News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patching as a social responsibility

    Home Forums AskWoody blog Patching as a social responsibility

    This topic contains 76 replies, has 36 voices, and was last updated by  Ascaris 1 week ago.

    • Author
      Posts
    • #1978223 Reply

      woody
      Da Boss

      Mnnnnnffffffff….. Kirsty just pointed me to a post on the Microsoft Security Blog, from Mark Simos, Lead Cybersecurity Architect at Microsoft’s Cyber[See the full post at: Patching as a social responsibility]

    • #1978225 Reply

      AngryJohnny75
      AskWoody Lounger

      Managing patches in an enterprise is a thankless job. Internally, most people may not know or appreciate how many vulnerabilities have been mitigated or completely avoided by installing patches universally across the enterprise in a timely fashion. However, if business critical applications happen to break at the same time monthly patches have been distributed, then the patches get the first blame. Users will be fuming and IT will have its hands tied for awhile with troubleshooting and determining workarounds.

      9 users thanked author for this post.
    • #1978230 Reply

      anonymous

      ? says:

      “[we] want to make it easier for people to do the right thing…” and that is why i come here

      thank you Woody!

      9 users thanked author for this post.
    • #1978253 Reply

      John
      AskWoody Lounger

      Sometimes the medicine is worse then the disease?

      3 users thanked author for this post.
      • #1978262 Reply

        anonymous

        As a computer consultant since the 80’s, responsible for thousands of computers over the years, I can honestly say that I can count on one hand the times I’ve had to fix a computer due to an un-patched flaw being exploited.  Actually on two fingers.

        In stark contrast, and mostly after Windows XP, I’ve had a nearly continuous stream of business from computers broken by Microsoft updates.  The big trouble really began during the Windows 7 era.

        If I had to chart the malady against dollars spent by the customer, the most dangerous malware by a huge margin is Microsoft updates.  Automatic updates set to “automatic” has proven to be a guaranteed source of computer malfunction.

        So I’m in the “update only when absolutely necessary camp”.  You’ll never be patched for zero day, obviously, so patching after the fact with proven acceptable patches is the only way.

        And we certainly have to thank Woody for guiding the way on this all these years!

        • #1978327 Reply

          mn–
          AskWoody Lounger

          Heh. Exploits are nasty, sure, but on average…

          What I’m usually having problems with, is straight-up bugs that need to be fixed. Anything from insufficient care being taken in a driver, for cases of hardware failure in a high-availability server … to resource leaks and general instability in core system components.

          So yeah, the important thing had software-mirrored disks, and indeed we had no data loss from losing one disk. But we had a service outage when certain kinds of file-level operations just hung while waiting for a replacement disk, which they weren’t supposed to. All pending/hung operations did complete once the replacement disk was hot-plugged in… just one example of a thing that was fixed in a patch later. (No, wasn’t on a Microsoft operating system, and not open source either.)

        • #1979146 Reply

          Canadian Tech
          AskWoody_MVP

          You are absolutely correct. My experience is as extensive as yours and I agree completely

          CT

      • #1978706 Reply

        Cee Arr
        AskWoody Plus

        Is this “the doctor is worse than the disease”?  Or “What’s good for the disease is good for the doctor!”  At first I thought this social responsibility re patching was a MS attempt at humour. However, all on askwoody know MS updates are far from hilarious – more pathetic, when one considers the size and value of MS.  I can’t say “professional”.  So stop telling users what to do until you follow your own advice.

    • #1978286 Reply

      dph853
      AskWoody Plus

      There was a time that patching gamblers usually come out ahead just by letting Windows apply the patches as they were released. On occasion, some setups encountered a problem but these were usually corrected quickly and didn’t usually result in much inconvenience.

      Coupled with the deletion of the “in house” testing team and I suspect an ever increasing array of older and newer computer systems that need to be supported in a variety of operating environments that connect to an even greater myriad of devices, MS has lost much of the confidence that knowledgeable users afforded them in the past. The record is clear, MS is now not very good at releasing patches that don’t cause problems for some users every month.

      No product can be all things to all people all of the time. Windows is no different. People using equipment purchased back in the Windows 7 days should be prepared for the day when those older processors and peripherals just don’t cut it anymore and there aren’t enough of them in the insider program to thoroughly vet every single patch that MS releases.

      This is a sign of the times. We may have reached (and MS may already know) the point in time when it is no longer possible for MS to release a version of Windows or patches that will run as expected on 95%+ of all the equipment in use everywhere most of the time.

      Going forward I suspect the answer will be to continue delaying patches for 15 – 30 days and then wait and see if reports surface indicating that a patch clobbers some aspect of functionality that any particular group of users depend on. Knowledgeable users will and are able do this. Those who are less savvy will either not patch because they don’t know they are supposed to or will let Windows do its thing until one day the on button no longer produces the desired result.

      Developments in computer hardware bring about a continually diverging operating environment over time. The end of life arrives for all people and all equipment eventually. My Sinclair ZX80 is just such a case.  Expecting MS to produce 100% working patches for everything all the time is probably no longer realistic. MS may need to be a little blunt and start reducing the supported universe. I see nothing wrong with MS stating that 15 year old hardware will not be permitted to upgrade to some future version of Windows and would only ask that auto update for those systems be left on to receive only the most serious of security upgrades and virus definitions as has been the case for Windows XP boxes, Server 2003 etc. Some people don’t need the latest iteration of the OS nor do they need to replace perfectly functional hardware just because.

      Case in point, I still use a HP MediaSmart Server (Server 2003) as my streaming media server. It still works, isn’t accessible from the internet and does what I need it to do. I accept that SMB v1 is a bit of an issue and I need to be careful but for me that vulnerability and the fact that there have been no OS upgrades for years doesn’t concern me. I don’t need to replace this equipment until either the sparks fly from the motherboard or SMB V1 is completely removed on my LAN clients that connect to this media server. Every day this server continues to function is one more day that I do not need to spend money to replace it. Likewise, I would be perfectly fine with Win v1909 being the last version of Windows that my X58 CPU can run, provided I can continue to run V1909 with virus updates until that computer will no longer boot. Nothing lasts forever and I don’t mind choosing to be frozen in time to get the most out of the equipment I already own knowing that I may not be able to get new features without investing in the hardware required to run those features. I would just prefer not lose access to virus definitions and dire security patches arbitrarily.

