Patching as a social responsibility

Topic

New Reply

Mnnnnnffffffff….. Kirsty just pointed me to a post on the Microsoft Security Blog, from Mark Simos, Lead Cybersecurity Architect at Microsoft’s Cyber[See the full post at: Patching as a social responsibility]

17 users thanked author for this post.

Average-Jane, jburk07, OscarCP, Nibbled To Death By Ducks, ve2mrx, Cee Arr, wdburt1, PDX5802, dononline, CADesertRat, GreatAndPowerfulTech, lurks about, WildBill, doriel, Mele20, Pepsiboy, satrow

Reply | Quote

Replies

Managing patches in an enterprise is a thankless job. Internally, most people may not know or appreciate how many vulnerabilities have been mitigated or completely avoided by installing patches universally across the enterprise in a timely fashion. However, if business critical applications happen to break at the same time monthly patches have been distributed, then the patches get the first blame. Users will be fuming and IT will have its hands tied for awhile with troubleshooting and determining workarounds.

9 users thanked author for this post.

jburk07, ve2mrx, ltorres, AlexEiffel, b, chadspecht, Fred, Pepsiboy, woody

Reply | Quote

Man, you got that right.

I can’t imagine a job more stressful than riding herd on Microsoft patches for an organization.

2 users thanked author for this post.

AngryJohnny75, WildBill

Reply | Quote

woody wrote:

I can’t imagine a job more stressful than riding herd on Microsoft patches for an organization.

Same but for multiple organizations with very different requirements?

Reply | Quote

Looks like Enterprise might get some help with MS + NIST. The Simos article is mentioned in this article.

https://www.zdnet.com/article/microsoft-and-nist-partner-to-create-enterprise-patching-guide/?promo=404&tag=nl.e404.em&ttag=e404&s_cid=e404&ftag=CAD-04-10aag0g&cval=cnet-nl-zd&regId=MjA0MTMxMzk1MTI0MDIxNDcxNTkzNDE3NDg3NDYxNjA%3D&bhid=20413139512402147159341748746160

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

? says:

“[we] want to make it easier for people to do the right thing…” and that is why i come here

thank you Woody!

9 users thanked author for this post.

jburk07, ve2mrx, SueW, dononline, plodr, GoneToPlaid, chadspecht, Pepsiboy, woody

Reply | Quote

Sometimes the medicine is worse then the disease?

3 users thanked author for this post.

RamRod, WildBill, Microfix

Reply | Quote

As a computer consultant since the 80’s, responsible for thousands of computers over the years, I can honestly say that I can count on one hand the times I’ve had to fix a computer due to an un-patched flaw being exploited.  Actually on two fingers.

In stark contrast, and mostly after Windows XP, I’ve had a nearly continuous stream of business from computers broken by Microsoft updates.  The big trouble really began during the Windows 7 era.

If I had to chart the malady against dollars spent by the customer, the most dangerous malware by a huge margin is Microsoft updates.  Automatic updates set to “automatic” has proven to be a guaranteed source of computer malfunction.

So I’m in the “update only when absolutely necessary camp”.  You’ll never be patched for zero day, obviously, so patching after the fact with proven acceptable patches is the only way.

And we certainly have to thank Woody for guiding the way on this all these years!

18 users thanked author for this post.

kfb, jburk07, Kranium, DriftyDonN, Sessh, Canadian Tech, phaolo, pabby, Nibbled To Death By Ducks, ve2mrx, EstherD, SueW, PDX5802, dononline, plodr, GreatAndPowerfulTech, RamRod, Charlie

Reply | Quote

Heh. Exploits are nasty, sure, but on average…

What I’m usually having problems with, is straight-up bugs that need to be fixed. Anything from insufficient care being taken in a driver, for cases of hardware failure in a high-availability server … to resource leaks and general instability in core system components.

So yeah, the important thing had software-mirrored disks, and indeed we had no data loss from losing one disk. But we had a service outage when certain kinds of file-level operations just hung while waiting for a replacement disk, which they weren’t supposed to. All pending/hung operations did complete once the replacement disk was hot-plugged in… just one example of a thing that was fixed in a patch later. (No, wasn’t on a Microsoft operating system, and not open source either.)

Reply | Quote

You are absolutely correct. My experience is as extensive as yours and I agree completely

CT

Reply | Quote

Is this “the doctor is worse than the disease”?  Or “What’s good for the disease is good for the doctor!”  At first I thought this social responsibility re patching was a MS attempt at humour. However, all on askwoody know MS updates are far from hilarious – more pathetic, when one considers the size and value of MS.  I can’t say “professional”.  So stop telling users what to do until you follow your own advice.

Reply | Quote

There was a time that patching gamblers usually come out ahead just by letting Windows apply the patches as they were released. On occasion, some setups encountered a problem but these were usually corrected quickly and didn’t usually result in much inconvenience.

Coupled with the deletion of the “in house” testing team and I suspect an ever increasing array of older and newer computer systems that need to be supported in a variety of operating environments that connect to an even greater myriad of devices, MS has lost much of the confidence that knowledgeable users afforded them in the past. The record is clear, MS is now not very good at releasing patches that don’t cause problems for some users every month.

No product can be all things to all people all of the time. Windows is no different. People using equipment purchased back in the Windows 7 days should be prepared for the day when those older processors and peripherals just don’t cut it anymore and there aren’t enough of them in the insider program to thoroughly vet every single patch that MS releases.

This is a sign of the times. We may have reached (and MS may already know) the point in time when it is no longer possible for MS to release a version of Windows or patches that will run as expected on 95%+ of all the equipment in use everywhere most of the time.

Going forward I suspect the answer will be to continue delaying patches for 15 – 30 days and then wait and see if reports surface indicating that a patch clobbers some aspect of functionality that any particular group of users depend on. Knowledgeable users will and are able do this. Those who are less savvy will either not patch because they don’t know they are supposed to or will let Windows do its thing until one day the on button no longer produces the desired result.

Developments in computer hardware bring about a continually diverging operating environment over time. The end of life arrives for all people and all equipment eventually. My Sinclair ZX80 is just such a case.  Expecting MS to produce 100% working patches for everything all the time is probably no longer realistic. MS may need to be a little blunt and start reducing the supported universe. I see nothing wrong with MS stating that 15 year old hardware will not be permitted to upgrade to some future version of Windows and would only ask that auto update for those systems be left on to receive only the most serious of security upgrades and virus definitions as has been the case for Windows XP boxes, Server 2003 etc. Some people don’t need the latest iteration of the OS nor do they need to replace perfectly functional hardware just because.

Case in point, I still use a HP MediaSmart Server (Server 2003) as my streaming media server. It still works, isn’t accessible from the internet and does what I need it to do. I accept that SMB v1 is a bit of an issue and I need to be careful but for me that vulnerability and the fact that there have been no OS upgrades for years doesn’t concern me. I don’t need to replace this equipment until either the sparks fly from the motherboard or SMB V1 is completely removed on my LAN clients that connect to this media server. Every day this server continues to function is one more day that I do not need to spend money to replace it. Likewise, I would be perfectly fine with Win v1909 being the last version of Windows that my X58 CPU can run, provided I can continue to run V1909 with virus updates until that computer will no longer boot. Nothing lasts forever and I don’t mind choosing to be frozen in time to get the most out of the equipment I already own knowing that I may not be able to get new features without investing in the hardware required to run those features. I would just prefer not lose access to virus definitions and dire security patches arbitrarily.

