I worked in Antarctica last year, a "winter-over" contract as combination Network Engineer/Glacier Search and Rescue (GSAR) team member, at one of the very small U.S. research stations.
In the atmospheric/climatology lab there are a number of computers running very specific versions of Windows (down to specific patches) tailored to really obscure science research software packages, some industry standard, most custom-rolled and tailored to that project. Which means they're very fragile and need to be left alone.
Of course Microsoft blasts Win10 installer files down our very expensive, very slow satellite link, and proceeds to force Win7/8 systems to Win10 which broke a few multi-million dollar experiments in a place that takes MONTHS to get to in the winter. So effectively killed the research.
And yeah, you can argue "well you should've disabled Windows updates etc etc" but in REALITY, not perfect-theory world, you should be able to trust your OS manufacturer not to force-install a major OS revision without your consent. And in the old days of Microsoft, you could. Now they just say "f--- you, we're installing it regardless what you want."
I recall the forced update on windows 10 booted some anti poaching rangers off their machines used for gps coordination for like 12hrs in the African bush where they had already poor internet connection and potentially lost some endangered animals.
Yep, which is why you disable Windows Update too. The people who work on Windows these days should probably all be fired. Out of a cannon. Into the sun.
Not trying to be funny here, but I would not be surprised if an automated Windows update borked something. Recently heard about an Antarctic base that lost heating for 36 hears after a Windows Update triggered a several GB download over the base's modem downlink.
Microsoft _should_ not be anything like where you work. I'm not a Windows-user, but if I were I would hope and expect that the update mechanism for one of the worlds most used pieces of software was closely guarded by several layers of computer-based signing and human approval.
OK, so now every time Windows 10 decides it is time to force an update it becomes a kind of Sci-Fi thriller ... you watch it and watch it and hope the hero doesn't die at the end.
I know people that simply disabled the Windows Update service to avoid this hassle, with the risk of ending up with a non secure system in the long run.
If you want to use Windows, just do it. But if you had to experience what it feels like when Windows thinks it is time for an automatic-forced-reboot-update which takes 4 hours the day you have to submit a thesis, then you might know why I am not so fond of Microsoft products anymore...
By the way, later that month I learned that I had been lucky as some people ended up being stuck within the update.
The only time I use Windows is on our AWS instance. On there, we run WSUS and do automatic updates to a subset, and upon good update, approve the rest of the machines.
EDIT: Didn't recognize the username at first. I still have some doubts, but I do remember you talking about going to Antarctica in the Tron subreddit. I recently used Tron, and I hope that there isn't some undocumented part of the script that is disabling automatic updates.
I have some doubts about this story... The forced Windows 10 update was only sent to non-enterprise versions of Windows. I highly doubt any of these experiments were running the home editions of Windows due to the lack of control. Also, I am pretty sure that running home versions of Windows in contexts like this is against the Windows TOS.
It never stops to amaze me how unwilling most people are to explore the latest Win10 options to always defer updates by number of days (eg stay a week behind on feature updates to let others be more on the cutting edge), or even temporarily freeze the windows update service by up to a two digit number of days.
If I ever wanted to be sure that no updates took place I'd use the freeze.
Switching OS might be a solution, but it is worth having a look at these first. The upside is never being behind on patches, and there are actually some bloody useful fixes coming down the pipeline especially as far as security is concerned.
No-one running a large organisation's IT systems is going to be letting individual machines just install whatever updates the software maker feels like pushing, even on Windows 10. That would be a big risk in itself: plenty of software makers, including Microsoft, have pushed horrible breaking changes in updates in the past.
Personally, where I would point the finger squarely at Microsoft is in its recent attempts to conflate security and non-security updates. Plenty of people, including organisations who are well aware of what they're doing technically, have scaled down or outright stopped Windows updates since the GWX fiasco and other breaking changes over the past few years.
This also leads to silliness like the security-only monthly rollups for Windows 7 not being available via Windows Update itself for those who do update their own systems (not that this matters much if Windows Update was itself broken on your system by the previous updates and now runs too slowly to be of any use). Instead, if you don't want whatever other junk Microsoft feel like pushing this month, you have to manually download and install the update from Microsoft's catalog site. Even then, things like HTTPS and support for non-IE browsers took an eternity to arrive, and whether the article for the relevant KB on Microsoft's support site includes things like checksums to verify the files downloaded were unmodified seems to be entirely random.
I get that Microsoft would like everyone to use Windows 10, but since for some of us that isn't an option or simply isn't desirable. Since we bought Windows 7 with Microsoft's assurance that it would be supported with security patches until 2020, this sort of messing around is amateur hour and they really should be called out on it a lot more strongly than they have been.
I normally have a lot of time for Troy Hunt, but on this one I'm not sure I agree with him.
