Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Microsoft

Windows Security Updates Could Come With Fewer Reboots Beginning Later This Year 72

An anonymous reader shares a report: Microsoft is already testing Windows 11 24H2, this fall's big new Windows release. The company has already demonstrated a few new features, like 80Gbps USB4 support and Sudo for Windows, and the new version could also give a significant refresh to the Windows installer for the first time since the Windows Vista days. But there's one big update you might not notice at all. Late last week, Microsoft released "servicing updates" with no new features to Windows Insiders in the Dev and Canary channels. The updates were "designed to test [Microsoft's] servicing pipeline for Windows 11." It's pretty common for Insiders to get these kinds of updates-that-exist-only-to-test-the-update-process, but the twist here is that PCs with Virtualization Based Security (VBS) enabled could apply the update without rebooting.

Sources speaking to Windows Central say this isn't a fluke -- Microsoft reportedly intends to use a Windows Server feature called hotpatching to deliver more Windows 11 security updates without requiring a reboot, making it easier to stay up to date without disrupting whatever you're doing. You'll still need to reboot "every few months" -- Microsoft's documentation says a reboot is needed roughly once every three months, though it can happen more often than that for unanticipated zero-day patches and others that can't be fixed via hotpatching. The Arm versions of Windows 11 also won't get the feature for another year or so, according to Windows Central.
This discussion has been archived. No new comments can be posted.

Windows Security Updates Could Come With Fewer Reboots Beginning Later This Year

Comments Filter:
  • Moving On (Score:2, Insightful)

    Most people Do Not need MS OSes any longer. There is no "value add" to them at this point for Home/Small Office. The Lone exception is perhaps Excel needs. Everything else can be substituted with other platforms and software options.

    There are use cases for specific software products, but with containers taking off, those will become less platform specific.

    • by MeNeXT ( 200840 )

      The Lone exception is perhaps Excel needs.

      What? Seriously? This is one uneducated statement. Most Excel spreadsheets can be imported in other apps. The ones that can't due to macros are are so elaborate that they are full of errors. It's happened so many times, even in one page sheets, where there are errors in the calculations due to keypunch entry.

      Spreadsheets have their place but to say that a generic one can't meet Home/Small Office needs is just plain misinformed and spreading FUD. Spreadsheets are also a poor substitute for a double entry ac

      • Not my experience. Even very old very simple excel spreadsheets do not work correctly with LO Calc.

    • by Anonymous Coward

      If you could point me towards the linux build of Solidworks that would be great.

      • If you could point me towards where the person is replying to said that Linux will work for 100% of every use case imaginable, that would be great.

        Re-read the first two words of what they posted: MOST PEOPLE.

        It's perfectly fine if you don't fit into the definition of "most people" as qualified in their statement.

        • How many people is "most people", exactly?
          Could be anywhere between 50%+1 and 99.(9)%.

          • And splitting hairs absolutely doesn't change anything about what they wrote, or what I wrote.

            • If you're willing to accept a population variation of almost 50% as inconsequential, or, as you put it, "splitting hairs", you can add it to the plethora of reasons why "the year of Linux Desktop" never came to pass, and never will.

        • by SirSlud ( 67381 )

          More accurately he should say, "Most of the time, most people don't need Windows."

          But most people have at least one use case for which they need Windows. At that point, why would people maintain two different installs and two working knowledge sets of two different OSes?

          That's why Windows is the default go to for most people. Most of the stuff they do doesn't *need* it, but most people do at least one thing either personally or professionally that does.

          • by SirSlud ( 67381 )

            (or OSX .... There's very few end-user cases in which most people *need* Linux, and very many cases where most people *need* Windows or OSX)

    • Re:Moving On (Score:5, Informative)

      by SirSlud ( 67381 ) on Tuesday February 27, 2024 @04:25PM (#64273734) Homepage

      "Most people Do Not need MS OSes any longer."

      There's a certain percentage of users on /. that could have been replaced with a script that just posted "nobody needs Windows" to every article referencing Windows for the last 20 years.

