Microsoft cloaks the details of Windows 10 updates

Recent pair of security updates illustrate how opaque the new OS's updates may be for users

Windows 10 build 10240 update
Credit: Microsoft

Microsoft last week demonstrated how much of a black box a Windows 10 update may be to the millions of users expected to upgrade to the new operating system.

The Redmond, Wash. company has served two updates to Windows 10 devices running the July 15 preview build 10240, which most believe will be almost identical to what Microsoft launches next week when the free upgrade program launches.

Identified as KB3074663 and KB3074665, the second of the pair was announced Friday by Gabriel Aul, engineering general manager for Microsoft's OS group, on Twitter. "We're releasing an update package on WU [Windows Update] for PC build 10240 today. It will install automatically or you can check for updates to grab it," Aul tweeted. Minutes later, he added, "It will be described as a security update, but that's just because it's cumulative and includes the last package's security fix."

Microsoft said only a bit more than that on the support document linked to KB3074665. "Microsoft has released a security advisory about vulnerabilities in Adobe Flash Player in Internet Explorer," the document stated. "Additionally, this update includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements."

Although there was a smattering of replies to Aul's tweets from users complaining about problems after installing KB3074665, and some messages about issues on the Windows 10 support forum, they were neither pervasive nor a surprise: Any given update typically generates some such reports.

However, Aul did acknowledge that a bug in the OS's networking stack -- which caused Wi-Fi troubles for some -- is known and would be patched.

The first update, KB3074663, was released July 15, and was also marked as a security update. "The vulnerability could allow elevation of privilege if the Windows Installer service incorrectly runs custom action scripts," said the accompanying support document. Like its follow-up, KB3074663 also used the phrase "This update includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements."

What may disturb veteran and advanced Windows users is the paucity of information about the contents of KB3074663 and KB3074665 other than the security-related components. The phrase "includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements" could cover a host of changes across wide spectrums of the OS.

For editions prior to Windows 10, Microsoft identifies non-security updates separately, each with its own support document -- a "KB" in Microsoft's parlance -- even though the accompanying descriptions are often as terse as a tweet.

It's not clear whether the bundling of multiple changes related to both security and non-security issues into single updates will continue with the production version of Windows 10 -- those running Windows 10 Home, for instance, who will receive updates automatically through the Windows Update service -- or will remain a Windows Insider-only practice.

Insider, the beta test program Microsoft launched in October 2014 and will continue after the official launch next week, has been billed as the "branch" -- a Microsoft term for one of its four release, update and upgrade channels -- that receives changes first and for some, at a furious pace.

But customers are already nervous about the take-it-or-leave-it, minus the leaving, that Microsoft plans for updates to Windows 10 Home, and other SKUs (stock-keeping units) that adopt its "Current Branch" (CB).

"So what happens if an update causes an unknown issue on a system used for business?" asked David Ogg in a comment appended to a Computerworld news story last week about the automatic updates. "What does that person do? Are we forced to install this bad update? This has happened before."

Skepticism of freely-flowing updates won't be helped by Microsoft's tight lips about what's inside each.

But users shouldn't be surprised: Microsoft has been on a less-information kick for months now in a campaign that some experts have linked to layoffs that hit the company's security staff last year.

In January, Microsoft shut down the public advance notification service for impending security updates, limiting the alerts and information to major customers who pay for premium support. Before that, it had dumped a monthly webcast that went through the most recent updates in detail, and closed the Trustworthy Computing security group.

The dearth of information in Microsoft's update descriptions, particularly about what fit the firm's "non-security-related changes to enhance the functionality of Windows 10" phrasing, may be more than distressing to users who want details.

That's because Windows 10 includes the ability to uninstall updates, or at least those marked as security updates. The feature is tucked under "Advanced options" on the Windows Update panel. When that's clicked or touched, followed by "View your update history," which appears in the next screen, the option "Uninstall updates" manifests. Click or touch that and a Windows 7-esque window pops up showing the updates eligible for deleting. On a PC running build 10240 of Windows 10 Pro, the only listed were KB3074663 and KB3074665.

Without a clear idea of what other changes are in an individual update, users will be hard pressed to know whether uninstalling the update will cause glitches, either immediately or down the road, in the non-security arena.

And that's the crux of the problem with Windows 10. Previous editions of Windows have clearly demarked security from non-security updates, albeit with little more information than KB3074663 or KB3074665 provided. The difference is that the bulk of updates for Windows 8 and 8.1, and nearly all for Windows 7, have been, if not a vulnerability patch, then a bug fix of some kind. But rarely, if ever, new features and functionality.

The addition of the latter categories makes updates even more opaque, even more difficult to swallow by users who want to know exactly what Microsoft is putting on their machines. Microsoft has removed much of the control over updates that users once enjoyed: The only options remaining to them in Windows 10 Home are when the system reboots and whether they receive updates immediately or later. By not revealing an update's complete content, the company is walking further down a path that some already refuse to take.

And that's bad for Windows 10.

Windows 10 uninstall updates Microsoft

Windows 10 lets users uninstall security updates, but without a clear idea what else has been included it's tough to know whether removing one will cripple a new feature.

This story, "Microsoft cloaks the details of Windows 10 updates" was originally published by Computerworld.

ITWorld DealPost: The best in tech deals and discounts.