Slashdot Mirror
Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates? (slashdot.org)
Microsoft's announced they'll discontinue "individual patches" for Windows 7 and 8.1 (as well as Windows Server 2008 R2, 2012, and 2012 R2). Instead they'll have monthly "cumulative" rollups of each month's patches, and while there will be a separate "security-only" bundle each month, "individual patches will no longer be available." This has one anonymous Slashdot reader asking what's the alternative:
We've read about the changes coming to Windows Update in October 2016... But what happens when it's time to wipe and reload the OS? Or what about installing Windows on different hardware? Admittedly, there are useful non-security updates worth having, but plenty to avoid (e.g. telemetry).
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?
I run Linux. I keep a Windows system around for minor software that needs it, but I don't put sensitive information on it like mail or personal data.
Linux is your partner. Microsoft is your master. Choose wisely.
Sometimes the "writing on the wall" is blood spatter...
I kept Windows 7 to update my GPS maps, but I boot 99.9% of the time in Debian.
Since tye year 2000 times I had tried different Linux distros but never had enough motivation to leave windows.
Windows 10 provided enough stimulus.
After using Linux for 18 or so years, I think it's time to switch back to Windows..... actually, nah.
My wife's photography business currently runs on Windows 7. We can't accept the risk of Microsoft screwing up her production environment (Photoshop + Lightroom).
For now, we're going to stop installing Windows updates, and cross our fingers.
Once that starts seeming too risky, I'll look into moving Windows into a VM with limited Internet access, or we'll migrate to using a Mac for the photo editing.
Neither option is appealing. I haven't yet figured out how difficult it will be to get monitor color-calibration right if Windows is running on a VM inside Linux. And sufficiently powerful Macs are painfully expensive.
I'll be curious to see if Microsoft's overall strategy from the past year is going to pay off for them. They're literally driving previously satisfied customers into their competitors' arms.
Appy app apps guy is right - the future in everyone's mind is Apps, not some LUDDITE desktop application or "pre-App web app" -- but I think Microsoft is really dismissing how much legacy code is out there and is broken by various updates. I do systems integration work with an end user desktop focus, and there are _so many_ crappy IE-only, ActiveX or Java applet or Flash or Shockwave (!) monstrosities lurking in corporate IT shops everywhere. Most of it isn't even in-house developed - it was written by really expensive consultants who want another few million to modernize it.
It will be very interesting to see how they pull this off - whether there will be an exception for Enterprise, etc.
But is Apple installing telemetry and all sorts of crap that spies on their users? That's why people want to be able to pick and choose which updates they install. My feeling is the only reason MS is doing it this way is to get that telemetry onto all the computers that refused to install it.
It is so sad to see it come to such a painful end. I actually bought Windows 1.0 in my youth and have had a machine running a Windows version ever since. I did manage to skip the most disastrous versions (ME, Vista, Bob and friends) and as a result had a pretty good run. By Windows 7 it had finally become a stable workhorse OS that, for a time, served me well as its owner and master.
With Windows 8.x and then 10 it became evident that Windows as an OS no longer served me as its (paid and rightful) owner but instead answered to an increasingly malevolent master who was working against my will and interests. Its aim was nothing other than to harvest and sell me, my identity, my movements, my thoughts, my keystrokes, as a product like any other meat based commodity. I knew I could not in good conscious willingly give myself over to such abuses. I concluded that Windows 7 would be my last Windows and in my personal view was THE last Windows as I knew the product all these years, with the things that came after no longer sharing a common purpose with those that came before.
While corrupting the Windows brand was bad even more nefarious was to take the Windows 7 the I own now away from me. The tried heartily to wear me down with deceptive pop-ups and then with malicious corrupting patches but, through great effort, I diligently thwarted them all. Now it seems the end has come, my paid copy of Windows 7 Professional will be corrupted by force or left to wither and be ravaged by wild dogs and the NSA in what I personally view to be a heinous crime against all humanity.
As a long term Microsoft customer, the sentiment I now associate most with the company is betrayal.
I will apply all the patches that the vendor supplies in an automated way where possible and where not, as soon as is practical. While it is true that a vendor could screw up a patch, it is also true that my hard drive could die, malware could get on my system, an other hardware or software problem could corrupt my data, or I could just screw up and delete data myself.
To protect myself from any of these occurrences, I keep regular backups. I take these backups at a frequency similar to the amount of data I am willing to lose in the event of any failure (including "evil" actions on behalf of my OS vendor.) For me the frequency of backups is generally daily.
Note that I use the term OS vendor instead of Microsoft here, this because I run several computers with several operating systems (Microsoft, Linux(s), others) and I have had them all screw up a patch.
Since I have chosen not to write or personally review the source code for all the software I use (because I don't have that kind of time), I choose to outsource that work to several vendors, one of which is Microsoft. Yes, there are risks to running software from Microsoft (or any other vendor), Microsoft may not have my best interests in mind. However their software meets my needs and I have made the calculation that the value the software provides outweighs the risks.
Microsoft hotfixes were never "individual" in the first place.
