Microsoft Announces 'Cumulative' Updates Will Become Mandatory For Windows 7 and 8.1

Microsoft's now changing the way updates are delivered for Windows 7 and 8.1. Slashdot reader JustAnotherOldGuy writes: Microsoft's Senior Product Marketing Manager Nathan Mercer just announced that, "From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update... Each month's rollup will supersede the previous month's rollup, so there will always be only one update required for your Windows PCs to get current."

What this means is that individual patches will no longer be available after October 2016, and Windows 7 and Windows 8 users will now only have two choices: stop updating completely and leave your computers vulnerable to security holes, or accept everything single thing Microsoft sends you whether you want it or not.
Microsoft says their new approach "increases Windows operating system reliability, by eliminating update fragmentation and providing more proactive patches for known issues." They added that "Several update types aren't included in a rollup, such as those for Servicing Stack and Adobe Flash," and that "the .NET Framework will also follow the Monthly Rollup model." According to Microsoft's blog post, they'll also be releasing a monthly "security-only" update, but again, "individual patches will no longer be available".

stop updating completely

[turkeydance]

easy. thanks.

Re:

[Thanatiel]

Exaclty.
I wonder if someone has all the IPs used for updates, so it can be block without a fault at the firewall (not the "firewall" in windows)

Re:

[tepples]

I wonder if someone has all the IPs used for updates, so it can be block without a fault at the firewall (not the "firewall" in windows)

Do USB cellular dongles for PCs have a built-in firewall (not the "firewall" in windows)?

Re:

[c-A-d]

The only thing I've seen close to this these days is on-silicon ACLs present in high end 10Gb ethernet cards.

Re:

[Thanatiel]

I was thinking of a "real" firewall at the exit point, and on a private user point of view : the modem.

Makes it easy for crackers, though

[raymorris]

I absolutely understand why you'd say that. I've done that. However, the first thing the bad guys do when they want to break into a system is check for unpatched software. If you're running versions with known vulnerabilities, that makes things really easy for the bad guys.

So what can you do? For me, I use Linux and OS X. Yeah, if you're the type of person who enjoys fiddling with the registry, there's a learning curve. On the other hand, if you normally open browser when you sit down at your computer, Firefox, Chrome, and Opera are pretty much the same on any desktop OS.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[buss_error]

For the family, I got them inexpensive PCs without hard drives (a live boot dvd which I make for them so the printers and internal things work) and tell them to use that for going on line for web surfing, browsing, and banking. Everything else, use the normal PC with windows which is no longer allowed an Internet connection at the router (deny the MAC address for inbound and outbound packets, allow the internal network). It's not perfect but I've not had to work on their systems for several years now for mu

Re:

[SScorpio]

They are probably using SteadyState which is great for a computer lab environment.

Re:

[Darinbob]

Given that Microsoft gives more headaches than malware, it may be the safest bet too.

Re:

[ProzacPatient]

That option will soon be disabled also.

I'm guessing you'll need the Enterprise edition to have that option. I wonder what else they'll disable in Windows 7/8.1 Pro.

Re:

[fustakrakich]

They can't disable it if you have updates disabled in the first place.

Make sure to check that occasionally. I use their "security essentials" because all the anti virus programs are equally worthless, and it can change your update options when you're not looking.

Re:stop updating completely

[Man On Pink Corner]

Agreed. I've left Windows Update completely off since the first appearance of GWX. So how exactly did I get an unsolicited 447-megabyte installation of Silverlight 5.1.50428.0 on August 6? I still run Security Essentials scans every so often, and I allow to update its malware definitions each time. I'm guessing that's where the Silverlight installation came from. Must be one of those "malware definitions."

