Patch Lady – 31 days of paranoia – day 10

[Susan BradleyAskWoody MVP]

Patch Lady here – I wasn’t going to do a post on Patching with a paranoid theme in mind until later in the month but several articles and the fact tha
[See the full post at: Patch Lady – 31 days of paranoia – day 10]

Susan Bradley Patch Lady

8 users thanked author for this post.

SueW, Elly, Elrod, jonadb, David F, Noel Carboni, GreatAndPowerfulTech, mcbsys

[mcbsysAskWoody Lounger]

Speaking of severe action, how going back to employing a separate group of in-house software testers rather than relying exclusively on this release-and-see-what-blows-up approach?

3 users thanked author for this post.

GoneToPlaid, Noel Carboni, HiFlyer

[kiwigenieAskWoody Lounger]

Patch pain got to me.  I used to patch monthly a couple of years ago.  Just got PCs patched at home a few days ago after 6 months on one and 1 year on couple more.

1 user thanked author for this post.

HiFlyer

[GreatAndPowerfulTechAskWoody Lounger]

You are correct in that there are still good coders working at Microsoft. Too bad they’re not in charge. As long as the quarterly profits keep climbing, there is no reason for Redmond to change their sloppy ways. After all, by the time their big money Enterprise customers receive updates, millions of consumers have painfully found the bugs so MS could fix them. I remember attending a Microsoft sales seminar, over ten years ago, where one of the key messages was to sell by removing pain points that competitor’s products cause. At some point in the future Microsoft will likely see how their current AGILE system worked against them, from the bottom up, when consumer/educational Chromebook users move into management positions and move to eliminate Windows wherever possible. Those kids are growing up today.

GreatAndPowerfulTech

1 user thanked author for this post.

HiFlyer

[SteveTreeAskWoody Lounger]

In this regard, I face a dilemma. My son relies on a Windows laptop to run a Windows-only program that is central to his fledgling business. Do I give him the tools to block update and tell him to monitor askwoody for advice when to update knowing he is busy and likely to forget. Do I maintain my silence for the sake of his system’s security?

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 32 Home portable

[woodyDa Boss]

Aaaaaaaaaamen. Add Paul Thurrott to the list of voices crying in the wilderness – the Windows Weekly show that he and Mary Jo taped yesterday comes out strongly for a stroke of sanity.

The world’s coming around. Will Microsoft?

2 users thanked author for this post.

lanceboil, WildBill

[Noel CarboniAskWoody MVP]

Why is there a complete disconnect between stock price vs. product quality and the way the company is being run?

Money doesn’t grow on trees. Obfuscation does not a success make.

-Noel

1 user thanked author for this post.

WildBill

[WildBillAskWoody Lounger]

From Patch Lady’s post on the Home Page:

My biggest paranoia about patching today is that all of this paranoia about patching is no longer irrational paranoia over immaterial corner cases that the vast majority of people would never hit. My biggest paranoia is that more and more people will stop updating because of the reality that we are seeing.

As the saying goes, “Just because you’re paranoid, doesn’t mean they’re Not out to get you.”

Windows 8.1, 64-bit, Group A... switching to Group B in November!
Wild Bill Rides Again...

• This reply was modified 5 days, 20 hours ago by  WildBill.
• This reply was modified 5 days, 20 hours ago by  WildBill.

[anonymous]

Well said, Susan. I feel exactly the way you do. In the past I have skipped updates as I dreaded more damage being done by Microsoft than the risk they were supposedly trying to protect us from.

[anonymous]

YES! This is a post I needed to see today. I admit that I have been even more aggressive in my stance not to update Windows because of the huge mess that is in the Windows patching world. I am honestly far more scared of Microsoft’s own patches than I am with malware exploiting a vulnerability in my system. This is NOT good.

Yet it’s not just me, because I happily update other software openly and freely, like Chrome and Firefox. So if Microsoft could just make trustworthy patches that I knew would not botch my system and that I could rely on my computer working normally tomorrow, then I’d happily patch.

[ElrodAskWoody Lounger]

Very well said.

WildBill wrote:

From Patch Lady’s post on the Home Page:

My biggest paranoia is that more and more people will stop updating because of the reality that we are seeing.

I no longer use Windows at home, personally.  My workplace is covered under Enterprise, so they patch when they decide it’s safe. But my wife’s computers still use Windows 10.  I have used Windows for some time, and I am technical enough to know what the Windows message loop is.

I was all set to patch last weekend when I saw the dire warnings/MSDEFCON 1 setting here on askwoody.com.  So I didn’t patch.  It’s now getting to the point that, between the horrible quality of the patches and the other demands on my time, I might get our Win10 computers patch maybe once every 2-3 months.  Thing is, I can’t just sit down and apply patches.  The patching procedure is such a chore now (because I have to protect our machines against garbage like last weekend’s fiasco) that that there are some months when I just decide that I have more important things to do.

And I’m technical, and know the risks of not applying security updates.  Eventually, I would imagine that we’ll just find a non-Microsoft solution and put an end to the madness.

Group "L": Linux Mint

2 users thanked author for this post.

sproket90, Noel Carboni

[Noel CarboniAskWoody MVP]

Elrod wrote:

Thing is, I can’t just sit down and apply patches.
…
I have more important things to do.

Says it all, really.

And I’m technical, and know the risks of not applying security updates. Eventually, I would imagine that we’ll just find a non-Microsoft solution and put an end to the madness.

Says it all with exclamation points.

Microsoft is either not listening or this outcome is their goal too.

-Noel

1 user thanked author for this post.

sproket90

[georgesmileyAskWoody Lounger]

While your postings on computer security paranoia and the on-going debacle with regards to the Windows patching is welcome, the link to the Ed Bott article is incorrect.  The URL provided [1] is the same one as given for the Mary Jo Foley [2] article.  The correct URL should be to his ‘Two Windows 10 feature updates a year is too many’ [3] article. Just wanted to clear up.

Regardless, your work is much appreciated.

Regards,
George

[1] https://www.zdnet.com/article/microsoft-needs-to-refocus-on-windows-10-fundamentals-not-just-new-features/
[2] https://www.zdnet.com/article/microsoft-needs-to-refocus-on-windows-10-fundamentals-not-just-new-features/
[3] https://www.zdnet.com/article/opinion-two-windows-10-feature-updates-a-year-is-too-many/

1 user thanked author for this post.

Elly

[Susan BradleyAskWoody MVP]

Apologies, fixed the links!!

Susan Bradley Patch Lady

1 user thanked author for this post.

Elly

[anonymous]

How do we know it’s not a “material” amount that was affected by the Documents bug. That group includes both ‘some’ OneDrive users and ‘some’ people with multiple drives who offload Documents to those drives, such as myself. I wasn’t affected since I lurk here. But I heard screams of anguish from folks I indirectly know who run Home and aren’t geeks, who will never post to Microsoft forums, who can’t effect their own repair and who cant afford expensive service depots and are distrustful of them anyway. They will simply dissappear into the ether and suck up the loss of all their precious files. I expect there are a lot of these users but we’ll never know.

2 users thanked author for this post.

Elly, lanceboil

[anonymous]

Susan your last paragraph hit the nail squarely on the head. We are back to where we were fifteen years ago. This feels more and more like Windows ME every day.

[anonymous]

Increasingly, we are finding downtime to be a serious issue, even (or more so) in SMB environments (without clustered/HA setups). It’s hard to find maintenance time when patches are coming out 3-4 times a day and they mostly require reboots. Running the VMs on Hyper-V absolutely does not help here, since you need to reboot the hypervisor as well, so – everything goes down then.

MS should seriously focus on fixing their servicing stack to get rid of the forced reboots – years and years behind Linux/*nix OS here.

[anonymous]

I meant a day a month obviously (not that bad yet)

Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

[GoneToPlaidAskWoody Lounger]

GreatAndPowerfulTech wrote:

You are correct in that there are still good coders working at Microsoft. Too bad they’re not in charge. As long as the quarterly profits keep climbing, there is no reason for Redmond to change their sloppy ways. After all, by the time their big money Enterprise customers receive updates, millions of consumers have painfully found the bugs so MS could fix them. I remember attending a Microsoft sales seminar, over ten years ago, where one of the key messages was to sell by removing pain points that competitor’s products cause. At some point in the future Microsoft will likely see how their current AGILE system worked against them, from the bottom up, when consumer/educational Chromebook users move into management positions and move to eliminate Windows wherever possible. Those kids are growing up today.

I disagree with your assertion that Redmond does not need to change their sloppy ways. Microsoft needs to change their sloppy ways, not just in terms of Windows Updates, but in terms of how hackers use fuzzing to find new holes in said Windows Updates since all updates are now left to the individual programmers. Individual programmers are notorious for repeating the same kinds of coding mistakes. In my opinion, Nadella’s firing of the Windows Update Quality Control Team will turn out to be the single greatest mistake for Nadella’s tenure as CEO at Microsoft.

[Author]

Posts