Slashdot Mirror
Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates? (slashdot.org)
Microsoft's announced they'll discontinue "individual patches" for Windows 7 and 8.1 (as well as Windows Server 2008 R2, 2012, and 2012 R2). Instead they'll have monthly "cumulative" rollups of each month's patches, and while there will be a separate "security-only" bundle each month, "individual patches will no longer be available." This has one anonymous Slashdot reader asking what's the alternative:
We've read about the changes coming to Windows Update in October 2016... But what happens when it's time to wipe and reload the OS? Or what about installing Windows on different hardware? Admittedly, there are useful non-security updates worth having, but plenty to avoid (e.g. telemetry).
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?
I run Linux. I keep a Windows system around for minor software that needs it, but I don't put sensitive information on it like mail or personal data.
Linux is your partner. Microsoft is your master. Choose wisely.
Sometimes the "writing on the wall" is blood spatter...
I kept Windows 7 to update my GPS maps, but I boot 99.9% of the time in Debian.
Since tye year 2000 times I had tried different Linux distros but never had enough motivation to leave windows.
Windows 10 provided enough stimulus.
I've been running Linux exclusively on all my own machines for 15 years or so now, so I won't be worrying about this at all. I do have to use Windows machines for work, but those are supplied and supported by my employer, so I don't have to worry about it there, either. Hooray!!
After using Linux for 18 or so years, I think it's time to switch back to Windows..... actually, nah.
My wife's photography business currently runs on Windows 7. We can't accept the risk of Microsoft screwing up her production environment (Photoshop + Lightroom).
For now, we're going to stop installing Windows updates, and cross our fingers.
Once that starts seeming too risky, I'll look into moving Windows into a VM with limited Internet access, or we'll migrate to using a Mac for the photo editing.
Neither option is appealing. I haven't yet figured out how difficult it will be to get monitor color-calibration right if Windows is running on a VM inside Linux. And sufficiently powerful Macs are painfully expensive.
I'll be curious to see if Microsoft's overall strategy from the past year is going to pay off for them. They're literally driving previously satisfied customers into their competitors' arms.
Appy app apps guy is right - the future in everyone's mind is Apps, not some LUDDITE desktop application or "pre-App web app" -- but I think Microsoft is really dismissing how much legacy code is out there and is broken by various updates. I do systems integration work with an end user desktop focus, and there are _so many_ crappy IE-only, ActiveX or Java applet or Flash or Shockwave (!) monstrosities lurking in corporate IT shops everywhere. Most of it isn't even in-house developed - it was written by really expensive consultants who want another few million to modernize it.
It will be very interesting to see how they pull this off - whether there will be an exception for Enterprise, etc.
Do people really think al-la-carte Windows patches were a good solution for complexity and stability of the OS? What about when you needed to reboot 5 times to get a new XP install current or that the time to patch was longer than the time to infect from internet worms?
Apple just has cumulative patches for iOS and macOs and it isn't a terrible problem for them; it probably makes more reliable than having to test every combination for interactions.
We'll see what happens, but for now I've taken the precaution of using WSUS Offline to download all updates as of today. If I ever need to install Windows 7 again I have my original disc (and backed up ISO on cloud storage) and I can use the update installer from WSUS Offline to apply the updates I downloaded without ever needing to put the computer on the Internet. (And yes, this tool lets you add specific updates to an exclusion list so that they don't get installed).
It is so sad to see it come to such a painful end. I actually bought Windows 1.0 in my youth and have had a machine running a Windows version ever since. I did manage to skip the most disastrous versions (ME, Vista, Bob and friends) and as a result had a pretty good run. By Windows 7 it had finally become a stable workhorse OS that, for a time, served me well as its owner and master.
With Windows 8.x and then 10 it became evident that Windows as an OS no longer served me as its (paid and rightful) owner but instead answered to an increasingly malevolent master who was working against my will and interests. Its aim was nothing other than to harvest and sell me, my identity, my movements, my thoughts, my keystrokes, as a product like any other meat based commodity. I knew I could not in good conscious willingly give myself over to such abuses. I concluded that Windows 7 would be my last Windows and in my personal view was THE last Windows as I knew the product all these years, with the things that came after no longer sharing a common purpose with those that came before.
While corrupting the Windows brand was bad even more nefarious was to take the Windows 7 the I own now away from me. The tried heartily to wear me down with deceptive pop-ups and then with malicious corrupting patches but, through great effort, I diligently thwarted them all. Now it seems the end has come, my paid copy of Windows 7 Professional will be corrupted by force or left to wither and be ravaged by wild dogs and the NSA in what I personally view to be a heinous crime against all humanity.
As a long term Microsoft customer, the sentiment I now associate most with the company is betrayal.
