Slashdot Mirror
Typical Windows User Patches Every 5 Days
CWmike writes "The typical home user running Windows faces the 'unreasonable' task of patching software an average of every five days, security research company Secunia said on Thursday. 'It's completely unreasonable to expect users to master so many different patch mechanisms and spend so much time patching,' said Thomas Kristensen, the company's CSO. The result: Few consumers devote the time and attention necessary to stay atop the patching job, which leaves them open to attack. Secunia says that of the users who ran the company's Personal Software Inspector in the last week of January, half had 66 or more programs from 22 or more different vendors on their machines. ... Secunia has published a white paper (PDF) that details its findings."
Since we have a "few" computers all around the house, it's pretty much every time I sit down to one I have to apply patches, and usually a reboot to boot. Sometimes, it's a rarely used computer that I grab (laptop) just to get a few quick things done, and it requires multiple iterations of patches and reboots. Sigh.
I find it exasperating that my experience is almost always, "apply these patches", and then you can do some work with Windows. The good news (for me), I'm finally migrating EVERYTHING (as in replacing with) Macs and Linux. Time and money, that's all it takes.
Interestingly the other day... I got in and was productive immediately on a Windows laptop. Wow! C'est vrai? And when I went to shut it down? "Please do not power down your computer. Windows is installing (3 of 10...) updates..." WTH?
patching for Windows is largely automated...
Heck, my Linux has patches every day and I kinda see that as a good thing.
This is my sig.
Funny--my Firefox updates when I start it up, my Flash and Java and Adobe Reader update essentially on their own, and Windows updates when I shut it down...Steam updates on its own...Trillian and uTorrent give me a button to push to update them...I'm pretty much a power user, but I've never been prompted to update something that was remotely confusing. As long as things that need updating have an easy button to push to do it for you, I'm happy--extra bonus points if there's a checkbox in the installer to choose between "update automatically" and "prompt annoyingly when an update is available"
Yeah its real hard. You do....nothing. (Automatic settings). If you want more control, you can change the settings. More windows-hate circle jerking.
I've owned a Droid phone for 5 days now. I've already had to "patch" two of the apps for it out of about 10 apps that I have on the phone.
By those standards I'd say MS is doing one hell of a fine job.
Dedicated Cthulhu Cultist since 4523 BC.
We can manage all those patches for them!
Seriously, that is what this looks like to me. It is a load of bullshit over all. Reason being that few things actually need patches for security reasons. The OS, virus scanner, browser, browser plugins and so on sure. However a videogame? No probably not. Well guess what? Turns out most of the stuff that needs patching, patches itself. Windows downloads patches and applies them in the middle of the night. Firefox grabs new versions when you surf, and installs next time it starts up. Virus scanners update silently in the background all the time.
If people actually had to spend time managing patches on all their apps, sure ti might be a problem. However for the most part that isn't the case. In the default config most important apps update themselves.
My Ubuntu installation updates and patches way more often than my Windows installs do. Newsworthy? Didn't think so /.
Civilization is the process of setting man free from men.
Last year I bought for my mother a new computer, she is quite computer literate but I was shocked to find 3 months after purchasing that she has gotten into the habit of turning it on once a week just to give it an hour to "update itself". That was to allow her to spend 30mins every other week doing her online stuff..
I literally couldn't or didn't believe it, but then I actually was there one day and watched as all the mostly default installed apps when through their motions of requesting updates. It literally took about half an hour before to computer was usable without something prompting "Do you want to install this update..."!
In the end I removed some of the crap like Java and the HP printer updater, and told her to turn it on only ever other week for the updates!
Definitely there is some need to consolidate updates into one program..
I feel like my ubuntu system has been pestering me with updates far more frequently lately as well...
Bottles.
and I surely do not experience that amount of 'patching.' I also think updating virus signatures shouldn't be considered a 'patch' per se. Those are essentially database records, not bug fixes. Windows gives me updates about once per month. Once in awhile I get an Adobe or a Java update, but the total is nowhere near what these guys are saying.
