"Microsoft finally realized that the point of a computer is to run the user's applications without interruption or long boot times. Therefore, we are rolling out an update system that is transparent to the user and has no forced reboots and long wait times."
What I was really hoping to read with a title like "Introducing Unified Update Platform" is that Microsoft had provided some sort of API for any program to use the same unified update system to check for and install updates, instead of having a million random updaters checking things in Task Scheduler.
They already do it for graphics drivers and so on. Linux does it of course.
But then I guess the problem is Microsoft would need to check everything in case users started blaming Microsoft for "sending them a virus through Windows Update" when RandomDodgyApp got a bad update.
> instead of having a million random updaters checking things in Task Scheduler.
And a million different popups. The main problem I see with this is that some programs (e.g. Razer Synapse) can't be arsed to have an external process do the patching; demanding a reboot. Combine that with the Windows update reboot nag and you have hell on Earth.
Aside: you do have access to BITS[1], which is the download manager that Windows Update uses. According to an MSDN mag article I read years ago it tries to be as unobtrusive as possible (e.g. backing off if you are using your connection).
> What I was really hoping to read with a title like "Introducing Unified Update Platform" is that Microsoft had provided some sort of API for any program to use the same unified update system to check for and install updates, instead of having a million random updaters checking things in Task Scheduler.
There's nothing worse than turning on a machine you've not used for a few weeks and being slammed with update notifications. Updates should be transparent and automatic by default in my opinion as regular users have zero interest in maintenance updates.
Transparent or not, I'd just prefer to have one main program doing the checks vs. a whole bunch of different vendor's ones doing different checks in different ways at different times.
Agree. An updater that wouldn't involve pop up dialog boxes interupting my work or having to opt out again and again of the updater messing with my browser (I am looking at you Java and Skype!).
Something like that for iOS would be nice too. Less intrusive update reminders and not having to go through all of the nagging for apple services everytime Apple pushes a security patch!
No, they work as-is most of the time. You just have to make sure you're not writing to your install folder or try to install services or something like that. The use of UWP APIs instead of/along classic desktop APIs is completely optional (and most of them are supported out of the box even without the bridge, the exception being the APIs that require app identity, like Tiles or supporting a Share Target contract, at least not in a easy way)
It's such a frustrating thing. Rebooting doesn't really take that long on a PC with an SSD, but it's the upheaval of my environment while I'm in the middle of developing that makes that interruption take way too long to recover from. Once you add in loading several solutions in Visual Studio (which is -- even with the improvements in 2015 -- still a ridiculously long process for what amounts to a souped-up text editor), opening up whatever web pages were up, providing needed context, and launching the variety of other applications I need to do my work (Notepad++, Outlook, Skype for Business, Vizio, several terminal services connections, possibly PuTTY and others).
I remember reading in the Server 2003 days how "Hot Patching" was going to be the answer to this. It was so limited (not to mention a possible attack vector) that it basically didn't exist as a viable feature. The only patches that could be applied in this manner had to be patching non-interrelated components, which amounts to almost nothing in the Windows world and since they're now doing patches as a large roll-up component, I'd imagine this is all but dead[1].
[1] Although I was pleased to discover when I installed the last cumulative update for Windows Server 2016 that -- to my shock -- it did not ask me to reboot the server. It was pretty freshly loaded, though, and had almost no roles or features installed so part of me wonders if there was very little to patch in the first place.
I don't disagree with your overall points, but if you're using Visual Studio in such a limited way that you can possibly think of it as a "souped up text editor", you might as well just actually use a souped up text editor - it'll be a lot faster.
Good point and it's my use of Visual Studio that kind of screws me. I've got ReSharper installed, which bogs down the editor quite a bit, as well as an extension that I wrote that isn't nearly as efficient as it should be (adds measurable overhead, but nothing close to what ReSharper adds -- I'm close to having a working update that corrects my mistakes there but it filled a gap I needed filled and I originally wrote it with no intention of releasing it -- plans changed).
Visual Studio is pretty ugly in a lot of ways, though. Writing extensions for Visual Studio exposes the ugly underbelly of the beast, which is basically WPF window dressing laid on top of a whole pile of COM Interop (not all that unusual for an application of its scope and history). There's a lot of legacy there. Generally speaking, I do avoid Visual Studio for a lot of things, favoring everything from VS Code to Notepad++. If I spend too much time in Code, or Sublime, and stay out of Visual Studio, returning to it really hurts. At the same time, for all of its complexity (and probably "because of"), I do almost all of my C# development in it and a good chunk of my C++ development there (even more so after Update 2).