I will likely use the "security-only" bundle; and try to remove all rarely used Microsoft software other than the Windows 7. I already removed Java and Adobe; now will have to think about removing MS Office because, I foresee, in time the "security-only" bundle will stop patching office. Tim S.
I will apply all the patches that the vendor supplies in an automated way where possible and where not, as soon as is practical. While it is true that a vendor could screw up a patch, it is also true that my hard drive could die, malware could get on my system, an other hardware or software problem could corrupt my data, or I could just screw up and delete data myself.
To protect myself from any of these occurrences, I keep regular backups. I take these backups at a frequency similar to the amount of data I am willing to lose in the event of any failure (including "evil" actions on behalf of my OS vendor.) For me the frequency of backups is generally daily.
Note that I use the term OS vendor instead of Microsoft here, this because I run several computers with several operating systems (Microsoft, Linux(s), others) and I have had them all screw up a patch.
Since I have chosen not to write or personally review the source code for all the software I use (because I don't have that kind of time), I choose to outsource that work to several vendors, one of which is Microsoft. Yes, there are risks to running software from Microsoft (or any other vendor), Microsoft may not have my best interests in mind. However their software meets my needs and I have made the calculation that the value the software provides outweighs the risks.
I still consider Windows 7 as the best OS Microsoft ever made. As far as updates go I completely disabled them after the update gate fiasco. If you feel like me and had to disable windows updates because you can't trust them not to update your entire operating system then it's probably best to part ways, like a psychotic girlfriend that spies on your every move. Trust is a two way street. Once you break that trust the relationship can never be the same. Time for me to go back to Linux. As unrefined as it is, at least they're trying to do good things for their users instead of exploiting them. I'll never run a Mac OS or Google OS for the same reason. Microsoft didn't just cross the line, they got in a spaceship and flew light years past it at ludicrous speed.
>"Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates?"
I run Linux and have for decades. That is how I handle dealing with Microsoft. Of course, that doesn't do most people much good...but people allow themselves to be slaves to Microsoft. The stunts Microsoft has pulled over the last several years shows they are just as controlling, unreasonable, and manipulative as ever.
There is never a better time to move away from MS-Windows.... Linux is just as robust as ever, it has a lot of great applications, lots of support structure, and more and more business software is finally moving to be cloud based and/or web-front ended so the clients can run whatever they like.
Change is never easy, though.
Microsoft hotfixes were never "individual" in the first place.
There are two servicing branches for Windows. GDR and LDR. GDR is what used to go out on Windows Update. LDR is for changes that are considered more risky, and is a superset which also contains GDR changes. All changes are cumulative, per binary. Once you install an LDR fix, that binary stays on LDR branch until a service pack is applied.
At service pack time, GDR and LDR branches are merged.
There's no such thing as an "individual" Microsoft patch. All binaries are patched cumulatively; the only question is what cumulative version you have installed for a given binary.
All that's changed is that they don't want to actually document bugs that are fixed in the hotfixes in detail, and they want to force everyone to more or less the same patch level, because 90% of the time, customers having problems are running old bits that aren't being tested by Microsoft any more. There's an ongoing religious argument over "patch to the latest" vs "don't touch it to keep it stable". But in truth, if you hit a new, unfixed bug, and Microsoft created a new hotfix for you, or even if you just install the latest security update, you were always forced to accept all the cumulative changes between the patchlevel you were at, and the new hotfix you are installing. It's just that at the moment the heavy handed "force em to patch" faction has the upper hand at Microsoft now.
Ideas: (partly a re-post from Stop updating completely? Methods and comments)
1) Autopatcher and WSUS Offline Update: Use Autopatcher until Microsoft begins its new system of hiding even more completely what it is doing with its updates. Kvasio said to use WSUS Offline Update, another community driven solution.
Apparently Microsoft approves of WSUS Offline Update. This is from the Microsoft web site: Update Offline Virtual Machine with PowerShell and WSUS Offline Update: Part 1
Update Offline Virtual Machine with PowerShell and WSUS Offline Update: Part 2
2) Windows on an isolated network: Don't allow any Microsoft operating system to have a connection to the internet. Use Linux on a separate computer on a separate network for internet connections. Use Bluetooth to communicate between the Windows OS network and the Linux network.
For Microsoft, convincing people that Windows is buggy is profitable. An article I wrote last year, Microsoft Windows XP "end of life", makes the point that Microsoft fixed 319+828+459=1,606 bugs in Windows XP since Windows XP SP1 was released. Now Microsoft says Windows XP is still too buggy to use. We have 16 computers running Windows XP and haven't had any problems. And software does not have an "end of life", it continues to do what it always did.
Do secret government agencies pay for vulnerabilities? Why do Adobe Flash and the Windows operating system have so many vulnerabilities? Do Adobe Systems and Microsoft sell vulnerabilities to secret government agencies and fix them when they are publicly discovered?