2 users thanked author for this post.

GreatAndPowerfulTech, WildBill

Reply | Quote

I agree with your angle of view. There is just no way that all patches are bug-free in this forest of various PC/devices. Insider program cant reveal all errors. I think they (Microsoft) understand this now and want to lower the cadence of major (feature) updates. This is good sign. For “long lasting devices” there is LSTB with support for many years (much higher price of course). This is used in hospitals, security services, …

Sometimes its hard to troubleshoot issues, because environment is changing literally beneath our hands. I mean who can REALLY know what is changed in every patch? This is like inhuman task. Just few can trully understand and to be honest, updates is what they basically do everyday for living (even then they sometimes struggle to understand).

I really thank poeple like Woody and Susan aka Patch Lady for their insights, they are our light at the end of tunnel.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

1 user thanked author for this post.

WildBill

Reply | Quote

“Microsoft set out to understand why some customers weren’t applying cybersecurity hygiene, such as security patches, which would have helped mitigate this threat.”

I mean, is this a joke? To me, just shows they aren’t listening to their customers at all. If they want to understand why people aren’t patching, it’s quite simple. Just Google “Microsoft Update Breaks”.

6 users thanked author for this post.

doriel, Sessh, Canadian Tech, Fred, Nibbled To Death By Ducks, Charlie

Reply | Quote

Or google…

Microsoft spyware

Microsoft telemetry

Microsoft trust

Windows As A Service

Microsoft fatigue

Oxymoron – Windows – Reliable

2 users thanked author for this post.

Kranium, phaolo

Reply | Quote

We’ve been there almost 2 decades ago when nobody would trust Microsoft and Windows updates. As a result, administrators delayed updates for several months. Back then, Bill Gates wrote an e-mail to employees and things improved. Apparently, the new circus director doesn’t care about these days. A great example of how sneaky Microsoft has become is the fact that updates hidden by wushowhide are still offered. For example, ‘Security Update for Windows 10 Version 1803 for x64-based Systems (KB4023814)’ ignores the ‘Hidden’ flag set by wushowhide the next time Windows updates are offered. The workaround is to unhide KB4023814 and hide again each and every month. So, how can anybody trust Microsoft? Of course, the jokers at Microsoft don’t get it.

Reply | Quote

Patching as a social responsibility  for Microsoft, that is

* _ ... _ *

Reply | Quote

Win7, for example, shipped with no automatic updates enabled.

Is that really true?  I’ve never had occasion to check this on a prebuilt Windows 7 machine in its pristine state, right out of the box (by the time I’ve seen them, it’s impossible to know what has been altered), but all of the clean Windows 7 installations I have performed have had Windows updates set to automatic by default out of the box, just like prior and subsequent Windows versions.  It seems that if it ever shipped with updates off, it would have been OEMs that did it, and that sounds really weird to me.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

All of the Windows 7 installs I have done over the years have “Please choose your settings” for Windows Update in Control Panel when you go there for the first time after installing.

The choices are “Download and Install Updates Automatically (Recommended), “Download Updates but notify me before installing”, “Notify Me When Updates Are Available” and “Never Install Updates (Not Recommended)”

Might not be the exact wording but they’re fairly close from memory.

The Windows Update service in Services is always turned on by default after installling Windows 7 (Service type is ‘Automatic’ or ‘Automatic (Delayed Start)’) – can’t remember which one right now.

Reply | Quote

And the option that is already selected by default and in effect is “automatic (recommended),” right?  The dialog gives you the opportunity to change it, but it’s on automatic unless you do.

The real question is what preinstalled OEM Windows 7 was set to, since most people will not ever install their own OS, but will use whatever came on the PC.  I have three PCs now that came with 10 (all three now running Linux), but prior to that, the last PC I bought new/preassembled came with Vista, which I removed in favor of XP.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Ascaris wrote:

The real question is what preinstalled OEM Windows 7 was set to, since most people will not ever install their own OS, but will use whatever came on the PC.

When you boot a preinstalled/OEM Windows 7 PC, you get pretty much the same set of setup questions that you would with a clean install.

I’ve always seen the Windows update choices (as presented above) when I powered-up new machines for the first time.

1 user thanked author for this post.

Ascaris

Reply | Quote

None of the Windows Update options are selected by default, you have to choose one of them.

I don’t know what happens if you don’t make a choice – it might default to the first one (download and install updates automatically), especially since the Windows Update service is enabled by default after installing Windows 7.

Never tried it to see what happens.

Reply | Quote

The very first versions of Win7 – before Service Pack 1 – did NOT activate Automatic Update.

You folks are probably working with SP1 versions.

2 users thanked author for this post.

Ascaris, plodr

Reply | Quote

You missed not wanting to be spied on by your OS.

All so bloatware, adware and and constantly resetting settings every update, if you were dumb enough to install windows 10.

Edit for content

Reply | Quote

Woody,
There are several reasons as we all know of why people will not patch. You had excellent examples: Some do not know, some have heard of the shoddy patching and subsequent issue thereafter.

Others are, I know a man who never updates his phone(s). He updated his phone years ago and “it changed”. The app, the program, the whatever changed on him and he was very happy the way it was, afterwards he was very upset. His resolution was to “never update again”. That is what he told me, and that is what he does.

A second gentleman told me “I am really not worried, if I get a virus I will just get a new phone”. I had heard this many years ago with clients using Desktops! Computers were costing $300-$500 instead of $1500 and that was cheap enough to get a new one.

If I remember correctly, the Target Department store Point of Sale (POS) compromise was because many businesses say, “do not patch the device because if we go down, we do not make money.” That was supposedly said by a poster (here at Askwoody I think) years ago that was working for a 3rd party repair company.

I am sure others here could give examples of why their friends. relatives, or clients do not update or upgrade.

Woody, thank you for your articles and this web site and for being our Curmudgeon.

Thanks to all.

4 users thanked author for this post.

jburk07, DriftyDonN, woody, WildBill

Reply | Quote

Working with industrial systems, many of ours were still running WinXP as of 2012…  We finally got them switched over to Win7, but making the case that we needed to change to a newer OS was hard.  Some old software became more finicky (eg, Access ’97 Viewer ran just fine on XP) and needed rebuilding or virtualizing.  Others would not be supported on anything new by the supplier, or at least not without costing 5 to 6 figures to “upgrade.”

Then we had to worry about patching again, and if the site’s running 24/7 finding a time which doesn’t cost hundreds of thousands of dollars of lost production can be hard.

1 user thanked author for this post.

jburk07

Reply | Quote

Let’s add some things about the way Microsoft handles patches and why some people avoid them:

1. They can take over your computer while patching for a LOOONG time. Downloading, applying the patch, restarting the system, then again waiting for applying the changes… In some cases you can literally be waiting HOURS and then finally, the patch FAILS installing.
2. For a power user computer, the decision factor about patching is handled knowing the risks of not patching. In a “Grandma’s computer”, elderly people get scared because of the patching process and messages. They just want to google something, see some stuff, go to Facebook… It’s not an intensive or complex use of a PC. So, back in the Win7 era, some people used to disable the updates altogether in a Grandma’s PC for avoid the constant scares and problems that patching can cause.
3. Patching can crash a perfectly working and stable system. Aaaaannnd even left it in a bootloop state, or even worse a black screen state (even without a blue screen of death state), and so on.
4. As Woody say, the new “telemetry enabled” policy of Microsoft is a problem. Someone can ask: Why in Android this is not a problem and in a Windows environment yes? Because Android is used more by individuals and Windows is in a lot of productivity environments. Google knowing what someone wants to see in the movies is one thing, Microsoft possibly snooping in corporations’ stuff is another subject.
5. You can’t segment patching anymore (except people still using the Microsoft repository, that is a lot of work). So, if it’s only a small thing but very problematic that is bundled in the superpatch applying system, there is nothing you can do, except don’t applying the patch entirely.