"Rebooting doesn't really take that long on a PC with an SSD"
It's not the rebooting that takes time, it's the "Configuring updates for your Computer" stuff. It'll sit there on shutdown and/or startup like this for... who knows how long. There's no way to know if it's making progress, so you're left trying to guess if the update process has hung. (And this is a far too common occurrence)
Actually does anyone know what is happening when it "configures the update"? The original microsoft post suggests windows update currently simply replaces assemblies. That should take milliseconds on a modern PC.
I recommend using a traffic analysis tool for Windows 10 (GlassWire is a nice and easy to use one). I think I must've blocked like 15 different connections to Microsoft.
Beyond all the new "expected" (yet still annoying) Windows 10 telemetry, feedback, etc server connections, you get to see stuff that will piss you off - like Windows Explorer connecting to Microsoft's servers, or Web Search and Cortana connecting to its servers, even though I disabled both of them (first thing I do when installing Windows 10).
Oh, and all of that with all the options in the Privacy settings being disabled. I like Windows 10 as an OS, but it's ridiculous how much tracking and data sharing Microsoft does behind the scenes. It also makes using your phone as mobile data hotspot useless, because it's going to use a ton of your data quickly.
If I couldn't block most of this stuff I wouldn't touch Windows 10.
I use Glasswire as well but it's not enough because of Svchost. Whenever I block it, I'm unable to browse the internet. So, I use Netlimiter to throttle the process to 2KB/s.
I also would like that back, but I'd also pose to you this question:
Windows historically has been heavily used in botnets, in part because people do not apply updates to known (and fixed) vulnerabilities. Microsoft removing the "fuck off" button was a response to that, and I'd assert it's made the Internet in general safer. Yet it's also unquestionably had the side-effect of making Windows dramatically less pleasant to use.
What's the best solution here? iOS just reboots in the middle of the night, which would likely work well for Windows tablets, but might have issues with traditional desktops, since Windows doesn't have the freedom iOS does to just shut down apps. Linux leaves you to fend for yourself, which I think has mostly worked okay thus far because Linux users tend to be more technically sophisticated. macOS is a bit in-between, attempting to do the midnight reboot dance, but aborting if docs are open.
The user of the computer has to be respected. Microsoft (or any vendor) doesn't get to override the device owner's decisions. This is a basic proper rights issue. That doesn't prevent a reasonable default setting that schedules reboots, but the user must be able to override that setting.
However, regular reboots to install updates is only fixing the symptoms instead of the underlying problem. The proper solution is to put security first when writing software. The entire design needs to be developed for security from the very beginning, not added on as a "feature" afterwords.
Additionally, it would also be a good idea to design software components to have minimal interdependence (loose coupling). This should allows not only easier testing, but also easier replacement. Fewer reboots are needed with when you can replace components individually. (it can also limit restarts to only one subsystem)
iOS doesn't install updates without you giving it permission. It pops up a dialog and lets you choose to install it now, overnight while plugged in, or to cancel, but it doesn't do it without your permission. macOS has an automatically install updates option which you can uncheck if you don't want them.
I actually work in security so I'm torn on the subject too, but I know that pissing off users in the name of security is just as bad. Because then they're more likely to shun security altogether.
The right answer, in my opinion, is to force reboots by default but to allow the option to disable it.
I think the right answer would be to force reboots at the right time, but - and this is the technical challenge - ensure that you can bring the users environment mostly (almost entirely) back to normal. Eg, store memory states, bring everything that the user wants back as it was before the reboot.
That's likely a pipe dream, as apps do a bunch of complicated things - but it seems like a merger of security and UX. I'm not saying it's possible.. just that it seems like the best compromise.
"Reboot to apply important security updates and to get rid of this message"
Have an overlay of red letters that doesn't impede you to do anything but is kind of an eye sore. Maybe a window that can be moved but can't be hidden. People will reboot to remove that message (but never when they're in the middle of something).
Active hours is the 'only reboot when plugged in at night' concept for Windows. It is either on by default or Windows prompts you to turn it off if you delay an update.
I don't know about other people, but the only time I update is when its mandatory or I magically managed to close out all my work and have no state I care about. I suspect a lot of OS X users are on out of date builds of the current latest version. For the big feature updates they are pretty good about harassing users and do nice things like download the new OS without asking.
Windows 10 has now started to update graphics card drivers for me despite the fact that I already have AMD's Radeon Settings software installed which notifies me about new drivers and allows me to install them when I want to.
Last week I was playing Shadow of Mordor when all of a sudden the game crashed with an error along the lines of "Graphics device was removed or disconnected". The reason for it was Windows 10 had decided to update while I was gaming and a new GPU driver was installed as part of the update.
Suffice it to say I finally cracked and looked up how to set up the group policy settings to ask me before updating. Luckily I'm using Windows 10 Pro and have this option.
