This blog post is intended to notify all Windows Hardware program partners that Microsoft has taken a strategic initiative to clean up legacy drivers published on Windows Update to reduce security and compatibility risks. The rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the windows ecosystem, while making sure that Microsoft Windows security posture is not compromised. This initiative involves periodic cleanup of drivers from Windows Update, thereby resulting in some drivers not being offered to any systems in the ecosystem.
↫ Microsoft’s Hardware Dev Center
The general gist is that Microsoft is going to remove all drivers from Windows Update for which newer versions exist – or, to put it in a different way, only the latest versions of a driver are going to remain available on Windows Update. It’s effectively a clean-up of Windows Update, and the only way older versions of drivers will remain available on Windows Update is if the manufacturer in question can make a “business justification” to keep them around.
Some of this may sound surprising, since many people assume Windows Update only offers the latest versions of drivers – annoyingly so, sometimes – but this isn’t the case. Corporations with fleets of devices can actually determine exactly which drivers get sent to their devices, including opting for older versions in case newer versions have regressions or otherwise cause issues. Sometimes you just don’t have a choice.
According to Adam Demasi, the creator and maintainer of the amazing Legacy Update service, Microsoft hasn’t deleted a single driver or update from Windows Update since 2001 (save for problematic updates). This results in a truly massive collection of updates and drivers, and that’s causing real problems for Microsoft.
Windows Update has a pretty cool system of describing whether an update is necessary to be installed on the current system, or if it is already installed. It also builds a relationship graph between updates, to indicate when they have been replaced by a newer update that includes all changes from the previous update. That system is also its downfall, causing the Windows Update service to be incredibly slow in checking for updates, possibly never completing the check at all. This issue also applies to WSUS, which despite being based on the very robust SQL Server, struggles with the number of drivers Microsoft hosts on Windows Update. As of April, we know that Windows Update hosts 1,799,339 drivers, and this creates a 138 GB database that requires almost 16 days to synchronise down from the main servers. The WSUS server is brought to its knees, with frequent timeouts while it furiously tries to complete database queries. (The PC used is a Ryzen 5700G with 32 GB of 3600 MHz RAM and 500 GB of NVMe, running Windows Server 2025 and SQL Server 2022.)
↫ Adam Demasi
From this, it’s easy to understand why Microsoft would want to perform some housekeeping, followed by a new set of rules around only keeping the latest versions of drivers around in Windows Update. Demasi also notes that these plans by Microsoft won’t affect drivers for old devices, since they will still be served their “newest” driver version, and it won’t affect Legacy Update either.
Good to hear that I’ll be offered 29 less realtek drivers whenever I need to use windows update for drivers.
I don’t necessarily expect WU to house every single version of a driver ever created. However I hope they don’t plan to only have the very latest driver. That seems to be overshooting the mark. Not only have I had reason to use older drivers to fix bugs, but some manufacturers even use windows updates maliciously. An example I ran into recently are devices with prolific’s USB chips…
It’s one thing to break comparability with clones for #1, I can see why Prolific/FTDI/others do this. However I encountered both #2 and #3 on a job. After updating to win11 and using the latest drivers, authentic hardware that was previously working now displayed the above messages when plugged in. While I could get functionality back temporary reverting to older drivers. Windows itself made it very difficult to keep using those old drivers. Every prolific update wipes out the working driver with their new intentionally broken ones to coerce owners into buying new hardware. Needless to say this is so infuriating and I think a class action lawsuit is in order against both MS and the manufacturers for perpetuating this sham. Customers should have the right to continue using perfectly compatible hardware without interference from malicious updates from WU.
#1 is only slightly less evil than #2 and #3. It’s still one company abusing the power Microsoft gives them with control over drivers through Windows Update, enabling them to render a device the consumer purchased unusable. I know car::computer analogies are tired and busted, but in this case it would be the same as if Ford pushed an OTA update that rendered the third party ignition control module installed in my car unable to communicate with the powertrain control module (main computer in the car). Best case, my car doesn’t start the next time I try to go somewhere, worst case it gets the OTA update in the middle of a trip and suddenly my car shuts down in highway traffic, resulting in an accident and potential loss of life.
I get that companies should be able to protect their IP from cloning and such, but it should never, ever be at the expense of the end consumer. Go after the counterfeit supply chains all day long, but leave the innocent consumer out of it. The actions Prolific has taken in these cases should be litigated as anti-consumer and potentially considered criminal acts of sabotage.
If it’s not obvious, I’ve been a victim of all three examples you raised, and in the first example I had bought a USB programming cord that was advertised as having a genuine Prolific chip, that obviously wasn’t genuine. This was not my fault but I ended up being the victim here, because Prolific used their driver shenanigans to render my previously working device into a non-working brick.