And so on…

If Microsoft really wants patches not to be a mess, they should:

• Change the patching system for not to take so much productivity time, be faster, with only one reboot (and when the system starts again not waiting another long amount of time).
• Only force “critical” updates. And that should be security only updates. The other ones should be optional again.
• It should be (really) easy to go back to a previous state from a patch. And all could be exactly as it was before it. There are ways to achieve this manually, but is not by default in Windows. If a patch really screws things up, you end in the recovery options while booting, and not always that options are available or work, or take a lot of time (again). So, there is a lot of things in the user part for this to work (backups, etc.). So, people than doesn’t care by this stuff are the ones that have then computers with systems being a mess because of half recovering from patching.

All this is very unlikely to happen, so Microsoft shouldn’t be so “surprised” why old stuff that was “solved” by patches is still causing problems.

2 users thanked author for this post.

jburk07, Zaphyrus

Reply | Quote

anonymous wrote:

omeone can ask: Why in Android this is not a problem and in a Windows environment yes?

Both are equally problematic to some of us.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

jburk07, Nibbled To Death By Ducks, ve2mrx

Reply | Quote

… Android system updates aren’t as centralized anyway, so if one manufacturer botches an update for one model, everything else is unaffected…

That and phone apps are still seen as more of a convenience than a business-critical thing, usually.

Reply | Quote

“You can’t segment patching anymore (except people still using the Microsoft repository, that is a lot of work).”

Seems like that’s a situation ripe for a cottage vetted-SCUP Catalog industry targeting Microsoft’s own patch repo (dunno about the legality of redistributing those patches, tho). There’s already a case for paying for third-party app update management. This seems like the next logical conclusion.

Reply | Quote

There was a time in the not-so-distant past where I would be excited to see new Windows Updates coming down the chute. I’d install those suckers right away, mostly referring to my XP and prior days, and didn’t have any major problems for a long time. I also wasn’t much of a power user though not a complete amateur, either. Everything I learned about PC’s and Windows, I learned myself just poking around and having to figure out and fix stuff myself. To be fair, having to do that did benefit me a lot as I learned quite a bit over the years.

In the second half of my XP days, I started running into issues with updates and I only ever used Windows Update, so no manual patch installing. I had WU corrupt my Windows Update folder on two occasions, had updates corrupt my MBR on multiple occasions including times where I did a fresh install of XP and was just letting WU do it’s thing as well as produce other mostly minor (but noticeable) issues I had to spend time fixing. All by itself, WU cost me a lot of time trying to fix what it messed up all on it’s own. It turned out to be great when XP reached EOL because I no longer had to deal with this and it was refreshing. It was so refreshing that I was content using XP two and a half years after EOL with no major issues at all.

Then, I get a powerful gaming PC with Windows 7 on it and had become a competent power user. Once again, while I am just letting WU do it’s thing with my new PC, again I start running into errors. WU can’t install updates correctly and something gets corrupted though it wasn’t a show stopper, but I had to spend awhile trying to figure it out and had a very helpful fellow on a W7 message board help me manually undo what was done. Here we go again, right? It was during this time that I discovered this site and became even more knowledgeable because of it.

I was already missing XP and the endless days of use without having to deal with this nonsense from a so-called competent tech giant that used to know what they were doing when it came to patching. I already knew I wasn’t going to reward MS by going to Windows 10 especially after what they pulled with GWX and the direction it was going. However, I continued trying to patch but now SO only, firmly in Group B. I only did that for a few months and then comes the processor blocking patch requiring that I learn to make batch files to install patches using DISM.

Hyseteria built, patching problems were on the increase (and have continued in that direction) and I was really getting annoyed with how far this process had fallen. MS lost all credibility with me and all this scaremongering with every threat that comes out is also annoying. There’s also the whole “sneaking stuff into SO updates” thing which was a concern I was vocal about when I decided Group W was the only safe answer to patching for me. Firing their QA didn’t help either and it seems the crowd-testing strategy isn’t working out too well for them. I’m shocked, SHOCKED, I tell ya!

Just the fact that MS is asking why people aren’t patching tells me that all their talk about “listening to customers” were about as empty as a vegan’s stomach at a steakhouse. If they do listen, they don’t take what they hear seriously enough if at all.

I would remind these at Redmond wondering why people aren’t patching that the April 2017 patches for Windows 7 & 8.1 actually BLOCKS people from updating their PC’s if they have next-gen processors in them which many do. Gee, I wonder why people would stop patching after that especially folks who aren’t knowledgeable tech people? Big mystery there. They block people from applying updates, then wonder aloud why more people aren’t applying recent patches.

To me, it just demonstrates how wide the gap of disconnect is here between Redmond and the typical PC user. It’s not wide enough to know how to trick people into installing Windows 10, though. This patch was a hard push to get people to switch over to that abomination and just another reason why I will NEVER make the jump. It’s insanity, really, that they really have to wonder why the patching climate is what it is now. They’ve created this with their own actions and yet casually play dumb when it comes to knowing how we got here as if they weren’t actually in the room when these decisions were pushed on their customers. I don’t think they were even in the same galaxy because the customers don’t really matter anymore, not really anyway.

My next OS is Linux, but I am very happy to be Group W for over two and a half years continuing on the XP strategy that was so wonderful and uneventful. What do you know, no major problems. I have figured out other ways VIA security layers and regular backups to protect my PC and data and they’ve worked wonderfully. When I use Linux Mint in a VM, I love updating there. Never a problem and doesn’t even require a reboot, so there’s no disruption at all to what I’m doing. Just wonderful. That’s my future, but I really do love Windows 7 so long as I don’t let MS touch it anymore. I don’t trust ’em! These out-loud ramblings from MS showing just how out of touch and full of S they are just solidify the conclusions I’ve come to which are already pretty solid. Thanks, MS. They, IMO, have nowhere to go but down.

10 users thanked author for this post.

jburk07, doriel, Canadian Tech, AlexEiffel, David F, Spiral, SueW, wdburt1, LH, AJNorth

Reply | Quote

I get the impression that Mr Simos is talking from the ‘bridge’ and not from the ‘engine room’ For sure, security concerns are there by not patching but, it’s been ‘Full steam ahead with sub-grade coal’ for a good while now and a slow frustrating voyage.
Why does this guy think resource sites/fora like askwoody, borncity, ghacks and many others exist?

Windows - commercial by definition and now function...

6 users thanked author for this post.

jburk07, Spiral, Nibbled To Death By Ducks, SueW, WildBill, lurks about

Reply | Quote

Microfix wrote:

Why does this guy think resource sites/fora like askwoody, borncity, ghacks exist?

Let’s be extremely generous and say there are a half a million users who frequently visit and participate in all of the aforementioned sites…

Why would he even know these sites exist, let alone care what is discussed here?

We have to accept that we’re in a bit of an echo chamber here – we know all about the update issues because we’ve set out to know all about the update issues… and we’re in a distinctly small minority.

