Ironically, it was Google who challenged patch Tuesday.
Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday
Microsoft has shown off some of the new security mechanisms embedded in Windows 10, and revealed a change to its software updates. Windows supremo Terry Myerson reckons the revised security patch rollout – effectively ditching the monthly Patch Tuesday – will shame Google. "Google takes no responsibility to update customer …
COMMENTS
-
-
Tuesday 5th May 2015 12:53 GMT John Sanders
Re: "Advanced Threat Analytics"
"""ATA constantly scrutinizes your office network, and uses basic machine learning techniques to identify suspicious behavior by devices and users, and raise the alarm if necessary."""
Lets translate:
ATA is yet another service (YASATA!) that will check your AD registered computers against an internal list of ideal configurations and file versions, once it finds a computer which doesn't conform to this it will take corrective measures to bring the computer back into compliance.
As there is not such a thing as "basic machine learning" (one wonders why they wouldn't use the advanced one) what the software does is a more or less clever pattern building and matching, bear in mind no complicated stuff, just techniques like what kids in the 90's were doing in self-made videogames and demos in the late 90's
It is quite funny that MS can not write its own security software and prefers to buy it from a third external party (a young start-up).
If only MS had a deep understanding of their own OS and access to the source code...
-
-
-
Monday 4th May 2015 22:38 GMT Ilsa Loving
Re: Microsoft taking a swipe at another company
To be fair, Microsot may have learned the hard way, but at least they learned.
What galls me is that despite Microsoft providing such a fantastic example of what happens when you put security second, instead of taking a 'learning from someone elses mistakes' mentality, it seems the likes of Google and Apple prefer to just stick their fingers in their ears while chanting, "Lalalala won't happen to us!".
Google in particular, has become the new darling of security nightmares. The only thing preventing Apple from being in quite the same boat is the fact that they are uber-control freaks, with has the useful side-effect of limiting their attack surface.
-
Tuesday 5th May 2015 00:17 GMT DasBub
Re: Microsoft taking a swipe at another company
"Google in particular, has become the new darling of security nightmares. The only thing preventing Apple from being in quite the same boat is the fact that they are uber-control freaks, with has the useful side-effect of limiting their attack surface."
You must be joking.
-
Tuesday 5th May 2015 04:31 GMT big_D
Re: Microsoft taking a swipe at another company
@DasBub not really, my 2002 Windows XP machine stopped getting updates last year, my current machines will get updates going into the next decade.
My Android smartphone? 2.5 years old and not even security updates within the last year! Patches for well known security exploits for unpatched Android 4.3? Forget it. Although, I suppose I should consider myself lucky that Samsung at least upgraded it from 4.1 to 4.3.
This isn't purely Google's fault, but it is their ecosystem and they don't seem to be doing anything about keeping their customers patched. The hardware has been delivered, live with the defects or buy a newer device...
To be honest, I prefer the Microsoft attitude.
-
-
Tuesday 5th May 2015 09:30 GMT big_D
Re: Microsoft taking a swipe at another company
@returnmyjedi I'm comparing like for like... Both are operating systems that are connected to the Internet. I don't care that one runs on a smartphone and tablets and the other runs on tablets and PCs, they are both connected to the Internet, so both need long term security.
Yes, the Windows Phone 7 is a blight on Microsoft in this regard.
-
Tuesday 5th May 2015 11:38 GMT cambsukguy
Re: Microsoft taking a swipe at another company
> Yes, the Windows Phone 7 is a blight on Microsoft in this regard.
I would be interested to know how one could 'attack' a WP7 device in any case?
Apps are sandboxed and can only be installed from the Store (called Marketplace if I recall correctly).
The browser? What can a rogue web page do via the IE on WP7. I assume it could conceivably crash the phone.
Can anything other than an App access call info or OneDrive files?
I only ask 'cause my sprog has my old one (still running well, still indestructible, still lasts all day no problem).
-
Tuesday 5th May 2015 12:09 GMT big_D
Re: Microsoft taking a swipe at another company
There are probably ways to exploit WP7 and the browser, but with such a small market now, would anyone bother?