      2 users thanked author for this post.
      • #1978313 Reply

        doriel
        AskWoody Lounger

        I agree with your angle of view. There is just no way that all patches are bug-free in this forest of various PC/devices. Insider program cant reveal all errors. I think they (Microsoft) understand this now and want to lower the cadence of major (feature) updates. This is good sign. For “long lasting devices” there is LSTB with support for many years (much higher price of course). This is used in hospitals, security services, …

        Sometimes its hard to troubleshoot issues, because environment is changing literally beneath our hands. I mean who can REALLY know what is changed in every patch? This is like inhuman task. Just few can trully understand and to be honest, updates is what they basically do everyday for living (even then they sometimes struggle to understand).

        I really thank poeple like Woody and Susan aka Patch Lady for their insights, they are our light at the end of tunnel.

        I have not failed. I've just found 10,000 ways that won't work.
        --- Thomas A. Edison

        1 user thanked author for this post.
    • #1978287 Reply

      IndyPilot80
      AskWoody Lounger

      “Microsoft set out to understand why some customers weren’t applying cybersecurity hygiene, such as security patches, which would have helped mitigate this threat.”

      I mean, is this a joke? To me, just shows they aren’t listening to their customers at all. If they want to understand why people aren’t patching, it’s quite simple. Just Google “Microsoft Update Breaks”.

      6 users thanked author for this post.
      • #1978467 Reply

        RamRod
        AskWoody Lounger

        Or google…

        Microsoft spyware

        Microsoft telemetry

        Microsoft trust

        Windows As A Service

        Microsoft fatigue

        Oxymoron – Windows – Reliable

        2 users thanked author for this post.
    • #1978289 Reply

      anonymous

      We’ve been there almost 2 decades ago when nobody would trust Microsoft and Windows updates. As a result, administrators delayed updates for several months. Back then, Bill Gates wrote an e-mail to employees and things improved. Apparently, the new circus director doesn’t care about these days. A great example of how sneaky Microsoft has become is the fact that updates hidden by wushowhide are still offered. For example, ‘Security Update for Windows 10 Version 1803 for x64-based Systems (KB4023814)’ ignores the ‘Hidden’ flag set by wushowhide the next time Windows updates are offered. The workaround is to unhide KB4023814 and hide again each and every month. So, how can anybody trust Microsoft? Of course, the jokers at Microsoft don’t get it.

    • #1978301 Reply

      Fred
      AskWoody Plus

      Patching as a social responsibility  for Microsoft, that is

      PGP-ID=0x(askforit)

    • #1978315 Reply

      Ascaris
      AskWoody_MVP

      Win7, for example, shipped with no automatic updates enabled.

      Is that really true?  I’ve never had occasion to check this on a prebuilt Windows 7 machine in its pristine state, right out of the box (by the time I’ve seen them, it’s impossible to know what has been altered), but all of the clean Windows 7 installations I have performed have had Windows updates set to automatic by default out of the box, just like prior and subsequent Windows versions.  It seems that if it ever shipped with updates off, it would have been OEMs that did it, and that sounds really weird to me.

      Group "L" (KDE Neon User Edition 5.17.0).

      • #1978394 Reply

        Carl D
        AskWoody Lounger

        All of the Windows 7 installs I have done over the years have “Please choose your settings” for Windows Update in Control Panel when you go there for the first time after installing.

        The choices are “Download and Install Updates Automatically (Recommended), “Download Updates but notify me before installing”, “Notify Me When Updates Are Available” and “Never Install Updates (Not Recommended)”

        Might not be the exact wording but they’re fairly close from memory.

        The Windows Update service in Services is always turned on by default after installling Windows 7 (Service type is ‘Automatic’ or ‘Automatic (Delayed Start)’) – can’t remember which one right now.

        • #1978434 Reply

          Ascaris
          AskWoody_MVP

          And the option that is already selected by default and in effect is “automatic (recommended),” right?  The dialog gives you the opportunity to change it, but it’s on automatic unless you do.

          The real question is what preinstalled OEM Windows 7 was set to, since most people will not ever install their own OS, but will use whatever came on the PC.  I have three PCs now that came with 10 (all three now running Linux), but prior to that, the last PC I bought new/preassembled came with Vista, which I removed in favor of XP.

          Group "L" (KDE Neon User Edition 5.17.0).

          • #1978435 Reply

            jabeattyauditor
            AskWoody Lounger

            The real question is what preinstalled OEM Windows 7 was set to, since most people will not ever install their own OS, but will use whatever came on the PC.

            When you boot a preinstalled/OEM Windows 7 PC, you get pretty much the same set of setup questions that you would with a clean install.

            I’ve always seen the Windows update choices (as presented above) when I powered-up new machines for the first time.

            1 user thanked author for this post.
          • #1978655 Reply

            Carl D
            AskWoody Lounger

            None of the Windows Update options are selected by default, you have to choose one of them.

            I don’t know what happens if you don’t make a choice – it might default to the first one (download and install updates automatically), especially since the Windows Update service is enabled by default after installing Windows 7.

            Never tried it to see what happens.

      • #1978530 Reply

        woody
        Da Boss

        The very first versions of Win7 – before Service Pack 1 – did NOT activate Automatic Update.

        You folks are probably working with SP1 versions.

        2 users thanked author for this post.
    • #1978311 Reply

      anonymous

      You missed not wanting to be spied on by your OS.

      All so bloatware, adware and and constantly resetting settings every update, if you were dumb enough to install windows 10.

      Edit for content

    • #1978312 Reply

      anonymous

      Woody,
      There are several reasons as we all know of why people will not patch. You had excellent examples: Some do not know, some have heard of the shoddy patching and subsequent issue thereafter.

      Others are, I know a man who never updates his phone(s). He updated his phone years ago and “it changed”. The app, the program, the whatever changed on him and he was very happy the way it was, afterwards he was very upset. His resolution was to “never update again”. That is what he told me, and that is what he does.

      A second gentleman told me “I am really not worried, if I get a virus I will just get a new phone”. I had heard this many years ago with clients using Desktops! Computers were costing $300-$500 instead of $1500 and that was cheap enough to get a new one.

      If I remember correctly, the Target Department store Point of Sale (POS) compromise was because many businesses say, “do not patch the device because if we go down, we do not make money.” That was supposedly said by a poster (here at Askwoody I think) years ago that was working for a 3rd party repair company.

      I am sure others here could give examples of why their friends. relatives, or clients do not update or upgrade.

      Woody, thank you for your articles and this web site and for being our Curmudgeon.

      Thanks to all.

      4 users thanked author for this post.
      • #1978527 Reply

        anonymous

        Working with industrial systems, many of ours were still running WinXP as of 2012…  We finally got them switched over to Win7, but making the case that we needed to change to a newer OS was hard.  Some old software became more finicky (eg, Access ’97 Viewer ran just fine on XP) and needed rebuilding or virtualizing.  Others would not be supported on anything new by the supplier, or at least not without costing 5 to 6 figures to “upgrade.”