I’d hazard a guess – based on a few decades of experience supporting end users of various levels of expertise – that MOST Windows users just plug ahead and let Windows do its thing, with little complaining when Windows messes its own bed. Why? Because Windows updates are to blame for about 2% of their problems and they’re at fault for the rest.

1 user thanked author for this post.

b

Reply | Quote

jabeattyauditor wrote:

I’d hazard a guess – based on a few decades of experience supporting end users of various levels of expertise – that MOST Windows users just plug ahead and let Windows do its thing, with little complaining when Windows messes its own bed. Why? Because Windows updates are to blame for about 2% of their problems and they’re at fault for the rest.

But this topic is specifically about the people who are not meeting what MS apparently considers to be their “social responsibility” in letting Windows do its thing.  Within the population of users who don’t let Windows patch at will, the ones MS is scolding, the issues that sites like AskWoody warn about are front and center.

Most “regular” users seem to have a “black box” view of a PC’s operating system.  They’re not likely to know the difference between a problem caused by Windows updates and one they caused by their own actions.  They just know it’s messed up.  It’s the people that do have some understanding about Windows and computers in general that are acting to block Microsoft from doing its thing, even if they sometimes do it to Aunt Mabel’s computer and forget about it.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Ascaris wrote:

But this topic is specifically about the people who are not meeting what MS apparently considers to be their “social responsibility” in letting Windows do its thing.  Within the population of users who don’t let Windows patch at will, the ones MS is scolding, the issues that sites like AskWoody warn about are front and center.

The referenced blog post is very pointedly directed toward organizations and toward figuring out why organizations are not applying patches. Individuals are mentioned only in the context of supplying feedback as members of organizations.

Am I wrong in my belief that the vast majority of AW “regulars” are not part of Mr. Simos’ target audience?

I don’t believe that he’s worried about most of us, nor is he asking for our opinions. He’s wondering why the big shops were so lax in their patching routines despite the inherent security risks.

And, to head off the expected rejoinder from the masses, YOU can certainly browse safely and keep YOUR personal system clean and clear without ever applying a security patch. YOU’RE smart. YOU have properly configured your firewall(s) and YOU know how not to click where you shouldn’t.

Extend that to thousands of PCs managed under one roof or on an international network and see if you can make that same claim about each and every person operating those devices.

Simos is attempting to discover why the admins running those kind of organizations didn’t consider it worth their while to patch, despite the very obvious danger.

I fail to see where he suggests that John Q. Public as individual home PC operator has a “social responsibility to patch.” I continue to believe he (rightly) doesn’t give a rip about the patching experiences or reasons for not patching that most here would have. It’s not his focus.

2 users thanked author for this post.

AlexEiffel, joep517

Reply | Quote

Admittedly, I was conflating the topic title “Patching as a social responsibility” with “most Windows users,” without directly referencing the article in question.

When you write of how most Windows users simply allow Microsoft to do its thing, as I interpret it, you’re referring mostly to consumers, since the Windows users who work in corporate environments don’t usually have a choice in anything on their work PCs, much less what updates are delivered.  They’re not able to allow anything, nor to disallow it.  That’s up to the IT department, who are not Windows users, per se, but Windows administrators.

The view that all computer users, consumers included, have the responsibility to update as soon as possible, and without regard to their own welfare individually if the patch should happen to be one of the bad ones, is so widespread in the tech world that it’s almost a “here we go again” moment each time an article like this comes out, and I was responding more to that than to the actual article.  Woody gets a lot of grief for advocating for the welfare of individual consumers, which really should not be a controversial position, but the “Stop thinking of yourself!  You MUST patch NOW!” lobby is so strong that suggesting a consumer act in his own best interest shocks some people.  The same effect hit Linux Mint, whose developers were bullied mercilessly for not doing their best to convince users to install every single update marked “security” as soon as it is released, even if it presents risk to the user in question.  Mint, unfortunately, chose to give in, but Woody has not.

It’s kind of ironic that the very design of the current Microsoft QA system for corporate customers involves waiting for all the bugs to be discovered by consumers and fixed before deploying new Windows builds, the same thing that’s so terrible if Woody or anyone else suggests that consumers do exactly the same thing.

As far as the target audience of AskWoody… his MS-DEFCON ratings are intended for consumers, while Patch Lady Susan’s recommendations are more for corporate IT departments, as I understand. It’s a good question as to what the split is between corporate and individual visitors.  The comments certainly seem to reflect a more consumer point of view, and that’s certainly where I am coming from.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

AlexEiffel, Canadian Tech, dononline

Reply | Quote

Sites like askwoody, et. al. exist because MS does not care about the little customers and you are on your own to drown.

2 users thanked author for this post.

OscarCP, RamRod

Reply | Quote

I get the impression that Mr Simos is talking from the ‘bridge’ and not from the ‘engine room’ For sure, security concerns are there by not patching but, it’s been ‘Full steam ahead with sub-grade coal’ for a good while now and a slow frustrating voyage.

Chief Engineer Scott: “Captain Simos, I canna give you anymore patching power! The dilithium crystals are almost drained. The improved feature updates won’t be available for… another 6 to 12 months!“

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

If patching is a social responsibility, maybe Microsoft has a social responsibility to not do all the things it does now that makes patching problematic, the first one being creating an always changing system that introduces more and more flaws while making patching not security only but a mandatory much more potentially disturbing experience with new unasked for features and change for the sake of change.

Make one Windows LTS available to everyone every 3 years, 10 years of support, push only security updates, except for minor and carefully tested improvements. Most people don’t want new features, they just want their computer to continue working like it has been and be stable. They upgrade when they buy a new computer and that’s fine with them. When you ask people what version of Windows they use, how many do even know or care, except if it is 10 and they know that is why they got problems?

Don’t tell me that was the previous model and it wasn’t working. Windows 7 is the most loved OS maybe with XP. It has been the most stable. And security issues didn’t happen mostly because of the missing security features that 10 has to offer. If they kept the model and made patching better, reducing the app/os coupling and making most software more easily compatible with updates, maybe not so many people would stop patching.

6 users thanked author for this post.

Sessh, David F, lurks about, dononline, Ascaris, WildBill

Reply | Quote

AlexEiffel wrote:

Don’t tell me that was the previous model and it wasn’t working.

The Microsoft fans have made exactly this claim, of course.  It’s the user’s fault that MS had to be tough on us, they say; too many of us didn’t take our patches when we were told to, so now we’re not being given a choice.  After decades of doing it that way, it’s suddenly not good enough anymore, and the coincident timing of this change with other changes could not be more obvious.

Microsoft under Nadella has made no secret of its intent to monetize Windows in ways never before considered, and to continuously do so as they come up with new ways to do it.  For that purpose, the previous update model was not working.  If they come up with a new monetization scheme, they do not want to wait three (or more) years for people to maybe update to the newest version of Windows.  There have to be new versions coming continuously so that they can get their new MS-serving changes out there serving MS as soon as possible, and these updates have to have enough headline-grabbing new features to distract from the unwanted bits MS will slip in there at its whim.  People cannot be allowed to decline these new versions, or else they might, and if so, how then will MS monetize them mercilessly?

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

5 users thanked author for this post.

jburk07, Sessh, AlexEiffel, David F, wdburt1

Reply | Quote

Microsoft violated their social responsibility when they fired their testing dept. They have a social responsibility to do whatever they can to hire back all of the experienced people that were in their testing dept.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

5 users thanked author for this post.

jburk07, AlexEiffel, dononline, Ascaris, Canadian Tech

Reply | Quote

It is my responsibility to avoid any Telemetry that is surreptitiously hidden in any Windows 7 Security Only patches as I have the right to avoid having that code present on my system. So if MS wants to appear to be more socially responsible they can reissue the July and September Windows 7 Security Only patches without the included Telemetry related code.

