Security

Poll: How often does the Windows patch process hose your systems?

The TechRepublic Microsoft Windows Blog member poll: How often does the Windows patch process hose your systems?

With the help of Justin James' yeoman effort, TechRepublic has been publishing the Microsoft Patch Tuesday blog post every month since September 2008. On the second Tuesday each month, Justin gives you the breakdown and the lowdown on Microsoft's latest batch of security and/or bug patches. As part of this service, we ask you to share your experience with the patch in the Discussion Forum so we can assess problem areas and develop practical solutions to solve them.

Which brings me to this week's poll question: How often does the Windows patch process hose your systems? Judging by the discussion threads each month, there always seems to be at least a few members expressing frustration about patches failing to install or,  worse, bringing down systems that were functioning before the patches were applied. But how often does this happen? Are you spending more time patching the patch than is worth the effort or do you just have to bite the bullet and work through it each month in the name of closing vulnerabilities?

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

38 comments
psauve
psauve

I wrote 2x per yr - but it's about 4 times.

Darren B - KC
Darren B - KC

In the office, rarely does a patch cause any major issues and, so far, in the 4 years I've worked at my current job, I've never had a server or client machine get "hosed" due to a patch. If there are any issues, it's usually something minor that affects 3rd party software in some small way. One example is a an update for IE 8 caused the home page in MS Dynamics Great Plains 9.0 to disappear. The fix was to roll back to IE 7. (Issue is resolved in GP 10.) At home, I can't think of a time when I ever had a major problem with a patch and I'm really picky about my home system, so I'd definately remember something like that. In all honesty, the biggest peeve I have with updates and patches is having to reboot to apply the latest updates, then 5 minutes after getting back to work, it installs MORE updates and wants me to reboot AGAIN. I HATE that!

jim
jim

My MS OUTLOOK kept being closed improperly requiring a long RESTORE & RECOVERY CYCLE due to its size. So I have begun turning OFF MS OUTLOOK on the scheduled and ANTICIPATED PATCH days. I turn off all operating programs except my Anti-Virus McAfee Programs. Since this procedure has been implemented I have had no problems.

abookcliff
abookcliff

FREQUENTLY, but many times the effects are very subtle:ie. A shortcut that no longer works, or a setting that gets changed,or IE 64 starts to hang. Sometimes it is because the changes have not had long enough to take effect during the reboot--shutting down manually afterwards and restarting will look after about 25-50 % of those. I budget 2-4 hours per computer for updates and followup system checks. I notice that no rebates are ever given for selling faulty O.S. --isn't that consumer fraud on the manufcturers part?????

r_j_jacobsen
r_j_jacobsen

The only problem I've had is with unattended reboots after installing. Sometimes these remote PCs don't get far enough in the reboot process to be able to access remotely, so I have to go to each of them, signon and finish the reboot.

tonyguyfuller
tonyguyfuller

I have had it happen twice the second time resulting in having to re-install windows XP. I have 7 on this PC and so far no problems at all it seems to be the best windows so far!

jeslurkin
jeslurkin

...to disallow Auto Update. I read Justin's opinions in "Patch Tuesday", follow the links for the ones I need, and download them to an Updates folder. I then apply them when I feel confident. I wish that I had learned this earlier. I have personally hosed 3 XP systems with auto update: Two on my system, and one on a machine I 'had to' admin because there was no one else to do so. I have had several of the experiences, and have adopted some of the practices, related by others.

Gis Bun
Gis Bun

According to experts, if your system has problems with an update from "patch Tuesday", it is generally because your system has been or was infected with malware or a virus. Once your system has been infected [even if it has been "cleaned"], the crud leaves behind crap which can still affect your system.

Kenone
Kenone

Not any more. I turned all that automatic stuff off years ago, nobody auto updates my systems except for my AV defs. I had a problem with Adobe Updater a year or so ago and had to visit each machine to fix it. Since then no Auto updates from anyone. If there are significant updates from MS, not a usual occurrence, I wait a while and apply them after MS has had a chance to fix them, usually around the beginning of the month.

wwgorman
wwgorman

Happens to me about twice a year while I'm in the middle of something it causes a restart----usually while I'm away from my computer. Last week I was attempting to format a new external 2TB hard drive which takes about 24 hours. On the first try I got the Blue Screen of Death about 23 hours into the process. I started over and in about 23 hours Windows restarted killing the format. I got it the next try.

Dented
Dented

There's an optional patch for a Dell AIO printer that I've had to avoid for over a year, but I wouldn't consider it a Microsoft patch or problem. Other than that, a mix of XP Pro and Vista systems, backed by 2 SBS2003 servers - no problems.

karl.vonwinkle
karl.vonwinkle

I think since I started just taking all the patches with out testing, the only one that caused an issue, was the one that updated some of the HP Printer driver subsystem. That was really an HP issue, but Microsoft took the hit anyway!

jmbrasfield
jmbrasfield

Not as often as it once did. Early XP SP2 seemed to happen a lot; I assume the bugs were worked out with later updates because it did not happen as often. Vista was a nightmare of "Screwed and Reload". Wdws 7 seems much more stable, it has happened only once and that was in its early days.

chris.quest50
chris.quest50

Absolutely sick and tired of Microsoft cocking my system up. I just get everything up and running, then a security patch messes things up. As I am typing this, the recent update as screwed up my system once more. One patch sometime ago had me taking my laptop to an engineer, because my hard drive had been so affected that I could not even carry out a restore, this was a very costly exercise. Now saving up to buy an Apple Mac, hope I have better luck.

Who Am I Really
Who Am I Really

needs one more category selection (*) Depends - specify in comments _____________________________________ all of my private office XP systems have never had a problem but, a> because I refused all win vista code related updates: such as IE7, IE8, & WiMP11 b> I manually apply them individually: - AU is set to download and notify - when DL is done open updates icon and select: Custom install, not the default Express install - in the Custom install dialog, deselect all but one update and apply it and restart if it asks I just rebuilt 2 XP-SP3 refurb systems and 77 post SP3 updates, not including IE7, IE8 or WiMP11 were presented, which totalled around 60 reboots to apply them all but no failed updates and no system problems I also just rebuilt a Win2K box and after SP4 & IE6 was applied, it was presented with 107 post SP4 updates, with over 80 reboot requests I was hosed 2 times in Win2K and learned my lesson! which is; - Don't apply multiple updates simultaneously on a heavily customized system In Win2K & XP, I switch services & GPEdit etc. a lot of the default crap to sleep, as most of the default settings don't interest me such as: - "User Tracking", - "Recent Documents", - "System Restore"(XP), - "Recycle Bin" - "User Folders on the Start Menu" - "Desktop Cleanup" - "Security Center" - "Do not add shares of recently open documents to My Network Places" - "Animations" (useless time wasters) - "Hide inactive Icons" (who says they're inactive, there's no way it can know how often I look at them but don't click, I like to see my network status monitor, etc.) - "Personalized Menus" (for crying out loud, I trained on win3.1 and expect a full menu every time, I open one) - etc. I wish there was a group policy to disable the disk cleanup wizard, as there is a setting within it that says "compress old files" which is a giant ball of corruption waiting to happen and which did happen on one workstation as some other user had inadvertently clicked OK to the disk cleanup, and I lost a whole pile of audio files Most recently I had a win2K system hosed by the out of band March,30,2010 update, completely toasted the system to a no-boot situation, requiring restore from backup system image. Quite a while back I had a whole slew of updates go south on a Dell Dimension 4100 P3, when I was bulk applying them about 15 or so appeared to apply but on a subsequent visit to winupdate "review update history" that batch all had the nice little "update failed" red (X) and now I looking at a "separate from my private office", other office setup, which is a full Domain with servers, workstations, Fat Client & Thin Client TS etc. and some IT dude decided to automate the Win Crash Dates to stealth install under the noses of everyone well it works and it doesn't I have one XP-SP3 workstation that responds properly when I'm logged in with: AU exited with the following error "Insufficient Privileges" but then there's the XP-64 x86 which keeps trying to apply and some fail and the whole system freezes and then they attempt to uninstall at next boot or just before the freeze up, and then trying again to install the next time it's booted and then freezes again. This loop has been going on for quite some time now I was told AU is supposed to ignore me because my UA is not a domain admin. account and it's not supposed to apply the updates when I'm logged on but it keeps trying and failing, but some do get through like IE8 but it's not fully installed and WiMP11 keeps installing and then uninstalling and then finding it again on the Local WSUS cache and so goes the loop install uninstall So I'm possibly looking at a potentially hosed workstation, because when I went to shut down it said installing 14 updates but it got to 8 and then choked with constant "Windows Delayed Write Failed" and after about 100 or so clicks I had to do force shutdown as the whole system was stuck on #8 and now so far the first problem I noticed is, I have no tooltip and stuck with a crap IE8 that's not fully installed but thinks that it is because it launches and says IE8, but the error logs show that it didn't complete the install sorry for the run on mini book but this is what day to day "working" with windows is all about, especially when you don't like the default settings like me.

