boco wrote:It is not included as option because MS has declared IE11 mandatory for Win7. For older IE on Win7, no patches at all will be supplied. As the purpose of WSUSOU is to make systems secure, we simply cannot leave users with unsupported and thus insecure IE versions.
When did WSUSOU's
mandate become "to make systems secure"?
It's a documented fact that WSUSOU
does not install all current updates - the user is still responsible for running Windows Update afterward to catch the updates that WSUSOU misses. If the installation of updates is a requirement for security, then WSUSOU has significant fails here.
This also ignores the fact that not every update helps "make systems secure". There are websites no end that spend their time documenting the many ways Microsoft's updates can - and do - significantly
degrade a system's security and/or stability, which is essentially the same thing. What about the updates that are advertising - like the famous "Windows 10 popup" update? Where's the security in that?
WSUSOU has check-boxes for Outlook, Microsoft Security Essentials, updates to the system management console, etc. Any one of which could be considered critical, (or at least important), for system security.
Ultimately, the security, (or lack thereof),
is the responsibility of the system's user. WSUSOU dictating to the user what they can or cannot do is just as arrogant as M$'s dictating what O/S the system can or cannot run, with Secure Boot being a classic example. If you want to replace Windows with Linux on a Secure Boot enabled machine, it is not possible without jumping through a lot of hoops. If it's a tablet, you cannot do it at all. The same is true with the dot-net 4.0/4.5 debacle. Many systems were needlessly crippled by the way these two "updates" failed to play well together. And so on.
As far as I can tell by looking at the many WSUSOU fora, your typical user is someone who is knowledgeable and competent when it comes to configuring and updating machines. These are people who know their systems well, know exactly what they want and know exactly what they wish to avoid.
---------------------------------------------------------------------
WSUSOU is, (at least in my humble opinion), a
convenience tool that relieves me from having to manually babysit a machine or machines while updates are being installed. Your own web site advertises that "time and bandwidth are money" - extolling the
convenience features of WSUSOU. If that makes a system more secure, than so be it. However this is NOT my main reason for using WSUSOU. My main reason - and I am sure it's the main reason of just about everyone else that uses it - is to free me from the drudgery of updating so that I can do more useful things with my time.
-----------------------------------------------------------
I don't want you - or anyone else for that matter - to think that I am bitching or complaining about WSUSOU. It is a
wonderful utility that I value highly. I recommend it to every system administrator I know. I recommend it to those of my friends who manage a software QA lab with dozens of machines. In fact, I recommend it to
anyone who has more than one or two machines to maintain. And I strongly recommend that they - all of them - plunk down the cash and contribute to this worthy cause as I have done.
The bottom line is that WSUSOU waving the security flag is doing your users a disservice. You should be making it possible for the knowledgeable user to do what they believe is proper and needful for the maintenance of their machines.
What say ye?
Jim (JR)