Tuesday Was Microsoft's Last Non-Cumulative Patch

There was something unique about this week's Patch Tuesday. An anonymous Slashdot reader quotes HelpNetSecurity: It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well.
Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux."

'Batch Tuesday'?

Wait -- since it's a cumulative update, are we going to call them 'batch Tuesdays' from now on?

Re:'Batch Tuesday'?

How aobut 'botch Tuesdays'?

Re: 'Batch Tuesday'?

[davester666]

Just something to keep you busy on Wednesday morning while your computer is reinstalling Windows.

Re:'Batch Tuesday'?

[um...+Lucas]

There should be a single blog, yes. But there should also be the ability to choose which patches you want, if necessary. Say a particular graphics driver is known to kill a certain game, or a certain network update conflicts with a utility, there should be a way for advanced users do opt-out of them.

But then, Microsoft is trying to create an environment as closed as Mac, with user tracking beyond the pale of Google, accompanied a fee stream to rival any subscription service. It's not about what users want anymore, just about extracting maximal dollars.

Re:'Batch Tuesday'?

[Gr8Apes]

Why does anyone worried about privacy, security, or really "owning" their computer run windows anymore? It's time to accept that windows is no longer a consumer OS, it is a subscription service that allows you access to things you think you own, only as long as you pay the piper (that subscription payment will be coming, just wait for it).

To answer the question: If you want a AAA game platform, just buy your $5K game console and be done with it. Yes, like any console, it can do more, but at what cost?

Re:'Batch Tuesday'?

[OtisSnerd]

While will lead directly into Bitch Wednesday, as sysadmins try to recover all the Botched PCs...

Re:'Batch Tuesday'?

[Ol+Olsoc]

There should be a single blog, yes. But there should also be the ability to choose which patches you want, if necessary. Say a particular graphics driver is known to kill a certain game, or a certain network update conflicts with a utility, there should be a way for advanced users do opt-out of them.

Or even better, not make updates that have to be rolled back because they fuck up machines. It must be Stockholm syndrome or something akin, that so many people are so accepting of an Operating System that regularly screws the pooch in the computers. They even seem to think that getting their computers fucked up is a mark of superiority.

Ain't no need for that friends!

Somehow or another, OSX and Linux manage to not screw up people's computers often or at all. Using all three, my Windows machines Well, I'm down to one now are the only ones that work just fine one day, then after an update do not.

full discosure, Mac Mail got a little goofy for a little while, and one update made my Mac at the time a little jittery, but it was fixed pronto, and it noever stopped working

Getting rid of the W10 Dell I was using was a huge improvement, freed up time to actually do work, not get the computer to work.

But then, Microsoft is trying to create an environment as closed as Mac,

What is this "closed environment" people speak of? I can install any program I wish on my Mac. I run Windows 7 on it. I can run Linux on it. I don't often run Linux on it because it's already running Unix. But if that's a closed system, gimme that over Windows 10 any day.

It's not about what users want anymore, just about extracting maximal dollars.

Can't argue with ya there, although some times it seems like an abusive relationship between Microsoft and their users as well.

Re:'Batch Tuesday'?

[david_thornley]

Why does anyone worried about privacy, security, or really "owning" their computer run windows anymore?

Four reasons.

There is no satisfactory replacement. Linux isn't going to be usable until the desktop settles down some, there's a package manager that runs on most versions (perhaps with a converter to translate it into either a .deb or a .rpm), and more applications are available. Mac OSX is limited to a very few computer models, not including low-end ones, and there's limits on the available applications.

Microsoft produces Microsoft Office, and getting off that is difficult, because of the network effect, and some of the more advanced features, which are not duplicated in LibreOffice. There's other Microsoft software that is well designed for large business use, and AFAICT there aren't good F/OS equivalents.

Aside from Microsoft, there's lots of third-party apps written for MS Windows and nothing else. A large number of companies have dependencies on some of these applications. The general rule for selecting an OS is to get what runs the applications you want.

Inertia. Except for security, the issues you list are fairly new. It's going to take a long time to move over. There's lots of applications that would have to be rewritten to run on Linux or Mac OSX. There's really not that much pressure to move as long as large companies can still use W7 or W8.1.

Re:'Batch Tuesday'?

[Gr8Apes]

There is no satisfactory replacement. Linux isn't going to be usable until the desktop settles down some, there's a package manager that runs on most versions (perhaps with a converter to translate it into either a .deb or a .rpm), and more applications are available. Mac OSX is limited to a very few computer models, not including low-end ones, and there's limits on the available applications.

I'd agree. Linux shot itself in the foot with Gnome and the whole systemd debacle that made it look a lot less stable and usable than it should be. Had the distros focused on stabilizing and simplifying the end user experience instead, it might have had a chance.

Microsoft produces Microsoft Office, and getting off that is difficult, because of the network effect, and some of the more advanced features, which are not duplicated in LibreOffice. There's other Microsoft software that is well designed for large business use, and AFAICT there aren't good F/OS equivalents.

Other than some minor irritants with later Office releases that are designed to destroy compatibility I have had few issues with dealing with Office documents over the past 5 years of being MS free. And there's nothing new there, MS has been effectively leveraging MS Office since Office 95 to force updates and keep the competition limping along or crashing.

Inertia. ... There's really not that much pressure to move as long as large companies can still use W7 or W8.1.

Yep, the clock is ticking, although it was obviously years ago that MS was heading this way. In fact, the day Office 365 was announced, it was time to figure out how to remove MS from your stack. As for business applications, with few exceptions everything is moving to web-based data/application, so there's not much requirements to keeping you on windows. There's a reason IBM spearheaded its internal move to OSX across the board. The reason was that MS's plans were against any sane company's IT management policies.

Re:'Batch Tuesday'?

[Coren22]

Only if those sys admins are terrible at their jobs and don't do patch testing and deployment properly.

Windows 10 pro/enterprise has always had the option to delay updates until approved, you don't even need a WSUS server to manage that, though it does make it easier. If a sys admin is running Win 10 home in a production environment, I have to wonder about their professionalism and sys admin abilities.

Not sure you have a lot of options?

[King_TJ]

I think if the patches are bundled together now - you basically have to treat them as one larger patch. In other words, nothing changes except any time you find you did one and it breaks something, you roll the whole collection back until it can be rectified.

IMO, Microsoft's Windows Updates have been a huge, overly confusing mess for a long time anyway. I used to use WSUS to centrally administer them and for our small to mid-sized company, it became more trouble than it was worth. I like the advantage that you only have to download the patches once to the central WSUS server and then all the clients grab copies from there to save your Internet bandwidth. But in practice, our workforce is mobile enough that it's almost better we just let their laptops grab updates over the net from wherever they're at so they get patched more quickly.

Sifting through all of their patches and deciding when it was safe to "release" them was getting to be way more time-consuming for I.T. than it should have been. So often, you have slews of patches that wind up marked "superseded" by other patches, and there are weird dependencies too. Can't do certain patches unless you've done others first. (Why not automate all of that so any patch dependent on another one just auto-applies the required one as part of its installation?)

If you do a fresh install of Windows 7 these days? The update process is PAINFUL! You'll literally need to leave the PC downloading updates for a good 8-10 hours or more before it finally starts doing anything obvious. (It seems that it needs so many individual patches to get current, it overwhelms their updater service trying to sort through all of it and prepare to download them in the proper order?)