And I’m not going to ever install any Patches that are labeled as Security Only but have NON Security Only related Telemetry code included. There are many Windows 7 end users that have only been installing Security Patches and after  Sept 2016 the Security Only patches that are supposed to be Security Only in nature after MS changed its updating systems to bundle up the individual KBs into roll-ups and cumulative updates.

I’d like to be more responsible for including all the Security Only patches on my laptops(Windows 7) but MS has to compromise by reissuing the July and September Windows 7 Security Only patches without the Telemetry related code included.

GWX was not very socially responsible and in fact MS had caused many business disruptions with that GWX and some folks value their privacy as well so that’s not very socially responsible of MS to have included that in any Security Only related patches.

MS has lost that Trust to even be stating anything related to Social Responsibility in others’ actions what with MS’s nefarious actions regarding GWX and many other related issues.

 

8 users thanked author for this post.

Kranium, Sessh, Canadian Tech, AlexEiffel, David F, SueW, RamRod, WildBill

Reply | Quote

[Zaphyrus]

I dont agree this time,  Ok, patching should be doing from time to time but we shouldn’t install every patch

people forget Windows 10 patches aren’t as good as Windows 7 patches were in its prime days

Sadly, its the reality,  Windows 10 have become so unreliable that  not patching is an option.

and if people reply to this trying to convice me they are reliable,  I invite you to install this month updates despite Woody’s warnings.

Just someone who don't want Windows to mess with its computer.

• This reply was modified 5 years, 7 months ago by Zaphyrus.

Reply | Quote

So according to “Mark Simos” all is peachy keen and perfect in MS land and patching. What rock did he crawl out from under???

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

It is far easier to restore an image than to try and recover from a MS “security” patch that breaks either my computer or a peripheral like a printer.

I’ll continue to pick and choose, depending on Woody’s site to keep me educated, as to what I’ll allow on my computer. I put security in quotes because MS’s so-called security patches have more than just security fixes.

Got coffee?

1 user thanked author for this post.

Zaphyrus

Reply | Quote

The idea is to achieve “herd immunity”, as with vaccination. Except that vaccines are thoroughly tested in an usually prolonged series of trials, to prove, first, that they are both effective and safe, free from undesirable side-effects (except for a possible temporary discomfort to the recipient) and then, that the batches that are released are thoroughly up to scratch. As with all human things, this does not always work well, but the occasions when this is the case, there are plenty of eyes on what is going on and the distribution of faulty batches is soon removed from circulation, and if a vaccine is found to harm too many (as with all medicine, there is always a few that suffer adverse reactions), then, same as any other medical product that is harmful to patients, it is also taken off circulation and permanently. But with patches, Windows in particular, there is only “eyes on” them, and those eyes are open in sites such as Woody’s, Ghacks (although now that it has been bought by “Softonic” that might be open to question) and other such places on the Web. So now days it is up to us users to be vigilant and look for advice before patching, or not patching, as the case might be. So Woody’s dear aunt’s PC might be left vulnerable unless Woody helps her out in person, but such is the world we live in now. No point crying over spilt milk. Better to lit a candle than curse the darkness. And so on and so forth.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

Ascaris, AJNorth, Chronocidal Guy

Reply | Quote

I’ve made the same comparison before with vaccinations and patching, and it really is an apt analogy.

Microsoft keeps pushing this idea that the amount of people experiencing problems is small, a fraction of a percent. With 800-ish million Windows 10 devices, even 0.1% is still 800 thousand devices.

How many pharmaceutical companies would continue to promote a vaccine that produced a fatal allergic reaction in several hundred thousand people?

No, we’re not literally talking about people dying… Or are we? How many critical infrastructure systems are impacted by these broken updates? How many small businesses are finding themselves crippled by productivity stoppages or delivery delays when their computers decide to update and reboot during critical operations, and wind up non-functional?  I would actually be curious to see someone examine the mental health impact on IT professionals trying to clean up after Microsoft’s messes.

If they want to spout off about “social responsibility,” they need to take a long hard look at how their recent history of update shenanigans has impacted the industry as a whole. Not just the computers, but the people, the ones responsible for keeping them running.

3 users thanked author for this post.

Ascaris, ve2mrx, EstherD

Reply | Quote

That article you linked Woody makes me wonder in which particular patch of sand the author’s head has been buried these past few years…

3 users thanked author for this post.

plodr, Nibbled To Death By Ducks, Lars220

Reply | Quote

That article you linked Woody makes me wonder in which particular patch of sand the author’s head has been buried these past few years…

@seff I think an MS Sandbox might be more appropriate as opposed to a ‘patch of sand’

Windows - commercial by definition and now function...

Reply | Quote

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

2 users thanked author for this post.

CADesertRat, Nibbled To Death By Ducks

Reply | Quote

Typical, blame the victim.

What other product do people buy that the seller has designed and produced in such a way that they insist it is necessary to perform regular maintenance, even if it is not? And then, blame the buyer if their shoddy product fails?

Would you buy an automobile if you had to return to the dealership every month so they could tighten the lug nuts to prevent the wheels falling off (because they make it so that you cannot do it yourself), and if so would you tolerate that by doing so, the radio, A/C, seat warmers, etc. malfunctioned?

Microsoft is doing no-one (including Microsoft) any favors with their current business model.

 

5 users thanked author for this post.

sproket90, David F, OscarCP, Nibbled To Death By Ducks, EstherD

Reply | Quote

And then they go taking over control of user’s PCs, and including stuff like telemetry, which puts people (like me) off. Good work MS!

Still not installed September & July’s patches..

Reply | Quote

Fear that this is going to lead to an even tighter control over patches, the push will get even stronger soon

Reply | Quote

If it’s a social responsibility, then I’m sure Microsoft will provide free patches for Windows 7 and Windows 2008 R2 for the foreseeable future as it is the responsible thing to do for society at large.  Give me a break, Microsoft is not providing free patches and this is just corporate spin to make themselves feel good.

11 users thanked author for this post.

Kranium, dononline, Charlie, Sessh, MrJimPhelps, David F, AJNorth, OscarCP, EstherD, Nibbled To Death By Ducks, Zaphyrus

Reply | Quote

… also, XP, Vista, and Windows 8.0.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

[Nibbled To Death By Ducks]

Frankly, I think all of us should email cyberhygiene@nist.gov and tell them exactly why sites like askwoody.com exist, ask them why MSFT fired their QA/QC department, and how much grief bad patches have caused!

The author, while raising some good points, overall seems to write from a viewpoint atop a lofty ivy-covered pedestal located ‘way high above the arena in some academic cloud, miles from where the contest and clashing of gears, trouble tickets, nervous fits and such is daily taking place. He needs to get down into the “patching pit” and get his hands dirty.

(Sorry if this sounds like I am a bit bitter about all this, but it is probably because I am, ha-ha.)

Seriously; I’ve been to the NIST at Boulder, WWV up the road at Ft. Collins, etc, and it’s an incredible place with amazing people. Don’t know if they still give the free tours of the Atomic Clock, but if they do, it’s worth it if you’re in the Denver area.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

• This reply was modified 5 years, 7 months ago by Nibbled To Death By Ducks.