      You're one of them. I haven't the foggiest idea for whom you think this is a novel observation (leaving aside how irrefutably stupid it is), nor why on earth you think they'd be on /. .. but hey, you do you, I guess.

    • by Anonymous Coward

      Most people Do Not need MS OSes any longer. There is no "value add" to them at this point for Home/Small Office. The Lone exception is perhaps Excel needs. Everything else can be substituted with other platforms and software options.

      There are use cases for specific software products, but with containers taking off, those will become less platform specific.

      There are plenty of "niche" areas full of shitty Microsoft-only developers.
      Healthcare is full of them.
      i.e. if you're a dentist there are a small handful of programs that have existed since the 90s that all were developed by morons who want to get you locked in to their shitty solution--so they pick brain-damaged crap like Sybase for a database, and a mixture of the .NET Framework and low-level API calls so they can have their own "not invented here" controls and widgets.

      A handful of companies have tried

    • People have apps and workflows and games that they are already familiar with.

      Its not a trivial ask.
      • Change Form Factors and see that issue mostly disappear.

        Cellphone. one of the most used Computing devices, more powerful and capable than computers just a decade or so ago.

        Linux on the desktop arrived, and people didn't notice (Android). The desktop screen size shrunk (physically), but has better than VGA graphics. People shift if you don't tell them you are changing their OS.

    • Unfortunately things like Fusion 360 is only available for Windows and MacOS, so I still have to run a VM with Windows for this (and a few other programs).

    • Having dealt with the "Linux experience" many times, I would not touch it with a 10 meter pole if I was running a small business. A small business doesn't have an IT department to deal with fun problems like the mouse randomly stops working. I stopped trying to use Linux a couple years ago when I couldn't get an IME running properly, there were a couple application where fcitx would put in text that I hadn't selected, apparently choosing them at random. But, a bigger flaw in your thesis is the multitude of
  • How about none? (Score:5, Interesting)

    by Joce640k ( 829181 ) on Tuesday February 27, 2024 @03:52PM (#64273622) Homepage

    I work with a lot of people who use big CNC machines that run Windows.

    It's no fun if you set it going on a two day job cutting a $2000 piece of aluminum and the machine decides to reboot at 2am because an unused component of Windows .Net got an update or Microsoft just had to install a new "feature".

    nb. This even happens in LTSB versions of Windows that aren't supposed to do that.

    (PS: Any adenoidal replies along the lines of "wouldn't happen if they use Linux!" will be mocked - the CNC machine makers make CNC machines with Windows software and the end users don't get much choice)

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      how about not letting it connect to the internet ya tard

      • But then IT cries that it wasn't able to push updates to you.

        • Re:How about none? (Score:4, Insightful)

          by PsychoSlashDot ( 207849 ) on Tuesday February 27, 2024 @05:22PM (#64273914)

          But then IT cries that it wasn't able to push updates to you.

          That's a load of hooey.

          Is there a shop somewhere that IT is so incompetent they can't schedule and implement a maintenance window and yet has the clout that their whining is heard and their arguments about patching override the real-life lost income due to undesired reboots? Sure. There are probably several. Nepotism exists.

          Is it common? Hell no. IT departments almost always have to give in to arguments ranging from "this cost us money" to "the users don't like it" to "it doesn't look nice" to "I don't have to explain myself."

          I guess my point is that the OP's histrionics about reboots being a problem isn't due to an OS problem... it's due to misconfiguration.

        • Re:How about none? (Score:4, Informative)

          by uncqual ( 836337 ) on Tuesday February 27, 2024 @06:48PM (#64274128)

          If the CNC machine's operation is critical to the functioning of the company, bring it up with with management at higher and higher levels until the CEO says (usually more diplomatically than my exact wording here)

          The IT policy that's in your way is so important that no exceptions are allowed - damn your CNC machine

          or, alternatively, tells the VP responsible for IT

          Karen, fix this ASAP!!! Efficient and cost effective operation of these CNC machines is critical to our success and your job is to help, not hinder, the company. Henceforth and at the CNC team's discretion, materials and time wasted by reboots of a CNC machine because IT insists it be connected to the intranet will be charged to your department - get back to me by EOB today informing me that the problem is now solved and how it was solved. Remember, the CNC team is your customer, not the other way around.