I know a lot people used to give Windows Update a lot of flak in the pre-Windows 10 days, but I never really thought it was a problem (I always had it set to ask when to install updates) but Windows 10's update settings are downright user hostile.
Yep. I have a slightly unusual graphics setup (one GeForce, one Quadro set up for Nvidia 3D Vision 2 stereo) and Windows 10 destroys my setup by installing the wrong graphics driver and makes me reinstall graphics drivers every update now. Huge waste of time. Infuriating.
AMD's Crimson driver constantly crashes for me. I rolled back to Catalyst and had no problems until Windows updated it back to Crimson. The problem is on AMD's side but still. I don't care about having the latest drivers but I care about stability.
> Last week I was playing Shadow of Mordor when all of a sudden the game crashed with an error along the lines of "Graphics device was removed or disconnected". The reason for it was Windows 10 had decided to update while I was gaming and a new GPU driver was installed as part of the update.
LMAO
No seriously. This could be straight out of a comedy piece.
I have been particularly annoyed after putting my computer to sleep and coming back in the morning to find that it rebooted and is now idling at the login screen, with my previous session of open programs lost.
I've had good results with this guide[0], which describes a lot of the same steps as the guide that mintplant already linked to, plus a few more. So far, it seems that no Windows updates have undone the changes I made by following the guide. I'm pretty sure I went through the guide before receiving the anniversary update, too.
In addition to no longer waking from sleep, my computer also no longer forces me to restart while it's awake and in use.
in the morning to find that it rebooted and is now idling at the login screen
You know what really turns my hair gray about this, I mean aside from losing the state of all my open apps, is that when I actually do want to shutdown a Windows computer it almost always seems to not shutdown because some open program is blocking shutdown with a dialogue box asking if I want to save my work or if I really want to quit.
That's terrible, and not too far off my own experience. When I do manage to shut down Windows 10 without open programs blocking the process, I almost always get a brief flash of a
"Breakpoint exception [hexadecimal error code] ... [something or other]"
dialog box that displays for less than a second. I don't think it shows up in the Event Viewer logs, so if I want to search for the error code online and remedy the problem, I'll have to be quick with a handheld camera.
It could be 3rd party software erroring out, so I guess I won't blame Microsoft for this one until I have more info.
It's ridiculous that Microsoft doesn't offer an official option for this anymore, but in the meantime, I was able to disable automatic reboots on my system by following this guide:
I think it's good. If you're not savvy enough to do a quick google search and perform the simple (all-gui) instructions within, you're probably not savvy enough to self-manage your critical updates, either.
Note that the group profile to disable reboots does not work; Win10 completely ignores it. I agree that this should be supported in the UI for sophisticated users. These sorts of frankly insane steps should not be necessary.
Hell, I'd be happy with "Do not reboot if there's mouse/keyboard/controller activity." My computer has rebooted literally in the middle of playing BioShock.
The diffed update isn't a bad news though. The amount of time and bandwidth wasted through Windows Update. I expect global warming slowdown from energy savings there.
The tenth time this caused me to lose data and when my home server shut itself down and failed to boot, I set my internet connection to "metered", which Windows graciously seems to have respected.
Now I don't get any Windows updates, but the possibility of joining a botnet is preferable to the certainty that Windows will ruin my work.
I'm glad that Microsoft is making the internet a safer place.
The bullshit corporate speak is astounding: "In the Windows 10 Anniversary Update, we added active hours and improved the control capabilities for our customers"
So you relinquished partial control of our computers. GOOD JOB. Maybe you shouldn't have assigned that right to yourself in the first place. Maybe just fuck off and let us decide when and if we're going to install these things. Like, how it used to work.
I would be running linux right now if I could get it to boot.
My wife was working from home last month for the first time in forever and that's when Windows 10 Home decided to upgrade to the Anniversary update. Try and I might, I could not seem to find a way to stop this. It took well over an hour, in the middle of the day, to install Windows and kept her from working.
That's one of the most user hostile things I've ever seen in a software product.
Ironically, after the Anniversary update we could at least set the working hours but it's still limited to a 12 hour block. Is it really too much to ask to only allow updates/reboots from 1:00am to 6:00am?!?
I'd like to think if any of this happened to the CEO of Microsoft, this crap would get fixed right away.
Here's some irony for you: I'm a Microsoft Employee and the update was force-installed midday during a WFH day, just before a critical demo, necessitating that I work over the weekend because my wife had taken the car + busses I needed didn't run midday. (there had been popup warnings for ~week but they... lied? Kept saying it would happen, it didn't, kept moving back, then all of a sudden happened with no warnings at the most inopportune time)
Another peer of mine lost his networking stack functionality when his update pushed through.
The update/telemetry/user friendliness situation has not been fantastic, even for some of us internal engs.
