Information Security, Microsoft, Operating Systems, Organisations, Top News, Vulnerability, Windows, Windows 10

Windows 10 updates under fire from unhappy security admins

Windows 10 is finally within spitting distance of being the most popular version of Microsoft’s OS, and yet at this moment of apparent triumph, some security professionals are not satisfied.

The evidence emerges in a survey of admins by the patchmanagement.org listserv, which uncovered a rich seam of unhappiness at the state of recent Windows updates, especially for Windows 10.

In her open letter to Microsoft, patchmanagement.org moderator and Microsoft Most Valuable Professional (MVP) Susan Bradley, doesn’t sugar coat it:

The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don’t install updates and leave machines subject to attack.

Bradley points to glitches with July’s updates after which products failed, particularly in the aftermath of the Security and Quality Rollup updates for .NET Framework. As she notes:

In the month of July 2018 alone there are 47 knowledge base bulletins with known issues.

Forty-seven bulletins with issues sounds like a lot. Asking users of patchmanagement.org to rate how satisfied they were with quality of Windows 10 updates, 64% said they were either ‘not satisfied’ of ‘very much not satisfied’.

The feature updates that have become a defining part of the Windows 10 strategy come in for particular flak, both in terms of their overall business benefit and unhelpful regularity.

In Bradley’s view, the fault lies with the Windows 10 Insider Program, the channel through which developers and enthusiasts test new versions to spot problems before software is let loose on everyone else.

This compared badly with the Security Update Validation Program used to test older versions of Windows from 2005 onwards, she said.

Adding to the woe, communication was poor after the patches required to mitigate the effects of January’s Meltdown and Spectre CPU vulnerabilities.

This was an informal survey from a possibly self-selecting group of respondents, so let’s proceed with that caveat in mind. Assuming the survey is an accurate reflection of the attitude of at least some security professionals – what, if anything, might be going wrong?

One possibility is that three years after launch, Microsoft is starting to struggle with Windows 10’s more complex patching, updating and testing schedule.

Clearly, the days where Microsoft could just post updates and a grateful user base would download them are over.

Or perhaps it’s more frightening than that and it’s not that Microsoft isn’t doing a good job but that nobody could – updating an operating system smoothly across hundreds of millions of computers has become too complex. You will never satisfy everyone and the people who are dissatisfied are likely to seek out others of their kind.

In the nick of time, Microsoft is reportedly looking to launch a Windows desktop-as-a-service called Microsoft Managed Desktop (MMD), under which the company will manage the whole Windows installation, including updating, for a fee.

It’s possible that this might one day be offered to consumers which would mean that Windows will have come full circle.

In the old days, users installed Windows on their computers from diskettes. As the years passed, Microsoft started helping them out with security and feature updates across the internet, which now include major feature upgrades too. Spot the pattern? The logical end is Microsoft does it all and Windows becomes the service that Microsoft perhaps secretly wants it to be anyway.

If this happens we will have reached the moment when everyone accepts that full-service operating systems such as Windows have become too tricky for ordinary mortals to look after.

Some might raise their glass to salute the irony of this – for Windows at least, the computer will have stopped being truly personal.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Leave a Reply

Send this to a friend