Clearly a monthly rollup is the right thing to do, considering how long it takes to bring a new Windows installation up to speed. But given their track record, I'd be crazy to allow Microsoft to make changes to my system that can't be rolled back. It would be different if I could trust them to act in my interests in addition to their own. Instead, the continuous stream of lies and incompetence we've seen from the Windows Update team over the past couple of years, including a number of "bugs" and "mistakes" whose effects suspiciously seem to accrue exclusively to Microsoft's benefit, have made it inadvisable to do so.

It's not the policy that annoys me, it's the bullshit.

Stop updating completely? Methods and comments

[Futurepower(R)]

Quoting the parent comment, with modifications: We've seen Microsoft's continuous stream of lies and incompetence... including a number of "bugs" and "mistakes" that appear deliberate.

An article I wrote last year, Microsoft Windows XP "end of life" [futurepower.net], makes the point that Microsoft fixed 319+828+459=1,606 bugs in Windows XP since Windows XP SP1 was released. Now Microsoft says Windows XP is still too buggy to use. We have 16 computers running Windows XP and haven't had any problems. And software does not have an "end of life", it continues to do what it always did.

Why do Adobe Flash and the Windows operating system have so many vulnerabilities? Do Adobe Systems and Microsoft sell vulnerabilities to secret government agencies and fix them when they are publicly discovered?

Ideas:

1) Use Autopatcher [autopatcher.net] until Microsoft's begins its new system of hiding even more completely what it is doing with its updates.

2) Don't allow any Microsoft operating system to have a connection to the internet. Use Linux on a separate computer on a separate network for internet connections. Use Bluetooth to communicate between the Windows OS network and the Linux network.

Re:

[Kvasio]

Idea with higher priority: use some software, such as "WSUS Offline Update" to make a backup of past patches, so when you reinstall, you get Win7 patched as for mid-2016, and not 2006 nor Win10.

Re:stop updating completely

[Darinbob]

Monthly roll up is a good idea for a trusted and responsible company. It's a bad idea for Microsoft though.

Re:

[JustAnotherOldGuy]

I'm guessing that's where the Silverlight installation came from. Must be one of those "malware definitions."

Makes perfect sense, as Silverlight qualifies as "malware" in my book. I don't have it, never use it, and yet somehow everything seems to work just fine without it.

No need to install half a gigabyte of Microsoft's bullshit code that has no value or utility for me.

Re:stop updating completely

[a_mari_usque_ad_mare]

This is the last straw for me, and I fundamentally don't trust Microsoft anymore.

I wasn't crazy about Windows 10 when it first came out. Its the first Windows with monetization and spyware baked in. I also find it much buggier then previous versions, as if they have cut their testing.

The big change is they now seem to view 7 and 8 users as freeloaders and are willing to damage their experience to get them to 10. I think in Microsoft's view if you have a Windows install that isn't using their app store and seeing their ads in the start menu, you don't matter. This change is part of a broader pattern of screwing their users that started with the hard sell on Windows 10 updates.

They have altered the deal, and anyone who runs Windows now needs to pray that they don't alter it any further.

Re:

[bondsbw]

They deserve it, at least this time. I generally like the direction Microsoft is going, except their update policy. The cumulative updates for Windows 7 since June have screwed up Bluetooth and they even acknowledge it in their KB article. I would like to just uninstall the piece that has the bug, but I have to uninstall the whole rollup update.

Why can't Microsoft just open source everything and play nice with the development community without making me cringe every time their update policy changes?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[LVSlushdat]

Thats all well and good that those who took advantage of the "free" Windows 10 are the "product" for MS to milk.. BUT.. Now that you actually have to *buy* Windows 10, these copies of Windows 10 are like the old versions, either you get it on a new machine or you buy a boxed retail disk or perhaps, for system builders, an OEM copy of it... People who have had to *buy* Windows 10 since the end of July have a seriously valid greivance against MS, and I'd be surprised if some very hungry lawfirm (or group of l

Re:stop updating completely

[FatdogHaiku]

I too have had new machines or fresh W7 installs that don't update. The best luck I've had is installing KB3102810
for 32bit:
https://www.microsoft.com/en-u... [microsoft.com]
for 64bit:
https://www.microsoft.com/en-u... [microsoft.com]

Stop the Windows Update service before you run one of these as it can just stall out if you don't.

I guess the thing to do now is move all user doc folders to a NAS and restore the user machines from images on a regular basis. I too would like a list of MS IP addresses, mainly because telemetry...

This would be a great time for the Android x86 guys to shine.
What a bunch of asshats up there in Redmond!

Re:

[Rockoon]

The trick is to disable windows update and then reboot

Now that its disabled, install the most recent update to windows update that wont complain (not the july version I think) and then finally install the latest version of windows update.

Now that updates are working again, keep them disabled, because fuck this shit.

Keep in mind old Hotfixes will go away - image now

[sasparillascott]

Not noted in the Slashdot entry is that after the October takeover of PC ownership via Windows Update is that Microsoft is going to backport the hotfixes into the mass monthly updates (and presumably remove those hotfixes from availability afterwards).

The consequence of this is that soon you will not be able to do a fresh install of 7 or 8.x and install only the hotfixes you want to get them up to (pre Oct 2016) as the old hot-fixes are going away too. If you're stuck using Windows better get your all

Can't have customers removing spy^H^Hecurity patch

[Anonymous Coward]

I guess they really didn't like people removing telemetry KB updates.

Re:Can't have customers removing spy^H^Hecurity pa

[daid303]

Well, I never cared too much about those. But I did disable all updates about a month ago on my Windows7 and my GF Windows10 laptops. Why? They repeatedly fail to installed. Causing a loop of "using 100% CPU for about an hour, reboot, fail to install, reboot to roll back, and then using 100% CPU again the next day trying to install the update again."

After repeatedly fixing those updates, I gave up and just disabled all updates. (which was easy on Windows 7 and a pain in the ass on Windows 10)

Re:

[daid303]

I think you missed my point. I did that, and all the other hoops you need to go trough when updates fail. It's the frequency and the amount of different hoops I had to jump trough that caused me to say "screw this".

And this led me off Windows Desktop...

[kbonin]

Microsoft has decided they own your computer, so (&*#^%$ em...
Been using Windows desktop since 3.1, mostly for work and gaming, helped move the games industry off DOS4GW to Windows a long time ago. And this sort of crap has moved me from Win 10 to dual boot Win10/Linux Mint, soon to remove the Win10 partition. I've moved almost my work onto Mint, only use Win10 when I have to run a Windows app, and the few left there I'll be exploring Wine or relocating into a Win10 VM. Steam provided great Linux versions of enough of my games I no longer need Windows, and my job is moving from C++ on Windows + Linux to JS on Azure & AWS, so no longer need Windows desktop for anything bur work corporate apps and have throwaway laptop for that. Good riddance.
Will be helping all interested friends make the same transition.

Re:

[Rob Bos]

Quite a few people do care, even if you don't.

And unwanted updates...

[cdxta]

Great, now users can't block telemetry and other unwanted updates without disabling updates altogether.

Re:

[Anonymous Coward]

While I agree that is very much a downside. Patching is a mess today. Bringing up a brand new Windows 7 SP1 install and clicking on Check for Updates always leaves me with a "checking for updates" status for 12+ hours. Windows 7 has been patched so many times and it has been so long since they had a roll-up SP, that Windows Update is broken in its current form. It shouldn't be, but the architecture can't handle the plethora of things to check and dependencies any more.

I'll begrudgingly accept the loss o

Re:And unwanted updates...

[Rockoon]

Bringing up a brand new Windows 7 SP1 install and clicking on Check for Updates always leaves me with a "checking for updates" status for 12+ hours. Windows 7 has been patched so many times and it has been so long since they had a roll-up SP, that Windows Update is broken in its current form.

This is because Microsoft broke it on purpose to try to get more people onto windows 10.

..and here you are not only excusing microsoft for this intentional act of sabotage, you are using this intentional act of sabotage as a supporting argument for another intentional act of sabotage.

Re:

[JohnFen]

I'll begrudgingly accept the loss of control for a much improved ability to actually bring a new system up.

I consider an OS that forces this choice on you to be unfit for purpose.

Re:

[unrtst]

I'll begrudgingly accept the loss of control for a much improved ability to actually bring a new system up.

It takes less time to bring an old gentoo system up to date. There's no excuse for this.

Re:

[bigfinger76]

I did this very thing last night. It had been awhile since I'd done a 7 install, and boy how things have changed. It fought me every step of the way.

Re:

[toonces33]

That's pretty much it. The thing sits at 100% CPU the whole time trying to calculate what the heck it needs to do. If the machine runs out of disk space or gets shutdown or rebooted along the way you run the risk that the internal database that it uses has become corrupt and then updates stop working altogether. The status quo is horribly broken. Will this fix it? No idea.

The article mentioned that there will be security-only rollups for enterprise customers. And separate rollups for .NYET, which sui

Third choice

[WaffleMonster]

Stop using Windows.

Re:

[Greyfox]

Easy enough to say but last time I checked if you want to do anything with the current VR headset boom, you're pretty much going to have to use Windows. Steam's OpenVR initiative makes it sound like you don't, but a few months ago when I checked their Linux examples wouldn't even build.

Re:

[JohnFen]

Well, you could contribute and fix whatever it is that is broken for you. Or just stay with Windows.

Re:

[LVSlushdat]

Stop using Windows.

I did, about 6 years ago.. Used/supported MS products for nearly 20 years as a sysadmin.. Decided that when I retired, I was *done* with MS.. After seeing the "Windows NSA Edition" shit-show, I couldn't be happier....

Re:

[thegarbz]

Stop using Windows.

That's not a choice for many and faced with the complexity of learning a new OS + finding and learning replacement for all the software, or just ... not caring about a telemetry update or two, the vast majority of the world will happily plod along with the latter option.

Re:

[unixisc]

When Windows 8 was out, I found using it so bad that I switched my home PC to PC-BSD. Then at one of my jobs, we had to have an app that ran only on Windows, so I got a $250 laptop which I use for any work that has to have Windows. Use that for work, but for things like shopping, managing my bank accounts, making payments, et al, I use my PC-BSD laptop primarily, and sometimes my Android tablet

Nice as a default, not as a mandate

[davidwr]

People bought Windows 7/8/8.1 with certain expectations, including the ability to opt out of a given update.

Having a monthly roll-up is generally a good idea for most customers, at least in those months with no "bad patches" (grrr). After all, that's how Apple has been doing things for its iOS and MacOS (formerly MacOXS) updates for years. If I recall, that's how they handled updates for the original MacOS (1980s-1990s) as well, except that it wasn't on a monthly cycle.

However, to suddenly change the rules mid-stream is bad PR when it comes to business customers.

At the very least, they should have a registry-key or group-policy that you can put in to "go back to doing things the old way," at least for "Enterprise," "Pro," and "Ultimate" editions.

Oh, to make things worse, they didn't announce this until AFTER the free Windows 10 upgrade period is over. Users who kept Windows 7/8/8.1 specifically so they could manage updates individually are going to be calling "foul" over this.

Re:

[arobatino]

Oh, to make things worse, they didn't announce this until AFTER the free Windows 10 upgrade period is over. Users who kept Windows 7/8/8.1 specifically so they could manage updates individually are going to be calling "foul" over this.

It's still available [cnet.com] from the assistive technologies page. You have to vouch that you use assistive technologies, but there's no proof required, and under the circumstances there's no reason to feel guilty (but using the magnifier for a few seconds once a year technically qualifies if that's a problem).

