News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – Does Woody tell you to not patch?

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – Does Woody tell you to not patch?

    • This topic has 60 replies, 32 voices, and was last updated 8 months ago.
    Viewing 29 reply threads
    • Author
      Posts
      • #2088681 Reply
        Susan Bradley
        AskWoody MVP

        So over on Twitter Dave Kunkle is taking Woody (and I for that matter as I use the same wait to patch philosophy) to task for telling people to not pa
        [See the full post at: Patch Lady – Does Woody tell you to not patch?]

        Susan Bradley Patch Lady

      • #2088686 Reply
        woody
        Da Boss

        Well put!

        There’s a reason why MS put Pause Updates in Win10 1903 and 1909. Too many people complained, rightfully, about the horrendous problems with knee-jerk patching.

        • #2089061 Reply
          John
          AskWoody Lounger

          History has shown that better others be beta testers with updates than myself. It’s that old saying is the cure worse than the disease? We’re all adults we can decide for ourselves what to do or not do.

          1 user thanked author for this post.
      • #2088689 Reply
        cyberSAR
        AskWoody Plus

        Looks like someone who reads the headlines and doesn’t digest the article. I appreciate Woody and Susan’s approach to patching. I do often patch my clients sooner than Woody gives the all-clear, but that’s due to my worry about liability issues. I always test patches on numerous machines first, including my main workstation before updating my clients.

        • #2088813 Reply
          WSaltamirano
          AskWoody Lounger

          Looks like someone who reads the headlines and doesn’t digest the article. I appreciate Woody and Susan’s approach to patching. I do often patch my clients sooner than Woody gives the all-clear, but that’s due to my worry about liability issues. I always test patches on numerous machines first, including my main workstation before updating my clients.

          How do you “test a patch” ????

          • #2088828 Reply
            cyberSAR
            AskWoody Plus

            Install on different machines to see if any have issues. If they don’t, patch the rest!

            • #2088985 Reply
              WSaltamirano
              AskWoody Lounger

              Install on different machines to see if any have issues. If they don’t, patch the rest!

              How do you know if there is an issue, it could take months before you realize that

              something was screwed up.

              • #2089007 Reply
                PKCano
                Da Boss

                How do you know if there is an issue, it could take months before you realize

                …or it could take a year, or five years…..
                But the greatest possibility is that problems affecting many users will show up in the first days after the patch is released. Particularly if it is a wide-spread problem.

                I have VMs with different versions of Windows running in them. I make a backup of the VMs prior to installing updates.  If I patch in the first day or two after release, and it borks the VM, so what. Replacing it is simply restoring the backup. I can then report the issue and see if it’s widespread.
                But if a user has ONE machine and does the same thing (the average user doesn’t backup even their data much less make an image), they are up a creek with loss of computer temporarily and loss of data probably permanently.

                So those of us that can, test patches by installing early. And those that can’t test patches, wait for the DEFCON number to be 3 or greater.

                1 user thanked author for this post.
      • #2088690 Reply
        VulturEMaN
        AskWoody Lounger

        My experience has been that 98% of the time, setting Featured updates to be delayed 90 days and Quality updates delayed to 30 days lines up well with giving MS enough time to resolve stuff. Is it consistent? Yea I’d say so. Is it safe to not pay attention and let MS push stuff down without looking? Never. But it’s a decent start, and I can monitor patching resources for a few weeks to wait for stability.

        1 user thanked author for this post.
        • #2088778 Reply
          bbearren
          AskWoody MVP

          Is it safe to not pay attention and let MS push stuff down without looking? Never.

          Never say never.  This is a five-year (and still going) hands-off experiment to the contrary.  Totally pushed, never a “Check for updates”.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2088693 Reply
        AmbularD
        AskWoody Plus

        Who the heck is Dave Kunkle?  If he’s happy being an early patch adopter (read: Microsoft’s guinea pig) then good for him.  You, Woody, Amy and Ted haven’t steered me wrong or let me down yet, Susan.  Thank you all for the hard work you put into keeping us safe and up to date on when it’s appropriate and necessary to patch.

        i7-4790k - Z97X-Gaming 3 - DDR3 2133 x 32GB - GTX 1070 FTW - Windows 7 Pro x64 SP1 ESU

        • #2088897 Reply
          Microfix
          AskWoody MVP

          Who the heck is Dave Kunkle?