3 users thanked author for this post.

jburk07, Fred, AJNorth

Reply | Quote

Nibbled To Death By Ducks wrote:

Frankly, I think all of us should email cyberhygiene@nist.gov and tell them exactly why sites like askwoody.com exist, ask them why MSFT fired their QA/QC department, and how much grief bad patches have caused!

It will be nice when consumer organisations can step in too

* _ ... _ *

Reply | Quote

And maybe, although doubtful, something could be done about those dang outrageous EULA’s!

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

1 user thanked author for this post.

Kranium

Reply | Quote

I sympathize with the complaints expressed here about the arrogant and inconsiderate attitude of the people in charge of MS. They remind me of what I know of unhappy marriages and abusive relationships – and how people often stay in them because… Well, for various reasons, some more compelling and, or respectable than others: some are afraid of change, some might be left penniless and even homeless if they leave. But some may set their face against their troubles, recognize they really have a bad deal, that this is unlikely to get any better, that there is a way out, if they dare take it, and then they do just that and leave.

When it comes to MS Windows, after watching how its support has been developing for some years now, I can’t say that I see a brighter future ahead with any version of Windows, current or to come. (I don’t expect everyone here to agree, I know some of you think that Windows 10 is just fine, but this is my own perspective on things and I have no other to offer. Sorry about that.) But now, as it happens, I do not need to use Windows any longer either because I am required to in my job, or because everybody I have deals with uses Windows and having the same OS makes communicating with them easier. So now that there is no compelling reason for me to stay anymore, I have decided, some time ago, the best thing for me is to leave. There are OS options, I have adopted two of these, have been learning how to use them for a while, and already am doing reasonably well with them, so I’m ready. Come January, I’ll apply some important or critical patches for the last time, to keep Windows 7 in as good shape as possible, plus any security ones that might (?) be released occasionally, when some dire bug is on the loose, and I’ll keep the good old system in this way for occasional use, mostly offline, of some of the special software I have on it and cannot find replacements that work in either of my two other OS, for as long as possible. I imagine that this will be hygienic enough to satisfy my responsibility of keeping other PC users safe by not passing infections to them.

I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it, however satisfying this might feel to me. Instead, I am doing something to change things within my own small personal sphere of influence, the one where I make the decisions. Wish me luck — and the same to all of you.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Fred

Reply | Quote

OscarCP wrote:

I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

* _ ... _ *

Reply | Quote

Fred wrote:

OscarCP wrote:

I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

Didn’t he just voice his opinions in the strongest possible way?

Reply | Quote

jabeattyauditor wrote:

Fred wrote:

OscarCP wrote:

I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

Didn’t he just voice his opinions in the strongest possible way?

Perhaps not everybody who matters has the means to read “Askwoody.com”, and than specifically Oscar me or anybody in particular ?
Other platforms was the meaning;
I can imagine that the consumerorganisations may find an interest in this.

* _ ... _ *

Reply | Quote

Fred wrote:

jabeattyauditor wrote:

Fred wrote:

OscarCP wrote:

I really see no longer any point in complaining about something that is not going to be changed by venting my frustration with it,

Pitty, letting your voice heard might become the gamechanger many people would wish for. Afterall not many are capable of handling their pc; but all become more and more dependent of e-things, and that is not good, I think.

Didn’t he just voice his opinions in the strongest possible way?

Perhaps not everybody who matters has the means to read “Askwoody.com”, and than specifically Oscar me or anybody in particular ?
Other platforms was the meaning;
I can imagine that the consumerorganisations may find an interest in this.

I wasn’t referring to his post here, but to the fact that he’s “voting with his feet.”

Microsoft won’t care about our patching issues – and they might make a decent market-based argument that they shouldn’t care – until it affects their bottom line. Their first responsibility is to their shareholders, and that responsibility may be best met by ignoring individuals and concentrating on their corporate recurring revenue strategies (EVERYTHING-as-a-service-in-the-cloud).

I don’t like it, but I do understand it.

3 users thanked author for this post.

RamRod, Fred, AlexEiffel

Reply | Quote

Fred, I’ll still be around visiting the Mac and Linux forums. Windows, perhaps, if a thread particularly interesting shows up that is not about expressing regrets or complaints about some new MS doings, but rather about technical issues that I would like to learn more about.

Meantime, I’ll continue practicing “patching hygiene” with my other two operating systems. (Same as brushing my teeth twice a day and flossing them once, before bed, plus visiting my dentist’s hygienist for a deep cleaning, once a year.) Question to Ascaris, mn- et al.: where does one go to learn more about “patching hygiene” with Linux Mint, now that it has been “bullied” into pressing people to patch in a hurry, or so it is alleged?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Fred

Reply | Quote

dph853 wrote:

I see nothing wrong with MS stating that 15 year old hardware will not be permitted to upgrade to some future version of Windows and would only ask that auto update for those systems be left on to receive only the most serious of security upgrades and virus definitions as has been the case for Windows XP boxes, Server 2003 etc. Some people don’t need the latest iteration of the OS nor do they need to replace perfectly functional hardware just because.

I have a problem with having an arbitrary, age-based cut-off date.  If they want to say that (to use a real-world example) from this point forward, all CPUs will need to have SSE2 capability, which would have the effect of cutting off a certain percentage of older PCs, that’s one thing, but to just set an arbitrary date and to deny anything older than that updates is quite another.  It’s one of the issues I have with the Apple and Google way of doing things.

It’s true that there are too many combinations of hardware in use for Microsoft to ever be able to test anything but a small percentage of them.  That’s always been the case for Windows, and as the primary provider of the OS for just about all PC hardware that isn’t made by Apple, it’s unavoidable.  The point now is that they don’t even try– according to the video from a former professional Windows tester that was linked here not long ago, they used to have a lab full of a bunch of different machines with different hardware to try to catch as much of the hardware market as is feasible.  Now much of the limited in-house testing that is still done prior to release is done on VMs using the same configuration, so only the virtualized hardware combination is ever tested.

Windows Insiders, too, are more likely to test new builds in a VM than on bare hardware, as trying to run an actual PC doing actual stuff on beta software is risky and ill-advised.  The first set of users that really give Windows the bare-metal run-through in large numbers is the consumers, the group that is overall least able to understand the risk they face, or to recover from disaster if it should occur.  Microsoft has freely admitted that using consumers as testers for the benefit of enterprise customers is happening, and it shouldn’t, especially when it’s commercial software that the consumers themselves had to pay for.  The buyers of commercial software are supposed to benefit from the testing department of the software publisher, not to be the testing department.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

5 users thanked author for this post.

dononline, Bluetrix, Sessh, AlexEiffel, doriel

Reply | Quote

Ascaris: “It’s one of the issues I have with the Apple and Google way of doing things.”

You have saved me the trouble of saying this myself. The only technically sound reason for no longer supporting older computers and their peripherals is that they are incompatible in some fundamental and irremediable way with important features in a new OS release: incompatibilities that cannot be bypassed with safe workarounds any more and that, most likely, will remain so with all future versions as well, for as long as the OS remains in existence.

This goes well beyond “good computer hygiene practices”, but it is not completely unrelated: if one keeps on using an older version of an OS that is unsupported because one’s hardware is no longer supported, eventually one may get no new security patches at all — which means that one may then start to help, unwittingly, with the propagation of malware.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

The only technically sound reason for no longer supporting older computers and their peripherals is that they are incompatible in some fundamental and irremediable way with important features in a new OS release: incompatibilities that cannot be bypassed with safe workarounds any more and that, most likely, will remain so with all future versions as well, for as long as the OS remains in existence.

