Edit: Still an ongoing issue
Originally posted October 24, 2017 on AIXchange
Let’s talk about patching. IT pros understand that it’s critical to patch in a timely matter. Or at least they should understand, but then, getting behind on patching was one factor in the Equifax breach (and many other breaches for that matter).
Even though patching is essential, having control over when and how you patch is highly desirable. When we’re talking about servers that run your core business, you should have absolute control over when and how you apply your fixes. Of course with this power comes responsibility. You should be coordinating with change control and testing changes in a test/dev/QA environment before anything is put into production, and you should be installing fixes in a timely manner, especially high severity fixes.
However, not everyone gets to decide when their patches get installed. Unless you’re inclined to go into your advanced settings and fiddle around a bit, from what I can gather recent Windows versions offer very little in the way of controlling how and when updates are made. I’ve seen Windows 10 systems reboot with no warning on “Patch Tuesday.” I realize this behavior is aimed at non-technical users, and their systems should certainly be kept reasonably current. Nonetheless, they should still have some control over the process. And it’s not just a workplace issue. I’ve seen patch downloads occur over metered connections when it would make more sense to allow these users to choose when to actually download the fixes. Not everyone has unlimited data, even at home; and this is certainly the case with most cellular users. If you’re using your phone as a wifi hotspot with a laptop, you don’t want your limited data allowance chewed up by a Windows update that could have waited till you got home.
Related to this, I’ve read news articles about people reporting system issues once patches were installed. How furious would you be if couldn’t do work following an unplanned reboot, or even worse, if your machine no longer rebooted at all? Imagine the chaos in your life if you no longer had access to your computer, especially if it happened when you were not expecting it.
The point is, if you’re in the middle of something and work gets lost to an auto-reboot, it’s counter-productive. I’d like to see a happy medium with consumer devices. Even my phone lets me postpone updates until it’s more convenient. As an IT pro, having a head’s up with these devices is valuable. I like to take a good backup before patching so it’s easier to roll back the changes if disaster strikes. That may not be possible with a machine that just reboots out from under you.
These are just things I’ve seen recently. To be honest, I’m not sure how widespread this issue is, or whether the fault lies primarily with Microsoft, corporate IT policies or users themselves. I’m just an AIX administrator with a blog, after all.
Perhaps the solution is to switch to Linux on the desktop–although that hasn’t worked out so well in Munich.
What are you seeing with patching, either in the enterprise or among your non-techie friends on the desktop?