Are you an admin or power user who feels slightly confused by the detail underpinning Microsoft’s Windows 10 updating and patching plans? If so, that’s not surprising. Microsoft has at times been less than clear about the ins and outs of the new Windows 10 updating branches and ‘rings’ which is some respects are similar to the regime pre-dating Windows 10 but dressed up in a new and confusing terminology.
Here we try to piece together what’s what with updating and Windows 10. There are certainly some things to watch out for. What is clear is that this new world is more complex, necessarily so. Today, Windows 10 is still an operating system but at some point it will resemble more of a service. This is the fate for all ‘big’ operating systems.
The mental map to understanding what’s going in are the different updating ‘branches’ and, within each of those, the deployment ‘rings’. A second important issue is to understand the difference between ‘updates’ (additional feature and services) and patches/fixes (security updates). The first of these is described in detail below while the second will happen as and when they deigned necessary by Microsoft.
For a specific primer on Windows 10’s main Security features see Windows 10 – the top 7 enterprise security features
Windows 10 updating: Current Branch (CB) – Windows 10 Home
This is plainly just the old Windows Update (WU) that home users have grown used to since its appearance in 2003 with Patch Tuesday but there are some important subtleties. Instead of the current monthly patching cycle, some updates will be applied on an ongoing basis, including Defender updates and what would once have been called ‘out of band’ security patches. Bigger updates covering new features will happen every four months, nudging Windows evolution along more rapidly than in the past.
In short, security fixes might coincide with CB updates but are, at a deeper level, independent of them and can happen on any timescale Microsoft chooses.
Red Hat announced the general availability of Red Hat Enterprise Linux 6.7. The latest version of the company’s Enterprise Linux 6 platform offers some new features around security and additional compatibility with Red Hat Access Insights. Although one version back from the company’s current Linux 7 platform, many businesses continue to rely on Linux 6.
“Red Hat Enterprise Linux 6 is the stable, predictable backbone for business-critical IT deployments across the globe, and Red Hat Enterprise Linux 6.7 builds upon this foundation with access to new capabilities and services,” said Jim Totton, Vice President and General Manager, Platforms Business Unit at Red Hat.
Red Hat Linux 6.7 enhances security by allowing for read-only mounting of removable media. Operating systems have long offered the ability to restrict data to specified users. However, one continuing security problem, termed data leakage, exists where an otherwise authorized user copied secure data to an insecure, removable storage device. This data is then easy to access without proper security, whether maliciously, or inadvertently. Read-only mounting of removable media gives users the ability to access data on removable devices, without allowing them to copy sensitive data to the same.
Also on the security front, the 6.7 version now includes the Security Content Automation Protocol (SCAP) Workbench, formerly available in Red Hat Enterprise 7. SCAP is a method for using standards to enable vulnerability management and security compliance. The workbench functions as a tool to scan and measure compliance against company defined security guidelines and criteria all in a single graphical interface.
For Red Hat, the big feature of version 6.7 is full compatibility with Red Hat Access Insights, a new hosted service from Red Hat used to identify and resolve various technical issues in Red Hat Enterprise Linux environments. The Insights platform collects information from the identified system at regular intervals. The data is analyzed for potential issues, particularly those concerning configuration, security and performance. The engine for the Insights platform is based on Red Hat’s own knowledge base. Once issues are identified, remediation steps are offered. Insights is integrated into Red Hat Satellite 5 and 6 for easy management.
For customers making the move to container-based applications, Red Hat Enterprise 6.7 also includes a base image to keep operations intact while making the transition.