Microsoft Kills Off Patch Tuesday in Favor of Automatic Updates
At its first-ever Ignite Conference this week, Microsoft did what some may think is the unthinkable. Redmond will put the kibosh on Patch Tuesday when it rolls out Windows 10. Instead, Microsoft is offering Windows Update for Business to help IT professionals keep Windows devices always up to date with the latest security defenses and Windows features.
Terry Myerson, Microsoft’s executive vice president of operating systems, made the announcement at Ignite. He explained that Windows 10 was designed with security at all layers of the stack, from device protection to identity protection to application protection to information protection. Against that backdrop, he introduced Windows Update for Business.
“Windows Update for Business will reduce management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovation from Microsoft on an ongoing basis,” Myerson said. “Windows Update for Business is free for Windows Pro and Windows Enterprise devices. It’s part of our intelligent cloud -- we will update and maintain Windows devices for you, while still giving you control.”
An Interesting Prediction
We caught up Wolfgang Kandek, CTO of cloud security solutions provider Qualys, to get his take on Microsoft ending Patch Tuesday’s 12-year run. He told us together with making Windows 10 widely and freely available, this is an excellent move by Microsoft to increase security on the Internet.
“Windows 10 follows the path first taken by the smartphone sector where iPhones, Androids and Windows phones were pioneered to receive updates as soon as they become available,” Kandek said. “This strategy has worked out exceptionally well, as we generally see smartphone malware infections under 0.75 percent -- 0.03 percent in the recent Verizon Data Breach Investigation Report.”
Kandek explained that enterprises have the option to continue with tighter patch control with Windows Update for Business, and he expects to see advantages of fast patching on the desktop level. His specific prediction: “More and more our desktop and laptops will become pure Internet connected workstations that have no dependencies on legacy applications that force the use of outdated software versions.”
There are four key parts to the new system: Distribution rings let IT pros specify which devices go first in an update wave, and which ones will come later to make sure any quality kinks are worked out; maintenance windows let IT pros specify the critical timeframes when updates should and should not occur; peer-to-peer delivery lets IT make delivery updates to branch offices and remote sites with limited bandwidth more efficient; and it also integrates with IT’s existing tools like System Center and the Enterprise Mobility Suite.
The Ludicrous Tier
Chris Goettl, a product manager for IT management software and solutions firm Shavlik, told us Windows Update for Business is not really an end to Patch Tuesday. Rather, it’s Microsoft’s way of adapting to the demands of its customers, he said.
“The most interesting of these are the distribution rings, which will allow consumers and businesses to choose the adoption rate they desire,” Goettl said. “Consumers will want to be on one of the faster-moving tiers. They may not want to be part of the ‘ludicrous’ tier, but these users will want faster adoption of new features and user experience changes.”
Here’s an example: An IT organization with a desire to vet out new updates before they reach the bulk of their user base can put a test group on the “ludicrous” tier. That way they can get a feel for the changes coming, the stability of those changes and potentially block any of those updates that a negative effect, he said.
“We have always recommended organizations have certain groups of users adopt updates immediately upon release. Remote users and laptop users -- the road warriors -- would be good groups to put in the faster-moving branches,” Goettl said.
“On premise machines that have multiple layers of defense could remain on long-term service branches and keep more to monthly maintenance schedules, but we would still urge customers to move any end user machine to more aggressive update schedules," he added. "We recommend weekly updates as the number of third-party releases throughout the month are quite high and include a lot of security-related updates.”
Posted: 2015-05-11 @ 6:48am PT
I don't see that happening in my shop.