I Hate Rebooting My Computer

I really do.
There are few things that infuriate quite like being in the middle of a task, whether I’m filling out my trouble ticket write ups, composing an email, or watching Netflix, (after hours of course!) and *bloop*, I’m asked to reboot. Worse is when I’ve just rebooted, and the thing nags me again in a couple of hours. I am just as guilty of closing that message and going about my business, as the next user might be…

I’ve been working with computers over 20 years now, and I have never seen so many patches failing and so many computers whining that they need a reboot. Can’t these things be taken care of after-hours when I’m not busy??

We hear you, and we empathize.

The problem is that the landscape of computing has changed. Just like here on earth, where what is now a desert there used to be an ocean; the environment our computers function in looks nothing like what it did even just a couple years ago.

There is an arms race going on. Ransomware attackers in 2015 made over $325 Million. In 2017, over $5 BILLION dollars. In 2018 $11.5 BILLION… That’s not even counting the number of companies who do NOT pay the ransom, but spend money / time in recovering from backup… Nor does it take into account the number of companies who are impacted by things like spear-phishing, where someone sends an email pretending to be from a CEO, asking for iTunes gift cards or something like that… Add to that the simple pieces of adware that just cause annoyance and open the door for other threats… There are over 317 MILLION NEW pieces of malware every single day, and many of them exploit un-patched operating systems.

Microsoft is scrambling to find the flaws in their products and patch them. They typically release patches every Tuesday and Thursday nights. They’re even known to release emergency patches for products that are, strictly speaking, considered “out of band”. Just a couple of weeks ago at the time of writing this article, they released patches for old versions of Internet Explorer and Windows Defender. They are dropping patches with a higher frequency than ever before, because the hackers are too, and we (including YOU) are the targets of both.

As if that weren’t enough, on top of all that, Microsoft is also not planning on new operating systems… They do not intend to give you a “Windows 11”, but instead they’re releasing major “upgrades” (different from “updates”) twice a year, generally one in the spring and one in the fall. These releases are typically a little problematic out of the gate. They get recalled, re-written, re-released, etc… I’m sure you’ve heard of Windows 1903 at this point, also known as the Microsoft Windows 10 May Update… As the name implies, it was released this last May 2019… To illustrate my point about them being problematic, we’re still applying this update, and the October release is due out any day now.

To complicate things even further, we have zero control over when these seasonal upgrades get applied. They do not go through the “Windows Update Agent”, they come straight from Microsoft to your computer. We cannot approve, deny, or defer. They come uninvited, and even in the best conditions, I’ve seen perhaps an 85% success rate on their install.

Currently, our Managed Services will patch your system at night, if there are available patches, and of no user is logged in, it will reboot. If someone is logged in, the pop up at the top of this message is displayed. You can reboot, or you can ignore until it’s more convenient.

Unfortunately, what’s been happening is a computer gets patched Tuesday evening and can’t reboot because user Dave was still logged in. The system prompts for reboot Wednesday morning, but that isn’t a great time for Dave to reboot, so he ignores it. He ignores it Thursday too, and then Thursday night, more updates deploy that can’t be installed because Tuesdays are still waiting for reboot. Then Friday came along, and 1903 side-steps around Managed Services and tries to shoe-horn itself into the works and everything went bananas… performance degraded, patches failed, the pop up was nagging, and we need to get our hands in there, and apply things manually. Worst case, this can lead to operating system corruption, if it goes on too long. Best case, it results in a couple hours of us addressing things, which translates into money spent and productivity lost.

In short, our current practices of asking for reboots is failing. The harsh reality is that we need to reboot – and often – to stay protected. Rebooting once a week is better than not at all, but as illustrated above, it’s not ideal.

Currently our Managed Services product is set up to apply available patches every night, and it will reboot if there’s no user logged in… If they ARE logged in, the pop up will nag them to reboot. This is not working. In order to protect your business, we need to do better.

Years ago, we forced reboots after every patch window, but we ran into issues with rendering units that run over night, and folks who leave their systems open with drawings or documents open, and we’ve had to work around that. What we have now, we thought, was the perfect balance of protection, and user-friendliness. I still contend that it is. However, I cannot deny the fact that it’s no longer an effective approach with all the changes in patching, upgrading, and malware protection… As the environment changes, so too must we.

I HATE rebooting my computer. However, I hate the idea of losing thousands of dollars and productivity even more. So what can we do?

As your IT Consultant, we have a goal of keeping your data safe. This is our main focus, and with the cyber environment the way it is, keeping your systems as patched as possible, as early as possible is paramount. That means getting the patches installed quickly. This requires diligent reboots. This requires us to change our policy of only rebooting if no user is logged in.

We intend to make our standard policy to patch your systems nightly at 11pm, followed by a forced reboot, even if users are still logged in. This means that even if your system is offline for a couple of days, you stand the greatest chance of getting the pending patches in a timely manner.  This also means that you need to save your work each night before leaving. 

Obviously though, we understand there are times when this isn’t possible. Maybe the station in question is a rendering machine, and you need it to run, uninterrupted all night. Maybe you have users whom you know do not close AutoCAD drawings when they leave at the end of the day. Maybe you just don’t want to leave your machines on overnight. Some users like to leave things open from one day to the next just do that when the next days starts, it’s clearer to them where they left off the night before.

These are all examples of reasons that rebooting every night is unappealing. These are also all examples of reasons your computers fall behind on patching, and this is a security risk. I can assure you that when a company is struck by ransomware or some preventable virus, they all wish they’d patched and rebooted. After a cyber breach, nobody says “At least my word document from last night is still open this morning”.

If you find yourself resistant to the idea of rebooting every night, please reach out and we can talk. If this plan does not suit your business needs, please give us a call and we can work with you to create a plan that does.

We want your data safe. We want your company to thrive. To do this, we all must adapt with the landscape of our technology.

written by Matt Conlon