Manage Your Updates 2018

You’ve surely heard that you should keep your PCs and servers updated (“patching”).  Left unpatched, hackers have easy way to hijack your systems with traditional malware like viruses and spyware, encrypting ransomware (so you have to pay to get your stuff back), and now the latest craze: crypto miners that simply bog down your system to generate revenue for someone else.

So you should update your systems every month, right? 

Unfortunately, updates meant to protect your systems can sometimes also break them in unexpected ways.  Unintended consequences are just a part of programming.  So Slingshot has always qualified that as “patch once its safer than not patching”.  In the past, we typically reached this confidence point about two days after updates were released.

Since then, the situation has worsened.  For the last two years, the “all clear” has typically taken 1-2 weeks, and for most of 2018, we’ve only reached that confidence around the three week mark, leaving us with only a week or so to update before the next month’s batch is released and the whole mess starts over.

The quality of Microsoft’s Updates has reached a new low.

July 2018 has been an extremely bad month for Microsoft’s updates.  As of today, Microsoft shows 47 “known issues” documented for just 15 products updated this month — that’s 3 newly-created bugs per product!   Right now, it’s much riskier to update your systems than to leave them alone.

Actually, that raises another problem: Microsoft has made Windows so aggressive about updating that “leaving it alone” actually means updating it.  By default, updates go on very quickly and without warning and little control.

Yes, this is all upside-down.  So what should you do?

If you want to keep using your systems productively, you’ve got to take back control.  Full control actually requires a good amount of effort, but here are some quick recommendations to get started:

  • If you’re a Home user, go to Windows 10’s PC Settings > Updates > Advanced options, and change these 3 settings:
    • Change the Branch Readiness Level from “Current Branch” (aka “Semi-Annual”) to “Current Branch for Business” (aka “Semi-Annual (Targeted)”)
      (the terminology changes version to version)
    • Defer Feature Updates to the max of 365 days.
      (This term is confusing, and should really be called “Windows Version Upgrades”).
    • Defer Quality Updates to the max of 30 days.
      These will delay most serious Windows changes until they’ve gotten the bugs worked out.
  • If you are a business, make sure your IT department is centrally managing its updates!  This process should include research, testing, and a defined process to “push” updates to your organization’s systems, and verify that they installed correctly.  There are various tools to underpin a process like this, and Microsoft offers has a free one called Windows Software Update Services (aka “WSUS”).  Any update management process is better than none.
  • If your business doesn’t have an IT department, contact Slingshot to handle this for you!  Update Management is one of our specialties, part of our Maintenance & Monitoring service, and bundled in our Pro-Managed IT Services package (more on those here soon :).

Hope that helps.  Good luck updating!

-Rob for Slingshot