Which is the best Windows Edition? – Here is the answer!

There different Windows Versions and each has its benefit but what is the best one and most secure one which I can suggest?! The short answer and the winner is the Enterprise Version but why?


It’s not LTSB/LTSC!

Windows LTSB (now LTSC) is maybe a special tip but it’s not the best choice due to the simple fact that it won’t get feature upgrades, the next major update will be available 2019 for this Edition (maybe earlier if MS decide to release something). The problem with this edition is as mentioned, there no feature upgrades, it gets security updates, sure but latest RS 3 / RS 4 changes will not be included and some changes made a lot of sense in a security aspect, e.g. Homegroup got removed and Windows Defender got more powerful than ever, the EMET integration hardens the OS already against 90% of all attacks which is not included in the normal LTSC version. Security wise it’s not smart to use an OS which not getting new security functions.

What about the Education version?!

The Education and Enterprise Version are very similar, officially Cortana isn’t included in this version and this is together with the activation the only bigger difference, however, the upgrading mechanism in ENterprise is better and you anyway need KMS to activate it so you simply can use the Enterprise version.

What about S, K, N, G or other editions?

The G (Chinese government edition) officially doesn’t exist and you need to create it yourself. I showed several methods how to do this on my GitHub account but it also lacks feature updates similar like the LTSC version. The N/K Versions not including Windows Media Player function but you anyway remove this with the ‘features wizard’ in the ENterprise version, the problem with such slimmed versions are that they won’t recognize your Smartphone because this requires media feature components, of course, you can manually install them afterwards but that is a waste of time and ends up with wasting more HDD/SSD space compared when you install the normal Enterprise version straight fresh on your drive.

What about the feature updates/telemetry?

The Enterprise versions have a toggle to opt-out of telemetry via gpedit.msc



What about the damn app updates?

That is indeed a problem and annoying however you can configure it via gpedit, to disallow app updates and once you uninstalled them you won’t get new apps (only in case you made a major update). So you have to do this procedure only when you fresh installed Windows or in case you did a major Windows upgrade eg. from Redstone 3 to Redstone 4.

From my tests no app is connecting to the internet anymore unless you really use them, I did this test with Redstone 3, adding a bunch of domains into your HOSTS is pointless because unless you started/used apps or opt-in into insider builds you will never see any connection. The myth that MS is secretly ‘spy’ on you via apps is nothing as an unproven myth, I did a Wireshark/Burp log and in 1 week of constantly running Windows 10 I got 4 MB of upload collected and 12 MB of download, these can be explained with other Microsoft security mechanism, like updating the clock, downloading certificates checking for Windows defender signature updates and more which btw all can be controlled by gpedit! No tools at all needed to control this but this behavior is a bit different in Windows 10 Pro versions, so stay away from the Pro versions.

Windows Enterprise Version is the winner for a reason

I’m aware that Windows 10 Enterprise is not really an option for most of all people because it requires KMS and another license to activate it but unless Microsoft decided to remove the crap out of the Pro version I have no problem to admit or recommend to pirate the OS until MS solved it, because why should you give up on your Privacy just because Microsoft decides to include more crap in the Pro version without any opt-out toggle? They are going to fuck you, so say fuck you too and pirate it! Without drama and attention, nothing will be changed and MS really seems to want to learn it the hard way. I’m not saying you should not pay in general for it but as said, unless Microsoft not fixed this privacy-related issue an integrate exactly the same options into every version I say “why not?”. It only proves that people want the change and if you won’t listen to the crowd it’s simply your own fault.

The best groud

The ENterprise version has a solid ground, of course, it has the app store, Cortana, and some pre-installed apps but that can be removed. The more important thing is that it allows you to opt-out of everything and this is the reason why the Enterprise wins the battle.

Consider switching to Linux!

If you really need to pirate Windows, ask yourself if it’s worth and if you really want to support such things?! What about Linux and why not? Linux getting better and better and it’s stable enough for a daily usage, of course, it takes some time to make the switch and learn something new but it’s much less time then trying to fix Microsoft own mess with each new ‘idea’ they trying to integrate.

Which distro?

  • Ubuntu LTS (Trusty Thar)
  • SolusOS
  • Linux Mint
  • Kubuntu (Zesty Zapus)
  • Xubuntu (Artful Aardvark)

These are some suggestion from me, you can game on them and you can use it as a daily basis. Since VulkanAPI is coming to more and more games, it will be more and more possible to game the same like on Windows, the responsibility is only up to the developer to support such API to allow gaming on each platform – but well, marketing Windows is still all about money and exclusive contracts.