          On the occasions where I have had the misfortune of working at a large corporation with annoying and disruptive IT rules, I've had success with similar strategies. Yes, it's a pain, but I've always gotten the problem solved.

          For example, we told customers of our product (a relatively small portion of the corporate revenue but perceived as being a fairly outsized "future" for the company) to disable virus scanning on the directory we cached temporary files in. Yet our IT prevented us from doing so on machines we were using for performance testing/characterization. I never had to go above the IT director level to get that resolved (albeit, I had to rinse and repeat every six months or so as some audit caught the "non conforming" machines).

          Or, for another example that's happened at more than one company I was at, is the edict that comes down from IT that

          All software not on the IT approved list must be uninstalled from all machines.

          At which point I do a quick audit of my dev machines and my group's dev machines and find various open source software (such as emacs, gnuplot, etc) that developers are using that are not on the "approved list" (mostly because IT can't find someone to pay for the product and 'support' - and the deniability that comes with that). I then send the list to IT (ccing the level above the drone whose issuing the edict) asking them to

          Please verify that we must uninstall these products immediately. Be aware that, due to the resulting unanticipated decrease in productivity, we will have to extend existing schedule commitments (including those that external contracts are contingent on) so I will need to raise this up to the executive level.

          They invariably respond with something like

          Okay, for now you can keep these programs installed while we research these products.

          I then follow up with

          When is the review scheduled for completion?

          to which the answer is usually something like (which they just make up having no idea what to do)

          Within a month.

          I then put an item in my calendar for one month in the future and when that's hit and no update has been received (and it never has been), send off a note along the lines of

          I'm checking up on the status of the developer installed product list I sent one month ago - is the review completed and when can I expect to see the results as I need to know so I can adjust schedules we have made, and are continuing to make, based on productivity levels with all of these programs being available.

          and usually get a response from someone in IT who dearly wants to stay out of the hornets' nest along the lines of

          The review is ongoing, your group may continue using the programs on your list until it's completed.

          It's never gone beyond that and no developer in my group has eve

          • Haven't seen stuff so bad, but we did once have IT insisting that the offline machine that held the root certs currently with WinXP needed to migrate to Windows 10 asap. Same team that send me email saying my Macbook needed to upgrade to Windows 10... It got sorted out quickly once you talk to someone with a brain.

          • by jezwel ( 2451108 )

            Or, for another example that's happened at more than one company I was at, is the edict that comes down from IT that

            All software not on the IT approved list must be uninstalled from all machines.

            It's my team that monitors this in our organisation, however we also include the link for you to submit an evaluation of non-approved software and CC your manager in the email.

            The report this week (only PROD, as non-PROD environments are walled off) was 2 non-approved installations in 1.3M total installs - of which 63k installs are under active product management.

            Really sounds like your IT/Cyber Security team are not very interested in managing this part of your environment.

          • If the CNC machine's operation is critical to the functioning of the company

            If any network connected computer is critical to the functioning of a company then you should invest in an IT department capable of running a WSUS (is it still called that?) server. Any outage due to updates is entirely 100% of the fault of the company who don't properly implement the systems which are provided to them.

    • It should be obvious to anyone that standard Windows is wholly unsuitable as a near-realtime controller for industrial equipment. If the CNC manufacturer gave you this copy of Windows, you should demand a refund.

      If they didn't, you probably should either track down some secret embedded version of Windows designed for this use case, or hire some Active Directory guru who can override all the standard Windows behaviors with "policies".

      Maybe next time, buy a CNC machine that can accept standard gcode files.

      • Windows doesn't have to be realtime. It's just an interface for all the servo controllers.

        • I did say *near* realtime, such as if it drops out for 15 minutes ("You're almost there! 84% -- Don't turn off your computer!") it ruins their long-running machining job.