Of course with a Turing-complete programming environment… the only way that can actually happen is that there’s a time constraint in which the old hardware cannot complete all necessary steps.

(Well, that and not trusting software emulation of hardware-based security features.)

Everything else is “just a small matter of programming” … BTW, would any of the old-timers remember where that phrase is from, originally? Oldest usage I’ve tracked down was Knuth in 1974…

But yeah, some of the BSD folks have shown that a whole lot of old hardware is able to run all kinds of things just fine, if slowly. NetBSD 8.1, released this year, apparently still has support for a DEC VAX 11/750 made back in 1977?

Reply | Quote

mn- : There are still around, I believe, versions of LINUX meant to run on Amicas and Commodores. But I am not sure this proves anything. Does it?

And, while touching on LINUX, where is there reliable advice to be found on when to install which patches for LINUX Mint? I’ve been hearing rumors that the Mint developers have been “bullied” into pushing people to patch right away whatever new patches are issued, maybe by making patching a requirement to keep using the system, or some such technical trickery? If true, this is not great for practicing good patching hygiene. And not quite the greatest of incentives for continuing to run an OS developed with a tendency to make the users its beta testers. (Sounds familiar?)

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

There are still around, I believe, versions of LINUX meant to run on Amicas and Commodores. But I am not sure this proves anything. Does it?

Proves that it is possible as such but certainly does not not prove that it’d be commercially feasible… same thing as with the NetBSD/VAX I mentioned.

OscarCP wrote:

And, while touching on LINUX, where is there reliable advice to be found on when to install which patches for LINUX Mint?

Most likely over at https://forums.linuxmint.com/ I’d guess? Or maybe separately for each component you find important?

See, the one thing about updates on open-source systems, especially Linux with its current popularity… is that it really isn’t a single “software product”. There’s no absolute single source for things, and component parts like desktop environments, background process management, task scheduler, graphics drivers, system libraries, system kernel, etc. are usually developed and tested quite independently from each other. And only then do the distributions package them together.

Mint is a distribution that has gotten a reputation of emphasizing a smooth user experience, consistency and stability… possibly over security, and even having had the main distribution ISO images replaced with malware-containing versions at one point some years ago.

So, the people who run the other projects that feed to Mint don’t like potentially taking the reputation hit from having vulnerable versions in the field after releasing fixes long ago already… so yeah, social responsibility, social pressure, bullying… somewhere along that sliding scale.

(Take for example that one VLC hassle a while ago, Ubuntu had missed a library patch and the VLC team got blamed initially. Mint is “downstream” from Ubuntu, possibly compounding the problem.)

1 user thanked author for this post.

OscarCP

Reply | Quote

Speaking of which, is MS still ruining the Security-Only patches for Win7 with telemetry?
I stopped patching in May due to this..
(and for the bugs, and for the fear of them sabotaging the old OS)

1 user thanked author for this post.

Kranium

Reply | Quote

I think if they were, we would have heard the screams by now..

Windows - commercial by definition and now function...

Reply | Quote

The July and September Win7/8.1 Security-only patches contain telemetry.
Initial look at the October patches say no telemetry, but that hasn’t been confirmed.

2 users thanked author for this post.

Kranium, phaolo

Reply | Quote

? says:

see posts 1977080 and 1977089 if you want to see the KB4520003-Oct SO contents file size 20+-MB.

expert scrutiny welcome…

Reply | Quote

What you say is quite true of enterprise installations. However, I completely, totally disagree with the premise when it comes to typical home installations.

Without a single doubt, based on 3567 Windows 7 computer months of usage, the paranoia over “updating” is vastly overstated. That’s how many months of usage have occurred on my clients’ Windows 7 computers without one Microsoft update. NOT ONE INSTANCE OF ANY ISSUE OF ANY KIND. NOT ONE!!!!. In fact those computers run better than they ever did before. My support workload is off by 90% because they just work day in day out without a problem.

I made this decision and implemented it in May 2017 because I decided (and rightly so) that the risk of allowing Microsoft to apply their myriads of defective so-called updates was vastly more risky than not doing so.

The problem is mostly the result of Microsoft’s firing the QC staff in 2015, and producing a never-ending stream of defective and inappropriate patches.

In addition, and most importantly, Microsoft has turned an admired “update” process from a security assurance function that worked very well, into a change your system into anything Microsoft thinks it can profit from exercise. Because its customers (something Microsoft clearly demonstrates they do not care or know about) rejected its many change your system whether you like it or not “updates”, Microsoft changed the process to allow its customers no choice but to take it all or leave it.

I chose leave it! Every one of my clients is in agreement and amazed at how well their systems work.

There is another part to this strategy that makes it so successful. The only software in these computers from Microsoft is Windows — the OS.

CT

7 users thanked author for this post.

AlexEiffel, Ascaris, Carl D, Sessh, CADesertRat, RamRod, MrJimPhelps

Reply | Quote

Canadian Tech wrote:

Without a single doubt, based on 3567 Windows 7 computer months of usage, the paranoia over “updating” is vastly overstated. That’s how many months of usage have occurred on my clients’ Windows 7 computers without one Microsoft update. NOT ONE INSTANCE OF ANY ISSUE OF ANY KIND. NOT ONE!!!!. In fact those computers run better than they ever did before. My support workload is off by 90% because they just work day in day out without a problem.

Has ANYONE heard of an attack by spectre or meltdown? I suspect the hysteria this created has bricked many a machine either by OEM code, MS patch, or hardware patches(INTEL, AMD) I disabled the code using Steve Gibsons utility and find much faster response!

Fake news!!

1 user thanked author for this post.

Carl D

Reply | Quote

Nope, haven’t heard of any Meltdown/Spectre attacks nearly 2 years after all the hysteria started.

Probably never will.

I’ve also used Steve Gibson’s InSpectre utility to disable the patches and the result is a quite noticible improvement in the performance of Windows 10.

As I’ve said before – all these security companies are in business to make money. If they weren’t looking for and finding every (mostly insignificant) issue with Windows, they would be out of a job.

Reply | Quote

The lack of any Spectre or Meltdown exploits in the wild may be fake news (in the sense that it was never going to be a feasible attack strategy in the real world), or it may be that the mitigations that were put in place before any effective malware could be produced brought it to the level where none of the miscreants were keen to try it when nearly everyone was already (as far as they knew) patched and immune.  I’m more inclined to believe the latter, but it could go either way.

This is another place where herd immunity can be of benefit.  If the attackers don’t pursue this attack vector because most of the victims would be immune, and the small unpatched population would not be enough to sustain the continuous propagation of the malware, even the unpatched individuals are safe from a malware that never existed. As long as it continues to not exist, the nonpatched are fine.

In this case, the hype machine protects us all by convincing the malware authors that it’s not worth it to try, whether that’s actually true (because most everyone has performance-sapping mitigations enabled) or if it’s only perceived to be true.  I just had a thought… what if that was the reason the “social responsibility” people screech so loudly whenever anyone balks at taking all of the security patches immediately?  They don’t want that performance-robbing, instability-inducing nonsense any more than the rest of us, but they do want to be safe… so they convince us all it’s our duty to patch for the greater good, while themselves avoiding the patches AND the danger, thanks to the herd immunity the rest of us provide.

I don’t actually think that’s the driving force behind the cult of You Must Always Patch Immediately, but it just fits so nicely!

