Page 1 of 3 123 LastLast
Results 1 to 15 of 31
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    375
    Thanks
    1
    Thanked 29 Times in 24 Posts



    WOODY'S WINDOWS

    New Year resolution: banish automatic updates


    By Woody Leonhard

    The usual year-end dearth of technology news seems to bring out poorly considered stories — even from well-know sites.

    Case in point: I ran across an article — published by a site that should know better — extolling the virtues of "software's auto-update era," most notably Microsoft's automatic patch update system. I couldn't more strongly disagree.

    The full text of this column is posted at WindowsSecrets.com/2011/01/06/06 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Tracey Capen; 2011-02-16 at 14:06.

  2. #2
    New Lounger
    Join Date
    Feb 2004
    Location
    Hertfordshire, England
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    With millions of PCs around the world infected with bad stuff largely because they are not updated, I think this article sends the wrong message. Yes, there are bad updates, but considering the total number, they are very few. Of course, no business user should simply accept MS updates without a proper change control and QA process - that goes without saying. And for savvy users such as Windows Secrets readers, they have probably long since set AU to "Download and notify", and that's why they read Windows Secrets - to get early warning of any problems before they install. But for all other users, in particular, non-technical home users, we really shouldn't be giving them any hint of an excuse not to keep their systems fully patched. Zero-day exploits are now almost the norm.

    Regards - Philip

  3. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,518
    Thanks
    152
    Thanked 1,397 Times in 1,220 Posts
    I guess the point of the article is not to stop patching, but to stop patching automatically. The advice given is to patch only after getting info from several sources (identified in the article) that the patches are safe. I guess there is bit of histrionics in it, but there is no advice not to patch.

    I have my systems configured to notify when there are patches and I apply them myself. With so many millions of Windows users, it's more or less bound to happen that some patches are problematic. Windows with no patches doesn't work for some users in some situations, so it's not surprising that some patches cause issues with some systems.
    Even with notify, I usually do not wait for Windows Secrets. Lucky or not, I have never had to uninstall Windows patches in all the years they exist (and I have 5 PCs, at the moment, running XP, Vista and Windows 7). So, as always, read and decide what's best for you, with the clear understanding that not patching can be actually very dangerous, but waiting a couple days for feedback on patches may not be that bad.

    Regards

    Rui
    Rui
    -------
    R4

  4. #4
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Sacramento, CA, USA
    Posts
    116
    Thanks
    7
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by Rui Ribeiro View Post
    I usually do not wait for Windows Secrets. Lucky or not, I have never had to uninstall Windows patches in all the years they exist (and I have 5 PCs, at the moment, running XP, Vista and Windows 7).
    I agree with this. I think Woody's no-auto-patch doctrine for Windows is just too extreme, even for experienced users. Like the above poster, I've used auto-patch for years with no problems. It's convenient and over all those years has saved me lots of time compared to researching each patch to make sure it's problem-free, then manually applying it. Should a patch screw up, I have an image backup of C: no more than a week old.

  5. #5
    New Lounger
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When I upgraded to Windows 7 I decided to act like less of a geek and more like your average user and let Windows update run automatically. We run three computers in our house and I can say that I've never had a problem surface due to an update. I appreciate Woody's point of view but don't feel that his point need be made by casting aspersions on those who use the automatic option. Having used computers since my first '286' I feel that computers are finally getting closer to refrigerators in the amount of daily care they need, and that's a good thing. Automatic updates are part of this progress.

    I wonder what Fred Langa would have to say about this.

    Jim

  6. #6
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    I have followed Ask/woody for many years, and his advice is usually timely and accurate. Several times, if I had not waited until he gave the all-clear, I could have had some serious issues with my Windows XP laptop. My newer, Windows 7 laptop is not as fussy, partly because I loaded up the XP machine with security software, and I have kept my Windows 7 machine limited to Microsoft Security Essentials and the Windows 7 Firewall.

    Conflicts with third-party software are difficult to predict until MS patches are out in the wild for a few days, or even a couple of weeks. Sometimes the howls and screams happen after third-party applications are updated, not when MS releases its updates. With so many variables running around, it is useful to wait for expert advice before applying any patches. For third-party applications, we don't have the equivalent of Woody Leonhard, Susan Bradley and others here at Windows Secrets. But if my third-party application fails, I usually can still run Windows and one or another of my browsers. If Windows or Internet Explorer fails, I may be out of luck or at the mercy of Microsoft Tech Support.

    I have had Windows XP patching issues and security program conflicts which have completely bricked my Windows XP laptop on several occasions. And Microsoft Support messed around with my Networking settings so badly that I had to reinstall the Client for Microsoft Networks. This happened when MS Tech Support was trying to fix a botched Microsoft Windows Critical Security Patch for Windows XP. They even said I would have to flash my BIOS (on a six year old laptop!) and update my motherboard drivers! So much for Microsoft tech support! (By the way, there are no BIOS updates for obsolete WinBook laptops, and MS tech support din not even know that!)

    My point is, even with warnings and ears to the ground, sometimes a Microsoft Patch causes a bad reaction in a specific computer, especially heavily patched older models. But with the advice of Woody Leonhard and Susan Bradley and others, some of these disasters can be avoided. Sure, not all patches cause problems on all computers, but if you are the one-in-a-million who gets the Blue Screen of Death, this is small comfort as you go through the often incompetent Microsoft Support process. Finally, you will probably end up reinstalling Windows and sending the offending patch (if it can be identified) to "Hide Forever" status. Follow AskWoody.com, and you can often avoid all that hassle.

    And remember, even though the odds of one MS patch messing up one computer being very low, with thousands of Windows XP patches over the years, applied to hundreds of millions of computers, something, somewhere is certain to go horribly wrong. I can personally attest to that.

    Thanks, Woody, for all the warnings which have saved my bacon over the years. Keep up the good work.

    One last thing -- I have never been harmed by NOT applying a MS patch as soon as it came out. Woody tells us when a patch MUST be applied right away, and this is rare. So he does not have us wait on ALL MS parches -- only the ones for which there are no known immediate threats, which usually means all the current patches. The sky is not falling every Second Tuesday -- there is time to wait and see who screams. Taking everything Microsoft throws at us as soon as it is offered is about as sensible as flashing my BIOS every week when Toshiba sends me an "urgent alert" e-mail that they have yet another BIOS tweak available. The risk of updating is actually greater than the risk of staying put. At least for awhile.
    -- Bob Primak --

  7. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Texas,USA
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Mr. Leonhard states, "I recommend that you set Windows to Notify but don't download, using these steps:..."

    I would respectfully have to disagree with Mr. Leonhard's recommendation. According to Microsoft's own information:

    "If you turn on the Update Services, in order for them to properly function some software components on your system that make up or are directly related to the Update Services will need to be updated from time to time. These updates must be performed before the service can check for, download, or install other updates. These required updates fix errors, provide ongoing improvements, and maintain compatibility with the Microsoft servers that support the service. If the Update Services are turned off, you will not receive these updates.

    "Update Services are "turned on" if you choose one of the following settings: (i) install updates automatically, (ii) download updates automatically and choose whether to install them, or (iii) receive notifications about updates and choose whether to download and install them. Windows Update service is "turned on" and set to "install updates automatically" when you choose the recommended option during Windows Out Of Box Experience (OOBE) setup.

    "If you turn on the Update Services, regardless of which "turned on" setting you have chosen, required updates to some components of the service will be downloaded and installed automatically without further notice to you. If you would prefer not to receive required updates, turn off the Update Services."

    Source: http://update.microsoft.com/windowsu....aspx?ln=en-us (See paragraph labeled: Required Updates)

    If memory serves me correctly, sometime in 2007 or 2008 Microsoft began using what many have called "stealth updates". Even if a user selected "Download updates but let me choose whether to install them" or "Check for updates but let me choose whether to download and install them", updates would still be installed without any other user input. Microsoft did this to facilitate updating Windows Update itself. Users found out that this practice interfered with automatic backups, etc because computers would re-boot in the middle of a task without any warnings. If this is still the case, and I believe it is, then the only safe option for Updates is to select "Never check for updates (not recommended)". The user would then have to remember to manually check for updates on a regular basis.

  8. #8
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    966
    Thanks
    19
    Thanked 4 Times in 4 Posts
    Personally, I've never had a problem where I had to uninstall an MS patch. I use the download and notify option but that is just so that I can install the patches when it is convenient for me since they often require a reboot.

    But here's a tip that I have never seen anyone here or elsewhere write about:

    Even IF you use the automatic update functionality, you STILL SHOULD CHECK the Windows update site yourself on an occasional basis. It appears that auto update ONLY presents updates categorized as high priority. Other updates in the Software & Hardware sections do not get presented through auto updates!

    Here is the output from a manual Windows Update scan that I just ran. You can see that there are 6 optional software patches that I could choose to install that were not presented to me by auto update. One or more of these patches might be important to you.



