I didn’t read this part before. You know what? Go fuck yourself. Equating my unwillingness to have my computer reboot against my wishes and destroy my data to being anti-science and killing kids is bullshit.
Oghier
3308
That’s pretty strong, and I didn’t actually say the stuff in the quote you attribute to me.
The point I was trying to make is that this story is not about individuals getting viruses, but huge institutions such as the NHS. I can’t understand why they, in particular, would hesitate to deploy critical security fixes.
I fixed the quote. You still agree with him though, so I cordially invite you also to GFY.
And no, that isn’t strong. What’s strong is comparing me to anti-vaxxers. That’s one of the most insulting things you could possibly say.
Oghier
3310
Well, I didn’t really think that through. It was meant as more of a ‘Yeah OK, but this is really about giant institutions not bothering with critical security updates.’ So, apologies for any implication that you’re as bad as an anti-vaxxer.
Maybe things have changed, but there was a time when having automatic updates on was like playing Russian roulette. You never knew when one might cause a major problem. We’ve seen it happen in other ecosystems too, like with PS3s some years ago (or was it 4s?)
And I never update iOS unless I have to, because it often causes problems.
Apology accepted. It happens, I replied to the first part of his post without absorbing the rest myself!
@Misguided: You’re much better off leaving autoupdates on, even though the forced reboots can destroy your data, unless you’re a sophisticated user who will remember to update yourself. If you’re concerned about bad updates you can delay them in Windows 10 with the “defer updates” setting. You can either switch to Business updates (which can be delayed by months) or delay feature and security updates separately by a user-selected number of days. This is a new feature in the latest “creator’s update”.
I still more or less behave this way, and feel it’s still true. It seems always best to play wait and see while others go first, before applying updates. I don’t feel like I know better, but the collective masses still frequently uncover issues. As recently as this month there was a patch to my NAS which would have caused me issues had I not waited while the vendor released a critical patch to their most recent update.
I JUST upgraded to 10 yesterday and haven’t messed with whatever the defaults are. Probably won’t unless there’s a reason. @Oscuros wholeheartedly recommended doing the upgrade, and I’ve had no issues so far. Didn’t even do a clean install. Man, times have changed.
The defaults are fine, just be aware that once it updates windows is gonna reboot within the next day or so and save your work.
I still like the way that Creator’s Update killed my ability to see USB 3.0 hard drives. That’s neat.
- Stop clicking on attachments in emails.
- ???
- No profit.
That is just fucking bullshit. Lumping people who do not want to be guinea pigs for Microsoft shoddy patching practices over the years, and their tendency to lump “content” or “forced Windows 10” upgrades with Security patches into the crowd of crazy anti vaccers is low, even for a Microsoft employee.
I’d think more people would be patched if they didn’t pull the shit they did when trying to get people to WinX and the additional lumping of everything into one patch (that will then fail for everything, like here - no “quality rollup” patch works (installs, reboots, roll back, reboot, back to unpatched state), but security-only patches from the update catalog do.) instead of letting you download each MS-advisory patch stand-alone. At least you can still grab for example https://support.microsoft.com/en-us/help/4019213 from the Update Catalog, but I’d expect that too to be closed down in the future.
Oghier
3318
Evidently, it’s not that simple with this one. Read the articles :)
What I read through other sources was that it was a file mostly obtained and spread through emails (or a click I suppose) that exploited a vulnerability with SMB shares to spread itself internally. The SMB exploit was based on leaked NSA tools because they focused more on attack than defense.
Also included with one or two cryptolocker tools (Wanacrypt) - which I suppose would could also include drive-by-infections through vulnerabilities in IE, GDI+, Web-Fonts, various Image Files and whatnot. From my understanding, most of these tools when run from web pages (adverts mostly) will try to get a target profile then try several vulnerabilities to get their ‘tool’ inserted to the target computer. Course, no point wasting a perfectly good 0-day on random users, so I would think most of these drive-by exploits will be published ones - unless they can guarantee a good return on spending one into a exploit-kit.
But I guess more tools will use it for a bigger impact and more money.
Nesrie
3321
My search hasn’t functioned properly since the last huge update. I would absolutely not have automatic updates on if given a choice. I never took them automatically before, but I was never more than a few maybe handful of months behind.
LMN8R
3322
¯_(ツ)_/¯
Windows patches have had issues in the past, sure. So do vaccines. Still not a reason to put them off or avoid them entirely.
For all the hand-wringing by people who claim that Windows patches have had major problems in the past, and that’s why you turned them off, it ignores the fact that Microsoft always rolls out those patches to the world slowly and gradually. It intentionally takes days or weeks for them to roll out, just in case there are quality issues, and most of the people who encounter those issues (in the rare cases where they happened) were from people who manually installed them immediately, not automatically got them in the background.
One other way the comparison holds? Anti-vaccine nutjobs love to exploit the naive to spread their misinformation. Just like all of the assholes online who try to spread fear and misinformation about patching Windows.
And yes - this is fucking serious, because people are potentially fucking dying from NHS and other institutions being compromised by this latest infection, by procedures being delayed, and so forth. So if you think I’m a “fucking asshole” by comparing the two situations, I’m really sorry, but anti-vaccine nutjobs don’t like to be called nutjobs either.
I’ve always used auto-updates on all my devices and it’s pretty rare to have any issues (can’t recall the last time I did). I think the benefits outweigh the risks.
You’re right, but if you’ve been bitten just once by a patching issue, it’s going to remain a hot-button issue for you. I’ve had problems with patching doing unexpected things - hosing my graphics, rebooting randomly, forcing me to reinstall stuff. I’m willing to put up with that stuff for safety’s sake, but not everyone is. And make no mistake, there are issues. It’s impossible for there not to be with the kind of install base Windows has, on varied hardware with all sorts of third-party software. I bet the average user has an issue only once every few years, but it only takes one to set “updates bad” in your mind.
Gendal
3325
That’s the way 99.9% of the planet should be doing it.
At work we have a team of people dedicated to managing the patches for our thousands of servers and desktops. That’s what they do, patch management, full time job. I just pick various patch levels and assign them to our users and servers depending on what they need.
For my personal machine I just set it to automatic because I value my time. I do get irritated about the reboot schedule. I want to pick that, not MS. Forced reboots annoy the shit out of me and I don’t want to micromanage them or be forced into one.
-
How many people turned off auto-updates when Microsoft started bundling GWX with ‘recommended’ updates.
–Was that the “anti-vaccers” or Microsofts fault?
-
How many people turned off auto-updates when Microsoft stopped producing stand-alone patches and instead started bundling optional/content-patches with Security patches in “Feature Rollups”.
– And why are not the “Security Patches Only” made Important and listed as a Security patch (instead of only visible on the catalogue) whereas the ‘features+security’ is set to this level (Which patches in a different way, since it doesn’t work here, wheras Security only does…) and offered.
– Was that Microsofts decision, or those who argued against it?
-
When Microsoft removed details on patches on the KB articles and instead just said “Here’s a list of files we’ve changed”, was that to help people evaluate patches and make informed decisions.
– Was that Microsofts decision, or those who thought it was a bad idea?
The issue at NHS and elsewhere is due to under-funding–> poor IT infrastructure, not due to lacking ONE Patch from Microsoft. People have been cliking on links through emails since MIME attachments first came out, only Microsoft made it possible to auto run content through emails in various early iterations of Outlook, OUtlook Express, MIcrosoft Mail and whatnot. That too was Microsoft and not the “anti-vaccers” as you choose to deride those who took issue with Microsofts “turn” over the last few years.
LMN8R
3327
Microsoft started releasing everything as cumulative updates because of the patch quality issues. The fact that Windows was literally the only mainstream operating system in the world that still separated out every single patch into its own distinct entity is the entire reason why quality suffered for a while.
Creating such a massive test matrix made it practically impossible for Microsoft and every organization in the world to adequately test every single combination for instability or incompatibility issues.
Releasing everything as a single line of servicing in cumulative updates simplifies the entire process, for both Microsoft and for organizations.
And for organizations which don’t want any feature changes along with their security updates, that’s why LTSB and CBB were created - to enable a fully supported way to defer or disable feature updates and only get security updates, without entirely sacrificing the benefits from the cumulative update model.
As for GWX, there were fully supported and fully documented group policies and other ways for anyone to disable it. But again the naive “tech experts” out there instead recommended manipulating GWX in unsupported ways - by directly modifying registry keys, or deleting files, or whatever else - and when you disable features in unsupported ways, it tends to not stick, since Microsoft does not write code to persist settings manipulated in unsupported ways.
