Windows users will no longer be able to apply individual patches

Since Microsoft began pushing Windows 10 on consumers and enterprise users, it has consistently worked towards minimizing the choices they can make about the installation.

One of these steps was to make sure that both individual users and enterprise customers could not pick and choose which patches to apply and which to forgo – cumulative patches became the norm. And while enterprises can test the patches before deploying them, home users don’t have that option – the patches and updates are automatically downloaded and installed.

Then, this Monday, Microsoft’s Nathan Mercer announced another change: starting with October 2016, individuals patches will no longer be available for Windows 7 SP, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

“Historically, we have released individual patches for these platforms, which allowed you to be selective with the updates you deployed. This resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems,” Mercer explains, adding that this rollup (multiple patches rolled together into a single update) model is ultimately better for users.

So, from October onwards, the company will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update, as well as a separate monthly Security-only single update.

“The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on,” says Mercer.

“Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available. The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog. Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update.”

This change will surely not sit well with users who decided to keep using Windows 7 and 8.1 because it allowed them more choice when it comes to (security) updating.

EFF’s Amul Kalia recently pointed out a number of forced changes recently implemented by the company: from deceptive upgrading tactics to collecting usage and telemetry data without offering consumers the option to opt-out of it completely.

“The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations,” he said. “Otherwise it will face backlash in the form of individual lawsuits, state attorney general investigations, and government investigations.”

Unfortunately, I believe that the threat of backlash will do nothing: Microsoft is banking on the majority of users accepting the changes, a very small minority of them raising a stink, and a minuscule number of users actually doing something about it (either taking Microsoft to court or switching to another OS).

All these changes seem to have been made with a double goal: to consolidate the Windows market, and to create a user base more comfortable with less choice and Microsoft firmly at the driver’s wheel.

Don't miss