From the perspective of a long-time Windows user who at one point managed the services my former employer used to keep hosts up to date, this is an excellent development.
Execution will be important here and IMHO, and it has been done pretty poorly with the past versions of Windows Update/WSUS -- there's a lot of room for improvement. A lot of the benefit will center around how Differential Update is performed. Is this purely at the file level or are they actually delivering the differences in the files (similar to how I read Chrome updates were delivered). The latter would likely involve a lot more processing on the MS/WSUS side, but could dramatically lower bandwidth requirements.
The next piece centers around the WSUS component itself. I found it interesting that they've specifically used the word "Unified". Could there be a future where I, as an ISV, can publish an update/update repository for my application and have patches to my software delivered via update services? It always puzzled me that while I can create an MSI/MSP file for deployment, I could not similarly produce an MSU file for updating. Third-party software has eclipsed the core OS software as far as vulnerability threats and patching it in an enterprise is a nightmare. Most large Windows enterprises use System Center Configuration Manager which is best described as a swiss-army knife for software delivery and at its worst, described as a bunch of unrelated tools that are used to deploy software with different rules depending on what the software is. Standardizing patch delivery, or even simply allowing a third-party to install a patch via WSUS would have made patching browser plug-ins, Adobe Reader and other common software (some of which provide more attack vectors than features) a lot less painful. We maintained a 99.5% patch target with varying range requirements and while we nearly always hit those targets with OS patches, we almost never hit them with these third-party applications. They didn't mention this as a specific feature, and the naming could simply be the marketing department picking a new buzz-word, but I'm hoping this is a future path they're planning on taking.
Personally, I'd like to see updating that's as easy on Windows as it is on my openSuse or Ubunto hosts. Repositories are used to manage the various vendors, updates are packaged the same, standardized and "It Just Works" for the most part.
I completely agree. I just want to point out that Windows Update can deliver application updates and has done so for Office, Silverlight, Defender, Bing something and possibly others. So the capability is there, they "just" need to enable it for 3rd parties. Oops, I used a 4-letter word. I'm sure it's more complicated than that.
They sorta did it for Store/UWP apps, but Win32 applications aren't going anywhere anytime soon (I hope!).
I forgot about the Store apps and I remember when that came out, I thought "They got that mostly right". "Mostly Right" from the perspective that there is a standardized software install/repository for applications that also updates them. "Wrong" in that it's following the iOS App Store model rather than the Linux model, has no (real) ability to add third-party, software that hasn't undergone the "Microsoft Stamp of Approval"[0]. And I'll admit that my first thought was that it was the end of any dream that MSUs would be opened up to third-parties.
And the Office/Silverlight mix always drove me crazy - it's something you have to separately turn on (and depending on the OS version/kind, you have to click through an additional EULA to activate), so they already had the plumbing in place to accept non-OS update complete with an EULA page and "activation" of that feature. I know there are a lot of issues that have to be addressed to successfully implement this. There are those legal ones -- like the ones they encountered that caused them to differentiate "Windows Update" and "Microsoft Update", as well as adding another attack vector (now the drive-by installs only need to install a new repository and they can deploy malware through updates)[1], as well as probably tens or so that I am not clever enough to think of.
[0] Though a quick search for just about anything in the WinStore indicates that Microsoft's standards are really low -- the spam disguised as software in the is a big problem.
[1] There's ways around this, though, with existing features already built into Windows. Using a model similar to Intellicode with an internet connection required to verify trust and CRL (you need it to download the update, any way, after all), backed up by a bit more hands-on verification on Microsoft's side (along with a higher fee to pay for that) would cover third-party repositories and for "Internal Enterprise" MSUs -- built by IT staff and deployed via SCCM -- the requirements could be "accept only if it originates from the enterprise CA that the domain trusts" (not other, external, CAs).
Maybe one day we will get a truly unified update platform thru which we can update all our software, not just Windows. It's crazy that every single app has its own update mechanism in 2016.
Isn't that what the Mac App Store has had for half a decade now?
It's the best of both worlds: A unified repository for OS updates and sandboxed third-party software that is guaranteed not to fuck up your system, while still being able to install from other sources with their own update mechanisms.
Now if only Apple worked on its UI and improved discoverability etc.
I don't have great internet at home and a couple of times a week it crawls to a stop. It's kind of funny there is some app on my home network that is auto updating.. windows10, steam, Apple TV, iPhone, iPad it could literally be anything, and I don't know which one it is.
Honestly, I don't need a faster update, I don't need a lower bandwidth update. I don't even care that much that it's automatic. All I want is the updates to be more stable/reliable going forward than the last couple months have been.
"Microsoft finally realized that the point of a computer is to run the user's applications without interruption or long boot times. Therefore, we are rolling out an update system that is transparent to the user and has no forced reboots and long wait times."