Linked by Thom Holwerda on Mon 15th May 2017 23:08 UTC
Windows

Troy Hunt hits some nails on their heads:

If you had any version of Windows since Vista running the default Windows Update, you would have had the critical Microsoft Security Bulletin known as "MS17-010" pushed down to your PC and automatically installed. Without doing a thing, when WannaCry came along almost 2 months later, the machine was protected because the exploit it targeted had already been patched. It's because of this essential protection provided by automatic updates that those advocating for disabling the process are being labelled the IT equivalents of anti-vaxxers and whilst I don't fully agree with real world analogies like this, you can certainly see where they're coming from. As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don't understand.

Great article, which also goes into Windows Update itself for a bit.

Permalink for comment 644278
To read all comments associated with this story, please click here.
This still missed a few key points.
by oiaohm on Tue 16th May 2017 01:14 UTC
oiaohm
Member since:
2009-05-30

1) Don't put operating system on hardware it don't support. As this will force you to disable updates and run into hell. Like if you cpu was build 2011 and before you should not be running windows 10 and then windows 7/8.1 should not be put on current generation hardware because Microsoft will not provide updates in that case.

This not support hardware Linux suffers from has well. But windows users stupidly believe this fault does not apply to them so bring more trouble as they apply updates or failure to apply updates.

2) Be aware if you are running on metered and windows knows this you have to manually update. So yes auto updates on and you can still have no patches being applied.

3) setting active hours can also cause this disaster if you always shutdown your computer inside the active hours so it never installed updates when it should. So even setting that you should be checking on update application.

Basically another lot of swiss cheese instructions. Leaving out a key step that you should check when the last update was and that patches are applying every so often because things do break at times.

Troy Hunt write up is defective as the instructions to disable updates in the first place. The correct process need to be got to end users.

Reply Score: 1