Get serious about recognizing abuse. Quoting this comment, with modifications: We've seen Microsoft's continuous stream of lies and incompetence... including a number of "bugs" and "mistakes" that appear deliberate.
There a lot of complaints in this thread about this new *feature*, but hasn't the horse already escaped the barn? If you are using Windows, you are trusting them to do the right thing with your OS when you install it. How is this rolled up set of patches really going to change things? Either you trust them to do things right, or you go download *nix.
HA! I just wasted some of your bandwidth with a frivolous sig!
rankly, if this finally fixes the issue where windows 7 searches windows update for hours taking 100% of a core and 1-2GB of RAM in the process then I'm all for it.
Microsoft broke windows update on purpose here. The solution is to (1) disable windows update (2) reboot (3) download the june (?) update to windows update via web browser (4) install it (5) now download the latest windows update via web browser (6) install that too.
Now it will work again.
One of the reasons I was recommending people to upgrade to windows 10 was for this issue alone
Thats why they broke it on purpose.
"His name was James Damore."
Back in the days of XP SP1 I bought a laptop. It wanted to install a "security update" right away, but I put it off. wanting to get comfortable with my new computer and my new operating system first. I also used a live Linux CD on the computer a lot.And if you recall, these were the days that Microsoft was particularly vocal about their hatred for Linux. After about a month I finally told Windows that it could install the "Security Update". I didn't notice any obvious change in Windows, but I did see one big change with my laptop, it could no longer connect to the Internet when I ran my live CD!
I checked everything. The CD was still the same and still had the proper CRC checksum. I made another CD anyway but, as expected, the results were the same. After a lot of work I finally tracked down the problem. The laptop NIC, like all modern NICs, had a small eeprom on it that stored the MAC address (that's how they can mass produce NICs that all have unique MAC addresses). And it turns out that there is plenty of extra space in the eeprom not needed for the MAC address, and the NIC used that space to store start up configuration settings, and mine were now set to values that made no sense and kept the NIC from working properly. Interestingly, XP ignored how the NIC was configured and reconfigured it as it wanted so that the device would work. But Linux, which worked fine on the computer for a month, didn't suspect that anything was wrong and tried to use my hardware as it was configured.
Once I understood this I was able to run :Linux again. It was a pain, I had to manually issue some commands every time I booted the CD, but I was able to work around the problem. Eventually Linux code was changed to not trust configuration settings and configure the NIC in the same way that Windows did and I no longer had to manually reconfigure the NIC on every boot.
I'm a cautious computer user. I have a decent hardware firewall and I also use a good software firewall (not one from Microsoft). So now I was in a position where the only malware that had ever done me harm was a Microsoft Windows Update. It wasn't too hard to figure out how to not experience another problem like this one. I've never accepted a software update from the malware provider who screwed me since then. I never will. I have had no malware experiences since then. So how I'll deal with the new update policy is to leave my Windows settings just as they are and not let Microsoft break anything else.
I'm an American. I love this country and the freedoms that we used to have.
> Windows haters can do the same, in case it's over fake "security concerns" w.r.t. Windows 10, in which case, they need a one-way trip to Guantanamo Bay in order to learn what REAL invasion of privacy is. Fucking children.
You should probably look into what you agreed to send Microsoft in the EULA (hint: everything you ever do, say, everyone you know, who you communicate with, the contents of those communications, etc etc etc).
But keep going with that amazing comparison. You could write ad copy:
"Microsoft Windows: It's better than being detained indefinitely and tortured in a military prison on a communist island!"
That you have to compare a long term detainment and part time torture camp to the OS you bought and paid for shows just how Windows users will put up with anything. Ludicrous comparison to compare something you buy and pay for with indefinite detention.
As a counter for all the MS hate around here and all the Linux fans who think it will be taking over the world someday soon...
Windows 10 works just fine, I have it installed on over 20 computers, I've installed it on many more, it works very well...
I used Windows 7 the other day, it felt old all of a sudden, amazing when it felt so new just 7 years ago, but it is now out of date and the idea of staying on Win 7/8.1 is just not reasonable anymore...
Yes, you can use Linux if you want to, it has a purpose, but it won't be replacing Windows as the mass market desktop OS, well... ever...
Something else might, OS X could if Apple would licence it for use on other computers besides Macs, but really there isn't anything else for the mass market...
This is just Microsoft's way of removing your ability to cherry pick which updates you will install, and which ones you won't.
This allows them to wrap one of those Windows 10 upgrade updates into a critical bug update so you have to choose.
Kinda like how Congress wraps their stupid little pet projects and other bullshit that would never pass muster in a million years into a general budget or defense budget bill.
Linux.
This is a hacked account, for which the owner can not be held responsible.