Morgan,
This is unrelated, but “sabotage” fits what FTDI did a few years ago. Their engineers went further than just preventing the driver from working, they actively bricked clones. Ultimately FTDI backed off, it was a terrible idea and I suspect their own lawyers warned that FTDI could be liable for triple damages for causing intentional harm. A company doesn’t get the right to break the law, even as retaliation against another company who may be breaking the law. FTDI’s retaliation harms innocent victims.
https://www.zdnet.com/article/ftdi-admits-to-bricking-innocent-users-chips-in-silent-update/
Yes, that’s an important fact. I even remember newegg was selling counterfeit products unknown to them, much less their customers. The victims aren’t the ones responsible.
IMHO regulators should be going after manufacturers that sell under a false name. Clones that aren’t misrepresented should be allowed however. There is a lot of political rhetoric stoking “counterfeit” claims simply because they don’t like clones, but clones aren’t really a moral problem so long as consumers know what they are buying. The manufacturers may not like it, but there’s nothing wrong with a consumer knowingly buying a clone part, say for one’s car, tractor, or computer, instead of an OEM part. This is not only above board but it’s an absolutely critical part of healthy competition.
Honestly this quote leaves me shocked. These numbers are extremely modest in the database world. I would typically reserve a weekend to migrate something like that, but half a month?!? That’s insane. I’m lead to believe that something awfully inefficient is going on there.
Most NVMe drives sustain more than 1GB/s at copying (simultaneous reading and writing)…
https://www.tomshardware.com/features/ssd-benchmarks-hierarchy
Running that NVMe full tilt for 16 days should transfer 1,382,400GB. Even accounting for some inefficiency, a mere 2M drivers and 138 GB shouldn’t even be a bother. Even a paltry DSL line from the 90s at 3mbps would have been able to transfer 518.4GB in that time. If anything I’m surprised at how little the requirements are for 20 years of drivers, haha.
None of this implies the article is wrong, only that something inefficient is going on. The bottleneck could be on microsoft’s end and the local machine performance is a red herring.
I included the spec of the machine to show that it had plenty of resources, yet WSUS is poorly designed to make use of them. Its sync engine seems synchronous and single-threaded. It syncs update metadata down in batches of 100 at a time, processes the batch slowly, logs a bunch of errors, and then goes on its way to fetch another 100. Each loop takes 60-90 secs. Repeat that 17,994 times, and you have a 16-day wait ahead of you. On top of that, its GUI seems to make poorly designed queries, leading to it being very slow to use and frequently timing out and crashing.
Most of the drivers are from the past decade. Before Windows 8 or so, they mostly only had drivers for things you might add after the fact, like a graphics or sound card, a USB modem, etc. And then, they rarely got updated. Since 8, they pushed for a better out-of-box experience where a hopefully complete set of drivers (graphics, chipset, etc) are installed in a few minutes of first reaching the desktop, and regularly get updated.
kirb,
I don’t doubt it. It sounds like the bottleneck could be on microsoft’s end. A lot of these complex enterprise systems are built like a Jenga tower with many small components assembled on top of each other with quick and shoddy construction. It’s what we get when the “faster hardware costs less than software optimization” philosophy goes unchecked.
Not sure…
Back in the day, we were managing a fleet of ~30.000 laptops (2-3 ThinkPad models in the mix) and a bad driver rollout caused a few thousand blue screens that required manual intervention.
So I wonder if there are any mechanisms to revert to a previous driver version in case of a screw up.
(and maybe I am being very stupid here, so please correct me if I am off)
All I had to do is to create an archived version, just like old-releases.ubuntu.com v.s. archive.ubuntu.com.
Just removing the old drivers is so stupid that Isn’t even wort discussing it.
For the record I’m typing right now from a HP Ryzen based PC where the last audio driver provided by WU just breaks the analog audio output. The only option to get the audio back is to use the standard HDA driver or getting an older version from the catalog.
And the above is far from being an uncommon scenario, especially with VGA drivers.
Makes sense. Closed source software. IP on “death watch” and “dead”. This is the world of closed systems. The creation of landfill consisting of working and, mostly useful hardware.
If you are for pollution and waste, then Microsoft has you covered.
While, Linux too has had to remove some really, really, really, really, really, really, really old stuff (about 10x lifespan compared to Windows, even back when they cared), they are the better choice for keeping “closed” IP hardware going. With that said, imagine a world with more open hardware?
Dear Windows user, don’t trash your working hardware because Microsoft tells you. Either repurpose using Linux, or find a Linux person to gift your usable trash to.