Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday

[Reefa]

Ignite 2015 Microsoft has shown off some of the new security mechanisms embedded in Windows 10, and revealed a change to its software updates.

Windows supremo Terry Myerson reckons the revised security patch rollout – effectively ditching the monthly Patch Tuesday – will shame Google.

"Google takes no responsibility to update customer devices, and refuses to take responsibility to update their devices, leaving end users and businesses increasingly exposed every day they use an Android device," Myerson said during his Ignite keynote in Chicago today. He was referring to the sometimes tardy rollout of operating system updates for Android gadgets.

"Google ships a big pile of [pause for effect] code, with no commitment to update your device," he added to chuckles from the audience.

Myerson promised that with the new version of Windows, Microsoft will release security updates to PCs, tablets and phones 24/7, as well as pushing other software "innovations," effectively putting an end to the need for a Patch Tuesday once a month.

Windows 10 enterprise customers will stay on the monthly update cycle, which will be reworked as Windows Update for Business: this will allow IT managers to pick and choose updates to deploy, and set when they will be automatically installed.

Meyerson said home users will get patches first, which will allow businesses to hold off and see what breaks before installing – bug patches have bugs from time to time, after all.

He also said that the patching system had been updated to allow much tighter control over branch offices and remote users, who may not have decent bandwidth. Patches can be distributed peer-to-peer, and the timing of the installations can be set to ensure update downloads do not interfere with day-to-day operations.

The goal, he said, was to make users of all stripes more secure by constantly feeding updates down the pipe, across all devices once Windows 10 is launched. Update for Business will be a free service for enterprise and pro Windows customers

On the data protection side, Brad Anderson, veep of enterprise client and mobility, showed off a new feature in preview builds today: Microsoft's Advanced Threat Analytics (ATA). This tries to sense the presence of malware in a network, and locks down apps to prevent sensitive data being copied within a device.

Cut'n'paste is cut

At the heart of ATA is software developed by Israeli startup Aorato, which hit the headlines in July when it claimed to have discovered a major flaw in Active Directory. Microsoft bought the biz, and used its knowhow to toughen up the defenses in Windows 10.

ATA constantly scrutinizes your office network, and uses basic machine learning techniques to identify suspicious behavior by devices and users, and raise the alarm if necessary.

IT administrators can use ATA to also lock down Windows 10 systems to only allow data to be cut and pasted between corporate applications, while personal apps such as Twitter can be blocked from getting the same data from the clipboard. If desired,

information can be copied from corporate to personal apps, but with the action recorded in an audit log.

Using Azure, administrators can choose to embed metadata in files so that managers can see who read what document, when, and where from. If a particular user is trying to access files they shouldn't, an alert system will let the IT manager know.

This level of monitoring will cover devices and applications, too. A user's account can be called up to show how many devices they use to get onto the network, and sound an alarm if someone's trying to access data from one location, and then again from the other side of the world a few minutes later.

As a premium service, Microsoft will also offer data from Redmond's security team who monitor black-hat forums, and will alert IT managers if any of their users' identities have been put up for sale.

Other features are going to be added before the launch of Redmond's new operating system, as well as security-related tweaks to Intune and the System Center Configuration Manager, Anderson promised, and will be rolled out to developers over the coming weeks.

theregister.co.uk

[manju]

well, it makes sense! since Patch Tuesday was always a way for hackers to get time to work on there exploits....

this way end-user may have bought him self some time to fight back (apply the patch issued by Microsoft and protect him self) :showoff:

[player]

Meyerson said home users will get patches first, which will allow businesses to hold off and see what breaks before installing

so home users are now officially guinea pigs.

[davmil]

Meyerson said home users will get patches first, which will allow businesses to hold off and see what breaks before installing

so home users are now officially guinea pigs.

Might as well make those least able to take care of themselves as cannon fodder. Get ready for that call from MOM. :huh:

[banned]

I think maybe they should have something like fast and slow rings for Windows update, and allow the user to make a choice (with slow being the default, for stability reasons).

[CODYQX4]

Great, now they can break your system any day of the week.

