There are different views in the IT support industry regarding Windows Updates. Some support companies set Windows updates to automatically download and install, as soon as they are available. Other companies think Windows updates are a good idea, but prefer to manage their deployment manually or semi-automatically with a patch management system or other method. And some companies just turn them off altogether, to avoid any of the problems that can arise from their deployment.
It is my view that Windows updates should always be automatically deployed, especially in smaller, autonomous networks such as dental practice networks. It is not realistic, when managing multiple small networks, to review and consider each batch of Windows updates for compatibility or other issues, and deploy them in a managed fashion. This might work in a single corporate body with its own IT department able to review Windows updates, but this is not going to happen with small businesses. All that would happen in reality is that updates would be slow to be deployed, if ever, and that would leave the networks and computers more vulnerable to the latest security threats.
Turning Windows updates off altogether is in my view foolhardy and neglectful; this exposes any Internet connected PC or server to far too much risk. This is usually done by IT support companies who are more interested in avoiding the support calls related to updates, than they are in protecting the security of their customers' networks.
So why should Windows update be installed? The main reason is security; Microsoft patch vulnerabilities discovered in their Operating Systems very promptly, and without this patching, the PC or server is much more likely to be hacked or exploited. Other updates offer reliability or performance improvements, fix bugs and faults, or offer other enhancements.
But I am sure you have heard of problems that can arise with Windows updates, and you would be right. From time to time, updates break something about the system; perhaps a function or feature of the system, or the ability for a particular piece of software to run, or cause some aspect of that software to fail. This is unfortunate, but can usually be remedied by removing the particular update that caused the issue, or updating some configuration or other method that works around the problem. Very occasionally, a Windows update can break a machine altogether. As I write this in January 2022, a Windows update just this week caused many of our Windows Server 2012 machines to not boot up altogether. Fortunately, as most of our networks are built on Hyper-V virtualised servers, we were able to remove the update and fix up these systems remotely, but this was still a significant problem. But does this cause me to review my preference for updating automatically? No, it doesn't - because I would rather that disruption occurred occasionally than risk infection and compromise to any of our customers' network.
Windows updates generally arrive on the second Tuesday of every month. For this reason, at Dental IT, our engineering team start early (at 6 am) on the second Wednesday and Thursday of every month. We analyse our monitoring system for any affected servers, and remedy any problems that we identify; often before the customer even gets into work.
© Liam McNaughton, Dental IT ltd January 2022
Need help with your IT practice support? Get in touch with us today.