          Someone who likes to blow their own trumpet on social media (yawn),
          and in this case it’s a flatulent note.

          Win8.1 Pro | Linux Hybrids | Win7 Pro O/L | WinXP O/L
          4 users thanked author for this post.
      • #2088704 Reply
        Ascaris
        AskWoody_MVP

        Another member of the “you must take every patch offered the moment it is released” brigade.  There are a lot of them out there, and it’s hard to have a serious conversation about when one should patch when they reflexively denounce anyone that advocates waiting until the dust settles before patching.

        If the aforementioned individual thinks Woody is bad for suggesting people wait, perhaps he is also willing to direct his ire to, erm, Microsoft, which has long done the same thing with its CBB nomenclature initially, information that now comes in the form of an announcement that a given feature build is “ready for broad deployment.”  The idea is to use consumers as cannon fodder, and to have the valued customers (the corporations) benefit from this second layer of “testing,” behind the first (and obviously inadequate) layer of “testing” by the untrained, unpaid Insiders.

        All Woody suggests is to not volunteer to be cannon fodder, and to be one of the ones receiving the benefits of the additional testing, rather than one of the ones unwittingly performing that testing at their own risk. It’s obvious why Microsoft would not be happy with encouraging people to opt-out of beta testing Windows, but everyone else should realize that it’s merely acting in one’s own interest.

        If enough people refused to beta test software they’ve paid for, perhaps MS would have to reconsider its strategy and actually return to a system where testing was done by paid professionals rather than the lowest, least valued caste of Windows users.  The well-meaning but misguided people who reflexively demand everyone take every patch the moment it is offered are only enabling Microsoft’s cynical behavior.

        Group "L" (Fedora 32 Linux w/ KDE Plasma).

        8 users thanked author for this post.
        • #2089030 Reply
          b
          AskWoody Plus

          If the aforementioned individual thinks Woody is bad for suggesting people wait, perhaps he is also willing to direct his ire to, erm, Microsoft, which has long done the same thing with its CBB nomenclature initially, information that now comes in the form of an announcement that a given feature build is “ready for broad deployment.”  The idea is to use consumers as cannon fodder, and to have the valued customers (the corporations) benefit from this second layer of “testing,” behind the first (and obviously inadequate) layer of “testing” by the untrained, unpaid Insiders.

          True, but …

          Microsoft’s “ready for broad deployment” is only ever for feature updates, never quality (ha!) updates. So, nothing to do with security risk.

          For monthly updates, Microsoft always says; “Take action: We recommend that you install these updates promptly.” [i.e. everyone, not just consumers]

          2 users thanked author for this post.
          • #2093414 Reply
            Ascaris
            AskWoody_MVP

            If a feature update that is released to consumers needs to be vetted more before being trusted by customers MS actually cares about, it validates the idea that the first round of testing (insiders) is inadequate.  Even if MS had the same QA they did in the past, though, it is still safer in terms of avoiding regressions to let other people take the risk first.  The risk has to be balanced with the payoff, and that’s true whether the payoff is greater security or more features.  There is no black and white, only shades of grey, when it comes to balancing costs with benefits.

            There is a risk from malware, but there’s also a risk to installing an update before someone else absorbs the hits, if there are any hits to be absorbed.  The malware threat can be largely mitigated by being smart about what you do with the computer, but the one where there might be new bugs can’t.  You have to balance the risk of unknown bugs with the risk of the vulnerability being patched.  It’s seldom the case that it’s a real emergency that must be patched right this second, and if it was, Woody would take that into account when giving his advice (which, of course, anyone is free to take or not take).

            The reality of malware is that most people end up infecting themselves.  It’s not that the malware has scaled or crumbled the castle walls, usually; the more common story is that it asked someone to lower the drawbridge and let them in, and someone did.  Making the walls higher and stronger won’t do a thing if you’re gonna let the bad guy in voluntarily, and that’s by far the bigger threat.  It’s kind of silly to suggest that waiting a week or two is going to make a huge difference with most threats without addressing that the majority of them are invited in by the victims-to-be.  The people who are aware enough to keep up with a blog like Woody’s are less likely to be the “come on in” type, and the actual nature of the threats extant at any given moment is always a subject of discussion.

