back to article Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday

Microsoft has shown off some of the new security mechanisms embedded in Windows 10, and revealed a change to its software updates. Windows supremo Terry Myerson reckons the revised security patch rollout – effectively ditching the monthly Patch Tuesday – will shame Google. "Google takes no responsibility to update customer …

Anonymous Coward
Anonymous Coward

Ironically, it was Google who challenged patch Tuesday.

Anonymous Coward
Anonymous Coward

"Advanced Threat Analytics"

Well, the "Basic Threat Analytics" detector would've gone ape-shit when pointed in the direction of any Microsoft software product, so is this just better use of grep to filter out the obvious positives?

John Sanders
Holmes

Re: "Advanced Threat Analytics"

"""ATA constantly scrutinizes your office network, and uses basic machine learning techniques to identify suspicious behavior by devices and users, and raise the alarm if necessary."""

Lets translate:

ATA is yet another service (YASATA!) that will check your AD registered computers against an internal list of ideal configurations and file versions, once it finds a computer which doesn't conform to this it will take corrective measures to bring the computer back into compliance.

As there is not such a thing as "basic machine learning" (one wonders why they wouldn't use the advanced one) what the software does is a more or less clever pattern building and matching, bear in mind no complicated stuff, just techniques like what kids in the 90's were doing in self-made videogames and demos in the late 90's

It is quite funny that MS can not write its own security software and prefers to buy it from a third external party (a young start-up).

If only MS had a deep understanding of their own OS and access to the source code...

Anonymous Coward
Anonymous Coward

Re: "Advanced Threat Analytics"

Sure can you name one of the major players that don't buy in 3rd party companies for their talent?

FozzyBear
Silver badge

Microsoft taking a swipe at another company

for lax security, software bugs and poor track record in fixing them.

Well they should know, they've been doing it for decades

Ilsa Loving

Re: Microsoft taking a swipe at another company

To be fair, Microsot may have learned the hard way, but at least they learned.

What galls me is that despite Microsoft providing such a fantastic example of what happens when you put security second, instead of taking a 'learning from someone elses mistakes' mentality, it seems the likes of Google and Apple prefer to just stick their fingers in their ears while chanting, "Lalalala won't happen to us!".

Google in particular, has become the new darling of security nightmares. The only thing preventing Apple from being in quite the same boat is the fact that they are uber-control freaks, with has the useful side-effect of limiting their attack surface.

DasBub

Re: Microsoft taking a swipe at another company

"Google in particular, has become the new darling of security nightmares. The only thing preventing Apple from being in quite the same boat is the fact that they are uber-control freaks, with has the useful side-effect of limiting their attack surface."

You must be joking.

big_D
Silver badge

Re: Microsoft taking a swipe at another company

@DasBub not really, my 2002 Windows XP machine stopped getting updates last year, my current machines will get updates going into the next decade.

My Android smartphone? 2.5 years old and not even security updates within the last year! Patches for well known security exploits for unpatched Android 4.3? Forget it. Although, I suppose I should consider myself lucky that Samsung at least upgraded it from 4.1 to 4.3.

This isn't purely Google's fault, but it is their ecosystem and they don't seem to be doing anything about keeping their customers patched. The hardware has been delivered, live with the defects or buy a newer device...

To be honest, I prefer the Microsoft attitude.

returnmyjedi

Re: Microsoft taking a swipe at another company

You're not exactly comparing like for like. A better comparison would be Android with Windows Phone 7 which Microsoft abandoned 3 and a bit years after its launch.

petur
FAIL

Re: Microsoft taking a swipe at another company

My 2002 Microsoft CE PDA never had a security update.

Apples, oranges.

Stuart Castle

Re: Microsoft taking a swipe at another company

Judge Microsoft by what they are doing now, not what they have done. If you judge them by their past, it makes you look bitter, and also slightly stupid when Microsoft consistently does well in security tests now.

Remember, back in the dark old days of XP SP1, Microsoft regularly got their Ass handed to them security wise by the hackers. So much so that they spent a lot of money on their "Trusted Computing" initiative and substantially changed Windows XP with the release of SP2. They also (apparently) deleted a lot of the Vista source code and rewrote it using the recommendations of the Trusted Computing initiative, which is why Vista was late, and delivered a fraction of what they had promised. One major (but actually relatively simple) switch made was to ensure that the Server version shipped with virtually everything disabled, thereby ensuring the sys admin is required to enable the services he or she requires from the machine. This even extended to limiting what the browser could display.

Sure, Windows, along with any reasonably sized to large sized software product has bugs. Some of which are serious, but the security on Windows has been hardened. This is why the hackers are increasingly going for other software such as Java and the various Adobe plugins. When Sun and Adobe get their act together security wise, hackers will move on elsewhere.

BTW, I am not a Microsoft fanboi. Not by a long chalk. I am not a fanboi of any particular platform. I believe in using the "tools for the job". If a platform fits my needs, I'll use it, be it Linux, OSX or Windows.

big_D
Silver badge

Re: Microsoft taking a swipe at another company

@returnmyjedi I'm comparing like for like... Both are operating systems that are connected to the Internet. I don't care that one runs on a smartphone and tablets and the other runs on tablets and PCs, they are both connected to the Internet, so both need long term security.

Yes, the Windows Phone 7 is a blight on Microsoft in this regard.

Tech Hippy

Re: Microsoft taking a swipe at another company

"This isn't purely Google's fault, but it is their ecosystem and they don't seem to be doing anything about keeping their customers patched."

Moving core functionality to Play Services and apps to the Play Store (Gmail, Maps, Calendar, etc), early release of Lollipop previews to OEMs - i.e. everything they can in the face of OEM and carrier reluctance to provide timely updates.

cambsukguy

Re: Microsoft taking a swipe at another company

> Yes, the Windows Phone 7 is a blight on Microsoft in this regard.

I would be interested to know how one could 'attack' a WP7 device in any case?

Apps are sandboxed and can only be installed from the Store (called Marketplace if I recall correctly).

The browser? What can a rogue web page do via the IE on WP7. I assume it could conceivably crash the phone.

Can anything other than an App access call info or OneDrive files?

I only ask 'cause my sprog has my old one (still running well, still indestructible, still lasts all day no problem).

Bloakey1

Re: Microsoft taking a swipe at another company

<Snip>

"BTW, I am not a Microsoft fanboi. Not by a long chalk. I am not a fanboi of any particular platform. I believe in using the "tools for the job". If a platform fits my needs, I'll use it, be it Linux, OSX or Windows."

Dear sir,

We have examined your post and found it to be balanced and reasonable and subsequently it has no place in a religious OS war. Please present yourself at an OS place of worship near to you, where you will be burnt at the stake as a heretic and non believer.

big_D
Silver badge

Re: Microsoft taking a swipe at another company

There are probably ways to exploit WP7 and the browser, but with such a small market now, would anyone bother?

My daughter is still using her WP7 Lumia, although she is looking for something newer - she would take an iPhone 6, but isn't willing to splash out nearly a grand on it.

I currently have a WP8 Lumia and am very happy with it - and it has had numerous updates over the last year, both new OS versions and updates.

Afernie

Re: Microsoft taking a swipe at another company

"My 2002 Microsoft CE PDA never had a security update."

But then, your WinCE PDA wasn't connected 24/7 with a third-party apps store, nor did it have web browser that you could use for anything faintly modern. To say nothing of the fact that that was 12-13 years ago and this is now. Apples, oranges indeed.

Tom 13

Re: not exactly comparing like for like

At least once a week we get a story here on El Reg about desktops losing market share to tablets, phones, and phablets. I'd say it is grapes to grapes, not Apples to PCs.

dc_m

Re: Microsoft taking a swipe at another company

come to think of it, I don't think My Dell Axxim did either, mobile 5 as far as I remember!

