We haven’t seen any testing of cumulative nonsecurity patches or of bundled security and nonsecurity patches, but the pattern’s starting to come into focus.
The problem, of course, is that many individuals and organizations don’t trust the “install all of Microsoft’s patches” approach. Hard to blame them -- the Get Windows 10 lessons run deep, and many dislike and distrust Microsoft’s enhanced telemetry capabilities, which they equate with snooping.
The following simple approach to patching Windows 7 and 8.1, starting in October, is directed at individuals, but admins may find the demarcation helpful, too.
Win7/8.1 users fall into one of two camps: Those who trust Microsoft’s updates and those that only want security patches. Let’s call them Group A and Group B, respectively:
- Group A are willing to take all of Microsoft’s new telemetry systems, along with potentially useful nonsecurity updates.
- Group B doesn’t want any more snooping than absolutely necessary, and they don’t care about improvements like daylight saving time zone changes, but want to keep applying security patches.
A third group, Group W, doesn’t want anything from Microsoft -- no patches, no security updates, nada. I don’t recommend that you sit on the Group W bench, but it can be understood given changes Microsoft has made to Win7 and 8.1 machines, without our permission, in the past.
For Group A, patching is much easier: Set it once and forget it, unless there’s a big bug. For Group B, the snooping should be less -- but there’s no guarantee -- and the patching method is entirely manual. You can move from Group B to Group A, but as far as I can tell there’s no way to move from Group A to Group B without completely reinstalling Win7 or 8.1.
Microsoft has a history of mixing security and nonsecurity patches in arbitrary ways. That’s going to trip users and admins up alike if it continues to release buggy security updates, then fix the security update bugs in nonsecurity updates (see, for example, KB 3179573 in August and KB 3172605 in July). For now, let’s assume Microsoft will fix Security-only Update bugs with Security-only Update patches. If they don’t, we’re going be in a world of hurt.
How to prepare for the patchocalypse
Starting with October Patch Tuesday patches, there are two very different approaches to patching Win 7 and 8.1 machines, and you need to choose sides. The details aren’t entirely known -- and are bound to change -- but in broad strokes, here’s what you need to do.
Step 1. Choose between Group A and Group B.
Choosing sides isn’t as simple as asking, “Do I trust Microsoft?” You have to ask yourself whether the additional hassle of manually installing security patches is worth keeping Microsoft’s new snooping routines off your machine. You also have to ask whether the benefits of the new nonsecurity patches (in recent months we’ve seen improvements to Disk Cleanup, various bug fixes, time zone changes, performance improvements in odd scenarios, and several others) are worth the added exposure to Microsoft’s data gathering activities (about which we have no details).
Sign up for CIO Asia eNewsletters.