  9. #9
    2 Star Lounger NTLS's Avatar
    Join Date
    Mar 2010
    Location
    Great LAND of TEXAS
    Posts
    122
    Thanks
    3
    Thanked 4 Times in 3 Posts
    One point that seems to be neglected in all of these opinions . . . leave your system on over night and the auto update can run when you are not on nor using your system. Any automatic reboot that is required can be done over night. You will be made aware of the updates by the requirement of you to login again. This has occurred for me since I have been leaving mine on over night. I am using the AutoUpdate and install as recommended, my system is W7 64.
    TIA, CU L8R,
    NTxLS Win7 Pro 64bit SP1; FireFox v49.x, all with the latest updates

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Houston, Texas, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have owned a computer store in Houston since 1983. I strongly disagree with turning off Automatic Updates for Windows. We build a lot of systems for customers. It is an extremely rare that a Microsoft Update has ever caused any of my customers any problems. Believe me, if they have a problem they come back to us as the ones who built their system.

    In my experience, more problems are caused by the customer who takes home his system and never updates his Windows, his anti-spy programs or virtually any program. They come in with IE6 still on their system and infected something terrible. I deal with hundreds of my customers personally every month/year. I really get on them when I find they haven't been doing their updates and I tell them all updates, optional and recommended with the only exception being hardware updates. I tell them to never do the hardware updates..."if it ain't broke, don't fix it". Video drivers need updating frequently, especially for game players, but the place to get them is from the manufacturer, not Microsoft.

  11. #11
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 644 Times in 4 Posts
    Quote Originally Posted by pleriche View Post
    With millions of PCs around the world infected with bad stuff largely because they are not updated, I think this article sends the wrong message.
    @Philip -

    Sorry, I don't agree. Microsoft's research shows that most PCs are infected via social engineering. There are plenty of 0days running around, too.

    It's very unusual that people get infected because they wait a week or two to install updates. As soon as Metasploit and the like make an infection vector easy to use, I recommend that people patch. No reason to patch before then.
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  12. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Ottawa, Ontario, Canada
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Woody is "not overly concerned about automatic updates to Microsoft Security Essentials". Until about a month ago I was not either, but since then I have been plagued first by long download times during which everthing else was locked up, and in the last week when the lock ups became hard freezes which required power-off/reset and reboot to recover from, only to occur soon again. Yesterday I could not get rid of the lock ups so I uninstalled MSE and have been problem free since then. I would be interested in any comments Woody has about experience with the release of version "2.0.657.0 Final" of MSE on December 16, 2000. There is some indication on the Internet of lock ups, freezes and "not responding"s associated with this release.

    On the more general topic of whether one agrees with Woody, it's unfortunate that his article's title is "Banish Automatic Updates", whereas the content of the article indicates that the title should have been "Banish Automatically Installed Updates". I certainly suffered from not knowing about the dangers of automatic installation of updates when, for example, I let Microsoft automatically install updates to the various .NET Framework programs.

  13. #13
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 644 Times in 4 Posts
    Quote Originally Posted by Ralph Finch View Post
    I agree with this. I think Woody's no-auto-patch doctrine for Windows is just too extreme, even for experienced users. Like the above poster, I've used auto-patch for years with no problems. It's convenient and over all those years has saved me lots of time compared to researching each patch to make sure it's problem-free, then manually applying it.
    @Ralph -

    That's exactly why I developed the MS-DEFCON system. Check out the AskWoodysite.
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  14. #14
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 644 Times in 4 Posts
    Quote Originally Posted by Donald Pounder View Post
    I would be interested in any comments Woody has about experience with the release of version "2.0.657.0 Final" of MSE on December 16, 2000. There is some indication on the Internet of lock ups, freezes and "not responding"s associated with this release.
    @Donald -

    I hadn't heard about it. OUCH. Lemme see if I can find somebody who can shed some light....
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  15. #15
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 644 Times in 4 Posts
    Quote Originally Posted by Gary Richardson View Post
    In my experience, more problems are caused by the customer who takes home his system and never updates his Windows, his anti-spy programs or virtually any program. They come in with IE6 still on their system and infected something terrible. I deal with hundreds of my customers personally every month/year. I really get on them when I find they haven't been doing their updates and I tell them all updates, optional and recommended with the only exception being hardware updates. I tell them to never do the hardware updates..."if it ain't broke, don't fix it". Video drivers need updating frequently, especially for game players, but the place to get them is from the manufacturer, not Microsoft.
    @Gary -

    Agree on all points. If the user isn't savvy or concerned enough to watch after updates, they need to have Automatic Update turned on. But if they're smart enough to change their oil, they should be able to figure out that they need to keep their PC protected, too.

    I'm VERY glad that Microsoft Security Essentials updates itself.
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •