The perils of shouting “fire” in a crowd of PC patchers

Topic

New Reply

It happens over and over again. Microsoft releases a patch and the world panics. Dire predictions of doom stampede Windows customers into installing p
[See the full post at: The perils of shouting “fire” in a crowd of PC patchers]

10 users thanked author for this post.

lmacri, rontpxz81, Pepsiboy, abbodi86, EstherD, Moonbear, Kathy Stevens, Cybertooth, Alex5723, lurks about

Reply | Quote

Replies

They should just turn over the patching to 0patch who seem to know more then they do about  turning out good patches.

1 user thanked author for this post.

rontpxz81

Reply | Quote

Geo wrote:

They should just turn over the patching to 0patch who seem to know more then they do about  turning out good patches.

In most cases, 0patch reverse-engineers patches that Microsoft creates. They may be doing a good job, but they don’t have a business model that works without Microsoft first creating patches.

Reply | Quote

Your graphic here (not the pic on your Computerworld article) may warn about the cries of “Wolf!”, but it reminds me of AskWoody users following MS-DEFCON. In a good way:

*sipping coffee* “This is fine.”

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Completely disagree with your article. I would much rather be safe than sorry. And as always when you talk about how horrible Microsoft’s patches are you fail to mention that the overwhelmingly  large majority of Windows users are not affected.

Barry
Windows 11 v23H2

Reply | Quote

If it’s labeled as Security Only and it’s got Telemetry/Nagware/other included then it’s not getting installed and state hacking or not that’s just too bad.

I’ve got System Image backups for all my Windows 7 Laptops so if things get too infected then it’s wipe and re-image time. I will not have SO updates that are not actually SO in nature and MS is the one that needs to come around if they are actually that interested in security.

Reply | Quote

A regimen of regular drive imaging makes unobstructed, non-delayed patching/updating a non-issue for home users.  There’s a quick and easy fix just a few clicks away.  I’m among the overwhelming majority of users who are unaffected by updates other than being up-to-date with everything Microsoft offers my systems.

I don’t patch because of “dire predictions of doom”, I patch because a patch is available, and it has been my experience that the only updates to avoid are driver updates.  Get those from the device manufacturer, if necessary.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

CraigS26, WildBill

Reply | Quote

I think I am following Woody’s Windows 10 updates advice by having advanced options delayed for 365 days and quality updates delayed for 21 days – plenty of time for any Windows update hoots and hollers to be addressed by Microsoft.

Said another way, set it and forget it.

Just remember, the people making the dire predictions are simply trying to make a living and need something to write about.

1 user thanked author for this post.

rontpxz81

Reply | Quote

Sometimes the crowded theater is aflame, and other times canis lupus really is lurking about.

I don’t mind hearing when someone near the exits smells smoke, or when the guy in camo notices a fresh pile of scat… even if they’re both wrong about their proclamations more often than others are comfortable with.

Reply | Quote

That would be ‘canis lupus lupus’, otherwise known as ‘wolf’, not ‘c. lupus familiaris’, also know as ‘woof!’ Otherwise, a point made that is well worth considering.

“Crying fire in a crowded theater” refers to the case when someone does it out of sheer devilry, to create a “humorous” stampede, not because there is evidence that the place is on fire.

In any case, and in line with jabeattyauditor’s comment, when some evidence of a dire threat is revealed and the source is credible, its announcement, with the statement, when in order, that is not yet in the wild, as far as anyone can tell, is the responsible thing to do. People should heed such a warning, and take measures to keep safe until more is learned. This does not mean rushing to apply a patch just because it is available, but to do so only after one has evaluated one’s own situation and decided that there is no other practical way to protect oneself immediately.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

jabeattyauditor wrote:

I don’t mind hearing when someone near the exits smells smoke, or when the guy in camo notices a fresh pile of scat…

I saw a fresh pile of bear scat on the trail once and instead of turning around in a panic, I kept moving. It isn’t until the burly beast shows up with a roar that I take cover and focus on survival in the wild. Do what you can to stay safe but don’t panic. Image backup, then move along.

MacOS iPadOS and sometimes SOS

Reply | Quote

The fundamental problem IMO is that no hard figures are normally released for the actual number of people who are affected one way or the other. Without knowing how many computers have been infected by a given threat, versus how many computers were messed up by the patch intended to address that threat, we are all simply feeling around in the dark.

Once in a while you’ll hear that some number of PCs had been infected by a banking Trojan or something, and–assuming there is any relationship between the number given and reality–the proportion seldom works out to be in the order of more than 1 in 5000. And of course we are not told how many of the computers affected even had basic protections installed such as current antivirus+antimalware.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Myst

Reply | Quote

I still havent downloaded this months patches. I always sit back and wait. Just wondered what was subtly installed into peoples computers with anyone knowing. While they expected was a needed patch due to some big threats that never surfaced. Instead was probably more snoop junk

Reply | Quote

In all fairness to the bears mentioned above, my work takes me into remote woodland areas for months at a time and I have only run into a problematic bear once in more than 20 years.

A colleague of mine and I were working in our camp’s the garbage pit when I turned around and found that we were sharing the space with a rather large brown bear. I quietly told my friend that we needed to walk forward – quietly and slowly – out of the pit. We did and the bear remained happily eating our leftovers from the prior day. No need for a Glock 20 with a few spare magazines then or ever.

Again, I simply set my Windows 10 advanced options to delay feature updates for 365 days and quality updates for 21 days – plenty of time for Microsoft to address any problems.  This approach is consistent with my approach to getting away from bears.  I don’t need to be the fastest person in the woods – I only have to be faster than the slowest member of our party. Or in the case of patches, I need to follow and not be amongst the first people to install a patch.

2 users thanked author for this post.

Lars220, Myst

Reply | Quote

We have a very similar philosophy from what I understand about your stance on Firefox too.

I will just warn you about something. I used to set delays to 365 days. The problem is running the oldest supported version I hit the no support date before the 365 days is over since support is only good for 18 months unless you have Enterprise (not Pro) version and even then it is only certain versions of the feature updates that are supported longer (36 months I think).

Depending on the version I was running, I either got a few free monthly cumulative updates beyond the out of support date for a reason that is still mysterious to me and then got pushed to the next oldest supported version or for 1803 recently, some computers were just left unpatched and not moved to 1809 until I initiated the update manually. Some might like this “feature”, but I don’t like to be unpatched on a non supported version without being told clearly. I have the group policy set to download but notify before install and maybe it played a role in keeping me not updated and not bothered while using the 365 days delay while on previous versions I got pushed anyway at some point, but always respectfully (I could click not now and drag it as long as I wanted by not restarting the computer, it seemed).

So since I always run the oldest supported version, setting to 180 days for users might make more sense to avoid getting trapped in this no patch/no warning/no support situation. Or you can still use the 365 delays but become a seeker (click on check for updates and install updates) once you know the period of support is over for the particular version you are running. This requires a bit more involvement on your end knowing and remembering the end of support date of the version you are running. You can play that Woody style and wait another month to update if you are not particularly worried, but it just lower your support period of the next oldest version you will run, so there might not be much to gain there. Also, becoming a seeker has its own perils. It is not clear as to what Microsoft determine what happens to a seeker depending on the version. They might interpret seeking as bring me the latest version and not the oldest supported version or make “mistakes” as to which version to push like what happened in the past with other versions where people (not necessarily seekers) were pushed to a different version than maybe they would have liked.