DrBobMatthews

Re: Microsoft taking a swipe at another company

The only thing that Microsoft has learned is advanced marketing for spivs. Why is it that IE has been a total security failure for the lasy 8 upgrades. Could it be that Microsoft has "invested" more in marketing than software engineers? Answer on an email not via IE9.

DrBobMatthews

Re: Microsoft taking a swipe at another company

No judge them by their present arrogant attitude to their existing client base. Then if you have any sense dump them.

Dazed and Confused
Silver badge
Angel

Wow

Microsoft are announcing that they are trying to get to where Red Hat were in about 1998.

Are we supposed to be impressed?

Ole Juul
Silver badge

Re: Wow

Are we supposed to be impressed?

Well, I'm impressed . . . . . but my view of MS wasn't very high to begin with. :)

Jamie Jones
Silver badge
Devil

Re: Wow

Microsoft are announcing that they are trying to get to where Red Hat were in about 1998.

Are we supposed to be impressed?

Blimey, RedHat didn't have that until as late as 1998?

Are we supposed to be impressed?

This post has been deleted by its author

Rusty 1

Everyday is patch day: http://xkcd.com/1514/

Jagged

Just as long as they don't adopt the Skype "Updating your experience" BS *waves fist*

Bloakey1

"With Windows 10, every day can be a patch Tuesday!"

Every 'day' can be a day and night of gut wrenching terror and fear of a knock on effect on other software etc.

I fwightened <sic>.

Faceless Man

Remember when...

...Microsoft introduced "Patch Tuesday" to put an end to the constant stream of updates and releases, and allow you to plan properly for configuration management purposes?

Everything old is new again...

This post has been deleted by its author

Steve Knox
Silver badge

Re: Remember when...

Unfortunately, though, most free and open source OSs don't have a regular release cycle or sensible system for releasing patches either.

Picking a few at random, and searching:

Fedora:

Release Cycle / Patch Management

Ubuntu:

Release Cycle / Patch Management

Debian:

Release Cycle / Patch Management

FreeBSD: Release Cycle / Patch Management

So which "most free and open source OSs" are you talking about, specifically?

big_D
Silver badge

Re: Remember when...

With WSUS and Enterprise, you can plan the updates as you do now - the article specifically says that corporates will get their updates monthly, as now, but private machines will get updates as needed.

The corporate tools also allow for the separate testing and staggered release of patches, nothing here will change.

For private machines, the update cycle will be faster - but generally those machines are also not as well protected as corporate machines. They probably don't have much in the way of AV software - probably a 3 month trial of McAfee that ran out 3 years ago, they are probably, at best, behind a compromisable home router and the average user has no idea about the dangers.

On SUSE, I'd get daily updates, but it was up to me to decide which updates to install and when. This will probably be the same with Windows 10. Either you can go full auto or you can manually install as you want.

Ken Hagan
Gold badge

Re: Remember when...

"the article specifically says that corporates will get their updates monthly, as now, [...] nothing here will change."

Except that the patches for the same underlying vulnerabilities are being published to home users a few days earlier, so the black hats can reverse engineer those (as they already do) and they get a stream of zero-days given to them by Microsoft.

This post has been deleted by its author

Stuart Castle

Re: Remember when...

Read the article. Microsoft is splitting Windows Update into two editions. One, the consumer edition will have the continual roll outs they are talking about. The other, the business edition will run slightly behind the consumer edition (to give sys admins a chance to look for bugs and test each patch) and will still have a monthly patch cycle.

Rainer

Re: Remember when...

RHEL with Satellite Server 6 allows for a "WSUS-like" patch roll-out process (staged, staggered...).

The individual components of Satellite Server 6 are available as Open Source, allowing to also manage CentOS (and probably a number of other RHEL-clones) in the same fashion.

Google Foreman, Pulp, Katello, Candlepin

mrmond

Re: Remember when...