Re:Nice as a default, not as a mandate

[Anonymous Brave Guy]

We've stopped installing almost all recent updates from MS anyway, since we basically now consider them more dangerous than not patching anything except clearly identified security vulnerabilities.

My concern with the new plan is whether any machines that need a fresh installation after October will no longer be able to download the currently available updates of our choice. If Microsoft make the Windows Update system only work with the new monthly roll-ups and won't supply the previous individual patches any more, that would be significantly worse than just not offering any new patches outside of the monthly roll-ups.

I stopped Win 7 updates long ago

[blind biker]

I have no complaints, my computers work flawlessly.
I look over at the Windows 10 folks, and feel a bit of pity and a bit of indirect embarrassment. But only for a second or two - then I get back to my work. Because that's what my PCs are for.

Re:

[PhantomHarlock]

I also stopped after the first few Win 7 service packs - everything's running great. If it ain't broke, don't fix it. They got all the major stuff ironed out early. I have not had a crash or a problem in many years.

This is fine for a home user who runs with noscript and adblock plus and is very careful in general with security. I wouldn't try to force that paradigm on my family or anyone not a serious computer enthusiast, however.

Could be the end for me

[lurker412]

I've been a Msft user since the earliest versions of MS-DOS, which means that I've put up with a lot of crap but kept on as things slowly improved. I have been burned by a number of updates over the years, so I install them manually after checking them out one by one. It's a pain, and some destructive stuff has slipped through from time to time, but I could always uninstall or fall back to a restore point if necessary. It would be nice if I could just trust Msft not to screw up my machine, but sadly, they haven't earned that trust. The choices are rather grim, as I don't want to forego security updates. I'm hoping there will be a large enough outcry that they back off before I have to move to another platform.

So what do we do when...

[SeaFox]

we have certain patches that cause issues on our systems and others that are fine?

Even if patches are all installed as a single block, there's going to be problems if users aren't remove individual KBs as needed.

Microsoft Update Catalog about time it's no logeri

[Joe_Dragon]

Microsoft Update Catalog about time it's no longer IE only.

Isn't it obvious why they're doing this?

[ZorinLynx]

Microsoft wants to make using older versions of Windows as annoying as possible for IT departments, to try to push us to move to Windows 10.

Corporate IT departments tend to be the biggest holdouts for moving to new versions of Windows. If a business is running fine on Windows 7, there is ZERO reason beyond security updates to move to Windows 10. Now they're giving us an artificial reason: If a rolled up update breaks something, we have to roll back the ENTIRE batch. Even any included security updates.

Microsoft wants their licensing revenue, and they want fewer versions of Windows to support. This is their play.

Re:

[rastos1]

Microsoft wants to make using older versions of Windows as annoying as possible for IT departments, to try to push us to move to Windows 10.

So they think, that people who do not like forced updates and telemetry will resolve the problem by upgrading to Windows 10? That does not make sense.

Re:

[NotInHere]

No, but Windows 7 and 8.1 won't be "safe harbours" anymore, so the disadvantage of windows 10 will be smaller.

Either way, I like it that microsoft makes so many windows users angry, maybe now they switch to in my eyes better alternatives like linux.

Re:

[Lisias]

the entire win 10 OS is a virus why the hell would i ever want that.....EVER you could make 7 slower then windows 1 , id still never want it....9 or 8

Being that the precise reason they are slowly turning Win7 into Win10. Patch after patch.

Re:

[JohnFen]

So they think, that people who do not like forced updates and telemetry will resolve the problem by upgrading to Windows 10? That does not make sense.

It makes a certain sense. At this point, most everyone who hates Windows 10 and isn't allergic to switching to a different OS has already done so. Those who hate Windows 10 but don't want to leave Microsoft's nest are hanging back with 7. If the can give 7 the major disadvantages of 10 it will make it more likely that those users will "upgrade" to 10 sooner.