How about a moderation of -1 pedantic.
Not sure if paying at least twice as much for the same hardware makes up for having to patch less...
I think the difference is that with Windows, you have to install updates from Microsoft via one method, updates to Adobe software via another method, updates to Firefox by another method. Lots of things for the user to learn, there isn't just a click one thing and it updates everything.
My Linux box on the other hand, does have quite a few updates, and requires updating often, but, it's just one interface to update everything, including from third party vendors (i.e. Adobe)
I don't think I've ever needed to install windows updates twice in a week. Maybe twice in a month if there's a major issue. But that report is counting Adobe Reader updates. Java updates. Firefox updates. That annoying update that tells me I need to ugrade TortoiseSVN from version 1.6.4.12.a to 1.6.4.12.b. Etc.
Can you construct some sort of rudimentary lathe?
Yes, because it's completely reasonable that the *monthly* patches my Mac at work gets 95% of the time require a restart. Why do iTunes or Safari need the system to be restarted? I'm only forced to reboot my Win7 machine due to patches... Hmm, I think once in the time I've had it.
And OS X requires me to put in my password in order to install patches, so it can't patch unattended, or in the background. It's a choice between delaying my work or delaying the patch. Most people are going to pick "delaying the patch," especially if they've got anything open. And that's how security starts to fall apart.
Canada: The US's more awesome sibling.
I don't really mind patches. They are usually quiet and seamless, working in the background and not interfering with my work.
The real killers are the updates that require a reboot, and these seem to be on the rise of late. Even worse, these are typically for software that I do not use (IE, Windows Media Player, etc.), but I am required to interrupt my work to reboot my machine so that I can be "secure".
I believe in de-evolution. God made the world perfect, man fell, and its been going downhill ever since!
A friend of mine, runs his PC "commando": no virus software, no firewall, no patches, nothing. He's non-technical and assumes he is going to get a virus no matter what he does and it's just a waste of time pricking around with all that stuff, so he just reinstalls Windows about once every two months when it starts running slow from the viruses. Well, it's a daring tactic, but it seems to work for him.
My Fedora 11 system has patches to install nearly every day. At least all the updates come through one mechanism, and usually I don't need to reboot to apply the patches.
What a fool believes, he sees, no wise man has the power to reason away.
Windows can patch itself to hell. Firefox and Adobe too, for all I care -
AS LONG AS THEY DON'T INTERRUPT, STEAL MY FOCUS, PUT UP CRAP ERROR MESSAGES OR REBOOT WITHOUT ASKING!
There's a portable at home I open only on weekends. Want to guess what happens for the first 30 minutes after I turn it on? Yup. An unusable computer that's *updating* itself. Java. Adobe. Firefox. Firefox *add-ins", Windows, and possibly, the current timeline in which I exist.
Needless to say, ALL of these want me to agree/disagree, actually *view* their updates, click a modal dialog, or reboot - repeatedly. I really don't care if updates have to happen, BUT KEEP THEM OUT OF MY FACE.
And don't slow the computer to a crawl. If the update takes all day, do I care? Not if it doesn't interfere with me.
Computers exist to serve ME. Make the computer wait, NOT ME!
Please do not read this sig. Thank you.
Repos in Linux are not just collections of software- they're a store of trust.
You can (should?) trust that they won't break other programs, they won't install malware.
That is impossible in the Closed source model, really.
(unless you have differnet users for each app, and lock down each install directory?)
I'm the guy in our household responsible for applying our patches, being an IT professional and all.
Since we have a "few" computers all around the house, it's pretty much every time I sit down to one I have to apply patches, and usually a reboot to boot. Sometimes, it's a rarely used computer that I grab (laptop) just to get a few quick things done, and it requires multiple iterations of patches and reboots. Sigh.
I'm the guy in our household responsible for applying our patches, being an part time Web Developer and all.
Since we have a "few" computers all around the house, I just set Windows Update to download and notify me when updates are available. Providing me convienence and still retaining the ability to opt to not to install a patch.
