New
#1
Every product that Microsoft has ever sold....
I heard that fragment of a statement as I walked past a table in a burger joint.
I wanted to pull up a chair and say, "Go on".
So, how would you complete that sentence?
I heard that fragment of a statement as I walked past a table in a burger joint.
I wanted to pull up a chair and say, "Go on".
So, how would you complete that sentence?
Oh what a thread that one is
I started to ask this question in that thread:
Is an unpatched W7 system faster than a patched one?
...but opted not to. The tone of that thread did not lend itself to a calm discussion.
XP pre SP1 would run on a system with only 256MB. Try that with SP3+.
One XP patch caused a company that I work with some lost labor and files ($$$). Fortunately, it was a patch that could be uninstalled... but the files were gone for good. I got the kudos for finding the KB that caused the mess - no money mind you, just kudos
To be fair to MS, the XP patch was not bad or flawed and the KB warned about using it in an environment that had servers using SMB 1. But seriously, should every business have to have someone on staff that knows that SMB is? Much less what version their headless file server is running. And that KB came in via auto-updates. (If I recall correctly).
To be clear, I'm pro-updates (even if they slow a system down). But patches are not risk free. By definition, they change things. I would find it hard to calculate the odds of getting exploited vs. the odds of $damage$ due to a patch.
I lost many hours of labor just last week due to a W7 patch.... maybe I'm a jinx. :-(
I wouldn't say a patch/hotfix necessarily slows a system down - the point of a patch is to fix stuff, not really add to the system. For example, it's replacing code to fix things - may reduce the overall size of the system, may increase it and may optimise it.
You have given classic examples of why updates shouldn't be automatically installed and why up to date backups are so important. A backup of data should be made just prior to installing updates. Allowing updates to automatically download is a good idea because it removes the danger than one might not remember to do so. Not automatically installing the downloaded updates allows one to choose when the updates will be installed, such as immediately after a data backup. It also allows the option of waiting a few days before installing to see if there are reports of a wonky update. M$ normally fixes these within two or three days. Or one could opt not to install the faulty update until M$ has a chance to fix it or issue a workaround.
At the very minimum, everyone (especially businesses) should have some kind of a scheme in place to keep backups as curent as possible. Multiple backups, at least one of which is kept offsite are vital because backup media can fail or become corrupted. A minimal scheme for a business would be to have software and hardware in place that will automatically run a backup after the close of the business day. A duplicate of that backup (or, even better, a second backup taken after the first on separate media) should be taken to a bank for storage in a safe deposit box (mayhap along with the daily deposits, for example) and swapped out with an earlier version. Using an online backup service as well will help to ensure your data is continuously backed up in case of a problem during the day; I use Carbonite myself (disclaimer: the only connection I have with Carbonite is they cheerfully take my money in exchange for the backup service I receive from them). Since online backups can also fail, redundancy of backups is vital.
All of this may sound expensive (and it is) but compare that to the cost of lost data and/or recovering it. I personally maintain backups on three different HDDs for each HDD I have in use (and keep one in a safe deposit box in my Credit Union) which I swap out no less than once a month, depending on what data is on it and when it was added. I also use Carbonite to capture data inputted or changed between backups. By having four backups spread between three locations, I'm highly unlikely to ever lose my data. You have to ask yourself just how valuable your data is. A good backup scheme is cheap insurance against the expense of dats loss.
Sorry that I was not clear - most of the data that was lost could not be backed up since the patch prevented it from ever being written to a hard drive on the server. Workers kept typing data into their software and "saving" files that were never really saved anywhere.
There were a few existing files that worker attempted to update with info. The patch caused those files to be deleted and the new data was never written in their place. For those files, I could get them from the offsite backups... but the data entry labor was lost.
I set this particular organization up with multiple automated on-site backups and multiple automated off-site backups. Some run nightly, others update ever hour...but again, there was nothing to be backed up.
I support more than one organization. A different group that I work with uses a paid IT support service that turns off updates and the firewalls on all computers that they service. I only get called in when that IT company cannot fix an issue or to do things not covered by the support contract - like rebuild an OS.