upgrading on my weekly Security Now! podcast.

The trouble was, Microsoft did not make this easy. In fact, it was down right user-hostile. It required using the Windows Group Policy editor, which is not even present on lower-end Windows editions which were eligible for OS upgrading. Or it required manually creating keys and values in the Windows registry, which is fraught with danger if the wrong button is pressed.

For several months I resisted the temptation to steal time from other projects to fix this. But the GWX Control Panel was so annoying that I finally removed it from the one Win7 machine it was “protecting.” And the final straw occurred when two non-computer-savvy friends were “upgraded” from Windows 7 against their wishes and became a bit hysterical over what had happened to the computer they had finally learned to use.

So, Never10 was born.

In testing the effects of using Microsoft's own documented “switch settings,” I was very impressed to discover that setting them to “disabled” would even cause the GWX subsystem to delete the 6 gigabytes of Windows 10 upgrade files it might have already pre-downloaded. This means that although Never10 does not explicitly remove that massive, sometimes-downloaded blob, it will cause the same agent that downloaded it to delete it, which is perfect.

There have been unsubstantiated and imprecise rumors of Windows upgrading even if users were using something to inhibit or prohibit that from happening. Some claimed that Microsoft was re-enabling something that was disabled. But we've never had any details. While it's certainly possible, my guess is that people were manually avoiding and “hiding” the evil 3035583 update titled: “Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1”. The trouble is that “hiding” Windows updates is very soft protection. The Windows Update hiding system does not work reliably. Things that Microsoft wants you to have tend to reappear unbidden and they are very easy to miss.

This is why, unlike the GWX Control Panel, Never10 makes no attempt to prevent the GWX technologies from entering the user's system, nor of removing them if they are present. That's an uphill battle which requires vigilance and constant monitoring, and it's unnecessary. The GWX components occupy less than 32 megabytes in the /Windows/System32/GWX directory. You can go visit them if you're curious. So long as the proper registry settings are in place to hold them at bay and keep them disabled, they will cause no trouble and they occupy almost no storage space.

So, yes. Never10 is relying upon Microsoft to obey their own provided settings, which they created a special update to Windows Update to provide. And they buried those settings where no “regular user” would ever find them. Corporations the world over are relying upon those settings to prevent unwanted upgrading of their existing systems. There is just no chance that Microsoft would ever choose to deliberately bypass the express desire of their users by ignoring their own registry settings. It's not impossible, but it'll never happen.

What about Group Policy? The “How to manage Windows 10 notification and upgrade options” knowledgebase 3080351 page mentions that Windows OS upgrading can also be applied through Windows group policy settings. I have verified that enabling the setting to disable Windows OS upgrading through the group policy editor simply sets the DisableOSUpgrade value of the WindowsUpdate key. So group policy is merely another way of achieving the same thing that Never10 does, though through the enforcement of group policy.

Never10 Version History

A final note: I'm a bit annoyed that “Never10” is as large as it is at 85 kbyte. The digital signature increases the application's size by 4k, but the high-resolution and high-color icons Microsoft now requires takes up 56k! So without all that annoying overhead, the app would be a respectable 25k. <g> And, yes, of course I wrote it in assembly language.


The question we are most asked is how to switch over to using Never10 from the GWX Control Panel. The best answer is to simply uninstall the GWX Control Panel from the system and then run Never10 once to set the OS upgrade system to DISABLED. Then you can leave the 81k app around, or delete it and grab it later if you ever change your mind.

Never 10

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Jun 26, 2016 at 11:32 (271.23 days ago)Viewed 72 times per day