Re:Not sure you have a lot of options?

[MightyMartian]

Microsoft's resolve to alter its patch delivery schedule usually gets undermined the first time some major bug or security flaw is discovered, and it's forced to release an off-schedule fix.

Re:Not sure you have a lot of options?

[MightyMartian]

The way Windows 10 manages updates in general is frustrating. We have some dedicated Windows 10 Lenovo micro-PCs whose only significant job is show videos on some large flatscreen TVs, and we're constantly having to cancel out the update nag screens. GPOs that would seem to work don't always apply, so it just gets to be an annoying problem. I think the next set of such micro PCs we buy will probably have some small footprint version of Debian.

Re:Not sure you have a lot of options?

[dbIII]

If you do a fresh install of Windows 7 these days? The update process is PAINFUL! You'll literally need to leave the PC downloading updates for a good 8-10 hours or more before it finally starts doing anything obvious

On the most recent one I did updating was completely broken. For days. Even printer drivers were unavailable. It turned that that turning updates off - rebooting - then turning them on again allowed that 8-10 hours or more.
The way it behaves changes frequently.

Re:Not sure you have a lot of options?

[jargonburn]

Not a big fan of how they try to force-feed you the updates. Have you tried setting the "Windows Update" service to disabled? IIRC, that will chop the update process off at the knees. If their only real job is outputting video, patching is something you could relegate to a manual task; might be less frustrating!

Re:Not sure you have a lot of options?

WHY are you using windows 10 as a single-purpose video player? there are SO MANY OTHER WAYS to do that.. most cheaper... much cheaper.. on top of higher reliability, easier management and maintenance and updating of content, and lower hardware investment.

you absolutely deserve every bit of inconvenience and embarrassment, even, when windows fucks up and puts your bsod on display, that you suffer for your moronic choice of software.

Re:Not sure you have a lot of options?

[tsa]

Let's wait until next week then.

Re:Not sure you have a lot of options?

[blind+biker]

The way Windows 10 manages updates in general is frustrating. We have some dedicated Windows 10 Lenovo micro-PCs whose only significant job is show videos on some large flatscreen TVs, and we're constantly having to cancel out the update nag screens. GPOs that would seem to work don't always apply, so it just gets to be an annoying problem. I think the next set of such micro PCs we buy will probably have some small footprint version of Debian.

Every time someone voluntarily went to a Windows 10 PC (even though there are alternatives), they have a horror story about it - but they characterize it as "annoyance". Example: "from time to time I lose my edits because the PC reboots without my consent. So annoying."

For me, all those scenarios are 100% unacceptable, and is why I keep installing Windows 7 (and then disable updates), and I keep around a few Windows 7 thinkpads.

Re:Not sure you have a lot of options?

[vtcodger]

If one has PCs in their care that have minimal/no exposure to the internet, is updating them at all advisable? It's clear that Microsoft can't QA their products adequately. And they are hardly alone in that. IMO, that probably makes updates a greater risk than malware.

Frankly the "cloud" is increasingly like an uncharted polar sea full of icebergs and rocks. Turning your navigation over to pilots who are questionably competent and quite possibly on drugs as well may not be a good idea. May be best to sail only close to home and only on days when the visibility is good and the seas calm.

Re:Not sure you have a lot of options?

[perlith]

GPOs that would seem to work don't always apply, so it just gets to be an annoying problem.

Can you expand on the specifics of this? Which GPOs are not working as expected? I'm running Win10 Professional not on a domain and settings under Computer Policy > Administrative Templates > Windows Components > Windows Update still work as expected.

Asking because I don't want to be caught by surprise either at a particularly inconvenient moment.

Re:Not sure you have a lot of options?

[Zocalo]

Then you're doing it wrong. You need to either, 1) slipsteam your install media with all the patches and do your build(s) that way, or 2) disconnect the network, install from SP1 media, reboot, then install the "Convenience Update" (KB3125574) (AKA SP2, released in April), reboot again, then connect it up and let it get the remaining post-April updates. Both approaches are far from perfect, and still have the odd glitch, but they are a lot more efficient than letting an new SP1 install try to patch itself.

Still not even remotely close to the efficiency of Linux's approach of an integrated download of any updated packages during the install, then a single reboot though...

Re:Not sure you have a lot of options?

[dbIII]

and still have the odd glitch

Indeed, which is why I had to do it the way I said in the end after an offline WSUS tool and other attempts did not work.
The way it behaves changes frequently, which is very annoying and means that what is good advice a month ago is often not relevant today.

Re:Not sure you have a lot of options?

[PsychoSlashDot]

I think if the patches are bundled together now - you basically have to treat them as one larger patch. In other words, nothing changes except any time you find you did one and it breaks something, you roll the whole collection back until it can be rectified.

To a certain degree, it's already that way.

This month, I have a customer with a Hyper-V cluster which one of the six patches screwed up iSCSI while backing up. And a customer with a Terminal Server which one of the six patches screwed up Terminal Services. And a customer with Exchange that one of the six patches broke Backup Exec being able to see inside the database to restore individual files.

Only in the case of the TS problem has it been tracked down to a single patch - by Microsoft. The other two batches, nobody knows which one is at fault. These are production machines and I don't have time to reapply patches one by one to help Microsoft isolate which one is bad. So yeah, after this unusually brutal month I'm okay with cumulative patches. I'm having to roll back batches anyway.

Re:Not sure you have a lot of options?

[WinstonWolfIT]

Every time someone voluntarily went to a Windows 10 PC (even though there are alternatives), they have a horror story about it

Hyperbole = bollocks. My partner and I are on W10, it's heaps better than W7 or W8*, and we have no horror stories. Almost everything I use auto-saves, apps reload on reboot, and I have enough discipline to save Notepad files or Sql Manager queries if I want to keep them.

Re:Not sure you have a lot of options?

[Slashdot+Junky]

Yes, a computer should be getting updates if it ever connects to a network independent of whether or not it had internet connectivity. In this case, it is the other hosts on the network that create the risk.

Re:Not sure you have a lot of options?

[Slashdot+Junky]

Those videos may be updates occasionally with this done remotely. They may be served via a more sophisticated system where content is assigned as a channel with schedules all managed centrally. We have a system with 50+ player computers distributed across NA sites serving many more displays that shows locallized and national content. We refer to it as eTV, and the content is managed by communications folks both locally and corp folks and supported by IT. So, while what the computers do all day is single task, these must be on a network. Now, risk could be reduced through network configs on the hardware side that restricts what connections can be made among them.

Re:Not sure you have a lot of options?

[DarkOx]

Right to for the right job. A dedicated video player should be just that. It should not be a PC. You would be way way better off with some purpose built raspi image on that hardware. I would not even recommend using full linux distro for such a chore.

Your best bet would have been to spec out a smart TV that could play the videos without having to hang anything off the back. Sure those things have their own security issues but if put a few switch port ACLs on there to make sure it only talks to the file sever or DLNA server that has the videos on it, than the risk is low.

Re:Not sure you have a lot of options?

[ddtmm]

If you do a fresh install of Windows 7 these days? The update process is PAINFUL! You'll literally need to leave the PC downloading updates for a good 8-10 hours or more before it finally starts doing anything obvious.