Microsoft gives people an Edition with is worth to be installed but this requires another key and an activation process which is different from the normal procedure, that’s a real dilemma. Why Microsoft not want to add a global opt-out seems to be crystal clear, you get the OS free and you pay with some metadata, if there would be an opt-out no one or only a few people would opt-in and this might cost a lot of money because they can’t sell your data and this is the real reason. I’m not going to say that telemetry is by default bad but it can be abused and the controlling mechanism is something which needs to be improved and as long Microsoft decides to ignore this so long I will recommend the Enterprise version.

I finally made the switch to Linux as my main OS and I can (when I need to) start a virtual machine to test the latest Windows OS, I see no problem in doing it because I still can check several new things and report about it. I do not regret anything, maybe only that I made the switch way too late. People argue with the game argument but that’s a publisher/developer created thing and not a Linux thing, the API to support all OS are there and everyone can create games which run the same on every OS, the DOOM release is a fantastic example it runs with the same framerates on Linux because it was well coded and most of your favourite applications are maybe already available too for Linux.

I’ll keep an eye on every Windows version and report my findings back.

5 thoughts on “Which is the best Windows Edition? – Here is the answer!

    1. No, O&O or any other tool not converting your Windows Version, there much differences like the SKU, GPO and more.

      Enterprise not has an global opt-out toggle, there is still telemetry but the ‘Security’ telemetry is similar like Mozilla’s it only includes meta-data which can’t really expose you.

      I would suggest that everyone stay away (if possible) from Pro versions and pseudo tools, there not doing anything more than toggling something in the registry but in a lot of situation that doesn’t work anymore because GPO rules (Kernel based ones) coming before registry ones. And it’s always questionable if there is a benefit, at the end you might not remove all telemetry related things anyway.

      I tried most of these tools and I wasn’t impressed some even can mess up your system, installing certificates or other stuff in the background and it’s overall not worth.

      A good start in my opinion is to install the Enterprise version and then just don’t opt-in in beta updates, set some restrictions via gpedit.msc and block the rest with a firewall.


      1. Sorry I didn’t mention that I was talking about in terms of spying, and not in terms of changing windows version.
        in my not in-depth test, I observed system with o&O and without o&o.both times i installed all the updates and drivers before and after i used windows update blocker by sordum. and not used any 3rd party apps. and the system was windows 10 pro rs3 with default apps.

        and i monitored data usage with o&o installed with apply all settings option. and i noticed data usage was 10 mb
        but when i didn’t use o&o i noticed data usage was around 300 MB in a day.
        (i tested this only a day and both time i didn’t use any apps).
        i’m not sure that with o&o installed if a user can be exposed with remaining telemetry? or if enterprise version with edited gpedit.msc is a guarantee that user cannot be exposed or identified?


        1. You can’t hide, period. The moment you activate Windows you ‘expose’ a lot of more than submitting telemetry.

          None of this tools mention that MS simply can bypass every blocking mechanism by hardcoding e.g. domain related things into e.g. dnsapi.dll and co, you can’t block this with traditional firewalls so the myth that using any of these tools change anything is nothing but it – a myth. None of these tools are coded by network experts or IT professionals, that’s for sure, Otherwise someone would have already implemented some IPSec rules, because IPSec is not that easy to bypass.

          There is no guarantee that using gpedit.msc really restrict everything, as mentioned Enterprise versions still sending ‘security’ related things back. I’m not sure if that expose you, Mozilla sends definitely more back here.#

          Most traffic you see is not even related to telemetry, but people see something, coming to the wrong conclusion because no one really did a serious audit on this. The traffic which are generated by default apps are legit traffic such as update checks and content updates. The only problematically thing I see here is that MS should give a easier way to disable e.g. the included Ads, I mean there are toggles but there a bit hidden or difficult to find for none experienced users. It’s also questionable why an OS should integrate ads in general.

          At the end all you can do is to uninstall or simply not use the things you not like, if you’re not a apps friend, just go ahead and disable i via gpedit.msc you not need any tool for this. Windows update can also be perfectly fine controlled via gpedit.msc but tools like WUMT are maybe more compfortable, that’s for sure.

          * O&O and any other tool are not all-in-one solutionsor preventing any so called spying because there lacking of fundamental logic failures and not blocking hardcoded things
          * Gpedit.msc should be preferred but ‘security’ related telemetry can’t be eliminated – It’s unclear if that exposes you because in my tests it send only few KB every 24 hours. I think modern Browser sending lots of more back.
          * Blocking everything or even svchost.exe with a firewall a stupid idea because a bypass is possible and you block legit security mechanism such as root certificate checks, smartscreen and more.
          * Domain based blocking is questionable, because it might get bypassed or the integrated domains might never get requested. Besides this will not work the moment you connect to a VPN because these tunnel might bypasses it or the domain name resolution is handled by the OS itself.


Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: