Slashdot Mirror
Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates? (slashdot.org)
Microsoft's announced they'll discontinue "individual patches" for Windows 7 and 8.1 (as well as Windows Server 2008 R2, 2012, and 2012 R2). Instead they'll have monthly "cumulative" rollups of each month's patches, and while there will be a separate "security-only" bundle each month, "individual patches will no longer be available." This has one anonymous Slashdot reader asking what's the alternative:
We've read about the changes coming to Windows Update in October 2016... But what happens when it's time to wipe and reload the OS? Or what about installing Windows on different hardware? Admittedly, there are useful non-security updates worth having, but plenty to avoid (e.g. telemetry).
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?
I run Linux. I keep a Windows system around for minor software that needs it, but I don't put sensitive information on it like mail or personal data.
Linux is your partner. Microsoft is your master. Choose wisely.
Sometimes the "writing on the wall" is blood spatter...
I kept Windows 7 to update my GPS maps, but I boot 99.9% of the time in Debian.
Since tye year 2000 times I had tried different Linux distros but never had enough motivation to leave windows.
Windows 10 provided enough stimulus.
just that simple. they are acting like tin-star dictators already, and it seems to get worse every time they get a new brain-fart.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I've been running Linux exclusively on all my own machines for 15 years or so now, so I won't be worrying about this at all. I do have to use Windows machines for work, but those are supplied and supported by my employer, so I don't have to worry about it there, either. Hooray!!
After using Linux for 18 or so years, I think it's time to switch back to Windows..... actually, nah.
My wife's photography business currently runs on Windows 7. We can't accept the risk of Microsoft screwing up her production environment (Photoshop + Lightroom).
For now, we're going to stop installing Windows updates, and cross our fingers.
Once that starts seeming too risky, I'll look into moving Windows into a VM with limited Internet access, or we'll migrate to using a Mac for the photo editing.
Neither option is appealing. I haven't yet figured out how difficult it will be to get monitor color-calibration right if Windows is running on a VM inside Linux. And sufficiently powerful Macs are painfully expensive.
I'll be curious to see if Microsoft's overall strategy from the past year is going to pay off for them. They're literally driving previously satisfied customers into their competitors' arms.
Honestly, I only run Windows for a few specific applications now. I use Windows so infrequently that whenever I boot that disk I have 30+ updates to install. I am very happy with the OS X UI and find it to be much less distracting than the live tiles. Virtual Box works fine for most Windows needs.
The Live tiles are always tempting me to get off task and go look at something more interesting than my work.
Appy app apps guy is right - the future in everyone's mind is Apps, not some LUDDITE desktop application or "pre-App web app" -- but I think Microsoft is really dismissing how much legacy code is out there and is broken by various updates. I do systems integration work with an end user desktop focus, and there are _so many_ crappy IE-only, ActiveX or Java applet or Flash or Shockwave (!) monstrosities lurking in corporate IT shops everywhere. Most of it isn't even in-house developed - it was written by really expensive consultants who want another few million to modernize it.
It will be very interesting to see how they pull this off - whether there will be an exception for Enterprise, etc.
Do people really think al-la-carte Windows patches were a good solution for complexity and stability of the OS? What about when you needed to reboot 5 times to get a new XP install current or that the time to patch was longer than the time to infect from internet worms?
Apple just has cumulative patches for iOS and macOs and it isn't a terrible problem for them; it probably makes more reliable than having to test every combination for interactions.
We'll see what happens, but for now I've taken the precaution of using WSUS Offline to download all updates as of today. If I ever need to install Windows 7 again I have my original disc (and backed up ISO on cloud storage) and I can use the update installer from WSUS Offline to apply the updates I downloaded without ever needing to put the computer on the Internet. (And yes, this tool lets you add specific updates to an exclusion list so that they don't get installed).
It is so sad to see it come to such a painful end. I actually bought Windows 1.0 in my youth and have had a machine running a Windows version ever since. I did manage to skip the most disastrous versions (ME, Vista, Bob and friends) and as a result had a pretty good run. By Windows 7 it had finally become a stable workhorse OS that, for a time, served me well as its owner and master.