        Then we had to worry about patching again, and if the site’s running 24/7 finding a time which doesn’t cost hundreds of thousands of dollars of lost production can be hard.

        1 user thanked author for this post.
    • #1978345 Reply

      anonymous

      Let’s add some things about the way Microsoft handles patches and why some people avoid them:

      1. They can take over your computer while patching for a LOOONG time. Downloading, applying the patch, restarting the system, then again waiting for applying the changes… In some cases you can literally be waiting HOURS and then finally, the patch FAILS installing.
      2. For a power user computer, the decision factor about patching is handled knowing the risks of not patching. In a “Grandma’s computer”, elderly people get scared because of the patching process and messages. They just want to google something, see some stuff, go to Facebook… It’s not an intensive or complex use of a PC. So, back in the Win7 era, some people used to disable the updates altogether in a Grandma’s PC for avoid the constant scares and problems that patching can cause.
      3. Patching can crash a perfectly working and stable system. Aaaaannnd even left it in a bootloop state, or even worse a black screen state (even without a blue screen of death state), and so on.
      4. As Woody say, the new “telemetry enabled” policy of Microsoft is a problem. Someone can ask: Why in Android this is not a problem and in a Windows environment yes? Because Android is used more by individuals and Windows is in a lot of productivity environments. Google knowing what someone wants to see in the movies is one thing, Microsoft possibly snooping in corporations’ stuff is another subject.
      5. You can’t segment patching anymore (except people still using the Microsoft repository, that is a lot of work). So, if it’s only a small thing but very problematic that is bundled in the superpatch applying system, there is nothing you can do, except don’t applying the patch entirely.

      And so on…

      If Microsoft really wants patches not to be a mess, they should:

      • Change the patching system for not to take so much productivity time, be faster, with only one reboot (and when the system starts again not waiting another long amount of time).
      • Only force “critical” updates. And that should be security only updates. The other ones should be optional again.
      • It should be (really) easy to go back to a previous state from a patch. And all could be exactly as it was before it. There are ways to achieve this manually, but is not by default in Windows. If a patch really screws things up, you end in the recovery options while booting, and not always that options are available or work, or take a lot of time (again). So, there is a lot of things in the user part for this to work (backups, etc.). So, people than doesn’t care by this stuff are the ones that have then computers with systems being a mess because of half recovering from patching.

      All this is very unlikely to happen, so Microsoft shouldn’t be so “surprised” why old stuff that was “solved” by patches is still causing problems.

      2 users thanked author for this post.
      • #1978623 Reply

        Ascaris
        AskWoody_MVP

        omeone can ask: Why in Android this is not a problem and in a Windows environment yes?

        Both are equally problematic to some of us.

        Group "L" (KDE Neon User Edition 5.17.0).

        3 users thanked author for this post.
        • #1978866 Reply

          mn–
          AskWoody Lounger

          … Android system updates aren’t as centralized anyway, so if one manufacturer botches an update for one model, everything else is unaffected…

          That and phone apps are still seen as more of a convenience than a business-critical thing, usually.

    • #1978433 Reply

      anonymous

      “You can’t segment patching anymore (except people still using the Microsoft repository, that is a lot of work).”

      Seems like that’s a situation ripe for a cottage vetted-SCUP Catalog industry targeting Microsoft’s own patch repo (dunno about the legality of redistributing those patches, tho). There’s already a case for paying for third-party app update management. This seems like the next logical conclusion.

    • #1978444 Reply

      Sessh
      AskWoody Lounger

      There was a time in the not-so-distant past where I would be excited to see new Windows Updates coming down the chute. I’d install those suckers right away, mostly referring to my XP and prior days, and didn’t have any major problems for a long time. I also wasn’t much of a power user though not a complete amateur, either. Everything I learned about PC’s and Windows, I learned myself just poking around and having to figure out and fix stuff myself. To be fair, having to do that did benefit me a lot as I learned quite a bit over the years.

      In the second half of my XP days, I started running into issues with updates and I only ever used Windows Update, so no manual patch installing. I had WU corrupt my Windows Update folder on two occasions, had updates corrupt my MBR on multiple occasions including times where I did a fresh install of XP and was just letting WU do it’s thing as well as produce other mostly minor (but noticeable) issues I had to spend time fixing. All by itself, WU cost me a lot of time trying to fix what it messed up all on it’s own. It turned out to be great when XP reached EOL because I no longer had to deal with this and it was refreshing. It was so refreshing that I was content using XP two and a half years after EOL with no major issues at all.

      Then, I get a powerful gaming PC with Windows 7 on it and had become a competent power user. Once again, while I am just letting WU do it’s thing with my new PC, again I start running into errors. WU can’t install updates correctly and something gets corrupted though it wasn’t a show stopper, but I had to spend awhile trying to figure it out and had a very helpful fellow on a W7 message board help me manually undo what was done. Here we go again, right? It was during this time that I discovered this site and became even more knowledgeable because of it.

      I was already missing XP and the endless days of use without having to deal with this nonsense from a so-called competent tech giant that used to know what they were doing when it came to patching. I already knew I wasn’t going to reward MS by going to Windows 10 especially after what they pulled with GWX and the direction it was going. However, I continued trying to patch but now SO only, firmly in Group B. I only did that for a few months and then comes the processor blocking patch requiring that I learn to make batch files to install patches using DISM.

      Hyseteria built, patching problems were on the increase (and have continued in that direction) and I was really getting annoyed with how far this process had fallen. MS lost all credibility with me and all this scaremongering with every threat that comes out is also annoying. There’s also the whole “sneaking stuff into SO updates” thing which was a concern I was vocal about when I decided Group W was the only safe answer to patching for me. Firing their QA didn’t help either and it seems the crowd-testing strategy isn’t working out too well for them. I’m shocked, SHOCKED, I tell ya!

      Just the fact that MS is asking why people aren’t patching tells me that all their talk about “listening to customers” were about as empty as a vegan’s stomach at a steakhouse. If they do listen, they don’t take what they hear seriously enough if at all.

      I would remind these idiots at Redmond wondering why people aren’t patching that the April 2017 patches for Windows 7 & 8.1 actually BLOCKS people from updating their PC’s if they have next-gen processors in them which many do. Gee, I wonder why people would stop patching after that especially folks who aren’t knowledgeable tech people? Big mystery there. They block people from applying updates, then wonder aloud why more people aren’t applying recent patches.