I think that was the intent.

Re:Not sure you have a lot of options?

[MightyMartian]

Smart TVs still don't have the range of video playing capabilities that VLC does, and are certainly not as network friendly, and generally, if they have any support for network file shares, that support is rudimentary at best. Having a fully functioning PC as the video player creates a lot more options.

Re:Not sure you have a lot of options?

[MightyMartian]

These are domain members, but off the top of my head, the GPO settings around automatic download and installation of updates at specific times never seems to apply consistently.

Re:Not sure you have a lot of options?

[l0n3s0m3phr34k]

VSS is your friend; or should be your customer's friend. We have it on a nightly scheduled on all our servers on top of Back Up Exec. They could roll-back to the previous night on a System State restore, disable auto-updates, at least until you had the time to do troubleshooting on the patches.

Re:Not sure you have a lot of options?

[Gr8Apes]

Yes, a computer should be getting updates if it ever connects to a network independent of whether or not it had internet connectivity. In this case, it is the other hosts on the network that create the risk.

Completely false. The only updates you need are specifically for the network stack and any applications that access the network. The rest are generally useless to you and may create problems. For instance, a bare XP from 2001 machine connected to a network behind a solid firewall and only running a text only mail client is relatively safe, as far as that system can ever be considered safe. It would not be any safer than a fully patched system running the same software under the same conditions.

Re:Not sure you have a lot of options?

[Gr8Apes]

Every time someone voluntarily went to a Windows 10 PC (even though there are alternatives), they have a horror story about it

Hyperbole = bollocks. My partner and I are on W10, it's heaps better than W7 or W8*, and we have no horror stories. Almost everything I use auto-saves, apps reload on reboot, and I have enough discipline to save Notepad files or Sql Manager queries if I want to keep them.

So you admit you take steps to guard yourself against purposeful OS actions and yet you claim that is merely an annoyance or less?

Re:Not sure you have a lot of options?

[epyT-R]

Sounds like a corporate setup so they probably integrate into AD. Also, systems like that practically need good video driver support to play back high res video without pegging the cpu and dropping frames. Linux is spotty with that at best (though it has been getting better).

Re: Not sure you have a lot of options?

[Malc]

Great idea: leave a bunch of local root exploits available that can be leveraged once compromised by a zero day remote exploit.

Re:Not sure you have a lot of options?

GPOs that would seem to work don't always apply, so it just gets to be an annoying problem.

Can you expand on the specifics of this? Which GPOs are not working as expected? I'm running Win10 Professional not on a domain and settings under Computer Policy > Administrative Templates > Windows Components > Windows Update still work as expected.

Asking because I don't want to be caught by surprise either at a particularly inconvenient moment.

If you really want any control, your only option is enterprise. This is what microsofts endgame is truly targeting. Almost every update for windows 10 has nipped away at little things that make it almost unmanageable for 10 pro in a business environment. They started from the get-go with updates... long-term service branch only available to enterprise, and slowly worked in other things like taking the ability to control/disable the windows store, start menu options, etc.
Most smaller businesses wont really notice or care about some of these things, but as you start hitting medium and large companies or even smaller ones that want a fully locked down environment, you will quickly find it is impossible with pro, but MS will make it all good again for the low low price of an enterprise agreement /rant

Re:Not sure you have a lot of options?

[toonces33]

I did recently install a Win7 machine from scratch. After the install I installed the August rollup, and then ran windows update. That thing must have run for a full day before it concluded that there were only 24 updates that were required (half of which were .NYET).

Microsoft announced that they are going to do similar rollups for .NYET.

Re: Not sure you have a lot of options?

[Gr8Apes]

Great idea: leave a bunch of local root exploits available that can be leveraged once compromised by a zero day remote exploit.

And a zero day remote exploit wouldn't already have owned the system?

Re:Not sure you have a lot of options?

[lgw]

Somewhat unrelated, but how do you buy BackupExec these days? It seems to have moved to a new owner (again - I think this is the 9th), and they don't seem to be selling it directly, or even have pricing info.

Re:Not sure you have a lot of options?

[l0n3s0m3phr34k]

Veritas bought it, and they only sell through their re-sellers. It looks to cost around $800-$900.

Re:Not sure you have a lot of options?

[blind+biker]

Every time someone voluntarily went to a Windows 10 PC (even though there are alternatives), they have a horror story about it

Hyperbole = bollocks. My partner and I are on W10, it's heaps better than W7 or W8*, and we have no horror stories. Almost everything I use auto-saves, apps reload on reboot, and I have enough discipline to save Notepad files or Sql Manager queries if I want to keep them.

First of all, you're still making my case, as you imply that Win 10 reboots outside of your control. Beside that, a lot of people cannot save their work fast enough to be safe in such rebootey conditions - my SolidWorks assemblies easily take half a minute to save, sometimes much more (rarely, but it happens).

Re: Not sure you have a lot of options?

[Man+On+Pink+Corner]

What usually happens is something like the following: you have several Windows PCs on a LAN. One user on the LAN decides it's a good idea to open the quarterly_results.xlsx.exe attachment that came from the company's Nigerian branch. Or maybe they're curious to see what's on the thumb drive that somebody 'accidentally' left in the restroom. Every organization from the grocery store on the corner to the NSA has someone working for them who will think that's a good idea.

Now you have an exploited system inside the firewall. If any drives or other resources are shared among computers on the LAN -- which after is the whole idea behind a LAN -- the machines hosting those resources are at substantial risk. Even something as harmless as a shared printer can serve as a staging area for attacks.

This is why compromising Windows Update to turn it into a marketing vehicle was such a monstrous thing for Microsoft to do. Giving users an incentive to turn off automatic updates was just incredibly stupid and counterproductive. But they did it anyway, because, after all, "We're Microsoft. Who's going to stop us?"

Re: Not sure you have a lot of options?

[Ash-Fox]

Do any of those devices support active directory tied in with certificate authentication on WiFi and LAN interfaces?

Re:Not sure you have a lot of options?

[WinstonWolfIT]

Um, partner is an official designation in Australia.

Re:Not sure you have a lot of options?

[WinstonWolfIT]

In no way is that a horror story. Updates running overnight is more convenient than saving a file is inconvenient.

Re:Not sure you have a lot of options?

[Ol+Olsoc]

Yes, a computer should be getting updates if it ever connects to a network independent of whether or not it had internet connectivity. In this case, it is the other hosts on the network that create the risk.

Sorry, I have a Windows 10 off th einternet system. Now that it works, there's no way I'm going to screw it up with Microsoft W10 updates. On the computer I used to familiarize myself with W10, it's been bitched up three times now. P A vius is a lot less damaging than missing a deadline because teh computer stops working. At this point, Microsoft is included in the malware suppliers.

Re:Not sure you have a lot of options?

[ncc74656]

If you do a fresh install of Windows 7 these days? The update process is PAINFUL! You'll literally need to leave the PC downloading updates for a good 8-10 hours or more before it finally starts doing anything obvious.

That's why you slipstream updates into your installation image. Slipstreaming the various post-SP1 patch rollups as they're released will slash your installation time significantly, and there are only a relative handful of them at this point.