With Windows 8.x and then 10 it became evident that Windows as an OS no longer served me as its (paid and rightful) owner but instead answered to an increasingly malevolent master who was working against my will and interests. Its aim was nothing other than to harvest and sell me, my identity, my movements, my thoughts, my keystrokes, as a product like any other meat based commodity. I knew I could not in good conscious willingly give myself over to such abuses. I concluded that Windows 7 would be my last Windows and in my personal view was THE last Windows as I knew the product all these years, with the things that came after no longer sharing a common purpose with those that came before.
While corrupting the Windows brand was bad even more nefarious was to take the Windows 7 the I own now away from me. The tried heartily to wear me down with deceptive pop-ups and then with malicious corrupting patches but, through great effort, I diligently thwarted them all. Now it seems the end has come, my paid copy of Windows 7 Professional will be corrupted by force or left to wither and be ravaged by wild dogs and the NSA in what I personally view to be a heinous crime against all humanity.
As a long term Microsoft customer, the sentiment I now associate most with the company is betrayal.
I will likely use the "security-only" bundle; and try to remove all rarely used Microsoft software other than the Windows 7. I already removed Java and Adobe; now will have to think about removing MS Office because, I foresee, in time the "security-only" bundle will stop patching office. Tim S.
I will apply all the patches that the vendor supplies in an automated way where possible and where not, as soon as is practical. While it is true that a vendor could screw up a patch, it is also true that my hard drive could die, malware could get on my system, an other hardware or software problem could corrupt my data, or I could just screw up and delete data myself.
To protect myself from any of these occurrences, I keep regular backups. I take these backups at a frequency similar to the amount of data I am willing to lose in the event of any failure (including "evil" actions on behalf of my OS vendor.) For me the frequency of backups is generally daily.
Note that I use the term OS vendor instead of Microsoft here, this because I run several computers with several operating systems (Microsoft, Linux(s), others) and I have had them all screw up a patch.
Since I have chosen not to write or personally review the source code for all the software I use (because I don't have that kind of time), I choose to outsource that work to several vendors, one of which is Microsoft. Yes, there are risks to running software from Microsoft (or any other vendor), Microsoft may not have my best interests in mind. However their software meets my needs and I have made the calculation that the value the software provides outweighs the risks.
I still consider Windows 7 as the best OS Microsoft ever made. As far as updates go I completely disabled them after the update gate fiasco. If you feel like me and had to disable windows updates because you can't trust them not to update your entire operating system then it's probably best to part ways, like a psychotic girlfriend that spies on your every move. Trust is a two way street. Once you break that trust the relationship can never be the same. Time for me to go back to Linux. As unrefined as it is, at least they're trying to do good things for their users instead of exploiting them. I'll never run a Mac OS or Google OS for the same reason. Microsoft didn't just cross the line, they got in a spaceship and flew light years past it at ludicrous speed.
>"Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates?"
I run Linux and have for decades. That is how I handle dealing with Microsoft. Of course, that doesn't do most people much good...but people allow themselves to be slaves to Microsoft. The stunts Microsoft has pulled over the last several years shows they are just as controlling, unreasonable, and manipulative as ever.
There is never a better time to move away from MS-Windows.... Linux is just as robust as ever, it has a lot of great applications, lots of support structure, and more and more business software is finally moving to be cloud based and/or web-front ended so the clients can run whatever they like.
Change is never easy, though.
Microsoft hotfixes were never "individual" in the first place.
There are two servicing branches for Windows. GDR and LDR. GDR is what used to go out on Windows Update. LDR is for changes that are considered more risky, and is a superset which also contains GDR changes. All changes are cumulative, per binary. Once you install an LDR fix, that binary stays on LDR branch until a service pack is applied.
At service pack time, GDR and LDR branches are merged.
There's no such thing as an "individual" Microsoft patch. All binaries are patched cumulatively; the only question is what cumulative version you have installed for a given binary.