Re:

[dcollins]

On the other hand, the IT at my university are the biggest Windows-boosters I've ever seen. Apparently never heard of anything open-source. Push "free" Microsoft trial products on everyone at any turn. Had the head of IT in the last semester claim at a department meeting that, "Windows 10 was entirely rewritten from scratch so it's much more secure." Updated all the classroom computers to Windows 10 a few weeks back.

What they really mean

[TommyNelson]

Microsoft says their new approach "increases Windows operating system's ability to send telemetry data by pushing such functionality even on those users who up to now were able to avoid them by not installing the corresponding patches."
FTFY

Broken as shit

[darkain]

With the number of absolutely fucking BROKEN updates that brick machines that have been pushed down the pipes, this is just going to send machines into a fucking nightmarish hell of instability.

Called it

[Kjella]

From when they announced cumulative updates: [slashdot.org]

But I don't see Microsoft going back to redo a patching system they've thrown out in Win10 to do us a favor, it seems far more likely they want to bundle it all from security patching to ads to telemetry to nagware.

Still hoping there will be separate KBs that you can install/uninstall for corporate/expert users and that the cumulative update is just what they push on the update site but since they've become plain evil lately it's hard to say.

Corporate clients

[Kindaian]

will be jumping of joy with this.

Lets break all our business applications due to an update that can't be tested before hand and that is mandatory.

Just great.

Not the complete story / Security-only updates

[Anonymous Coward]

It would have been nice if the submitter and Slashdot editor would have taken the time to actually read/report the rest of the blog posting:

"Security-only updates
Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month"

That sounds like a good solution for the rest of us who

Re:Not the complete story / Security-only updates

[ilsaloving]

The only problem is that Microsoft has a very loose definition of what defines a "Security" update. They've already demonstrated that they will outright lie about an update to get people to install it (eg: Telemetry)

That's why I'm still on Vista

[jfdavis668]

Supported, but the normal way. Not this crap.

Re:

[sound+vision]

It's only supported for another 6 months. Thankfully, the only reason I need Windows is for games... and the security updates aren't critical there, as long as you keep it off the internet. (yay single-player)
Hopefully by the time I build my next box it'll be the Year of Linux Gaming. ...But I figure I'll have enough power to run the games under WINE or in a VM by then.

Telemetry

[Bert64]

So much for trying to blacklist just the telemetry updates then...

I think not,

[God of Lemmings]

my friend Mr. firewall would like to have a discussion with you.

"we own your computer we'll do what we want"

[God of Lemmings]

With this kind of attitude, I think its probably a good time for a non-microsoft influenced operating system to make its move into microsoft's bread and butter.

How long until...

[erp_consultant]

the monthly patch includes Windows 10 - whether you want it or not?

Re:

[zwarte piet]

ksudoku is also fun

Re:

[Z00L00K]

Sokoban please.

Re:Do they think that everyone is stupid?

[DogDude]

Do they think that everyone is stupid?

I don't know if you've seen any national news int he past 6 months or so...

Re:

[Sarten-X]

they are saying - that none of their users are smart enough to pick and choose which updates they want

It's not an issue of being smart enough... The problem is that most users who say "I will pick my own updates" never actually do so. They end up picking a handful of patches to deploy, before they lose interest and stop patching altogether.

Just wait until they screw up an update and cripple a large portion of their user base - or subject their user base to significant new security vulnerabilities in the process of trying to fix an existing vulnerability.

That happens already, and it's not nearly as big a deal as it seems. The first reports come in, and the update is halted and fixed.

I find it really hard to believe that their testing process is comprehensive enough to cover all hardware and software configurations

Believe what you will, but testing doesn't actually need to cover all configurations. Compatibility needs to be tested thoroughly according t

Re:Do they think that everyone is stupid?

[Rockoon]

If your webcam driver relies on some undocumented quirk, and that changes, then the onus is on the webcam vendor to release a driver that follows better practices.