My daughter is still using her WP7 Lumia, although she is looking for something newer - she would take an iPhone 6, but isn't willing to splash out nearly a grand on it.
I currently have a WP8 Lumia and am very happy with it - and it has had numerous updates over the last year, both new OS versions and updates.
-
-
-
-
-
Tuesday 5th May 2015 13:57 GMT Afernie
Re: Microsoft taking a swipe at another company
"My 2002 Microsoft CE PDA never had a security update."
But then, your WinCE PDA wasn't connected 24/7 with a third-party apps store, nor did it have web browser that you could use for anything faintly modern. To say nothing of the fact that that was 12-13 years ago and this is now. Apples, oranges indeed.
-
-
Tuesday 5th May 2015 10:14 GMT Anonymous Coward
Re: Microsoft taking a swipe at another company
"This isn't purely Google's fault, but it is their ecosystem and they don't seem to be doing anything about keeping their customers patched."
Moving core functionality to Play Services and apps to the Play Store (Gmail, Maps, Calendar, etc), early release of Lollipop previews to OEMs - i.e. everything they can in the face of OEM and carrier reluctance to provide timely updates.
-
-
-
Monday 11th May 2015 17:31 GMT DrBobMatthews
Re: Microsoft taking a swipe at another company
The only thing that Microsoft has learned is advanced marketing for spivs. Why is it that IE has been a total security failure for the lasy 8 upgrades. Could it be that Microsoft has "invested" more in marketing than software engineers? Answer on an email not via IE9.
-
-
Tuesday 5th May 2015 09:19 GMT Stuart Castle
Re: Microsoft taking a swipe at another company
Judge Microsoft by what they are doing now, not what they have done. If you judge them by their past, it makes you look bitter, and also slightly stupid when Microsoft consistently does well in security tests now.
Remember, back in the dark old days of XP SP1, Microsoft regularly got their Ass handed to them security wise by the hackers. So much so that they spent a lot of money on their "Trusted Computing" initiative and substantially changed Windows XP with the release of SP2. They also (apparently) deleted a lot of the Vista source code and rewrote it using the recommendations of the Trusted Computing initiative, which is why Vista was late, and delivered a fraction of what they had promised. One major (but actually relatively simple) switch made was to ensure that the Server version shipped with virtually everything disabled, thereby ensuring the sys admin is required to enable the services he or she requires from the machine. This even extended to limiting what the browser could display.
Sure, Windows, along with any reasonably sized to large sized software product has bugs. Some of which are serious, but the security on Windows has been hardened. This is why the hackers are increasingly going for other software such as Java and the various Adobe plugins. When Sun and Adobe get their act together security wise, hackers will move on elsewhere.
BTW, I am not a Microsoft fanboi. Not by a long chalk. I am not a fanboi of any particular platform. I believe in using the "tools for the job". If a platform fits my needs, I'll use it, be it Linux, OSX or Windows.
-
Tuesday 5th May 2015 12:05 GMT Bloakey1
Re: Microsoft taking a swipe at another company
<Snip>
"BTW, I am not a Microsoft fanboi. Not by a long chalk. I am not a fanboi of any particular platform. I believe in using the "tools for the job". If a platform fits my needs, I'll use it, be it Linux, OSX or Windows."
Dear sir,
We have examined your post and found it to be balanced and reasonable and subsequently it has no place in a religious OS war. Please present yourself at an OS place of worship near to you, where you will be burnt at the stake as a heretic and non believer.
-
-
-
This post has been deleted by its author
-
-
-
Tuesday 5th May 2015 11:52 GMT cambsukguy
I did a reinstall on my Win7 machine last month, first time ever on a five-year-old laptop - something was weird, System restore was AWOL (I have a small SSD and it runs at 95% full almost all the time).
It turned out that my last real, full System Backup was when I installed that SSD so I crossed everything and set it to replace my system with it.
After chundering for a while, it restarted and ran Windows Update to do a million updates (about 170 - all but one of which worked on the first pass).
Simultaneously downloading the OneDrive stuff where my files reside these days meant that that backup was already there, just a matter of setting OneDrive to not having local copies of the large video files my phone produces.
Add to that the expected Adobe updates and all was well, more disc space available (smaller registry and email archives perhaps?) and slightly zippier perhaps.
Can't see why I would be lucky enough never to have had to re-install Windows for five years and still have a working system and you would have to constantly do it it seems.
Maybe you are just a troll or useless at your job/IT in general.
-
Tuesday 5th May 2015 04:06 GMT gollux
Pretty much the way Windows Server 2012 R2 operates out of the box. Buh? I had a process that was supposed to run overnight, why did it crash? Oh, jeeze the little icon in the tray says Windows Update rebooted the machine at 2:30 am...
Now when they get good enough to not require any restart except for kernel patches and give you fair warning that a system restart is needed, then I'll bite.
-
Tuesday 5th May 2015 07:13 GMT nematoad
"Now when they get good enough to not require any restart except for kernel patches..."
Well, don't look at the majority of Linux distros if you decide to jump ship. With the advent of systemd, they'll all be rebooting at the drop of a hat.
Damn Poettering, Red Hat, et al for trying to turn my Linux box into a poor imitation of Windows.
-
-
Tuesday 5th May 2015 11:22 GMT nematoad
Well, as far as I know Suse, Ubuntu and Debian and a lot of the derivatives never had to reboot except when changing kernels. Now that they have changed over to systemd they will. Just like with pulseaudio, also I believe from Poettering & co.
Of course you haven't noticed a change in behaviour in your distro, you already have that "feature" so what you had is what you have got, it's just every other distro is just making its acquaintance.
-
Tuesday 5th May 2015 12:05 GMT Chemist
"Of course you haven't noticed a change in behaviour in your distro, you already have that "feature""
As I've been using Linux from the mid-90s I'd notice especially as I run 6 machines + several VM. Only reboots for kernel updates - changes to the desktop environment occasionally request logout/in
Can we have some comments from other users about this
-
Tuesday 5th May 2015 18:30 GMT MissingSecurity
@Chemist
I am in the same boat and the only thing I can think of it is that the GUI will ask you to install than restart after you update, but since I just use yum to update, I've never had to restart (minus Kernel) so I don't know.
I can't remember if the GUI asked me prior or not. My laptop is is at Fedora 20 currently.
-
-
-
-
Monday 11th May 2015 18:15 GMT Charles 9
"Well, don't look at the majority of Linux distros if you decide to jump ship. With the advent of systemd, they'll all be rebooting at the drop of a hat."
Given that you can supposedly stop and restart init (which systemd is supposed to replace) without rebooting, how does systemd make things any different, unless you're saying systemd ties itself to the kernel, which I've yet to see. Why don't you PROVE that systemd forces more reboots.
-
-
Tuesday 5th May 2015 19:00 GMT Willie T
Training recommended?
@gollux - If you are responsible for a Windows 2012 R2 server and it is installing patches and rebooting overnight without your knowledge or approval then perhaps you should consider some basic training on the O/S you are managing.
I had a co-worker who often used a phrase in meetings (going way back to the Windows NT days) to describe the difference between machines that blue-screened frequently compared to ones that ran for months at a time with no issues: "Any idiot can run setup.exe". If you are moderately educated as to the capabilities of your OS and best practices for operations you will have much more success regardless of which flavor you choose to run.
-
Monday 11th May 2015 18:12 GMT Anonymous Coward
"Now when they get good enough to not require any restart except for kernel patches and give you fair warning that a system restart is needed, then I'll bite."
Show me how Microsoft can get out of the file-lock system they're currently in without breaking everything before it. That is the chief reason behind restarts: locked system files held by critical (as in try and stop it and Windows panics) and currently-running (that's why the files are locked) system components.
-
-
-
-
This post has been deleted by its author
-
Tuesday 5th May 2015 00:07 GMT Steve Knox
Re: Remember when...
Unfortunately, though, most free and open source OSs don't have a regular release cycle or sensible system for releasing patches either.
