Thoughts on Win10 update policy

How many problems are caused by updates and patches not having been
applied? How many unpatched holes are entered by criminals, identities
stolen and misery dumped on poor innocents?
Let's call this X.

How many problems are caused by inappropriately installed updates
(especially MS-supplied drivers)? How much misery in having to track
down the damage, uninstall and hide the update?
Call this Y.

Now then, assign real values to X and Y. Can we? Has research been done
on that?
My own guess is that X far outstrips Y; and it's with the non
computer-savvy, the innocent and trusting souls, the young and older
people. Everybody has computers; you can hardly lead a worthwhile life
without one these days.

There's the additional problem of scamming and phishing; and it's here
again that the innocents get caught. But MS have tackled that with
Security Centre.

And now they're tackling the X/Y problem.

Ed

In message , Ed Cryer
writes
How many problems are caused by updates and patches not having been
applied? How many unpatched holes are entered by criminals, identities
stolen and misery dumped on poor innocents?
Let's call this X.

How many problems are caused by inappropriately installed updates
(especially MS-supplied drivers)? How much misery in having to track
down the damage, uninstall and hide the update?
Call this Y.

Now then, assign real values to X and Y. Can we? Has research been done
on that?
My own guess is that X far outstrips Y; and it's with the non
computer-savvy, the innocent and trusting souls, the young and older
people. Everybody has computers; you can hardly lead a worthwhile life
without one these days.

There's the additional problem of scamming and phishing; and it's here
again that the innocents get caught. But MS have tackled that with
Security Centre.

And now they're tackling the X/Y problem.

Ed


My contention is that you are correct now, but in 5 or 6 years time you
may be a trusting soul with a dead HD or SSD.

You dig out the original Windows 10 DVD, or the image you took when the
machine was new.

You install it. Now there are maybe 250 essential updates. It might
become X/Y*250 and with the current policy you may not know what any of
the 250 updates do or which of them failed and blocked the random number
of others.

Yes the default should be to install automatically, but, based on my
experiences with Windows 7, I still need the ability to hide or defer
updates.
--
Bill

Ed Cryer wrote:

How many problems are caused by updates and patches not having been
applied? How many unpatched holes are entered by criminals, identities
stolen and misery dumped on poor innocents?
Let's call this X.

How many problems are caused by inappropriately installed updates
(especially MS-supplied drivers)? How much misery in having to track
down the damage, uninstall and hide the update?
Call this Y.

Now then, assign real values to X and Y. Can we? Has research been done
on that?
My own guess is that X far outstrips Y; and it's with the non
computer-savvy, the innocent and trusting souls, the young and older
people. Everybody has computers; you can hardly lead a worthwhile life
without one these days.

There's the additional problem of scamming and phishing; and it's here
again that the innocents get caught. But MS have tackled that with
Security Centre.

And now they're tackling the X/Y problem.

Ed

Only boobs install *drivers* delivered by Microsoft through Windows
Update. Drivers are often geared toward a family of products, so WU may
offer you a driver update tht is not appropriate for your particular
model and version. A driver maker may find they have a new bug, usually
reported by early adopters, so they withdraw that driver version, fix
it, and distribute a new version. With drivers at WU, it takes months
to get new versions distributed from there but much worse is that it
takes months to withraw a bad driver from there. Meanwhile users that
blindly install driver updates via WU end up with the buggy driver.
Also, the latest driver is not necessarily the best driver in your
particular hardware setup. Later drivers may remove compatibility with
older software (that you still use, and especially critical if it is
business software). This done a lot to add compatibility with new games
while dropping compatibility with old games (that you may still be
playing). "Latest and greatest" is an old sales mantra. Latest just
means new code with new bugs and perhaps reduced compatibility with your
particular setup. No one should ever install drivers via WU. If WU
says there is a new driver for your computer then you decide if you want
to risk your current stable setup and, if so, you get the driver from
the driver maker, not from Microsoft (unless it is their hardware you
are updating).

The scale of vulnerability is not an issue for a particular user. They
don't care if thousands of other hosts are vulnerable which may not
apply in their case. They are definitely more concerned with a new
driver that prevents Windows from even loading. Yes, them not being to
boot Windows definitely prevents them from being vulnerable but then
they don't to use that hardware and software that they paid for.

You had an old game that was running just fine. Your business software
is working. Then Microsoft shoves an update, especially a driver
update, onto your host and now that old game crashes, there are problems
in your business software that impacts your operations, or you can't
even get Windows to load. Remember that while you don't own the
Microsoft software that you do own the license to it. The computer
hardware is also your property. How would you like the car dealer to
show up and repaint your car to chartreuse or puce without your
permission just because car theives may not steal as much those colors
of cars? How would you like the tires automatically removed from your
car because, oops, the wrong directive was issued so now you can't use
your car?

Users that install and maintain their own computers have doled the
responsibility of administrator to themselves. They can, at their
choice, dole that responsibility to someone else, like hiring support or
granting someone else permission, to change the state of the computer
whenever they want; however, in those situations, the owner still have
control over what changes are made because, well, it's their property.
The issue is Microsoft overstepping their authority as to what they can
do on YOUR computer.