            If I had a PC that I had to loan to someone for a year, and I could either put Windows 10 on it (with updates unblocked, so it’s always patched, at least in theory) if I hand it to a regular user who isn’t aware of anything technical, or I could have Windows 7 (such that it is now, just out of support) on it and give it to someone who is really aware of such things, I’d pick the latter if I had to bet on which one would be more likely to return the PC to me in a malware-free state.  Patching is good and I certainly do not advise that people ignore it, but it’s only one of a bunch of factors, and certainly not the only one.

             

            Group "L" (Fedora 32 Linux w/ KDE Plasma).

            3 users thanked author for this post.
      • #2088709 Reply
        geekdom
        AskWoody Plus

        Please recognize that Dave Kunkle is offering bait and it’s best not to react.

        G{ot backup} TestBeta
        offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 WindowsDefender
        online▸ Win10Pro 1909.18363.1082 x64 i5-9400 RAM16GB HDD Firefox82.0b4 WindowsDefender
        TargetReleaseVersion=1909
        WUMgr
        3 users thanked author for this post.
      • #2088710 Reply
        Zaphyrus
        AskWoody Lounger

        One of the reasons I love this site its so that we can check the issues that are rising with Windows 10

        I don’t get why people BLINDLY install any patch that Microsoft offer you

        Ok, lets pretend Mr.Woody an Ms.Susan are trolling us,   then explain to me, why people are always having issues with Windows 10

        I partially agree with Miss Susan, some bad patches may not affect you for now, BUT one day, one bad patch will hit you, and then you will understand why people here are so careful around updates.

        Just someone who don't want Windows to mess with its computer.
        1 user thanked author for this post.
      • #2088722 Reply
        nazzy
        AskWoody Lounger

        Please recognize that Dave Kunkle is offering bait and it’s best not to react.

        Either baiting or posting out of sheer ignorance.   Neither of which deserve a response other than to say, “hey, you’re being ignorant”.  🙂

         

        1 user thanked author for this post.
      • #2088725 Reply
        anonymous
        Guest

        He has to work for Microsoft, they have the same mentality.

      • #2088730 Reply
        Seff
        AskWoody Plus

        I’d ask Dave Kunkle a simple question – when he says…

        “there’s major security vulnerabilities out in the wild that could be fixed by said patches.”

        … to what is he referring, and on what evidence?

        But then Woody has already asked him that question, and we await an answer…

        • This reply was modified 8 months, 1 week ago by Seff.
      • #2088731 Reply
        Bundaburra
        AskWoody Plus

        Probably the vast majority of Windows users do not subscribe to Woody and do not read the newsletters or these columns.  Therefore they will patch indiscriminately;  many will not know about deferring updates, and some will have updates set to apply automatically.  So these users are really the “beta testers”, and any problems will quickly become known to the wider community – including Woody subscribers who have wisely deferred the updates for a week or two.

        Windows 10 Pro 64 bit 2004

        • #2088762 Reply
          Zaphyrus
          AskWoody Lounger

          I talked about it in some threads here, most users aren’t aware how Windows 10 is different front Windows 7, i am pretty sure that if people promoted this site, they would know how to handle updates.

          Just someone who don't want Windows to mess with its computer.
      • #2088733 Reply
        b
        AskWoody Plus

        Furthermore, if you look at the articles that have been posted, none of us are recommending browsing from a Windows 7 computer if you don’t get updates for it. … We do not want you to use Windows 7 for online banking, tax preparation or ANY sensitive info. I’ve even urged folks to change the DNS settings and take it off the web and isolate it.

        Nothing in Woody’s summary of a week ago about not browsing, not banking etc. or isolating:

        No, running Win7 after Jan. 14 doesn’t “put [your] company and staff data at risk, as well as that of suppliers, partners, and customers, because security patches will no longer be available.”
        Windows 7 end of support: Separating the bull from the horns

        2 users thanked author for this post.
        • #2088738 Reply
          Seff
          AskWoody Plus

          I’ve personally never touched internet banking, and have no intention of ever doing so. As for browsing, it rather depends on how one strikes the balance between the importance of browser updates and OS updates. Woody has long argued against using IE, and the other browsers continue to be supported/updated beyond 14th January, as do the anti-virus/malware programs that also form a critical part of the balance where security is concerned.

          As I read Woody’s articles, they follow the same logic for upgrading from Windows 7 as they do for patching Windows Updates – it needs to be done when the time is right, but that doesn’t mean there’s a panic to get it done this instant.

          • This reply was modified 8 months, 1 week ago by Seff.
          2 users thanked author for this post.
          • #2088880 Reply
            anonymous
            Guest

            May I respectable disagree. I am currently using a very happy Vista SP2 computer and it works great. No patches or bugs in quite awhile. I am in the club that updates ARE more dangerous then the possible vulnerabilities. Also it has been shown by the latest vulnerability that not all vulnerabilities are present in other versions of Windows. 10 alone was vulnerable.

            Also while not yet proven, the more you patch, the more chances of new vulnerabilities and new bugs. Sometime the saying If it works, and is doing everything you want or need, why risk it all and patch to possibility go to a completely unusable state or put another way – if it is not broke, DO NOT FIX!

        • #2088739 Reply
          Susan Bradley
          AskWoody MVP

          It’s in my article.  🙂  I read that as more that you aren’t immediately at risk.

          Susan Bradley Patch Lady

          3 users thanked author for this post.
          • #2088754 Reply
            b
            AskWoody Plus

            Browsing and banking is OK for a few more weeks?

          • #2088774 Reply
            rick41
            AskWoody Plus

            Given that the banking-with-Win 7 caution is included at the tail end of a paragraph about extended-support availability, it kind of reads as if that caution applies even with ESU.  But based on your earlier AWP article about Closing the Book on Win 7, I don’t *think* such a reading is correct??

            • #2088799 Reply
              Susan Bradley
              AskWoody MVP

              On February 11, Windows 7 updates will come out for those with ESUs.  If you don’t have ESUs, it’s highly likely that attackers (who, these days are not teenagers in their parents houses, but financed government IT geeks) will have access to those same ESUs and be able to reverse engineer the vulnerabilities.  Thus each month that goes by there will be a potential for more and more risk to that operating system.  Will it be insecure on January 15th?  No.  Will it be a smidge more insecure even with a patched Chrome browser on February 11th?  I’d argue yes, and we will know more at that time.  Anytime someone says “I’ve browsed with an XP for years and been fine” I cringe.  One can never guarantee that you will be fine on an unpatched machine… forever.  I would not do online banking or anything with sensitive data as that machine gets more and more unpatched as the months go by.

              Susan Bradley Patch Lady

              2 users thanked author for this post.
      • #2088758 Reply
        Win7and10
        AskWoody Lounger

        I thank Woody et all for all the advice here. Have been following this site since Win 10 was forcibly thrown down the update chute in 2015 and almost broke my Windows 7 PC. With valued guidance I was able to resurrect it and get rid of GWX and all it’s nastiness. Also, was able to get windows update service going several years back when the .CAB went outdated.

        I don’t work in IT, however, understand about computers and value my equipment.

        In following the recommendations for December, the updates went very smoothly and was able to identify and disable the nag screen commencing 1/15/20.

        Right now, January patches are waiting and will be installed on Win 7 and also on Win 10.

        I’d rather know what I’m dealing with rather than disabling valuable equipment.

        What’s even more interesting, have been able to identify problems and concerns with the work PC, and help my team through minor issues.

        Will continue to utilize Win 7 and patch for January and run a strong AV in the background. I am not a world wide web surfer and just need it for some creative work for my own self satisfaction and have banking protection built in from the strong AV.

        Thanks, over and out. 🙂

         

        Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
        Win 10 Home 1909 (HP ENVY i7)

        2 users thanked author for this post.
        • #2088800 Reply
          Susan Bradley
          AskWoody MVP

          Antivirus is reactive not proactive.  Use that 10 for banking, not your 7.

          Susan Bradley Patch Lady

      • #2088773 Reply
        bbearren
        AskWoody MVP

        Patching your systems should be an exercise in making sure you are ready for recovery of your system. If you can’t restore from a backup, you can’t not only deal with an update side effect, you can’t deal with the bigger problem of ransomware.

        This cannot be emphasized enough.  It’s the first line in my signature, in bold red.  This is why I can be a seeker/cannon fodder, because my PC is safe in multiple drive images in two separate places (one of which is air-gapped) so that regardless of what might happen, I’m ~6 minutes away from just before the patch(es) downloaded.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        1 user thanked author for this post.
      • #2088775 Reply
        lurks about
        AskWoody Plus

        My take on patching is it needs to be done on any system that is exposed to the Internet. But there is a balancing act of when to patch for any OS. For most people waiting a couple of days or weeks is not really exposing them to any real danger; the observation behind Woody’s and Susan’s method of wait a few days to see what is happening. Once it is apparent the patches are fairly safe to install, install them. Woody and Susan will advise when they deem updating reasonably safe. So following their scheme you are only a couple of weeks behind the release.

        While Woody and Susan concentrate on Windows the same rules can be applied to Macs and Linux. Most patches need to be installed in few days to couple of weeks but generally do not need to installed immediately.

        The press is trying not giving usable advice to users like Woody and Susan are (Thanks by the way). The press is trying to get your eyeballs and shrill headlines are the favorite method. So the press is often going to over hype the relative danger of some bug, exploit, etc. without ever explaining the grubby details of who, what, where of the issue.

      • #2088776 Reply
        PerthMike
        AskWoody Lounger

        Dave, whoever he is, can <bleep> it.

        Honestly, even I, who work in IT (over 25 years now) and manage a small govt agency, follow Woody’s and your philosophy AND advice. Of course, everyone always panics when the zero days hit the headlines, but you, Woody, Borncity, etc. are great sources of information to present management with as to why we should not patch on day 1.

        If you have your house in order (ie. running decent security software, etc.), then there is zero need to patch right away.

        (Just for example, I couldn’t even reach the SANS Test page posted the other day, as my security software threw up TWO warnings, even when I told it to bypass the first one “I know what I’m doing, take me to the page”, it blocked me a second time. So yeah, for those of us who live and breathe IT, there is much more stability from NOT patching than just blindly following the Microsheeple.)

         

        No matter where you go, there you are.

      • #2088781 Reply
        gkarasik
        AskWoody Plus

        That really fries my grits. This is another example of an all-too-common, internet-driven phenomenon: Someone who wants to gain attention by broadcasting a point of view begins by mischaracterizing and misquoting someone like Woody, then uses that mischaracterization and misquote as a launching pad for an attention-getting rant. No, AskWoody has never said “Don’t patch”; AskWoody has always said, “Don’t patch mindlessly.” Those of us who are computer professionals caring for tens, hundreds, or thousands of workstations have far-too-often been bitten by poorly tested MS patches as a result of which we’ve had to listen to the anquised cries of suddenly-non-productive clients–not to say having lost clients because of this; we badly want never to have that happen again. AskWoody has been invaluable not only by educating us about patches–something Microsoft never adequately took on to begin with and then abandonned any pretense of doing at all–but also by helping us quickly ameliorate the problems caused by culprit patches by identifying those culprit patches and suggesting fixes. We can’t be too grateful.

        Edit: Please follow the –Lounge Rules– no personal attacks

        GaryK

        • This reply was modified 8 months, 1 week ago by gkarasik.
        1 user thanked author for this post.
      • #2088816 Reply
        anonymous
        Guest

        Maybe it would be a good idea for people who suffer a lot from update related problems to regularly reboot their systems before the updates get installed. Maybe make it a scheduled task or so. That way they’ll be able to tell if problems are caused by updates or by other causes, such as defective hardware, 3rd party software or pebkac.

      • #2088818 Reply
        anonymous
        Guest

        I have always waited to install Windows Updates.

        However, zero-days…different story.

      • #2088845 Reply
        Bundaburra
        AskWoody Plus

        If an update fixes a particular security vulnerability, then it’s possible that the vulnerability has existed all along, just hadn’t been found and patched until now.  In that case, when you did your internet banking (for example) two months ago, you were subject to the same vulnerability even though at the time you believed you were fully patched.  So you could say that delaying the patch for another little while really makes no difference.

        Windows 10 Pro 64 bit 2004

        • #2088853 Reply
          b
          AskWoody Plus

          That ignores the fact that patched issues are not general knowledge until patches are released.

        • #2088961 Reply
          anonymous
          Guest

          According to that logic Russian Roulette is a safe game as long as you win the first round. After all, the gun was already loaded when you used it and nothing bad happened.

      • #2088885 Reply

        The proof is in the pudding…already we have some reports that having “wallpaper stretch” engaged will cause an issue with KB4534310 for Win 7: (https://www.bleepingcomputer.com/news/microsoft/final-windows-7-update-breaks-desktop-wallpaper-functionality/)

        Another reason not to jump the gun, and (were it needed) another validation. for Woody’s methodology.

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least four legs and no brain."

        -Robert Heinlein

        2 users thanked author for this post.
      • #2088981 Reply
        agoldhammer
        AskWoody Plus

        I’m maintaining a single Win7 PC that runs Windows Media Center on my TV with a cable card tuner.  There’s no other option here other than to rent a cable box from Verizon at $20/month (with DVR capability).  I don’t do any mission critical work on this PC and plan to use it until it no longer works.  The only Internet stuff this does is streaming Netflix, Amazon Prime, and ESPN+.  I’ve migrated to the new MSFT Edge browser which will continue to be patched as necessary for Win7 machines for at least the next 18 months.

        As far as banking and bill paying are concerned, I do all of this on the Internet these days.  As long as one is careful to make sure and look at the SSL certificate and URL so that you know you are at the right website, you should be OK.  To date, I’ve never had and credit or bank information compromised.  Skimmers at ATMs, gas pumps, and other locations are far more problematic in terms of stealing credit card information than the Internet as long as one is prudent.

        1 user thanked author for this post.
      • #2089024 Reply
        otto
        AskWoody Plus

        I thank my lucky stars for you and woody. Like most people, I lack your skill set and really appreciate any help that I can get. I do believe that your insight has helped me many times over. As always, one can accept or reject your advice. I am not sure what this guy was complaining about? Maybe it’s just his 15 seconds in the Sun.

        KEEP UP THE GREAT WORK

        THANK YOU

        1 user thanked author for this post.
      • #2089047 Reply
        zero2dash
        AskWoody Lounger

        I patch when deferrals are up, which are recommended by MS and seconded by Woody.
        https://docs.microsoft.com/en-us/windows/deployment/update/waas-deployment-rings-windows-10-updates
        This usually coincides with the DEFCON rating reduction, or happens within a few days of it happening.

        120 days feature update, 14 days quality update has worked great for me. 0 problems going back all the way to 1703 which is when Win10 became something I recommended, instead of avoided.

        2 users thanked author for this post.
      • #2089051 Reply
        steeviebops
        AskWoody Lounger

        In fact, Woody has regularly advised against joining (as he calls it) the Group W bench.

        1 user thanked author for this post.
        b
      • #2089059 Reply
        John
        AskWoody Lounger

        I would guess that people who visit AskWoody or Computerworld are not just average home users. They are tech savvy or IT people looking to weigh in and gain information on all things computer related. Most home users I would expect to just let updates install and never think twice about. Those of us visiting AskWoody are trying to obtain a bit more information. I think most of us can make up our own minds on whether to accept the updates or wait. Woody takes an absolute safe position of which you can either agree with or not.

      • #2089122 Reply
        Kathy Stevens
        AskWoody Plus

        Thank you for your post.

        To patch or not to patch, that is the question. And you have clearly answered the question, “hold back and wait for the dust to settle.”

        Then there is your comment regarding CCcleaner.

        Since at least 2014, my practice has been to run CCcleaner after each internet browsing session to remove cookies and other detritus that has accumulated on my C drive while online and cannot recall an instance where I had a problem with any of my computers afterwards.

        After running CCcleaner I tend to find that it has removed 50 or more MD of stuff – the bulk of which coming from Microsoft Edge, Internet Explorer, and Firefox.  I do not use Microsoft Edge or Internet Explorer but somehow they accumulate bits of data in their Internet caches, as cookies, and temporary internet files.

        Am I better off letting the detritus accumulate?

        • #2089190 Reply
          Susan Bradley
          AskWoody MVP

          I don’t like it when it removes registry entries.  I have seen too many side effects from that detrimental action. Why not browse in inprivate mode or use the brave browser and the duckduckgo search engine?

          Susan Bradley Patch Lady

          1 user thanked author for this post.
          • #2099012 Reply
            Kathy Stevens
            AskWoody Plus

            Susan

            Just to be clear, you do not like using CCleaner due to the risk of removing registry entries.

            When I open CCleaner it opens to the Custom Clean – a tool that clears up detritus from Microsoft Edge; Internet Explorer; Windows Explore; System files; Firefox; Thunderbird; Windows Store; Applications; Multimedia; Utilities; and Windows including MS Management Console, RegEdit, and Remote Desktop.

            In order to delete registry files you have to open the stand alone Registry window. Therefore, you can run Custom Clean without touching any registry files.

            So, is okay to run CCleaner’s Custom Clean utility while avoiding the registry cleanup option?

            Also, our computers are equipped with HP’s Performance Tune – a tool that can perform system tune-ups by deleting temporary files; deleting prefetch files; running a system file checker; emptying the recycle bin; and clearing history, cookies, and cache of installed web browsers including Internet Explorer V. 11, Google Chrome, and Firefox.

            Any thoughts regarding a preference for CCleaner versus the HP Performance Tune-up?

            May the Force be with you.

            1 user thanked author for this post.
          • #2100223 Reply
            rc primak
            AskWoody_MVP

            Other Registry Cleaners have caused me problems like those. But never CCleaner, and seldom if ever with Glary Utilities.

            That said, the current Microsoft Windows Storage Sense cleanups do almost exactly the same job as CCleaner, except maybe for some third-party software temporary caches.

            -- rc primak

            • This reply was modified 8 months, 1 week ago by rc primak.
            2 users thanked author for this post.
            • #2100255 Reply
              Kathy Stevens
              AskWoody Plus

              Thanks for sharing your thoughts on CCleaner, Glary Utilities, and Windows Storage Sense.

              Unless there are strong reasons for switching to Glary Utilities, I will stick with my trusted CCleaner.

              Then there is Windows Storage Sense. I had no idea that it was hiding inside Windows 10. I have it switched off completely and not sure exactly how to set it up to fit my needs. Bottom line, I look at Windows 10 as an operating system and prefer not to open the hood and tinker with its components.

              If I turn on Windows Storage Sense I am not sure what temporary files should be removed such as: Windows error reports and feedback diagnostics, Windows upgrade log files, and DirectX Shader Cash

              Any suggestions?

              • #2100270 Reply
                rc primak
                AskWoody_MVP

                The categories are basically the same as the old Disk Cleanup Tool.

                I make sure the Downloads Folder is NOT checked, then clean everything else.

                EXCEPT for the ten-days retention period for Windows.old after a Feature Update (upgrade) and about a week or two before cleaning up the Windows Update remnants.

                 

                -- rc primak

                1 user thanked author for this post.
              • #2100290 Reply
                bbearren
                AskWoody MVP

                The old Disk Cleanup tool still works quite well.  I did a running comparison between CCleaner and my extended Disk Cleanup batch file for over four years, keeping CCleaner updated all the while. I would first run CCleaner to scan for detritus, then close it and run my Disk Cleanup batch file.

                After that ran, I would again open CCleaner and check for leftovers. The only thing left would be temporary internet files, and those I wanted to leave where they were, anyway. CCleaner was of no real use to me. I finally uninstalled it with Revo Uninstaller. Speaking of Revo Uninstaller, it also has a Junk Files Cleaner, and a Windows Cleaner.

                Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
                "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
                "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

                1 user thanked author for this post.
              • #2110929 Reply
                rc primak
                AskWoody_MVP

                I didn’t mean to say that the old Disk Cleanup Tool doesn’t work. But Microsoft keeps making noises about phasing out the old Tool. So I try to keep up with the times and learn to use Storage Sense, which leverages the same internal cleaning routines.

                -- rc primak

        • #2100260 Reply
          anonymous
          Guest

          CCleaner is a good tool to use, but not blindly.

