Terry Myerson, speaking at the Ignite conference in Chicago yesterday and posting on the Windows blog about Windows Update for Business, has filled in some long-sought details about the way Windows 10 will be maintained. We won't really know how well Windows 10 updating works until we've seen it in action for a few months, but at this point there's a small chance it will be better than the current patching fracas.
It's hard to imagine the situation getting any worse.
Drawing from Myerson's talks, yesterday's Windows Update for Business announcement, Gabe Aul's overview in March of the Fast and Slow rings, Jim Alkove's post in January about Long Term Servicing branches, and a whole lot of years pushing brooms in the Windows patch cleanup brigade, here's what I understand about the nuts and bolts of how Windows 10 will be patched.
- Microsoft will continue to run its massive automated regimen and dog fooding in-house.
- When the patch looks good, it'll go to Windows Insiders in the Fast ring. (There may be a "Ludicrous ring" at some point, but there's been no official word from Microsoft.)
- Once the Fast folks have hammered on it for a suitable amount of time, the patch will go to the Windows Insiders Slow ring.
- Having passed Slow ring muster, the patch heads out in two directions.
- First, the Slow-approved patch goes out to all consumer Windows 10 customers -- the ones with "free" Windows. Consumers have no choice about it; they will get the patch, thereby being updated to the "Current branch." Presumably Windows 10 will have some mechanism for prohibiting reboots at specific times of the day, but that's the extent of individual customers' control. There will be no ability to shut off automatic updates (short of permanently disconnecting from the Internet), no provision for blocking specific updates, and no way to roll back updates -- either one at a time, or en masse -- should they cause problems. I haven't seen any official announcement that lays the process out quite so starkly, but that seems to be where we're headed.
- At about the same time, the update will head into the Windows Update for Business buffer. There, an admin will decide whether or not to roll out the update, and to which machines on their network. We don't have any details about the process, but it sounds much like Windows Server Update Services (WSUS) -- leaving open the questions of whether WSUS as we know it will be enhanced for Windows 10, what admins get to do with Windows 7 and Windows 8 updates, and much more. System Center Operations Manager and Enterprise Mobility Suite, we're assured, will continue as they are now.
- The patches will roll out as they become available. Patch Tuesday gets dumped in the bit bucket -- which won't make much difference because we've recently been getting patches five or six or eight times a month anyway.
Myerson's description makes it sound like there's a new updating system coming:
Windows Update for Business will reduce management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovation from Microsoft on an ongoing basis. Windows Update for Business is FREE for Windows Pro and Windows Enterprise devices. It's part of our intelligent cloud -- we will update and maintain Windows devices for you, while still giving you control… As you roll out Windows 10, we recommend you segment your Windows devices and consider the best updating approach for each class of device, and then start a pilot of Windows Update for Business with your end-user devices.
The net result sounds a lot like the "Current branch for Business" described in Alkove's January post.
Worth noting: If you want to choose when you get patches, you will have to pay for Windows 10 Pro or Enterprise. Consumer "core" Windows 10 users get updated, period, as best I can tell. And it isn't at all clear if stand-alone Windows 10 Pro users can control their own patching destiny -- customers may be forced to run a server and use something like WSUS just to keep the wolves from the door.
At some point, the update will go into a different hopper and/or hoppers, to be fed to corporate Long Term Servicing branches. I've read speculation that the Long Term Servicing branches will look a lot like Service Packs, and will go out several times a year.
Sounds like a plan.
The devil's in the details
Now permit me to play devil's advocate.
If there's an emergency security patch -- say, we see another Kerberos hole or some massive zero-day -- what will the sequence look like? Will the patch go from dog food to Long Term Servicing within 24 hours?
What about garden-variety security patches, like the massive Internet Explorer rollups we're seeing every month or two? Myerson talks about that a bit, but there's a lot of ambiguity about how long "regular" security patches will sit in the Fast and Slow lanes -- if, indeed, they sit there at all.
What if there's something terribly wrong with a patch? How long will it take Microsoft to a) identify that there's a problem and b) fix it? Will the fix zap out the bad patch (as we saw with the Silver Bullet patch last December), or do we need to wait for a full rewrite of the bad patch? Microsoft's track record -- especially recently -- does not inspire confidence.
Can we get a driver pressure-relief valve? I'm seeing lots of complaints about the current Windows 10 beta builds overwriting drivers. If there's no way to bypass the enforced updates, there doesn't seem to be any way to install better drivers and get them to stick. Surely hardware manufacturers are going to raise a stink about that.
I may be hopelessly pounding my chest, but those are important questions. I have this nightmare scenario where 99.5 percent of all Windows users are working fine after a particular patch, but the 0.5 percent that get clobbered have to wait a week before Windows is working again -- with no way to roll back the damage, reinstall an older version, or even prevent Windows from updating and clobbering itself again. And when you figure that 0.5 percent of a billion Windows 10 users is… well, you do the math. I expect half of them will write to me, complaining.
I have another nightmare scenario where half of the Windows 10 user base gets updated, a big problem appears, Microsoft pulls the update, and all of a sudden we have half a billion people running one version and the other half running a slightly different version.
We'll have to see how it all shakes out, but there's one very important positive point: Handing out security patches to the Fast lane first will make it possible for a very large group of people to test new security patches before they go out to the masses. If software and hardware manufacturers thoroughly test patches coming down the Fast lane, if Microsoft takes special care to listen to the Fast lane complaints, and if there's a hair-trigger response to pull any bad patches before they get to the Slow lane, we may see an end to the debacles that have plagued Windows patching for more than a decade.
If all goes well, the only downside I can see is that the bad guys will be in the Fast lane, too.