Offline files nightmare

scottalanmiller

@wrx7m said in Offline files nightmare:

@Dashrender said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@scottalanmiller Right, and that is why I don't have Windows 10 AU running on any of my users' systems.

I find this hilarious. I recall the days when people wouldn't touch a MS OS until SP1 came out. 1607 is more or less service pack 2. Sadly MS has just been on a horrible ride of bad patches/updates lately!

And a lot of people wait to upgrade to a new SP, because why?

Because they don't understand how software is made. We talk about that problem all the time. It's an irrational fear and misunderstanding of software maturity.

wrx7m

@JaredBusch AU= Anniversary Update and not auto update.

scottalanmiller

@scottalanmiller said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@Dashrender said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@scottalanmiller Right, and that is why I don't have Windows 10 AU running on any of my users' systems.

I find this hilarious. I recall the days when people wouldn't touch a MS OS until SP1 came out. 1607 is more or less service pack 2. Sadly MS has just been on a horrible ride of bad patches/updates lately!

And a lot of people wait to upgrade to a new SP, because why?

Because they don't understand how software is made. We talk about that problem all the time. It's an irrational fear and misunderstanding of software maturity.

http://www.smbitjournal.com/2014/04/software-versions/

JaredBusch

@wrx7m said in Offline files nightmare:

@JaredBusch AU= Anniversary Update and not auto update.

I would not stop that either. It is not a new version.

scottalanmiller

@JaredBusch said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@JaredBusch AU= Anniversary Update and not auto update.

I would not stop that either. It is not a new version.

It's just a larger than normal patch.

wrx7m

@scottalanmiller - I have seen you say this in other threads and I wish it were true. However, look up how many patches/updates just from MS caused wide-spread issues this year. I can say the same for Sophos UTM. I will let others be the beta testers when it comes to my company's production systems.

wrx7m

@scottalanmiller said in Offline files nightmare:

@JaredBusch said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@JaredBusch AU= Anniversary Update and not auto update.

I would not stop that either. It is not a new version.

It's just a larger than normal patch.

Either way, MS botched it and I was resting easy.

scottalanmiller

@wrx7m said in Offline files nightmare:

@scottalanmiller - I have seen you say this in other threads and I wish it were true. However, look up how many patches/updates just from MS caused wide-spread issues this year. I can say the same for Sophos UTM. I will let others be the beta testers when it comes to my company's production systems.

But that's not how testing works. And waiting on patches just makes you vulnerable. If you don't trust Windows in production, you can't use it. Leaving it unpatched is crazy. That means you are depending on a system that you don't trust, solving the problem by blocking the only people that can fix it from fixing it and just leaving yourself exposed AND using a system you fundamentally don't trust.

Think about what that means.

scottalanmiller

@wrx7m said in Offline files nightmare:

@scottalanmiller said in Offline files nightmare:

@JaredBusch said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@JaredBusch AU= Anniversary Update and not auto update.

I would not stop that either. It is not a new version.

It's just a larger than normal patch.

Either way, MS botched it and I was resting easy.

Resting easy on an unpatched system. That's a false sense of security.

wrx7m

@scottalanmiller I see your point. Critical security issues are indeed more serious. A googling of the KB article a couple days later either yields very bland results are a ton of headlines/thread titles on how a particular update screwed their systems/network. That one gets put on hold.

wrx7m

@scottalanmiller My users have Windows 7, so that isn't really an issue. I installed AU and had to revert on my laptop for awhile.

scottalanmiller

@wrx7m said in Offline files nightmare:

@scottalanmiller I see your point. Critical security issues are indeed more serious. A googling of the KB article a couple days later either yields very bland results are a ton of headlines/thread titles on how a particular update screwed their systems/network. That one gets put on hold.

Updates very rarely actually screw systems. And updates are there for a reason. Waitng on updates makes them practically useless unless they are features only.