Ubuntu - read your own link, the previous release dates are not regular or predictable at all, and there is no date listed for the release of 15.10.

I'm guessing it will be October , 6 months after the last release like it generally but not always is.

Sebby

Re: Remember when...

Well I've never been very happy with patch Tuesday anyway. Insecure software is insecure; best get the fixes out there, especially in these enlightened zero-day times. And the corporates get the benefits represented by beta testers * of the patches.

So now the only question is: what about the vulnerability bulletins themselves? Will MS put them out alongside the patches, or on schedule?

* Let's face it, increasingly that's all of Microsoft's recent software, for everybody. I'd give a lot for another stable and mature Windows.

Anonymous Coward
Anonymous Coward

Re: Remember when...

If a patch exists it's not a zero day.

Anonymous Coward
Anonymous Coward

So daily instead of monthly restarts? Can't wait

a_yank_lurker
Silver badge

Correction, daily instead of monthly Windows reinstalls.

gollux

Pretty much the way Windows Server 2012 R2 operates out of the box. Buh? I had a process that was supposed to run overnight, why did it crash? Oh, jeeze the little icon in the tray says Windows Update rebooted the machine at 2:30 am...

Now when they get good enough to not require any restart except for kernel patches and give you fair warning that a system restart is needed, then I'll bite.

jddunlap

How the heck do you manage to need a reinstall every month? Run on the cheapest hardware you can find? Overwrite system files with random garbage? Download as much malware as possible? Each of my Windows installs in the past 13 years has lasted the life of the device.

nematoad
Silver badge
Unhappy

"Now when they get good enough to not require any restart except for kernel patches..."

Well, don't look at the majority of Linux distros if you decide to jump ship. With the advent of systemd, they'll all be rebooting at the drop of a hat.

Damn Poettering, Red Hat, et al for trying to turn my Linux box into a poor imitation of Windows.

hplasm
Silver badge
Devil

Microsoft will release security updates to PCs, tablets and phones 24/7

...leaving not a lot of time to use the things

hplasm
Silver badge
Windows

"How the heck do you manage to need a reinstall every month?"

"Overwrite system files with random garbage? "

Well it is about installing MS patches, so draw your own conclusions...

Hans 1
Silver badge

>Each of my Windows installs in the past 13 years has lasted the life of the device.

Lucky you ... really, I doubt you are telling the truth ... coming from somebody who does not re-install Windows even when it is borked with virii ... I know how to manually remove the shit.

Chemist

"With the advent of systemd, they'll all be rebooting at the drop of a hat."

? - care to explain. I've been using a systemd distro for quite a time and requirement to reboot doesn't seem to have changed

nematoad
Silver badge

Well, as far as I know Suse, Ubuntu and Debian and a lot of the derivatives never had to reboot except when changing kernels. Now that they have changed over to systemd they will. Just like with pulseaudio, also I believe from Poettering & co.

Of course you haven't noticed a change in behaviour in your distro, you already have that "feature" so what you had is what you have got, it's just every other distro is just making its acquaintance.

cambsukguy

I did a reinstall on my Win7 machine last month, first time ever on a five-year-old laptop - something was weird, System restore was AWOL (I have a small SSD and it runs at 95% full almost all the time).

It turned out that my last real, full System Backup was when I installed that SSD so I crossed everything and set it to replace my system with it.

After chundering for a while, it restarted and ran Windows Update to do a million updates (about 170 - all but one of which worked on the first pass).

Simultaneously downloading the OneDrive stuff where my files reside these days meant that that backup was already there, just a matter of setting OneDrive to not having local copies of the large video files my phone produces.

Add to that the expected Adobe updates and all was well, more disc space available (smaller registry and email archives perhaps?) and slightly zippier perhaps.

Can't see why I would be lucky enough never to have had to re-install Windows for five years and still have a working system and you would have to constantly do it it seems.

Maybe you are just a troll or useless at your job/IT in general.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018