.Martin.
.Martin.

with patches for XP. But even then, it was rarely.

HAL 9000
HAL 9000

I haven't had a system taken down for a long time now. But I do test everything before deploying it as I have had numerous [b]Bad Experiences[/b] with M$ Patches. But I have to say it's better when a Bad Patch takes the system down a reinstall is easy compared to finding the problem with an Intermediate issue not working all of the time. They are downright nasty to find, Hard to work out what's happened and waste bulk amount of your time. Helps to drive you insane as well as if any of us needed that happening to them. ;) Col

neoprime
neoprime

I have never had a bad experience with a patch.

julioa.morales
julioa.morales

Very early to get a trend, but asking a subjetive question, you will reicive a subjetive answer. If you ask for the number of time this happen during, for example last 6 six months, you will get a better pool.

oldbaritone
oldbaritone

Yup, it has happened to me many times. The patch causes grief. But since the alternative is to hope-and-pray that you're not affected, it's a risk no matter what you do. I prefer not to stick my head in the sand.

Mark W. Kaelin
Mark W. Kaelin

How often does the Windows patch process hose your systems? Are you spending more time patching the patch than is worth the effort or do you just have to bite the bullet and work through it each month in the name of closing vulnerabilities? If you were in control, how would you improve the process?

jlsmith722
jlsmith722

With XP from the beginning, through Vista sp1 and now Win 7, I have always installed the the important updates automatically and never had a problem.

Gis Bun
Gis Bun

Sounds a bit off it takes almost a day to format an external 2TB hard disk. Sure it's not a hardware issue. I've always set to WU/MU to inform me but not install. I want to be around for it.

Gis Bun
Gis Bun

Why do you reboot after each update? Look for qchain.exe [Microsoft's KB area]. It removes the multiple reboot issues. Unsure about the desktop cleanup wizard GP, but this works: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDesktopCleanupWizard"=dword:00000001 I had a "Windows Delayed Write Failed" problem. It's a flakey SATA controller. MS also has a tool [as well as third-party ones] that will reset the local WU settings to their default or allow you to modify them.

WebTek2
WebTek2

Back in the days of NT, YES, I had several issues with MS patches. Since the inception of Server 2003 however, I have had no instances of BSD's or crashes due to a MS patch in several years however... that is partly due to doing my due diligence BEFORE applying the patches. That's the key to successful patch management. TEST, TEST, DOCUMENT, DOCUMENT!!

pcteky2
pcteky2

I can only remember one time in the past 10 years of having to repair an installation on my own personal computer. I do not allow auto updates due to the auto reboot and god knows what I may have open that I need to save first. I always install all updates and generally I do more damage myself than MS does.

