It appears Microsoft is starting out 2015 on the wrong foot.
On Thursday January 8, 2015 it announced that it would no longer publish information publicly in advance of Update Tuesday. (Is patch a bad word?)
When I saw the news yesterday from Microsoft’s Chris Betz I was immediately disappointed. When Chris chose the word “Evolving” in the title of his post he seems to be selling us on being less informed.
Microsoft will still be sharing patch information in advance with its MAPP (Microsoft Active Protections Program) partners, like Sophos, and with Microsoft Premium customers.
Advanced notification of patches is a very handy thing. Certainly if you are SophosLabs you are able to analyze how you might provide protection against exploits that may surface before customers can deploy fixes.
If you are an IT administrator it gives you a heads up about which systems may need to be rebooted, allowing for advanced scheduling of downtime and even an opportunity to create virtual machines so you are ready to begin testing as soon as the patches are released.
Naked Security readers certainly seemed to find the information helpful. More than 50,000 of you read our articles on upcoming Microsoft patches in 2014.
Microsoft first started taking security seriously after a famous memo in 2002 from then CEO Bill Gates that launched what was known as the Trustworthy Computing group that accomplished the biggest turnaround with regard to security I have ever seen.
This one memo kicked off what became known as Patch Tuesday and the Microsoft Secure Development Lifecycle (SDL).
In a white paper by Craig Mundie, Microsoft stated one of the key goals to improving security was customer guidance and engagement.
Has Microsoft lost its way? Is this the beginning of the end of Microsoft setting the standard which inspires others to follow?
Microsoft shuttered the Trustworthy Computing group in September 2014, seemingly going back to the old “just trust us, we know right” approach that got them into such hot water around the turn of the millennium.
Unfortunately we will not be able to continue to tell you what to expect on the second Tuesday of the month, but we will certainly provide you with our insights on Update Tuesday itself.
I hope Microsoft reconsiders, but if it doesn’t, let’s hope this is the only backwards step it makes.
Transparency is one of the single most important principles needed to achieve greater integrity, security and trust.
Yes, trust. As in “Trustworthy Computing”. Bill? Craig? Are you listening?
Image of Bill Gates licensed under CC BY-ND 2.0 from InsiderMonkey.com.
13 comments on “Microsoft discontinues Advance Notification Service, but why?”
Microsoft has done some pretty annoying things over the past 30 years, and I guess we can just add this to the list. I’m a sysadmin for a small network (75 Win 7 workstations), and I do the updates every month. I start patch Tuesday at home by doing my own computer before work to see what I can expect, but I like to know what the updates are ahead of time. This is just ridiculous.
My guess is that it may be part of a whole new model of buying/renting software. In that the main OS will be of little or no cost, but the ongoing updates will be by a subscription model.
If this is the case, we will end up with another situation like the old XP days, where the vast majority of non-corporate users don’t bother to update because it’s too costly. I mean even as an IT professional, I have windows on my home system(s) because they came with a license – I can’t afford to pay ongoing fees to keep it up to date.
And how does this help the internet as a whole? Creating an environment hostile to end users running security updates, when it’s taken us so long to get people in the mode of doing them when its free and easy… not a good step forward.
For my part, if Windows does go to a subscription model, it will be the final push to switch to a completely linux environment.
It did not occur to me that this is just another step towards SaaS. Thankfully we still have Linux, for the time being, and applications like Open Office.
The whole concept of renting/leasing software is seriously flawed for many users, especially home users. We like the idea that we can buy (or download a free version) of the software that we feel we need to use. The OS is key and you would not want ‘them’ changing it just because they think it suits them without any reference to you the user.
Seems to be yet another arrogant idea from Redmond that does not let the customer make their own choices.
As for not telling us, and sysadmins, in advance so we can prepare for the updates and avoid any critical activities until the updates have passed testing and been safely installed is too stupid for words.
Personally, I never much cared about the advance notice. There are 7 updates next week, but no details? Thanks, but no thanks. I’d rather have meatier details, which I usually have to wait until Patch Tuesday to get anyway.
I’m sure other people use it, but I didn’t ever need it. Still, not sure what was bad about it…
That’s my thought.
In some ways, the advance notifications were useless, borderline insulting, because they told you enough to make you quizzical but not enough to understand. OTOH, they were useful, because they gave you some idea of what to expect, which…as you say…”what was bad about it?”
E.g., “Will I need to reboot my Server Core DHCP server?” No…good, I can use that bit of information.
The one advantage those notices gave me, for my home system, was that they gave me at least a rough idea of how many and how big the updates would be. Invariably, of course, there was quite a bit more when the time actually came. I’m on Win 7 x64, which is still quite active in terms of updates.
Could this be a prelude to another round of “trust us” that we hear every few years from Microsoft? (said tongue in cheek)
This just means that my trust levels of Microsoft goes further down and my patch thursday is now patch Friday
I think you mean “Update Friday” 🙂 Gotta keep with it, brother.
@ Paul… I always wait until the following Friday at least before applying anything from Microsoft 🙂
I wasn’t questioning the word “Friday,” but the word “Patch,” which we’re not supposed to use any more, apparently.
Microsoft its just start his own end of life haha, them forget who have’s the money to buy them products, when a client get mad for a product or service start to search a new option, so this is the begin of the end of Microsoft.