Newsletter Archives

• 2000011: Group A, Group B and Group W – what’s the difference?

  Posted on April 9, 2018 at 17:09 CDT by woody • Comment in the Forums

  @elly has kindly put together an overview for you Win7 and 8.1 users.

  If you aren’t quite sure if you want to be in Group A, Group B, or Group W — when it comes to struggling with patches — check out AKB 2000011.

  Windows Patches/Security AskWoody Knowledge Base, Group A, Group B, Group W

• New directions for Win 7 and 8.1 patching

  Posted on October 19, 2017 at 20:59 CDT by woody • Comment in the Forums

  I think it’s time to re-evaluate the “Group A” and “Group B” instructions for updating Windows 7 and 8.1. It’s been one year since Microsoft announced that it was grouping together patches – the “patchocalypse” – and we’ve seen a lot of water under multiple bridges.

  With the advent of MS17-010, there’s no question that patching is a must. Group W is no longer viable.

  @MrBrian and many others are now convinced that Group B doesn’t work either. Lots of details, lots of problems – and those who manually install security-only updates are finding that Microsoft hasn’t made life easy. Or perhaps even tolerable.

  Now it looks like my old instructions for Group A aren’t going to work any more, either. In particular there are problems with hiding individual patches that may bite back.

  So I’m opening up the floor for discussion. Two questions:

  Is it ever going to be possible for “normal” people – by which I mean people who don’t have time to spend hours every day – to manually download and install all of the patches they need?

  For those who stick with Microsoft’s preferred approach, is there anything “normal” people can do to avoid really bad patches? And is it possible to curtail Microsoft’s snooping in the process?

  Your comments and insight most welcome.

  Windows Patches/Security Group A, Group B, Patchocalypse

• New Windows 7/8.1 updating method coming

  Posted on May 17, 2017 at 14:06 CDT by woody • Comment in the Forums

  It’s almost time to move the MS-DEFCON level, but when I do, I want to get it right – and get your input.

  As you all know, I’ve recommended “Group A” – install all Rollup patches – to folks who don’t mind the added snooping. I’ve also recommended “Group B” to those who want the security updates only. I’ve acknowledged, but not recommended “Group W” for those who never patch.

  The world’s changed since last October.

  With Shadow Brokers guaranteeing that major Windows vulnerabilities are coming every month – I call it “Malware as a Service” – Group W is just plain dangerous. It’s not an option. Sorry.

  Group B, which is based on Microsoft’s commitment to deliver Security-only updates every month, has gone from relatively simple to very complex. Officially, Internet Explorer patches have been broken off from the main download. There’s all sorts of confusion about .NET patches — which are Security-only, which Rollups? We’ve seen security patches released outside the monthly Security-only stream. There have been bugs in Security-only patches that were fixed outside of the Security-only stream. There’s a host of problems documented in this Topic.

  Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.

  Starting this month, I’ll mention Group B in my InfoWorld posts and the MS-DEFCON posts here — but I won’t include details. Instead, I’ll refer you to the AskWoody KB article AKB 2000003, maintained by PKCano. We’ll modify that AKB article with generic installation instructions. The MS-DEFCON level will apply to Group B folks, too, but the instructions most people see won’t include the Group B details.

  Which leaves me with new adornments for Group A. Starting this month, I’m going to recommend that just about everybody move to Group A, and install the Monthly Rollups (waiting until we’ve had time to thoroughly vet the patches, of course).

  For those of you who are sensitive to the manifest (but still undefined) snooping included in Win7 and 8.1 updates, I’ll include instructions for reducing – but not eliminating – Microsoft’s “telemetry.” As a reader here, I’m looking for your input, but keep in mind that:

  • What you recommend can’t hurt anything other than telemetry.
  • Novice “For Dummies” level users have to be able to understand what’s involved, and how to do it.
  • I don’t want to recommend a third party app. Yes, I know there are apps that block telemetry.

  There are three approaches that have caught my eye:

  • A short list of KB numbers, listing patches that should be removed. @PKCano has an example in the AKB 200003 documentation.
  • A simple batch script, like the one @abbodi86 maintains. The problem is that some people will have a hard time figuring out how to run it.
  • A combination of directions, as @MrBrian has proposed.

  I realize that Microsoft has promised that it will release a completely cumulative update for Win7 — a Service Pack 3, if you will, available through Windows Update — at some point in the future. I don’t think we have the luxury of waiting for Microsoft to get its act together.

  I think, given the Shadow Brokers promise, that we need to come up with a solution now — and pick up the pace, shortening the length of time between the release of Monthly Rollups and a go-ahead, through the MS-DEFCON level, when it’s safe to install.

  Don’t get me wrong. Automatic Update is still for your Great Aunt Martha, who doesn’t want to follow along, and can’t be trusted to apply patches consistently. For those of you who can take your patches proactively, waiting a week or two is still the best way to go.

  What do you think? What would you recommend for Group A anti-snooping instructions?

  Windows Patches/Security Group A, Group B, Group W, New updating method

• Confusion in the Group A ranks

  Posted on December 14, 2016 at 18:26 CST by woody • Comment in the Forums

  

  OK. So riddle me this, bitman… from JK:

  My understanding is that the December rollup is supposed to include everything in the October and November rollups. But when I now use Windows Update to see what updates need to be installed on a system that has not been updated since September (the last month before the rollup fiasco began), it currently says to install the October rollup, and not the November or December ones. Attached is a screenshot.

  So maybe our understanding of rollups is incorrect. Or Windows Update does not work as MS intends. What do you think is going on?

  The screenshot (which is hard to see) does, indeed, list the October Monthly Rollup.

  Anybody out there have any good ideas?

  Windows Patches/Security Group A, Windows 7 Monthly Rollup