      To me, it just demonstrates how wide the gap of disconnect is here between Redmond and the typical PC user. It’s not wide enough to know how to trick people into installing Windows 10, though. This patch was a hard push to get people to switch over to that abomination and just another reason why I will NEVER make the jump. It’s insanity, really, that they really have to wonder why the patching climate is what it is now. They’ve created this with their own actions and yet casually play dumb when it comes to knowing how we got here as if they weren’t actually in the room when these decisions were pushed on their customers. I don’t think they were even in the same galaxy because the customers don’t really matter anymore, not really anyway.

      My next OS is Linux, but I am very happy to be Group W for over two and a half years continuing on the XP strategy that was so wonderful and uneventful. What do you know, no major problems. I have figured out other ways VIA security layers and regular backups to protect my PC and data and they’ve worked wonderfully. When I use Linux Mint in a VM, I love updating there. Never a problem and doesn’t even require a reboot, so there’s no disruption at all to what I’m doing. Just wonderful. That’s my future, but I really do love Windows 7 so long as I don’t let MS touch it anymore. I don’t trust ’em! These out-loud ramblings from MS showing just how out of touch and full of S they are just solidify the conclusions I’ve come to which are already pretty solid. Thanks, MS. They, IMO, have nowhere to go but down.

      10 users thanked author for this post.
    • #1978452 Reply

      Microfix
      Da Boss

      I get the impression that Mr Simos is talking from the ‘bridge’ and not from the ‘engine room’ For sure, security concerns are there by not patching but, it’s been ‘Full steam ahead with sub-grade coal’ for a good while now and a slow frustrating voyage.
      Why does this guy think resource sites/fora like askwoody, borncity, ghacks and many others exist?

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      6 users thanked author for this post.
      • #1978459 Reply

        jabeattyauditor
        AskWoody Lounger

        Why does this guy think resource sites/fora like askwoody, borncity, ghacks exist?

        Let’s be extremely generous and say there are a half a million users who frequently visit and participate in all of the aforementioned sites…

        Why would he even know these sites exist, let alone care what is discussed here?

        We have to accept that we’re in a bit of an echo chamber here – we know all about the update issues because we’ve set out to know all about the update issues… and we’re in a distinctly small minority.

        I’d hazard a guess – based on a few decades of experience supporting end users of various levels of expertise – that MOST Windows users just plug ahead and let Windows do its thing, with little complaining when Windows messes its own bed. Why? Because Windows updates are to blame for about 2% of their problems and they’re at fault for the rest.

        1 user thanked author for this post.
        b
        • #1979034 Reply

          Ascaris
          AskWoody_MVP

          I’d hazard a guess – based on a few decades of experience supporting end users of various levels of expertise – that MOST Windows users just plug ahead and let Windows do its thing, with little complaining when Windows messes its own bed. Why? Because Windows updates are to blame for about 2% of their problems and they’re at fault for the rest.

          But this topic is specifically about the people who are not meeting what MS apparently considers to be their “social responsibility” in letting Windows do its thing.  Within the population of users who don’t let Windows patch at will, the ones MS is scolding, the issues that sites like AskWoody warn about are front and center.

          Most “regular” users seem to have a “black box” view of a PC’s operating system.  They’re not likely to know the difference between a problem caused by Windows updates and one they caused by their own actions.  They just know it’s messed up.  It’s the people that do have some understanding about Windows and computers in general that are acting to block Microsoft from doing its thing, even if they sometimes do it to Aunt Mabel’s computer and forget about it.

          Group "L" (KDE Neon User Edition 5.17.0).

          • #1979041 Reply

            jabeattyauditor
            AskWoody Lounger

            But this topic is specifically about the people who are not meeting what MS apparently considers to be their “social responsibility” in letting Windows do its thing.  Within the population of users who don’t let Windows patch at will, the ones MS is scolding, the issues that sites like AskWoody warn about are front and center.

            The referenced blog post is very pointedly directed toward organizations and toward figuring out why organizations are not applying patches. Individuals are mentioned only in the context of supplying feedback as members of organizations.

            Am I wrong in my belief that the vast majority of AW “regulars” are not part of Mr. Simos’ target audience?

            I don’t believe that he’s worried about most of us, nor is he asking for our opinions. He’s wondering why the big shops were so lax in their patching routines despite the inherent security risks.

            And, to head off the expected rejoinder from the masses, YOU can certainly browse safely and keep YOUR personal system clean and clear without ever applying a security patch. YOU’RE smart. YOU have properly configured your firewall(s) and YOU know how not to click where you shouldn’t.

            Extend that to thousands of PCs managed under one roof or on an international network and see if you can make that same claim about each and every person operating those devices.

            Simos is attempting to discover why the admins running those kind of organizations didn’t consider it worth their while to patch, despite the very obvious danger.

            I fail to see where he suggests that John Q. Public as individual home PC operator has a “social responsibility to patch.” I continue to believe he (rightly) doesn’t give a rip about the patching experiences or reasons for not patching that most here would have. It’s not his focus.

            2 users thanked author for this post.
            • #1979284 Reply

              Ascaris
              AskWoody_MVP

              Admittedly, I was conflating the topic title “Patching as a social responsibility” with “most Windows users,” without directly referencing the article in question.

              When you write of how most Windows users simply allow Microsoft to do its thing, as I interpret it, you’re referring mostly to consumers, since the Windows users who work in corporate environments don’t usually have a choice in anything on their work PCs, much less what updates are delivered.  They’re not able to allow anything, nor to disallow it.  That’s up to the IT department, who are not Windows users, per se, but Windows administrators.

              The view that all computer users, consumers included, have the responsibility to update as soon as possible, and without regard to their own welfare individually if the patch should happen to be one of the bad ones, is so widespread in the tech world that it’s almost a “here we go again” moment each time an article like this comes out, and I was responding more to that than to the actual article.  Woody gets a lot of grief for advocating for the welfare of individual consumers, which really should not be a controversial position, but the “Stop thinking of yourself!  You MUST patch NOW!” lobby is so strong that suggesting a consumer act in his own best interest shocks some people.  The same effect hit Linux Mint, whose developers were bullied mercilessly for not doing their best to convince users to install every single update marked “security” as soon as it is released, even if it presents risk to the user in question.  Mint, unfortunately, chose to give in, but Woody has not.

              It’s kind of ironic that the very design of the current Microsoft QA system for corporate customers involves waiting for all the bugs to be discovered by consumers and fixed before deploying new Windows builds, the same thing that’s so terrible if Woody or anyone else suggests that consumers do exactly the same thing.

              As far as the target audience of AskWoody… his MS-DEFCON ratings are intended for consumers, while Patch Lady Susan’s recommendations are more for corporate IT departments, as I understand. It’s a good question as to what the split is between corporate and individual visitors.  The comments certainly seem to reflect a more consumer point of view, and that’s certainly where I am coming from.

