Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday Microsoft has shown off some of the new security mechanisms embedded in Windows 10, and revealed a change to its software updates. Windows supremo Terry Myerson reckons the revised security patch rollout – effectively ditching the monthly Patch Tuesday – will shame Google. "Google takes no responsibility to update customer …
"""ATA constantly scrutinizes your office network, and uses basic machine learning techniques to identify suspicious behavior by devices and users, and raise the alarm if necessary."""
Lets translate:
ATA is yet another service (YASATA!) that will check your AD registered computers against an internal list of ideal configurations and file versions, once it finds a computer which doesn't conform to this it will take corrective measures to bring the computer back into compliance.
As there is not such a thing as "basic machine learning" (one wonders why they wouldn't use the advanced one) what the software does is a more or less clever pattern building and matching, bear in mind no complicated stuff, just techniques like what kids in the 90's were doing in self-made videogames and demos in the late 90's
It is quite funny that MS can not write its own security software and prefers to buy it from a third external party (a young start-up).
If only MS had a deep understanding of their own OS and access to the source code...
To be fair, Microsot may have learned the hard way, but at least they learned.
What galls me is that despite Microsoft providing such a fantastic example of what happens when you put security second, instead of taking a 'learning from someone elses mistakes' mentality, it seems the likes of Google and Apple prefer to just stick their fingers in their ears while chanting, "Lalalala won't happen to us!".
Google in particular, has become the new darling of security nightmares. The only thing preventing Apple from being in quite the same boat is the fact that they are uber-control freaks, with has the useful side-effect of limiting their attack surface.
"Google in particular, has become the new darling of security nightmares. The only thing preventing Apple from being in quite the same boat is the fact that they are uber-control freaks, with has the useful side-effect of limiting their attack surface."
You must be joking.
@DasBub not really, my 2002 Windows XP machine stopped getting updates last year, my current machines will get updates going into the next decade.
My Android smartphone? 2.5 years old and not even security updates within the last year! Patches for well known security exploits for unpatched Android 4.3? Forget it. Although, I suppose I should consider myself lucky that Samsung at least upgraded it from 4.1 to 4.3.
This isn't purely Google's fault, but it is their ecosystem and they don't seem to be doing anything about keeping their customers patched. The hardware has been delivered, live with the defects or buy a newer device...
To be honest, I prefer the Microsoft attitude.
@returnmyjedi I'm comparing like for like... Both are operating systems that are connected to the Internet. I don't care that one runs on a smartphone and tablets and the other runs on tablets and PCs, they are both connected to the Internet, so both need long term security.
Yes, the Windows Phone 7 is a blight on Microsoft in this regard.
> Yes, the Windows Phone 7 is a blight on Microsoft in this regard.
I would be interested to know how one could 'attack' a WP7 device in any case?
Apps are sandboxed and can only be installed from the Store (called Marketplace if I recall correctly).
The browser? What can a rogue web page do via the IE on WP7. I assume it could conceivably crash the phone.
Can anything other than an App access call info or OneDrive files?
I only ask 'cause my sprog has my old one (still running well, still indestructible, still lasts all day no problem).
There are probably ways to exploit WP7 and the browser, but with such a small market now, would anyone bother?
My daughter is still using her WP7 Lumia, although she is looking for something newer - she would take an iPhone 6, but isn't willing to splash out nearly a grand on it.
I currently have a WP8 Lumia and am very happy with it - and it has had numerous updates over the last year, both new OS versions and updates.
"My 2002 Microsoft CE PDA never had a security update."
But then, your WinCE PDA wasn't connected 24/7 with a third-party apps store, nor did it have web browser that you could use for anything faintly modern. To say nothing of the fact that that was 12-13 years ago and this is now. Apples, oranges indeed.
"This isn't purely Google's fault, but it is their ecosystem and they don't seem to be doing anything about keeping their customers patched."
Moving core functionality to Play Services and apps to the Play Store (Gmail, Maps, Calendar, etc), early release of Lollipop previews to OEMs - i.e. everything they can in the face of OEM and carrier reluctance to provide timely updates.
The only thing that Microsoft has learned is advanced marketing for spivs. Why is it that IE has been a total security failure for the lasy 8 upgrades. Could it be that Microsoft has "invested" more in marketing than software engineers? Answer on an email not via IE9.
Judge Microsoft by what they are doing now, not what they have done. If you judge them by their past, it makes you look bitter, and also slightly stupid when Microsoft consistently does well in security tests now.
Remember, back in the dark old days of XP SP1, Microsoft regularly got their Ass handed to them security wise by the hackers. So much so that they spent a lot of money on their "Trusted Computing" initiative and substantially changed Windows XP with the release of SP2. They also (apparently) deleted a lot of the Vista source code and rewrote it using the recommendations of the Trusted Computing initiative, which is why Vista was late, and delivered a fraction of what they had promised. One major (but actually relatively simple) switch made was to ensure that the Server version shipped with virtually everything disabled, thereby ensuring the sys admin is required to enable the services he or she requires from the machine. This even extended to limiting what the browser could display.
Sure, Windows, along with any reasonably sized to large sized software product has bugs. Some of which are serious, but the security on Windows has been hardened. This is why the hackers are increasingly going for other software such as Java and the various Adobe plugins. When Sun and Adobe get their act together security wise, hackers will move on elsewhere.
BTW, I am not a Microsoft fanboi. Not by a long chalk. I am not a fanboi of any particular platform. I believe in using the "tools for the job". If a platform fits my needs, I'll use it, be it Linux, OSX or Windows.