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

I find it interesting that there are very few Mac repair shops compared to microsoft/ xxx86 repair centers not to mention the cottage industry that has evolved!

No I do not have a mac or apple product in my home. Wait, an old IPOD that I cannot use because the battery cannot be replaced!!!!!

Reply | Quote

Apple is a hardware company. Their business is selling hardware. MS is a software company.

Both are trying to be something else, but those are their native roots.

CT

Reply | Quote

The family of  Macintosh operating systems developed by Apple Inc. includes the graphical user interface-based operating systems it has designed for use with its Macintosh series of personal computers since 1984, as well as the related system software it once created for compatible third-party systems.

In 1984, Apple debuted the operating system that is now known as the  “Classic” Mac OS with its release of the original Macintosh System Software.

1 user thanked author for this post.

Myst

Reply | Quote

IMHO the Mac was a ripoff of the Xerox Star.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

My point was and is that microsoft s****s up hardware requiring technical support as a rule whereas Apple doesn’t appear to generate work for technicians,both formally trained and self-taught, anywhere near as often. Hence, just driving around doing errands, commuting to work etc reveals that M$SFT has created an exponentially higher number of computer repair businesses than Apple. This observation has been made over the last 36 yrs of personal observation.

From the very early days of computing, hardware companies and micro$ft have each blamed the other for SNAFU’s leaving the user out of luck (spelled MONEY in most cases)

Please understand this is in no way resulting from scientific study or clinical trial. It’s simply observation!

Be well,

D

 

Reply | Quote

DriftyDonN wrote:

From the very early days of computing, hardware companies and micro$ft have each blamed the other for SNAFU’s leaving the user out of luck (spelled MONEY in most cases)

Oh indeed, something to be said about single-sourced systems – hardware, software and service contract all from the same vendor. Plenty of UNIX vendors used to offer that kind of thing.

Reliability was better, but the price tag… well let’s just say that the vendor’s revenue stream was quite well defined.

Oh well, can’t get full environments like that any more – Apple doesn’t offer much for the server market, and everyone else got out of the UNIX workstation market.

Reply | Quote

DriftyDonN wrote:

Hence, just driving around doing errands, commuting to work etc reveals that M$SFT has created an exponentially higher number of computer repair businesses than Apple. This observation has been made over the last 36 yrs of personal observation.

Do they all have signs saying Intel/AMD PCs only, no Macs?

Reply | Quote

[jabeattyauditor]

DriftyDonN wrote:

Hence, just driving around doing errands, commuting to work etc reveals that M$SFT has created an exponentially higher number of computer repair businesses than Apple.

There is an “exponentially higher number of computers” running Windows operating systems than those running an Apple OS.

• This reply was modified 5 years, 6 months ago by jabeattyauditor. Reason: Grammar

Reply | Quote

Someone here must remember the first pc’s that were made available to the general public. They had NO manual, no help file, no tech support. Just plug it in and turn it on then hope you remember some DOS commands you came across while doing keypunch? Whats DOS? Do I need one? Commodore64 didn’t have a command line……and here we are with most of the same issues!!!

Cheaper so thats good!

Reply | Quote

DriftyDonN wrote:

Someone here must remember the first pc’s that were made available to the general public. They had NO manual, no help file, no tech support. Just plug it in and turn it on then hope you remember some DOS commands you came across while doing keypunch? Whats DOS? Do I need one? Commodore64 didn’t have a command line

Wow. That wasn’t my experience at all.

The C-64 had a thick, spiral-bound user manual, and booted to BASIC. When it booted, you entered commands at the keyboard and pressed [Enter]. The commands “LOAD *,8,1” followed by “RUN” are forever etched in my brain. Do you have a different definition of “command line” than I do?

As for “the first pc’s” … maybe it depends on what you define as a “PC”.

If you define it as any computer used in the home, we’ll all have different interpretations of what constituted the “first”. Some will say the Altair-MITS was first, but who would call that a practical computer? Even so, it came with instructions because it was a kit you had to put together from parts.

My first was the Timex-Sinclair TS-1000, a 6″x6″ piece of plastic in the mid-70’s that connected to a cassette tape recorder and a TV’s antenna terminals. It ran BASIC. It was more a toy than a practical “computer” — yet nevertheless, even that had a distinct, spiral-bound user manual.

If you define “PC” as the IBM PC (model 5150) and the ensuing “PC-compatibles”, I think there was a user guide for the hardware but I don’t remember it … but then it didn’t take much to figure out how to plug in the keyboard, monitor, and power cord. I didn’t need a user manual for that. There was nothing else to connect. The power switch was even a gigantic, red lever, so I didn’t need a manual to tell me how to turn it on.

As for how to make use of it, that depended on the OS. The IBM PC supported CPM and IBM-DOS, so all the practical instructions on how to use the computer came as part of the OS, not the hardware.

I never used CPM, but the DOS documentation included a spiral-bound “DOS User’s Guide”, a “DOS Reference” guide in a 2-inch thick, 3-ring binder, and a “DOS Technical Reference”. According to my copy of the IBM PC DOS User’s Guide:

The DOS User’s Guide and the DOS Reference are both included when you purchase DOS. The DOS Technical Reference must be purchased separately.

Reply | Quote

DriftyDonN wrote:

Someone here must remember the first pc’s that were made available to the general public. They had NO manual,

Yeah, no.

Up until 1992 or so it was typical that name-brand PCs came with proper printed manuals. Thick, too. I remember the separate OEM-branded books for MS-DOS 5.0 and Windows 3.1 …

Non-“personal” computer systems might not come with included manuals, they had training courses and manual kits as extra-cost options for businesses. Perfectly understandable, that – I helped sort out a storeroom once after someone had mistakenly included documentation kits with *every* computer in a shipment.

Reply | Quote

As a matter of fact, I still have a 668-page book from Dell on DOS 5.0.
And a set of 5 books that came with one of my Win98 laptops from Dell.

Reply | Quote

My c-64 didnot come with any documentation. However, u jiggled my memory a bit and I do recall a few commands…run being the most used.

“The Commodore 64 is arguably the easiest to use programmable computer that has ever been made.  Like the PET and VIC-20 before it, the 64 booted to a friendly screen with the Commodore Basic Operating System ready and waiting for instruction.  If writing your own programs was too daunting and loading software from cassettes or floppies was ‘just too much’ for you, you could just jam a cartridge in the back of the unit and like magic your machine was doing whatever you wanted it to.”

So if you were a coder to start with, you were all set. BUT without that background and a load of curiosity, you pretty much had something to buy game cartridges for. That was essentially my point. Todays novice gets practically the same thing. Without the background you cannot use it like an out of the box television.

Y’all have made this conversation into showing what you know(sic)or remember seeing but not what the common user expects from their first experience with a computer. This site and hundreds other wouldn’t exist if decent documentation was presented.

Feel good about yourself-, I shouldn’t have used the generic term “command line” considering this site is loaded down with pHd level experienced or maybe educated professionals who were just waiting to correct someone.

DOS 5? win 98? are you serious? How about BASIC and no GUI? 8 bits to work with. I suspect you might have been a bit confused with just those to work with.

This kind of got off topic but in a way not so much. How many of you are here because you have a brick instead of a PC? How many with a cottage industry of friends and family calling you at all hours? Lack of documentation.

I have a Chemistry lab I would just love to have you visit with a text book and a pair of goggles- no ringers!

Reply | Quote