The bigger problem is, though, if you can't trust the patches, you can't trust the system. Period. No grey area at all. That means that if you feel that you can't trust the patches you shouldn't be running Windows in production because you don't trust it. Nothing wrong with not trusting it, it's using it even though you don't trust it that is the mismatch.

wrx7m

@scottalanmiller Again, I agree. We are in the lesser of two evils argument, as there is no way I can budget the cost to switch away from windows. At this point I don't want to. Maybe in a couple years after the newer method of all or nothing updating has screwed me.

scottalanmiller

@wrx7m said in Offline files nightmare:

@scottalanmiller Again, I agree. We are in the lesser of two evils argument, as there is no way I can budget the cost to switch away from windows. At this point I don't want to. Maybe in a couple years after the newer method of all or nothing updating has screwed me.

You don't want to switch, yet you distrust the vendor on which you depend 100% for patching.

The method here is the same as everyone else, Windows is just catching up with the rest of the world. Constant rolling updates are generally considered to be the way forward. NO real escaping that any more.

wrx7m

Patches aren't done in a vacuum so it is what it is. We will have to see how MS handles it. The O365 clients updating has mostly been OK since 2013. Windows 10 has been hit and miss.

scottalanmiller

@wrx7m said in Offline files nightmare:

Patches aren't done in a vacuum so it is what it is. We will have to see how MS handles it. The O365 clients updating has mostly been OK since 2013. Windows 10 has been hit and miss.

I just don't see them seeing it as the serious business tool that it used to be.

wrx7m

@scottalanmiller said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@scottalanmiller Again, I agree. We are in the lesser of two evils argument, as there is no way I can budget the cost to switch away from windows. At this point I don't want to. Maybe in a couple years after the newer method of all or nothing updating has screwed me.

You don't want to switch, yet you distrust the vendor on which you depend 100% for patching.

The method here is the same as everyone else, Windows is just catching up with the rest of the world. Constant rolling updates are generally considered to be the way forward. NO real escaping that any more.

I also have multi-layered security and AV to help with this. Just because there is a patch, doesn't mean there isn't another flaw somewhere else that hasn't been discovered.

scottalanmiller

@wrx7m said in Offline files nightmare:

@scottalanmiller said in Offline files nightmare:

@wrx7m said in Offline files nightmare:

@scottalanmiller Again, I agree. We are in the lesser of two evils argument, as there is no way I can budget the cost to switch away from windows. At this point I don't want to. Maybe in a couple years after the newer method of all or nothing updating has screwed me.

You don't want to switch, yet you distrust the vendor on which you depend 100% for patching.

The method here is the same as everyone else, Windows is just catching up with the rest of the world. Constant rolling updates are generally considered to be the way forward. NO real escaping that any more.

I also have multi-layered security and AV to help with this. Just because there is a patch, doesn't mean there isn't another flaw somewhere else that hasn't been discovered.

That's fine, but that's a red herring. That one vulnerability is not yet patched has nothing to do with another being addressed. It's not "perfect or useless". And vulnerabilities are most vulnerable hours after the release of a patch.

wrx7m

@scottalanmiller I think you are right. If they did see it as a serious business tool, they would adjust their focus and resources to make sure that the quality of initial release and subsequent patches is as close to perfect as it can be. Now, it seems it is best guess. Does it patch the vulnerability? Yes? OK release it. Whoops, it broke something else. Hmmm...

scottalanmiller

@wrx7m said in Offline files nightmare:

@scottalanmiller I think you are right. If they did see it as a serious business tool, they would adjust their focus and resources to make sure that the quality of initial release and subsequent patches is as close to perfect as it can be. Now, it seems it is best guess. Does it patch the vulnerability? Yes? OK release it. Whoops, it broke something else. Hmmm...

Yes, I'm not defending that they are doing a good job. Only that they are doing the job at the level that they are and using them requires an acceptance of that. My solution was to stop using Windows