Windows Updates: A Double-edged Sword

We now live in a world where some people will take advantage of us if we let them. From a computer perspective we need to give attention to 4 main areas to stay safe (in no particular order):

• Avoid risky sites
• Use anti-virus/anti-malware protection
• Backup your installation & data
• Keep your operating system and programs fully patched & up-to-date

It’s this last item that I’d like to address in this blog post. Microsoft Windows does a pretty good job of keeping itself up to date (as evidenced by the number of times it always needs a restart whilst we’re in the middle of something!). There are 4 main types of update;

• Security updates
• Quality updates (“bug fixes”)
• Feature updates (“new stuff”), and
• Driver updates

Of these, only the first 2 get downloaded and applied automatically; feature updates typically only come out a few times a year – are big – and have a greater chance of breaking things … so Microsoft let you install them when you’re ready for them. As of this time of writing the 21H1 update (first 1/2 of 2021) is being progressively rolled out by Microsoft. Similarly, driver updates can also make things better … or worse – with the general consensus being “if it’s working then let’s not try to fix it”.

Although security & quality updates are generally applied automatically & regularly, there can be a bit of a “gotcha” in that some up updates require other prerequisite updates to be installed first – and some of those prerequisite updates are only contained in feature updates – and people mostly aren’t aware that feature updates are waiting for them … so it’s possible to get a situation where the end user doesn’t install updates because they’re not aware of them … and security and quality updates end up not getting installed because the prerequisite update(s) haven’t been installed. It’s not quite that “cut and dried”, but there’s definitely a point where Microsoft stop investing time and money into developing patches for “old” software … and by “old” I’m meaning versions of Windows 10 that haven’t had feature updates applied. In that context feature updates take the operating system from one version to another – even though it’s still called Windows 10; it’s a lot like a 2010 & 2020 Ford Falcons are still both Ford Falcons, but one is significantly different to the other.

So it’s important to ensure that your PC is getting these vital fixes that protect you from the bad guys … and it’s important to remember that you may need to install one or more feature updates to keep that protection current. Not keeping a system fully patched and up to date leaves you exposed; that’s one edge of the sword; you’re at risk if your system isn’t patched.

Unfortunately … there are also risks in patching systems; modern operating systems are hellishly complex – and they run on a HUGE variety of hardware that often spans many years; and that can be a problem. Whereas Microsoft generally do an excellent job with quality control, there are just too many users with too many unique conbinations of hardware and software to guarantee that every update will work flawlessly … and as such, I’m finding it increasingly common for an update to break (“kill”) a PC. I’ve had clients install updates only to discover afterwards that mouse support has been inadvertantly disabled; I’ve had clients install updates only to discover that they can no longer access the internet; I’ve had quite a few clients intall updates only to discover that they can’t boot up their computers anymore. About the only pattern I’ve observed to this is that older machines seem to be affected more than newer PCs.

Microsoft have put a number of protection mechanisms in place to allow recovery but – by and large – they just don’t work most of the time. I’ll say that again: By and large they just don’t work most of the time. This is the other edge of the sword; there’s a considerable risk in not keeping systems updated … but there’s also some risk in updating them.

So … what’s the best way to protect ourselves? In short: Backups. What I like to do for clients is take a complete image backup of their hard drives at least once or twice a year; not just their data, but the programs that created it AND the operating system itself. In one word: EVERYTHING. Often the first thought people have is “but what use is a backup if it was done a year or two ago? – I can’t afford to lose a year’s worth of data!” – the short anwer is: “LOTS”. Whenever a computer swallows a bad update I typically go through the following process:

• I start by booting the computer from a USB drive (or remove the drive) and create a backup image of it. Although it may not be able to boot, it still contains ALL the current user data.
  
• I’ll restore a previously created image – this gets the computer booting again (bit with old data)
  
• I’ll then download and install all the updates that have been released since the backup was taken (interestingly, an update that killed a computer initially is often successfully installed following a restore; it appears that often the issue isn’t so much with an update but with the installation process for that update)
  
• I’ll then restore just the user data (documents, photos, etc) before finally …
  
• Getting a new current and up-to-date backup

As you can see, it’s a bit of a process – and one that requires good judgement around key decision paths. Although somewhat “self-serving”, I encourage people in this situation to leave the recovery of their computers to someone who’s had many years doing this kind of work – is “emotionally detached” from the situation – and who’s experience gives them far better oversight into the entire process. I’m reminded of an old saying: “there’s no computer issue so bad that it can’t be made a lot worse”; I’ve lot count of the number of times people have lost unreplacable data because they’ve paniced and in desperation have followed an inappropriate “Dr Google” procedure. The first 2 steps are always (1) STOP and (2) Get a backup of what you have.

Hope this is interesting and provides some insite for some. If you don’t have a complete image of your computer’s drive then – PLEASE – let’s create one for you. They’re ridiculously easy to do – and can save so much heartache (and expense).