Picking a few at random, and searching:
Fedora:
Release Cycle / Patch Management
Ubuntu:
Release Cycle / Patch Management
Debian:
Release Cycle / Patch Management
FreeBSD: Release Cycle / Patch Management
So which "most free and open source OSs" are you talking about, specifically?
-
Tuesday 5th May 2015 05:52 GMT big_D
Re: Remember when...
With WSUS and Enterprise, you can plan the updates as you do now - the article specifically says that corporates will get their updates monthly, as now, but private machines will get updates as needed.
The corporate tools also allow for the separate testing and staggered release of patches, nothing here will change.
For private machines, the update cycle will be faster - but generally those machines are also not as well protected as corporate machines. They probably don't have much in the way of AV software - probably a 3 month trial of McAfee that ran out 3 years ago, they are probably, at best, behind a compromisable home router and the average user has no idea about the dangers.
On SUSE, I'd get daily updates, but it was up to me to decide which updates to install and when. This will probably be the same with Windows 10. Either you can go full auto or you can manually install as you want.
-
Tuesday 5th May 2015 06:55 GMT Ken Hagan
Re: Remember when...
"the article specifically says that corporates will get their updates monthly, as now, [...] nothing here will change."
Except that the patches for the same underlying vulnerabilities are being published to home users a few days earlier, so the black hats can reverse engineer those (as they already do) and they get a stream of zero-days given to them by Microsoft.
-
Tuesday 5th May 2015 09:50 GMT Rainer
Re: Remember when...
RHEL with Satellite Server 6 allows for a "WSUS-like" patch roll-out process (staged, staggered...).
The individual components of Satellite Server 6 are available as Open Source, allowing to also manage CentOS (and probably a number of other RHEL-clones) in the same fashion.
Google Foreman, Pulp, Katello, Candlepin
-
-
This post has been deleted by its author
-
-
Wednesday 6th May 2015 01:32 GMT Sebby
Re: Remember when...
Well I've never been very happy with patch Tuesday anyway. Insecure software is insecure; best get the fixes out there, especially in these enlightened zero-day times. And the corporates get the benefits represented by beta testers * of the patches.
So now the only question is: what about the vulnerability bulletins themselves? Will MS put them out alongside the patches, or on schedule?
* Let's face it, increasingly that's all of Microsoft's recent software, for everybody. I'd give a lot for another stable and mature Windows.
-
-
Tuesday 5th May 2015 09:04 GMT Stuart Castle
Re: Remember when...
Read the article. Microsoft is splitting Windows Update into two editions. One, the consumer edition will have the continual roll outs they are talking about. The other, the business edition will run slightly behind the consumer edition (to give sys admins a chance to look for bugs and test each patch) and will still have a monthly patch cycle.
-
-
This post has been deleted by its author
-
This post has been deleted by its author
-
Monday 4th May 2015 23:17 GMT Robert Helpmann??
Clipboard Firewall
I was hoping for a bigger jump in security, with a greater range of tools for corporate admins. This bit is like MS took a look at a Qubes whitepaper and had a single takeaway. Too, the manageability of updates is a big concern, so it is nice to see tweaks to that. Of course, the OS is still in testing, but I would be a lot more impressed if they had built-in white-listing tools for apps or device control or any number of security measures that currently require a complex set of third party tools. In fact, what I really want is for them to build a robust security framework first and then put all the rest together around it.
-
Monday 4th May 2015 23:33 GMT Anonymous Coward
"but it would be a way of stopping idiots^W non-technically minded Windows users accidentally cut-and-pasting sensitive data directly to their social media applications"
You were better with "idiots" - this (technically minded) anonymous pleb once typed his password into IRC, with SSH open on the IP I was connected to IRC with, and an IRC username very similar (4 chars) to the SSH username that the password went with.
I've never changed a password so quick in all my life. I blame touch typing and not paying attention to which window the input was going to... idiot either way :)
-
Tuesday 5th May 2015 01:19 GMT Anonymous Coward
Oops!
CompuServe forum chat and had SysOp password in the clipboard. Oops! From then on, I don't use the copy/paste even in my password programs for any sensitive passwords. Having to type that crap^H^H^H^H complex passwrods does wonders for mental agility (anti-Alzheimers). After few repititions it comes to mind right away! When it don't.... uh oh.
-
-
-
Monday 4th May 2015 23:15 GMT Buzzword
Just like Windows Phone
"Google takes no responsibility to update customer devices, and refuses to take responsibility to update their devices..."
Microsoft did the same with Lumia devices running Windows Phone 7.x: no upgrades to Windows 8. They really can't claim some sort of moral high ground here.
-
Tuesday 5th May 2015 02:11 GMT DryBones
Re: Just like Windows Phone
"Google takes no responsibility to update customer devices, and refuses to take responsibility to update their devices..."
Good grief, I can smell that pile of bullshit from here. Smells like curry kimchee... (with apologies to Indians and Koreans). CARRIERS and MANUFACTURERS WON'T LET Google push new OS updates directly to their customers. That was a requirement they dictated to Google, in order to accept their OS onto phones that could get on their networks. In some ways it's good, in many ways it's bad. Mostly bad, because they want to add their own crapware to the OS image. Motorola is the best of those, they're pretty on-the-ball about things and light on the skinning. Samsung? Fuggetaboutit.
Nexus devices (yes, I use them, no I'm not employed by them) have an almost direct update path from Google, rather similar to Apple's delivery route. They can do that because they have a similar number of devices to test the builds for.
-
Tuesday 5th May 2015 02:32 GMT Charles 9
Re: Just like Windows Phone
But now with Android the dominant phone platform, you'd think Google would have the muscle to push back and INSIST on them being able to update Android themselves, regardless of manufacturer, as a matter of security. Make it a condition of carrying the Play Store and all of Google's special Android sauce. What manufacturer (apart from those like Amazon who have their own infrastructure) would refuse to carry that and hamstring their phones? Why wasn't this forced with Lollipop?
-
Tuesday 5th May 2015 12:41 GMT John Sanders
Re: Just like Windows Phone
And this is why Android sub-systems keep being decoupled more and more from the core AOSP.
Obviously this doesn't make some in the Android community happy as they will scream Google is making Android closed source.
Some days one can't just win.
By the way I am still awaiting to find a single one of the millions of hacked Android phones that seem to be circulating around according to Apple, MS and friendly press.
However, I keep finding lots of Windows XP, 7 and 8.1 PCs infected with crap every other week.
-
-
Tuesday 5th May 2015 08:30 GMT RoninRodent
Re: Just like Windows Phone
> But now with Android the dominant phone platform, you'd think Google would have the muscle to push back and INSIST on them being able to update Android themselves, regardless of manufacturer, as a matter of security. Make it a condition of carrying the Play Store and all of Google's special Android sauce. What manufacturer (apart from those like Amazon who have their own infrastructure) would refuse to carry that and hamstring their phones? Why wasn't this forced with Lollipop?
Google: Release updates in a timely fashion or else.
Carriers: Ok, we will stop using Android then.
Google: ...
That is why. Android might be popular because it is convenient and free to use but it is not the only option.
Google recognised this and de-coupled everything they could from the base OS and included it in Google Play. This allows them to push as many updates as possible via Play whilst side-stepping the carriers. Try disabling Play and see what still functions. It is not a perfect solution but this is a battle Google really can't win as they have no real options. Push the carriers too hard and they drop Android. Release the updates themselves and carriers can't add their crapware so they drop Android. Include the carriers crapware themselves and Google then take the blame.
-
Tuesday 5th May 2015 11:44 GMT Paul Shirley
Re: Just like Windows Phone
"Google recognised this and de-coupled everything they could from the base OS and included it in Google Play."
...and the same people that complain about G's failure to override the carriers also complain loudly about Play services, the only way G has found to override them!
I can understand why some people think G could do more, the daily drip feed of 'Google are evil, Google are abusing their power, Google only do what's right for Google' clearly is affecting some (along with all the other BS being spouted). But they're fighting carriers with a decade more experience being genuinely evil. Even Microsoft playing Google against them couldn't get carriers to allow direct push updates without built in delays.
-
Tuesday 5th May 2015 11:52 GMT Anonymous Coward
Re: Just like Windows Phone
"Google: Release updates in a timely fashion or else.
Carriers: Ok, we will stop using Android then."
Google: And abandon the dominant phone platform for what? Hmm...? What other platform is out there that you can use that wouldn't get crushed by Android (or GASP...Apple) in nothing flat? Not even Windows can get far into the phone market. So I'd choose my phones carefully. because if you leave and others stay, there could be a big shakeup in the carrier wars.
-
Tuesday 5th May 2015 12:23 GMT GitMeMyShootinIrons
Re: Just like Windows Phone
"Microsoft did the same with Lumia devices running Windows Phone 7.x: no upgrades to Windows 8. They really can't claim some sort of moral high ground here."
Rather showing your ignorance of Windows Phone. Behind the GUI, Windows Phone 7 was essentially a different OS - an evolution of the Windows CE Kernel. Windows Phone 8 was based on the NT kernel. Asking MS to upgrade all 7.x devices to 8.x would have been somewhat akin to Google telling all Chrome OS users to upgrade to Android. As it was, after the release of 8, Microsoft released 7.8 that bought some of the 8 feature set (and some cross-compatibility) to 7. So, your argument is somewhat void.
-
Tuesday 5th May 2015 17:38 GMT Roo
Re: Just like Windows Phone
Behind the GUI, Windows Phone 7 was essentially a different OS - an evolution of the Windows CE Kernel. Windows Phone 8 was based on the NT kernel. Asking MS to upgrade all 7.x devices to 8.x would have been somewhat akin to Google telling all Chrome OS users to upgrade to Android"
That doesn't actually explain why MS could not have released WP8 for WP7 hardware. I suspect the real reason is down to the way MS set the spec for the hardware and that spec changed from 7->8, and MS really don't want to expend any effort supporting > 1 hardware cfg.
-
-
Wednesday 6th May 2015 02:38 GMT veti
Re: Just like Windows Phone
Windows Phone 7 was released in October 2010, and supported until October 2014. That's four years, for those following at home. Windows Phone 8 was released in October 2012 - if you bought a Win 7 phone after that, you have only yourself to blame. So you should have had a minimum of two years' full support.
All WP8 phones can be upgraded to WP8.1, which MS promises to support until July 2017, in case you don't feel like taking advantage of the free upgrade to Windows 10 before then.
There's a lot you can criticise Microsoft for, but they do take extended support seriously.
-
-
-
Tuesday 5th May 2015 11:51 GMT Paul Shirley
I'm not fine with any automatic update or deferring reboots. Been caught too many times wondering why my PC doesn't start properly after putting off the reboot for days, or the time wasted trying to guess which accumulated patch broke it.
...and intercepting the 'more adverts in Skype', 'Win10 upgrade nagware' or the regular offer of broken device drivers is pretty vital to me.
-
-
Tuesday 5th May 2015 00:50 GMT Anonymous Coward
The thing that bothers me
is if the plan is as implemented in this years Preview builds, that you don't get a choice (okay, the home user guinea pigs don't get a choice) of whether to install each and every one, but only when to reboot. You could easily see how that would appeal to any software house, let alone Microsoft if they believe each patch will do only what it's supposed to; not break things; not introduce vulnerabilities; not brick customer's machines.
A reasonable person would dismiss out of hand that any responsible company would do that. What it would take would be an organization pathologically-averse to admitting it's mistakes, led by people who think their job is to be infallible and, thus so divorced from reality, that they cannot see themselves rushing about like British Cabinet Ministers wrecking the country because they think they are saving it.
I mean, I'm not going to vote for them, but it won't give me any satisfaction to watch them screw the ones who do.
What would give me satisfaction would be to have Hazel Blears in one end of a massive linear accelerator, and David Blunkett at the other, and see what would be produced from colliding them. 60 million ID cards, perhaps? Think of the pictures!