All that's changed is that they don't want to actually document bugs that are fixed in the hotfixes in detail, and they want to force everyone to more or less the same patch level, because 90% of the time, customers having problems are running old bits that aren't being tested by Microsoft any more. There's an ongoing religious argument over "patch to the latest" vs "don't touch it to keep it stable". But in truth, if you hit a new, unfixed bug, and Microsoft created a new hotfix for you, or even if you just install the latest security update, you were always forced to accept all the cumulative changes between the patchlevel you were at, and the new hotfix you are installing. It's just that at the moment the heavy handed "force em to patch" faction has the upper hand at Microsoft now.
You are one of those "and this time I mean it" people.
You won't dump Windows. Microsoft has probably crossed over your "line in the sand" 10 times in the last year.
They understand they have a captive audience. You might be ruffled about what they force down your throat, but they know you just complain and take it up the arse again the next time too.
Ideas: (partly a re-post from Stop updating completely? Methods and comments)
1) Autopatcher and WSUS Offline Update: Use Autopatcher until Microsoft begins its new system of hiding even more completely what it is doing with its updates. Kvasio said to use WSUS Offline Update, another community driven solution.
Apparently Microsoft approves of WSUS Offline Update. This is from the Microsoft web site: Update Offline Virtual Machine with PowerShell and WSUS Offline Update: Part 1
Update Offline Virtual Machine with PowerShell and WSUS Offline Update: Part 2
2) Windows on an isolated network: Don't allow any Microsoft operating system to have a connection to the internet. Use Linux on a separate computer on a separate network for internet connections. Use Bluetooth to communicate between the Windows OS network and the Linux network.
For Microsoft, convincing people that Windows is buggy is profitable. An article I wrote last year, Microsoft Windows XP "end of life", makes the point that Microsoft fixed 319+828+459=1,606 bugs in Windows XP since Windows XP SP1 was released. Now Microsoft says Windows XP is still too buggy to use. We have 16 computers running Windows XP and haven't had any problems. And software does not have an "end of life", it continues to do what it always did.
Do secret government agencies pay for vulnerabilities? Why do Adobe Flash and the Windows operating system have so many vulnerabilities? Do Adobe Systems and Microsoft sell vulnerabilities to secret government agencies and fix them when they are publicly discovered?
Get serious about recognizing abuse. Quoting this comment, with modifications: We've seen Microsoft's continuous stream of lies and incompetence... including a number of "bugs" and "mistakes" that appear deliberate.
I still use Windows 7. It is what my company uses and I have to maintain a certain degree of compatibility. I also create content, both for myself and for the company I work for. I've avoided MS updates for years simply because Microsoft has proven time and time again that they cannot be trusted, and guess what. Everything still works. My non-Microsoft applications do not mysteriously uninstall themselves after an update, the driver for my printer/scanner does not suddenly stop working because it is not "the latest" available, and my anti-virus software has, so far, kept me reasonably safe from malware attacks. I consider myself lucky in that regard, but it is worth the risk in my opionion to avoid all the known spyware and software issues created by MS updates. I don't need my flightstick driver to stop working simply because it is not signed by Microsoft.
As part of my work I sometimes have to do on-line research. I do not need to see targeted ads for stuff I do for work. Just because I sometimes go to certain medical websites does not mean I have a medical condition, visiting a gun manufacturer's website does not make me a gun nut, and looking at the latest thing that Boeing is up to does not make me a pilot or a world traveller. I don't need to waste my time digging through spam for pills, guns, or airline fare "special" offers. If I'm actually interested in any of those things I'll do the research myself. I'm not going to buy stuff simply because I received a "targeted" scam.
There a lot of complaints in this thread about this new *feature*, but hasn't the horse already escaped the barn? If you are using Windows, you are trusting them to do the right thing with your OS when you install it. How is this rolled up set of patches really going to change things? Either you trust them to do things right, or you go download *nix.
HA! I just wasted some of your bandwidth with a frivolous sig!
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet
How about just...fucking apply the cumulative updates and move on?