What if my webcam driver requires that the video be mpeg compressed?

I am literally amazed that you brought up webcams given that Microsoft literally just broke a million of them for windows 10 users several days ago

Re:

[unrtst]

I suspect that you'll find it was the webcam driver that was at fault for not following the documented interfaces, and that mpeg compressed video was not explicitly allowed in that context.
</sarcasm><!-- I wish this tag was unnecessary -->

Re:

[Sarten-X]

Then you raise a complaint through the official channels, and Microsoft fixes it... Which is exactly what's happening right now.

Re:

[Rockoon]

Then you raise a complaint through the official channels, and Microsoft fixes it... Which is exactly what's happening right now.

Does this mean that the webcam works, or doesnt work?

Its the later, right? Currently millions of webcams do not work anymore, yet they did less than 7 days ago.

Will raising a complain on official support channels retroactively give people this week/month/year of use of their hardware back?

Look, I have been accused of being a microsoft shill here because I have a rational bent on things. You however, don't have such a rational bent.

Forced updates, rollups, and so on, is exactly whats being discusse

Re:

[epyT-R]

1. The problem is forced updates that impose user-hostile changes to TOS. MS has broken whatever limited trust they had from users. A decade ago, they would've labeled such user-hostile software as malware. Just because they document their changes doesn't mean they're magically ok either.
2. The problem is that microsoft isn't a fan of 'sustainable' either, so sticking to documented interfaces doesn't guarantee a thing. Many times, the 'undocumented' approach is the only solution that works at all.
3. Backwar

Re:

[Sarten-X]

If Ford promised to replace your tires when they wear out, don't complain if the standard tires don't fit your aftermarket wheels.

Yes

[thegarbz]

Their collected telemetry shows yes. Except that it's not stupidity, it's just that most people don't give a shit.

Re: Sounds like a great idea!

[Anonymous Coward]

I'll be even safer on a Mac

Re: Sounds like a great idea!

[bmo]

I'm a Linux user and abuser since the 90s and I've watched all these shenanigans happen over the decades.

My smug cloud is even thicker than an Amiga user's from the 80s.

--
BMO

Re:

[AJWM]

Yeah? So how do you feel about systemd? ;-)

Re:

[bigfinger76]

I think you dropped your mic.

Re:Sounds like a great idea!

[Anonymous Brave Guy]

Actually, there does appear to be a somewhat reasonable third choice: Microsoft will apparently also be offering a security-only bundle each month, though it looks like you'll have to install it manually if you're not using WSUS as it won't be fetched via Windows Update. You still won't be able to cherry-pick individual updates, but at least it won't come with all the other stuff you probably don't want -- unless they decide to call some of that "security".

(There's a specific question about this, and a response from the Microsoft guy confirming that a monthly security bundle will be available for all of the different Windows 7 variants, in the questions below the blog post itself.)

Re:

[gweihir]

I have seen that too. Cannot be installed via Windows Update, but can be downloaded. Apparently they still have some misgivings and will not start to rape Win7/8 users regularly as they do Win10 users.

Re:Fuck you, Micro$hit

[Z00L00K]

I really wonder if this would go well with major corporations since they usually pick only individual updates and exclude some that may cause interference with other systems.

Re:

[haruchai]

Some of our Windows systems that run proprietary software are only allowed to have updates approved by the respective vendors or our service contract for that system can be voided.

Re:

[Dracos]

#1: Updates will always be available.

#2: We could put that on paper, but we won't.

MS does have a testing community, but it's a smaller shanty town than what you might expect.

Re:

[Sarten-X]

As a sysadmin for mixed Windows/Linux environments with strict patching policies, here's what I expect:

#1 What if I install a brand new copy of Win7 (either because of a wipe and reinstall, or brand new install) I can't get updates at all because it won't have the current update?

The current update will be pushed automatically from the Windows Update server. Like you do now, you'll install vanilla Windows, and tell it to check for updates, and it will download the latest monthly patch. That patch will just include the fixes from previous months.

Think of it as being very similar to how most Linux distros handle package updates. Only the latest versions are automatically pulled. Olde

Re:

[Man On Pink Corner]

On the rare chance you happen to have a hardware configuration that doesn't work, there are already channels (through your MS support rep) to properly report it and get a fix.

Whatever they're paying you, it's not enough.

Take that however you wish.

Re:

[Sarten-X]

Yes, yes... I disagree with the hivemind, so I must be a shill. I've danced that tune before, and since you can't form an argument apart from a personal attack, I am forced to conclude you are an imbecile. Take that however you wish.

Re:

[epyT-R]

1. Promises != reality. Their patch engine is broken if it can't scale from a machine up to date 24hours ago to fresh RTM installs.
2. End users don't have a "support rep". They just get the patched shoved onto their machines breaking their workflows. Again, you're talking as someone working at a large company. You're big enough to get concessions. Most MS users are not. Having the ability to rollback problematic patches is necessary so these people can use their machines as intended.

Roughly one infection every 12 days? I don't think patching is going to help you. At that rate, I'd be suspicious of your users. Do they have any admin capability? Is software controlled? Do you forbid personal devices from touching company networks? Do you run a firewall and proxy to restrict web access? Do you monitor those things to make sure they're actually doing their job?

most of these polic

Re:

[Sarten-X]

1. Promises != reality. Their patch engine is broken if it can't scale from a machine up to date 24hours ago to fresh RTM installs.

I never mentioned scaling. What doesn't scale is the idea of testing a factorial number of patch combinations.

2. End users don't have a "support rep".

Actually, they can. Microsoft has online and phone support for end users. Companies do have more thorough (and more expensive) options, but most users have options as well.

most of these policies became SOP because of these inherent flaws in windows going back to the 90s. If patching isn't going to help this, then what's the point of patching at all? Assuming the machines are admin'd properly (users not running as admin should be enough for sane systems), such malware would have to abuse vulnerabilities to escalate.

Patches are still a last line of defense. The first defense should be a firewall/proxy to stop threats from reaching your users. Then your users should be educated, preventing the malware from being executed. Then you have antivir

Re:

[Sarten-X]

A quick check of my WSUS server (covering Win7, Server 2012, Server 2012 R2, and Office 2013) shows 6600 updates.

Good luck.

Re:

[Anonymous Brave Guy]

For comparison, the Win 7 Pro machine I'm running this on has a little over 200 installed security updates (relative to Win 7 SP 1, I assume). It also has about 100 other updates, the overwhelming majority of which were installed by the supplier before delivery since I stopped installing non-security Windows updates by default long before this machine arrived.

I, too, would love to see a slipstreamed image that could be used to reinstall Windows 7 if necessary after this new silliness has taken over.

Re:

[LVSlushdat]

I sure the hell think you forgot the /s there, Sparky.. You seem to have forgotten that those computers fucked up by updates are NOT MS's computers, they belong to the USER (or his company).. Microsoft has every right to go right out and FUCK ITSELF.... Of course, you're an AC.. I shouldn't be surprised that you're a shill for MS...

Your problem is Störerhaftung

[tepples]

Germany might be a special case because of Störerhaftung [qz.com], its presumption of liabilty of operators of open Wi-Fi hotspots for their users' infringing or otherwise illegal activity. In any other country, users who rely on UMTS, LTE, or satellite can take their laptops to a restaurant or public library to use unmetered Wi-Fi.

Re:

[LVSlushdat]

ANYbody who uses that brain-dead piece of shit called PowerHell on Linux needs to have his head examined, or better yet committed to an insane asylum...

Re:

[ilsaloving]

I hate to break it to you, but Telemetry was backported to Windows 7 as well.

Re:

[sexconker]

You can avoid it if you choose to not install the individual updates,