Ancile: block spying on Windows 7 and 8

[Batu69]

Ancile is a free program for Windows 7 and Windows 8 devices designed to block spying and forced upgrades on those devices.

Ancile is script drive, unlike most Windows privacy applications which offer a graphical user interface. While some may see that as a disadvantage, its script-nature makes it easy to check what the script is actually doing.

 

If you think you heard that before you are right, as it a fork of the popular Aegis script that was created for the same purpose. Aegis however has been discontinued and is no longer maintained.

 

Since Microsoft changes things around frequently, a maintained script is a must have to avoid spy or upgrade related issues in the future.

Ancile: block spying on Windows 7 and 8

 

Ancile works pretty much like Aegis. It ships as a .cmd file that you may start on a system running Windows 7 or 8. Please note that you need to run it with elevated rights by right-clicking on ancile.bat and selecting "run as administrator" from the context menu.

 

The program performs various operations on start, all of which gather system information required for the program to operate correctly. It will also sync the time automatically with pool.ntp.org, and offers to create a system restore point prior to making any major changes to the system.

 

It is highly recommended to create a system restore point -- better a system back up -- prior to running Ancile so that you can go restore the system state should things turn out wrong.

 

Once done, all operations are carried out automatically without prompt or option to respond to any of the operations.

You may edit the main cmd file to block certain actions from being carried out. Open the file and locate the scripts section in it. You find calls for each major change the program makes listed there. Simply delete lines that you don't require (or add REM or :: in front) to prevent the commands from being executed.

 

You are probably wondering what Ancile does. The answer is that it does pretty much what Aegis did, only in updated form to take into account changes made after the final version of Aegis was released.

 

1. Block unwanted hosts (mostly Microsoft hosts). You find the list of hosts under scripts/hosts/hostsdns.txt.
2. Disable Remote Registry.
3. Disable unwanted services (Microsoft Telemetry Reporting Service, Microsoft customer Experience Improvement Program, Microsoft Diagnostics Tracking, Microsoft WiFi Sense, Microsoft Spynet, Microsoft SkyDrive)
4. Disable Scheduled Tasks (a total of 32 tasks are disabled, all by Microsoft). You find the list of tasks under scripts/tasks/tasks.txt.
5. Disable Windows 10 Upgrade. Not sure if required anymore.
6. Change Windows Update to check only and notify.
7. Disable automatic delivery of Internet Explorer via Windows Update.
8. Uninstall and hide unwanted updates.

971033 Update for Windows Activation Technologies
2882822 Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1
2902907 [description not available, update was pulled by Microsoft]
2922324 [description not available, update was pulled by Microsoft]
2952664 Compatibility update for upgrading Windows 7
2966583 Improvements for the System Update Readiness Tool in Windows 7 and Windows Server 2008 R2
2976978 Compatibility update for Windows 8.1 and Windows 8
2977759 Compatibility update for Windows 7 RTM
2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
3012973 Upgrade to windows 10
3014460 update for windows insider preview / upgrade to windows 10
3015249 [Upgrade that adds telemetry points to consent.exe in Windows 8.1 and Windows 7?]
3021917 Update to Windows 7 SP1 for performance improvements
3022345 Update for customer experience and diagnostic telemetry
3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
3042058 Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015
3044374 Update that enables you to upgrade from Windows 8.1 to Windows 10
3046480 Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7
3058168 Update: activate Windows 10 from Windows 8 or Windows 8.1, and Windows Server 2012 or Windows Server 2012 R2 KMS hosts
3064683 Windows 8.1 OOBE modifications to reserve Windows 10
3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015
3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015
3068708 Update for customer experience and diagnostic telemetry
3072318 Update for Windows 8.1 OOBE to upgrade to Windows 10
3074677 Compatibility update for upgrading to Windows 10
3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
3075851 Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015
3075853 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015
3080149 Update for customer experience and diagnostic telemetry
3081437 August 18, 2015, compatibility update for upgrading to Windows 10
3081454 September 8, 2015, compatibility update for upgrading to Windows 10
3081954 Update for Work Folders improvements in Windows 7 SP1
3083324 Windows Update Client for Windows 7 and Windows Server 2008 R2: September 2015
3083325 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: September 2015
3083710 Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015
3083711 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015
3086255 MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015
3088195 MS15-111: Description of the security update for Windows Kernel: October 13, 2015
3090045 Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
3093983 MS15-106: Security update for Internet Explorer: October 13, 2015
3102810 Installing and searching for updates is slow and high CPU usage occurs in Windows 7 and Windows Server 2008 R2
3102812 Installing and searching for updates is slow and high CPU usage occurs in Windows 8.1 and Windows Server 2012 R2
3112336 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: December 2015
3112343 Windows Update Client for Windows 7 and Windows Server 2008 R2: December 2015
3123862 Updated capabilities to upgrade Windows 8.1 and Windows 7
3135445 Windows Update Client for Windows 7 and Windows Server 2008 R2: February 2016
3135449 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: February 2016
3138612 Windows Update Client for Windows 7 and Windows Server 2008 R2: March 2016
3138615 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: March 2016
3139929 MS16-023: Security update for Internet Explorer: March 8, 2016
3146449 Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
3150513 May 2016 Compatibility Update for Windows
3173040 Windows 8.1 and Windows 7 SP1 end of free upgrade offer notification

Closing Words

Ancile automates the privacy hardening of a computer running Windows 7 or 8. It is certainly possible to use the data it provides as a blueprint to run select operations without running the script. This gives you even more control over the process, but may be best suites for experienced users who know how to edit the hosts file or uninstall Windows updates and hide them.

 

All in all though it is good to know that the Aegis project is not dead, as it lives on in Ancile.

 

Ancile

 

Article source

[luisam]

Found some of those updates listed in my Windows 7 installation and removed them. Certainly, they look quite innocent, no way to guess thay are "spying"

[stylemessiah]

I dunno, im not convinced that uninstalling or hiding all the updates people seem so fond of is a good idea, a lot of convos i see around it make me want to break out my tinfoil hat

 

theres a point at which the conspiracy theories are going to actually make your system less safe and/or reduce functionality

 

madness, its a fine balance

 

by all means block telemetry and get a decent firewall

 

not to mention that some of the quoted hotfixes/updates have already been superseded....thats another problem with going down the rabbit hole

[luisam]

Wihle blocking and deactivating certain services looks obvious, ANCILE might be more useful should the tell users WHY they are "blacklisting" all those updates. Is it real, is it a scare or simply "conspirational theory"?

By the way, to run Ancile, Windows Update service should be enabled.