<Snip>
"BTW, I am not a Microsoft fanboi. Not by a long chalk. I am not a fanboi of any particular platform. I believe in using the "tools for the job". If a platform fits my needs, I'll use it, be it Linux, OSX or Windows."
Dear sir,
We have examined your post and found it to be balanced and reasonable and subsequently it has no place in a religious OS war. Please present yourself at an OS place of worship near to you, where you will be burnt at the stake as a heretic and non believer.
This post has been deleted by its author
I did a reinstall on my Win7 machine last month, first time ever on a five-year-old laptop - something was weird, System restore was AWOL (I have a small SSD and it runs at 95% full almost all the time).
It turned out that my last real, full System Backup was when I installed that SSD so I crossed everything and set it to replace my system with it.
After chundering for a while, it restarted and ran Windows Update to do a million updates (about 170 - all but one of which worked on the first pass).
Simultaneously downloading the OneDrive stuff where my files reside these days meant that that backup was already there, just a matter of setting OneDrive to not having local copies of the large video files my phone produces.
Add to that the expected Adobe updates and all was well, more disc space available (smaller registry and email archives perhaps?) and slightly zippier perhaps.
Can't see why I would be lucky enough never to have had to re-install Windows for five years and still have a working system and you would have to constantly do it it seems.
Maybe you are just a troll or useless at your job/IT in general.
Pretty much the way Windows Server 2012 R2 operates out of the box. Buh? I had a process that was supposed to run overnight, why did it crash? Oh, jeeze the little icon in the tray says Windows Update rebooted the machine at 2:30 am...
Now when they get good enough to not require any restart except for kernel patches and give you fair warning that a system restart is needed, then I'll bite.
"Now when they get good enough to not require any restart except for kernel patches..."
Well, don't look at the majority of Linux distros if you decide to jump ship. With the advent of systemd, they'll all be rebooting at the drop of a hat.
Damn Poettering, Red Hat, et al for trying to turn my Linux box into a poor imitation of Windows.
Well, as far as I know Suse, Ubuntu and Debian and a lot of the derivatives never had to reboot except when changing kernels. Now that they have changed over to systemd they will. Just like with pulseaudio, also I believe from Poettering & co.
Of course you haven't noticed a change in behaviour in your distro, you already have that "feature" so what you had is what you have got, it's just every other distro is just making its acquaintance.
"Of course you haven't noticed a change in behaviour in your distro, you already have that "feature""
As I've been using Linux from the mid-90s I'd notice especially as I run 6 machines + several VM. Only reboots for kernel updates - changes to the desktop environment occasionally request logout/in
Can we have some comments from other users about this
I am in the same boat and the only thing I can think of it is that the GUI will ask you to install than restart after you update, but since I just use yum to update, I've never had to restart (minus Kernel) so I don't know.
I can't remember if the GUI asked me prior or not. My laptop is is at Fedora 20 currently.
"Well, don't look at the majority of Linux distros if you decide to jump ship. With the advent of systemd, they'll all be rebooting at the drop of a hat."
Given that you can supposedly stop and restart init (which systemd is supposed to replace) without rebooting, how does systemd make things any different, unless you're saying systemd ties itself to the kernel, which I've yet to see. Why don't you PROVE that systemd forces more reboots.
@gollux - If you are responsible for a Windows 2012 R2 server and it is installing patches and rebooting overnight without your knowledge or approval then perhaps you should consider some basic training on the O/S you are managing.
I had a co-worker who often used a phrase in meetings (going way back to the Windows NT days) to describe the difference between machines that blue-screened frequently compared to ones that ran for months at a time with no issues: "Any idiot can run setup.exe". If you are moderately educated as to the capabilities of your OS and best practices for operations you will have much more success regardless of which flavor you choose to run.
"Now when they get good enough to not require any restart except for kernel patches and give you fair warning that a system restart is needed, then I'll bite."
Show me how Microsoft can get out of the file-lock system they're currently in without breaking everything before it. That is the chief reason behind restarts: locked system files held by critical (as in try and stop it and Windows panics) and currently-running (that's why the files are locked) system components.
This post has been deleted by its author
Unfortunately, though, most free and open source OSs don't have a regular release cycle or sensible system for releasing patches either.
Picking a few at random, and searching:
Fedora:
Release Cycle / Patch Management
Ubuntu:
Release Cycle / Patch Management
Debian:
Release Cycle / Patch Management
FreeBSD: Release Cycle / Patch Management
So which "most free and open source OSs" are you talking about, specifically?
With WSUS and Enterprise, you can plan the updates as you do now - the article specifically says that corporates will get their updates monthly, as now, but private machines will get updates as needed.
The corporate tools also allow for the separate testing and staggered release of patches, nothing here will change.
For private machines, the update cycle will be faster - but generally those machines are also not as well protected as corporate machines. They probably don't have much in the way of AV software - probably a 3 month trial of McAfee that ran out 3 years ago, they are probably, at best, behind a compromisable home router and the average user has no idea about the dangers.
On SUSE, I'd get daily updates, but it was up to me to decide which updates to install and when. This will probably be the same with Windows 10. Either you can go full auto or you can manually install as you want.
"the article specifically says that corporates will get their updates monthly, as now, [...] nothing here will change."
Except that the patches for the same underlying vulnerabilities are being published to home users a few days earlier, so the black hats can reverse engineer those (as they already do) and they get a stream of zero-days given to them by Microsoft.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