              Group "L" (KDE Neon User Edition 5.17.0).

              3 users thanked author for this post.
      • #1978464 Reply

        lurks about
        AskWoody Lounger

        Sites like askwoody, et. al. exist because MS does not care about the little customers and you are on your own to drown.

        2 users thanked author for this post.
      • #1978552 Reply

        WildBill
        AskWoody Plus

        I get the impression that Mr Simos is talking from the ‘bridge’ and not from the ‘engine room’ For sure, security concerns are there by not patching but, it’s been ‘Full steam ahead with sub-grade coal’ for a good while now and a slow frustrating voyage.

        Chief Engineer Scott: “Captain Simos, I canna give you anymore patching power! The dilithium crystals are almost drained. The improved feature updates won’t be available for… another 6 to 12 months!

        Windows 8.1, 64-bit, leaning toward returning to Group A... & toward Windows 10 V1909. As long as it's a Lot Less Buggy!
        Wild Bill Rides Again...

    • #1978480 Reply

      AlexEiffel
      AskWoody_MVP

      If patching is a social responsibility, maybe Microsoft has a social responsibility to not do all the things it does now that makes patching problematic, the first one being creating an always changing system that introduces more and more flaws while making patching not security only but a mandatory much more potentially disturbing experience with new unasked for features and change for the sake of change.

      Make one Windows LTS available to everyone every 3 years, 10 years of support, push only security updates, except for minor and carefully tested improvements. Most people don’t want new features, they just want their computer to continue working like it has been and be stable. They upgrade when they buy a new computer and that’s fine with them. When you ask people what version of Windows they use, how many do even know or care, except if it is 10 and they know that is why they got problems?

      Don’t tell me that was the previous model and it wasn’t working. Windows 7 is the most loved OS maybe with XP. It has been the most stable. And security issues didn’t happen mostly because of the missing security features that 10 has to offer. If they kept the model and made patching better, reducing the app/os coupling and making most software more easily compatible with updates, maybe not so many people would stop patching.

      6 users thanked author for this post.
      • #1978595 Reply

        Ascaris
        AskWoody_MVP

        Don’t tell me that was the previous model and it wasn’t working.

        The Microsoft fans have made exactly this claim, of course.  It’s the user’s fault that MS had to be tough on us, they say; too many of us didn’t take our patches when we were told to, so now we’re not being given a choice.  After decades of doing it that way, it’s suddenly not good enough anymore, and the coincident timing of this change with other changes could not be more obvious.

        Microsoft under Nadella has made no secret of its intent to monetize Windows in ways never before considered, and to continuously do so as they come up with new ways to do it.  For that purpose, the previous update model was not working.  If they come up with a new monetization scheme, they do not want to wait three (or more) years for people to maybe update to the newest version of Windows.  There have to be new versions coming continuously so that they can get their new MS-serving changes out there serving MS as soon as possible, and these updates have to have enough headline-grabbing new features to distract from the unwanted bits MS will slip in there at its whim.  People cannot be allowed to decline these new versions, or else they might, and if so, how then will MS monetize them mercilessly?

        Group "L" (KDE Neon User Edition 5.17.0).

        5 users thanked author for this post.
      • #1979172 Reply

        MrJimPhelps
        AskWoody_MVP

        Microsoft violated their social responsibility when they fired their testing dept. They have a social responsibility to do whatever they can to hire back all of the experienced people that were in their testing dept.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        5 users thanked author for this post.
    • #1978491 Reply

      anonymous

      It is my responsibility to avoid any Telemetry that is surreptitiously hidden in any Windows 7 Security Only patches as I have the right to avoid having that code present on my system. So if MS wants to appear to be more socially responsible they can reissue the July and September Windows 7 Security Only patches without the included Telemetry related code.

      And I’m not going to ever install any Patches that are labeled as Security Only but have NON Security Only related Telemetry code included. There are many Windows 7 end users that have only been installing Security Patches and after  Sept 2016 the Security Only patches that are supposed to be Security Only in nature after MS changed its updating systems to bundle up the individual KBs into roll-ups and cumulative updates.

      I’d like to be more responsible for including all the Security Only patches on my laptops(Windows 7) but MS has to compromise by reissuing the July and September Windows 7 Security Only patches without the Telemetry related code included.

      GWX was not very socially responsible and in fact MS had caused many business disruptions with that GWX and some folks value their privacy as well so that’s not very socially responsible of MS to have included that in any Security Only related patches.

      MS has lost that Trust to even be stating anything related to Social Responsibility in others’ actions what with MS’s nefarious actions regarding GWX and many other related issues.

       

      8 users thanked author for this post.
    • #1978500 Reply

      Zaphyrus
      AskWoody Lounger

      I dont agree this time,  Ok, patching should be doing from time to time but we shouldn’t install every patch

      people forget Windows 10 patches aren’t as good as Windows 7 patches were in its prime days

      Sadly, its the reality,  Windows 10 have become so unreliable that  not patching is an option.

      and if people reply to this trying to convice me they are reliable,  I invite you to install this month updates despite Woody’s warnings.

      Just someone who don't want Windows to mess with its computer.
      • This reply was modified 1 week, 2 days ago by  Zaphyrus.
    • #1978510 Reply

      CADesertRat
      AskWoody Plus

      So according to “Mark Simos” all is peachy keen and perfect in MS land and patching. What rock did he crawl out from under???

      Don't take yourself so seriously, no one else does 🙂
      4 Win 10 Pro currently 1809 (3 Desktops, 1 Laptop).

    • #1978546 Reply

      plodr
      AskWoody Plus

      It is far easier to restore an image than to try and recover from a MS “security” patch that breaks either my computer or a peripheral like a printer.

      I’ll continue to pick and choose, depending on Woody’s site to keep me educated, as to what I’ll allow on my computer. I put security in quotes because MS’s so-called security patches have more than just security fixes.

      Got coffee?

      1 user thanked author for this post.
    • #1978551 Reply

      OscarCP
      AskWoody Plus

      The idea is to achieve “herd immunity”, as with vaccination. Except that vaccines are thoroughly tested in an usually prolonged series of trials, to prove, first, that they are both effective and safe, free from undesirable side-effects (except for a possible temporary discomfort to the recipient) and then, that the batches that are released are thoroughly up to scratch. As with all human things, this does not always work well, but the occasions when this is the case, there are plenty of eyes on what is going on and the distribution of faulty batches is soon removed from circulation, and if a vaccine is found to harm too many (as with all medicine, there is always a few that suffer adverse reactions), then, same as any other medical product that is harmful to patients, it is also taken off circulation and permanently. But with patches, Windows in particular, there is only “eyes on” them, and those eyes are open in sites such as Woody’s, Ghacks (although now that it has been bought by “Softonic” that might be open to question) and other such places on the Web. So now days it is up to us users to be vigilant and look for advice before patching, or not patching, as the case might be. So Woody’s dear aunt’s PC might be left vulnerable unless Woody helps her out in person, but such is the world we live in now. No point crying over spilt milk. Better to lit a candle than curse the darkness. And so on and so forth.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      3 users thanked author for this post.
      • #1978581 Reply

        Chronocidal Guy
        AskWoody Lounger

        I’ve made the same comparison before with vaccinations and patching, and it really is an apt analogy.