Since Win7 got installed on my desktop I rarely have to restart for 99.9% of all day to day tasks, but when something out of left field like patch time comes it's increased speed to the login screen makes it much seem less of a chore having to wait 5 minutes while my PC is being updated.
And on my gf's laptop with Vista the reboots are slightly more often and and take a little longer.
But then again I'm on the computer 12 hours out of the day, so 5-10 mins once a week for maintenance really seems to be a non issue.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
On a system like Ubuntu, running updates automatically in the background wouldn't be particularly dangerous. That way you only need to pay attention to the updater once every 6 months. After using Linux I don't understand how Windows users put up with the Microsoft updates that frequently fail to install, sometimes require multiple reboots and then still needing to update everything else manually.
It depends heavily one what you are doing with your computer at the time of writing. Windows does not allow you to write executable files that are currently running and I believe there is a similar restriction for .dlls that are loaded into memory. At least you are notified of the need to reboot. I may be incorrect but I believe the only thing that triggers a reboot on ubuntu are changes to a specific set of packages. As such, its always possible to install updates and still have vulnerable code loaded into memory.
I'm not sure about the failing to install. The only time I've ever seen an update fail to install is when I'm doing a re-install and do something like install a cumulative service pack for a program like Visual Studio that is getting brought down the windows update pipeline as well. I would be interested in knowing what types of updates usually fail.
OSX requires you to put your admin password in. It's called security.
I know *why* it does that, thanks. My point was that it's not an unattended process. You can't set your machine to update overnight, because it needs your password before it'll install updates. You can't do it at the very end of the day, because it reboots, not "shutdown, and then finish on next start." So you'd have to wait around until it finishes, so you can properly shut down your system. That leaves the start of the day, or else you're interrupting your workflow. And the start of the day delays you getting down to work.
As for "needing to update webkit," just to really get in at the fanbois, MS got in major shit for entangling IE so deep in to Windows, why not Apple? If Safari is that entangled, they should have faced the same action as MS. If it's a browser update, I shouldn't have to do shit. If it's an OS update, it's disingenuous to mask it as a browser update, since it allows Apple to skew figures if they so choose.
Canada: The US's more awesome sibling.
This isnt unique to Windows. Its the same on OSX.
If Linux ever gets a strong software presence, it will have the same issues.
In Big-O notation, repositories scale linearly with the number of developers making demands of it. Double the number of developers and you've doubled the workload for the maintainers of the repository. The Linux ecosystem needs to double about 15 times (pulled that out of my ass, 32768x) to be comparable in scale with the Windows ecosystem.
Are the Linux repositories prepared for The Year of the Linux Desktop? I suggest that no, no they are not prepared at all. They wont know what hit them.
"His name was James Damore."
Patches breaking things is a big deal. Nothing will convince users to never allow updates faster than having one break their system when they desperately need it to be working.
A close second is having MS sneak in user hostile changes under the guise of a critical security update. That makes it impossible to even convince users to "risk it" even for the really important updates.
Though even in the case of Debian, I'm a bit too paranoid to do updates by cron job, it's good enough that if I don't see any rending of garments on debian-security, I presume it's safe enough to try on one system. If nothing bad happens, the rest get updated right away.
After using Linux I don't understand how Windows users put up with the Microsoft updates that frequently fail to install, sometimes require multiple reboots and then still needing to update everything else manually.
Because none of those things are particularly accurate ?
1. updates that frequently fail to install: My friend's laptop constantly complains about needing ~44 critical updates, but any attempt to install them results in an instant "44 updates failed to install". On my laptop, luckily, most updates installed, but I always had 2 or 3 that wouldn't.
2. Multiple reboots: Install Windows XP (without any service packs) and try updating. Count the number of reboots. Try a similar test on any Linux distro (pick a CD as old as you want), notice how you only need to reboot once to have all of the updates apply.
