• A question about the MS-DEFCON system

    Posted on May 20, 2017 at 14:08 CDT by Comment in the Forums

    Good one from reader ZP:

    I have a question about the ‘Defcon’ system. E.g. in April your first said it was “ ‘Defcon 2’; wait with installing”. Then at a certain point it became “ ‘Defcon 3; go ahead”

    So something in the situation must have changed between those two announcements?

    But I downloaded the ‘April Security-Only update’ (Win 7-32 bit), from the link in AKB003 (I want to be in Group B, for I don’t like MS snooping) when it was ‘Defcon 2’, and for a test I downloaded later the ‘April Security-Only update’ again, and it was still the same file with the same size!

    So, what has changed in the situation between the ‘Defcon’ states? Because the ‘bugs’ appearently weren’t fixed. (?)

    Therefore I am still wary of installing the ‘April Security-Only update. 🙁

    Please could you do a post or article to elaborate on the matter?

    Many Thanks! 🙂

    Think of the MS-DEFCON system as kind of a “green light – red light” system, with some shades of orange and yellow tossed in for comic relief.

    In recent years, patches have gotten better, but there are still some real show-stoppers. Microsoft pulls patches from time to time and may re-issue them, but in most cases the problem comes from interactions that aren’t fixed until the next month.

    So, for example, if you run something called Dynamics CRM and rely on it to print PDF files, you would want to hold off installing the March 2016 security patch until Microsoft got its act together. The patch doesn’t change. But people who may be affected get a heads up before they install the patch. In many cases, they can be forewarned, or they may need to implement a particular fix.

    Similarly for people who are running Windows 7 on recent PCs. There are many half-baked drivers. And so on.

    So it isn’t so much a question of waiting for Microsoft to re-issue a patch (which happens, but much less frequently in the current as-a-service environment). Mostly it’s a question of knowing in advance what kind of puddle you’re stepping in.

    It takes a while for bugs to appear. Diagnosing bugs is notoriously difficult, and it may take hundreds of observations to get some idea of where the problems lie. For that reason, I don’t recommend automatic update. Wait for the other folks to get their faces torn off, like in Alien.

    I’ll be changing the MS-DEFCON level as soon as I’m comfortable with the new approach to updating that we’ve been kicking around. I kinda got sidetracked by the WannaCry stuff. But look for changes soon.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.