        Microsoft keeps pushing this idea that the amount of people experiencing problems is small, a fraction of a percent. With 800-ish million Windows 10 devices, even 0.1% is still 800 thousand devices.

        How many pharmaceutical companies would continue to promote a vaccine that produced a fatal allergic reaction in several hundred thousand people?

        No, we’re not literally talking about people dying… Or are we? How many critical infrastructure systems are impacted by these broken updates? How many small businesses are finding themselves crippled by productivity stoppages or delivery delays when their computers decide to update and reboot during critical operations, and wind up non-functional?  I would actually be curious to see someone examine the mental health impact on IT professionals trying to clean up after Microsoft’s messes.

        If they want to spout off about “social responsibility,” they need to take a long hard look at how their recent history of update shenanigans has impacted the industry as a whole. Not just the computers, but the people, the ones responsible for keeping them running.

        3 users thanked author for this post.
    • #1978553 Reply

      Seff
      AskWoody Plus

      That article you linked Woody makes me wonder in which particular patch of sand the author’s head has been buried these past few years…

      3 users thanked author for this post.
      • #1978563 Reply

        Microfix
        Da Boss

        That article you linked Woody makes me wonder in which particular patch of sand the author’s head has been buried these past few years…

        @seff I think an MS Sandbox might be more appropriate as opposed to a ‘patch of sand’ 🙂

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      • #1978791 Reply

        Lars220
        AskWoody Lounger

        what-problem

        Attachments:
        2 users thanked author for this post.
    • #1978697 Reply

      alkhall
      AskWoody Lounger

      Typical, blame the victim.

      What other product do people buy that the seller has designed and produced in such a way that they insist it is necessary to perform regular maintenance, even if it is not? And then, blame the buyer if their shoddy product fails?

      Would you buy an automobile if you had to return to the dealership every month so they could tighten the lug nuts to prevent the wheels falling off (because they make it so that you cannot do it yourself), and if so would you tolerate that by doing so, the radio, A/C, seat warmers, etc. malfunctioned?

      Microsoft is doing no-one (including Microsoft) any favors with their current business model.

       

      5 users thanked author for this post.
    • #1978700 Reply

      BobT
      AskWoody Lounger

      And then they go taking over control of user’s PCs, and including stuff like telemetry, which puts people (like me) off. Good work MS!

      Still not installed September & July’s patches..

    • #1978731 Reply

      anonymous

      Fear that this is going to lead to an even tighter control over patches, the push will get even stronger soon 🙁

    • #1978744 Reply

      MikeMc
      AskWoody Lounger

      If it’s a social responsibility, then I’m sure Microsoft will provide free patches for Windows 7 and Windows 2008 R2 for the foreseeable future as it is the responsible thing to do for society at large.  Give me a break, Microsoft is not providing free patches and this is just corporate spin to make themselves feel good.

      • #1979175 Reply

        MrJimPhelps
        AskWoody_MVP

        … also, XP, Vista, and Windows 8.0.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
    • #1978840 Reply

      Frankly, I think all of us should email cyberhygiene@nist.gov and tell them exactly why sites like askwoody.com exist, ask them why MSFT fired their QA/QC department, and how much grief bad patches have caused!

      The author, while raising some good points, overall seems to write from a viewpoint atop a lofty ivy-covered pedestal located ‘way high above the arena in some academic cloud, miles from where the contest and clashing of gears, trouble tickets, nervous fits and such is daily taking place. He needs to get down into the “patching pit” and get his hands dirty.

      (Sorry if this sounds like I am a bit bitter about all this, but it is probably because I am, ha-ha.)

      Seriously; I’ve been to the NIST at Boulder, WWV up the road at Ft. Collins, etc, and it’s an incredible place with amazing people. Don’t know if they still give the free tours of the Atomic Clock, but if they do, it’s worth it if you’re in the Denver area.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      3 users thanked author for this post.
      • #1978979 Reply

        Fred
        AskWoody Plus

        Frankly, I think all of us should email cyberhygiene@nist.gov and tell them exactly why sites like askwoody.com exist, ask them why MSFT fired their QA/QC department, and how much grief bad patches have caused!

        It will be nice when consumer organisations can step in too

        PGP-ID=0x(askforit)

        • #1979237 Reply

          Charlie
          AskWoody Plus

          And maybe, although doubtful, something could be done about those dang outrageous EULA’s!

          Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

          1 user thanked author for this post.
    • #1978870 Reply

      OscarCP
      AskWoody Plus

      I sympathize with the complaints expressed here about the arrogant and inconsiderate attitude of the people in charge of MS. They remind me of what I know of unhappy marriages and abusive relationships – and how people often stay in them because… Well, for various reasons, some more compelling and, or respectable than others: some are afraid of change, some might be left penniless and even homeless if they leave. But some may set their face against their troubles, recognize they really have a bad deal, that this is unlikely to get any better, that there is a way out, if they dare take it, and then they do just that and leave.

      When it comes to MS Windows, after watching how its support has been developing for some years now, I can’t say that I see a brighter future ahead with any version of Windows, current or to come. (I don’t expect everyone here to agree, I know some of you think that Windows 10 is just fine, but this is my own perspective on things and I have no other to offer. Sorry about that.) But now, as it happens, I do not need to use Windows any longer either because I am required to in my job, or because everybody I have deals with uses Windows and having the same OS makes communicating with them easier. So now that there is no compelling reason for me to stay anymore, I have decided, some time ago, the best thing for me is to leave. There are OS options, I have adopted two of these, have been learning how to use them for a while, and already am doing reasonably well with them, so I’m ready. Come January, I’ll apply some important or critical patches for the last time, to keep Windows 7 in as good shape as possible, plus any security ones that might (?) be released occasionally, when some dire bug is on the loose, and I’ll keep the good old system in this way for occasional use, mostly offline, of some of the special software I have on it and cannot find replacements that work in either of my two other OS, for as long as possible. I imagine that this will be hygienic enough to satisfy my responsibility of keeping other PC users safe by not passing infections to them.