If Windows Update provided only essential updates for security and stability by default, and if it did so transparently so everyone could see exactly what was being done and why, and if it did so with minimal interruption to the user's real work, he would have a decent argument. But none of those things is the case.
Look at the comments on the article, or here, or on countless other forums since the Windows 10 fiasco started. Heck, look at Troy's own acknowledgement:
I've had Windows Update make me lose unsaved work. I've had it sitting there pending while waiting to rush out the door. I've had it install drivers that caused all manner of problems. I've had it change features so that they work differently and left me confused. I've had it consume bandwidth, eat up storage capacity and do any number of unexplainable things to my machines.
I've seen those things too, and more. I've seen unfortunately timed updates cripple a sales team right before a crucial demo, months in the making, that was supposed to close a £1M deal... in a small business that closes perhaps 2-3 such deals a year and relies on them to pay everyone's salary. Not much point worrying about encrypted filesystems if your business went bust already.
The fundamental problem here is that Microsoft is no longer trustworthy. They have demonstrated, repeatedly, that through both negligence and malice they will break systems that install their updates. The Microsoft that some of us trusted back when we bought our Windows 7 machines is not the Microsoft of the past few years, but we're stuck with those machines now, so we have to find the least risky path forwards taking into account as many potential problems as we can. It is far from clear to me, on the evidence to date, that accepting all of Microsoft's updates by default is safer than rejecting all of them by default.
Forced restarts have been wreaking havoc among my users that have switched to Windows 10. Plenty of notice, you say? Hardly.
Our software and engineering staff are no longer confidently able to perform long-running operations overnight or across weekends. Simulations, and data-capture runs in particular are now routinely being done during normal business hours since users cannot trust that their OS won't kill everything for an update midway.
Among my tasks for this coming week is working up plan to isolate key workstations, and estimating the required budget to provide the affected users with secondary PCs for routine tasks which require internet connectivity.
Forced updates and reboots are deal breaker for me. There's nothing more frustrating than leaving a long running simulation up all night only to realize that windows rebooted in the middle of the night. Or you need to reboot for some other reason, you're in a hurry, but now windows needs to install 137 updates.
If a job requires me to use windows, I will find another job.
The only "dumb" thing I can think of is critical medical equipment being on a network that can hit Windows Update. It is on people Windows for production tasks that may be jeopardized by updates to responsibly handle themselves. I practice what I preach: my video encoder rig lives on a network that explicitly drops connections to Windows Update--but the machine is also firewalled away from the internet at large and only visits trusted websites as part of production tasks. Neither half of this responsibility is tenable without the other.
I am expressly not saying that "forcing" Windows 10 updates on users is a good idea--but I'm sympathetic, and I'm not saying it's not--but if you are running something like "critical medical equipment", it should already be incumbent upon you to be doing it right.
Yeah, if updates were reliable I wouldnt care, but not only are they unreliable, but they autoclose all your important work. So many coworkers get annoyed when they come back to work and Visual Studio and Chrome was closed due to updates so now they have to go back and figure out where they left off. I may see if I can suggest our (uncommonly competent) IT guy to install Windows Enterprise instead for the sake of not being forced to update, although I might run it by our team lead to be sure.
Windows 10 puts Microsoft's needs ahead of the users.
There is no easy way to avoid updates interrupting your work, always when you need to use your PC for an urgent work issue.
The home screen adverts, and preinstalled junkware are insulting.
It is impossible to interact with the OS for more than a few minutes without finding another bug you have never seen before.
On Friday I was using a test laptop. The start menu stopped working, so I do a restart, but Windows decides to do an update (ignoring the configured "don't update between 8am and 6pm" setting).
I can't believe they don't have a professional version with a yearly subscription. I want my tools to work, not interrupt me, or fail randomly.
Yes. Don't tell people to not use Windows updates. That's bad advice from a security point of view. Tell them to not use Windows, period. That's (typically) good advice from a security point of view (of course you still have to install updates on other other operating systems.)
In the atmospheric/climatology lab there are a number of computers running very specific versions of Windows (down to specific patches) tailored to really obscure science research software packages, some industry standard, most custom-rolled and tailored to that project. Which means they're very fragile and need to be left alone.
Of course Microsoft blasts Win10 installer files down our very expensive, very slow satellite link, and proceeds to force Win7/8 systems to Win10 which broke a few multi-million dollar experiments in a place that takes MONTHS to get to in the winter. So effectively killed the research.
And yeah, you can argue "well you should've disabled Windows updates etc etc" but in REALITY, not perfect-theory world, you should be able to trust your OS manufacturer not to force-install a major OS revision without your consent. And in the old days of Microsoft, you could. Now they just say "f--- you, we're installing it regardless what you want."
That company can die in a fire for all I care.
reply