Windows Updates sometimes cause more harm than good. What's the best way to handle them?
There's good news, there's bad news, and then there's even worse news.
The good news is that Microsoft has an extremely active Windows Update service, delivering a steady stream of bug fixes, patches, and updates for Windows and its essential subsystems, such as Internet Explorer.
The bad news is that Microsoft needs this service to be extremely active, because there are a lot of problems in Windows software and because malicious hackers work harder to find exploitable security flaws in Windows than in any other type of software.
The worse news is that, sometimes, Microsoft patches and updates cause more trouble than the problem they're trying to remedy: The cure can be worse than the disease.
For example, it happened again just in the last couple of weeks with security patch 811493; an NT/Windows 2000/XP update designed to correct a security problem in the Windows kernel. Microsoft described the problem this way:
"The Windows kernel is the core of the operating system. It provides system-level services such as device and memory management, allocates processor time to processes, and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. This flaw causes vulnerability. An attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system, including deleting data, adding accounts with administrative access, or reconfiguring the system."
Microsoft rated this patch as "Important," and it clearly is. Millions of users downloaded and installed it. And then the trouble started: Huge numbers of users saw a tremendous slowdown in their systems after installing the patch. For a hint of the scope of the problem, here's just one (of many) Usenet discussion threads on the subject, this particular example from the microsoft.public.windowsxp.security_admin group.
In that item, Microsoft acknowledges the problem, and traces it to "a regression error in the Windows XP SP1 versions of the kernel files (Ntoskrnl.exe, Ntkrnlmp.exe, Ntkrnlpa.exe, and Ntkrpamp.exe) that are included in the 811493 security update." Microsoft also agreed with what the user community had discovered much earlier; that "This problem may be more likely to occur if you use some features of some third-party programs, such as antivirus programs. For example, this problem may occur if your antivirus program is configured to scan all files when you open (or you run) them. This is sometimes called 'real-time' scanning."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.