> "Took down our entire emergency department as we were treating a heart attack."
Not questioning that it happened, but this was a boot loop after a content update. So if the computers were off and didn't get the update, and you booted them, they would be fine. And if they were on and you were using them, they wouldn't be rebooting, and it would be fine.
How did it happen that you were rebooting in the middle of treating a heart attack? [Edit: BSOD -> auto reboot]
Beyond the BSOD that happened in this case, in general this is not true with Windows:
> And if they were on and you were using them, they wouldn't be rebooting, and it would be fine.
Windows has been notorious for forcing updates down your throat, and rebooting at the least appropriate moments (like during time-sensitive presentations, because that's when you stepped away from the keyboard for 5 minutes to set up the projector). And that's in private setting. Corporate setting, the IT department is likely setting up even more aggressive and less workaround-able reboot schedule.
Things like this is exactly why people hate auto-updates.
But it has created a culture of everything needing to be kept up to date all the time no matter what, and pulling control of those updates out of your own hands into the provider's.
How do you propose ensuring critical security updates get deployed then?
Especially if an infected machine can attack others?
Users/IT regularly would never update or deploy patches which has its own consequences. There’s no perfect solution—but rather there to accept the pain.
Yes. But you don't deploy experimental vaccines simultaneously across the entire population all at once. Inoculating an entire country takes months; the logistics incidentally provide protection against unforeseen immediate-term dangerous side effects. Without that delay, well, every now and then you'd kill half the population with a bad vaccine. The equivalent of what's happening now with CrowdStrike.
Windows update actually provides sensible control over when and how to supply updates since I think Windows 2000 (definitely was there by vista time). You just need to use it.
It was degrading since Windows 2000, with Microsoft steadily removing and patching up any clever workarounds people came with to prevent the system from automatically rebooting. The pinnacle of that, an insult added to injury, was introduction of "active hours" - a period of, initially, at most 8 or 10 hours, designated as the only time in the day your system would not reboot due to updates. Sucks if your computer isn't an office machine only ever used 9-to-5.
No, it was not degrading - Windows 10 introduced forced updating in home editions because it was weighed to be better for general cases (that it got abused later is separate issue).
The assumption is that "pros" and "enterprise" either know how to use provided controls or have WSUS server setup which takes over all of scheduling updates.
We do not know if the update was new version of the driver (which also can be updated without reboot on Windows since... ~17 years ago at least) or if it was done data that was hot-reloaded that triggered a latent big in the driver
> "Windows has been notorious for forcing updates down your throat"
in the same way cars are notorious for forcing you to run out of gas while you're driving them and leaving you stranded... because you didn't make time to refill them before it became a problem.
> "Things like this is exactly why people hate auto-updates."
And people also hate making time for routine maintenance, and hate getting malware from exploits they didn't patch, and companies hate getting DDoS'd by compromised Windows PCs the owners didn't patch, and companies hate downtime from attackers taking them offline. There isn't an answer which will please everyone.
This isn't really a good faith response. This prevention of functionality during a critical period while forcing an update would be like if a modern car refused to drive during an emergency due to a forced over the air update that paused the ability to drive till the update was finished.
The parent response wasn't good faith; it was leaning on an emergency in a hospital department caused by CrowdStrike to whine about Microsoft in trollbait style.
> "This prevention of functionality during a critical period while forcing an update would be like if a modern car refused to drive during an emergency"
Machines don't know if there's an emergency going on; if you don't do maintenance, knowing that the thing will fail if you don't, then you're rolling the dice on whether it fails right when you need it. It's akin to not renewing an SSL certificate - you knew it was coming, you didn't deal with it, now it's broken - despite all reasonable arguments that the connection is approximately as safe 1 minute after midnight as it was 1 minute before, if the smartphone app (or whatever) doesn't give you any expired cert override then complaining does nothing. Windows updates are released the same day every month, and have been mandatory for eight years: https://www.forbes.com/sites/amitchowdhry/2015/07/20/windows...
And we all know why - because Windows had a reputation of being horribly insecure, and when Microsoft patched things, nobody installed the patches. So now people have to install the patches. Complaining "I want to do it myself" leads to the very simple reply: you can - why didn't you do it yourself before it caused you a problem?
If you're still stubbornly refusing to install them, refusing to disable them, refusing to move to macOS or Linux, and then complaining that they forced you to update at an inconvenient time, you should expect people to point out how ridiculous (and off-topic) you're being.
But that's the thing, forced updates are not akin to maintenance or certs that expire on an annual basis. I'm not sure where you seem to be getting your "you should expect people to point out how ridiculous you're being" line from. Your the only one I'm seeing arguing this idea.
Disabling forced updates by using proper managed updates features that exist longer than "forced updates" had is table stakes for IT. In fact, it was considered important and critical before Windows became major OS in business.
Not setting computers that are in any critical path on proper maintenance schedule (which, btw, overrides automatic updates on Windows and doesn't require extra licenses!) is the same as willfully ignoring maintenance just because the car didn't punch you in the face every time you need to up some fluids
I agree that it is willfully ignoring maintenance, but I completely disagree with the analogy that it is the same as ignoring a fluid change in a car. A car will break down and may stop working without fluid changes. The same is almost assuredly not usually true if a windows, or other, update is ignored. If you disagree, then I'd be happy to review any evidence you have that these updates really are always as critical as you think.
A lot of things that come as "mandatory patches" in IT, not just for Windows, are things that tend to generate recalls - or "sucks to be you, buy new car" in automotive world.
In more professional settings than private small car ownership, you often will both have regular maintenance updates provided and mandates to follow them. Sometimes they are optional because your environment doesn't depend on them, sometimes they are mandatory fixes, sometimes they change from optional to mandatory overnight when previous assumptions no longer apply.
Several years ago a bit over 100 people and uncounted amount of possible more had their lives endangered because an extra airflow directing piece of metal was optional, and after the incident it was quickly made mandatory, with hundreds of aircraft being stopped to have the fix applied (which previously was only required for hot locations - climate change really bit it).
Similarly, when you drive your car and it fails to operate, that's just you. When it's a more critical service, you're either facing corporate, or in worst case, governmental questions.
idk, a lot of system are never meant to be rebooted outside of the update schedule, so they wouldn't have been off in the first place. And if those systems control others, then there is a domino effect.
I can see very well how one computer could have screwed all others. It's really not hard to imagine.
What happens when a computer gets rebooted as part of daily practice or because of the update, and then it becomes unusable, and then the treatment team needs to use it hours later?
I dunno, but they'd know about it hours earlier in time to switch to paper, or pull out older computers, or something - in that scenario it wouldn't have happened "as we were treating a heart attack" and they would have had time to prepare.
Not questioning that it happened, but this was a boot loop after a content update. So if the computers were off and didn't get the update, and you booted them, they would be fine. And if they were on and you were using them, they wouldn't be rebooting, and it would be fine.
How did it happen that you were rebooting in the middle of treating a heart attack? [Edit: BSOD -> auto reboot]