      I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it, however satisfying this might feel to me. Instead, I am doing something to change things within my own small personal sphere of influence, the one where I make the decisions. Wish me luck — and the same to all of you.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      1 user thanked author for this post.
      • #1978948 Reply

        Fred
        AskWoody Plus

        I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

        Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

        PGP-ID=0x(askforit)

        • #1979000 Reply

          jabeattyauditor
          AskWoody Lounger

          I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

          Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

          Didn’t he just voice his opinions in the strongest possible way?

          • #1979045 Reply

            Fred
            AskWoody Plus

            I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

            Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

            Didn’t he just voice his opinions in the strongest possible way?

            Perhaps not everybody who matters has the means to read “Askwoody.com”, and than specifically Oscar me or anybody in particular ?
            Other platforms was the meaning;
            I can imagine that the consumerorganisations may find an interest in this.
            🙂

            PGP-ID=0x(askforit)

            • #1979056 Reply

              jabeattyauditor
              AskWoody Lounger

              I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

              Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

              Didn’t he just voice his opinions in the strongest possible way?

              Perhaps not everybody who matters has the means to read “Askwoody.com”, and than specifically Oscar me or anybody in particular ?
              Other platforms was the meaning;
              I can imagine that the consumerorganisations may find an interest in this.
              🙂

              I wasn’t referring to his post here, but to the fact that he’s “voting with his feet.”

              Microsoft won’t care about our patching issues – and they might make a decent market-based argument that they shouldn’t care – until it affects their bottom line. Their first responsibility is to their shareholders, and that responsibility may be best met by ignoring individuals and concentrating on their corporate recurring revenue strategies (EVERYTHING-as-a-service-in-the-cloud).

              I don’t like it, but I do understand it.

              3 users thanked author for this post.
            • #1979311 Reply

              OscarCP
              AskWoody Plus

              Fred, I’ll still be around visiting the Mac and Linux forums. Windows, perhaps, if a thread particularly interesting shows up that is not about expressing regrets or complaints about some new MS doings, but rather about technical issues that I would like to learn more about.

              Meantime, I’ll continue practicing “patching hygiene” with my other two operating systems. (Same as brushing my teeth twice a day and flossing them once, before bed, plus visiting my dentist’s hygienist for a deep cleaning, once a year.) Question to Ascaris, mn- et al.: where does one go to learn more about “patching hygiene” with Linux Mint, now that it has been “bullied” into pressing people to patch in a hurry, or so it is alleged?

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

              1 user thanked author for this post.
    • #1979040 Reply

      Ascaris
      AskWoody_MVP

      I see nothing wrong with MS stating that 15 year old hardware will not be permitted to upgrade to some future version of Windows and would only ask that auto update for those systems be left on to receive only the most serious of security upgrades and virus definitions as has been the case for Windows XP boxes, Server 2003 etc. Some people don’t need the latest iteration of the OS nor do they need to replace perfectly functional hardware just because.

      I have a problem with having an arbitrary, age-based cut-off date.  If they want to say that (to use a real-world example) from this point forward, all CPUs will need to have SSE2 capability, which would have the effect of cutting off a certain percentage of older PCs, that’s one thing, but to just set an arbitrary date and to deny anything older than that updates is quite another.  It’s one of the issues I have with the Apple and Google way of doing things.

      It’s true that there are too many combinations of hardware in use for Microsoft to ever be able to test anything but a small percentage of them.  That’s always been the case for Windows, and as the primary provider of the OS for just about all PC hardware that isn’t made by Apple, it’s unavoidable.  The point now is that they don’t even try– according to the video from a former professional Windows tester that was linked here not long ago, they used to have a lab full of a bunch of different machines with different hardware to try to catch as much of the hardware market as is feasible.  Now much of the limited in-house testing that is still done prior to release is done on VMs using the same configuration, so only the virtualized hardware combination is ever tested.

      Windows Insiders, too, are more likely to test new builds in a VM than on bare hardware, as trying to run an actual PC doing actual stuff on beta software is risky and ill-advised.  The first set of users that really give Windows the bare-metal run-through in large numbers is the consumers, the group that is overall least able to understand the risk they face, or to recover from disaster if it should occur.  Microsoft has freely admitted that using consumers as testers for the benefit of enterprise customers is happening, and it shouldn’t, especially when it’s commercial software that the consumers themselves had to pay for.  The buyers of commercial software are supposed to benefit from the testing department of the software publisher, not to be the testing department.

      Group "L" (KDE Neon User Edition 5.17.0).

      5 users thanked author for this post.
      • #1979319 Reply

        OscarCP
        AskWoody Plus

        Ascaris: “It’s one of the issues I have with the Apple and Google way of doing things.

        You have saved me the trouble of saying this myself. The only technically sound reason for no longer supporting older computers and their peripherals is that they are incompatible in some fundamental and irremediable way with important features in a new OS release: incompatibilities that cannot be bypassed with safe workarounds any more and that, most likely, will remain so with all future versions as well, for as long as the OS remains in existence.

        This goes well beyond “good computer hygiene practices”, but it is not completely unrelated: if one keeps on using an older version of an OS that is unsupported because one’s hardware is no longer supported, eventually one may get no new security patches at all — which means that one may then start to help, unwittingly, with the propagation of malware.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

        • #1979330 Reply

          mn–
          AskWoody Lounger

          The only technically sound reason for no longer supporting older computers and their peripherals is that they are incompatible in some fundamental and irremediable way with important features in a new OS release: incompatibilities that cannot be bypassed with safe workarounds any more and that, most likely, will remain so with all future versions as well, for as long as the OS remains in existence.

          Of course with a Turing-complete programming environment… the only way that can actually happen is that there’s a time constraint in which the old hardware cannot complete all necessary steps.

          (Well, that and not trusting software emulation of hardware-based security features.)

          Everything else is “just a small matter of programming” … BTW, would any of the old-timers remember where that phrase is from, originally? Oldest usage I’ve tracked down was Knuth in 1974…

          But yeah, some of the BSD folks have shown that a whole lot of old hardware is able to run all kinds of things just fine, if slowly. NetBSD 8.1, released this year, apparently still has support for a DEC VAX 11/750 made back in 1977?

          • #1979334 Reply

            OscarCP
            AskWoody Plus

            mn- : There are still around, I believe, versions of LINUX meant to run on Amicas and Commodores. But I am not sure this proves anything. Does it?

            And, while touching on LINUX, where is there reliable advice to be found on when to install which patches for LINUX Mint? I’ve been hearing rumors that the Mint developers have been “bullied” into pushing people to patch right away whatever new patches are issued, maybe by making patching a requirement to keep using the system, or some such technical trickery? If true, this is not great for practicing good patching hygiene. And not quite the greatest of incentives for continuing to run an OS developed with a tendency to make the users its beta testers. (Sounds familiar?)

            Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

            • #1979360 Reply

              mn–
              AskWoody Lounger

              There are still around, I believe, versions of LINUX meant to run on Amicas and Commodores. But I am not sure this proves anything. Does it?

              Proves that it is possible as such but certainly does not not prove that it’d be commercially feasible… same thing as with the NetBSD/VAX I mentioned.

              And, while touching on LINUX, where is there reliable advice to be found on when to install which patches for LINUX Mint?

              Most likely over at https://forums.linuxmint.com/ I’d guess? Or maybe separately for each component you find important?

              See, the one thing about updates on open-source systems, especially Linux with its current popularity… is that it really isn’t a single “software product”. There’s no absolute single source for things, and component parts like desktop environments, background process management, task scheduler, graphics drivers, system libraries, system kernel, etc. are usually developed and tested quite independently from each other. And only then do the distributions package them together.

              Mint is a distribution that has gotten a reputation of emphasizing a smooth user experience, consistency and stability… possibly over security, and even having had the main distribution ISO images replaced with malware-containing versions at one point some years ago.

              So, the people who run the other projects that feed to Mint don’t like potentially taking the reputation hit from having vulnerable versions in the field after releasing fixes long ago already… so yeah, social responsibility, social pressure, bullying… somewhere along that sliding scale.

              (Take for example that one VLC hassle a while ago, Ubuntu had missed a library patch and the VLC team got blamed initially. Mint is “downstream” from Ubuntu, possibly compounding the problem.)

              1 user thanked author for this post.
    • #1979066 Reply

      phaolo
      AskWoody Lounger

      Speaking of which, is MS still ruining the Security-Only patches for Win7 with telemetry?
      I stopped patching in May due to this..
      (and for the bugs, and for the fear of them sabotaging the old OS)

      1 user thanked author for this post.
      • #1979067 Reply

        Microfix
        Da Boss

        I think if they were, we would have heard the screams by now..

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      • #1979068 Reply

        PKCano
        Da Boss

        The July and September Win7/8.1 Security-only patches contain telemetry.
        Initial look at the October patches say no telemetry, but that hasn’t been confirmed.

        2 users thanked author for this post.
        • #1979125 Reply

          anonymous

          ? says:

          see posts 1977080 and 1977089 if you want to see the KB4520003-Oct SO contents file size 20+-MB.

          expert scrutiny welcome…

    • #1979163 Reply

      Canadian Tech
      AskWoody_MVP

      What you say is quite true of enterprise installations. However, I completely, totally disagree with the premise when it comes to typical home installations.

      Without a single doubt, based on 3567 Windows 7 computer months of usage, the paranoia over “updating” is vastly overstated. That’s how many months of usage have occurred on my clients’ Windows 7 computers without one Microsoft update. NOT ONE INSTANCE OF ANY ISSUE OF ANY KIND. NOT ONE!!!!. In fact those computers run better than they ever did before. My support workload is off by 90% because they just work day in day out without a problem.

      I made this decision and implemented it in May 2017 because I decided (and rightly so) that the risk of allowing Microsoft to apply their myriads of defective so-called updates was vastly more risky than not doing so.

      The problem is mostly the result of Microsoft’s firing the QC staff in 2015, and producing a never-ending stream of defective and inappropriate patches.

      In addition, and most importantly, Microsoft has turned an admired “update” process from a security assurance function that worked very well, into a change your system into anything Microsoft thinks it can profit from exercise. Because its customers (something Microsoft clearly demonstrates they do not care or know about) rejected its many change your system whether you like it or not “updates”, Microsoft changed the process to allow its customers no choice but to take it all or leave it.

      I chose leave it! Every one of my clients is in agreement and amazed at how well their systems work.

      There is another part to this strategy that makes it so successful. The only software in these computers from Microsoft is Windows — the OS.

      CT

      7 users thanked author for this post.
    • #1979413 Reply

      DriftyDonN
      AskWoody Plus

      Without a single doubt, based on 3567 Windows 7 computer months of usage, the paranoia over “updating” is vastly overstated. That’s how many months of usage have occurred on my clients’ Windows 7 computers without one Microsoft update. NOT ONE INSTANCE OF ANY ISSUE OF ANY KIND. NOT ONE!!!!. In fact those computers run better than they ever did before. My support workload is off by 90% because they just work day in day out without a problem.

      Has ANYONE heard of an attack by spectre or meltdown? I suspect the hysteria this created has bricked many a machine either by OEM code, MS patch, or hardware patches(INTEL, AMD) I disabled the code using Steve Gibsons utility and find much faster response!

      Fake news!!

      1 user thanked author for this post.
      • #1979449 Reply

        Carl D
        AskWoody Lounger

        Nope, haven’t heard of any Meltdown/Spectre attacks nearly 2 years after all the hysteria started.

        Probably never will.

        I’ve also used Steve Gibson’s InSpectre utility to disable the patches and the result is a quite noticible improvement in the performance of Windows 10.

        As I’ve said before – all these security companies are in business to make money. If they weren’t looking for and finding every (mostly insignificant) issue with Windows, they would be out of a job.

      • #1979591 Reply

        Ascaris
        AskWoody_MVP

        The lack of any Spectre or Meltdown exploits in the wild may be fake news (in the sense that it was never going to be a feasible attack strategy in the real world), or it may be that the mitigations that were put in place before any effective malware could be produced brought it to the level where none of the miscreants were keen to try it when nearly everyone was already (as far as they knew) patched and immune.  I’m more inclined to believe the latter, but it could go either way.

        This is another place where herd immunity can be of benefit.  If the attackers don’t pursue this attack vector because most of the victims would be immune, and the small unpatched population would not be enough to sustain the continuous propagation of the malware, even the unpatched individuals are safe from a malware that never existed. As long as it continues to not exist, the nonpatched are fine.

        In this case, the hype machine protects us all by convincing the malware authors that it’s not worth it to try, whether that’s actually true (because most everyone has performance-sapping mitigations enabled) or if it’s only perceived to be true.  I just had a thought… what if that was the reason the “social responsibility” people screech so loudly whenever anyone balks at taking all of the security patches immediately?  They don’t want that performance-robbing, instability-inducing nonsense any more than the rest of us, but they do want to be safe… so they convince us all it’s our duty to patch for the greater good, while themselves avoiding the patches AND the danger, thanks to the herd immunity the rest of us provide.

        I don’t actually think that’s the driving force behind the cult of You Must Always Patch Immediately, but it just fits so nicely!

        Group "L" (KDE Neon User Edition 5.17.0).

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patching as a social responsibility

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.