If you don't trust the vendor, then it's time to look at someone else's products.
That being said, we are talking about Microsoft here. Many people disagree with their decisions, but they are more or less reliable. Their marketing may be agressive, but they aren't going to go to the point of breaking a product on purpose. They are going to test their patches to the best of their ability, and they are a large enough firm to have the means to do it well. Yes, there will be problems for some users. That is to be expected. Unlike many vendors, Microsoft has relatively little control over the hardware their product is used on or the software that is used on their operating system. So do take precautions like doing regular backups and be prepared to restore those backups if you end up being an edge case where things break.
While you can possibly do better than Microsoft, you can certainly do worse.
rankly, if this finally fixes the issue where windows 7 searches windows update for hours taking 100% of a core and 1-2GB of RAM in the process then I'm all for it.
Microsoft broke windows update on purpose here. The solution is to (1) disable windows update (2) reboot (3) download the june (?) update to windows update via web browser (4) install it (5) now download the latest windows update via web browser (6) install that too.
Now it will work again.
One of the reasons I was recommending people to upgrade to windows 10 was for this issue alone
Thats why they broke it on purpose.
"His name was James Damore."
Easy for you to say. Home users rarely are impacted except for a few scattered Windows 10 users with funky old drivers from updates.
What this shitstorm is going to hit is the enterprise. Where a patch can be devestating, but security and being up to date also is a must. Just imagine 100 applications and 70,000 computers all with different needs filled with very old quirky shit taped up where customers still demand we use IE 6 for much of it. We have a hack to get it to work under Windows 7 with Citrix. These patches break TLS 1.0 which is insecure yes, but our clients can not run without it!
Explain how we can move to Linux and use active directory and group policy and security auditing and SCCM to push applications that are all win32 based in such an environment?
http://saveie6.com/
Back in the days of XP SP1 I bought a laptop. It wanted to install a "security update" right away, but I put it off. wanting to get comfortable with my new computer and my new operating system first. I also used a live Linux CD on the computer a lot.And if you recall, these were the days that Microsoft was particularly vocal about their hatred for Linux. After about a month I finally told Windows that it could install the "Security Update". I didn't notice any obvious change in Windows, but I did see one big change with my laptop, it could no longer connect to the Internet when I ran my live CD!
I checked everything. The CD was still the same and still had the proper CRC checksum. I made another CD anyway but, as expected, the results were the same. After a lot of work I finally tracked down the problem. The laptop NIC, like all modern NICs, had a small eeprom on it that stored the MAC address (that's how they can mass produce NICs that all have unique MAC addresses). And it turns out that there is plenty of extra space in the eeprom not needed for the MAC address, and the NIC used that space to store start up configuration settings, and mine were now set to values that made no sense and kept the NIC from working properly. Interestingly, XP ignored how the NIC was configured and reconfigured it as it wanted so that the device would work. But Linux, which worked fine on the computer for a month, didn't suspect that anything was wrong and tried to use my hardware as it was configured.
Once I understood this I was able to run :Linux again. It was a pain, I had to manually issue some commands every time I booted the CD, but I was able to work around the problem. Eventually Linux code was changed to not trust configuration settings and configure the NIC in the same way that Windows did and I no longer had to manually reconfigure the NIC on every boot.
I'm a cautious computer user. I have a decent hardware firewall and I also use a good software firewall (not one from Microsoft). So now I was in a position where the only malware that had ever done me harm was a Microsoft Windows Update. It wasn't too hard to figure out how to not experience another problem like this one. I've never accepted a software update from the malware provider who screwed me since then. I never will. I have had no malware experiences since then. So how I'll deal with the new update policy is to leave my Windows settings just as they are and not let Microsoft break anything else.
I'm an American. I love this country and the freedoms that we used to have.
My main box has been Linux. It is a lot more hassle to run Windows stuff under Linux, of course, but the writing was on the wall when Windows 10 seemed so sketchy. When I found out that the telemetry updates had been pushed MONTHS prior and then went live for 7 and 8, that was what made it clear to me that I must switch sooner: that was hugely disingenuous. I dual booted for awhile to get stuff switched over, and now my box's Microsoft code is DLLs for WINE.
