Updating older (but still supported) Windows versions can be a tedious tasks. Not only for humans but also for computers. Searching for updates for half an hour every time with the CPU going at full tilt must be a not insignificant contribution to global warming.
As everyone knows by know, Microsoft recently released what amounts to Service Pack 2 for Windows 7. From personal experience I can say that it works very well, whatever it is called. The point of the patch is that it resets the baseline for Windows Update. Instead of searching for 5 years’ worth of updates since Windows 7 SP1, there are just a few. Microsoft also changed the release cycle to monthly updates, which further reduces the number of variables.
Of course the patch isn’t automatically delivered through Windows Update and the download process is designed to remind everyone why ActiveX was such a dumb idea. But it does do its job once applied and brings down the time to check for updates to something quite reasonable.
The fundamental problem with Windows Update is that it’s highly complex and needs to resolve dependencies between myriad components on every update check. Whatever the algorithm used, it exhibits some form of exponential complexity. It’s fine with 50 updates, OK with 100, but with 200 it just starts taking forever.
To illustrate the problem better, a little story. Recently I reinstalled an old HP Pavilion laptop from its recovery partition, i.e. Windows Vista. The laptop has 3GB RAM and a 2 GHz Core 2 processor, quite decent for its vintage (circa 2007).
The recovery partition installs plain Windows Vista. Installing SP1 and SP2 on top is relatively quick and painless. Checking for updates after that is… not. After the laptop was busy spinning for about 6 hours, I unwisely interrupted the update process, naively thinking that something had to be wrong on my end.
After making a few tweaks and restarting, the laptop was checking for updates with one core fully occupied for more than 24 hours(!!!) before presenting me with the list of about two hundred updates. All the updates applied without a hitch within a few hours, with obvious progress. The only reason why I left it running for so long was because I know how slow the update checks can be. But I didn’t know it could be that bad.
The Windows Update experience is a wonderful example of how not to design user interfaces. Software which takes hours to complete but provides no estimate of how long it might take and no indication that it’s doing something useful is very poorly designed indeed.
Naturally Microsoft does not care because they’re happy for every incentive users of old Windows versions might have to upgrade. It might be interesting to know just what was needed to convince Microsoft to release the “convenience rollup” for Windows 7. But hey, better late than never!
“It might be interesting to know just what was needed to convince Microsoft to release the “convenience rollup” for Windows 7. But hey, better late than never!”
Probably they made it with Pro/Enterprise W7 version in mind for their actual enterprise customers, and working in all Windows 7 editions as byproduct. If i remember well, NT4 and Win2k got also a convenience rollup extra to SP6a/SP4 respectively.
I never use recovery partitions on any computer – in fact, the first thing I do with new computers is wipe the MBR/GPT and install from clean install disc (I use the disc with latest service pack as baseline, and for OSes that I install often, I’ll add updates every now and then) – this is quicker than cleaning all the OEM crap.
Regarding Windows Update taking 24+ hours on computers that only have the latest service pack installed, there are some updates you can install (manually – download them on another computer, and install them without connecting the new computer to internet, otherwise it’ll hang again) that will greatly reduce the wait (can’t remember them from the top of my head for Vista, but they’re easy enough to google; for 7 you need KB3020369 and KB3125574, which is the rollup).
There’s another prize rolled into Windows Update. Disk Cleanup’s run time to remove Windows Update files can stretch over an equally long time.
There was in fact an update to the Windows Update client in March 2016, which reduced the CPU load immensely (though it would still take 5-10 minutes to search for the updates even on a beefy machine, but that’s an improvement from the previous hour or so it took!). Look up KB3138612. If you’re installing Windows 7 without access to the convenience rollup, installing that and IE11 separately speeds up the whole process a lot.
And yeah, I bet it was released because of demands from big enterprise customers. Even though all sane IT shops install the OS only once per device type and then image the rest, there is probably enough variety in device types for the initial install time to become a non-insignificant time sink.
