Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday October 16 2016, @09:47AM   Printer-friendly
from the some-folks-don't-need-flexibility,-apparently dept.

The Register reports

Redmond kicks off the era of the force-fed security update

Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload.

The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems.

Krebs on Security notes

Microsoft: No More Pick-and-Choose Patching

Starting this month, home and business Windows users will no longer be able to pick and choose which updates to install and which to leave for another time. For example, I've often advised home users to hold off on installing .NET updates until all other patches for the month are applied--reasoning that .NET updates are very large and in my experience have frequently been found to be the source of problems when applying huge numbers of patches simultaneously.

But that cafeteria-style patching goes out the...err...Windows with this month's release.

[...]Microsoft's patch policy changes are slightly different for home versus business customers. Consumers on Windows 7 Service Pack 1 and Windows 8.1 will henceforth receive what Redmond is calling a "Monthly Rollup," which addresses both security issues and reliability issues in a single update. The "Security-only updates" option--intended for enterprises and not available via Windows Update--will only include new security patches that are released for that month.

What this means is that if any part of the patch bundle breaks, the only option is to remove the entire bundle (instead of the offending patch, as was previously possible). I have no doubt this simplifies things for Microsoft and likely saves them a ton of money, but my concern is this will leave end-users unable to apply critical patches simply due to a single patch breaking something.

[...]The smartest option is probably to ditch [Adobe Flash] once and for all and significantly increase the security of your system in the process. I've got more on that approach (as well as slightly less radical solutions) in A Month Without Adobe Flash Player.

[...]Finally, Adobe released security updates that correct a whopping 71 flaws in its PDF Reader and Acrobat products. If you use either of these software packages, please take a moment to update them.

Has this change in method and control altered the thinking of any Soylentils WRT their choices of software supplier?
Now for the biggie: Has anyone convinced his boss to depart the Redmond path?

Previous: Windows 7 and 8.1 Moving to Windows 10’s Cumulative Update Model


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday October 17 2016, @11:42AM

    by Anonymous Coward on Monday October 17 2016, @11:42AM (#415168)

    thank you.