3. Still needing to update anything else manually: Turn on a computer with Windows that hasn't been used in a year. Install all updates. Now go here: http://www.filehippo.com/updatechecker/. Notice how many installers you need to download and run manually. Start up any arbitrarily old Linux distro and run an update. Notice how everything is up to date (note: By default, most distros don't give you the newest version of most software, but this is intentional and can be worked around by using a distro that doesn't suck).
Well, installing an OS version first released 7-8 years ago may not be the best solution all around. Also, you can simply download the latest service pack, and start with that install first. Not being a troll here, simply that if I were to install Fedora Core 1, and update from there, I might experience a couple of pain points along the way. The real issue with windows, is most software isn't distributed by Microsoft, with Linux it's mostly from your distro. If you start installing software from outside what your distro's repositories come with, you will see similar issues. ex: updating VMWare Server after every single kernel update in the OS updates...
Michael J. Ryan - tracker1.info
On a friend Vista system I've had to deal with updates that twice prevented Windows from loading even in safe mode. The best one though was the update required to Windows update which it couldn't install because it wasn't updated. Luckily updating to service pack 2 messed up the system enough for a reinstall to be required.
What?
Ubuntu (9.10 or 8.04) has constant updates and approximately once a month a kernel fix, which require a reboot. Some other patches has gotten my system into a state which require[1] reboot. You really need to pay attention much more often than "once every 6 months".
[1] The easiest and fastest option.
1. "I heard an anecdote once and it was really lousy." I had Vista on my machine, then installed Windows 7. In those 3 years, I have only ever had one update fail to install, and it took about 10 minutes to fix because I didn't have the SP.
2. That's why you don't install Windows XP with any frequency. Oh my god, I have to reboot four times, once every six months...soooo much work...
And yes, before you ask, I have installed XP before. SP2 + updates = 4 reboots I seem to recall.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Just think how often you would be updating Windows if MS released a new OS every 6 months.
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
1. What OS? It's impossible to diagnose the reason for your anecdote without more specifics. Frankly, it sounds like his laptop is infected and yours had updates that were old enough to be superceded (XP I believe would sometimes fail an update that wasn't needed because of another update.)
2. Installing Windows XP without any service packs is as silly as installing Ubuntu 4.10 (notice that this is four years after Windows XP came out).. Actually, try installing Ubuntu 4.10 and see how many reboots it takes. You're in for a treat. For bonus points, install a bunch of user applications, send some emails, write some documents, and then see what happens to these applications as you upgrade to Ubuntu 9.10.
3. I fail to see how this is Microsoft's fault. If they had an officially sanctioned app store they'd be crucified for pushing it with Windows. Such an app store would invariably be useful. Anyhow, in a business setting you can deploy non-Windows, non-Microsoft updates through the Windows Update utility, so I can force Adobe Flash to update on clients, for example.
After using Linux I don't understand how Windows users put up with the Microsoft updates that frequently fail to install, sometimes require multiple reboots and then still needing to update everything else manually.
Because none of those things are particularly accurate ?
http://social.msdn.microsoft.com/Forums/en/sqlexpress/thread/c7d0a234-763b-4f9c-b7ec-3a40df6340a8 /value Resume /type dword /data 0 /value Resume /type dword /data 0
Here's the fix, the only way I've gotten this to work. And we've got a lot of machines with Visual Studio where "Everything" was selected (and is actually used), so updating SQL Express is a good idea:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup"
Oh, and also shut down the SQL Express Service. Why couldn't these things be built into the patch? Why isn't there a new patch that supersedes the old one that does these things since Microsoft knows about them?
"still needing to update everything else manually." Acrobat Reader and Java updates fail a lot. To update GIMP on Windows, I have to manually download the program again. To update Sysinternals Suite when there's a significant security update, I have to download the zipfile manually from Microsoft. In XP for several years, Microsoft required manual patching of the "disable autorun group policy option that doesn't really disable autorun" bug until major security firms called them on it. Eventually it found its way into Optional Updates (not automatic, because MS decided it wasn't critical).