Back when windows update became a thing, it was born out of panic. Remember using IE plus their active x components on NT 4, 95, 98? Fun times it was not, but for those of us who had internet facing devices it was the best way to make sure patches were actually installed.
but now with hundreds (thousands) of patches it really has gotten out of hand. The real question to me is why did the service pack die? What was it about NT 4.0 SP7 that scared MS out of the service pack business, and this idiotic ‘rollup’ thing start? Maybe it shows that there needed to be a more frequent updates for Windows, and that cosmetic change in winver scared people away?
I think we’d be better off with 6 month service packs, and patches inbetween if anything to make it far easier to bring new machines (or restored) from older images up to date. But I’m only a user!
The fear of service packs is likely a contractual one. Remember that Microsoft’s current software life cycle system calculates the support end dates based on the last SERVICE PACK release date. If they were to release a new service pack for Windows 7 right now, they would have to extend support beyond 2020. That is the last thing they want to do.
They made the mistake with NT 4, and didn’t want to make it again with Windows 2000. They were only forced to extend Windows XP/Server 2003 support because it took them so damned long to release Vista/Server 2008.
I think it is also that they now have to do separate branches for each service pack level. For Win2000 and older this was not true, and one of the largest security patches for it was MS04-011.
Last time I had to poke at something like this, I used AutoPatcher to download all the updates separately, and slipstreamed them into my installation media using nLite. That got the job done pretty nicely. (Too bad Microsoft seems to have killed the option of downloading your own non-activated Windows 7 installation media.)
I think you’re right about that. They probably don’t want to do a SP to avoid having to contractually support it.
Of course the real problem Microsoft has is that after destroying all competition (yeah, OS X, Linux, who cares), by far the biggest competitor of Windows 10 is… Windows 7! Even with free upgrades, they can’t get users to move off Windows 7. And of course the reason is that users have been around the block a couple of times and they know that after an OS upgrade, some of their peripherals might stop working, and almost certainly a chunk of their software will stop working. Windows is nowadays evolving in such a way that it’s different enough to break stuff but not different enough to be a really compelling upgrade.
MS04-011 even patched NetMeeting. I recommend that you read the entire file list for this patch if you hasn’t read it already. Trivia: Back in mid 2003, MS was planning only six months of custom support for Win2000 SP2: http://www.pcreview.co.uk/threads/support-for-windows-2000-sp2.1440853/ If you look at patches between Nov 2003 and March 2004, you will notice they mostly patched things like WINS and the Workstation service. The Win2000 version of MS03-045 for example had file dates of August 2003.
(Ultimately Win2000 SP2 support was extended for a year, until June 2004)
I should also add links to eEye on some of the bugs:
http://web.archive.org/web/20050315035905/http://www.eeye.com/html/research/advisories/AD20040413C.html
http://web.archive.org/web/20050315035905/http://www.eeye.com/html/research/advisories/AD20040413D.html
http://web.archive.org/web/20050315035905/http://www.eeye.com/html/research/advisories/AD20040413E.html
http://web.archive.org/web/20050315035905/http://www.eeye.com/html/research/advisories/AD20040413F.html
Microsoft does not seem to care that supported versions of Windows 7 are still deployed in (literally) mission-critical applications. Viewing this as simply another incentive in their deleterious campaign to upgrade everyone on the planet to Windows 10 is not acceptable when you’re dealing with software deployed in military or similar life-or-death capacities.
Once Windows Update has misled, forced, or automatically taken you down the Windows 10 upgrade trail, the computer becomes unusable for hours at a time – forcing an 8GB download which – in the field – might have to to travel through a sat-phone or similar expensive/slow technology. This costs not only money, but also lives. Good going, Microsoft.
Enough is enough – I’m switching to Linux on principle.
@Typel: I think there was a recent example of this on Reddit recently:
https://www.reddit.com/r/technology/comments/4mcdon/i_live_in_the_central_african_bush_we_pay_for/
From http://web.archive.org/web/20031204022713/http://www.microsoft.com/windows/lifecycle/desktop/business/default.mspx :
“Security hotfix support has been extended through June 30th, 2004 for both Windows NT Workstation 4.0 SP6a and Windows 2000 Professional SP2. Support for non-security hotfixes will not be extended, and ended as previously announced on June 30, 2003 for Windows NT Workstation 4.0, and August 18, 2003 for Windows 2000 SP2.”