The only thing slipstreaming doesn't cover is updates to the .NET Framework. For whatever reason, they're not provided in a compatible format, but only as installer .exes. RT Seven Lite, however, will create an image that will run these installers (or others) in a post-Win7-installation step. It also facilitates slipstreaming the other updates, so it's useful to have on hand.

Re:Not sure you have a lot of options?

[Wolfrider]

--You can speed up Win7 updates A LOT just by using WSUS Offline Update. Download once, burn to DVD and update the client PC with that.

--Win7 "official" update process is horribly broken and CPU intensive, to the point where the CPU fan on a laptop I inherited had basically failed due to 100% continuous use.

http://www.wsusoffline.net/doc...

--Note that you may have to run the WSUS updater on the client multiple times and reboot/repeat, but this is still *much* better than doing it the traditional way. After updating, I'd recommend doing a full bare-metal backup with Veeam or Aomei or the like.

Re: Not sure you have a lot of options?

[epyT-R]

Thank you, exactly.

Re: Not sure you have a lot of options?

[Malc]

How about: a "correctly" configured system gets exploited remotely via a brute force dictionary attack that uncovers a weak password? Now you have a false sense of security and don't expect the unpatched local root issue to be exploited.

Re:Not sure you have a lot of options?

[ripvlan]

Yup - totally living that. Superseded never made sense either - esp with a mix of "older" and "newer" installs. You couldn't decline an patch via the cleanup tool if it was needed. And then upgrading a newly deployed machine was difficult unless you spent the time to slipstream which was a pita.

A healthy mix of several OU Targets and I just keep pressing "Approve all" (after testing in a smaller group of early adopters).

I look forward to this change - not sure what the impact will be.

wow - a helpful and relevant /. post !!!

Re:Not sure you have a lot of options?

[RevDisk]

Did a fashion display a bit ago on Madison Ave for Fashion Week. PCs and Smart TVs do a crap job. Best solution for absolutely no fail, 24/7/365 displays is a dedicated video unit. We went with VideoTel unit for $300. Cheap, SD card for media and dumb as a brick, which is exactly what we wanted. BrightSign always more scripting and niftier features but costs more.

No updates, no way to hack without physical access, no nothing except playing a video on a loop. They automatically power up after power loss. Our units typically run for months without hiccups.

Re:Not sure you have a lot of options?

[RevDisk]

We tried Smart TVs for video players. Unreliable and we had lag between video clips. Didn't power on as smoothly as we'd like for recovery from power outage. Failed pretty much every "seamless solution" criteria we tried. They do actually make digital signage TVs, but they tend to be more specialized than generally desired.

A consumer TV and a dedicated video unit are cheaper, and we "toss" the TVs every year or so.

Re: Not sure you have a lot of options?

[david_thornley]

A zero-day exploit might not get root/admin rights on a system. It may be able to use local bugs to get those.

Re: Not sure you have a lot of options?

[david_thornley]

How about downloading and running random executables from reputable sites? Most putatively reputable sites display ads from some sort of service, and don't make sure they don't contain malware. There was one incident not too long ago where a lot of people were hit from the New York Times site.

Re: Not sure you have a lot of options?

[Gr8Apes]

A) the system is a limited functionality system to begin with, so lots of things wouldn't be on the system to exploit. B) zero-day exploits that I've seen all can leverage themselves into admin rights on windows without any additional help. If you can run arbitrary code on windows, you can root it.

Re:Not sure you have a lot of options?

[Rakarra]

Sounds like a corporate setup so they probably integrate into AD. Also, systems like that practically need good video driver support to play back high res video without pegging the cpu and dropping frames. Linux is spotty with that at best (though it has been getting better).

If you use an Nvidia card with nvidia's driver, you're fine on Linux, and have been for a good part of a decade.

Re:Not sure you have a lot of options?

[Rakarra]

Have you never heard of domestic partners before?

Re:Not sure you have a lot of options?

[martinfb]

For those stuck with Windows, it is obnoxiously arrogant to now force ALL updates on a user. What if there is a specific patch I really do NOT want? What if there is a patch in that same update I need? I am screwed!

I think MS's move closer to "Big Brother" is totally uncalled-for, unethical, and a breach of trust. They need to be SEVERELY regulated; and I intend to push and lobby for the freedoms users deserve!

Re: Not sure you have a lot of options?

[david_thornley]

If you can escalate yourself to admin rights if you have the ability to run arbitrary code, and you're sufficiently confident to throw it out as a general truth, then Windows security sucks anyway.

Re:Not sure you have a lot of options?

[WinstonWolfIT]

In Australia, de factos refer to themselves as partners. Deal with it.

Re: Not sure you have a lot of options?

[Gr8Apes]

If you can escalate yourself to admin rights if you have the ability to run arbitrary code, and you're sufficiently confident to throw it out as a general truth, then Windows security sucks anyway.

Anyone can. Well, anyone that's spent even 3 days studying how to inject code into DLLs. Even today on any system pre win10, and likely with win10 also as the security hole is big enough to drive a planet through. It's the biggest issue with the architecture. If you can run arbitrary code that enables you to inject code into a DLL, then pwnage is guaranteed. Why? Because you could, at least before win10, inject code into a system DLL, and choose exactly where you wished to inject it, say, something like a network access method that's frequently run by a process with system privs. Guess what happens the second a system priv process hits that DLL in the future? TBH it's been a few years since I played with this and I believe AV and the windows calls have been hardened but the capability still exists. There's a reason I don't run windows anywhere and actively discourage it in places I work. I've cleaned up the resulting windows mess more than once in my past, and quite frankly I think I'd prefer the pain of systemd over a windows server environment any day of the week.

In other words..

"You want security patches? Welp, you're gonna have to accept Telemetry too."

Re:In other words..

[Z00L00K]

And this is what's most worrying, we don't really know what's in "Telemetry", and I have a feeling that it's going to be a problem.

And we can't figure out which part of a future monolithic patch that actually causes the system to behave bad, some patches aren't even possible to uninstall without a lot of hard work.

Re:In other words..

[vtcodger]

Personally, I thought Windows peaked along about Win95 OSR2 -- which was actually quite a good OS for 1997. Fast, compact, ran OK with next to no memory and was very reliable. Pretty much all downhill from there I think.

But what does one do for applications? And I should think the lack of USB support that works might be an issue.

Re: In other words..

[whopis]

Win 95 OSR2 has USB support.
It was only the retail versions that lacked it.

Re: In other words..

[demonlapin]

OSR2 had shit USB support that wasn't worth the trying. If your hardware was weak, run 95A (which was not much more demanding than 3.11). If you could handle it, run 98SE (a much more competent OS). Or, y'know, Linux, but good luck configuring it back then.

Re:In other words..

[RandomSurfer314]

How about writing a snail mail letter to Microsoft that you do not agree with any telemetry and demand that the EULA between you and Microsoft has to be changed accordingly. That way, Microsoft has only few options: Cancel the contract and compensate you for the loss of service provided by your license of Windows 7, not activate telemetry on your system, or install telemetry, which in this case would constitute illegal wiretaping that falls under penal law.

I'm sure that this couldn't possibly affect Microsoft much in the US, but in the EU this way of proceeding might give Microsoft's lawyers a headache.

Re: In other words..