I noticed that running the oldest version that has been quite well tested didn’t bring too much problems vs staying cutting edge on a variety of hardware. I have a good amount of different computers and not a single 1000 fleet of the same model. I was happy running set it very secure and forget it style in the past which was a low cost very productive way to run our computers before with Windows 7, but with Windows 10, it is less manageable. And now with the latest behavior I observed going from 1803 to 1809 not being managed as nicely automatically like it happened on previous versions, I wasn’t very happy about sending someone to manually click install updates on a bunch of computers and make sure they updated properly.

2 users thanked author for this post.

jburk07, Kathy Stevens

Reply | Quote

I have no philosophical problem switching Windows 10 feature updates to 180 days from my current 365 delay.

Your argument for a shorter update period makes sense.

So, 180 days it is unless some has a stronger argument for a longer delay.

Thank you for taking the time to get back.

Reply | Quote

The number one reason to patch is, if you do financial transactions on the computer, a provider who promises to indemnify the user from damages if something goes awry, might decline to do this indemnification if the computer isn’t being kept patched.

It’s in my user agreement with at least one of my custodians of my money.  But, the way I look at it, it might be used as a defense by all of them.

Windows restore has worked well for many years.   Update, so long as there are restore points.

I got rid of Win 7, now on 8.1.  Problems have been negligible.

Reply | Quote

There are two distinct profiles of users. Enterprise, and they guy at home. I have no doubt that enterprises need to focus on patching. When it comes to home users, the risk is dramatically less.

There is way too much paranoia around patching.

CT

6 users thanked author for this post.

jburk07, ryegrass, Cybertooth, Myst, wdburt1, Barry

Reply | Quote

The media always has a tendency to blow things wildly out of proportion. Take the current coronavirus scare, for instance. The media sure is blowing it out of proportion, to the point that Chinese people are facing harassment and even racism over social media for it. The hysteria is hard to justify when the regular flu and malaria kill way more people and are way more dangerous anyway. Once the public gets fatigued, these headlines will no longer be as catchy.

Same goes for patches. If the NSA screams about some vulnerability, then the media will cotton on and start echoing those screams. Soon everyone is screaming at the top of their lungs, and the people who stayed calm and used their head don’t get heard above the din.

Woody isn’t saying “Don’t Patch, Ever!”, he’s saying “Keep Calm and Use Your Head”. Someone should make a laptop sticker for that. Taking the time to think decisions through makes a huge difference in many cases.

3 users thanked author for this post.

OscarCP, Cybertooth, lurks about

Reply | Quote

Woody and Susan are both saying “Keep calm and use your head!”. Often the hype and reporting fails to note that often only a limited number of users are immediately affected by the major security updates. Nor do they explain what the problem is in an intelligent manner.

5 users thanked author for this post.

jburk07, OscarCP, Myst, Cybertooth, Bluetrix

Reply | Quote

When the spooky vendors start telling you to patch, it makes me wonder what exactly they added to it.

 

Moderator note: Edited for content.

Reply | Quote

Just did get patches installed on Win. 10 ( 1903 ) and Win. 7 Pro. All went well except when I went to update Office 365 they totally messed with everything in Word and Outlook. They changed the icons and messed with the tool bars etc. Again if not broken don’t fix it.

Reply | Quote

[CraigS26]

bbearren wrote:

A regimen of regular drive imaging makes unobstructed, non-delayed patching/updating a non-issue for home users.  There’s a quick and easy fix just a few clicks away.  I’m among the overwhelming majority of users who are unaffected by updates other than being up-to-date with everything Microsoft offers my systems.

I don’t patch because of “dire predictions of doom”, I patch because a patch is available, and it has been my experience that the only updates to avoid are driver updates.  Get those from the device manufacturer, if necessary.

I was setup FOR Driver Updates and changed it via Control Panel (below for others who want to). Thanks for the reminder. But – While HP is great about warning of Security/function Driver Issues – I’m Still waiting on 95% of the alleged Updates…..

Con Panel/System/Adv System Settings/Hardware Tab/Device Install Settings……..

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

• This reply was modified 5 years, 1 month ago by CraigS26.

Reply | Quote