It's time for Microsoft Lifecycles to enter Internet Time

It's time for Microsoft Lifecycles to enter Internet Time

Summary: The problems in this month's Patch Tuesday updates are likely related to the huge variety of complex products Microsoft supports. Microsoft can only make things better by making upgrades an easier sell for enterprises.

TOPICS: Security, Microsoft

As we approach the 10th anniversary of Patch Tuesday in October, there is good reason to believe that the whole enterprise of keeping Microsoft products, especially Office, up to date, is too large and complex to get right. Microsoft's recent problems with their update system are not going away and are a reasonable subject for ongoing concern. Indeed, a few days ago they acknowledged yet another bug in the disastrous September update

I spoke with Lawrence Garvin, Head Geek (yes, that's his title) at Solarwinds, which makes IT management software. Garvin has been dealing with patch management of Microsoft products for ages, and he's convinced that the Microsoft updating system is just too much to keep track of.

Garvin also points out that we don't really know a lot about how Microsoft manages their update process. The individual product teams are responsible for their own updates, but is it considered scut work, unworthy of the best engineers? Are there dedicated teams of updaters who can learn from earlier mistakes? We don't know these things. It's not like any other companies provide this level of detail, but Microsoft is different. They are, to borrow a term from Dodd-Frank, systemically important. It's reasonable to expect more of them.

The schedule of product releases over the last decade or so has conspired to create a support problem for Microsoft:

  • For Windows, the support lifecycle is 10 years (extended to 12 for XP), but many users sat out Vista and will likely sit out Widows 8. Because of the Vista/Longhorn debacle (which even Steve Ballmer regrets), many customers developed a "once bitten, twice shy" attitude and are still sitting on Windows XP. Therefore, even if they were now to adopt Windows 7, seeing that 8 is not acceptable, they would have an abbreviated life cycle. Windows 7 exits extended support in January 2020.
  • For Microsoft Office, a very large number of users have sat out every recent version and are still running Outlook 2003, which also exits support next April. The hardware update cycle sometimes pushes customers into updating Windows, but not necessarily Office.

The Office situation is even worse for Microsoft than the Windows one. Currently there are 4 generations of Office being supported: 2003, 2007, 2010 and 2013, not to mention the online versions in Office 365 and the Office Web Apps of earlier generations. Some vulnerability fixes can affect all versions, some are more limited in scope.

I've been tempted for some time by the idea that Microsoft should be shortening their product lifecycles. 10 years is just far too long in the Internet era, far longer than is typical for other vendors, and it keeps users running less-secure, inferior programs.

But shortening the lifecycle only works if users will actually upgrade fairly soon after new versions are available. Otherwise they don’t get enough useful life out of it to bother. Enterprises are very reluctant to upgrade, and Microsoft's leverage with them, while still high, isn't what it used to be. Microsoft has always listened carefully to the enterprise customers, which is why they have such long lifecycles and were even willing to stretch the XP lifecycle.

Instead, Microsoft's solution, at least for Office, is Office 365. It's a partial solution with the online version, which are updated automatically all the time, but for the more expensive subscriptions that come with a subscription to the Office desktop versions, it's only better in that users will already have paid for the new version; they may still decide to use the old one. But Office product cycles have been rapid in recent years, so even if an enterprise skips every other version it may work out for them.

The bottom line is that Microsoft has to find a way to get enterprises to be willing to upgrade more frequently. With Software Assurance they have the financial incentives in place for some time, but enterprise reaction to Windows 8 doesn't give the impression that it's an easy sell. 

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Microsoft has made it somewhat easier ...

    than it was a long time ago with the Windows System Update Server (WSUS) for Enterprises. I remember having to manually figure out which servers needed which updates and then applying them. Don't want to go back there. Although there have been some recent hiccups, I think those will smooth out. As far as home users, the automatic settings for Windows Update generally work pretty well and that is easier also (I support quite a few family members) and generally Windows Update just works. The BEST thing Microsoft can do to encourage upgrades is to release excellent products on a reasonable time frame (i.e. don't release the product before it is ready) and with enough new stuff bundled into the product to give customers incentives to get the next version. Listening to customers about what they want and don't want is a good place to start.
  • The problem patching has been an anomoly.

