Security

Microsoft will explain only 'significant' Windows 10 updates

Microsoft is offering the choice between terrible or woeful security

+Comment Microsoft has explained its policy about how much information it will offer on the content of Cumulative Updates to Windows 10.

In a statement sent by a spokesperson to us, Microsoft said: “As we have done in the past, we post KB articles relevant to most updates which we’ll deliver with Windows as a service. Depending on the significance of the update and if it is bringing new functionality to Windows customers, we may choose to do additional promotion of new features as we deploy them.”

The Register asked Microsoft for clarification on the policy after the company issued a new cumulative update for Windows 10 and refused to say what it does other than to say it offered “improvements to enhance the functionality of Windows 10.”

El Reg comment

To your correspondent's mind, Microsoft's stance flies in the face of years of sensible security advice to trust nothing. Asking users to just swallow Windows 10 updates is very hard to consider as best practice.`

Microsoft will say that Windows Update is super-secure and back that stance until the heat-death of the universe. And it probably is, but as Cisco's recent admission that attackers have crafted malicious firmware shows, nothing is completely secure and attackers know the value of subverting vendor software. Updates that offer minimal information about their functions don't inspire confidence. They should inspire the opposite – suspicion - not least because of Microsoft's historic sermonising about trust.

Second, Microsoft has recent form flubbing patches. If Microsoft's papering over the cracks of a failed patch with un-explained updates, and therefore failing to disclose to users that they remained vulnerable at a time they felt Microsoft had their back, it's using a nasty form of misinformation.

Third, suspicion of Microsoft is justified because Windows 10 is a data-slurper par excellence. An “enhancement” to Windows 10 that benefits Microsoft might therefore be to the detriment of your privacy. If Microsoft had nothing to hide, surely it would let us know what it's up to with each update? Or is it hiding behind the fig leaf of the permissions assigned when Windows 10 was installed?

Fourth, Redmond has form charging more when it thinks it's done enough to deserve it, as it did for Office 365. If hiking prices because of enhanced functionality is Microsoft's policy, surely it owes users an explanation about just what enhancements it has bestowed upon them.

Lastly, we also asked Microsoft if it intends to release unexplained updates for Windows Server 2016. The spokesperson told us “Microsoft has nothing to share on this matter in regard to Windows Server 2016 as it’s not available yet.” Which doesn't rule out unexplained patches appearing in Windows Server, complete with the assumption you'll happily use them in production environments.

Microsoft surely won't go there. And if it did, would you follow? ®

Sponsored: HPC and HPDA for the Cognitive Journey with OpenPOWER