-
Tuesday 5th May 2015 01:04 GMT EffEvilBill
Glass houses
I see they aren't above childish jabs at others to inflate themselves.
This approach of constant updates brings to mind my concert going days.
Imagine you (the user) are crowd surfing. Being passed from one group of people to another in the audience and that MS is those many hands of the audience holding you up moving you about.
The trouble is, as has been my observation, those surfers always get dropped.
I can only imagine a sequestered machine that has no access to the web, becoming as useful as a Chromebook in BFE. Furthermore, if they don't make the updates priority before any other online activity after a dormant spell, they leave the machine just as vulnerable as those they pointed out.
-
-
Tuesday 5th May 2015 02:40 GMT Anonymous Coward
Re: new beta testers
No. Everyone who uses a retail license is now a beta-tester, which includes a whole heck of a lot of SMB/SOHO people out there. No it may be an unannounced "planned feature" for businesses that sign up for the "Windows 365 account type:X", InTune feature, or whatever, that they are no longer counted as Guinea pigs, but hey, I can't claim any insight in that direction. Talk to Mary Foley or Paul Thurott.
Hell, if that weren't their intention now, I may have done some work for Microsoft. Ouch.
-
-
-
Tuesday 5th May 2015 11:56 GMT Anonymous Coward
Or maybe trying to patch in a heterogeneous computing environment is a Hard problem. You can't test for EVERY scenario because there are simply too many of them. And yes, Linux has its teething troubles, too. Driver issues and the occasional spontaneous reboot forced me back to Windows after a six-month stint last year.
-
-
-
Wednesday 6th May 2015 20:15 GMT Roo
A Welcome Rearrangement of the Deck Chairs
I guess the Titanic reference is inevitable, but I like think of Microsoft as being a bit like a battered old cruise liner full of hard-bitten G&T junkies & hard working staff on a tour of the Far East. They've done the Pacific, they want to move on to somewhere more exotic where the cool kids get their kicks. ;)
-
-
Tuesday 5th May 2015 09:15 GMT Test Man
Thank God we're getting rid of "Patch Tuesday". I remember how it was before and it was much better when updates were released as they were done.
I always thought that the excuse for "Patch Tuesday" (businesses like to have a date when they know patches are coming) was a bit weak, because they can and should be implementing their own patch schedule, and not stop others from getting the patches as soon as it's available if they want it.
-
Tuesday 5th May 2015 09:50 GMT Stuart Castle
Looking at this from a business point of view, I suspect "Patch Tuesday" was started so that Sys admins could actually set aside some time in their potentially busy schedules so that they could test patches both adequately and quickly.
You say that business can and should be implementing their own patch schedule. They should, but when Patch Tuesday started, Microsoft did not offer a coherent way for ANYONE to do this, and only started offering them two years later. Even now, they only offer a way to do this if you have a Windows Server available on the network. Something which is not cheap, and may not be feasible for small businesses, who may have a few PCs but don't have someone they can dedicate to running a server.
For these people, there may also be the problem of link usage. If they know that all their PCs are going to be using the link to the internet at a given time on a given day, they can schedule anything time sensitive (such as IP based telephone calls) so it does not happen at that time. They can, if they are savvy, also set up their PCs so that they power up at this time, thus enabling the company to save power (and therefore money). OK, so Windows Update will check when the PC is powered up anyway, but this might still cause problems with Link use..
I think Microsoft are going about this the right way. Consumer get the updates whenever they are released, but businesses have a set schedule that they can use. I suspect Microsoft have been a bit slow to introduce this because it is quite a massive change for Windows Update, and if it goes wrong, the effects will be felt world wide. I also suspect that they introduced the fast and slow tracks in Windows Update on windows 10 to test the backend changes required (the Consumer edition being the fast track, and the Business edition being the slow).
-
Wednesday 6th May 2015 03:17 GMT veti
I've never quite understood that justification.
How much meaningful compatibility testing can a sysadmin actually do? Granted, they should have better-than-anyone-else knowledge of what software is in use within the company, but they know next to nothing of the day-to-day use cases for that software, let alone the edge cases.
Example: I use a piece of software that outputs documentation, using MS Word. When Office was upgraded from 2010 to 2013, this software broke. Not immediately - it only breaks when outputting a large (>300 page) document, and it took me several days of experimentation (and some months of exploring workarounds and compromises) to be sure of the cause. Sysadmins didn't have a clue about that, and I wouldn't expect them to - their role is limited to "giving me the option to roll back to Office 2010". (Which they did, when I moaned loudly enough.)
So sysadmins sit and test every patch in a Windows release? Yeah, right. Sounds more likely to me that they'll boot up every program once, then spend another hour on tech news sites looking for people whinging about functionality broken by the update.
-
-
-
Tuesday 5th May 2015 09:29 GMT lansalot
"He also said that the patching system had been updated to allow much tighter control over branch offices and remote users, who may not have decent bandwidth. Patches can be distributed peer-to-peer, and the timing of the installations can be set to ensure update downloads do not interfere with day-to-day operations."
Already does - it's called BranchCache, and has worked with WSUS since 2008. Time of day for installation is a simple group policy setting, been around for years. None of that is new.
-
-
Tuesday 5th May 2015 10:53 GMT Terje
Re: Peer-to-peer trusted system updates?
Because you have almost but not quite reached a sufficient level of paranoia.
Once you start seeing flashing red lights and reach for a helmet while heading for the bunker complex, then you are well on your have a basic working level of scepticism and paranoia.
-
-
Tuesday 5th May 2015 17:45 GMT Roo
Re: Peer-to-peer trusted system updates?
"Because you've forgotten about the possibility of digital signing?"
Nah, those are there to make required to make patches from the feds look legit. I suspect that won't even qualify as a joke within 12-24 months after release of Win 10. Soon every home will have it's own Stuxnet. :)
-
-
-
Tuesday 5th May 2015 13:06 GMT regadpellagru
reboot fest
I'm probably the only one to bother about the following:
1- every day or so, my laptop will have to reboot
2- I'll never have the same OS booting between week N and week N+1
3- 2 will make my OS behave funny/bizarrely/buggyly
And what's worse, I'll never know which patch is bad, has to be removed, because they happen so frequently.
What is really pissing me off in W7 is the weekly patching. I really hoped they'd aggregate patches, like Apple is doing, so that you'd only install/reboot once per quarter.
But no, MS doesn't learn ...
-
Tuesday 5th May 2015 16:45 GMT BobRocket
Why wait till Tuesday
Rolling updates/bug fixes seems reasonable to me, once every time period my PC checks in to see if there is an update, it would be nice if Windows asked if I wanted it now or would like it later (they would assume I was always up for it, it would be common decency to ask first).
The bit that worries me is 'as well as pushing other software "innovations,"' (well that and the orphan comma)
As long as I can turn it off I'm happy
-
Wednesday 6th May 2015 17:08 GMT Gis Bun
Truly a misleading title for the article.
Patch Tuesday will still continue but more like Security Tuesday.
Except for 0-day crtitical updates, Microsoft will continue to release them probably on the second Tuesday of the month. I can't see a security update released for IE on May 27th but the enterprises won't see it until June 9th.
Or they could release all updates as available but enterpriseswill continue to follow some type of Patch Tuesday cycle because they've been doing this for years.
Microsoft originally released updates as available but Enterprises didn't like the issue of rebooting 10 times a month. Hence, Patch tuesday was born. Except for out of the ordinary updates, one day per month for updates.
Personally, like Win 7, I will leave it to notify me but not install.
-
Saturday 9th May 2015 08:23 GMT Michael Habel
Great so all the Lusers can get to become the Guinea Pigs, for everyone else to test out Microsoft's new Alpha build of the WGA call home Bug, that they had the sheer audacity to brand as "CRITICAL!!", before the Corporates have to deal with it?
Well if that's how it is the fat chance of me ever installing Windows OSX then.