There are two servicing branches for Windows. GDR and LDR. GDR is what used to go out on Windows Update. LDR is for changes that are considered more risky, and is a superset which also contains GDR changes. All changes are cumulative, per binary. Once you install an LDR fix, that binary stays on LDR branch until a service pack is applied.
At service pack time, GDR and LDR branches are merged.
There's no such thing as an "individual" Microsoft patch. All binaries are patched cumulatively; the only question is what cumulative version you have installed for a given binary.
All that's changed is that they don't want to actually document bugs that are fixed in the hotfixes in detail, and they want to force everyone to more or less the same patch level, because 90% of the time, customers having problems are running old bits that aren't being tested by Microsoft any more. There's an ongoing religious argument over "patch to the latest" vs "don't touch it to keep it stable". But in truth, if you hit a new, unfixed bug, and Microsoft created a new hotfix for you, or even if you just install the latest security update, you were always forced to accept all the cumulative changes between the patchlevel you were at, and the new hotfix you are installing. It's just that at the moment the heavy handed "force em to patch" faction has the upper hand at Microsoft now.
Ideas: (partly a re-post from Stop updating completely? Methods and comments)
1) Autopatcher and WSUS Offline Update: Use Autopatcher until Microsoft begins its new system of hiding even more completely what it is doing with its updates. Kvasio said to use WSUS Offline Update, another community driven solution.
Apparently Microsoft approves of WSUS Offline Update. This is from the Microsoft web site: Update Offline Virtual Machine with PowerShell and WSUS Offline Update: Part 1
Update Offline Virtual Machine with PowerShell and WSUS Offline Update: Part 2
2) Windows on an isolated network: Don't allow any Microsoft operating system to have a connection to the internet. Use Linux on a separate computer on a separate network for internet connections. Use Bluetooth to communicate between the Windows OS network and the Linux network.
For Microsoft, convincing people that Windows is buggy is profitable. An article I wrote last year, Microsoft Windows XP "end of life", makes the point that Microsoft fixed 319+828+459=1,606 bugs in Windows XP since Windows XP SP1 was released. Now Microsoft says Windows XP is still too buggy to use. We have 16 computers running Windows XP and haven't had any problems. And software does not have an "end of life", it continues to do what it always did.
Do secret government agencies pay for vulnerabilities? Why do Adobe Flash and the Windows operating system have so many vulnerabilities? Do Adobe Systems and Microsoft sell vulnerabilities to secret government agencies and fix them when they are publicly discovered?
Get serious about recognizing abuse. Quoting this comment, with modifications: We've seen Microsoft's continuous stream of lies and incompetence... including a number of "bugs" and "mistakes" that appear deliberate.
> Windows 10 works just fine if you don't care about being spied on.
FTFY. When even MS admits they Are unable to stop Windows 10 tracking then you've just admitting to being MS's bitch. But I guess you have no respect for yourself since MS sure doesn't have any for you.
Only a complete idiot blindly trusts Microsoft.
The rest of us actually have a pair and don't allow MS to pretend they own our computers, nor our network connections.
> I used Windows 7 the other day, it felt old all of a sudden,
Ah, that explains it -- just another dumb hipster who thinks "Ooh, shiny!" is somehow more magically stable then something that has been around for a while. Windows 10 == more lines of code == more bugs, but keep on being a shill because Windows 7 works just fine for those of us using it.
But I don't expect an apologist to understand why Microsoft's forced upgrades on Windows 7 and Window 8 users leaves a bad taste with customers and users start looking for alternatives.
It's the all or nothing approach. Previously, you could read the patch notes (such as they were) and make an informed decision as to whether to "patch ASAP", "test thoroughly, then patch", "whenever", or "not required (e.g. telemetry/GWX crap)" on a patch by patch basis. Other than the paucity of real data and Microsoft's far too frequent attempts to slip a turd in there, that's really not all that different from any other patch system, on any other OS - unless you are compiling from source that you have looked personally diff'd and examined the changes, you are still trusting your patch provider to do the right thing; binary packages on *nix are no different from binary .msu or .exe files on Windows Update in that respect.
Now, while you can still defer the installation, you don't have that per-patch flexibility. That could potentially mean that you have to choose between breaking something critical to you (e.g. the USB webcam borkage of the recent Windows 10 update) and leaving your system exposed to some critical and remotely exploitable vulnerability instead of just patching the critical hole and waiting for Microsoft to fix the USB webcam issue. Yes, when it works, the new approach will be simpler, easier for everyone to manage, and will no doubt help alleviate some of the problems with Windows Update's seriously broken version control mechanisms, but Microsoft's track record on "when it works", has been pretty dire lately. It's also much easier for Microsoft to slip something nasty in there, again something their track record on has been pretty dire of late.
Frankly, I'm all for this latest brain dead move by Microsoft. Those that have a bit of technical nous can figure out some viable approach to patch management and additional security layers easily enough (they shouldn't have to, but still), while many of those that don't are inevitably going fall foul of a series of future USB webcam style screw-ups in the future. Same result in both cases; more pain for using Windows and a greater chance that alternatives will be considered, and anything that disrupts the Microsoft monoculture is fine by me.
UNIX? They're not even circumcised! Savages!