V.H. Scarpacci
V.H. Scarpacci

It has been a very long time since a really bad patch has come out from MS. I had installed a few PCs with XP SP1 and regretted it. The MS response was quick as I recall and they had SP1a out in a few weeks. That much better than BP's fix. Since then the update process has improved, but I still wonder why MS needs to authenticate a PC that has been authenicated hundreds of times already.

Jaytmoon
Jaytmoon

Up until I began using Windows 7, I dreaded the monthly MS patch day, Even when disabled some would get through and jamb up an ongoing process or disable another program that was enabled to update. It usually cascaded into a bsod or just a frozen pc

KarrasB
KarrasB

I'm serious. Microsoft's constant downloads have caused great distress to more than one friend. I hear remarks like, "They do this on purpose. This is why a machine has a short lifespan...all the crap Microsoft keeps adding to it." I have not had a problem for a decade because I do not allow direct download. Second, because I have Norton I do not allow the so-called "security downloads". It is time consuming to go through the downloads seemingly ever week now, but go through them I do. My system is working fine, with no attacks, vulnerabilities, or virus and as noted, for a decade. So I'm back to the title of this post: Who owns the computer? Many people say Microsoft owns the computer they bought and paid for. Like another intelligent poster, we're saving for a Mac.

avisley
avisley

back on windows 98 going back several years ago was the last for me, then it only happened once. and it was a driver issue. i think if 3 party software is not written properly and violated some basic code rules programmers take short cuts it may happen? FYI, i'm on windows 7 now and have to say i like it very much.

ian3880
ian3880

In the early days of XP a core update completely trashed the cursor movement on a Toshiba laptop. Had to replace all USB drivers. Only Semantec 'Ghost' has been able to completely trash one of my computers.

charleswdavis6670
charleswdavis6670

I have three computers, XP, Vista and Wind 7. I have always auto applied. I do review the optional, as many times they do not apply to my hardware configuration. Over the past 8 years as a volunteer House Call technician, I have brought all computers left in my hands up to date by going to Windows Update and applying all available. An update did mess with an XP system with an HP all-in-one printer installed, and an HP system with an AMD processor.

Who Am I Really
Who Am I Really

if it was an e-SATA disk it would take nowhere near that time for a full format and a quick format is about 25 seconds for the most part, I've stopped using external USB HDDs, and switched almost all of my existing disks to e-SATA even with an card e-SATA running at the SATA-I 1.5Gbps speed, which my older systems use they still blow away any USB HDD

Who Am I Really
Who Am I Really

and reboots happen more often when applying individual updates rather than bulk applying the whole lot, which can hose a system way more often than when doing each patch as an individual unit these delayed write failures in this instance happened because part of the system had unloaded for the shut down procedure before the updates had finished applying that reg. key would be handy for anyone on XP Homeless as gpedit wasn't included in Home but in pro it's quicker to go to; Start > Run, gpedit.msc in User Configuration, go to Administrative Templates > Desktop. You'll see the option to 'Remove the desktop cleanup wizard' Double click it, select the "enabled" radio button

charleswdavis6670
charleswdavis6670

I have had to clean an average of two computers a month with Norton installed and up-to-date. Norton can't catch everything. Other vulnerabilities can and do allow Trojans and other malware programs to be installed. You are living on borrowed time, or not being entirely truthful.

jeslurkin
jeslurkin

...just goes to show that some people are smarter, luckier, or better looking than others. FWIW, I never had a problem with Windows Update thru XP SP3. It was (coincidentally, I hope) _after_ the 'mass rejection' of Vista, the consumer demands to continue buying PCs with XP, the MS start on 'Win 7', and the Mojave Project that screwups started showing up.

KarrasB
KarrasB

I have Norton and Spybot and spend ample time online. That's the facts. One major factor: I do not "follow" unknown emails, nor do I click on pop-ups of unknown surveys or contests. One must allow for user error even if protection is good. Could I eventually get slammed? Yes. But I'll not let Microsoft f***-up my computer ever again.

Editor's Picks