Windows Updates: The Good, The Bad, and The Ugly

Windows Updates:  The Good, The Bad, and The Ugly

We all see them.  Often untimely and interrupting our work or play.   Nagging us, cajoling us, and practically forcing us to install them.  But what do you need to know about Windows Updates?

First, there is the GOOD.   Windows Updates:

  • Update and patch your security. This can’t be emphasized enough in importance!   Microsoft constantly finds and fixes security holes – everything from minor to completely terrifying vulnerabilities.   The bad guys are winning the cybersecurity war.  They are more and more successful in stealing data, ransoming companies, and causing extreme damage.  It’s never been more important to keep your systems updated and secured than it is right now.
  • You often get upgrades and new features. In addition to fixing up your security, they often will upgrade your programs or give you cool new features.  It used to be common among most apps that if you wanted the latest features or even a minor upgrade you had to either buy it outright or pay for an expensive maintenance program.  But with Windows and most Office programs, you can get tons of new stuff just by accepting an update.
  • It’s Free! Microsoft invests a lot of money in security and improving its programs.   You get the fruits of all of that hard work for free.

But there is some BAD news:

  • It’s inconvenient. This is probably the complaint we hear the most often and is almost certainly the part that annoys you the most.   The updates almost seem psychic in their ability to pop up, reboot or get in the way at the most inopportune times.  Have an urgent deadline?  Yup!  That’s when a major update wants to install.   Got in early to work on something and your computer has been rebooting for 30 minutes?  Yup!  It’s probably a Windows Update.
  • It takes forever. Microsoft just announced they want at least an 8-hour window to install updates.   We use an incredible service and team to do our managed patching (more on that later) for our clients and even they insist on a 6-hour window.
  • They can easily be missed or fall behind. Despite all of the inconvenience, they are important, so it’s even more of a pain to find out your computer isn’t getting them or has missed a bunch.  Unfortunately, this is not only fairly common, it also goes undetected.

Then there are some UGLY parts:

  • They can crash your computer, or worse, your server. It’s a terrifying Catch-22.   You need patches, you want patches but any given one of them can blow up like a grenade and it happens more often than you’d think.
  • They can break programs. Even if they don’t crash your computer or server, they can break other things like a printer or a feature in a program.  Recently, for example, a minor patch broke autocomplete in Outlook.  You know the feature where you start to type an email address and it pops up and fills it in for you?  Imagine that suddenly lost everything!   We were flooded with people calling about it but it turns out it was a “patch” that came out and we had to wait days for Microsoft to fix it.

What we do

Because this is so important and so easy to get wrong, one of our very first “managed services” we offered was a patching service.  It’s part of our larger and comprehensive “Worry-Free” programs.  In these programs we not only do the patching but we also monitor the hardware for failures, windows services (little apps that run in the background to run the computer), event logs, and do a bunch of maintenance.

For the patching, it is so critical we actually pay a 3rd party testing NOC (network operations center) to test all the patches in all kinds of different environments.  They test each and every update under all kinds of scenarios.   They test them on Dell computers, HP computers, IBM, etc.   They test them on computers running databases, email servers, accounting software, etc.    They look for all kinds of scenarios that could possibly result in a crash or feature break.

When all the testing is done, they flag patches with a color.  Black means they found a problem and are holding this patch back until it is fixed or replaced.  Green means it is safe and ready to deploy.  But there are all kinds of other color tags.  Some mean you can install it safely if the computer doesn’t match certain variables but if a computer does have one of the variables (i.e.  A Dell Server running database software), don’t install it as it may break it!

After all the testing, and color coding, the patches need to be installed.   We always try to do as much of it as possible in the middle of the night.  But that isn’t always possible.  Patches often need to do various updates at different parts.  They may need to stage a few things when shutting the computer down.  They may need programs to close to do the update.  They may also need to finish certain steps when the user logs back in.

What you can do

If you don’t have a testing/patching service like ours, it is still incredibly important to keep all of your computers patched and updated including your servers!   Most patches are automatically configured to come down and install.  But this doesn’t always happen flawlessly.  You can simply click on your start button and type in Windows Update and click check for Windows Updates.   You will want to do this repeatedly until no more updates are left.  You can also find optional updates here as well.

I would suggest a schedule of at least monthly to visit every computer and log what was found and apply everything.  Just be aware there are definitely risks involved with this for the reasons found above.  But the security risks of not doing it are even bigger and more costly.

Other apps

Many other apps offer free security updates as well.  Unfortunately, you have to go to each app and manually update them in many cases.   Apps like Java, Adobe Acrobat, QuickBooks, and hundreds of other programs and mini-apps have regular updates.

Be very careful of anything automatically prompting you to do an update that you aren’t 100% sure about as many viruses, malware, and ransomware systems use this as a way to trick people into installing dangerous software.

Windows Updates:  Dangerous but a critical system to stay on top of

We see updates all the time.   Few things in the IT world are more important than making sure these are installed and up to date but they aren’t without their own risks.   Hopefully, this gives you a bit more insight into the risks as well as their importance.   As always, be sure to give us a call if you have questions or would like to learn more!