• MS-DEFCON 2: Time to get Windows Update locked down again

    Tomorrow is likely to be another Patch Tuesday. 

    Here’s the funny thing. (Funny as in strange, not funny as in ha-ha.) I’ve been looking back over the updates that Microsoft’s been rolling out for Windows 7 and 8.1. I’ve found that, recently, they fall into two categories:

    1. Security patches, which are invariably (and wonderfully) explained in some detail, in Security Bulletins. For years, these are the patches that have caused the most problems. For the past five months, though, they’ve been relatively benign. Yes, there have been a few stinkers — KB 3045171/3057110 (Win7 crash when using GDI+), 3076895 (freezes Symantec programs), and a couple other lesser problems. But with the exception of IE patches (you use Firefox or Chrome, right?) and Windows 10 patches (a different kettle of fish), the security patches have been doing remarkably well.

    2. All others. Microsoft has released a plethora of patches to fix the update stack, install the Diagnostic Tracking Service, and get GWX — the Windows 10 upgrade nagware — working. These patches have had crashes and re-issues galore (5 or 6 or 8 versions). They do absolutely nothing to improve your copy of Windows 7 or 8.1. And they’re a massive pain to block or dodge or subvert.

    In a nutshell, except for the security patches, Microsoft has released absolutely nothing for Win 7 or 8.1 in the past five or six months that does anything to benefit you, the Windows 7 or 8.1 customer. Instead, we’ve only seen updates that further Microsoft’s ability to snoop on your computer and/or sell you Windows 10.

    Please, if you have any counterexamples, hit me in the comments.

    With that as preface, it’s time to lock your machine down. Windows Vista, 7, and 8.1 users should set Windows Update to Notify but don’t download, as described on the tab above marked Automatic Update. Windows 10 users who have WiFi connections can use the metered connection trick.

    I’m moving us up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Fingers crossed that tomorrow doesn’t bring everything crashing down.