Necroing here, but I have now found out that KB3138612 is not in fact included in the convenience rollup and the update checks will still take hours after the initial install. Additionally, you’ll have to install what’s called a Servicing Stack Update before you can slipstream the convenience rollup. So what you should do (if you’re creating a new ISO) is:
slipstream the servicing stack update (KB3020369)
slipstream the post-SP1 convenience rollup
slipstream the Windows Update update (KB3138612)
(optionally: slipstream the IE11 update?)
I used to work at a place where we refurbished donated computers, wiped their hard drives, and installed Windows 7 on them before selling them to low-income or otherwise-disadvantaged people at a steep discount. Easily four-fifths, and frequently considerably more, of the total time it took to get a computer from completely blank to ready-to-sell was downloading hundreds of updates after installing Windows. For our laptops (almost all of which were near-identical IBM/Lenovo ThinkPads), we eventually resorted to imaging an up-to-date laptop and using that for the rest of them, which worked fantastically well for a while but then stopped working for some undetermined reason; for the desktops (and, later, the laptops as well), we turned to using Windows Server Update Services to store the updates locally on our server and having the newly-installed computers grab the updates from there (still quite slow, but nowhere near as slow as having the computers all download them directly from Microsoft).
Note that, in this case, the effect of having to download hundreds of updates was probably exacerbated by the fact that these were not top-of-the-line computers; I haven’t tested this for updates, but I know that, when I installed Windows 7 on these computers, the installation itself took much much longer than when I installed Windows 7 on a top-of-the-line machine (even as a virtual machine in VirtualBox). On the other hand, these were network installs rather than installs done from a DVD or USB drive, which could conceivably also account for the slowness, especially when installing eight to ten computers simultaneously (most of the time, though, we operated far below this level due to a lack of suitable computers ready for installation).
The reasons for moving away from service packs included technical reasons too.
Originally there were two classes of patches: things to fix bugs (called QFE or LDR) and things to fix security holes (GDR.) Windows Update would push down GDR updates (which stood for General Distribution Release.) LDR (Limited Distribution Release) updates would be made available via KB articles for people who complained about very specific bugs. However, LDR is still cumulative: if two bugs get fixed in one component, there’s going to be a version of the binary with one fix, and a version with both fixes.
A service pack was basically promoting all of the LDR changes to be GDR changes, because instead of them being single binary updates for people complaining about specific bugs, all of the binaries get pushed to all of the machines in the world. As a result, there was a long beta testing phase, sometimes over a year. Like so many other things in software development, the larger the update becomes, the more validation is needed, the longer it takes, and the result is fewer, larger updates. That’s how we go from 6.5 service packs in NT 4 to 3 in XP to 2 for Vista – each one is much, much larger.
The purpose of a “rollup”, even back in Windows 2000, was that if it’s just a bundle of fixes that were already pushed out via GDR, it doesn’t contain any additional risk all on its own. Also from the earliest days, that goal was never really fulfilled, because there were still things pushed into the rollup that weren’t previously released, which is why this model wasn’t clearly better and wasn’t universally followed.
What’s really changed with the current system is there’s no distinction between LDR and GDR. Fixes of all types are pushed out to everyone all at once every month. There’s still a risk that a given fix will be problematic, although the risk occurs every single month rather than being batched into a single large multi year risk event. I’m not saying it’s better – but it does mean there are no more year long service pack betas.
I think pretty much all OS vendors ran into some variant of these problems, because they’re simply very hard problems. I know that Sun used to publish patches for Solaris, and customers could generally choose which patches to apply, although some software packages listed certain patches as prerequisites. The problem was that the matrix of possible patch mixes simply exploded, and every customer effectively running a slightly different version of Solaris wasn’t helping anyone.
Thanks for the explanation BTW. I actually wasn’t familiar with the LDR/GDR distinction, but I am familiar with QFE (Quick Fix Engineering IIRC).