They need to stop breaking Windows 7 monthly first.

[edwardecl]

"see what breaks before installing"...

Are we supposed to thank Microsoft now?

[dcs18]

From the security point of view, I prefer this regime to the existing Patch Tuesday - why wait for one entire month to fix interim vulnerabilities.

Besides, since the patching is now proposed to go retail instead of wholesale - the likelihood of patches breaking my Windows would reduce drastically. Even if Windows were to break, I would find it far more easier to narrow down to the culprit patch.

[emerglines]

At the heart of ATA is software developed by Israeli startup Aorato

I don't trust that!

Meyerson said home users will get patches first, which will allow businesses to hold off and see what breaks before installing

Thanks anyway, I don't need their shit, this again proofs that Micro$hit doesn't care about you!

[dcs18]

Windows breaks itself - Linux breaks people. :sneaky:

[212eta]

Microsoft puts ‘Patch Tuesday’ out to pasture, promises quicker security updates

[davmil]

From the security point of view, I prefer this regime to the existing Patch Tuesday - why wait for one entire month to fix interim vulnerabilities.

Besides, since the patching is now proposed to go retail instead of wholesale - the likelihood of patches breaking my Windows would reduce drastically. Even if Windows were to break, I would find it far more easier to narrow down to the culprit patch.

Valid points fer sure. It's the patches that install & reboot the machine that hose my clients from time-2-time. Hopefully we'll still be able to schedule the updates for the wee hours.

[davmil]

At the heart of ATA is software developed by Israeli startup Aorato

I don't trust that!

Meyerson said home users will get patches first, which will allow businesses to hold off and see what breaks before installing

Thanks anyway, I don't need their shit, this again proofs that Micro$hit doesn't care about you!

Honestly now - all code has issues, updates & enhancements. Responsible vendors identify, catalog, track, prioritize and issue patches on regular basis. MSFT's got a bigger job than most. When I worked @ Adobe and other's every one had 1,000s of known problems - responsible developers publish, track and (sometimes) repair problems affecting significant populations. Try working down thru the UNIX vendors known problem lists and you'll find MSFT's are not unique.

[ugurano]

your can try everthying, but your can not kill the crackers

[LeeSmithG]

Patch Tuesday stopped a long time ago.

Of course second Tuesday of the month, M$ release a lot of them, however, during the period from one (1) patch Tuesday to another, updates appear.

Patch Tuesday should be got rid of and when an update is available then M$ should release it.

[emerglines]

Honestly now - all code has issues, updates & enhancements. Responsible vendors identify, catalog, track, prioritize and issue patches on regular basis. MSFT's got a bigger job than most. When I worked @ Adobe and other's every one had 1,000s of known problems - responsible developers publish, track and (sometimes) repair problems affecting significant populations. Try working down thru the UNIX vendors known problem lists and you'll find MSFT's are not unique.

I'm not complaining about how they fix issues, the problem here is they will use users as a lab rat to test patches then release them later to enterprises, which means that their main consumer are enterprises, so no more support for home users...

[davmil]

Honestly now - all code has issues, updates & enhancements. Responsible vendors identify, catalog, track, prioritize and issue patches on regular basis. MSFT's got a bigger job than most. When I worked @ Adobe and other's every one had 1,000s of known problems - responsible developers publish, track and (sometimes) repair problems affecting significant populations. Try working down thru the UNIX vendors known problem lists and you'll find MSFT's are not unique.

I'm not complaining about how they fix issues, the problem here is they will use users as a lab rat to test patches then release them later to enterprises, which means that their main consumer are enterprises, so no more support for home users...

What they need to do IMO is establish a wide-ranging group of competent testers that act as early adopters... people who know how to make image backups beforehand at a minimum. There's no way they can create a fully representative testbed that includes a significant fraction of the configurations their software faces given billions of installations. They've got to float it out to 100K people worldwide. Enterprises commonly already do this testing internally before releasing updates but their configurations are more predictable than home users and they've got the resources and know-how home users lack. In return for beta testing M$FT's myriad of patches M$FT should offer them free or significantly discounted software. Just my 2 cents.