Hi everyone! Our security team has suggested that we enable auto-updates for all applications that support it. I'm wondering about the potential downsides of having around 600 apps set to auto-update, especially since we use SCCM for packaging. While some applications can't auto-update due to admin restrictions, I'm concerned about whether automatic updating could lead to bandwidth issues or unexpected changes in features without verification. Any thoughts on this?
5 Answers
I stopped trying to control every update about two decades ago. The fear of updates breaking things is pretty much obsolete now since security threats are more pressing. Letting updates happen automatically (with some monitoring) has worked out better for us.
We’ve been using Patch My PC for our Windows software and Jamf for macOS, and they do a great job validating updates before they're deployed. It’s really cut down on issues when pushing out patches. I suggest looking into similar tools if you’re worried about breaking changes with auto-updates.
Absolutely! We’ve seen a major drop in support tickets since we started using Patch My PC.
Remember the Notepad++ auto-update incident? I’m just saying, not all auto-updates are created equal. It's important to weigh the benefits of staying current against the risk of introducing new bugs that could disrupt operations.
Fair point! At the same time, what’s the risk of leaving potentially vulnerable software unpatched? It's definitely a balancing act.
The current trend is prioritizing quick vulnerability patches over rigorous testing before updates. Waiting to validate every patch could leave you exposed, especially to zero-day exploits. If you decide to automate updates, consider staggering them instead of a massive rollout to mitigate risks from potential bugs. It’s a tricky balance between security and operational continuity!
True, but it’s worth noting that while a single ransomware attack can be devastating, frequent updates that cause outages might actually lead to more consistent downtime if that becomes a common issue. Finding the right approach depends heavily on your organization’s specific circumstances.
600 apps? That’s quite a lot! In our health IT setup, we have around 100 applications, and even that feels overwhelming at times! It's essential to keep track of what’s critical and what can be updated more freely. Maybe using a service like Patch My PC can help you ensure safer updates without too much hassle from retries or failed installs.
Yeah, specialized software in large organizations can be quirky! I can understand the need for controlled updates when every app has its specific function.
That’s a solid approach. It might lead to a few bumps on the road, but at least your systems are generally secure against the latest threats.