What I COULD do, if I was inclined to keep a Windows partition around, is to grab just the security updates, and use those. That's probably what most slashdotters who give a fuck will do. I just don't give a fuck. I just can't ever keep up with the endless update debt of Windows, and fighting that seems almost impossible. It's this huge list of everchanging clusterfuck, and if I'm going to have to sysadmin my shit, it may as well be on an OS that isn't actively trying to fuck me over. I'd much rather prefer the accidental breakage of New Bullshit than the deliberate breakage of Known Hostile Entity.
At work, our Linux boxes obviously don't care about this, and our Windows boxes are Somebody Else's Problem, but those are Enterprise, so who cares anyway.
But I'll just use Fedora.
It is said, Windows users will put up with anything. Well, I won't, which is why I'm not a Windows user.
> Windows haters can do the same, in case it's over fake "security concerns" w.r.t. Windows 10, in which case, they need a one-way trip to Guantanamo Bay in order to learn what REAL invasion of privacy is. Fucking children.
You should probably look into what you agreed to send Microsoft in the EULA (hint: everything you ever do, say, everyone you know, who you communicate with, the contents of those communications, etc etc etc).
But keep going with that amazing comparison. You could write ad copy:
"Microsoft Windows: It's better than being detained indefinitely and tortured in a military prison on a communist island!"
That you have to compare a long term detainment and part time torture camp to the OS you bought and paid for shows just how Windows users will put up with anything. Ludicrous comparison to compare something you buy and pay for with indefinite detention.
MS recently released an official update roll-up for win7 SP1, including all post SP1 updates up to May 2016 (I think)
They don't want to call it a SP because that would force them to increase the support deadline for the OS, which we know they don't want to do.
That in fact is the reason windows service packs have gone extinct, or at least are rebranded as other forms of cumulative updates.
Nothing for windows 8.x that I know of
As a counter for all the MS hate around here and all the Linux fans who think it will be taking over the world someday soon...
Windows 10 works just fine, I have it installed on over 20 computers, I've installed it on many more, it works very well...
I used Windows 7 the other day, it felt old all of a sudden, amazing when it felt so new just 7 years ago, but it is now out of date and the idea of staying on Win 7/8.1 is just not reasonable anymore...
Yes, you can use Linux if you want to, it has a purpose, but it won't be replacing Windows as the mass market desktop OS, well... ever...
Something else might, OS X could if Apple would licence it for use on other computers besides Macs, but really there isn't anything else for the mass market...
As the Snowden leaks showed the people calling others tinfoil hats were pretty damn naive.
This is just Microsoft's way of removing your ability to cherry pick which updates you will install, and which ones you won't.
This allows them to wrap one of those Windows 10 upgrade updates into a critical bug update so you have to choose.
Kinda like how Congress wraps their stupid little pet projects and other bullshit that would never pass muster in a million years into a general budget or defense budget bill.
So I had messed around with various distributions of linux over they years (and frequently work on linux/unix/solaris systems at work) but had never taken the full plunge for my personal daily driver until a couple of months ago. I had take the Win10 upgrade from the win7 that had original shipped, and didn't have any issues with drivers/etc. but something kept bothering me. It started with not being able to control when updates occurred, I'd be in the middle of something and windows would decide that right now was when it had to update. There isn't much the torques me more than being interrupted when trying to hack out some code. Then I was trying to boot a newer linux distro off a thumb drive and found the startup process wasn't letting me get to the bios to choose the boot device, which I found out was due to the computer being in some sort of hibernate state even though I told windows to shut down. Apparently in order to improve boot times Win10 actually puts the system in a hibernate like state when you shut down, unless you hack the registry or use a special parm on a shutdown command.
TL;DR I got fed up with it and switched to Ubuntu-MATE, and replaced the hard drive with a SSD. Booting from cold no takes 15 seconds including entering the password.
Linux.
This is a hacked account, for which the owner can not be held responsible.