Microsoft changes Win7/8.1 updates, pushes even harder for Windows 10

Windows 7 and 8.1 have had a good run, but that’s about to come to a close. According to new guidelines, Microsoft will start rolling out Windows 7 and 8.1 (as well as Server 2008 R2, 2012, and 2012 R2) patches in undifferentiated monthly blobs. The patches will be cumulative, which eliminates the need to exercise judgment in selecting the patches you want. At the same time, though, the new approach severely hampers your ability to recover from bad patches — and it allows Microsoft to put anything it wants on your Win7/8.1 PC.

If you haven’t yet read Nathan Mercer’s Aug. 15 post on further simplifying servicing models for Windows 7 and Windows 8.1, I suggest you do so now.

To a first approximation, Windows 7 and 8.1 customers have two choices: Stop updating entirely or accept everything Microsoft ships. There are some nuances: Admins for Win 7 and 8.1 PCs attached to an update server will be able to independently juggle the security and nonsecurity blobs, while Home users get both security and nonsecurity patches together. Monthly Flash updates and .Net cumulative updates will roll out independently. (See Paul Krill’s InfoWorld article on .Net updating.)

It’s going to take Microsoft a while to fold all of its old patches into the new scheme, but by and large, starting in October it’s Microsoft’s way or the highway.

As you might expect, many longtime Windows 7 devotees (present company included) are livid. After years of picking and choosing patches based on their KB numbers, Microsoft is taking full control of the billion-or-so Windows machines that aren’t yet absorbed into the Win10 fold. If one of the new patches breaks something, your only choice is binary: Remove all of the patches and wait a month for Microsoft to fix the bad one, or suck it up and live with the problem.

Those who are skeptical about Microsoft’s new approach to snooping — patch KB 2952664 is frequently mentioned in that regard, but other patches seem suspect — have reason to don their tinfoil hats. The simple fact is we have no idea what information Microsoft is collecting from Windows 7 and 8.1 systems, and we have no way to find out. What’s certain: If you want to keep your PC patched, you won’t have much choice.

Those who lived through the Get Windows 10 debacle now have even more reason for concern. Instead of pushing back against specific patches, such as the reviled KB 3035583, Win 7 and 8.1 customers will be able to choose between Microsoft’s regimen or nothing at all.

Even those who are willing to open their machines to Microsoft have good reason to fear bad patches. We’ve had lots of them over the years. Less than a year ago, for example, Microsoft released, then re-released, then re-re-released Windows 7 security patch KB 3097877, which froze Outlook, blocked Network logons, and killed several programs. Patching Windows 7 and 8.1 is an iffy proposition.

We don’t have many details about the new approach, but presumably Win 7 and 8.1 will be modified to include the ability to roll back the last patch, much as Windows 10 lets you roll back a cumulative patch. There’s no talk of allowing users to preemptively block new patches; there certainly won’t be any granularity in the new patching scheme: You either take it or you don’t — and if you stop taking one patch, you stop taking them all.

As long as Microsoft doesn’t screw up the patches — and customers are willing to put up with Microsoft’s snooping — this new approach certainly has benefits. Presumably the hours-long waits for Windows Update scans will go away. The new Update routine (“servicing stack”) only needs to download the deltas — the changes from the previous version. Everybody will be running the same version of Windows, which should make it easier to keep the patches working.

I say “should” because Microsoft’s record ain’t so hot. Cumulative updating in Windows 10 has worked well, although there was a problem earlier this month, with a printer bug introduced by the latest cumulative update, that is not yet fixed. Pundits will note that the Win10 installed base is considerably cleaner than the Win7 and Win8.1 jungle. The move to the Anniversary Update, which has been rife with problems, is a different story.

Cumulative updating in Office — that is, Office Click-to-Run — hasn’t been so problem-free. There were significant bugs in December that wiped out Word macros and customizations; two in February that caused documents to freeze on open and knocked out POP3/deleted mail; one in April that crashed Lync/Skype for Business and Outlook; one in June that caused Office apps to throw an error 30145-4; and another in July where Excel won’t open renamed HTML files. That doesn’t bode well for Windows 7 as a service.

Microsoft’s been consolidating patches of late — KB 3161647 can only be installed if you’re willing to accept six unrelated patches, for example. At least one InterNet Explorer “security” patch has included nonsecurity fixes as well. You have to wonder if this new approach will further blur the line.

Microsoft once again promises to fix its ancient Update Catalog site, which still requires ActiveX and thus Internet Explorer. That’s a familiar refrain.

There are many unanswered questions. For example, the official announcement says, “The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog.” That would seem to imply that sufficiently motivated Windows 7 users who aren’t attached to an update server will be able to help themselves to only security patches and shun the nonsecurity patches.

It appears there will no longer be identifying information for individual patches. Instead, we’ll see “consolidated release notes with the Rollups for all supported versions of Windows.” It remains to be seen if that’s the death knell for monthly security bulletins. It certainly means we’ll see a huge reduction in the number of KB-identified patches.

We also don’t know what will happen to the distinction between Recommended and Optional patches. Perhaps we’ll all get patches for the Azerbaijani Manit or we’ll all get tanked by a change to the Russian ruble.

Be of good cheer. If the old Windows Update check boxes don’t work right, Microsoft can push out an update that removes them or changes what they do. Maybe an unchecked box will become equivalent to the old checked box, or vice-versa. In either case, you won’t have much choice in the matter.

In this brave new world, one has to wonder if it’s worth the effort to fight Windows 10. Microsoft is removing two of the great distinguishing features of Win7/8.1 — granularity of updates and the ability to control them — while opening Win7 and 8.1 to the same snooping features that are in Win10. Is resistance futile?

The discussion continues on AskWoody.com.

Tip o’ the hat to @teroalhonen and many others on AskWoody