[vtcodger]

W95 OSR2 USB support pretty much didn't work at all, ever. It took about five years for USB support in any OS to reach the level of being a crapshoot -- some stuff working flawlessly and other stuff not working at all. After 2002 or so, USB usually worked in Windows. Persuading Unixes to work with USB was a challenge.for another few years after 2002. Not that it couldn't be made to work ... eventually ... if one was patient enough.

Re:In other words..

[TheHappyHippo]

"You want security patches? Welp, you're gonna have to accept Telemetry too."

Probably true. Many of those who haven't switched to Windows Telemetry... err Windows 10 yet have probably also decided not to install the telemetry patches Microsoft have released for Windows 7 and 8.1. So, now you have to install them in order to get other updates.

Re:In other words..

[Zontar+The+Mindless]

Windows 2K was the bomb. When I saw what XP was like, though, I knew the writing was on the wall and switched to Linux when 2K fell out of support.

One of the very few decisions I've made in my life that I have never yet regretted, not even once.

(*looks over shoulder, smiles and nods* Yes, honey, you're one of those, too. Honest!)

Re:In other words..

[lgw]

2K had it right, no question. I never went down the Win95 road - I just used NT 4.0 as that was a very modern server OS for home use back in the day (when Linux was Slackware on 32 floppies). But Win2K gave NT a real UI, and a wide selection of games worked.

Re:ironically

[MightyMartian]

Which modern variant are you using that you have conflicts of this kind?

response

[markdavis]

>"Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux.""

Yep, still run Linux...
I install whatever I want, whenever I want, however I want, on what I want. My machine belongs to me.

Re:response

Yep, if only Lenovo wasn't the only PC manufacturer out there.

Re:response

[ArchieBunker]

More like Linux lacked a driver for the oddly configured SSD.

Re:response

Like most Windows users, you are retarded. If you can not freely access or use your kit without someone else having the final word, it's no longer yours, it's been expropriated.

Which happens to be exactly what "secure boot" and Windows 10 is all about.

Re:response

[markdavis]

>Their motto is "Whatever, I do what I want".

LOL- I like it

Re:response

[mysticgoat]

Yes, running Linux is still the best option, for most Windows users.

Obviously if you are required to use software that only runs on Windows --perhaps you are a photographer who has to submit his finals in Photoshop format-- then you are stuck in the Microsoft microbiome. Too bad.

But most Windows users are not being coerced into that submissive role; they could switch to something like an Ubuntu LTS and be happy --and more productive at lower long term cost-- than if they continue to pay to be a commodity in an obsolete and slowly failing marketeers' world.

good to fix the 2-3 reboot passes to get systems u

[Joe_Dragon]

good to fix the 2-3 reboot passes to get systems up today + all of the optional stuff that does not auto install.

Also all of the hot fixes as well.

Re:www.safer-networking.org/spybot-anti-beacon

[Z00L00K]

The hosts file is already circumvented by Microsoft.

If you really want to solve this then it's to force Microsoft to change every IP address they are associated with.

Will there still be zero day fixes?

[Joe_Dragon]

Will there still be zero day fixes?

As in small updates for just that one fix mid mouth? and then for full one at the end of mouth?

Can we get something like windows 10.01 10.02

[Joe_Dragon]

Can we get something like windows 10.01 10.02?

Or Windows 7 sp2 or SP1.5

Windows 8.2 or 8.1.5?

Re:Can we get something like windows 10.01 10.02

[sexconker]

MS won't release SPs anymore because all of their shit in place says SPs add to the support length of the OS.
That's why Windows 8.1 happened instead of Windows 8 SP 1.
That's why 7 had only 1 SP despite desperately needing another. It's so bad Windows Update doesn't work on a fresh Windows 7 install until it crashes twice over 36 hours. The third time usually works after another 8-12 hours.

Re:Can we get something like windows 10.01 10.02

actually, it's because "service packs" require testing and they don't employ patch testers anymore.

Re:Can we get something like windows 10.01 10.02

[Anonymous+Brave+Guy]

What is effectively Windows 7 SP2 is called the Convenience Rollup instead, probably because it avoids complications about extending support dates if a new Service Pack is released, and it's found as KB3125574. See my first post to this discussion for more about how to use it, including installing it without waiting an eternity for Windows Update to get its act together.

Re:Can we get something like windows 10.01 10.02

[Daltorak]

Can we get something like windows 10.01 10.02?

Or Windows 7 sp2 or SP1.5

Windows 8.2 or 8.1.5?

Sure. It's already there. Just gotta understand how Microsoft versions Windows now.

• - Think of "Windows 10" as a brand name, like "Mac OS X", instead of "the tenth version of Windows".
• - Run this from Powershell: get-item 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\' and you will see values like CurrentVersion (6.3), ReleaseId (1507, 1511 or 1607), CurrentBuild (10240, 10586 or 14393), and UBR (17113, 589 or 189 if you're fully patched)
• - You can also see those numbers by typing "winver".
• - ReleaseId and CurrentBuild will always be matched in any OS release. ReleaseId is the year/month; CurrentBuild is from their build system.
• - UBR is short for UpdateBuildRevision and it generally refers to the number of bugfixes applied on top of CurrentBuild. It jumps by a bunch every time a cumulative updated is released.
• - The CurrentVersion value of "6.3" might make you think that this is the fourth version based on the Windows Vista (6.0) kernel, but the reality is that they found a lot of software refuses to install if they try to increment it past 6, even if the software itself works perfectly on the newer version of Windows. So they deprecated this value in Windows 8.1 and it will always be 6.3.

(TL;DR: Mac OS X 10.11.6 == Windows 10 10.10586.589.)

Microsoft publishes a list of the cumulative fixes for Windows 10 and their Build/UBR numbers on their web site. They've never done this kind of a list for previous versions of Windows.

Re:Can we get something like windows 10.01 10.02

[sexconker]

Regular patches require testing too. The fact that they don't test anymore isn't part of it.

Microsoft Update Catalog is my new hero

[Anonymous+Brave+Guy]

For general information, if you're installing a fresh Windows 7 now (starting from SP1, presumably) then it seems by far the fastest way to get a system reasonably well patched is to install the Convenience Rollup (KB3125574) and if necessary its prerequisite (KB3020369) from the Microsoft Update Catalog. That immediately brings you up to somewhere around April 2016 in terms of patch level, and you can download the required files quickly from the Catalog site and then install them locally using WUSA without waiting around for hours while Windows Update does whatever its current broken mess needs to do now. The most recent time I did this was just a few days ago, and after doing that it was then another couple of hours for Windows Update to find the rest and install the remaining security updates, but at least it could be done in an afternoon instead of leaving the new PC overnight and hoping it might have found something by the morning. Spybot Anti-Beacon or some similar tool can still turn off the various telemetry junk that you can't now individually because it's all bundled into the CR update.

Incidentally, for those who would prefer to keep security patching their existing Windows 7 systems but not get anything else, there are reportedly (direct from a Microsoft source) going to be monthly security-only bundles as well, but you'll have to get those from Microsoft Update Catalog manually as well, they won't be advertised or pushed out through Windows Update. So it looks like the new SOP is to turn off Windows Update entirely (as a bonus, you get back that CPU core that's been sitting at 100% running the svchost.exe process containing the Windows Update service for the last few months) and instead just go along and manually download the security bundle each month to install locally.

