Turn Off windows 10 auto update

Windows 10 software updates install on your device automatically (whether you like it or not), but this guide can help you retake control and decide when to install them.

On Windows 10, you no longer have absolute control over software updates. They're mandatory, and they download and install automatically to ensure your device stays up to date with the latest security patches and improvements. This approach is convenient for many users, but it's not one that everyone wants.

If you're running Windows 10 Pro or higher, it's possible to retake control and prevent the OS from downloading and installing updates automatically using the Local Group Policy Editor or the Registry.

In this Windows 10  we'll walk you through the steps to prevent updates from automatically installing on your computer.

We can block it using group policy editer and registry edit

Here's how to change the Local Group Policy Editor settings:

Use the Windows key + R keyboard shortcut to open the Run command.
Type gpedit.msc and click OK to open the Local Group Policy Editor.

Browse the following path:

Computer Configuration\Administrative Templates\Windows Components\Windows Update

On the right side, double-click the Configure Automatic Updates policy.

·       

o   

§  On the left side, check the Enabled option to enable the policy.

§   

§  Under Options, you'll find a number of ways to configure automatic updates, including:

o   

§  2 - "Notify for download and notify for install."

§  3 - "Auto download and notify for install."

§  4 - "Auto download and schedule the install."

§  5 - "Allow local admin to choose setting."





You should select the update option you want to configure. If you select option 4, you can specify exactly when to install new updates. You can also choose to install updates during automatic maintenance, on a particular day and time, and you can even check the option to include other Microsoft product updates when updating the OS.

1.                                                          Click Apply.

2.                                                          Click OK to complete the task.

While you can pick from any of the available options, your best choice is probably 2 - Notify for download and notify for install. This option will not only prevent the OS from downloading updates automatically, which can save you data when using a metered internet connection, but you'll get a notification when new updates are available.

When new updates are released, you'll receive a notification in Action Center, but updates won't download and install until you're ready and do the following:

3.    Open Settings.

4.    Click on Update & security.

5.    Click on Windows Update.

6.    Click the Download button.

 How to prevent automatic updates using the Registry

Instead of using the Local Group Policy Editor, you can also change the Windows 10 updates using the Registry.

Important warning: Editing the registry is risky, and it can cause irreversible damage to your installation if you don't do it correctly. It's recommended that you make a full backup of your computer before proceeding.

1. Use the Windows key + R keyboard shortcut to open the Run command.

2. Type regedit, and click OK to open the Registry.

3. Browse the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

4.Right-click the Windows (folder) key, select New, and then click Key.
5. Name the new key WindowsUpdate and press Enter.
6.Right-click the newly created key, select new, and click Key.
7.Name the new key AU and press Enter.
8.Inside the newly created key, right-click on the right side, select New, and click on DWORD (32-bit) Value.
9.Name the new key AUOptions and press Enter.
10.Double-click the newly created key and change its value using one of the following options:

o   2 - "Notify for download and notify for install."

o   3 - "Auto download and notify for install."

o   4 - "Auto download and schedule the install."

o   5 - "Allow local admin to choose settings."

11.      Click OK.

12.      Close the Registry to complete the task.

Although you can use any of these available values, your best choice is to change the value to 2 to configure the "Notify for download and notify for install" option. Using this value prevents Windows 10 from downloading updates automatically, and you'll get a notification when new updates are available.

After tweaking the Registry, when new updates become available, you'll receive a notification in Action Center, but updates won't download and install until you're ready and do the following:

1.             Open Settings.

2.             Click on Update & security.

3.             Click on Windows Update.

4.              Click the Download button.

5.             Click the Restart button to complete the task.

Wrapping things up

The steps mentioned in this guide are meant to prevent regular updates that patch security vulnerabilities and improve the overall performance of Windows 10. If you're looking to prevent the OS from installing feature updates, such as the Windows 10 Creators Update, you need to use this guide to defer major updates.

We do not recommend using a computer without the latest updates, because they're often key to keeping your Windows 10 PC running properly. However, there will be times when you may want to manually apply new updates, when you want to install them during a particular time, or because you want to wait until you're sure the update will not cause issues.

• • 
    

How to protect yourself from ransomware

Back up your files 

The greatest damage people suffer from a ransomware attack is the loss of files, including pictures and documents. 

The best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn't connected to the internet. This means that if you suffer an attack you won't lose any information to the hackers.

(  Businesses often save copies of their data to external servers that won't be affected if their main network is attacked.   )

Be suspicious of emails, websites and apps

For ransomware to work hackers need to download malicious software onto a victims computer. This is then used to launch the attack and encrypt files. 

The most common ways for the software to be installed on a victim's device is through phishing emails, malicious adverts on websites, and questionable apps and programs. 

People should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with. Never download an app that hasn't been verified by an official store, and read reviews before installing programs. 

Use an antivirus program 

An age-old computer security tip, antivirus programs can stop ransomware from being downloaded onto computers and can find it when it is.

Most antivirus programs can scan files to see if they might contain ransomware before downloading them. They can block secret installations from malicious adverts when you're browsing the web, and look for malware that may already be on a computer or device. 

Always install updates 

Companies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available. 

Never pay the ransom

Victims of ransomware attacks are advised to never pay the fee as it encourages attackers and may not result in files being recovered. There are some programs that can help decrypt files. Or, if you have a back up, you can restore your device from that. 

What is Ransomware

Ransomware

RANSOMWARE IS MALWARE that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer. Most recently, a global cyberattack spread ransomware to countless computers over 150 countries.

And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. In 2015, ransomware in the wild masqueraded as a porn app. The so-called Porn Droid app targeted Android users and allowed attackers to lock the phone and change its PIN number while demanding a $500 ransom from victims to regain access.

Also that year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they've already infected it with a backdoor through which they can enter.

The Ransom Business Is Booming

Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.

Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn't guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn't occur.

Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe between 2005 and 2009. Many of these early schemes had a big drawback for perpetrators, though: a reliable way to collect money from victims. In the early days, online payment methods weren’t popular the way they are today, so some victims in Europe and the US were instructed to pay ransoms via SMS messages or with pre-paid cards. But the growth in digital payment methods, particularly Bitcoin, has greatly contributed to ransomware’s proliferation. Bitcoin has become the most popular method for demanding ransom because it helps anonymize the transactions to prevent extortionists from being tracked.

According to Symantec, some of the first versions of ransomware that struck Russia displayed a pornographic image on the victim's machine and demanded payment to remove it. The victim was instructed to make payments either through an SMS text message or by calling a premium rate phone number that would earn the attacker revenue.

The Evolution of Ransomware

It didn't take long for the attacks to spread to Europe and the US, and with new targets came new techniques, including posing as local law enforcement agencies. One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in bitcoin, of course, and sent to an address the attackers control—the government won't restore access to your system. Apparently the fine for committing a federal offense involving child porn is cheap, however, because Reveton ransoms are just $500 or less. Victims are given 72 hours to pay up and an email address, fines@fbi.gov, if they have any questions. In some cases they are threatened with arrest if they don't pay. However improbable the scheme is, victims have paid—probably because the extortionists distributed their malware through advertising networks that operated on porn sites, inducing guilt and fear in victims who had knowingly been perusing pornography, whether it was child porn or not. Symantec determined that some 500,000 people clicked on the malicious ads over a period of 18 days.

In August 2013, the world of ransomware took a big leap with the arrival of CryptoLocker, which used public and private cryptographic keys to lock and unlock a victim's files. Created by a hacker named Slavik, reportedly the same mind behind the prolific Zeus banking trojan, CryptoLocker was initially distributed to victims via the Gameover ZeuS banking trojan botnet. The attackers would first infect a victim with Gameover Zeus in order to steal banking credentials. But if that didn’t work, they installed the Zeus backdoor on the victim’s machine to simply extort them. Later versions of CryptoLocker spread via an email purporting to come from UPS or FedEx. Victims were warned that if they didn’t pay within four days—a digital doomsday clock in the pop-up message from the attackers counted down the hours—the decryption key would be destroyed and no one would be able to help unlock their files.

In just six months, between September 2013 and May 2014, CryptoLocker infected more than half a million victims. The attack was highly effective, even though only about 1.3 percent of victims paid the ransom. The FBI estimated last year that the extortionists had swindled some $27 million from users who did pay.

Among CryptoLocker’s victims? A police computer in Swansea, Massachusetts. The police department decided to pay the ransom of 2 Bitcoins (about $750 at the time) rather than try to figure out how to break the lock.

“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan told the Herald News.

In June 2014, the FBI and partners were able to seize command-and-control servers used for the Gameover Zeus botnet and CryptoLocker. As a result of the seizure, the security firm FireEye was able to develop a tool called DecryptCryptoLocker to unlock victims’ machines. Victims could upload locked files to the FireEye web site and obtain a private key to decrypt them. FireEye was only able to develop the tool after obtaining access to a number of the crypto keys that had been stored on the attack servers.

Prior to the crackdown, CryptoLocker had been so successful that it spawned several copycats. Among them was one called CryptoDefense, which used aggressive tactics to strong-arm victims into paying. If they didn’t fork over the ransom within four days, it doubled. They also had to pay using the Tor network so the transactions were anonymized and not as easily traced. The attackers even provided users with a handy how-to guide for downloading and installing the Tor client. But they made one major mistake—they left the decryption key for unlocking victim files stored on the victim’s machine. The ransomware generated the key on the victim’s machine using the Windows API before sending it to the attackers so they could store it until the victim paid up. But they failed to understand that in using the victim’s own operating system to generate the key, a copy of it remained on the victim’s machine.

The "malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape," Symantec noted in a blog post.

The business of ransomware has become highly professionalized. In 2012, for example, Symantec identified some 16 different variants of ransomware, which were being used by different criminal gangs. All of the malware programs, however, could be traced back to a single individual who apparently was working full time to program ransomware for customers on request.

The Ransomware to Watch Out for Now

Recently Fox-IT catalogued what they consider to be the top three ransomware families in the wild today, which they identify as CryptoWall, CTB-Locker, and TorrentLocker. CryptoWall is an improved version of CryptoDefense minus its fatal flaw. Now, instead of using the victim's machine to generate the key, the attackers generate it on their server. In one version of CryptoWall they use strong AES symmetric cryptography to encrypt the victim's files and an RSA-2048 key to encrypt the AES key. Recent versions of CryptoWall host their command server on the Tor network to better hide them and also communicate with the malware on victim machines through several proxies.

CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000. CryptoWall's authors have also established an affiliate program, which gives criminals a cut of the profit if they help spread the word about the ransomware to other criminal buyers.

CTB-Locker's name stands for curve-Tor-Bitcoin because it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.

TorrentLocker harvests email addresses from a victim's mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.

Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.