    Generally speaking, until the last couple of months, patching was a fairly smooth task. Not sure what happened the past few months but it is certainly not the norm.
  • typo

    But many sat out for and will be sit for widows 8 also should be windows. Just to let you know :)
  • The real challenge

    The problem Microsoft put themselves in comes from their desire to "cover all possible bases". Microsoft has spread their product portfolio so thin, that it is becoming unmaintainable any more. This happens, because Microsoft always reacts to someone else's success in particular segment, instead of staying focused and go on planned course.

    This "me too" attitude will ultimately ruin their business, if not stopped soon. Perhaps Balmer's successor will be more forward looking and will reduce Microsoft's spread in technologies where they are not good enough.

    No company can be "everything for everyone" in computing. Not even Microsoft. IBM once tried, and learned it the hard way.
  • I get it, but...

    I get that Microsoft supports products up to 10+ years, and they should not have to. Maybe if they offered better discounts to customers that upgrade from version to version, they would be more apt to upgrade. For example, those that were stuck with Windows Vista were not really offered a significant price break to upgrade to Windows 7.
  • The Customer

    While most ZDNet readers are probably in IT for businesses, there is a vast population of people like me who are domestic users of computers. I am a long retired engineer with Win XP, 7 and 8 PCs but some of my time is spent supporting other retirees all of whom have Win XP. They, like me, find XP ideal for their computer needs and don't want the expense of upgrading.
    It must be remembered that programs often have to be upgraded to work with the new operating system and some like Photoshop are quite expensive.
    I have Office 2003 which for my purposes is not as good as Lotus Smartsuite. The expense of updating is such that I use Libre Office to handle MS Office files which Office 2003 does not handle. Libre Office also handles Excel files as well as complying with the International Open Document Standard a standard which MS once promised to comply with but did not. Paintshop Pro X works well in Win 8 but is vastly less useful than PsP 9 in XP. Like so many new offerings from MS and others, the change seems to be just to be different to sell the "upgrade" but not to improve the user's experience. The customer seems to be the last in line for consideration.
  • Software belongs in secure sandboxes on the cloud

    Putting software on your computer is an invitation to Russian's phishing for your bank account, or worse.
  • Don't feel sorry for Microsoft

    Keep in mind that although a great many enterprise customers have sat out Office 2003, 2007, and 2010, they have still paid Microsoft for them, and continue to do so. It's not like Microsoft isn't making money from people who are still using old versions.
    You might well ask companies why they keep paying for upgrades that they never deploy, and you get a variety of answers. It boils down to a "if it ain't broke, don't fix it" attitude for the most part, but many customers are also dependent on applications built for XP that aren't easily upgradeable (vendor is out of business, it's tied to proprietary hardware that their business depends on, etc. There's also the uncertainty factor--although they've watched bus after bus go by, they keep their ticket handy for a good one.
    Although Vista and 8 may be disasters in terms of market acceptance, Microsoft's revenue doesn't reflect that. They continue to make billions off of customers who are using Windows XP and Vista and who have no plans to deploy 8.
    Is it fair to ask them to support these products? Absolutely. They're not doing it for free.
    Al S Cook-4ec56
  • "many users sat out Vista and will likely sit out Widows 8"

    Probably a typo, but if not...Nice
  • No

    Microsoft could rework the PXE standard so that your Microsoft device boots over whatever network direct to their corporate server and streams live updates all day long, continuously. That would not change the fact that they don't know how to write good software. They never did and they never will.
  • As a long time MS Enterprise user

    I think their patch cycle is just fine, they've made huge strides over the years and just because of a few recent hiccups there's no reason to hang them for it. If you really want to pick apart an patch process focus on Oracle and Java now that's a company that could learn a few things about patching it's products.
  • Microsoft v Apple

    Interesting - Apple only support for fewer versions back into the past and appear to be far more lackadaisical than Microsoft in patching and fixing security. Yet the perception of Apple is that they do a better job.

    The problem perhaps is that Microsoft, in supporting the Enterprise, have to support the lowest common denominator, which evolves with glacial speed, and Apple target consumers. Since, in the case of Apple, the software and hardware are much more closely linked, then the software can be tied much more closely to the shorter hardware life.

    Software assurance could work for Microsoft, but it might need to differentiate it into at least 3 bands - consumer (3-4 years), small business (4-6 years) and enterprise (10-15 years). This would at least get people into clear timescale bands in their thinking and planning. What it might fix is the problem Microsoft has, but Apple doesn't to anything like the same extent - all the other software suppliers who take too long before their products catch up.