Of course, Microsoft Update Catalog requires Internet Explorer 6.0 or later and won't run with any of the other modern browsers, but I'll live with using IE to access it if it means I get security-patched but otherwise minimally screwed up Windows 7 machines for another 3 years.

Also, it's been confirmed that this policy will apply to all editions of Windows 7. It's not an Enterprise-only feature and doesn't require the use of WSUS etc. Let's hope they stick to their word on this one.

Re:Microsoft Update Catalog is my new hero

[hairyfeet]

The Convenience Rollup is kept on my keyring USB stick as its just soooo much easier than dealing with a system that may not have had a patch on it in years.

And as far as these new crap "mega updates"? Just turn off Windows Update and use WSUS Offline which last I checked is doing just as you described and grabbing the manual security updates, only you get them nicely bundled with a script that will install them all (and do any reboots required) and shut down the system, hassle free. I highly recommend it.

Re:Microsoft Update Catalog is my new hero

[Hognoxious]

Have a few Win7 installs that I use rarely, so I tried to download it on Linux.

https://support.microsoft.com/...

sends you to

http://catalog.update.microsof...

which says

This website does not offer updates for the operating system on this computer. [no shit, Sherlock]
This website only provides updates for computers running Windows 2000 Sp3, Windows XP or Windows Server 2003 and later. If you prefer to use a different Windows operating system, you can obtain updates from the Microsoft Download Center."

So I click the link for the download center ...

go.microsoft.com/fwlink/?LinkId=10678

And from there

https://www.microsoft.com/en-u...

And then the link labelled "Microsoft Update"

http://www.update.microsoft.co...

Thanks for your interest in getting updates from us.

To use this site, you must be running Microsoft Internet Explorer 5 or later.

To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates. [...]

I do indeed prefer to use a different web browser. So I click the link and it takes me to

https://www.microsoft.com/en-u...

Think I've been there before.

So this means you have to connect the unpatched install to the internet to download the patches while just hoping you don't get hacked? Sheer genius. I mean, it would be absolute madness to download a patch on one machine to use on another (or several others).

Re:Microsoft Update Catalog is my new hero

[Zontar+The+Mindless]

I mean, it would be absolute madness to download a patch on one machine to use on another (or several others).

Well, this IS Microsoft, after all. Not only designing for the lowest common denominator, but effectively mandating that anyone who actually has a clue constrain himself to that level, regardless. They've only been doing this for about 20 years now.

I put up with it for 10 of them.

Re:Microsoft Update Catalog is my new hero

[l0n3s0m3phr34k]

Totally second WSUS offline, it's a life saver for those systems that just refuse to update.

Re:Microsoft Update Catalog is my new hero

[Hognoxious]

Thinking about this, I had similar problems when XP SP2 or 3 came out. My home connection was slow and flaky so I tried to download it at work, except my work machine was on W2K...

IIRC I eventually found some masonic sysadmin page with direct ftp:// links. Anybody remember those?

Re:Microsoft Update Catalog is my new hero

[King_TJ]

Yes, it's good advice to try to install the "Convenience Rollup" on a fresh Win 7 SP1 install before trying to update the rest of the OS.
But from my experience with that? You absolutely *do* have to install the prerequisite KB30203369 first, or else it won't do a thing. And when you download and run that prerequisite, it still has to go through some type of "searching for updates" process which seems to involve communicating with the Windows Update servers Microsoft hosts. I had a lot of problems with THAT process getting stuck for hours and having to reboot and try again once or twice before it finally went through.

Re:Microsoft Update Catalog is my new hero

[lgw]

So how do we know WSUS Offline isn't primarily a malware vector? This seems like the very best way to build a botnet: hijack Windows Update. Or, even if they're honest, what a target!

MS has clearly lost its way when 3rd-party Windows distros start looking like the best security practice.

Re:Microsoft Update Catalog is my new hero

[lgw]

Yes - IME you're totally screwed if your network stack is hosed, or you accidentally have the same IP address or hostname as another machine. What a mess.

Re:Microsoft Update Catalog is my new hero

[hairyfeet]

Uhhhh...can you read? Because that is really all you have to be able to do to check WSUS Offline since the GUI is really just a front end for some scripts which are in a folder appropriately labeled "cmd" so you can just open them in the text editor of your choice and see what its doing.

It also doesn't try to obfuscate in ANY way what it is doing or who it is calling if you are using the Offline Generator to generate an Offline Update client (it currently supports Vista-10 including the server variants, VERY handy to have) so when you launch it you get a standard command prompt where you can simply look at the screen and see its just calling the MSFT update servers and downloading the updates straight from the source.

Let me give you my personal assurance, I've been using WSUS Offline for so long I still have the DVD with the WSUS Offline for Windows 2K Pro and not once has there ever been an issue with any kind of spyware, malware, or even Windows Update issues because this doesn't use the WU client and just installs them manually via script. I can't even count how many clients I've used it on, easily in the thousands, and its one of those tools I'll always keep on my network share, its head and shoulders better than dealing with WU.

Re:Microsoft Update Catalog is my new hero

[lgw]

The attacker assured me "the GUI is really just a front end for some scripts". The attacker assured me the screen I see is "a standard command prompt where you can simply look at the screen and see its just calling the MSFT update servers".

This is the risk here. Has it been audited by security professionals? Do they have a process in place to discover that their code repo was hacked? The same applies to Linux distros, of course, where there have been issues (though few have been discovered).

To be fair, they're probably as secure as the MS bits they're built on, but still it's overall a sorry state of affairs.

Re:Microsoft Update Catalog is my new hero

[hairyfeet]

So you are literally arguing that command prompts are magic? Or are you arguing that you cannot read?

Because you don't HAVE to use the GUI if you do not want to, you can just run the scripts straight from the folder and simply throw away the GUI if you want as all it is doing is simply editing a script called "update" that is in the parent folder right next to the GUI. Throw away the GUI and run the script, which again you can just open in any editor and guess what? It does exactly what the GUI does, installs the updates with the conditional flags you chose. The options you choose? Again all just basic scripts with easy to read descriptors like "install DotNET" "InstallOfficeUpdates" and "MakeLogFile" and anyone who can read even the most basic script can read these quite easily as they are all laid out in classic "if this then that" script language with no attempts at any obfuscation.

So I'm sorry but now you are either just trying to sling FUD or you honestly do not understand how virii work and think computers are magical black boxes that some boogeyman can wave a wand and create a bug. Scripting is something anyone with any kind of IT knowledge or support background is not gonna have any trouble reading, the websites being called to download the updates are the Windows Update site owned by MSFT so unless MSFT gets their own update servers pwned there is no issue there, and once you have downloaded the updates no network or third party programs or even the GUI itself is required as it is simply manually installing Windows Updates from a command line.

Re:Microsoft Update Catalog is my new hero

[lgw]

What I'm saying is: this is a valuable attack surface for someone building a botnet. If most people use the GUI, then it won't matter that the scripts are clean if the GUI is dirty (obviously, just because a window that looks like a command prompt running scripts is displayed, that means nothing if it's all presented by the GUI).

There have been attempts to hijack Linux distros before, and hijacking Windows update is a key prize.

Re:ironically

[donaldm]

Which modern variant are you using that you have conflicts of this kind?

Well to be fair I did have a conflicting package in Fedora 24 (the only one I have ever had with this distribution) a few weeks ago and my options were 1) Update all other packages except the offending package. 2) Remove the offending package and reinstall at a later date. 3) Wait about two days for the issue to be fixed.

As least with Linux you have options so a two-day wait was not a big deal and also the package that I had the update issue with was one that I rarely used, but even so if I chose options "1" or "3" I could still use the full functionality of the package, it's not as if the conflicting package stopped working.

BTW. The AC comment was a troll since the did not appear to have a clue.

Cumulative and combined

[Calydor]

So what exactly are they going to do? Are we going to download the entirety of updates that have ever been released for Windows every month? That seems like a crazy waste of bandwidth, especially for people with slow or capped connections.

Re:Cumulative and combined

[hcs_$reboot]

Well, hopefully that will end the "system being at updates n-10, have to patch n-9, then n-8, then n-7 ....."

Re:Cumulative and combined

[l0n3s0m3phr34k]

Microsoft has shown, via the 6.5gb Windows 10 "upgrade", they care little about anyone's slow or capped connections.

Re:Cumulative and combined

[denbesten]

...Are we going to download the entirety of updates that have ever been released for Windows every month? ...

If you update online you get just the changes. If you download and install you get the whole thing.

Microsoft answered this and many other concerns on their blog last month. Your particular answer can be found in the comments.....

Nathan Mercer
September 15, 2016 at 8:37 am

... Monthly rollup will grow to be about the same size as Convenience rollup update. If you install via WU or WSUS you can take advantage of the Express feature to just have deltas going across the network. Security-only update will obviously be much smaller.

Re:Cumulative and combined

[fahrbot-bot]

In addition, from the same blog post:

Over time, Windows will also proactively add patches to the Monthly Rollup that have been released in the past.

Probably meaning telemetry and all the other things people have explicitly not installed (like Silverlight - for which "patches" appear in WU, even though I don't have it installed).

Re:Cumulative and combined

[fahrbot-bot]

Damn. Missed this bit of good news in the blog in my previous post:

Microsoft Update Catalog
The Microsoft Update Catalog website is being updated to remove the ActiveX requirement so it can work with any browser. Currently, Microsoft Update Catalog still requires that you use Internet Explorer. We are working to remove the ActiveX control requirement, and expect to launch the updated site soon.

Defer upgrades?

[ArtemaOne]

Does anyone know what will happen to those of us deferring upgrades? I got weird errors and lost my HFS partition last time it happened. Do we get a separate set of updates, or will we be forced to grab the anniversary update despite the bugs?

Re:Defer upgrades?

[Impy+the+Impiuos+Imp]

The anniversary patch chose to install Friday when I shut down.

Corporate suicide!

[Angeret]

Has anyone at the top of Microsoft figured that corporate suicide isn't an achievement they should be aiming for? They keep trying harder for it every year and eventually, with enough effort, will be proud recipients.

Re:Corporate suicide!

[nukenerd]

Has anyone at the top of Microsoft figured that corporate suicide isn't an achievement they should be aiming for? They keep trying harder for it every year and eventually, with enough effort, will be proud recipients.

No they won't die. Have you never seen The Terminator, Westworld or similar films and stories about The Thing That Won't Die ?

Microsoft is that - The Thing That Won't Die. No matter how much it is whacked, or whacks itself, it just gets up again like a zombie with even more wounds spouting pus over anyone who goes near it and keeps on walking and trampling with empty eye sockets and flailing arms, just like in a horror movie.

Re:Corporate suicide!

[gweihir]

So far it works for them. There are enough people that think Win10 is great. Of course, the corporate market is another story.

Re:Corporate suicide!

[fahrbot-bot]

Microsoft is that - The Thing That Won't Die. No matter how much it is whacked, or whacks itself, it just gets up again like a zombie with even more wounds spouting pus over anyone who goes near it and keeps on walking and trampling with empty eye sockets and flailing arms, just like in a horror movie.

(cough) SCO Group (cough)

Good for convenience, bad for large IT shops

[ErichTheRed]

Having done the end user computing engineering thing for quite some time, I've had to deal with Windows Update in places as large as 40,000+ PCs. There's a conundrum in the cumulative patching model -- it's super-easy for IT, but could leave some places more vulnerable.

The problem is that the more diverse a company's IT needs are, and the more proprietary software they rely on, the less able they are to just roll out a bundle of fixes to everyone and call it a day. I think Microsoft is forgetting how much some companies are relying on desktop Windows for line of business applications...it's almost like everyone there has drunk deep of the Cloud/Surface/Phone/Tablet/Web Services kool aid, and just assumed those crappy 20 year old applications have disappeared along with desktop/laptop use cases. In their minds, the only thing they have to make sure works correctly on site is Internet Explorer/Edge and Office.

Admittedly, updates are a confusing mess of semi-circular dependencies and it is very difficult for Microsoft to test even common combinations. But, making them all cumulative means this...Assume you have 10 updates in a bundle, 6 work fine everywhere, 1 breaks 40 PCs in Department A, 1 breaks the LOB app running on all 18,000 PCs you run, 1 breaks a behavior in IE some junky internal web app running on 2,300 PCs and 1 breaks the CEO's computer. All those computers have to wait until the problem is solved to get the protection for the 6 vulnerabilities, and they will continue to be unpatched since the bundle is cumulative.

The other thing I'm not a fan of is the removal of any sort of information about what gets patched. There used to be comprehensive descriptions of what was patched, and companies who knew what they were doing could direct testing to the right application groups. That's the other thing that's going away this month. We're a big Microsoft shop so we're pretty much resigned to upgrading to Windows 10...I guess we'll see what happens. Microsoft's been trying to cremate Windows 7 ever since early this year, messing with support dates and not backporting features. We'll see if Microsoft's "update rings" strategy that they're recommending everyone migrate to is workable.

Re:Good for convenience, bad for large IT shops

[RicktheBrick]

I did a factory reset on a laptop to get back to 8. It started out with 181 updates and took over 8 hours to accomplish this. I turned it on the next day only to discover there were 21 more updates. I do not know if it is windows 10 or slashdot software but to type in this comment I attach a external keyboard since if I type on the laptop keyboard it goes crazy on me making it most difficult to type. Microsoft's games are the worst. I was playing Treasure Hunter and all at once it quit on me I restarted the game only to find that it was like I never played the game therefore losing more than a month of playing it. My results are suppose to stored on the cloud so there should be nothing my laptop could to produce that result. I really do not want to start over if there is a chance that it will happen again. In the game one must get across the screen to find an exit but for some reason the exit is not visible unless on magnifies the screen to the max. There is a game of solitaire where one must accomplish a task within a certain number of moves. But they have auto moves that can not be shut off and do not help in winning the game. So one must hit the undue button a lot of times since the game will try to redo the moves after every move the player does. Does anyone at Microsoft even play these games as if they did they would certainly see how frustrating they are. I have seen a game that will display a screen just to have it replaced by another screen. They could not be bothered to delete that screen instead of just adding more software to load another. Yet they are trying to get people to pay them over $10 a year so that they do not have to watch commercials. Most of the commercials are there just to punish those who do not pay as one game will advertise another game and it does not matter if one already has both games. I am sure some of the advertising is for me since some are for a Michigan government site. So they must know I live in Michigan. There is a game called Jackpot. It is a free download but they will try to sell you a lucky charm. The most expensive one is $229. I can not imagine someone paying that much money on a free game. I just realized there is not a sticker on my laptop with the key for the OS. If my hard drives fails on me how will I be able to restore the OS on a new one. I guess I could buy a 32 gigabyte flash memory stick and backup the OS and than store it somewhere so that I can find it if I keep the laptop long enough for the hard drive to fail. I would think that they could design the bios so that it could reach Microsoft so that in case of a hard drive failure Microsoft would reload its OS with all of their updates. Quality software must be a crazy idea that Microsoft will not be able to ever accomplish.

Workaround

[squiggleslash]

Apart from the obvious-but-snarky ("Install Linux! hoho I'm so clever!"), you can indefinitely postpone all Windows updates on all versions of Windows 10 by stopping (and disabling if you find a way) the Windows Update service.

Of course, you lose the security updates if you do that too. Whether that's massively important to you depends on how often you run executables downloaded from the Internet, and what TCP/IP services you run on your computer.

Obviously "No security updates" is a bad thing, but if Windows insists on installing an update that actually breaks your PC in some way, no security updates might be the better of two evils, especially if you don't use IE or Edge, run any externally accessible services, and don't run every executable you download from the Internet.

Re:Workaround

[gweihir]

That we even have to consider such "solutions" shows how fundamentally broken both Windows and the relevant consumer-protection laws are.

Re:Workaround

[lgw]

Of course, you lose the security updates if you do that too. Whether that's massively important to you depends on how often you run executables downloaded from the Internet, and what TCP/IP services you run on your computer.

Your security beliefs are about 10 years out of date, unless you consider JS to be an "executable downloaded from the Internet". Almost all malware targeted at home computers is "no click required": mostly malicious JS, but occasionally PDF, or even jpg (remember what that was a joke?), served via ad networks.

So "whether that's massively important to you" depends on whether the machine is used to visit any web sites that serve ads, unless you completely disable JS.

no security updates might be the better of two evils, especially if you don't use IE or Edge

Is MS combining OS and browser updates (and Office?) here? Or is it only the OS updates in the cumulative patch? (Pretty sure the browser and Office patches are regularly rolled into cumulative updates already, but independent ones).

the most common response was "I run Linux."

[flacco]

This is the correct answer.

Re:the most common response was "I run Linux."

[gweihir]

Unfortunately, I am also a gamer, so that does not (yet) work well. But I am strongly thinking about a gaming-only PC and a separate one for working on things, surfing, email, etc. with Linux.

Re:How about 'Bork my system'day.

[um...+Lucas]

I was going to ask if, by bunding updates together like this, is it going to make the lives of security researchers more difficult, as they can't simply diff the changed files of a particular security update? Seems I'm not the only one wondering this...

Re:ironically

[Zontar+The+Mindless]

Which distro is it that you use that has these issues? I'd honestly like to know, because I've been using Linux for 10+ years and I didn't know of any prior to being alerted by your post. This is important info which you shouldn't hold back!

Re:Moron it's only for Windows update

[Zontar+The+Mindless]

Hi Alex,

Despite our history, I'm here to help you out. No, really. So pay close attention:

Nobody needs to do anything to make you look bad. That's a trainwreck you're obviously quite capable of having on your own.

People bait you because it's well-known that you constantly scan Slashdot and other sites looking for people saying things about you. And they do it because they know that you will without fail rise to the bait. Q.E.D.

The only way for you to "win" this is not to play, but you are evidently too dense to figure this out, so you just keep coming back for more. And more. And more...

I take it we are going to get new spyware?

[gweihir]

I really see no other purpose to this than bundling spyware with security-updates. Seems running Windows securely and reliably is going to get even more difficult than, for example, Linux. (Although systemd is trying to change that...)

Re:MS old and bloated

[gweihir]

You are lucky. I updated my Win7 laptop a few days ago (had not found updates for a while and suddenly found them when on the net for a day). Took something like 20h to find all updates and another 10h or so to install them. Talk about fundamentally broken technology.

Re:XP Still Gets Individual Updates Until 2019

[gweilo8888]

No, it doesn't. Windows XP support ended in 2014, and not even security patches are provided by Microsoft any more.

https://www.microsoft.com/en-u...

Yes, you can shoehorn Windows Embedded Industry updates into XP, but that's only going to patch anything which was shared between the two. If a bug or exploit was specific to XP, it won't be patched. And there's no guarantee this trick will continue working next week, never mind a year or two from now -- Microsoft can close the loophole any time they want to.

Re:ironically

[gweihir]

Maybe you are not able to _recognize_ Linux? Because that is not what other people experience...

Tired of manually inspecting every MS patch

Used to be MS security patches were for security, and you could just say "sure, install them all". Now ever since they added things like their anti-piracy nag screens, telemetry, Windows 10 nag screens, Windows 10 itself, you can't just auto-install all the "security" patches anymore. You have to go through every patch, one by one, inspecting what it does, and then checking through additional comments for any non-security items that also may have been tacked onto the patch. Keeping even just one Windows PC patched is now a pain in the ass.

Yay for having to manually manage and babysit the OS.

Finally!

[Moochman]

Finally! This is the way Apple has done it forever and it is sooo much nicer from a user experience perspective. Some may whine about having to accept everything MS wants to push at them, but it's time for them to deal with it and move on. The Windows update process has been essentially broken for the past two decades (>5 hour patch installs on a freshly Windows is *not* acceptable), and it's finally getting fixed. A momentous day.

Re:Finally!

[Ash-Fox]

Finally! This is the way Apple has done it forever and it is sooo much nicer from a user experience perspective.

From a user perspective, it's awful when you just want something that works and nobody can help you.

I still haven't figured out why Sierra users get "Authentication failed" when I see "opendirectoryd: ODNodeCreateWithNameAndOptions completed" in the logs and get errors like "opendirectoryd: ODNodeCustomCall failed with error 'Invalid credentials' (5000)" with no actual logging of the event happening on a fresh, new AD server (made just for testing this scenario). I even had Wireshark inspecting all the traffic from the Mac to try to determine what the issue is, no wrong DNS lookups, or connections to the wrong server etc.

>5 hour patch installs on a freshly Windows is *not* acceptable

Weird, updates are supposed to be automatically installed when installing Windows; which are significantly faster than doing it after Windows is installed.

Thanks for that comment!

[Futurepower(R)]

I appreciate you making more clear why people don't switch away from Microsoft Windows.

Absolutely no way!!!

[martinfb]

For those stuck with Windows, it is obnoxiously arrogant to now force ALL updates on a user. What if there is a specific patch I really do NOT want? What if there is a patch in that same update I need? I am screwed!

I think MS's move closer to "Big Brother" is totally uncalled-for, unethical, and a breach of trust. They need to be SEVERELY regulated; and I intend to push and lobby for the freedoms users deserve!

Dear Microsoft: Get your unwanted crap out of my machine and my life. I, and I alone reserve the right to manage my PC and anything in it. It deeply offends me that you would take it upon yourself to go forcing things on PCs as a general rule; be it patches or Windows 10 upgrades. You need to be severely disciplined.