In-depth

Why Microsoft needs to realise forewarned means forearmed on security

Davey Winder explains why Microsoft is mad to halt its Patch Tuesday Advanced Notification alerts for all users

Storm warning

Microsoft has taken the decision to keep its customers less informed about security issues, if a recent blog by Chris Betz, the senior director of the firm's Security Response Centre, is anything to go by. 

The post revealed the software giant is to cease to offering users advanced warning about the software updates it plans to roll out during its monthly Patch Tuesday event, unless they pay.  

"We are making changes to how we distribute ANS [Advanced Notification Services] to customers. Moving forward, we will provide ANS information directly to Premier customers and current organisations involved in our security programs, and will no longer make this information broadly available through a blog post and web page," Betz wrote.

If you happen to be part of the premium customer program, or a Microsoft Active Protections Program partner like many security vendors, then you will still get advanced warning. Everyone else can, apparently, go swivel.

I sincerely hope and expect the ANS information will be leaked online and published anyway, as this kind of advanced notification is vital to IT admins wanting to plan updates and patches, as downtime scheduling and immediate testing is only possible with advance warning.

If you are part of the Microsoft premium customer program, you will still get advanced warning. Everyone else can, apparently, go swivel.

Quite how anyone thinks it is helping the overall security posture of Microsoft to disengage from customers in this way, unless they open their wallets and become premium customers, is frankly beyond me. Transparency is something I have banged on and on about over the years, and while the updates will continue by muddying the waters ahead of their release, visibility of what's to come will be reduced, so unexpected accidents could happen.

All this move will accomplish is that organisations at the smaller end of the enterprise spectrum, who cannot afford to be a Microsoft Premium Partner, will be exposed to known vulnerabilities for longer periods than those who pay up as they will no longer be able to do the required legwork ahead of the release. Surely this is not rocket science? Surely this is obvious to Microsoft? Surely the only motivation behind this move is money?

Viewed in conjunction with the findings from a new ESET security report, which suggests Microsoft fixed almost twice as many vulnerabilities across the product range in 2014 than it did in 2013, I can only conclude that Microsoft has become disconnected from the important matter of customer security and trust.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020

Most Popular

Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020