          My experience with it for registry cleaning is that the approach is *very* conservative, and using it will *probably* not cause problems.  However, the effects of cleaning are entirely cosmetic, and doing a cleaning will not enhance either performance or system stability, and comes with a small risk of doing damage. There really is no reason to be using CCleaner (or any other tool)  on your registry.

          CCleaner is one tool (and technique) that arose in in the era before Vista, and really isn’t needed anymore.  Even though Vista was reviled for its UI, it was still a major step forward, making significant improvements in system stability. I’m convinced that many of the issues that registry tools were written for were for the effects of registry corruption that happened too often in XP and earlier vintages of Windows. Since Vista, Windows has been *very* stable, and those kinds of tools aren’t really needed, anymore.

          To that end, I strongly discourage anybody from using any kind of registry scanning tools, whether cleaners, defragmenters or compression tools. They’re not needed, and run real risks of causing more problems than they solve.

          The benefits of CCleaner are with other tasks.  Most prominently, that would be cleaning the contents of browser caches, temporary files and emptying trash.  I also find the various tools in the Tools section to be useful, especially in being able to get to the list of installed programs quickly, and being able to export to a file that can be imported into a spreadsheet.

          Use CCleaner for those functions, but don’t bother with registry cleaning.  The registry cleaner is a solution set for a problem that no longer exists.

          3 users thanked author for this post.
      • #2089153 Reply
        anonymous
        Guest

        My first computer was XP in 2002. Have had Vista, 7 and now 10 1903. My experience with installing patches? Well in 18 years I can recall perhaps 4 times I had issues with patches. That’s 4 times after installing probably over 1,000 patches in 18 years. This also includes recommended and optional patches I installed on a computer just to see what would happen. 99% of the time nothing happened. People say to to install drivers from MS update. Well lately when I go to manufacturers site for drivers, I am directed to go to MS update, Western Digital for example.

        I installed Windows 10 January patches the day they came out. No issues. Same on Windows 7. Now this is not just me. Through the years when talking to friends they also had no issue installing patches except for 4 or 5 through the years.

        It’s a catch-22. Install patches to prevent exploits or wait 30 days to apply and risk being exploited. Which shall it be? System restore is your friend. If system restore won’t work, system image and up and running in no time.

        I am talking about home computers here. Businesses have different needs and they have an IT department. Here at my house, I am my IT department.

        2 users thanked author for this post.
        • #2089167 Reply
          anonymous
          Guest

          Forgot to add one more comment. I used XP for almost 2 years after EOL.  Surfing the dark corners of the internet and yes, online banking. No problems. Stopped using XP when it did not work well on many websites.

          I will continue to use 7 surfing to my hearts content. And do online banking.

          As someone famous once said “The only thing we have to fear is fear itself.”

          • #2089191 Reply
            Susan Bradley
            AskWoody MVP

            Please reconsider that.  Dual boot into a supported Mint release.  Today’s risks are not the same as they were when you were surfing in the XP era.  We are dealing with smarter attackers.

            Susan Bradley Patch Lady

            2 users thanked author for this post.
      • #2106922 Reply
        PeterR
        AskWoody Plus

        Susan makes a great point in her article when she says “Also many times the act of rebooting will expose [an] issue that was hiding all along. Patching wasn’t the root cause, rebooting the machine finally exposed the issue.

        I wish that she would urge people to reboot a machine BEFORE installing patches.  This is a critical, can’t-miss step in the patching process.  If your machine has problems booting, then you will be really glad you didn’t install any patches.  And if you had a hidden problem and failed to reboot before applying patches, now you will be troubleshooting two problems simultaneously, and you will be looking for a problem with the patch that was not caused by the patch.  When rolling back the patch doesn’t fix the problem, you are still liable to blame the patch for causing it.  Headaches galore….

        It is an interesting question whether you should reboot before backing up (and if you have a hidden problem, you may not be able to make that backup) or backup before rebooting (in which case, you have a backup of a failing system, which may not be restore-able).  Everyone can have their own preference, please share yours.  But rebooting before patching is as important as backing up, plus it is faster and easier so you are more likely to do it.

        So please, folks, reboot before backing up.  And please, Susan, make that part of your standard advice.

         

        -- Peter R --

        1 user thanked author for this post.
    Viewing 29 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – Does Woody tell you to not patch?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.