Ever see the "Nineteen Eighty-Four" (spelled out, not numeralized) with
John Hurt where, oh yes, the gov't knows best what is best for you and
will do everything they command? This is Microsoft's attitude toward
your property. Oh, by the way, in the movie, John Hurt lost. So will
the Windows 10 users unless Microsoft decides proliferating of their
lurking subscriptionware is hurt by their [lack of] choice of update
modes.

With Windows 10, there is a whole bunch of new code with new
vulnerabilities. So, if vulnerability was truly an issue with you, then
you would stick with an older OS that has the security updates and
employs 3rd party security software to protect your investment.
Sticking with an old OS that you have secured is safer than going to a
whole new OS and waiting for Microsoft (or others) to discover its
vulnerabilities and then wait for Microsoft to plug those holes.

VanguardLH wrote:
Ed Cryer wrote:

How many problems are caused by updates and patches not having been
applied? How many unpatched holes are entered by criminals, identities
stolen and misery dumped on poor innocents?
Let's call this X.

How many problems are caused by inappropriately installed updates
(especially MS-supplied drivers)? How much misery in having to track
down the damage, uninstall and hide the update?
Call this Y.

Now then, assign real values to X and Y. Can we? Has research been done
on that?
My own guess is that X far outstrips Y; and it's with the non
computer-savvy, the innocent and trusting souls, the young and older
people. Everybody has computers; you can hardly lead a worthwhile life
without one these days.

There's the additional problem of scamming and phishing; and it's here
again that the innocents get caught. But MS have tackled that with
Security Centre.

And now they're tackling the X/Y problem.

Ed

Only boobs install *drivers* delivered by Microsoft through Windows
Update. Drivers are often geared toward a family of products, so WU may
offer you a driver update tht is not appropriate for your particular
model and version. A driver maker may find they have a new bug, usually
reported by early adopters, so they withdraw that driver version, fix
it, and distribute a new version. With drivers at WU, it takes months
to get new versions distributed from there but much worse is that it
takes months to withraw a bad driver from there. Meanwhile users that
blindly install driver updates via WU end up with the buggy driver.
Also, the latest driver is not necessarily the best driver in your
particular hardware setup. Later drivers may remove compatibility with
older software (that you still use, and especially critical if it is
business software). This done a lot to add compatibility with new games
while dropping compatibility with old games (that you may still be
playing). "Latest and greatest" is an old sales mantra. Latest just
means new code with new bugs and perhaps reduced compatibility with your
particular setup. No one should ever install drivers via WU. If WU
says there is a new driver for your computer then you decide if you want
to risk your current stable setup and, if so, you get the driver from
the driver maker, not from Microsoft (unless it is their hardware you
are updating).

The scale of vulnerability is not an issue for a particular user. They
don't care if thousands of other hosts are vulnerable which may not
apply in their case. They are definitely more concerned with a new
driver that prevents Windows from even loading. Yes, them not being to
boot Windows definitely prevents them from being vulnerable but then
they don't to use that hardware and software that they paid for.

You had an old game that was running just fine. Your business software
is working. Then Microsoft shoves an update, especially a driver
update, onto your host and now that old game crashes, there are problems
in your business software that impacts your operations, or you can't
even get Windows to load. Remember that while you don't own the
Microsoft software that you do own the license to it. The computer
hardware is also your property. How would you like the car dealer to
show up and repaint your car to chartreuse or puce without your
permission just because car theives may not steal as much those colors
of cars? How would you like the tires automatically removed from your
car because, oops, the wrong directive was issued so now you can't use
your car?

Users that install and maintain their own computers have doled the
responsibility of administrator to themselves. They can, at their
choice, dole that responsibility to someone else, like hiring support or
granting someone else permission, to change the state of the computer
whenever they want; however, in those situations, the owner still have
control over what changes are made because, well, it's their property.
The issue is Microsoft overstepping their authority as to what they can
do on YOUR computer.

Ever see the "Nineteen Eighty-Four" (spelled out, not numeralized) with
John Hurt where, oh yes, the gov't knows best what is best for you and
will do everything they command? This is Microsoft's attitude toward
your property. Oh, by the way, in the movie, John Hurt lost. So will
the Windows 10 users unless Microsoft decides proliferating of their
lurking subscriptionware is hurt by their [lack of] choice of update
modes.

With Windows 10, there is a whole bunch of new code with new
vulnerabilities. So, if vulnerability was truly an issue with you, then
you would stick with an older OS that has the security updates and
employs 3rd party security software to protect your investment.
Sticking with an old OS that you have secured is safer than going to a
whole new OS and waiting for Microsoft (or others) to discover its
vulnerabilities and then wait for Microsoft to plug those holes.


Well, whatever the true cause of the Win10 update policy it seems that
MS have created a lucrative opportunity for a sellers' market in "update
vetting" just as they did for Start buttons with Win8.

Somebody could jump in there prontissimo and harvest a fortune.
I guess the easiest would be a hack; take the update code from Win8.1
and graft it on.
Whether or not that would be legal, I don't know. I doubt it.

Alternatively a good systems programmer could write his own from
scratch, and sell that. I'm not sure about the legality here either, but
I guess things like StartX suggest that it would be ok.

Windows is getting more and more dumbed-down. OK, so that helps the many
Joe Soaps, but it aint too nice for us "experts".

Ed