I’ve been covering Microsoft’s updates and patches for over 20 years and most recently here at WindowITPro. I have a unique perspective as I was one of the team members that originally put together and wrote up the strategy behind Patch Tuesday – based on the Trustworthy Computing initiative. So, when I talk patches, it comes from a strong baseline.
Knowing what I knew about Microsoft and its patches, just a little over a year ago I said this…
So, it seems, the time has come. Microsoft recently announced that it would start including Windows 7/8.1 into the same CU release strategy it uses for Windows 10 for Windows 7/8.1. So, essentially, customers are being given a single option – install or else. As we’ve seen with Windows 10’s recent woes where updates have caused PCs to bluescreen, systems to freeze, and webcams to stop working, the potential for issues unique to Windows 7/8.1 increase every Patch Tuesday.
One would think that thousands of Windows Insiders would catch problems like those exhibited in the last several weeks. But, either Microsoft is ignoring the reported problems in an effort to try and hit deadlines, or the Insider program just isn’t working. Most Insiders I know run the beta builds on separate equipment, not on production machines – so, essentially the bulk of Insiders have an environment setup that looks much like Microsoft’s. So, it’s possible this could be part of the reason why issues aren’t surfacing during testing. This is also an indication that all the telemetry in the world is useless if everyone is on the exact same baseline.
I’ll say it again…Microsoft needs to take a step back and fix its internal patch development and testing processes. It should have done it before Windows 10 was released and the patching strategy changed. Now, it’ll only be more painful, but it still has to be done. And, also again…a single CU to patch all issues, both security and non-security, would make the IT Pros life so much easier. But, customers have to be able to trust what Microsoft provides. I don’t think Microsoft needs to create something new here, just get back to what worked in the first place. I’m not saying the company needs to scrap its CU strategy, just that it needs to apply the original Trustworthy Computing model against this modern scenario. Applying the original definition for Trustworthy Computing means that computing systems are inherently secure, available, and reliable. When customers stop patching, they are not secure. When patches break things, systems are neither available nor are they reliable.
For those that don’t know I run a cozy little conference annually called IT/Dev Connections. IT/Dev Connections is a unique event in there’s ZERO marketing and ZERO fluff, but all valuable, technical learning – and the topics presented are all timely and on-target. This year one of the Birds of a Feather sessions is called ‘Microsoft set to change Windows patching in a disastrous way’ – discuss! and is set to provide valuable insight and rock-solid instruction for working in this new world of patching strategy. Susan Bradley – known as the patching maven in most security circles – is one of the moderators. That alone means there’ll be some extremely valuable information exposed.
This session will not be recorded like our general sessions, but we will be providing coverage here on WindowsITPro about what is discussed. I’m sure the session will go through the normal Shock/Denial/Anger/Acceptance process and I’m positive it will be a good one.
If you’re attending IT/Dev Connections 2016 already, add this to your schedule. If you’re not attending, you should. IT/Dev Connections is about the only conference left that doesn’t cater to keynotes and driven by program managers and celebrities. The more people we can get into that BOF session room, the richer the results. I’m already expecting to extend the session into a Part 2 during our Thursday BOF timeslot.
IT/Dev Connections 2016 runs from October 10-13 at the ARIA resort in Las Vegas. Check it out here: http://www.itdevconnections.com