      • by AmiMoJo ( 196126 )

        They were using Windows for decades before when updates were initiated manually. It worked just fine - the software doesn't control the CNC motors directly, it handles higher level data processing and commands. So basically it's a serial port that talks to the CNC's controller.

        They like Windows because it is easy to hire software devs for it, or outsource any work that needs doing. Technical support people are easy to come by too. Linux, not so much.

        They kept updating Windows as old versions fell out of sup

    • I feel for you.

      I used to support a machine -an IBM PC AT running windows 3.1 (NOT 3.11) that ran the mask making machine for a fab. It was a very specific hardware/software configuration that ran a piece of equipment absolutely critical to the business and could not be updated without spending millions on new hardware. It was job-ending critical that nothing happen to disrupt the delicate workings of that machine or the cobbled-together IP-over-serial (SLIP) network connection patched into it.

      I also remem

      • The problem is Microsoft is against users having a choice, this began after Win7.

        This is why Win10 was forced upon countless unsuspecting users, without asking for it or even having a choice in the matter.

        They're against customisations, and forcefully go out of their way to block users from making a choice, such as to do something as simple as switch off search results from the start menu [superuser.com].

        As the current top answer in that link mentions:

        Sadly, the approach listed in magicandre1981's answer no longer works. In fact, it's almost like Microsoft is fighting an arms race with users, progressively making it harder and harder to disable this feature.

        This is why there are countless tools to be able to remove not only the

    • by uncqual ( 836337 )

      I'm not a Windows expert (and would like to abandon it but Quicken and HR Block software preclude me from doing that completely), but why wouldn't the CNC application precede every run by a check for MS updates and, if any exist, apply the updates (followed by a reboot if needed) and then reset the 'Pause Updates Until' option to be 35 days in the future?

      Is that not possible to do programmatically or would this not work (at least for jobs that take less than 35 days) for some reason?

    • It's no fun if you set it going on a two day job cutting a $2000 piece of aluminum and the machine decides to reboot at 2am

      If your CNC machine was connected to the internet and auto-updating itself, and you were responsible for setting it up, QUIT YOUR JOB, CLOSE YOUR SLASHDOT ACCOUNT, and SELL ALL TECHNOLOGY. Because you're too much of an idiot to use a computer.

    • by mjwx ( 966435 )

      I work with a lot of people who use big CNC machines that run Windows.

      It's no fun if you set it going on a two day job cutting a $2000 piece of aluminum and the machine decides to reboot at 2am because an unused component of Windows .Net got an update or Microsoft just had to install a new "feature".

      nb. This even happens in LTSB versions of Windows that aren't supposed to do that.

      (PS: Any adenoidal replies along the lines of "wouldn't happen if they use Linux!" will be mocked - the CNC machine makers make CNC machines with Windows software and the end users don't get much choice)

      My first question to the person using windows as part of an industrial process is "why"?

      As there may be legitimate answers to that, I'll append it with "is it connected to the internet"?

      If they want it connected to the internet then you'll need to have some controls on it regarding patching (WSUS, Group Policy) expressly so you can when and how expected reboots occur. This is hardly a new thing, patching windows and maintaining uptime has been a core part of Windows Server admin for decades.

      PS, I'v

  • All the lost productivity and data from involuntary-reboots must number in to the billions. You can no longer keep a Windows computer on overnight in case it wants to force update. Forced reboots have even infected Linux with the package known as unattended-upgrades, meaning that only certain distros are safe for overnight use.
    • Re: (Score:2, Funny)

      by thegarbz ( 1787294 )

      Good. Quite frankly people who either don't save their work at the end of the day or think the answer to not losing their work is to leave a computer on overnight without using it, wasting pointless power, deserve to lose all their work. I mean common sense didn't work, so maybe a bit of punishment will.

      • It’s not even about unsaved work. I could have browser tabs open that monitor various processes or windows with documentation up. But hey fuck my desktop.

        • Save your tab collection. Or simply re-open them. Same with documentation. Literally all browsers and PDF readers will re-open your previous documents. Many of them will automatically re-open as Windows provides an API to resume the state of the software after a reboot.

          If something is critical for monitoring then Windows also provides an API to prevent a reboot (yes even one for updates). Take your complaints to the people who wrote the software you use.

      • by nightflameauto ( 6607976 ) on Tuesday February 27, 2024 @04:31PM (#64273764)

        Good. Quite frankly people who either don't save their work at the end of the day or think the answer to not losing their work is to leave a computer on overnight without using it, wasting pointless power, deserve to lose all their work. I mean common sense didn't work, so maybe a bit of punishment will.

        Yeah, really. I mean, there's zero god damned excuse for leaving a workstation on overnight! Unless you're actually, oh, I don't know, using it for something that actually needs to run overnight. Long a long render. Or a huge mixdown. Or a large refactor. Or any of a million other reasons someone may want the system to stay up overnight. It's great fun to be three days into a five day render and have the system spontaneously reboot because Microsoft deemed it time. That's a REAL power saver, having to restart it and unhook all the network connections just because you absolutely can NOT trust a Windows system with an internet connection.

        • Indeed there are reasons. Which is why such mission critical software invokes the Windows API provided that prevents the computer from rebooting (or indeed sleeping). Windows will only reboot when it's idle.

          Or maybe the real issue here is the user, the one who hasn't set the option for advanced notice that a reboot is required, or the kind of idiot who sets the inactive hours of the OS to a time when it can't reboot as opposed to a time it can.

          At this point you have to be blind and deaf to not know about up

          • "Windows will only reboot when it's idle."

            For example, during the business day while in presentation mode. That computer is obviously idle.

            • For example, during the business day while in presentation mode. That computer is obviously idle.

              If this happened to you it's because you set it up to do it. Windows will only reboot after hours. Default is 1am to 7am, if that's the middle of the work day for you then you need to check your system settings. Even then it will only force the reboot after several days and after a notification telling you in the upcoming idle period it will reboot.

              And this is the home edition, the pro edition gives the user more options on when the machine updates, including not rebooting at all.

              Not even Linus Torvalds can

      • Mod parent -1 clueless / stupid.

        Some of us actually run calculations that take days to complete. Win10 interferes with that. Windows 7 didn't.

        • Windows 10 hasn't rebooted within about a week of downloading an update since the Creators release of 2020. Mod yourself as -1 idiot for running a wildly outdated OS on a critical task. The options are there for you, maybe if you applied updates you'd see them.

          To be clear your complaints were very valid in 2018. But that was 6 years ago.

          • Win10 was released in 2015. What were people supposed to do for FIVE YEARS when MS finally got a clue stick??

            Stop being a dumb M$ shill.

    • by Baron_Yam ( 643147 ) on Tuesday February 27, 2024 @04:47PM (#64273812)

      I have found the opposite - to keep the patches up to date with reboots outside of business hours, you must leave the system on overnight.

      If you don't, it may never reboot, and two things happen: the partially applied updates will make the system unstable, and when the system is finally manually restarted it can take an extremely long time to sort itself out and become usable again.

      • Yeah, I can remember doing desktop support and finding one machine that had about a bajillion outstanding updates. I went and visited the desk, and of course they very dutifully shut it down every night and started up again in the morning. It's actually quite difficult to explain leaving it on overnight is a good thing - it really isn't, and "it might need to do an update" doesn't make it so.

        In fairness, you used to have to do this because leaving it on was just foolish - it wouldn't survive more than a cou

      • I have found the opposite - to keep the patches up to date with reboots outside of business hours, you must leave the system on overnight.

        If you don't, it may never reboot,

        You haven't used a computer the past 3 years have you. Windows will apply patches on reboot, or on shutdown. It will only reboot overnight if you don't do this *FOR SEVERAL DAYS*. You can tell by the little orange dot next to the shutdown button.

        Yes if you shutdown your computer every night your patches will *ALWAYS* be applied. Unless you specifically select the option to not apply updates during the shutdown process.

        I'm not sure what OS you have experience with, but it's not a Microsoft OS from the 2020s.

  • by backslashdot ( 95548 ) on Tuesday February 27, 2024 @04:00PM (#64273658)

    How can they sell a product, for decades now, that needs periodic reboot and still keep a straight face?

    • What OS doesn't require periodic reboots, especially for system updates?

      • by Saffaya ( 702234 )

        Unix workstations.

        A friend had one at home.
        He had to reboot it three times.

        In seven years (kernel change).

        You can shove your piece of manure OS elsewhere.

        My daily runner is still original Win7 SP1+ enhanced cryptography patch, tyvm. Slap a decent firewall on it before connecting to the internet and you're done.

        • I spent years on Unix workstations. HP-UX, AIX, AT&T, SCO, also BSD and half a dozen Linux distros, they all have to be rebooted when you update the system.

          That is what we're talking about here...Windows, like every other OS, generally requires a reboot to update the system.

          • The update is optional, whereas in Windows there are enough memory leaks that you have no choice. I have linux boxes with years of uptime.

            • Windows hasn't required reboots due to memory leaks since Windows 98. https://www.vogons.org/viewtop... [vogons.org]

              I personally never reboot any of my Windows machines, except for system updates. They often run for weeks or months with no memory issues.

              Your "years" of uptime are only possible if you never update...not exactly a good practice if you're concerned about security.

    • by AmiMoJo ( 196126 )

      Easy. Nobody else has made one that doesn't need a reboot periodically. Even Linux has to reboot now and then, for updates.

      • Talking "Linux needs reboots", I love needrestart. https://github.com/liske/needr... [github.com] pops up a dialog after apt upgrade and allows selection of individual services to restart, makes an excellent selection of which services can usually be restarted without consequences elsewhere.

        Apart from simply restarting individual services, heck even the whole of the desktop environment can be seperately restarted when needed. Those options save a LOT of reboots. IMO this is clearly built for uptime. Restart sshd while c

        • by AmiMoJo ( 196126 )

          Windows services generally use their own libraries and update them as needed. No DLL hell that way.

    • How can they sell a product, for decades now, that needs periodic reboot and still keep a straight face?

      You're talking all high and mighty as if you can do major Linux updates without either a reboot, or a highly frigging complex process of switching and patching kernels on the fly.

      There's no desktop OS on the market, nor many server OSes that don't require periodic reboots.

      Also IT IS 20 FUCKING 24, shutdown your computer at the end of the day and stop wasting power. It will apply updates then.

  • by Anonymous Coward

    We've had operating system patches since the 1980s in various flavors of Unix, Linux, VMS,
    We didn't call it "hot" patches because nobody ever considered taking a production timeshare
    system offline for a stupid upgrade. Only Microsoft would.

    Absent a major upgrade of the OS the systems stayed up. That was the rule. Until Microsoft
    came along and billy-bobbed its way to pretending to be an OS but unfortunately the weakest
    link at that.

    It's good they are now pretending that patches aren't "hot" but that they'r

    • I remember when Microsoft last made a big fuss about reducing the number of reboot events: it was for Windows 2000, and they got it down to 50. You still had to reboot if you changed the machine name (WTF?), or just sneezed somewhere near it. And they still canâ(TM)t restore application state like macOS has done for years, making reboots that much more expensive and annoying.

    • by caseih ( 160668 )

      I remain somewhat astounded that after all these years MS's files systems still don't seem to support the notion of deleting an in-use file, allowing the replacement of files without a reboot. Unix filesystems have done that for years which means updates can replaced in-use files at any time, and the in-use files remain allocated until the last process closes them, after which they are deleted. Thus we can replace even core system libraries like glibc (used by every nearly every running process) without r

  • "...& as we can see on PPT slide 249, the conjoined triangles of success converge forming a... Oh, wait... update? No, I haven't finished yet! How do I make it stop?! Nooooo...!!!"

    Sometimes you look forward to those blissfully long updates & restarts.

You will lose an important tape file.

Working...